- Free args as they are parsed and strdup args when neccessary. Memory used for
lex initialization is now freed using yylex_destroy().
- Add noyywrap option to flex. This is the correct way to make the scanner
not call yywrap upon an end of file. Before, we were overriding the
function and returning 1.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
This adds a 'remove-hll' option to semanage.conf. If set to 'true', all
HLL files will be removed from the SELinux store after successfully
buildling the SELinux modules. The default for this option is 'false'.
In order to delete already compiled HLL files, the modules need to be
recompiled with the ignore-module-cache option.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
Fixes segfault on systems with less than 256K stack size.
After change, I was able to run semodule -l with a 32K stack size.
Additionally, fix potential memory leak on realloc failure.
Signed-off-by: Thomas Hurd <thurd@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
Reformat secilc(8) man page for readability and correct url
Remove unused/obsolete info and correct portcon statement in the
Reference Guide.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The man page description for setcon() was never updated for the
introduction of bounded transitions in Linux 2.6.28. Update it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
If the level contains a category that is not associated with a sensitivity,
the code correctly detects the condition, but does not return an error.
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
28ad56e Store file paths in the string pool
da42c28 Use the new fqn datum field for generated strings
5df35f5 Fix a typo in .gitignore that was not ignoring files in docs/
479051c Modify how blocks are copied into blockinherits
793d12d Fix memory leak in classpermissionset
e5bb941 Added several new test policies
d6f2710 Refactored the name resolution code
ba61ee8 Changed how datums are handled when destroying a tree.
36e6818 Reimplemented the code to fully qualify names.
43fa823 Fixed two bugs in cil_copy_ast.c
9ff6072 Small fix to cil_list_remove()
4eecdbe Changed how root node of the AST is initialized.
172b918 Cleanup unused symtab_datum from disabled optionals
06df2d2 Add policy binary and file_contexts to .gitignore
git-subtree-dir: libsepol/cil
git-subtree-split: 28ad56e90c9b923ddf4a186e772645b4c086b6cc
If SELinux is disabled, then selinux_current_policy_path() returns NULL.
At present, if you run audit2allow on a SELinux-disabled host without
the -p option, you get:
unable to open (null): Bad address
We haven't seen this because most people running audit2allow are doing
it on SELinux-enabled hosts and using the host policy. But for Android,
the build host OS often has SELinux disabled and we need to pass audit2allow
the path to the Android policy. Handle this case and provide a hint to
the user.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
s6_addr32 is not portable; use s6_addr instead.
Change-Id: I21c237588d3e7200cefa3af96065f657dae4b1e7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Enable building CIL as part of the host libsepol.
This will allow using it for host-side policy tools.
Omit it from the device libsepol used for the CTS for now,
unless/until such a time as we find it necessary there.
Also build secilc, the CIL compiler.
Change-Id: I2f04a720d9143a9c84fbab211511f76d82581b0b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Per the man page, pcre_study can return NULL without error if
it could not find any additional information. Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.
Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Allow the android property backend parser to accept the
SELABEL_OPT_VALIDATE option and to perform a validate
callback.
Extracted from the Android external/libselinux tree.
Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Move the SELinux enabled check to the once handler so that we do
not perform this on each call to selinux_check_access(). Reduces
overhead in both the SELinux-enabled and the SELinux-disabled cases.
Extracted from the Android external/libselinux tree.
Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Our build system compiles flex/bison as C++ rather than C, but a few
projects add `-x c` to their flags, forcing the compiler to compile
them as C. This causes the compiler to reject the global C++ standard
flag, so we need to explicitly provide a C standard flag to override
it.
Bug: 18466763
Change-Id: I49a6aeecf4abc563bd77127778b6d214e3851037
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Using the Fedora 20 targeted policy, running check_assertions requires
an avtab with around 22 million elements. With the default limit of 4096
buckets, performance is abysmal: it takes more than an hour to populate
the hash. Profiling shows most of that time under avtab_search_node.
This patch increases the hash from 13 to 20 bits and to a maximum of
1048576 buckets. The time for check_assertions on that policy is reduced
to about 3 minutes, which is enough to re-enable those checks as part of
the build process.
A full size table will allocate 4-8 MB of memory, up from 16-32 KB. In a
cursory review, these tables are usually short-lived and only 1-3 are
allocated together. Compared to the cost of entries in this table (up to
1 GB using the same policy), this isn't a significant increase.
Signed-off-by: John Brooks <john.brooks@jolla.com>
This function, based on murmurhash3, has much better distribution than
the original. Using the current default of 4096 buckets, there are many
fewer collisions:
Before:
2893000 entries and 4096/4096 buckets used, longest chain length 1649
After:
2732000 entries and 4096/4096 buckets used, longest chain length 764
The difference becomes much more significant when buckets are increased.
A naive attempt to expand the current function to larger outputs doesn't
yield any significant improvement; so this function is a prerequisite
for increasing the bucket size.
Signed-off-by: John Brooks <john.brooks@jolla.com>
libsepol contains performance sensitive code; in particular, compiler
optimizations save a few minutes off of the optimized policydb hash
tables.
Signed-off-by: John Brooks <john.brooks@jolla.com>
Since strtol(3) doesn't clear errno on success, anything that sets
errno prior to this call will make it look like the call failed. This
happens when built with ASAN.
Signed-off-by: Dan Albert <danalbert@google.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
08520e9 Do not associate the object_r role with users
5c771ff Move symtab from cil_db to root ast node
c27cace Refactored cil_get_symtab()
a25af5a Fixed bug in copying an AST.
ca5e3f8 Fixed the source of two potential memory leaks when copying an AST.
2aef1b8 Fix bug when blockabstract statements failed to resolve
git-subtree-dir: libsepol/cil
git-subtree-split: 08520e91db86bdbb8ce393afa35c1465bdc7f63b
