Menu
▾
▴
selinux-commits
|
From: <kma...@us...> - 2007-02-06 15:12:50
|
Revision: 2224
http://svn.sourceforge.net/selinux/?rev=2224&view=rev
Author: kmacmillan
Date: 2007-02-06 07:12:45 -0800 (Tue, 06 Feb 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol: check for unmet requires on sensitivities and categories (Was: Re: core dump)
Date: Tue, 06 Feb 2007 08:06:36 -0500
On Tue, 2007-02-06 at 07:40 -0500, Stephen Smalley wrote:
> On Tue, 2007-02-06 at 04:12 +0200, Stefanos Harhalakis wrote:
> > I had this issue today:
> >
> > # semodule -i logging.pp
> > Segmentation fault (core dumped)
> >
> > I traced this a bit and it seems that this is because of libsepol.
> > The core dump is the result of lines 602:603 of link.c:
> >
> > (gdb) bt
> > #0 0xb7f732fd in sens_copy_callback (key=0x848c2a0 "s15", datum=0x848c290, data=0xbfde3854) at link.c:602
> > #1 0xb7f6f8a1 in hashtab_map (h=0x846cbf0, apply=0xb7f731d1 <sens_copy_callback>, args=0xbfde3854) at hashtab.c:214
> > #2 0xb7f75528 in copy_identifiers (state=0xbfde3854, src_symtab=0x843cc74, dest_decl=0x0) at link.c:1323
> > #3 0xb7f77c72 in link_modules (handle=0x804c710, b=0x80525b8, mods=0x863ce18, len=19, verbose=0) at link.c:2178
> > #4 0xb7f7a2c9 in sepol_link_packages (handle=0x804c710, base=0x8053060, modules=0x80543c8, num_modules=19, verbose=0) at module.c:302
> >
> > Where:
> >
> > (gdb) l
> > 597 state->cur_mod_name);
> > 598 return -SEPOL_LINK_NOTSUP;
> > 599 }
> > 600 }
> > 601
> > 602 state->cur->map[SYM_LEVELS][level->level->sens - 1] =
> > 603 base_level->level->sens;
> > 604
> > 605 return 0;
> > 606 }
> >
> > Because of:
> >
> > (gdb) p base_level
> > $1 = (level_datum_t *) 0x0
> >
> > The last 'if' checks for !base_level, but inside the 'if' block, only
> > !scope and scope->scope==SCOPE_DECL are checked.
> >
> > This core dump is caused by:
> >
> > (gdb) p scope->scope
> > $2 = 1
> >
> > Which is noted as:
> >
> > /* Required for this decl */
> > #define SCOPE_REQ 1
> >
> > in libsepol/include/sepol/policydb/policydb.h
> >
> > Hope this helps...
>
> Looks like your logging.pp policy module has a requires on sensitivity
> s15 but your base module doesn't declare it. Naturally, that should
> show up as an unfulfilled requirement rather than a seg fault.
Patch below for the stable branch.
Signed-off-by: Stephen Smalley <sd...@ty...>
Acked-by: Karl MacMillan <kma...@me...>
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/src/link.c
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-02-06 15:04:03 UTC (rev 2223)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-02-06 15:12:45 UTC (rev 2224)
@@ -1,3 +1,6 @@
+ * Merged libsepol segfault fix from Stephen Smalley for when
+ sensitivities are required but not present in the base.
+
1.16.0 2007-01-18
* Updated version for stable branch.
Modified: branches/stable/1_0/libsepol/src/link.c
===================================================================
--- branches/stable/1_0/libsepol/src/link.c 2007-02-06 15:04:03 UTC (rev 2223)
+++ branches/stable/1_0/libsepol/src/link.c 2007-02-06 15:12:45 UTC (rev 2224)
@@ -597,6 +597,13 @@
state->cur_mod_name);
return -SEPOL_LINK_NOTSUP;
}
+ if (scope->scope == SCOPE_REQ) {
+ /* unmet requirement */
+ ERR(state->handle,
+ "%s: Sensitivity %s not declared by base.\n",
+ state->cur_mod_name, id);
+ return -SEPOL_LINK_NOTSUP;
+ }
}
state->cur->map[SYM_LEVELS][level->level->sens - 1] =
@@ -628,6 +635,13 @@
state->cur_mod_name);
return -SEPOL_LINK_NOTSUP;
}
+ if (scope->scope == SCOPE_REQ) {
+ /* unmet requirement */
+ ERR(state->handle,
+ "%s: Category %s not declared by base.\n",
+ state->cur_mod_name, id);
+ return -SEPOL_LINK_NOTSUP;
+ }
}
state->cur->map[SYM_CATS][cat->s.value - 1] = base_cat->s.value;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-02-06 15:13:48
|
Revision: 2225
http://svn.sourceforge.net/selinux/?rev=2225&view=rev
Author: kmacmillan
Date: 2007-02-06 07:13:46 -0800 (Tue, 06 Feb 2007)
Log Message:
-----------
libsepol 1.16.1
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-02-06 15:12:45 UTC (rev 2224)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-02-06 15:13:46 UTC (rev 2225)
@@ -1,3 +1,4 @@
+1.16.1 2007-01-06
* Merged libsepol segfault fix from Stephen Smalley for when
sensitivities are required but not present in the base.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-02-06 15:12:45 UTC (rev 2224)
+++ branches/stable/1_0/libsepol/VERSION 2007-02-06 15:13:46 UTC (rev 2225)
@@ -1 +1 @@
-1.16.0
+1.16.1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-03-30 15:31:42
|
Revision: 2309
http://svn.sourceforge.net/selinux/?rev=2309&view=rev
Author: madmethod
Date: 2007-03-30 08:31:40 -0700 (Fri, 30 Mar 2007)
Log Message:
-----------
merged r2308 from trunk
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h
branches/stable/1_0/libsepol/src/conditional.c
branches/stable/1_0/libsepol/src/expand.c
branches/stable/1_0/libsepol/src/private.h
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-03-30 15:31:40 UTC (rev 2309)
@@ -1,3 +1,7 @@
+1.16.2 2007-03-30
+ * Merged fix from Karl to remap booleans at expand time to
+ avoid holes in the symbol table.
+
1.16.1 2007-02-06
* Merged libsepol segfault fix from Stephen Smalley for when
sensitivities are required but not present in the base.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/VERSION 2007-03-30 15:31:40 UTC (rev 2309)
@@ -1 +1 @@
-1.16.1
+1.16.2
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/conditional.h 2007-03-30 15:31:40 UTC (rev 2309)
@@ -100,6 +100,8 @@
cond_node_t * needle, cond_node_t * haystack,
int *was_created);
+extern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node);
+
extern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list,
cond_node_t * cn);
Modified: branches/stable/1_0/libsepol/src/conditional.c
===================================================================
--- branches/stable/1_0/libsepol/src/conditional.c 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/src/conditional.c 2007-03-30 15:31:40 UTC (rev 2309)
@@ -26,9 +26,6 @@
#include "private.h"
-#undef min
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-
/* move all type rules to top of t/f lists to help kernel on evaluation */
static void cond_optimize(cond_av_list_t ** l)
{
@@ -136,6 +133,38 @@
return 1;
}
+/* Create a new conditional node, optionally copying
+ * the conditional expression from an existing node.
+ * If node is NULL then a new node will be created
+ * with no conditional expression.
+ */
+cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node)
+{
+ cond_node_t *new_node;
+ unsigned int i;
+
+ new_node = (cond_node_t *)malloc(sizeof(cond_node_t));
+ if (!new_node) {
+ return NULL;
+ }
+ memset(new_node, 0, sizeof(cond_node_t));
+
+ if (node) {
+ new_node->expr = cond_copy_expr(node->expr);
+ if (!new_node->expr) {
+ free(new_node);
+ return NULL;
+ }
+ new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
+ new_node->nbools = node->nbools;
+ for (i = 0; i < min(node->nbools, COND_MAX_BOOLS); i++)
+ new_node->bool_ids[i] = node->bool_ids[i];
+ new_node->expr_pre_comp = node->expr_pre_comp;
+ }
+
+ return new_node;
+}
+
/* Find a conditional (the needle) within a list of existing ones (the
* haystack) that has a matching expression. If found, return a
* pointer to the existing node, setting 'was_created' to 0.
@@ -145,9 +174,6 @@
cond_node_t * needle, cond_node_t * haystack,
int *was_created)
{
- cond_node_t *new_node;
- unsigned int i;
-
while (haystack) {
if (cond_expr_equal(needle, haystack)) {
*was_created = 0;
@@ -156,26 +182,8 @@
haystack = haystack->next;
}
*was_created = 1;
- new_node = (cond_node_t *) malloc(sizeof(cond_node_t));
- if (!new_node) {
- return NULL;
- }
- memset(new_node, 0, sizeof(cond_node_t));
- new_node->expr = cond_copy_expr(needle->expr);
- if (!new_node->expr) {
- free(new_node);
- return NULL;
- }
- new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
- new_node->nbools = needle->nbools;
- for (i = 0; i < min(needle->nbools, COND_MAX_BOOLS); i++)
- new_node->bool_ids[i] = needle->bool_ids[i];
- new_node->expr_pre_comp = needle->expr_pre_comp;
- new_node->true_list = NULL;
- new_node->false_list = NULL;
- new_node->avtrue_list = NULL;
- new_node->avfalse_list = NULL;
- return new_node;
+
+ return cond_node_create(p, needle);
}
/* return either a pre-existing matching node or create a new node */
Modified: branches/stable/1_0/libsepol/src/expand.c
===================================================================
--- branches/stable/1_0/libsepol/src/expand.c 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/src/expand.c 2007-03-30 15:31:40 UTC (rev 2309)
@@ -34,10 +34,12 @@
#include <assert.h>
#include "debug.h"
+#include "private.h"
typedef struct expand_state {
int verbose;
uint32_t *typemap;
+ uint32_t *boolmap;
policydb_t *base;
policydb_t *out;
sepol_handle_t *handle;
@@ -790,8 +792,8 @@
return -1;
}
- new_bool->s.value = bool->s.value;
state->out->p_bools.nprim++;
+ new_bool->s.value = state->out->p_bools.nprim;
ret = hashtab_insert(state->out->p_bools.table,
(hashtab_key_t) new_id,
@@ -803,6 +805,8 @@
return -1;
}
+ state->boolmap[bool->s.value - 1] = new_bool->s.value;
+
new_bool->state = bool->state;
return 0;
@@ -1554,12 +1558,35 @@
return 0;
}
+static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
+{
+ cond_expr_t *cur;
+ unsigned int i;
+
+ cur = cn->expr;
+ while (cur) {
+ if (cur->bool)
+ cur->bool = state->boolmap[cur->bool - 1];
+ cur = cur->next;
+ }
+
+ for (i = 0; i < min(cn->nbools, COND_MAX_BOOLS); i++)
+ cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
+
+ if (cond_normalize_expr(state->out, cn)) {
+ ERR(state->handle, "Error while normalizing conditional");
+ return -1;
+ }
+
+ return 0;
+}
+
/* copy the nodes in *reverse* order -- the result is that the last
* given conditional appears first in the policy, so as to match the
* behavior of the upstream compiler */
static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
{
- cond_node_t *new_cond;
+ cond_node_t *new_cond, *tmp;
if (cn == NULL) {
return 0;
@@ -1572,11 +1599,28 @@
return -1;
}
- new_cond = cond_node_search(state->out, state->out->cond_list, cn);
+ /* create a new temporary conditional node with the booleans
+ * mapped */
+ tmp = cond_node_create(state->base, cn);
+ if (!tmp) {
+ ERR(state->handle, "Out of memory");
+ return -1;
+ }
+
+ if (cond_node_map_bools(state, tmp)) {
+ ERR(state->handle, "Error mapping booleans");
+ return -1;
+ }
+
+ new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
if (!new_cond) {
+ cond_node_destroy(tmp);
+ free(tmp);
ERR(state->handle, "Out of memory!");
return -1;
}
+ cond_node_destroy(tmp);
+ free(tmp);
if (cond_avrule_list_copy
(state->out, cn->avtrue_list, &state->out->te_cond_avtab,
@@ -2209,6 +2253,12 @@
goto cleanup;
}
+ state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
+ if (!state.boolmap) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
/* order is important - types must be first */
/* copy types */
@@ -2363,6 +2413,7 @@
cleanup:
free(state.typemap);
+ free(state.boolmap);
return retval;
}
Modified: branches/stable/1_0/libsepol/src/private.h
===================================================================
--- branches/stable/1_0/libsepol/src/private.h 2007-03-30 15:25:34 UTC (rev 2308)
+++ branches/stable/1_0/libsepol/src/private.h 2007-03-30 15:31:40 UTC (rev 2309)
@@ -22,6 +22,9 @@
#define le64_to_cpu(x) bswap_64(x)
#endif
+#undef min
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
/* Policy compatibility information. */
struct policydb_compat_info {
unsigned int type;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-13 14:11:29
|
Revision: 2353
http://svn.sourceforge.net/selinux/?rev=2353&view=rev
Author: ssmalley
Date: 2007-04-13 07:11:28 -0700 (Fri, 13 Apr 2007)
Log Message:
-----------
Ported r2351 (libsepol: add boolmap argument to expand_module_avrules) from trunk.
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
branches/stable/1_0/libsepol/include/sepol/policydb/expand.h
branches/stable/1_0/libsepol/src/expand.c
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-04-13 14:08:26 UTC (rev 2352)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-04-13 14:11:28 UTC (rev 2353)
@@ -1,3 +1,6 @@
+1.16.3 2007-04-13
+ * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
+
1.16.2 2007-03-30
* Merged fix from Karl to remap booleans at expand time to
avoid holes in the symbol table.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-04-13 14:08:26 UTC (rev 2352)
+++ branches/stable/1_0/libsepol/VERSION 2007-04-13 14:11:28 UTC (rev 2353)
@@ -1 +1 @@
-1.16.2
+1.16.3
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/expand.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/expand.h 2007-04-13 14:08:26 UTC (rev 2352)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/expand.h 2007-04-13 14:11:28 UTC (rev 2353)
@@ -30,17 +30,19 @@
#include <sepol/policydb/conditional.h>
/*
- * Expand only the avrules for a module. It is valid for this function to
- * expand base into itself (i.e. base == out); the typemap for this special
- * case should map type[i] to i+1. This function optionally expands neverallow
- * rules. If neverallow rules are expanded, there is no need to copy them and
- * doing so could cause duplicate entries when base == out. If the neverallow
- * rules are not expanded, they are just copied to the destination policy so
- * that assertion checking can be performed after expand. No assertion or
- * hierarchy checking is performed by this function.
+ * Expand only the avrules for a module. It is valid for this function
+ * to expand base into itself (i.e. base == out); the typemap for
+ * this special case should map type[i] to i+1. Likewise the boolmap
+ * should map bool[i] to i + 1. This function optionally expands
+ * neverallow rules. If neverallow rules are expanded, there is no
+ * need to copy them and doing so could cause duplicate entries when
+ * base == out. If the neverallow rules are not expanded, they are
+ * just copied to the destination policy so that assertion checking
+ * can be performed after expand. No assertion or hierarchy checking
+ * is performed by this function.
*/
extern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base,
- policydb_t * out, uint32_t * typemap,
+ policydb_t * out, uint32_t * typemap, uint32_t * boolmap,
int verbose, int expand_neverallow);
/*
* Expand all parts of a module. Neverallow rules are not expanded (only
Modified: branches/stable/1_0/libsepol/src/expand.c
===================================================================
--- branches/stable/1_0/libsepol/src/expand.c 2007-04-13 14:08:26 UTC (rev 2352)
+++ branches/stable/1_0/libsepol/src/expand.c 2007-04-13 14:11:28 UTC (rev 2353)
@@ -2197,7 +2197,8 @@
* or expand into the same policy for analysis purposes.
*/
int expand_module_avrules(sepol_handle_t * handle, policydb_t * base,
- policydb_t * out, uint32_t * typemap, int verbose,
+ policydb_t * out, uint32_t * typemap,
+ uint32_t * boolmap, int verbose,
int expand_neverallow)
{
expand_state_t state;
@@ -2207,6 +2208,7 @@
state.base = base;
state.out = out;
state.typemap = typemap;
+ state.boolmap = boolmap;
state.handle = handle;
state.verbose = verbose;
state.expand_neverallow = expand_neverallow;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-23 15:01:54
|
Revision: 2538
http://selinux.svn.sourceforge.net/selinux/?rev=2538&view=rev
Author: ssmalley
Date: 2007-08-23 08:01:52 -0700 (Thu, 23 Aug 2007)
Log Message:
-----------
updated libsepol to version 1.16.4
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-08-23 15:00:43 UTC (rev 2537)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-08-23 15:01:52 UTC (rev 2538)
@@ -1,3 +1,6 @@
+1.16.4 2007-08-23
+ * Eliminate unaligned accesses from policy reading code from Stephen Smalley.
+
1.16.3 2007-04-13
* Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-08-23 15:00:43 UTC (rev 2537)
+++ branches/stable/1_0/libsepol/VERSION 2007-08-23 15:01:52 UTC (rev 2538)
@@ -1 +1 @@
-1.16.3
+1.16.4
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-28 17:42:11
|
Revision: 2542
http://selinux.svn.sourceforge.net/selinux/?rev=2542&view=rev
Author: ssmalley
Date: 2007-08-28 10:42:07 -0700 (Tue, 28 Aug 2007)
Log Message:
-----------
updated libsepol to version 1.16.5
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-08-28 17:40:41 UTC (rev 2541)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-08-28 17:42:07 UTC (rev 2542)
@@ -1,3 +1,6 @@
+1.16.5 2007-08-28
+ * Fixed module_package_read_offsets bug introduced by the prior patch.
+
1.16.4 2007-08-23
* Eliminate unaligned accesses from policy reading code from Stephen Smalley.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-08-28 17:40:41 UTC (rev 2541)
+++ branches/stable/1_0/libsepol/VERSION 2007-08-28 17:42:07 UTC (rev 2542)
@@ -1 +1 @@
-1.16.4
+1.16.5
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-24 16:38:13
|
Revision: 2584
http://selinux.svn.sourceforge.net/selinux/?rev=2584&view=rev
Author: ssmalley
Date: 2007-09-24 09:38:11 -0700 (Mon, 24 Sep 2007)
Log Message:
-----------
updated libsepol to version 1.16.6
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-09-24 16:37:42 UTC (rev 2583)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-09-24 16:38:11 UTC (rev 2584)
@@ -1,3 +1,6 @@
+1.16.6 2007-09-24
+ * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+
1.16.5 2007-08-28
* Fixed module_package_read_offsets bug introduced by the prior patch.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-09-24 16:37:42 UTC (rev 2583)
+++ branches/stable/1_0/libsepol/VERSION 2007-09-24 16:38:11 UTC (rev 2584)
@@ -1 +1 @@
-1.16.5
+1.16.6
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-27 13:11:10
|
Revision: 2589
http://selinux.svn.sourceforge.net/selinux/?rev=2589&view=rev
Author: ssmalley
Date: 2007-09-27 06:11:02 -0700 (Thu, 27 Sep 2007)
Log Message:
-----------
updated libsepol to version 1.16.7
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-09-27 13:10:10 UTC (rev 2588)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-09-27 13:11:02 UTC (rev 2589)
@@ -1,3 +1,6 @@
+1.16.7 2007-09-27
+ * Allow dontaudits to be turned off during policy expansion from Joshua Brindle.
+
1.16.6 2007-09-24
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-09-27 13:10:10 UTC (rev 2588)
+++ branches/stable/1_0/libsepol/VERSION 2007-09-27 13:11:02 UTC (rev 2589)
@@ -1 +1 @@
-1.16.6
+1.16.7
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-27 13:16:09
|
Revision: 2593
http://selinux.svn.sourceforge.net/selinux/?rev=2593&view=rev
Author: ssmalley
Date: 2007-09-27 06:16:05 -0700 (Thu, 27 Sep 2007)
Log Message:
-----------
updated libsepol to version 1.16.8
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-09-27 13:15:25 UTC (rev 2592)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-09-27 13:16:05 UTC (rev 2593)
@@ -1,3 +1,6 @@
+1.16.8 2007-09-27
+ * Merged support for the handle_unknown policydb flag from Eric Paris.
+
1.16.7 2007-09-27
* Allow dontaudits to be turned off during policy expansion from Joshua Brindle.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-09-27 13:15:25 UTC (rev 2592)
+++ branches/stable/1_0/libsepol/VERSION 2007-09-27 13:16:05 UTC (rev 2593)
@@ -1 +1 @@
-1.16.7
+1.16.8
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:35:15
|
Revision: 2652
http://selinux.svn.sourceforge.net/selinux/?rev=2652&view=rev
Author: ssmalley
Date: 2007-10-11 13:35:12 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
updated libsepol to version 1.16.9
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-10-11 20:28:52 UTC (rev 2651)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-10-11 20:35:12 UTC (rev 2652)
@@ -1,3 +1,7 @@
+1.16.9 2007-10-11
+ * Fixed bug in require checking from Stephen Smalley.
+ * Added user hierarchy checking from Todd Miller.
+
1.16.8 2007-09-27
* Merged support for the handle_unknown policydb flag from Eric Paris.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-10-11 20:28:52 UTC (rev 2651)
+++ branches/stable/1_0/libsepol/VERSION 2007-10-11 20:35:12 UTC (rev 2652)
@@ -1 +1 @@
-1.16.8
+1.16.9
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-11-05 19:06:42
|
Revision: 2671
http://selinux.svn.sourceforge.net/selinux/?rev=2671&view=rev
Author: ssmalley
Date: 2007-11-05 11:06:35 -0800 (Mon, 05 Nov 2007)
Log Message:
-----------
updated libsepol to version 1.16.10
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-11-05 19:01:32 UTC (rev 2670)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-11-05 19:06:35 UTC (rev 2671)
@@ -1,3 +1,6 @@
+1.16.10 2007-11-05
+ * Allow handle_unknown to be overridden by semanage.conf from Stephen Smalley.
+
1.16.9 2007-10-11
* Fixed bug in require checking from Stephen Smalley.
* Added user hierarchy checking from Todd Miller.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2007-11-05 19:01:32 UTC (rev 2670)
+++ branches/stable/1_0/libsepol/VERSION 2007-11-05 19:06:35 UTC (rev 2671)
@@ -1 +1 @@
-1.16.9
+1.16.10
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-05 18:59:57
|
Revision: 2788
http://selinux.svn.sourceforge.net/selinux/?rev=2788&view=rev
Author: ssmalley
Date: 2008-02-05 10:59:53 -0800 (Tue, 05 Feb 2008)
Log Message:
-----------
updated libsepol to version 1.16.11
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2008-02-05 18:56:39 UTC (rev 2787)
+++ branches/stable/1_0/libsepol/ChangeLog 2008-02-05 18:59:53 UTC (rev 2788)
@@ -1,3 +1,6 @@
+1.16.11 2008-02-05
+ * Merge r2520 from trunk: bug fix for disable dontaudit support.
+
1.16.10 2007-11-05
* Allow handle_unknown to be overridden by semanage.conf from Stephen Smalley.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2008-02-05 18:56:39 UTC (rev 2787)
+++ branches/stable/1_0/libsepol/VERSION 2008-02-05 18:59:53 UTC (rev 2788)
@@ -1 +1 @@
-1.16.10
+1.16.11
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-04 18:35:42
|
Revision: 2835
http://selinux.svn.sourceforge.net/selinux/?rev=2835&view=rev
Author: ssmalley
Date: 2008-03-04 10:35:35 -0800 (Tue, 04 Mar 2008)
Log Message:
-----------
updated libsepol to version 1.16.12
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2008-03-04 18:34:07 UTC (rev 2834)
+++ branches/stable/1_0/libsepol/ChangeLog 2008-03-04 18:35:35 UTC (rev 2835)
@@ -1,3 +1,6 @@
+1.16.12 2008-03-04
+ * Merge r2831 from trunk: fix uninitialized use of handle in struct policy_file from Todd Miller.
+
1.16.11 2008-02-05
* Merge r2520 from trunk: bug fix for disable dontaudit support.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2008-03-04 18:34:07 UTC (rev 2834)
+++ branches/stable/1_0/libsepol/VERSION 2008-03-04 18:35:35 UTC (rev 2835)
@@ -1 +1 @@
-1.16.11
+1.16.12
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-06 14:36:13
|
Revision: 2895
http://selinux.svn.sourceforge.net/selinux/?rev=2895&view=rev
Author: ssmalley
Date: 2008-06-06 07:36:10 -0700 (Fri, 06 Jun 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol: fix endianness bug in network node address handling
Date: Thu, 05 Jun 2008 09:45:33 -0400
Fix an endianness bug in the handling of network node addresses by
SELinux. This yields no change on little endian hardware but fixes
the incorrect handling on big endian hardware. The network node
addresses are stored in network order in memory by checkpolicy, not in
cpu/host order, and thus should not have cpu_to_le32/le32_to_cpu
conversions applied upon policy write/read unlike other data in the
policy.
Note that checkpolicy was also broken in its handling of ipv4
addresses on big endian hardware prior to checkpolicy 2.0.5 when the
ipv4 address handling was changed to be more like the ipv6 address
handling.
Bug reported by John Weeks of Sun, who noticed that binary policy
files built from the same policy source on x86 and sparc differed and
tracked it down to the ipv4 address handling in checkpolicy.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h
branches/stable/1_0/libsepol/src/policydb.c
branches/stable/1_0/libsepol/src/write.c
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h 2008-06-06 14:34:40 UTC (rev 2894)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/policydb.h 2008-06-06 14:36:10 UTC (rev 2895)
@@ -255,12 +255,12 @@
uint16_t high_port;
} port; /* TCP or UDP port information */
struct {
- uint32_t addr;
- uint32_t mask;
+ uint32_t addr; /* network order */
+ uint32_t mask; /* network order */
} node; /* node information */
struct {
- uint32_t addr[4];
- uint32_t mask[4];
+ uint32_t addr[4]; /* network order */
+ uint32_t mask[4]; /* network order */
} node6; /* IPv6 node information */
} u;
union {
Modified: branches/stable/1_0/libsepol/src/policydb.c
===================================================================
--- branches/stable/1_0/libsepol/src/policydb.c 2008-06-06 14:34:40 UTC (rev 2894)
+++ branches/stable/1_0/libsepol/src/policydb.c 2008-06-06 14:36:10 UTC (rev 2895)
@@ -2065,8 +2065,8 @@
rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
if (rc < 0)
return -1;
- c->u.node.addr = le32_to_cpu(buf[0]);
- c->u.node.mask = le32_to_cpu(buf[1]);
+ c->u.node.addr = buf[0]; /* network order */
+ c->u.node.mask = buf[1]; /* network order */
if (context_read_and_validate
(&c->context[0], p, fp))
return -1;
@@ -2096,11 +2096,9 @@
if (rc < 0)
return -1;
for (k = 0; k < 4; k++)
- c->u.node6.addr[k] =
- le32_to_cpu(buf[k]);
+ c->u.node6.addr[k] = buf[k]; /* network order */
for (k = 0; k < 4; k++)
- c->u.node6.mask[k] =
- le32_to_cpu(buf[k + 4]);
+ c->u.node6.mask[k] = buf[k + 4]; /* network order */
if (context_read_and_validate
(&c->context[0], p, fp))
return -1;
Modified: branches/stable/1_0/libsepol/src/write.c
===================================================================
--- branches/stable/1_0/libsepol/src/write.c 2008-06-06 14:34:40 UTC (rev 2894)
+++ branches/stable/1_0/libsepol/src/write.c 2008-06-06 14:36:10 UTC (rev 2895)
@@ -1090,8 +1090,8 @@
return POLICYDB_ERROR;
break;
case OCON_NODE:
- buf[0] = cpu_to_le32(c->u.node.addr);
- buf[1] = cpu_to_le32(c->u.node.mask);
+ buf[0] = c->u.node.addr; /* network order */
+ buf[1] = c->u.node.mask; /* network order */
items = put_entry(buf, sizeof(uint32_t), 2, fp);
if (items != 2)
return POLICYDB_ERROR;
@@ -1113,11 +1113,9 @@
break;
case OCON_NODE6:
for (j = 0; j < 4; j++)
- buf[j] =
- cpu_to_le32(c->u.node6.addr[j]);
+ buf[j] = c->u.node6.addr[j]; /* network order */
for (j = 0; j < 4; j++)
- buf[j + 4] =
- cpu_to_le32(c->u.node6.mask[j]);
+ buf[j + 4] = c->u.node6.mask[j]; /* network order */
items = put_entry(buf, sizeof(uint32_t), 8, fp);
if (items != 8)
return POLICYDB_ERROR;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-06 14:37:02
|
Revision: 2896
http://selinux.svn.sourceforge.net/selinux/?rev=2896&view=rev
Author: ssmalley
Date: 2008-06-06 07:37:00 -0700 (Fri, 06 Jun 2008)
Log Message:
-----------
updated libsepol to version 1.16.13
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2008-06-06 14:36:10 UTC (rev 2895)
+++ branches/stable/1_0/libsepol/ChangeLog 2008-06-06 14:37:00 UTC (rev 2896)
@@ -1,3 +1,8 @@
+1.16.13 2008-06-06
+ * Fix endianness bug in the handling of network node addresses from Stephen Smalley.
+ Only affects big endian platforms.
+ Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.
+
1.16.12 2008-03-04
* Merge r2831 from trunk: fix uninitialized use of handle in struct policy_file from Todd Miller.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2008-06-06 14:36:10 UTC (rev 2895)
+++ branches/stable/1_0/libsepol/VERSION 2008-06-06 14:37:00 UTC (rev 2896)
@@ -1 +1 @@
-1.16.12
+1.16.13
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-10 13:08:58
|
Revision: 2902
http://selinux.svn.sourceforge.net/selinux/?rev=2902&view=rev
Author: ssmalley
Date: 2008-06-10 06:08:56 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
updated libsepol to version 1.16.14
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2008-06-10 13:06:52 UTC (rev 2901)
+++ branches/stable/1_0/libsepol/ChangeLog 2008-06-10 13:08:56 UTC (rev 2902)
@@ -1,3 +1,6 @@
+1.16.14 2008-06-10
+ * Merge r2886 from trunk: merge user and role mapping support from Joshua Brindle.
+
1.16.13 2008-06-06
* Fix endianness bug in the handling of network node addresses from Stephen Smalley.
Only affects big endian platforms.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2008-06-10 13:06:52 UTC (rev 2901)
+++ branches/stable/1_0/libsepol/VERSION 2008-06-10 13:08:56 UTC (rev 2902)
@@ -1 +1 @@
-1.16.13
+1.16.14
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X