libsepol: remove wild cards in mapfile

With the old hidden_def and hidden_proto DSO infrastructure removed,
correctness of the map file becomes paramount, as it is what filters out
public API. Because of this, the wild cards should not be used, as it
lets some functions through that should not be made public API. Thus
remove the wild cards, and sort the list.

Additionally, verify that nothing changed in external symbols as well:

This was checked by generating an old export map (from master):
nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map

Then creating a new one for this library after this patch is applied:
nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map

And diffing them:
diff old.map new.map

Fixes: #165
Fixes: #204

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit is contained in:
William Roberts 2020-03-10 15:53:20 -05:00 committed by stephensmalley
parent d1284ab457
commit bacf02f697

View File

@ -1,39 +1,254 @@
LIBSEPOL_1.0 {
global:
expand_module_avrules;
sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages;
sepol_bool_*; sepol_genbools*;
sepol_context_*; sepol_mls_*; sepol_check_context;
sepol_iface_*;
sepol_port_*;
sepol_ibpkey_*;
sepol_ibendport_*;
sepol_node_*;
sepol_user_*; sepol_genusers; sepol_set_delusers;
sepol_msg_*; sepol_debug;
sepol_handle_*;
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
sepol_get_disable_dontaudit;
sepol_set_disable_dontaudit;
sepol_set_expand_consume_base;
sepol_get_preserve_tunables; sepol_set_preserve_tunables;
global:
cil_add_file;
cil_build_policydb;
cil_compile;
cil_db_destroy;
cil_db_init;
cil_filecons_to_string;
cil_selinuxusers_to_string;
cil_set_disable_dontaudit;
cil_set_disable_neverallow;
cil_set_preserve_tunables;
cil_set_handle_unknown;
cil_db_destroy;
cil_add_file;
cil_compile;
cil_build_policydb;
cil_userprefixes_to_string;
cil_selinuxusers_to_string;
cil_filecons_to_string;
cil_set_log_level;
cil_set_log_handler;
cil_set_malloc_error_handler;
cil_set_log_level;
cil_set_preserve_tunables;
cil_userprefixes_to_string;
expand_module_avrules;
sepol_bool_clone;
sepol_bool_compare;
sepol_bool_compare2;
sepol_bool_count;
sepol_bool_create;
sepol_bool_exists;
sepol_bool_free;
sepol_bool_get_name;
sepol_bool_get_value;
sepol_bool_iterate;
sepol_bool_key_create;
sepol_bool_key_extract;
sepol_bool_key_free;
sepol_bool_key_unpack;
sepol_bool_query;
sepol_bool_set;
sepol_bool_set_name;
sepol_bool_set_value;
sepol_check_context;
sepol_context_check;
sepol_context_clone;
sepol_context_create;
sepol_context_free;
sepol_context_from_string;
sepol_context_get_mls;
sepol_context_get_role;
sepol_context_get_type;
sepol_context_get_user;
sepol_context_set_mls;
sepol_context_set_role;
sepol_context_set_type;
sepol_context_set_user;
sepol_context_to_string;
sepol_debug;
sepol_expand_module;
sepol_genbools;
sepol_genbools_array;
sepol_genusers;
sepol_get_disable_dontaudit;
sepol_get_preserve_tunables;
sepol_handle_create;
sepol_handle_destroy;
sepol_ibendport_alloc_ibdev_name;
sepol_ibendport_clone;
sepol_ibendport_compare;
sepol_ibendport_compare2;
sepol_ibendport_count;
sepol_ibendport_create;
sepol_ibendport_exists;
sepol_ibendport_free;
sepol_ibendport_get_con;
sepol_ibendport_get_ibdev_name;
sepol_ibendport_get_port;
sepol_ibendport_iterate;
sepol_ibendport_key_create;
sepol_ibendport_key_extract;
sepol_ibendport_key_free;
sepol_ibendport_key_unpack;
sepol_ibendport_modify;
sepol_ibendport_query;
sepol_ibendport_set_con;
sepol_ibendport_set_ibdev_name;
sepol_ibendport_set_port;
sepol_ibpkey_clone;
sepol_ibpkey_compare;
sepol_ibpkey_compare2;
sepol_ibpkey_count;
sepol_ibpkey_create;
sepol_ibpkey_exists;
sepol_ibpkey_free;
sepol_ibpkey_get_con;
sepol_ibpkey_get_high;
sepol_ibpkey_get_low;
sepol_ibpkey_get_subnet_prefix;
sepol_ibpkey_get_subnet_prefix_bytes;
sepol_ibpkey_iterate;
sepol_ibpkey_key_create;
sepol_ibpkey_key_extract;
sepol_ibpkey_key_free;
sepol_ibpkey_key_unpack;
sepol_ibpkey_modify;
sepol_ibpkey_query;
sepol_ibpkey_set_con;
sepol_ibpkey_set_pkey;
sepol_ibpkey_set_range;
sepol_ibpkey_set_subnet_prefix;
sepol_ibpkey_set_subnet_prefix_bytes;
sepol_iface_clone;
sepol_iface_compare;
sepol_iface_compare2;
sepol_iface_count;
sepol_iface_create;
sepol_iface_exists;
sepol_iface_free;
sepol_iface_get_ifcon;
sepol_iface_get_msgcon;
sepol_iface_get_name;
sepol_iface_iterate;
sepol_iface_key_create;
sepol_iface_key_extract;
sepol_iface_key_free;
sepol_iface_key_unpack;
sepol_iface_modify;
sepol_iface_query;
sepol_iface_set_ifcon;
sepol_iface_set_msgcon;
sepol_iface_set_name;
sepol_link_modules;
sepol_link_packages;
sepol_mls_check;
sepol_mls_contains;
sepol_module_package_create;
sepol_module_package_free;
sepol_module_package_get_file_contexts;
sepol_module_package_get_file_contexts_len;
sepol_module_package_get_netfilter_contexts;
sepol_module_package_get_netfilter_contexts_len;
sepol_module_package_get_policy;
sepol_module_package_get_seusers;
sepol_module_package_get_seusers_len;
sepol_module_package_get_user_extra;
sepol_module_package_get_user_extra_len;
sepol_module_package_info;
sepol_module_package_read;
sepol_module_package_set_file_contexts;
sepol_module_package_set_netfilter_contexts;
sepol_module_package_set_seusers;
sepol_module_package_set_user_extra;
sepol_module_package_write;
sepol_msg_get_channel;
sepol_msg_get_fname;
sepol_msg_get_level;
sepol_msg_set_callback;
sepol_node_clone;
sepol_node_compare;
sepol_node_compare2;
sepol_node_count;
sepol_node_create;
sepol_node_exists;
sepol_node_free;
sepol_node_get_addr;
sepol_node_get_addr_bytes;
sepol_node_get_con;
sepol_node_get_mask;
sepol_node_get_mask_bytes;
sepol_node_get_proto;
sepol_node_get_proto_str;
sepol_node_iterate;
sepol_node_key_create;
sepol_node_key_extract;
sepol_node_key_free;
sepol_node_key_unpack;
sepol_node_modify;
sepol_node_query;
sepol_node_set_addr;
sepol_node_set_addr_bytes;
sepol_node_set_con;
sepol_node_set_mask;
sepol_node_set_mask_bytes;
sepol_node_set_proto;
sepol_policydb_compat_net;
sepol_policydb_create;
sepol_policydb_free;
sepol_policydb_from_image;
sepol_policydb_mls_enabled;
sepol_policydb_read;
sepol_policydb_set_handle_unknown;
sepol_policydb_set_target_platform;
sepol_policydb_set_typevers;
sepol_policydb_set_vers;
sepol_policydb_to_image;
sepol_policydb_write;
sepol_policy_file_create;
sepol_policy_file_free;
sepol_policy_file_get_len;
sepol_policy_file_set_fp;
sepol_policy_file_set_handle;
sepol_policy_file_set_mem;
sepol_policy_kern_vers_max;
sepol_policy_kern_vers_min;
sepol_port_clone;
sepol_port_compare;
sepol_port_compare2;
sepol_port_count;
sepol_port_create;
sepol_port_exists;
sepol_port_free;
sepol_port_get_con;
sepol_port_get_high;
sepol_port_get_low;
sepol_port_get_proto;
sepol_port_get_proto_str;
sepol_port_iterate;
sepol_port_key_create;
sepol_port_key_extract;
sepol_port_key_free;
sepol_port_key_unpack;
sepol_port_modify;
sepol_port_query;
sepol_port_set_con;
sepol_port_set_port;
sepol_port_set_proto;
sepol_port_set_range;
sepol_set_delusers;
sepol_set_disable_dontaudit;
sepol_set_expand_consume_base;
sepol_set_policydb_from_file;
sepol_set_preserve_tunables;
sepol_user_add_role;
sepol_user_clone;
sepol_user_compare;
sepol_user_compare2;
sepol_user_count;
sepol_user_create;
sepol_user_del_role;
sepol_user_exists;
sepol_user_free;
sepol_user_get_mlslevel;
sepol_user_get_mlsrange;
sepol_user_get_name;
sepol_user_get_num_roles;
sepol_user_get_roles;
sepol_user_has_role;
sepol_user_iterate;
sepol_user_key_create;
sepol_user_key_extract;
sepol_user_key_free;
sepol_user_key_unpack;
sepol_user_modify;
sepol_user_query;
sepol_user_set_mlslevel;
sepol_user_set_mlsrange;
sepol_user_set_name;
sepol_user_set_roles;
local: *;
};