Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2006-08-24 16:08:47
|
Revision: 1994 Author: ssmalley Date: 2006-08-24 09:08:39 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1994&view=rev Log Message: ----------- Author: Steve G Email: lin...@ya... Subject: Don't send statistics to audit logs Date: Fri, 18 Aug 2006 13:22:54 -0700 (PDT) Change the libselinux AVC to not log statistics upon a reset (reload or enforcing status change). Signed-off-by: Stephen Smalley <sd...@ty...> Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/src/avc.c Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:05:06 UTC (rev 1993) +++ trunk/libselinux/ChangeLog 2006-08-24 16:08:39 UTC (rev 1994) @@ -1,3 +1,5 @@ + * Merged patch to not log avc stats upon a reset from Steve Grubb. + 1.30.26 2006-08-11 * Merged file context homedir and local path functions from Chris PeBenito. Modified: trunk/libselinux/src/avc.c =================================================================== --- trunk/libselinux/src/avc.c 2006-08-24 16:05:06 UTC (rev 1993) +++ trunk/libselinux/src/avc.c 2006-08-24 16:08:39 UTC (rev 1994) @@ -1191,8 +1191,6 @@ { int rc; - avc_av_stats(); - rc = avc_reset(); avc_get_lock(avc_lock); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:10:49
|
Revision: 1995 Author: ssmalley Date: 2006-08-24 09:10:35 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1995&view=rev Log Message: ----------- Author: Stephen Smalley Email: sd...@ty... Subject: libselinux: do not set compat_net upon policy load Date: Wed, 23 Aug 2006 15:13:09 -0400 Revert the change to automatically set /selinux/compat_net at policy load time based on the policy, as this prevents compat_net from being effectively used with refpolicy-based policies that include the packet class definition. Signed-off-by: Stephen Smalley <sd...@ty...> Acked-by: Joshua Brindle <jbr...@tr...> Acked-by: Karl MacMillan <kma...@me...> Acked-by: Darrel Goeddel <dgo...@tr...> Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/src/load_policy.c Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:08:39 UTC (rev 1994) +++ trunk/libselinux/ChangeLog 2006-08-24 16:10:35 UTC (rev 1995) @@ -1,4 +1,5 @@ * Merged patch to not log avc stats upon a reset from Steve Grubb. + * Applied patch to revert compat_net setting upon policy load. 1.30.26 2006-08-11 * Merged file context homedir and local path functions from Modified: trunk/libselinux/src/load_policy.c =================================================================== --- trunk/libselinux/src/load_policy.c 2006-08-24 16:08:39 UTC (rev 1994) +++ trunk/libselinux/src/load_policy.c 2006-08-24 16:10:35 UTC (rev 1995) @@ -49,7 +49,7 @@ struct stat sb; size_t size; void *map, *data; - int fd, rc = -1, *values, len, i, prot, compat_net; + int fd, rc = -1, *values, len, i, prot; sepol_policydb_t *policydb; sepol_policy_file_t *pf; @@ -79,23 +79,20 @@ if (map == MAP_FAILED) goto close; - if (sepol_policy_file_create(&pf)) - goto unmap; - if (sepol_policydb_create(&policydb)) { - sepol_policy_file_free(pf); - goto unmap; - } - sepol_policy_file_set_mem(pf, data, size); - if (sepol_policydb_read(policydb, pf)) { - sepol_policy_file_free(pf); - sepol_policydb_free(policydb); - goto unmap; - } - - compat_net = sepol_policydb_compat_net(policydb); - if (vers > kernvers) { /* Need to downgrade to kernel-supported version. */ + if (sepol_policy_file_create(&pf)) + goto unmap; + if (sepol_policydb_create(&policydb)) { + sepol_policy_file_free(pf); + goto unmap; + } + sepol_policy_file_set_mem(pf, data, size); + if (sepol_policydb_read(policydb, pf)) { + sepol_policy_file_free(pf); + sepol_policydb_free(policydb); + goto unmap; + } if (sepol_policydb_set_vers(policydb, kernvers) || sepol_policydb_to_image(NULL, policydb, &data, &size)) { /* Downgrade failed, keep searching. */ @@ -106,11 +103,10 @@ vers--; goto search; } + sepol_policy_file_free(pf); + sepol_policydb_free(policydb); } - sepol_policy_file_free(pf); - sepol_policydb_free(policydb); - if (load_setlocaldefs) { void *olddata = data; size_t oldsize = size; @@ -150,18 +146,6 @@ rc = security_load_policy(data, size); - if (!rc && selinux_mnt) { - int fd2; - char buf[2]; - snprintf(path, sizeof path, "%s/compat_net", selinux_mnt); - fd2 = open(path, O_RDWR); - if (fd2 < 0) - goto unmap; - buf[0] = compat_net ? '1' : '0'; - buf[1] = '\0'; - (void)write(fd2, buf, 2); - close(fd2); - } unmap: if (data != map) free(data); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-24 16:11:39
|
Revision: 1996 Author: ssmalley Date: 2006-08-24 09:11:31 -0700 (Thu, 24 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=1996&view=rev Log Message: ----------- libselinux 1.30.27 Modified Paths: -------------- trunk/libselinux/ChangeLog trunk/libselinux/VERSION Modified: trunk/libselinux/ChangeLog =================================================================== --- trunk/libselinux/ChangeLog 2006-08-24 16:10:35 UTC (rev 1995) +++ trunk/libselinux/ChangeLog 2006-08-24 16:11:31 UTC (rev 1996) @@ -1,3 +1,4 @@ +1.30.27 2006-08-24 * Merged patch to not log avc stats upon a reset from Steve Grubb. * Applied patch to revert compat_net setting upon policy load. Modified: trunk/libselinux/VERSION =================================================================== --- trunk/libselinux/VERSION 2006-08-24 16:10:35 UTC (rev 1995) +++ trunk/libselinux/VERSION 2006-08-24 16:11:31 UTC (rev 1996) @@ -1 +1 @@ -1.30.26 +1.30.27 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <mad...@us...> - 2006-09-13 15:12:38
|
Revision: 2028
http://svn.sourceforge.net/selinux/?rev=2028&view=rev
Author: madmethod
Date: 2006-09-13 08:12:33 -0700 (Wed, 13 Sep 2006)
Log Message:
-----------
version bump from last commit
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2006-09-13 15:11:00 UTC (rev 2027)
+++ trunk/libselinux/ChangeLog 2006-09-13 15:12:33 UTC (rev 2028)
@@ -1,3 +1,6 @@
+1.30.28 2006-09-13
+ * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
+
1.30.27 2006-08-24
* Merged patch to not log avc stats upon a reset from Steve Grubb.
* Applied patch to revert compat_net setting upon policy load.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2006-09-13 15:11:00 UTC (rev 2027)
+++ trunk/libselinux/VERSION 2006-09-13 15:12:33 UTC (rev 2028)
@@ -1 +1 @@
-1.30.27
+1.30.28
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-09-29 14:54:10
|
Revision: 2040
http://svn.sourceforge.net/selinux/?rev=2040&view=rev
Author: ssmalley
Date: 2006-09-29 07:54:01 -0700 (Fri, 29 Sep 2006)
Log Message:
-----------
Author: Steve Grubb
Email: sg...@re...
Subject: updated racoon patch
Date: Mon, 25 Sep 2006 09:47:52 -0400
On Monday 25 September 2006 08:43, Steve Grubb wrote:
> This doesn't build. Where does the POLMATCH define come from? I can't find
> it anywhere.
Found that libselinux-devel and 2.6.18 kernel are not in sync. Please apply
this patch:
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/include/selinux/av_permissions.h
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2006-09-28 18:28:44 UTC (rev 2039)
+++ trunk/libselinux/ChangeLog 2006-09-29 14:54:01 UTC (rev 2040)
@@ -1,3 +1,6 @@
+ * Merged av_permissions.h update from Steve Grubb,
+ adding setsockcreate and polmatch definitions.
+
1.30.28 2006-09-13
* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
* Merged c++ class identifier fix from Joe Nall.
Modified: trunk/libselinux/include/selinux/av_permissions.h
===================================================================
--- trunk/libselinux/include/selinux/av_permissions.h 2006-09-28 18:28:44 UTC (rev 2039)
+++ trunk/libselinux/include/selinux/av_permissions.h 2006-09-29 14:54:01 UTC (rev 2040)
@@ -468,6 +468,7 @@
#define PROCESS__EXECSTACK 0x04000000UL
#define PROCESS__EXECHEAP 0x08000000UL
#define PROCESS__SETKEYCREATE 0x10000000UL
+#define PROCESS__SETSOCKCREATE 0x20000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
@@ -910,6 +911,7 @@
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
+#define ASSOCIATION__POLMATCH 0x00000008UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-10-06 00:15:28
|
Revision: 2048
http://svn.sourceforge.net/selinux/?rev=2048&view=rev
Author: madmethod
Date: 2006-10-05 17:15:24 -0700 (Thu, 05 Oct 2006)
Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@Tr...
Subject: libselinux: always store raw contexts in the avc sidtab
Date: Thu, 05 Oct 2006 12:08:44 -0500
Always store raw contexts in the avc sidtab. This is accomplished by
providing functions to deal with raw contexts when converting contexts
to sids and vice versa. The security_compute_av is also switch to the raw
version because the contexts will now all be raw. When the raw context is
being converted to a sid, there will be no overhead. When a translated context
is converted, there will be a translation to raw for storage. There conversion
back from sid to context via avc_context_to_sid() will translate the context,
while avc_context_to_sid_raw() will not. These functions make it easy to
optimize some code paths be removing translations for contexts that will never
be presented to the user.
Signed-off-by: Darrel Goeddel <dgo...@tr...>
Acked-By: Joshua Brindle <jbr...@tr...>
Acked-By: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/include/selinux/avc.h
trunk/libselinux/src/avc.c
Modified: trunk/libselinux/include/selinux/avc.h
===================================================================
--- trunk/libselinux/include/selinux/avc.h 2006-09-29 15:44:05 UTC (rev 2047)
+++ trunk/libselinux/include/selinux/avc.h 2006-10-06 00:15:24 UTC (rev 2048)
@@ -38,6 +38,7 @@
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+ int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
/**
* avc_context_to_sid - get SID for context.
@@ -51,6 +52,7 @@
* returning %0 on success or -%1 on error with @errno set.
*/
int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+ int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2006-09-29 15:44:05 UTC (rev 2047)
+++ trunk/libselinux/src/avc.c 2006-10-06 00:15:24 UTC (rev 2048)
@@ -203,7 +203,7 @@
& (AVC_CACHE_SLOTS - 1);
}
-int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
{
int rc;
avc_get_lock(avc_lock);
@@ -214,8 +214,23 @@
return rc;
}
-int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
{
+ int ret;
+ security_context_t rctx;
+
+ if (selinux_trans_to_raw_context(ctx, &rctx))
+ return -1;
+
+ ret = avc_context_to_sid_raw(rctx, sid);
+
+ freecon(rctx);
+
+ return ret;
+}
+
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx)
+{
int rc;
*ctx = NULL;
avc_get_lock(avc_lock);
@@ -230,6 +245,21 @@
return rc;
}
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+{
+ int ret;
+ security_context_t rctx;
+
+ ret = avc_sid_to_context_raw(sid, &rctx);
+
+ if (ret == 0) {
+ ret = selinux_raw_to_trans_context(rctx, ctx);
+ freecon(rctx);
+ }
+
+ return ret;
+}
+
int sidget(security_id_t sid)
{
int rc;
@@ -935,8 +965,9 @@
rc = -1;
goto out;
}
- rc = security_compute_av(ssid->ctx, tsid->ctx, tclass,
- requested, &entry.avd);
+ rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
+ tclass, requested,
+ &entry.avd);
if (rc)
goto out;
rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-10-06 00:17:06
|
Revision: 2049
http://svn.sourceforge.net/selinux/?rev=2049&view=rev
Author: madmethod
Date: 2006-10-05 17:17:01 -0700 (Thu, 05 Oct 2006)
Log Message:
-----------
version bump for libselinux 1.30.30
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2006-10-06 00:15:24 UTC (rev 2048)
+++ trunk/libselinux/ChangeLog 2006-10-06 00:17:01 UTC (rev 2049)
@@ -1,3 +1,7 @@
+1.30.30 2006-10-05
+ * Merged patch from Darrel Goeddel to always use untranslated
+ contexts in the userspace AVC.
+
1.30.29 2006-09-29
* Merged av_permissions.h update from Steve Grubb,
adding setsockcreate and polmatch definitions.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2006-10-06 00:15:24 UTC (rev 2048)
+++ trunk/libselinux/VERSION 2006-10-06 00:17:01 UTC (rev 2049)
@@ -1 +1 @@
-1.30.29
+1.30.30
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-10-19 15:07:32
|
Revision: 2071
http://svn.sourceforge.net/selinux/?rev=2071&view=rev
Author: ssmalley
Date: 2006-10-19 08:07:18 -0700 (Thu, 19 Oct 2006)
Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@tr...
Subject: libselinux flask definition update for context class
Date: Tue, 17 Oct 2006 10:59:52 -0500
Update SELinux flask definition to include the context security class.
This also adds the "process setsockcreate" and "association polmatch" string
definitions that have been missing.
Signed-off-by: Darrel Goeddel <dgo...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
trunk/libselinux/include/selinux/av_permissions.h
trunk/libselinux/include/selinux/flask.h
trunk/libselinux/src/av_perm_to_string.h
trunk/libselinux/src/class_to_string.h
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2006-10-17 17:26:56 UTC (rev 2070)
+++ trunk/libselinux/ChangeLog 2006-10-19 15:07:18 UTC (rev 2071)
@@ -1,3 +1,8 @@
+1.33.1 2006-10-19
+ * Merged updated flask definitions from Darrel Goeddel.
+ This adds the context security class, and also adds
+ the string definitions for setsockcreate and polmatch.
+
1.32 2006-10-17
* Updated version for release.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2006-10-17 17:26:56 UTC (rev 2070)
+++ trunk/libselinux/VERSION 2006-10-19 15:07:18 UTC (rev 2071)
@@ -1 +1 @@
-1.32
+1.33.1
Modified: trunk/libselinux/include/selinux/av_permissions.h
===================================================================
--- trunk/libselinux/include/selinux/av_permissions.h 2006-10-17 17:26:56 UTC (rev 2070)
+++ trunk/libselinux/include/selinux/av_permissions.h 2006-10-19 15:07:18 UTC (rev 2071)
@@ -16,7 +16,6 @@
#define COMMON_FILE__SWAPON 0x00004000UL
#define COMMON_FILE__QUOTAON 0x00008000UL
#define COMMON_FILE__MOUNTON 0x00010000UL
-
#define COMMON_SOCKET__IOCTL 0x00000001UL
#define COMMON_SOCKET__READ 0x00000002UL
#define COMMON_SOCKET__WRITE 0x00000004UL
@@ -39,7 +38,6 @@
#define COMMON_SOCKET__RECV_MSG 0x00080000UL
#define COMMON_SOCKET__SEND_MSG 0x00100000UL
#define COMMON_SOCKET__NAME_BIND 0x00200000UL
-
#define COMMON_IPC__CREATE 0x00000001UL
#define COMMON_IPC__DESTROY 0x00000002UL
#define COMMON_IPC__GETATTR 0x00000004UL
@@ -49,7 +47,6 @@
#define COMMON_IPC__ASSOCIATE 0x00000040UL
#define COMMON_IPC__UNIX_READ 0x00000080UL
#define COMMON_IPC__UNIX_WRITE 0x00000100UL
-
#define FILESYSTEM__MOUNT 0x00000001UL
#define FILESYSTEM__REMOUNT 0x00000002UL
#define FILESYSTEM__UNMOUNT 0x00000004UL
@@ -60,7 +57,6 @@
#define FILESYSTEM__ASSOCIATE 0x00000080UL
#define FILESYSTEM__QUOTAMOD 0x00000100UL
#define FILESYSTEM__QUOTAGET 0x00000200UL
-
#define DIR__IOCTL 0x00000001UL
#define DIR__READ 0x00000002UL
#define DIR__WRITE 0x00000004UL
@@ -78,13 +74,11 @@
#define DIR__SWAPON 0x00004000UL
#define DIR__QUOTAON 0x00008000UL
#define DIR__MOUNTON 0x00010000UL
-
#define DIR__ADD_NAME 0x00020000UL
#define DIR__REMOVE_NAME 0x00040000UL
#define DIR__REPARENT 0x00080000UL
#define DIR__SEARCH 0x00100000UL
#define DIR__RMDIR 0x00200000UL
-
#define FILE__IOCTL 0x00000001UL
#define FILE__READ 0x00000002UL
#define FILE__WRITE 0x00000004UL
@@ -102,11 +96,9 @@
#define FILE__SWAPON 0x00004000UL
#define FILE__QUOTAON 0x00008000UL
#define FILE__MOUNTON 0x00010000UL
-
#define FILE__EXECUTE_NO_TRANS 0x00020000UL
#define FILE__ENTRYPOINT 0x00040000UL
#define FILE__EXECMOD 0x00080000UL
-
#define LNK_FILE__IOCTL 0x00000001UL
#define LNK_FILE__READ 0x00000002UL
#define LNK_FILE__WRITE 0x00000004UL
@@ -124,7 +116,6 @@
#define LNK_FILE__SWAPON 0x00004000UL
#define LNK_FILE__QUOTAON 0x00008000UL
#define LNK_FILE__MOUNTON 0x00010000UL
-
#define CHR_FILE__IOCTL 0x00000001UL
#define CHR_FILE__READ 0x00000002UL
#define CHR_FILE__WRITE 0x00000004UL
@@ -142,11 +133,9 @@
#define CHR_FILE__SWAPON 0x00004000UL
#define CHR_FILE__QUOTAON 0x00008000UL
#define CHR_FILE__MOUNTON 0x00010000UL
-
#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
#define CHR_FILE__ENTRYPOINT 0x00040000UL
#define CHR_FILE__EXECMOD 0x00080000UL
-
#define BLK_FILE__IOCTL 0x00000001UL
#define BLK_FILE__READ 0x00000002UL
#define BLK_FILE__WRITE 0x00000004UL
@@ -164,7 +153,6 @@
#define BLK_FILE__SWAPON 0x00004000UL
#define BLK_FILE__QUOTAON 0x00008000UL
#define BLK_FILE__MOUNTON 0x00010000UL
-
#define SOCK_FILE__IOCTL 0x00000001UL
#define SOCK_FILE__READ 0x00000002UL
#define SOCK_FILE__WRITE 0x00000004UL
@@ -182,7 +170,6 @@
#define SOCK_FILE__SWAPON 0x00004000UL
#define SOCK_FILE__QUOTAON 0x00008000UL
#define SOCK_FILE__MOUNTON 0x00010000UL
-
#define FIFO_FILE__IOCTL 0x00000001UL
#define FIFO_FILE__READ 0x00000002UL
#define FIFO_FILE__WRITE 0x00000004UL
@@ -200,9 +187,7 @@
#define FIFO_FILE__SWAPON 0x00004000UL
#define FIFO_FILE__QUOTAON 0x00008000UL
#define FIFO_FILE__MOUNTON 0x00010000UL
-
#define FD__USE 0x00000001UL
-
#define SOCKET__IOCTL 0x00000001UL
#define SOCKET__READ 0x00000002UL
#define SOCKET__WRITE 0x00000004UL
@@ -225,7 +210,6 @@
#define SOCKET__RECV_MSG 0x00080000UL
#define SOCKET__SEND_MSG 0x00100000UL
#define SOCKET__NAME_BIND 0x00200000UL
-
#define TCP_SOCKET__IOCTL 0x00000001UL
#define TCP_SOCKET__READ 0x00000002UL
#define TCP_SOCKET__WRITE 0x00000004UL
@@ -248,13 +232,11 @@
#define TCP_SOCKET__RECV_MSG 0x00080000UL
#define TCP_SOCKET__SEND_MSG 0x00100000UL
#define TCP_SOCKET__NAME_BIND 0x00200000UL
-
#define TCP_SOCKET__CONNECTTO 0x00400000UL
#define TCP_SOCKET__NEWCONN 0x00800000UL
#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
#define TCP_SOCKET__NODE_BIND 0x02000000UL
#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
-
#define UDP_SOCKET__IOCTL 0x00000001UL
#define UDP_SOCKET__READ 0x00000002UL
#define UDP_SOCKET__WRITE 0x00000004UL
@@ -277,9 +259,7 @@
#define UDP_SOCKET__RECV_MSG 0x00080000UL
#define UDP_SOCKET__SEND_MSG 0x00100000UL
#define UDP_SOCKET__NAME_BIND 0x00200000UL
-
#define UDP_SOCKET__NODE_BIND 0x00400000UL
-
#define RAWIP_SOCKET__IOCTL 0x00000001UL
#define RAWIP_SOCKET__READ 0x00000002UL
#define RAWIP_SOCKET__WRITE 0x00000004UL
@@ -302,9 +282,7 @@
#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
-
#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
-
#define NODE__TCP_RECV 0x00000001UL
#define NODE__TCP_SEND 0x00000002UL
#define NODE__UDP_RECV 0x00000004UL
@@ -312,14 +290,12 @@
#define NODE__RAWIP_RECV 0x00000010UL
#define NODE__RAWIP_SEND 0x00000020UL
#define NODE__ENFORCE_DEST 0x00000040UL
-
#define NETIF__TCP_RECV 0x00000001UL
#define NETIF__TCP_SEND 0x00000002UL
#define NETIF__UDP_RECV 0x00000004UL
#define NETIF__UDP_SEND 0x00000008UL
#define NETIF__RAWIP_RECV 0x00000010UL
#define NETIF__RAWIP_SEND 0x00000020UL
-
#define NETLINK_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SOCKET__READ 0x00000002UL
#define NETLINK_SOCKET__WRITE 0x00000004UL
@@ -342,7 +318,6 @@
#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
-
#define PACKET_SOCKET__IOCTL 0x00000001UL
#define PACKET_SOCKET__READ 0x00000002UL
#define PACKET_SOCKET__WRITE 0x00000004UL
@@ -365,7 +340,6 @@
#define PACKET_SOCKET__RECV_MSG 0x00080000UL
#define PACKET_SOCKET__SEND_MSG 0x00100000UL
#define PACKET_SOCKET__NAME_BIND 0x00200000UL
-
#define KEY_SOCKET__IOCTL 0x00000001UL
#define KEY_SOCKET__READ 0x00000002UL
#define KEY_SOCKET__WRITE 0x00000004UL
@@ -388,7 +362,6 @@
#define KEY_SOCKET__RECV_MSG 0x00080000UL
#define KEY_SOCKET__SEND_MSG 0x00100000UL
#define KEY_SOCKET__NAME_BIND 0x00200000UL
-
#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
#define UNIX_STREAM_SOCKET__READ 0x00000002UL
#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
@@ -411,11 +384,9 @@
#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
-
#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
-
#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
@@ -438,7 +409,6 @@
#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
-
#define PROCESS__FORK 0x00000001UL
#define PROCESS__TRANSITION 0x00000002UL
#define PROCESS__SIGCHLD 0x00000004UL
@@ -469,7 +439,6 @@
#define PROCESS__EXECHEAP 0x08000000UL
#define PROCESS__SETKEYCREATE 0x10000000UL
#define PROCESS__SETSOCKCREATE 0x20000000UL
-
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
#define IPC__GETATTR 0x00000004UL
@@ -479,7 +448,6 @@
#define IPC__ASSOCIATE 0x00000040UL
#define IPC__UNIX_READ 0x00000080UL
#define IPC__UNIX_WRITE 0x00000100UL
-
#define SEM__CREATE 0x00000001UL
#define SEM__DESTROY 0x00000002UL
#define SEM__GETATTR 0x00000004UL
@@ -489,7 +457,6 @@
#define SEM__ASSOCIATE 0x00000040UL
#define SEM__UNIX_READ 0x00000080UL
#define SEM__UNIX_WRITE 0x00000100UL
-
#define MSGQ__CREATE 0x00000001UL
#define MSGQ__DESTROY 0x00000002UL
#define MSGQ__GETATTR 0x00000004UL
@@ -499,12 +466,9 @@
#define MSGQ__ASSOCIATE 0x00000040UL
#define MSGQ__UNIX_READ 0x00000080UL
#define MSGQ__UNIX_WRITE 0x00000100UL
-
#define MSGQ__ENQUEUE 0x00000200UL
-
#define MSG__SEND 0x00000001UL
#define MSG__RECEIVE 0x00000002UL
-
#define SHM__CREATE 0x00000001UL
#define SHM__DESTROY 0x00000002UL
#define SHM__GETATTR 0x00000004UL
@@ -514,9 +478,7 @@
#define SHM__ASSOCIATE 0x00000040UL
#define SHM__UNIX_READ 0x00000080UL
#define SHM__UNIX_WRITE 0x00000100UL
-
#define SHM__LOCK 0x00000200UL
-
#define SECURITY__COMPUTE_AV 0x00000001UL
#define SECURITY__COMPUTE_CREATE 0x00000002UL
#define SECURITY__COMPUTE_MEMBER 0x00000004UL
@@ -528,12 +490,10 @@
#define SECURITY__SETBOOL 0x00000100UL
#define SECURITY__SETSECPARAM 0x00000200UL
#define SECURITY__SETCHECKREQPROT 0x00000400UL
-
#define SYSTEM__IPC_INFO 0x00000001UL
#define SYSTEM__SYSLOG_READ 0x00000002UL
#define SYSTEM__SYSLOG_MOD 0x00000004UL
#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
-
#define CAPABILITY__CHOWN 0x00000001UL
#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
@@ -565,24 +525,20 @@
#define CAPABILITY__LEASE 0x10000000UL
#define CAPABILITY__AUDIT_WRITE 0x20000000UL
#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
-
#define PASSWD__PASSWD 0x00000001UL
#define PASSWD__CHFN 0x00000002UL
#define PASSWD__CHSH 0x00000004UL
#define PASSWD__ROOTOK 0x00000008UL
#define PASSWD__CRONTAB 0x00000010UL
-
#define DRAWABLE__CREATE 0x00000001UL
#define DRAWABLE__DESTROY 0x00000002UL
#define DRAWABLE__DRAW 0x00000004UL
#define DRAWABLE__COPY 0x00000008UL
#define DRAWABLE__GETATTR 0x00000010UL
-
#define GC__CREATE 0x00000001UL
#define GC__FREE 0x00000002UL
#define GC__GETATTR 0x00000004UL
#define GC__SETATTR 0x00000008UL
-
#define WINDOW__ADDCHILD 0x00000001UL
#define WINDOW__CREATE 0x00000002UL
#define WINDOW__DESTROY 0x00000004UL
@@ -609,12 +565,10 @@
#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
#define WINDOW__EXTENSIONEVENT 0x02000000UL
-
#define FONT__LOAD 0x00000001UL
#define FONT__FREE 0x00000002UL
#define FONT__GETATTR 0x00000004UL
#define FONT__USE 0x00000008UL
-
#define COLORMAP__CREATE 0x00000001UL
#define COLORMAP__FREE 0x00000002UL
#define COLORMAP__INSTALL 0x00000004UL
@@ -624,20 +578,16 @@
#define COLORMAP__STORE 0x00000040UL
#define COLORMAP__GETATTR 0x00000080UL
#define COLORMAP__SETATTR 0x00000100UL
-
#define PROPERTY__CREATE 0x00000001UL
#define PROPERTY__FREE 0x00000002UL
#define PROPERTY__READ 0x00000004UL
#define PROPERTY__WRITE 0x00000008UL
-
#define CURSOR__CREATE 0x00000001UL
#define CURSOR__CREATEGLYPH 0x00000002UL
#define CURSOR__FREE 0x00000004UL
#define CURSOR__ASSIGN 0x00000008UL
#define CURSOR__SETATTR 0x00000010UL
-
#define XCLIENT__KILL 0x00000001UL
-
#define XINPUT__LOOKUP 0x00000001UL
#define XINPUT__GETATTR 0x00000002UL
#define XINPUT__SETATTR 0x00000004UL
@@ -649,7 +599,6 @@
#define XINPUT__BELL 0x00000100UL
#define XINPUT__MOUSEMOTION 0x00000200UL
#define XINPUT__RELABELINPUT 0x00000400UL
-
#define XSERVER__SCREENSAVER 0x00000001UL
#define XSERVER__GETHOSTLIST 0x00000002UL
#define XSERVER__SETHOSTLIST 0x00000004UL
@@ -658,17 +607,14 @@
#define XSERVER__GETATTR 0x00000020UL
#define XSERVER__GRAB 0x00000040UL
#define XSERVER__UNGRAB 0x00000080UL
-
#define XEXTENSION__QUERY 0x00000001UL
#define XEXTENSION__USE 0x00000002UL
-
#define PAX__PAGEEXEC 0x00000001UL
#define PAX__EMUTRAMP 0x00000002UL
#define PAX__MPROTECT 0x00000004UL
#define PAX__RANDMMAP 0x00000008UL
#define PAX__RANDEXEC 0x00000010UL
#define PAX__SEGMEXEC 0x00000020UL
-
#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
@@ -691,10 +637,8 @@
#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
@@ -717,10 +661,8 @@
#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
@@ -743,10 +685,8 @@
#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
@@ -769,7 +709,6 @@
#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
@@ -792,10 +731,8 @@
#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
@@ -818,7 +755,6 @@
#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
@@ -841,12 +777,10 @@
#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
-
#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
@@ -869,10 +803,8 @@
#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
@@ -895,10 +827,8 @@
#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
-
#define DBUS__ACQUIRE_SVC 0x00000001UL
#define DBUS__SEND_MSG 0x00000002UL
-
#define NSCD__GETPWD 0x00000001UL
#define NSCD__GETGRP 0x00000002UL
#define NSCD__GETHOST 0x00000004UL
@@ -907,12 +837,10 @@
#define NSCD__SHMEMPWD 0x00000020UL
#define NSCD__SHMEMGRP 0x00000040UL
#define NSCD__SHMEMHOST 0x00000080UL
-
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
#define ASSOCIATION__POLMATCH 0x00000008UL
-
#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
@@ -935,7 +863,6 @@
#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
-
#define APPLETALK_SOCKET__IOCTL 0x00000001UL
#define APPLETALK_SOCKET__READ 0x00000002UL
#define APPLETALK_SOCKET__WRITE 0x00000004UL
@@ -958,11 +885,9 @@
#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
-
#define PACKET__SEND 0x00000001UL
#define PACKET__RECV 0x00000002UL
#define PACKET__RELABELTO 0x00000004UL
-
#define KEY__VIEW 0x00000001UL
#define KEY__READ 0x00000002UL
#define KEY__WRITE 0x00000004UL
@@ -970,3 +895,4 @@
#define KEY__LINK 0x00000010UL
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
+#define CONTEXT__TRANSLATE 0x00000001UL
Modified: trunk/libselinux/include/selinux/flask.h
===================================================================
--- trunk/libselinux/include/selinux/flask.h 2006-10-17 17:26:56 UTC (rev 2070)
+++ trunk/libselinux/include/selinux/flask.h 2006-10-19 15:07:18 UTC (rev 2071)
@@ -63,6 +63,7 @@
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
+#define SECCLASS_CONTEXT 59
/*
* Security identifier indices for initial entities
Modified: trunk/libselinux/src/av_perm_to_string.h
===================================================================
--- trunk/libselinux/src/av_perm_to_string.h 2006-10-17 17:26:56 UTC (rev 2070)
+++ trunk/libselinux/src/av_perm_to_string.h 2006-10-19 15:07:18 UTC (rev 2071)
@@ -73,6 +73,7 @@
S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
+ S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate")
S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
S_(SECCLASS_MSG, MSG__SEND, "send")
S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
@@ -253,6 +254,7 @@
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch")
S_(SECCLASS_PACKET, PACKET__SEND, "send")
S_(SECCLASS_PACKET, PACKET__RECV, "recv")
S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
@@ -263,3 +265,4 @@
S_(SECCLASS_KEY, KEY__LINK, "link")
S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
S_(SECCLASS_KEY, KEY__CREATE, "create")
+ S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
Modified: trunk/libselinux/src/class_to_string.h
===================================================================
--- trunk/libselinux/src/class_to_string.h 2006-10-17 17:26:56 UTC (rev 2070)
+++ trunk/libselinux/src/class_to_string.h 2006-10-19 15:07:18 UTC (rev 2071)
@@ -61,3 +61,4 @@
S_("appletalk_socket")
S_("packet")
S_("key")
+ S_("context")
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-11-14 00:16:08
|
Revision: 2088
http://svn.sourceforge.net/selinux/?rev=2088&view=rev
Author: ssmalley
Date: 2006-11-13 16:16:07 -0800 (Mon, 13 Nov 2006)
Log Message:
-----------
Merge context contains diff from James Antill (attachment).
Modified Paths:
--------------
trunk/libselinux/include/selinux/av_permissions.h
trunk/libselinux/src/av_perm_to_string.h
Modified: trunk/libselinux/include/selinux/av_permissions.h
===================================================================
--- trunk/libselinux/include/selinux/av_permissions.h 2006-11-14 00:09:55 UTC (rev 2087)
+++ trunk/libselinux/include/selinux/av_permissions.h 2006-11-14 00:16:07 UTC (rev 2088)
@@ -896,3 +896,4 @@
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
#define CONTEXT__TRANSLATE 0x00000001UL
+#define CONTEXT__CONTAINS 0x00000002UL
Modified: trunk/libselinux/src/av_perm_to_string.h
===================================================================
--- trunk/libselinux/src/av_perm_to_string.h 2006-11-14 00:09:55 UTC (rev 2087)
+++ trunk/libselinux/src/av_perm_to_string.h 2006-11-14 00:16:07 UTC (rev 2088)
@@ -266,3 +266,4 @@
S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
S_(SECCLASS_KEY, KEY__CREATE, "create")
S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+ S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-01-04 16:50:20
|
Revision: 2123
http://svn.sourceforge.net/selinux/?rev=2123&view=rev
Author: ssmalley
Date: 2007-01-04 08:50:14 -0800 (Thu, 04 Jan 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Patch for libselinux
Date: Wed, 03 Jan 2007 13:07:20 -0500
Fix for matchpatchon utility to lstat file if it exists to get correct
filecontext.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
trunk/libselinux/utils/matchpathcon.c
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-01-03 16:14:11 UTC (rev 2122)
+++ trunk/libselinux/ChangeLog 2007-01-04 16:50:14 UTC (rev 2123)
@@ -1,8 +1,13 @@
+1.33.3 2007-01-04
+ * Merged patch for matchpathcon utility to use file mode information
+ when available from Dan Walsh.
+
1.33.2 2006-11-27
- * Merged patch to compile wit -fPIC instead of -fpic from
- Manoj Srivastava to prevent hitting the global offest table
- limit. Patch changed to include libselinux and libsemanage in
+ * Merged patch to compile with -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offset table
+ limit. Patch changed to include libsepol and libsemanage in
addition to libselinux.
+
1.33.1 2006-10-19
* Merged updated flask definitions from Darrel Goeddel.
This adds the context security class, and also adds
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-01-03 16:14:11 UTC (rev 2122)
+++ trunk/libselinux/VERSION 2007-01-04 16:50:14 UTC (rev 2123)
@@ -1 +1 @@
-1.33.2
+1.33.3
Modified: trunk/libselinux/utils/matchpathcon.c
===================================================================
--- trunk/libselinux/utils/matchpathcon.c 2007-01-03 16:14:11 UTC (rev 2122)
+++ trunk/libselinux/utils/matchpathcon.c 2007-01-04 16:50:14 UTC (rev 2123)
@@ -4,20 +4,23 @@
#include <getopt.h>
#include <errno.h>
#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
#include <selinux/selinux.h>
void usage(const char *progname)
{
fprintf(stderr,
- "usage: %s [-n] [-f file_contexts] [-p prefix] path...\n",
+ "usage: %s [-N] [-n] [-f file_contexts] [-p prefix] [-V] path...\n",
progname);
exit(1);
}
-int printmatchpathcon(char *path, int header)
+int printmatchpathcon(char *path, int header, int mode)
{
char *buf;
- int rc = matchpathcon(path, 0, &buf);
+ int rc = matchpathcon(path, mode, &buf);
if (rc < 0) {
fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
strerror(errno));
@@ -92,6 +95,11 @@
}
}
for (i = optind; i < argc; i++) {
+ int mode=0;
+ struct stat buf;
+ if (lstat(argv[i], &buf) == 0)
+ mode = buf.st_mode;
+
if (verify) {
if (selinux_file_context_verify(argv[i], 0)) {
printf("%s verified.\n", argv[i]);
@@ -106,17 +114,17 @@
if (rc >= 0) {
printf("%s has context %s, should be ",
argv[i], con);
- error += printmatchpathcon(argv[i], 0);
+ error += printmatchpathcon(argv[i], 0, mode);
freecon(con);
} else {
printf
("actual context unknown: %s, should be ",
strerror(errno));
- error += printmatchpathcon(argv[i], 0);
+ error += printmatchpathcon(argv[i], 0,mode);
}
}
} else {
- error += printmatchpathcon(argv[i], header);
+ error += printmatchpathcon(argv[i], header, mode);
}
}
matchpathcon_fini();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-01-11 17:19:17
|
Revision: 2167
http://svn.sourceforge.net/selinux/?rev=2167&view=rev
Author: ssmalley
Date: 2007-01-11 09:19:04 -0800 (Thu, 11 Jan 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libselinux patch to add securetty rewritten with getline and using Lindent
Date: Tue, 09 Jan 2007 10:02:44 -0500
sds:
- Renamed securetty_contexts to securetty_types for the file name and path function.
- Changed the return value of selinux_check_securetty_context() to match other check functions, i.e. 0 if a securetty, < 0 otherwise.
- Fixed type on len.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
trunk/libselinux/include/selinux/selinux.h
trunk/libselinux/man/man3/selinux_binary_policy_path.3
trunk/libselinux/src/file_path_suffixes.h
trunk/libselinux/src/selinux_config.c
trunk/libselinux/src/selinux_internal.h
trunk/libselinux/utils/matchpathcon.c
Added Paths:
-----------
trunk/libselinux/man/man3/selinux_check_securetty_context.3
trunk/libselinux/man/man3/selinux_securetty_types_path.3
trunk/libselinux/src/selinux_check_securetty_context.c
trunk/libselinux/utils/selinux_check_securetty_context.c
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/ChangeLog 2007-01-11 17:19:04 UTC (rev 2167)
@@ -1,3 +1,6 @@
+1.33.4 2006-01-11
+ * Merged selinux_check_securetty_context() and support from Dan Walsh.
+
1.33.3 2007-01-04
* Merged patch for matchpathcon utility to use file mode information
when available from Dan Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/VERSION 2007-01-11 17:19:04 UTC (rev 2167)
@@ -1 +1 @@
-1.33.3
+1.33.4
Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/include/selinux/selinux.h 2007-01-11 17:19:04 UTC (rev 2167)
@@ -406,6 +406,7 @@
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_contexts_path(void);
+ extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void);
extern const char *selinux_users_path(void);
@@ -419,6 +420,11 @@
extern int selinux_check_passwd_access(access_vector_t requested);
extern int checkPasswdAccess(access_vector_t requested);
+/* Check if the tty_context is defined as a securetty
+ Return 0 if secure, < 0 otherwise. */
+ extern int selinux_check_securetty_context(security_context_t
+ tty_context);
+
/* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
Modified: trunk/libselinux/man/man3/selinux_binary_policy_path.3
===================================================================
--- trunk/libselinux/man/man3/selinux_binary_policy_path.3 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/man/man3/selinux_binary_policy_path.3 2007-01-11 17:19:04 UTC (rev 2167)
@@ -27,6 +27,8 @@
.br
extern const char *selinux_media_context_path(void);
.br
+extern const char *selinux_securetty_types_path(void);
+.br
extern const char *selinux_contexts_path(void);
.br
extern const char *selinux_booleans_path(void);
@@ -56,6 +58,8 @@
.sp
selinux_contexts_path() - directory containing all of the context configuration files
.sp
+selinux_securetty_types_path() - defines tty types for newrole securettys
+.sp
selinux_booleans_path() - initial policy boolean settings
.SH AUTHOR
Added: trunk/libselinux/man/man3/selinux_check_securetty_context.3
===================================================================
--- trunk/libselinux/man/man3/selinux_check_securetty_context.3 (rev 0)
+++ trunk/libselinux/man/man3/selinux_check_securetty_context.3 2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1,12 @@
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dw...@re..." "SE Linux API documentation"
+.SH "NAME"
+selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int selinux_check_securetty_context(security_context_t "tty_context );
+
+.SH "DESCRIPTION"
+.B selinux_check_securetty_context
+returns 0 if tty_context is a securetty context
+returns < 0 otherwise.
Added: trunk/libselinux/man/man3/selinux_securetty_types_path.3
===================================================================
--- trunk/libselinux/man/man3/selinux_securetty_types_path.3 (rev 0)
+++ trunk/libselinux/man/man3/selinux_securetty_types_path.3 2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
Modified: trunk/libselinux/src/file_path_suffixes.h
===================================================================
--- trunk/libselinux/src/file_path_suffixes.h 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/src/file_path_suffixes.h 2007-01-11 17:19:04 UTC (rev 2167)
@@ -7,6 +7,7 @@
S_(USER_CONTEXTS, "/contexts/users/")
S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
S_(DEFAULT_TYPE, "/contexts/default_type")
+ S_(SECURETTY_TYPES, "/contexts/securetty_types")
S_(BOOLEANS, "/booleans")
S_(MEDIA_CONTEXTS, "/contexts/files/media")
S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
Added: trunk/libselinux/src/selinux_check_securetty_context.c
===================================================================
--- trunk/libselinux/src/selinux_check_securetty_context.c (rev 0)
+++ trunk/libselinux/src/selinux_check_securetty_context.c 2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1,53 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+int selinux_check_securetty_context(security_context_t tty_context)
+{
+ char *line = NULL;
+ char *start, *end = NULL;
+ size_t line_len = 0;
+ ssize_t len;
+ int found = -1;
+ FILE *fp;
+ fp = fopen(selinux_securetty_types_path(), "r");
+ if (fp) {
+ context_t con = context_new(tty_context);
+ if (con) {
+ const char *type = context_type_get(con);
+ while ((len = getline(&line, &line_len, fp)) != -1) {
+
+ if (line[len - 1] == '\n')
+ line[len - 1] = 0;
+
+ /* Skip leading whitespace. */
+ start = line;
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ continue;
+
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+ if (!strcmp(type, start)) {
+ found = 0;
+ break;
+ }
+ }
+ free(line);
+ context_free(con);
+ }
+ fclose(fp);
+ }
+
+ return found;
+}
+
+hidden_def(selinux_check_securetty_context)
Modified: trunk/libselinux/src/selinux_config.c
===================================================================
--- trunk/libselinux/src/selinux_config.c 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/src/selinux_config.c 2007-01-11 17:19:04 UTC (rev 2167)
@@ -38,7 +38,8 @@
#define NETFILTER_CONTEXTS 15
#define FILE_CONTEXTS_HOMEDIR 16
#define FILE_CONTEXTS_LOCAL 17
-#define NEL 18
+#define SECURETTY_TYPES 18
+#define NEL 19
/* New layout is relative to SELINUXDIR/policytype. */
static char *file_paths[NEL];
@@ -299,6 +300,13 @@
hidden_def(selinux_default_context_path)
+const char *selinux_securetty_types_path()
+{
+ return get_path(SECURETTY_TYPES);
+}
+
+hidden_def(selinux_securetty_types_path)
+
const char *selinux_failsafe_context_path()
{
return get_path(FAILSAFE_CONTEXT);
Modified: trunk/libselinux/src/selinux_internal.h
===================================================================
--- trunk/libselinux/src/selinux_internal.h 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/src/selinux_internal.h 2007-01-11 17:19:04 UTC (rev 2167)
@@ -53,6 +53,7 @@
hidden_proto(security_setenforce)
hidden_proto(selinux_binary_policy_path)
hidden_proto(selinux_default_context_path)
+ hidden_proto(selinux_securetty_types_path)
hidden_proto(selinux_failsafe_context_path)
hidden_proto(selinux_removable_context_path)
hidden_proto(selinux_file_context_path)
@@ -66,6 +67,7 @@
hidden_proto(selinux_media_context_path)
hidden_proto(selinux_path)
hidden_proto(selinux_check_passwd_access)
+ hidden_proto(selinux_check_securetty_context)
hidden_proto(matchpathcon_init_prefix)
hidden_proto(selinux_users_path)
hidden_proto(selinux_usersconf_path);
Modified: trunk/libselinux/utils/matchpathcon.c
===================================================================
--- trunk/libselinux/utils/matchpathcon.c 2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/utils/matchpathcon.c 2007-01-11 17:19:04 UTC (rev 2167)
@@ -95,7 +95,7 @@
}
}
for (i = optind; i < argc; i++) {
- int mode=0;
+ int mode = 0;
struct stat buf;
if (lstat(argv[i], &buf) == 0)
mode = buf.st_mode;
@@ -114,13 +114,15 @@
if (rc >= 0) {
printf("%s has context %s, should be ",
argv[i], con);
- error += printmatchpathcon(argv[i], 0, mode);
+ error +=
+ printmatchpathcon(argv[i], 0, mode);
freecon(con);
} else {
printf
("actual context unknown: %s, should be ",
strerror(errno));
- error += printmatchpathcon(argv[i], 0,mode);
+ error +=
+ printmatchpathcon(argv[i], 0, mode);
}
}
} else {
Added: trunk/libselinux/utils/selinux_check_securetty_context.c
===================================================================
--- trunk/libselinux/utils/selinux_check_securetty_context.c (rev 0)
+++ trunk/libselinux/utils/selinux_check_securetty_context.c 2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1,35 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s tty_context...\n", progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int i;
+ if (argc < 2)
+ usage(argv[0]);
+
+ for (i = 1; i < argc; i++) {
+ switch (selinux_check_securetty_context(argv[i])) {
+ case 0:
+ printf("%s securetty.\n", argv[i]);
+ break;
+ default:
+ printf("%s not securetty.\n", argv[i]);
+ break;
+ }
+ }
+ return 0;
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-01-16 19:14:30
|
Revision: 2182
http://svn.sourceforge.net/selinux/?rev=2182&view=rev
Author: ssmalley
Date: 2007-01-16 11:14:28 -0800 (Tue, 16 Jan 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: New test program for libselinux/utils that helped with testing MLS/Role/Level coding
Date: Fri, 12 Jan 2007 11:51:19 -0500
Fixed level part of patch
> This is very similar to the existing getseuser utility that likewise
> does a getseuserbyname() but then calls
> get_ordered_context_list_with_level() and displays all of the contexts
> in it. Differences are that you permit specification of the role (and
> level, if fixed) via options and you only get the default value rather
> than the entire list.
I found this test program much easier to figure out what the application
(locallogin, sshd ...) would do when I logged in.
Probably be worth while adding some of the mls constraints tests in
also. IE Make sure mls is working so if I have a process running s0:s0
it can't generate a SystemHigh user, as well as a user with s0:s0 can
not ask for a level of SystemHigh.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Added Paths:
-----------
trunk/libselinux/utils/getdefaultcon.c
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-01-16 19:09:55 UTC (rev 2181)
+++ trunk/libselinux/ChangeLog 2007-01-16 19:14:28 UTC (rev 2182)
@@ -1,3 +1,6 @@
+1.33.5 2006-01-16
+ * Merged getdefaultcon utility from Dan Walsh.
+
1.33.4 2006-01-11
* Merged selinux_check_securetty_context() and support from Dan Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-01-16 19:09:55 UTC (rev 2181)
+++ trunk/libselinux/VERSION 2007-01-16 19:14:28 UTC (rev 2182)
@@ -1 +1 @@
-1.33.4
+1.33.5
Added: trunk/libselinux/utils/getdefaultcon.c
===================================================================
--- trunk/libselinux/utils/getdefaultcon.c (rev 0)
+++ trunk/libselinux/utils/getdefaultcon.c 2007-01-16 19:14:28 UTC (rev 2182)
@@ -0,0 +1,80 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+ security_context_t usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ int ret, opt;
+
+ while ((opt = getopt(argc, argv, "l:r:")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+ break;
+ case 'r':
+ role = strdup(optarg);
+ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+ }
+
+ if (((argc - optind) < 1) || ((argc - optind) > 2))
+ usage(argv[0], "invalid number of arguments", 2);
+
+ /* If selinux isn't available, bail out. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ "%s may be used only on a SELinux kernel.\n", argv[0]);
+ return 1;
+ }
+
+ user = argv[optind];
+
+ /* If a context wasn't passed, use the current context. */
+ if (((argc - optind) < 2)) {
+ if (getcon(&cur_context) < 0) {
+ fprintf(stderr, "Couldn't get current context.\n");
+ return 2;
+ }
+ } else
+ cur_context = argv[optind + 1];
+
+ if (getseuserbyname(user, &seuser, &dlevel)==0) {
+ if (! level) level=dlevel;
+ if (role != NULL && role[0])
+ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
+ else
+ ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
+ }
+ if (ret < 0)
+ perror(argv[0]);
+ else
+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+
+
+ free(role);
+ free(seuser);
+ if (level != dlevel) free(level);
+ free(dlevel);
+ free(usercon);
+
+ return 0;
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-02-01 20:59:40
|
Revision: 2211
http://svn.sourceforge.net/selinux/?rev=2211&view=rev
Author: kmacmillan
Date: 2007-02-01 12:59:39 -0800 (Thu, 01 Feb 2007)
Log Message:
-----------
Author: "Todd C. Miller"
Email: Tod...@sp...
Subject: PATCH: libselinux matchpathcon() eliminate %as scanf format
Date: Thu, 25 Jan 2007 18:59:22 -0500 (EST)
This is a patch I sent in last year but forgot to split up as
requested; it still applies to the recently-released selinux-1.34.0.
THe patch replaces usage of the non-standard %as scanf() format
(which conflicts with C99) with strtok_r(). This does mean that
line_buf is modified but this variable is only used as an argument
to process_line() and is freed thereafter.
I made this change as part of the port of libselinux to SEBSD and
SEDarwin.
- todd
Acked-by: Karl MacMillan with minor style updates.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/src/matchpathcon.c
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-02-01 20:46:24 UTC (rev 2210)
+++ trunk/libselinux/ChangeLog 2007-02-01 20:59:39 UTC (rev 2211)
@@ -1,4 +1,7 @@
- * Merged patch from Todd Miller to fix memory leak in matchpathcon.c
+ * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
+ of the use of the non-standard format %as. (original patch changed
+ for style).
+ * Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
1.34.1 2007-01-26
* Merged python binding fixes from Dan Walsh.
Modified: trunk/libselinux/src/matchpathcon.c
===================================================================
--- trunk/libselinux/src/matchpathcon.c 2007-02-01 20:46:24 UTC (rev 2210)
+++ trunk/libselinux/src/matchpathcon.c 2007-02-01 20:59:39 UTC (rev 2211)
@@ -444,7 +444,7 @@
int pass, unsigned lineno)
{
int items, len, regerr, ret;
- char *buf_p;
+ char *buf_p, *ptr;
char *regex, *type, *context;
const char *reg_buf;
char *anchored_regex;
@@ -459,7 +459,18 @@
/* Skip comment lines and empty lines. */
if (*buf_p == '#' || *buf_p == 0)
return 0;
- items = sscanf(line_buf, "%as %as %as", ®ex, &type, &context);
+
+ items = 0;
+ regex = strtok_r(buf_p, " \t", &ptr);
+ if (regex)
+ items += 1;
+ type = strtok_r(NULL, " \t", &ptr);
+ if (type)
+ items += 1;
+ context = strtok_r(NULL, " \t", &ptr);
+ if (context)
+ items += 1;
+
if (items < 2) {
myprintf("%s: line %d is missing fields, skipping\n", path,
lineno);
@@ -470,6 +481,23 @@
type = NULL;
}
+ regex = strdup(regex);
+ if (!regex) {
+ return -1;
+ }
+ if (type) {
+ type = strdup(type);
+ if (!type) {
+ ret = -1;
+ goto finish;
+ }
+ }
+ context = strdup(context);
+ if (!context) {
+ ret = -1;
+ goto finish;
+ }
+
reg_buf = regex;
len = get_stem_from_spec(reg_buf);
if (len && prefix && strncmp(prefix, regex, len)) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-02-01 21:21:19
|
Revision: 2216
http://svn.sourceforge.net/selinux/?rev=2216&view=rev
Author: kmacmillan
Date: 2007-02-01 13:21:17 -0800 (Thu, 01 Feb 2007)
Log Message:
-----------
libselinux version 2.0.0
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-02-01 21:20:12 UTC (rev 2215)
+++ trunk/libselinux/ChangeLog 2007-02-01 21:21:17 UTC (rev 2216)
@@ -1,3 +1,4 @@
+2.0.0 2007-01-01
* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
of the use of the non-standard format %as. (original patch changed
for style).
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-02-01 21:20:12 UTC (rev 2215)
+++ trunk/libselinux/VERSION 2007-02-01 21:21:17 UTC (rev 2216)
@@ -1 +1 @@
-1.34.2
+2.0.0
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-02-20 13:40:55
|
Revision: 2238
http://svn.sourceforge.net/selinux/?rev=2238&view=rev
Author: ssmalley
Date: 2007-02-20 05:40:44 -0800 (Tue, 20 Feb 2007)
Log Message:
-----------
Author: Tod...@sp...
Email: Tod...@sp...
Subject: PATCH: libselinux-1.34.0 bit type usage
Date: Wed, 7 Feb 2007 12:10:01 -0500 (EST)
libselinux uses a mix of bit type styles: BSD-style (u_XXint_t), Linux
kernel style (uXX), and C99 (uintXX_t). The following patch makes
things consistent by replacing use of BSD and Linux kernel styles with
the standard C99 bit types from stdint.h. Most files included stdint.h
already.
- todd
Modified Paths:
--------------
trunk/libselinux/include/selinux/avc.h
trunk/libselinux/man/man3/avc_add_callback.3
trunk/libselinux/src/avc.c
trunk/libselinux/src/avc_internal.c
trunk/libselinux/src/avc_internal.h
trunk/libselinux/src/avc_sidtab.c
trunk/libselinux/src/selinux_netlink.h
Modified: trunk/libselinux/include/selinux/avc.h
===================================================================
--- trunk/libselinux/include/selinux/avc.h 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/include/selinux/avc.h 2007-02-20 13:40:44 UTC (rev 2238)
@@ -304,11 +304,11 @@
* -%1 if insufficient memory exists to add the callback.
*/
int avc_add_callback(int (*callback)
- (u_int32_t event, security_id_t ssid,
+ (uint32_t event, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms,
access_vector_t * out_retained),
- u_int32_t events, security_id_t ssid,
+ uint32_t events, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms);
Modified: trunk/libselinux/man/man3/avc_add_callback.3
===================================================================
--- trunk/libselinux/man/man3/avc_add_callback.3 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/man/man3/avc_add_callback.3 2007-02-20 13:40:44 UTC (rev 2238)
@@ -9,7 +9,7 @@
.br
.B #include <selinux/avc.h>
.sp
-.BI "int avc_add_callback(int (*" callback ")(u_int32_t " event ,
+.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
.in +\w'int avc_add_callback(int (*callback)('u
.BI "security_id_t " ssid ,
.br
@@ -22,7 +22,7 @@
.BI "access_vector_t *" out_retained "),"
.in
.in +\w'int avc_add_callback('u
-.BI "u_int32_t " events ", security_id_t " ssid ,
+.BI "uint32_t " events ", security_id_t " ssid ,
.br
.BI "security_id_t " tsid ", security_class_t " tclass ,
.br
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/src/avc.c 2007-02-20 13:40:44 UTC (rev 2238)
@@ -49,9 +49,9 @@
}
};
static const struct av_perm_to_string {
- u16 tclass;
- u16 nameidx;
- u32 value;
+ uint16_t tclass;
+ uint16_t nameidx;
+ uint32_t value;
} av_perm_to_string[] = {
#define S_(c, v, s) { c, offsetof(union av_perm_to_string_data, L1(__LINE__)), v },
#include "av_perm_to_string.h"
@@ -77,7 +77,7 @@
#undef S_
}
};
-static const u16 class_to_string[] = {
+static const uint16_t class_to_string[] = {
#define S_(s) offsetof(union class_to_string_data, L1(__LINE__)),
#include "class_to_string.h"
#undef S_
@@ -112,7 +112,7 @@
struct {
#define TB_(s) struct {
#define TE_(s) } s##_part;
-#define S_(s) u16 L1(__LINE__)
+#define S_(s) uint16_t L1(__LINE__)
#define L1(l) L2(l)
#define L2(l) field_##l;
#include "common_perm_to_string.h"
@@ -122,7 +122,7 @@
#undef L1
#undef L2
};
- u16 data[0];
+ uint16_t data[0];
} common_perm_to_string = {
{
#define TB_(s) {
@@ -140,11 +140,11 @@
};
static const struct av_inherit {
- u16 tclass;
- u16 common_pts_idx;
- u32 common_base;
+ uint16_t tclass;
+ uint16_t common_pts_idx;
+ uint32_t common_base;
} av_inherit[] = {
-#define S_(c, i, b) { c, offsetof(union common_perm_to_string, common_##i##_perm_to_string_part)/sizeof(u16), b },
+#define S_(c, i, b) { c, offsetof(union common_perm_to_string, common_##i##_perm_to_string_part)/sizeof(uint16_t), b },
#include "av_inherit.h"
#undef S_
};
@@ -168,17 +168,17 @@
struct avc_cache {
struct avc_node *slots[AVC_CACHE_SLOTS];
- u_int32_t lru_hint; /* LRU hint for reclaim scan */
- u_int32_t active_nodes;
- u_int32_t latest_notif; /* latest revocation notification */
+ uint32_t lru_hint; /* LRU hint for reclaim scan */
+ uint32_t active_nodes;
+ uint32_t latest_notif; /* latest revocation notification */
};
struct avc_callback_node {
- int (*callback) (u_int32_t event, security_id_t ssid,
+ int (*callback) (uint32_t event, security_id_t ssid,
security_id_t tsid,
security_class_t tclass, access_vector_t perms,
access_vector_t * out_retained);
- u_int32_t events;
+ uint32_t events;
security_id_t ssid;
security_id_t tsid;
security_class_t tclass;
@@ -402,7 +402,7 @@
{
struct avc_node *prev, *cur;
int try;
- u_int32_t hvalue;
+ uint32_t hvalue;
hvalue = avc_cache.lru_hint;
for (try = 0; try < 2; try++) {
@@ -795,8 +795,8 @@
*/
static void avc_dump_av(security_class_t tclass, access_vector_t av)
{
- const u16 *common_pts_idx = 0;
- u_int32_t common_base = 0, perm;
+ const uint16_t *common_pts_idx = 0;
+ uint32_t common_base = 0, perm;
unsigned int i, i2;
if (av == 0) {
@@ -1006,12 +1006,12 @@
return rc;
}
-int avc_add_callback(int (*callback) (u_int32_t event, security_id_t ssid,
+int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid,
security_id_t tsid,
security_class_t tclass,
access_vector_t perms,
access_vector_t * out_retained),
- u_int32_t events, security_id_t ssid,
+ uint32_t events, security_id_t ssid,
security_id_t tsid,
security_class_t tclass, access_vector_t perms)
{
@@ -1041,7 +1041,7 @@
return (x == y || x == SECSID_WILD || y == SECSID_WILD);
}
-static inline void avc_update_node(u_int32_t event, struct avc_node *node,
+static inline void avc_update_node(uint32_t event, struct avc_node *node,
access_vector_t perms)
{
switch (event) {
@@ -1067,7 +1067,7 @@
}
}
-static int avc_update_cache(u_int32_t event, security_id_t ssid,
+static int avc_update_cache(uint32_t event, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms)
{
@@ -1105,10 +1105,10 @@
* This should not be called directly; use the individual event
* functions instead.
*/
-static int avc_control(u_int32_t event, security_id_t ssid,
+static int avc_control(uint32_t event, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms,
- u_int32_t seqno, access_vector_t * out_retained)
+ uint32_t seqno, access_vector_t * out_retained)
{
struct avc_callback_node *c;
access_vector_t tretained = 0, cretained = 0;
@@ -1167,7 +1167,7 @@
*/
int avc_ss_grant(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno)
+ uint32_t seqno)
{
return avc_control(AVC_CALLBACK_GRANT,
ssid, tsid, tclass, perms, seqno, 0);
@@ -1188,7 +1188,7 @@
*/
int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
security_class_t tclass,
- access_vector_t perms, u_int32_t seqno,
+ access_vector_t perms, uint32_t seqno,
access_vector_t * out_retained)
{
return avc_control(AVC_CALLBACK_TRY_REVOKE,
@@ -1208,7 +1208,7 @@
*/
int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno)
+ uint32_t seqno)
{
return avc_control(AVC_CALLBACK_REVOKE,
ssid, tsid, tclass, perms, seqno, 0);
@@ -1218,7 +1218,7 @@
* avc_ss_reset - Flush the cache and revalidate migrated permissions.
* @seqno: policy sequence number
*/
-int avc_ss_reset(u_int32_t seqno)
+int avc_ss_reset(uint32_t seqno)
{
int rc;
@@ -1243,7 +1243,7 @@
*/
int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno, u_int32_t enable)
+ uint32_t seqno, uint32_t enable)
{
if (enable)
return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
@@ -1264,7 +1264,7 @@
*/
int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno, u_int32_t enable)
+ uint32_t seqno, uint32_t enable)
{
if (enable)
return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
@@ -1303,7 +1303,7 @@
access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
{
- const u16 *common_pts_idx = 0;
+ const uint16_t *common_pts_idx = 0;
access_vector_t perm, common_base = 0;
unsigned int i;
@@ -1340,7 +1340,7 @@
void print_access_vector(security_class_t tclass, access_vector_t av)
{
- const u16 *common_pts_idx = 0;
+ const uint16_t *common_pts_idx = 0;
access_vector_t common_base = 0;
unsigned int i, i2, perm;
Modified: trunk/libselinux/src/avc_internal.c
===================================================================
--- trunk/libselinux/src/avc_internal.c 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/src/avc_internal.c 2007-02-20 13:40:44 UTC (rev 2238)
@@ -11,12 +11,12 @@
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
-#include <asm/types.h>
#include <linux/netlink.h>
#include "selinux_netlink.h"
#include "avc_internal.h"
Modified: trunk/libselinux/src/avc_internal.h
===================================================================
--- trunk/libselinux/src/avc_internal.h 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/src/avc_internal.h 2007-02-20 13:40:44 UTC (rev 2238)
@@ -15,10 +15,6 @@
#include <selinux/avc.h>
#include "dso.h"
-typedef u_int32_t u32;
-typedef u_int16_t u16;
-typedef u_int8_t u8;
-
/* SID reference counter manipulation */
static inline int sid_inc_refcnt(security_id_t sid)
{
@@ -164,21 +160,21 @@
/* internal callbacks */
int avc_ss_grant(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno) hidden;
+ uint32_t seqno) hidden;
int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
security_class_t tclass,
- access_vector_t perms, u_int32_t seqno,
+ access_vector_t perms, uint32_t seqno,
access_vector_t * out_retained) hidden;
int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno) hidden;
-int avc_ss_reset(u_int32_t seqno) hidden;
+ uint32_t seqno) hidden;
+int avc_ss_reset(uint32_t seqno) hidden;
int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno, u_int32_t enable) hidden;
+ uint32_t seqno, uint32_t enable) hidden;
int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms,
- u_int32_t seqno, u_int32_t enable) hidden;
+ uint32_t seqno, uint32_t enable) hidden;
/* netlink kernel message code */
extern int avc_netlink_trouble hidden;
Modified: trunk/libselinux/src/avc_sidtab.c
===================================================================
--- trunk/libselinux/src/avc_sidtab.c 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/src/avc_sidtab.c 2007-02-20 13:40:44 UTC (rev 2238)
@@ -6,6 +6,7 @@
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include "selinux_internal.h"
#include <selinux/avc.h>
Modified: trunk/libselinux/src/selinux_netlink.h
===================================================================
--- trunk/libselinux/src/selinux_netlink.h 2007-02-20 13:37:43 UTC (rev 2237)
+++ trunk/libselinux/src/selinux_netlink.h 2007-02-20 13:40:44 UTC (rev 2238)
@@ -25,7 +25,7 @@
};
struct selnl_msg_policyload {
- u_int32_t seqno;
+ uint32_t seqno;
};
#endif /* _LINUX_SELINUX_NETLINK_H */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-02-23 18:27:13
|
Revision: 2269
http://svn.sourceforge.net/selinux/?rev=2269&view=rev
Author: ssmalley
Date: 2007-02-23 10:27:12 -0800 (Fri, 23 Feb 2007)
Log Message:
-----------
Updated ChangeLogs and VERSIONs.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-02-23 18:24:15 UTC (rev 2268)
+++ trunk/libselinux/ChangeLog 2007-02-23 18:27:12 UTC (rev 2269)
@@ -1,3 +1,6 @@
+2.0.4 2007-02-23
+ * Removed sending of setrans init message.
+
2.0.3 2007-02-22
* Merged matchpathcon memory leak fix from Steve Grubb.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-02-23 18:24:15 UTC (rev 2268)
+++ trunk/libselinux/VERSION 2007-02-23 18:27:12 UTC (rev 2269)
@@ -1 +1 @@
-2.0.3
+2.0.4
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-02-27 15:06:20
|
Revision: 2274
http://svn.sourceforge.net/selinux/?rev=2274&view=rev
Author: ssmalley
Date: 2007-02-27 07:02:37 -0800 (Tue, 27 Feb 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-02-27 14:57:14 UTC (rev 2273)
+++ trunk/libselinux/ChangeLog 2007-02-27 15:02:37 UTC (rev 2274)
@@ -1,3 +1,6 @@
+2.0.5 2007-02-27
+ * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
+
2.0.4 2007-02-23
* Removed sending of setrans init message.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-02-27 14:57:14 UTC (rev 2273)
+++ trunk/libselinux/VERSION 2007-02-27 15:02:37 UTC (rev 2274)
@@ -1 +1 @@
-2.0.4
+2.0.5
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-03-12 15:34:34
|
Revision: 2288
http://svn.sourceforge.net/selinux/?rev=2288&view=rev
Author: ssmalley
Date: 2007-03-12 08:34:29 -0700 (Mon, 12 Mar 2007)
Log Message:
-----------
Updated ChangeLog and VERSION
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-03-12 15:33:08 UTC (rev 2287)
+++ trunk/libselinux/ChangeLog 2007-03-12 15:34:29 UTC (rev 2288)
@@ -1,3 +1,7 @@
+2.0.6 2007-03-12
+ * Merged patch to drop support for old /etc/sysconfig/selinux and
+ /etc/security policy file layout from Steve Grubb.
+
2.0.5 2007-02-27
* Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-03-12 15:33:08 UTC (rev 2287)
+++ trunk/libselinux/VERSION 2007-03-12 15:34:29 UTC (rev 2288)
@@ -1 +1 @@
-2.0.5
+2.0.6
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-03-12 16:47:33
|
Revision: 2290
http://svn.sourceforge.net/selinux/?rev=2290&view=rev
Author: ssmalley
Date: 2007-03-12 09:47:24 -0700 (Mon, 12 Mar 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-03-12 16:45:03 UTC (rev 2289)
+++ trunk/libselinux/ChangeLog 2007-03-12 16:47:24 UTC (rev 2290)
@@ -1,3 +1,6 @@
+2.0.7 2007-03-12
+ * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
+
2.0.6 2007-03-12
* Merged patch to drop support for old /etc/sysconfig/selinux and
/etc/security policy file layout from Steve Grubb.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-03-12 16:45:03 UTC (rev 2289)
+++ trunk/libselinux/VERSION 2007-03-12 16:47:24 UTC (rev 2290)
@@ -1 +1 @@
-2.0.6
+2.0.7
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-03-20 12:29:54
|
Revision: 2293
http://svn.sourceforge.net/selinux/?rev=2293&view=rev
Author: ssmalley
Date: 2007-03-20 04:41:46 -0700 (Tue, 20 Mar 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-03-20 11:40:47 UTC (rev 2292)
+++ trunk/libselinux/ChangeLog 2007-03-20 11:41:46 UTC (rev 2293)
@@ -1,3 +1,6 @@
+2.0.8 2007-03-20
+ * Merged fix for avc.h #include's from Eamon Walsh.
+
2.0.7 2007-03-12
* Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-03-20 11:40:47 UTC (rev 2292)
+++ trunk/libselinux/VERSION 2007-03-20 11:41:46 UTC (rev 2293)
@@ -1 +1 @@
-2.0.7
+2.0.8
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-03-30 18:44:47
|
Revision: 2314
http://svn.sourceforge.net/selinux/?rev=2314&view=rev
Author: ssmalley
Date: 2007-03-30 11:44:39 -0700 (Fri, 30 Mar 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: string and compute_create functions (resend)
Date: Fri, 30 Mar 2007 14:34:17 -0400
Some new interfaces for libselinux, supporting userspace object managers:
1. class,av to string functions, completing the set.
2. "avc_compute_create" convenience interface to security_compute_create,
taking userspace AVC SID's instead of security context strings.
3. man pages for these.
Resending patch 1, was whitespace damaged.
Modified Paths:
--------------
trunk/libselinux/include/selinux/selinux.h
trunk/libselinux/src/avc.c
Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h 2007-03-30 16:27:41 UTC (rev 2313)
+++ trunk/libselinux/include/selinux/selinux.h 2007-03-30 18:44:39 UTC (rev 2314)
@@ -277,13 +277,21 @@
/* Common helpers */
-/* Return the security class value for a given class name. */
+/* Convert between security class values and string names */
extern security_class_t string_to_security_class(const char *name);
+ extern const char *security_class_to_string(security_class_t cls);
-/* Return an access vector for a given class and permission name. */
+/* Convert between individual access vector permissions and string names */
+ extern const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t perm);
extern access_vector_t string_to_av_perm(security_class_t tclass,
const char *name);
+/* Returns an access vector in a string representation. User must free the
+ * returned string via free(). */
+ extern int security_av_string(security_class_t tclass,
+ access_vector_t av, char **result);
+
/* Display an access vector in a string representation. */
extern void print_access_vector(security_class_t tclass,
access_vector_t av);
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2007-03-30 16:27:41 UTC (rev 2313)
+++ trunk/libselinux/src/avc.c 2007-03-30 18:44:39 UTC (rev 2314)
@@ -1338,6 +1338,105 @@
return 0;
}
+const char *security_class_to_string(security_class_t tclass)
+{
+ tclass = (tclass > 0 && tclass < NCLASSES) ? tclass : 0;
+ return class_to_string_data.str + class_to_string[tclass];
+}
+
+const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t av)
+{
+ const uint16_t *common_pts_idx = 0;
+ access_vector_t common_base = 0;
+ unsigned int i;
+
+ if (!av)
+ return NULL;
+
+ for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+ if (av_inherit[i].tclass == tclass) {
+ common_pts_idx =
+ &common_perm_to_string.data[av_inherit[i].
+ common_pts_idx];
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ if (av < common_base) {
+ i = 0;
+ while (!(av & 1)) {
+ av >>= 1;
+ i++;
+ }
+ return common_perm_to_string_data.str + common_pts_idx[i];
+ }
+
+ for (i = 0; i < NVECTORS; i++) {
+ if (av_perm_to_string[i].tclass == tclass &&
+ av_perm_to_string[i].value == av)
+ return av_perm_to_string_data.str
+ + av_perm_to_string[i].nameidx;
+ }
+
+ return NULL;
+}
+
+int security_av_string(security_class_t tclass, access_vector_t av, char **res)
+{
+ unsigned int i = 0;
+ size_t len = 5;
+ access_vector_t tmp = av;
+ int rc = 0;
+ const char *str;
+ char *ptr;
+
+ /* first pass computes the required length */
+ while (tmp) {
+ if (tmp & 1) {
+ str = security_av_perm_to_string(tclass, av & (1<<i));
+ if (str)
+ len += strlen(str) + 1;
+ else {
+ rc = -1;
+ errno = EINVAL;
+ goto out;
+ }
+ }
+ tmp >>= 1;
+ i++;
+ }
+
+ *res = malloc(len);
+ if (!*res) {
+ rc = -1;
+ goto out;
+ }
+
+ /* second pass constructs the string */
+ i = 0;
+ tmp = av;
+ ptr = *res;
+
+ if (!av) {
+ sprintf(ptr, "null");
+ goto out;
+ }
+
+ ptr += sprintf(ptr, "{ ");
+ while (tmp) {
+ if (tmp & 1)
+ ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
+ tclass, av & (1<<i)));
+ tmp >>= 1;
+ i++;
+ }
+ sprintf(ptr, "}");
+out:
+ return rc;
+}
+
void print_access_vector(security_class_t tclass, access_vector_t av)
{
const uint16_t *common_pts_idx = 0;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-03-30 18:48:42
|
Revision: 2315
http://svn.sourceforge.net/selinux/?rev=2315&view=rev
Author: ssmalley
Date: 2007-03-30 11:48:41 -0700 (Fri, 30 Mar 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: string and compute_create functions
Date: Fri, 30 Mar 2007 13:48:52 -0400
avc_compute_create function, same as security_compute_create but
takes userspace AVC SID's.
[sds: make it compile]
Modified Paths:
--------------
trunk/libselinux/include/selinux/avc.h
trunk/libselinux/src/avc.c
Modified: trunk/libselinux/include/selinux/avc.h
===================================================================
--- trunk/libselinux/include/selinux/avc.h 2007-03-30 18:44:39 UTC (rev 2314)
+++ trunk/libselinux/include/selinux/avc.h 2007-03-30 18:48:41 UTC (rev 2315)
@@ -274,6 +274,25 @@
security_class_t tclass, access_vector_t requested,
struct av_decision *avd, int result, void *auditdata);
+/**
+ * avc_compute_create - Compute SID for labeling a new object.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @newsid: pointer to SID reference
+ *
+ * Call the security server to obtain a context for labeling a
+ * new object. Look up the context in the SID table, making
+ * a new entry if not found. Increment the reference counter
+ * for the SID. Store a pointer to the SID structure into the
+ * memory referenced by @newsid, returning %0 on success or -%1 on
+ * error with @errno set.
+ */
+ int avc_compute_create(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ security_id_t *newsid);
+
/*
* security event callback facility
*/
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2007-03-30 18:44:39 UTC (rev 2314)
+++ trunk/libselinux/src/avc.c 2007-03-30 18:48:41 UTC (rev 2315)
@@ -1006,6 +1006,31 @@
return rc;
}
+int avc_compute_create(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, security_id_t *newsid)
+{
+ int rc;
+ *newsid = NULL;
+ avc_get_lock(avc_lock);
+ if (ssid->refcnt > 0 && tsid->refcnt > 0) {
+ security_context_t ctx = NULL;
+ rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
+ &ctx);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
+ if (!rc)
+ (*newsid)->refcnt++;
+ freecon(ctx);
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid,
security_id_t tsid,
security_class_t tclass,
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-03-30 19:21:52
|
Revision: 2317
http://svn.sourceforge.net/selinux/?rev=2317&view=rev
Author: ssmalley
Date: 2007-03-30 12:21:51 -0700 (Fri, 30 Mar 2007)
Log Message:
-----------
Update version and ChangeLog.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-03-30 18:50:23 UTC (rev 2316)
+++ trunk/libselinux/ChangeLog 2007-03-30 19:21:51 UTC (rev 2317)
@@ -1,3 +1,6 @@
+2.0.9 2007-03-30
+ * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
+
2.0.8 2007-03-20
* Merged fix for avc.h #include's from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-03-30 18:50:23 UTC (rev 2316)
+++ trunk/libselinux/VERSION 2007-03-30 19:21:51 UTC (rev 2317)
@@ -1 +1 @@
-2.0.8
+2.0.9
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-05 18:11:38
|
Revision: 2320
http://svn.sourceforge.net/selinux/?rev=2320&view=rev
Author: ssmalley
Date: 2007-04-05 11:11:36 -0700 (Thu, 05 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-04-05 18:10:02 UTC (rev 2319)
+++ trunk/libselinux/ChangeLog 2007-04-05 18:11:36 UTC (rev 2320)
@@ -1,3 +1,6 @@
+2.0.10 2007-04-05
+ * Merged sidput(NULL) patch from Eamon Walsh.
+
2.0.9 2007-03-30
* Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-04-05 18:10:02 UTC (rev 2319)
+++ trunk/libselinux/VERSION 2007-04-05 18:11:36 UTC (rev 2320)
@@ -1 +1 @@
-2.0.9
+2.0.10
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-05 20:02:12
|
Revision: 2323
http://svn.sourceforge.net/selinux/?rev=2323&view=rev
Author: ssmalley
Date: 2007-04-05 13:02:11 -0700 (Thu, 05 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-04-05 20:00:54 UTC (rev 2322)
+++ trunk/libselinux/ChangeLog 2007-04-05 20:02:11 UTC (rev 2323)
@@ -1,3 +1,7 @@
+2.0.11 2007-04-05
+ * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
+
+
2.0.10 2007-04-05
* Merged sidput(NULL) patch from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-04-05 20:00:54 UTC (rev 2322)
+++ trunk/libselinux/VERSION 2007-04-05 20:02:11 UTC (rev 2323)
@@ -1 +1 @@
-2.0.10
+2.0.11
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X