Commit Graph

483 Commits

Author SHA1 Message Date
Yuli Khodorkovskiy
0a71540723 policycoreutils/hll/pp: change printing behavior of typeattribute/sets
Avrules that have the negation, star, or complement flag set for types
need typeattributes and typeattributesets that are generated. This caused
issues when these generated statements were inserted into conditionals, since
typeattributes/sets are not allowed in conditionals.

This change always prints typeattributes and typeattributesets
immediately unless the types appear inside of an avrule in conditionals or blocks.
For this special case, we print the typeattributes after the end
of each conditional/block.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:57:08 -04:00
Yuli Khodorkovskiy
836ffd988e policycoreutils/hll/pp: fix '\n' parsing in filecon statements
Some module fc files do not contain a trailing new line. This
caused contexts to have their last character to be deleted. When
parsing each line from a fc file, we only strip off the last character
if it is a new line.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:57:03 -04:00
Yuli Khodorkovskiy
f42d013eec policycoreutils/hll/pp: Fix role/roletype scoping
- Create role declarations no matter if the declaration is in base or
  a module. Since CIL does not permit role re-declarations, this change
  will break existing policies that have the same role declared in multiple
  modules. To fix this, the policies will need to change the role to be
  defined in a single place.
- Pass around the avrule_decl stack rather than just the most recent
  decl. The full stack is needed to determine if identifiers are in
  scope
- Only create roletype statements for a role and a type in two cases:
   1) The role is declared/required and the type is declared/required in
      the same scope or an ancestor scope of the role
   2) The type is declared/required and the role is declared/required in
      an ancestor scope of the type

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:58 -04:00
Nicolas Iooss
e4d693ae87 Use $(PYTHON) instead of "python" in every Makefile
This fixes the build with "make PYTHON=python2" on systems where python
is python3.

For PYLIBVER and PYTHONLIBDIR definitions, I tested Python 2.5, 2.6, 2.7,
3.3 and 3.4.  For each of them, these commands print the expected result:

    python -c 'import sys;print("python%d.%d" % sys.version_info[0:2])'"
    python -c "from distutils.sysconfig import *;print(get_python_lib(1))"

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:49 -04:00
Nicolas Iooss
c4a4a1a7ed Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter".  Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:38 -04:00
Nicolas Iooss
188a028f74 policycoreutils: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:34 -04:00
Nicolas Iooss
aad0962be2 policycoreutils/hll/pp: fix gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:31 -04:00
Nicolas Iooss
3642a57cd0 policycoreutils/hll/pp: add printf format attribute to relevant functions
log_err, cil_printf and cil_println use printf formats to process their
arguments.  Use __attribute__((format(printf,...))) to make "gcc
-Wformat -Wformat-security" detect issues.

This detected this issue several times on a x86_64 system:

  format '%lx' expects argument of type 'long unsigned int', but
  argument has type 'uint32_t'

Fix this by introducing an explicit cast to unsigned long.

While at it, constify the format string argument of each function.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:00 -04:00
Nicolas Iooss
e198427fe5 policycoreutils/semodule_package: fix debug build
Building from the root directory with "make DEBUG=1" enables -Wshadow
option.  This makes the compilation fail with the following error:

  semodule_unpackage.c: In function 'usage':
  semodule_unpackage.c:17:25: error: declaration of 'progname' shadows a global declaration [-Werror=shadow]
   static void usage(char *progname)
                         ^
  semodule_unpackage.c:14:7: error: shadowed declaration is here [-Werror=shadow]
   char *progname = NULL;
         ^

Fix this error by no longer passing a global variable as a parameter to
usage function.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:55:57 -04:00
Nicolas Iooss
f978b1b071 policycoreutils/sandbox: fix debug build
Building from the root directory with "make DEBUG=1" enables -Wshadow
option.  This makes the compilation fails with the following error:

  cc -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror -g
  -I/usr/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
  -W   -c -o seunshare.o seunshare.c

  seunshare.c: In function 'spawn_command':
  seunshare.c:141:6: error: declaration of 'child' shadows a global declaration [-Werror=shadow]
    int child;
        ^
  seunshare.c:58:12: error: shadowed declaration is here [-Werror=shadow]
   static int child = 0;
              ^

Fix this error by renaming the "child" variable in spawn_command.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:55:53 -04:00
Nicolas Iooss
855bfdf0ce policycoreutils/hll/pp: fix potential use of uninitialized variable
"gcc -O2 -Wall -Werror" failed with two errors when building pp due to
the use of unitialized variables.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:55:49 -04:00
Steve Lawrence
86dffdd28f policycoreutils: mcstrans: use string_to_av_perm() to calculate permission access vector
mcstrans still uses CONTEXT__CONTAINS from av_permissions.h to calculate
a permission access vector. However, av_permissions.h was deprecated, so
it does not have access to the constant. This updates mcstrans to use
string_to_av_perm() to get the value for context contains.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-08-29 09:19:50 -04:00
Steve Lawrence
213c3189d0 Bump versions for r2
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-27 11:47:04 -04:00
Steve Lawrence
8f9d3a7c95 Fix typos in ChangeLog and Versions 2014-08-26 14:20:48 -04:00
Steve Lawrence
79fd2d06ab Bump versions and update ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 09:48:54 -04:00
Yuli Khodorkovskiy
28efbfd4ed policycoreutils: add semodule option to set store root path
Add a new -S option to semodule. This option overrides store_root
in semanage.conf and sets the SELinux store's root path. If neither -S,
nor store_root are specified in semanage.conf, then the default
location is used.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
Yuli Khodorkovskiy
241f9d2d03 policycoreutils: add semodule flag for ignoring cached CIL
Providing --ignore-module-cache will cause the recompilating of all HLL
modules, and recaching of the resulting CIL files.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
Steve Lawrence
893851c0a1 policycoreutils: add a HLL compiler to convert policy packages (.pp) to CIL
Reads in a policy package file via stdin or via filename, and writes out
the equivilent CIL to stdout or to an output file, depending on the
parameters passed in.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 08:03:31 -04:00
Jason Dana
2ff279e21e policycoreutils: semanage: update to new source policy infrastructure
- Remove version references
- Use new methods for enabling/disabling modules
- Add support to set priority when adding/removing modules
- Modify module --list output to include priority and language extension
- Update permissiveRecords call to support cil policy

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: Jason Dana <jdana@tresys.com>
2014-08-26 08:03:31 -04:00
Yuli Khodorkovskiy
e599a43184 policycoreutils: deprecate base/upgrade/version in semodule
Providing --upgrade or --base will now just call --install, and display
a deprecation message to the user. Additionally, because CIL has no
concept of version numbers, this removes the version output from --list.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:02:16 -04:00
Steve Lawrence
6e085368f1 policycoreutils: semodule: add back support for alternative root paths
Removed in commits:
- Revert "policycoreutils: semodule: support for alternative root paths"

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 08:02:16 -04:00
Caleb Case
031ee84821 semodule: add priority, enabled, and extended listing
This updates the semodule tool with the ability to set the priority for
commands, to enable/disable modules, and extended module listing options
for displaying extra module information (e.g., priority, enabled status,
and language extension).

[semodule priority]

-X --priority set the priority for following operations

Notes:

* This sets the priority for the following operations.

* It can be used any number of times with its effect continuing until
  the next priority is specified.

* The default priority is used if no priority has yet been specified.

Impact on current operations:

* Install module

  * Without priority - Install at default priority.

  * With priority - Install at specified priority.

  * New warning when overriding (issued by libsemanage).

* Upgrade module

  * Without priority - Upgrade at default priority (current upgrade
    semantics apply).

  * With priority - Upgrade at specified priority (current upgrade
    semantics apply).

  * New warning when overriding (issued by libsemanage).

* Remove module

  * Without priority - Remove a module at the default if exists.

  * With priority - Remove at that priority.

  * New info messages (issued by libsemanage):

    * If no modules exist at the given priority but do exist at other
      priorities, give an info message listing the modules and priority.

    * If a new module at a lower priority will become active print a
      message.

    * If the last module with this name is being removed print a
      message.

* Base

  * The name of base module on install is fixed to "_base" (performed by
    libsemanage).

  * Without priority - Install at default priority.

  * With priority - Install at specified priority.

  * New warning when overriding (issued by libsemanage).

* List modules

  * See listing changes below.

Examples:

semodule -i foo.pp

semodule -X 500 -i foo.pp

[semodule enable/disable]

Add enable/disable status:

-e   --enable   enable the module (at all priorities)
-d   --disable  disable the module (at all priorities)

Notes:

* Base modules are always enabled and cannot have their enabled/disabled
  status changed.

* New error when disabling a base module (from libsemanage).

* New warning when enabling a base module (from libsemanage).

Impact on current operations:

* Install module

  * If a module with that name is already installed, then the enabled
    status will remain the same after installing the new module.

  * New warning when installing a module which will be disabled by
    existing enabled status (from libsemanage).

* Upgrade module

  * If a module with that name is already installed, then the enabled
    status will remain the same after installing the new module.

  * New warning when installing a module which will be disabled by
    existing enabled status (from libsemanage).

* Remove module

  * When the last module with a given name is removed (no more exist at
    other priorities) then the enabled status is forgotten.

* Base

  * Base modules are always installed enabled and remain so (can't be
    disabled).

* List modules

  * See listing changes below.

Examples:

semodule -e foo

semodule -d foo

[semodule list]

-l		--list		list modules as if by -lstandard

-lstandard	--list=standard	list name and version of highest priority,
				enabled, non-base modules sorted alphabetical
				by name

-lfull		--list=full	list all fields of all modules columnated
				sorted high priority to low, within priority
				alphabetical by name

Impact on current operations:

* List modules

  * Default listing stays the same.

  * New long options for 'standard' and 'full'.

Examples:

semodule -l
semodule -lstandard
semodule --list=standard

alsa 1.7.1
apm 1.9.1
apt 1.5.2
authlogin 2.0.0
avahi 1.10.3
bluetooth 3.1.3
...

semodule -lfull
semodule --list=full

600 alsa      1.7.1 disabled pp
400 _base     1.0.0          pp
400 alsa      1.7.1 disabled pp
400 apm       1.9.1          pp
400 apt       1.5.2          pp
400 authlogin 2.0.0          pp
...
100 alsa      1.7.1 disabled pp

Signed-off-by: Chad Sellers <csellers@tresys.com>
2014-08-26 08:02:16 -04:00
Caleb Case
565ea9832e semanage: move permissive module creation to /tmp
semanage currently uses /var/lib/selinux/tmp to create permissive
modules. However, with the move to /var, the same tmp directory is used
for building policy binaries, causing a conflict. This patch creates a
random temporary directory in /tmp and moves permissive module creation
to that directory, avoiding the directory conflict.

This patch also imports shutil for rmtree to easily delete all created
temporary files.

Signed-off-by: Chad Sellers <csellers@tresys.com>
2014-08-26 08:02:16 -04:00
Steve Lawrence
5ac1e98ab2 Revert "policycoreutils: semodule: support for alternative root paths"
This reverts commit 5e096d9ceb.

Conflicts:

	policycoreutils/semodule/semodule.c
2014-08-26 08:02:16 -04:00
Steve Lawrence
30a2df81eb Revert "Last attempt at upstreaming semodule_disable patch."
This reverts commit 654dcb897e.

Conflicts:

	policycoreutils/semodule/semodule.c
2014-08-26 08:02:16 -04:00
Stephen Smalley
76913d8adb Deprecate use of flask.h and av_permissions.h.
Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:49:18 -04:00
Andy Lutomirski
74d27a9733 seunshare: Try to use setcurrent before setexec
If seunshare uses PR_SET_NO_NEW_PRIVS, which certain versions of
libcap-ng set, setexeccon will cause execve to fail.  This also
makes setting selinux context the very last action taken by
seunshare prior to exec, as it may otherwise cause things to fail.

Note that this won't work without adjusting the system policy to
allow this use of setcurrent.  This rule appears to work:

    allow unconfined_t sandbox_t:process dyntransition;

although a better rule would probably relax the unconfined_t
restriction.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
2014-05-12 14:14:45 -04:00
Dan Walsh
de0795a12e Remove handling of cgroups from sandbox
It never worked correctly and this should be handled with an
API to systemd going forward.
2014-05-12 14:14:42 -04:00
Dan Walsh
6ee0299ab7 Update XDG_RUNTIME_DIR directory 2014-05-12 14:14:39 -04:00
Stephen Smalley
1e6482134b Bump version and update ChangeLog for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-06 13:30:27 -04:00
Stephen Smalley
35b3c259a7 2.3-rc1 (release candidate 1).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-25 13:24:44 -04:00
Stephen Smalley
5ba8c79721 Merge branch 'master' into next
Conflicts:
	policycoreutils/ChangeLog
2013-12-09 16:10:24 -05:00
Stephen Smalley
582c2d0199 policycoreutils 2.2.5 - yet another bug fix for non-MLS systems.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-09 16:06:27 -05:00
Sven Vermeulen
7d921ed797 Ignore selevel/serange if MLS is disabled
Currently, the selevel/serange values (which are often set on a default
's0' value) are used for ports, users, contexts and logins. This breaks
non-MLS setups.

This patch will only call the necessary mls functions if mls is actually
enabled.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-12-09 16:04:44 -05:00
Stephen Smalley
f89377f243 Merge branch 'master' into next
Conflicts:
	policycoreutils/ChangeLog
2013-11-26 14:07:49 -05:00
Stephen Smalley
1bca9b5964 policycoreutils 2.2.4 - bug fix for non-MLS systems.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-26 14:04:09 -05:00
Stephen Smalley
5d2b8d49ec Revert "If users of seobject set serange or seuser to "", we need to override."
This reverts commit 5102ed4cb8.
This breaks non-MLS systems.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-11-26 14:01:18 -05:00
Stephen Smalley
8d2dc72445 Updated policycoreutils ChangeLog for next.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-13 11:09:41 -05:00
Dan Walsh
f03dc51262 Add -P semodule option to man page 2013-11-13 11:07:23 -05:00
Dan Walsh
5fe159bfdd selinux_current_policy_path will return none on a disabled SELinux system 2013-11-13 11:07:21 -05:00
Dan Walsh
7315245750 Add new icons for sepolicy gui 2013-11-13 11:07:17 -05:00
Stephen Smalley
11fa7dfc01 Merge branch 'master' into next
Conflicts:
	policycoreutils/ChangeLog
2013-11-13 11:06:54 -05:00
Stephen Smalley
feb6f9ffdd Bump policycoreutils version to 2.2.3.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-13 11:06:05 -05:00
Dan Walsh
e8718ef514 Make sure we do the polkit check on all dbus interfaces.
Change policy kit to only allow access on the console.
2013-11-13 11:00:29 -05:00
Dan Walsh
ef102bf81a Call proper dbus function
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-13 11:00:18 -05:00
Stephen Smalley
7eb719b383 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-08 15:56:18 -05:00
Dan Walsh
e6c6dc3464 Add message to tell user to install sandbox policy package.
Sandbox policy is huge do to macro expansion.  We do not install this by default
but sandbox command can fail without it installed.  This patch prints a message to the
user to install the package.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:52:50 -05:00
Dan Walsh
84bffc43a7 Cleanup whitespace
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:52:11 -05:00
Dan Walsh
d5116bd45b Add support to return sesitivities and cats for python bindings.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:51:52 -05:00
Dan Walsh
d3b4dbf299 Fix up desktop files to match current standards
Encoding is depracated
Keywords is depracated

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:50:59 -05:00