RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-30 07:16:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
817 Commits 8 Branches 22 Tags 3.8 MiB
e41adf0164
Commit Graph

72 Commits

Author SHA1 Message Date
Laurent Bigonville
e41adf0164 Fix build failure with GCC 7 due to possible truncation of snprintf output 
setools fails to build under GCC7 -Wformat -Werror with the following error:

x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include -I/usr/include/python3.6m -c libqpol/policy_extend.c -o build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions
libqpol/policy_extend.c: In function 'policy_extend':
libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                           ^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                      ^~~~~~~~~~~

Increase the size of the buffer to avoid collisions

Closes: https://github.com/TresysTechnology/setools/issues/174
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
 2017-09-26 16:36:59 +02:00
Petr Lautrbach
2ac588919d bswap_* macros are defined in byteswap.h 
Fixes ImportError on s390x:
/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
 2017-08-10 08:23:47 +02:00
Karl MacMillan
e743d2a0ea Ftrules hashtab (#164) 
* Search for libsepol in /usr/local

* Support filename transition and range transitions rules in the new hashtable storage of libsepol

* Fix off-by-one bug in traversing hashtables and minor compile fixes under Fedora 25.

* Remove debugging.

* The policy_define.c that uses hashtables was not setting the otype for filetrans_rules. This
appears intentional (the hashtable is just being filled out to detect duplicates based on the comments),
but for qpol was causing problems.
 2017-01-23 18:27:22 -05:00
Chris PeBenito
6eaf7a26f5 libqpol: Remove unused syntactic rule functions. 2016-05-20 10:31:18 -04:00
Nicolas Iooss
2e028845ad
libqpol: fix typos in documentation comments 
clang warns about unknown documentation commands, which are spelling
errors:

    libqpol/include/qpol/cond_query.h:87:5: error: unknown command tag
    name 'returm'; did you mean 'return'?
    [-Werror,-Wdocumentation-unknown-command]
     *  @returm 0 on success and < 0 on failure; if the call fails,
        ^~~~~~~
         return
 2016-05-04 23:14:27 +02:00
Chris PeBenito
9dc79ce672 qpol: Do not try to infer policy version on source policies. 
Version is a compile-time setting.  The policy can also be downgraded
or may not use newer policy version features.

Set source policies to maximum supported policy version supported by
libsepol.
 2016-04-26 10:12:03 -04:00
Chris PeBenito
5e16d57988 Remove duplicate linux_types.h. 2016-04-25 14:21:45 -04:00
Chris PeBenito
b7377f03d7 Merge pull request #132 from jbrindle/master 
move linux_types header to libqpol
 2016-04-25 13:49:13 -04:00
Joshua Brindle
b7b313a086 move linux_types header to libqpol 2016-04-25 12:14:40 -04:00
Chris PeBenito
fa13413eec Move linux_types.h to libqpol directory. 2016-04-25 11:09:51 -04:00
Chris PeBenito
95ac39792d Fix build error. 
Missed a util.h reference.
 2016-04-22 14:46:55 -04:00
Chris PeBenito
458ea44809 Remove stale util.h in qpol. 2016-04-22 14:24:37 -04:00
Chris PeBenito
a7fe3639ec Remove bzip2 dependency. 
This was needed for bzipped .pp files, but loading modules is no longer
supported.
 2016-04-22 13:48:39 -04:00
Joshua Brindle
ac1550cc20 remove QPOL_POLICY_OPTION_MATCH_SYSTEM defines 2016-04-22 09:33:14 -04:00
Joshua Brindle
d6996d1f09 use c99 type for uint64_t 2016-04-22 09:16:30 -04:00
Joshua Brindle
9fbfeb43d2 symtab_datum is only 32 bits so casting triggers increase alignment warning, cast to void first to avoid that 2016-04-22 09:16:30 -04:00
Joshua Brindle
42fb95a9c9 headers and types not present on Darwin either wrapped or added in linux_types.h 2016-04-22 09:16:27 -04:00
Joshua Brindle
9a89d9b63b remove LIBSELINUX dependency, deprecated functions, and remove symbol map 2016-04-22 09:15:16 -04:00
Chris PeBenito
1147d00797 Implement DCCP protocol support for portcons. 2016-04-06 13:01:28 -04:00
Chris PeBenito
e7f12a17d8 Reduce diff size between files copied from checkpolicy and libqpol. 
Try to make future updates easier.
 2016-03-28 16:34:35 -04:00
Chris PeBenito
e70e670664 libqpol: fix merge error (duplicate code a few lines up) 2016-03-28 13:57:41 -04:00
Steve Lawrence
21864a7ea6 Change extended avrules to be more similar to normal avrules 
- Add an iterator to extract the extended permissions rather than
  returning only a string
- Add queries for determining if an avrule is extended, and what its
  type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
  they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
 2016-03-21 10:57:21 -04:00
Richard Haines
dd29dc9c43 setools-V4: libqpol policy V30 updates (xen/xperm statements) 
Updated libqpol services to use the latest checkpolicy 2.4 source
files to support Xen and extended permissions (allowxperm etc.).

TODO: Add support for querying the xperm values.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2016-03-21 10:56:37 -04:00
Chris PeBenito
faeccd0360 libqpol: stop processing types when building type attribute map 
Fix originally from Richard Haines.
 2016-03-21 10:56:37 -04:00
Chris PeBenito
699ce33cd7 policyrep: add typebounds rules 
Closes #66
 2016-02-05 13:53:30 -05:00
Chris PeBenito
dae8f83b77 libqpol: Skip types when building type attribute map. 
Fix originally from Richard Haines.

Closes #94.
 2016-02-04 14:06:49 -05:00
Chris PeBenito
87d9d56a55 libqpol: stop adding all types to object_r. 
This is not what is in the policy. The object_r behavior is a special case
in the kernel code.
 2016-01-22 09:28:23 -05:00
Chris PeBenito
1406eb30c3 Implement InitialSIDTest. 2015-04-24 08:56:56 -04:00
Chris PeBenito
6de35b81f7 Implement CommonTest and ObjClassTest. 
Also fix bugs uncovered by testing.
 2015-04-23 11:04:37 -04:00
Chris PeBenito
4e0b7d853b Thoroughly test MLS representations. 
Implement category and level decl. lookups along the way.
 2015-04-09 14:27:51 -04:00
Chris PeBenito
11fdaa7ad6 Route libqpol meessages through Python logging. 
Does not include errors from the lex/yacc.
 2015-03-21 16:23:59 -04:00
Chris PeBenito
757a16750b Fix qpol_context_get_range() not to segfault on MLS-disabled policy. 
Correspondingly fix MLS object factories to immediately check if MLS is
disabled and short circuit if so.
 2015-03-15 12:37:24 -04:00
Chris PeBenito
0b295755de Distinguish policy syntax errors from other OS errors, eg ENOENT. 
The policy parser does not set errno, so the libqpol code assumes the
errors from parser code are always invalid syntax, rather than something
else like out of memory.  This may not always be the case, but any other
kind of error is unlikely (and likely catastrophic)
 2015-03-06 10:44:32 -05:00
Chris PeBenito
a44a82a8a1 Fix compile error. 2015-02-22 09:43:15 -05:00
Chris PeBenito
a8d7f740b2 Change range constructor to use regular levels instead of semantic ones. 
This affords better error reporting since levels can be invalid for
several reasons.

* Fix memory leak in qpol_semantic_level
* Add unit tests
 2015-02-22 09:24:39 -05:00
Chris PeBenito
926da1f675 Change libqpol message output. 
Changing ERR/WARN/INFO did not catch error output from libsepol.
 2015-02-21 17:50:19 -05:00
Chris PeBenito
4953ebdcc4 Implement MLS range lookup. 2015-02-21 16:43:32 -05:00
Chris PeBenito
2dd517b4b3 Implement MLS level lookup. 2015-02-21 15:09:52 -05:00
Chris PeBenito
b67bd76e0c Move libqpol parser further in line with checkpolicy. 
* Especially remove buggy conditional branch verification -- keep the same
  behavior as checkpolicy.
* No-rules-loading logic no longer needed
 2015-02-10 11:43:31 -05:00
Chris PeBenito
0192ff6ddd Restore abort() use. 
Otherwise -NDEBUG builds get compile errors.
 2015-02-05 13:28:08 -05:00
Chris PeBenito
79320ba0cc Update parsers to checkpolicy 2.4. 
Start dropping ancient psid support and other unused #ifdefs.
 2015-02-05 13:05:55 -05:00
Chris PeBenito
3937946900 Update to libsepol 2.4 parser. 
There was a struct change internally. Now setools4 requires libsepol 2.4.
 2015-02-04 14:34:47 -05:00
Fernand Lone-Sang
bc081bbccd Fixed -Werror=unused-but-set-variable in libqpol/policy_extend.c 2015-01-23 15:23:38 +01:00
Fernand Lone-Sang
6a8dbe88a5 Fixed -Werror=unused-variable in libqpol/policy_extend.c 2015-01-23 15:23:32 +01:00
Fernand Lone-Sang
43ab9251fd Fixed -Werror=unused-but-set-variable in libqpol/default_object_query.c 2015-01-23 15:23:32 +01:00
Chris PeBenito
0c0534e824 Change libqpol to return qpol_class_t instead of string for default objects 2014-12-16 12:21:33 -05:00
Chris PeBenito
e53be65ebe Silence error message output generated by libqpol. 2014-11-09 10:20:33 -05:00
Chris PeBenito
63e483f0d3 Undo incorrect signedness change in define_compute_type_helper(). 2014-11-03 08:28:50 -05:00
Chris PeBenito
24eed203c2 Remove one additional incorrect pointer check missed in cb20942. 2014-11-02 22:14:06 -05:00
Chris PeBenito
d0d78cebda One pair of additional signedness fixes from -Wsign-compare. 2014-11-02 13:21:38 -05:00