Commit Graph

591 Commits

Author SHA1 Message Date
Sandeep Patil
6a2e352de7 libselinux: replace all malloc + memset by calloc in android label backend.
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-01-13 10:46:29 -05:00
Stephen Smalley
d66c54e2e2 libselinux: selinux_restorecon: only log no default label warning if recursive
In commit 36f1ccbb57 ("policycoreutils: setfiles: print error if
no default label found"), a warning message was added to setfiles/restorecon
if the user explicitly does a restorecon /path/to/foo and
/path/to/foo does not have any matching label in file_contexts; in the
case of a restorecon -R or setfiles, the warning isn't supposed to be
logged.  The check on the recursive flag got dropped when this logic was
taken into selinux_restorecon(3) in libselinux.  Restore this check so
that we do not generate noisy log messages on restorecon -R or setfiles.

Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-01-13 09:57:46 -05:00
Nicolas Iooss
3c85f9f1a0 libselinux: include errno.h instead of sys/errno.h
Building with musl libc leads to some build errors:

    setrans_client.c: In function ‘receive_response’:
    setrans_client.c:147:19: error: implicit declaration of function
    ‘readv’ [-Werror=implicit-function-declaration]
      while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ;
                       ^~~~~

and:

    In file included from matchpathcon.c:10:0:
    /usr/include/sys/errno.h:1:2: error: #warning redirecting incorrect
    #include <sys/errno.h> to <errno.h> [-Werror=cpp]
     #warning redirecting incorrect #include <sys/errno.h> to <errno.h>
      ^

Fix the first one by including <sys/uio.h> and the second one by using
<errno.h> instead of <sys/errno.h>.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-01-09 16:00:22 -05:00
Petr Lautrbach
14f07097c3 libselinux: Rewrite restorecon() python method
When the restorecon method was added to the libselinux swig python
bindings, there was no libselinux restorecon implementation and it
he had to call matchpathcon() which is deprecated in favor of
selabel_lookup().

The new restorecon method uses selinux_restorecon method from libselinux
and which is exported by the previous commit.

https://github.com/SELinuxProject/selinux/issues/29

Fixes:
>>> selinux.restorecon('/var/lib', recursive=True)
Traceback (most recent call last):
  File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 114, in restorecon
    status, context = matchpathcon(path, mode)
FileNotFoundError: [Errno 2] No such file or directory

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-01-09 13:23:20 -05:00
Petr Lautrbach
0399ec6438 libselinux: Generate SWIG wrappers for selinux_restorecon()
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-01-09 13:23:20 -05:00
Guido Trentalancia
5db4537f64 libselinux: Fix unitialized variable compiler warnings
Fix unitialized variable compiler warnings when using the
"-O3 -Werror" flags on gcc6 by initializing the variables in
question. The variables were never used before being initialized.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2017-01-06 12:15:12 -05:00
Nicolas Iooss
055d14a99a libselinux/utils: do not create an empty /sbin directory
When building libselinux package, "make install" creates /sbin directory
without putting anything in it. Remove this from the Makefile.

While at it, rename USRBINDIR variable USRSBINDIR (with an S) as it
refers to /usr/sbin.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-12-21 16:20:47 -05:00
Mike Frysinger
7179fd8738 man: standardize spacing with pointers in prototypes
The majority of prototypes don't put a space between the "*" and the
parameter name.  i.e. this style is incorrect:
	char * foo;
Instead, we want:
	char *foo;

Fix a bunch of references that use this uncommon style.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2016-12-12 14:44:26 -05:00
Mike Frysinger
fc3d8ceafc selinux(8): fix display of man page references
The section number shouldn't be bolded.  Fix a few references in
selinux(8) to match all the other man pages.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2016-12-12 14:44:22 -05:00
Stephen Smalley
7e09f584e1 libsepol,libselinux,audit2allow: teach audit2why about type bounds failures
Teach audit2why to recognize type bounds failures.  This required
updating libsepol sepol_compute_av_reason() to identify bounds
failures, and updating libsepol context_struct_compute_av() to
include the type bounds logic from the kernel.

This could potentially be further augmented to provide more detailed
reporting via the reason buffer to include information similar to
what security_dump_masked_av() reports in the kernel.  However, it
is unclear if this is needed.  It is already possible to get type
bounds checking at policy build time by enabling expand-check=1
in /etc/selinux/semanage.conf (or by default when compiling
monolithic policy).

Before:
type=AVC msg=audit(1480451925.038:3225): avc:  denied  { getattr } for  pid=7118 comm="chmod" path="/home/sds/selinux-testsuite/tests/bounds/bounds_file_blue" dev="dm-2" ino=23337697 scontext=unconfined_u:unconfined_r:test_bounds_child_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_bounds_file_blue_t:s0 tclass=file permissive=0

	Was caused by:
		Unknown - would be allowed by active policy
		Possible mismatch between this policy and the one under which the audit message was generated.

		Possible mismatch between current in-memory boolean settings vs. permanent ones.

After:
type=AVC msg=audit(1480451925.038:3225): avc:  denied  { getattr } for  pid=7118 comm="chmod" path="/home/sds/selinux-testsuite/tests/bounds/bounds_file_blue" dev="dm-2" ino=23337697 scontext=unconfined_u:unconfined_r:test_bounds_child_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_bounds_file_blue_t:s0 tclass=file permissive=0
        Was caused by:
                Typebounds violation.

                Add an allow rule for the parent type.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-29 15:53:59 -05:00
Stephen Smalley
dd8d5671e2 libselinux: avcstat: Clean up redundant condition
dcb314 reported this via https://github.com/SELinuxProject/selinux/issues/20

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-29 11:11:26 -05:00
Nick Kralevich
044f6ef104 procattr.c: Use __ANDROID__ instead of ANDROID
When code is compiled within the Android tree, the resulting binaries
are intended to run either on the "host" (the machine doing the
building) or the "target" (the machine running the Android operating
system).

"ANDROID" is defined if the code is being compiled for the host or the
target, whereas "__ANDROID__" is only defined for code being compiled for
the target. (yes, I agree, this is not obvious).

gettid() is only declared in the target environment, not the host
environment, so adjust the #ifdef to properly emit the gettid()
definition for binaries targeting the host.

Signed-off-by: Nick Kralevich <nnk@google.com>
2016-11-28 09:32:21 -05:00
Nick Kralevich
bb96e1305d enabled.c: Remove stdio_ext.h header
This appears to be unused.

Signed-off-by: Nick Kralevich <nnk@google.com>
2016-11-28 09:29:41 -05:00
Nick Kralevich
8f9057c2ea label_file.h: actually use the results of compat_validate
process_line called compat_validate, but never actually looked at the
return value. When an invalid entry is found, a warning is printed, but
since the upper layers of the code don't see the error, validation
appears to succeed.

Steps to reproduce on Android:

1) Edit system/sepolicy/private/file_contexts and create an entry with
an invalid label.
2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to
check if file_contexts is valid.

Expected: Compile failure.
Actual: Compile succeeds with warnings.

Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-21 09:24:31 -05:00
Stephen Smalley
a609434b95 libselinux: normalize enforce values from the kernel
Normalize enforce values received from the kernel via
/sys/fs/selinux/enforce or netlink selinux notifications
to ensure that we always return a 0 or 1 to userspace code.
selinux_status_getenforce(), which reads the enforce value
via the SELinux kernel status page (/sys/fs/selinux/status)
already normalizes its result, so we do not need to update it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-18 09:48:25 -05:00
Nicolas Iooss
9140de74cf libselinux, libsemanage: use Python-specific .so extension
The Makefiles currently install the Python wrapper libraries using .so
suffix (_selinux.so, audit2why.so and _semanage.so). Even though this
works well with CPython 2 and 3, PyPy fails to find these files because
it is looking for files with a specific version token in the suffix (eg.
_selinux.pypy-41.so).

This suffix is advertised by the imp module. Here is the result of
'import imp;print([s for s, m, t in imp.get_suffixes() if t ==
imp.C_EXTENSION])' for several Python versions:

    Python 2.7.12: ['.so', 'module.so']
    Python 3.5.2: ['.cpython-35m-x86_64-linux-gnu.so', '.abi3.so', '.so']
    PyPy 5.4.1 (Python 2.7.10): ['.pypy-41.so']
    PyPy3 5.5.0-alpha0 (Python 3.3.5): ['.pypy3-55.so', '.pypy3-55.so']

Define the name of the installed Python-C extension using the first
extension of these lists, in order to make the Python extensions
compatible with pypy.

When building the Python wrappers for PyPy and PyPy3 on Linux, the
following environment variables need to be set (PyPy does not provide a
pkg-config file nor a platform-agnostic way to build the string
"-lpypy-c"):

    PYTHON=pypy (or PYTHON=pypy3)
    PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include
    PYLIBS=-lpypy-c (or PYLIBS= if LDFLAGS does not have
        -Wl,-no-undefined)

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-18 08:52:38 -05:00
Nicolas Iooss
489dd595d7 libselinux: audit2why: remove unused module_state structure
This structure has been empty since its introduction and makes clang
complain when $(filter-out -Werror, $(CFLAGS)) is removed in the
Makefile target for audit2why.lo:

    audit2why.c:443:1: error: empty struct has size 0 in C, size 1 in
    C++ [-Werror,-Wc++-compat]
      struct module_state {
      ^
      1 error generated.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-18 08:52:32 -05:00
Stephen Smalley
7935dee8f6 Drop ChangeLog files
They can be generated as desired via git log.
No need to keep maintaining them by hand.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 12:10:58 -05:00
Stephen Smalley
2ceadad8a3 Updated libselinux and libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:14:24 -05:00
Nicolas Iooss
79db6da87f libselinux, libsemanage: swig: use SWIG_fail when an error occurs
Using SWIG_fail in the Python SWIG wrappers makes the wrapping function
destroy/free the memory which could have been dynamically allocated
before calling the wrapped function. This thus prevents possible memory
leaks in the wrappers of set*con(), set*con_raw(), security_compute_*(),
etc.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:11:25 -05:00
Nicolas Iooss
db17f12273 libselinux,libsemanage: fall back to gcc in exception.sh
clang does not support -aux-info option. When exception.sh is run with
CC=clang, use gcc to build selinuxswig_python_exception.i and
semanageswig_python_exception.i.

This does not solve the issue of building libselinux and libsemanage
Python wrappers on a system without gcc. However parsing the result of
"gcc -aux-info" is easier than parsing the header files so stay with
this command at least for now.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:10:57 -05:00
Stephen Smalley
2c1ae0f029 Updated libselinux and libsemanage ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:07:20 -05:00
Nicolas Iooss
bb98da0948 libselinux,libsemanage: link Python wrapper with Python
When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Python wrapper module needs to be
linked with the right libpython.so. This library is found using
pkg-config in a new PYLIBS variable.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
f5b9bc2a06 libselinux,libsemanage: link Ruby wrapper with -lruby
When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Ruby wrapper module needs to be linked
with the libruby.so which is used by $(RUBY). Introduce a new RUBYLIBS
variable to find this library.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
22e3ad6633 libselinux,libsemanage: use Ruby to define RUBYINC
This makes building libselinux and libsemanage  more robust on systems
with several versions of Ruby installed: when building, only RUBY needs
to be set, without wondering about PKG_CONFIG_PATH or other environment
variables.

Using RbConfig::CONFIG["rubyarchhdrdir"] only works with Ruby >= 2.0 but
since previous Ruby versions are retired since 2015-02-23 this should
not have any impact
(https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/).

While at it, in libsemanage, use RbConfig::CONFIG["vendorarchdir"] to
install the Ruby extension, like commit 1cd80faa53 ("libselinux:
versioned ruby pkg-config and query vendorarchdir properly") did for
libselinux.

My main motivation with this patch is to make the build configuration
easier to define on Travis-CI or other continuous integration platforms.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Stephen Smalley
bfe9360ca5 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:11:28 -05:00
Stephen Smalley
bbc930c756 libselinux: fix subdir build and usage of cmdline CFLAGS
commit 16c123f4b1 ("libselinux:
support ANDROID_HOST=1 on Mac") broke the ability to run make
in the src subdirectory of libselinux (because OS and COMPILER
were not defined) and also caused some warning flags that could
be overridden via command-line CFLAGS to be mandatory.  Fix it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:10:51 -05:00
Stephen Smalley
b42a293978 Updated libselinux and libsemanage ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-07 16:02:42 -05:00
Nicolas Iooss
70b986539e libselinux, libsemanage: remove *swig_python_exception.i if its creation failed
When compiling libselinux with CC=clang, "make pywrap" reports the
following message:

    bash exception.sh > selinuxswig_python_exception.i
    clang-3.9: error: no such file or directory: 'temp.aux'
    awk: fatal: cannot open file `temp.aux' for reading (No such file or
    directory)

This does not make the build fail as exception.sh returns an "OK"
status. Use "bash -e" with this script to make it return an error value.

In order not to keep an empty selinuxswig_python_exception.i file after
a build fails (which would make a second run of "make pywrap" incorrectly
succeed), remove the file when exception.sh fails.

As libsemanage uses the same code to build
semanageswig_python_exception.i, modify its Makefile too.

By the way, on Linux clang does not seem to currently support -aux-info
so it cannot be used to craft selinuxswig_python_exception.i.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-07 15:58:05 -05:00
Nicolas Iooss
581dde735a libselinux: remove rpm_execcon from SWIG wrappers
The Python wrapper of rpm_execcon() has several flaws:
* An invalid call like selinux.rpm_execcon() triggers a segmentation
  fault.
* The size of the buffer which is allocated to copy argv and envp is
  too small to hold all the values.
* This allocated memory is leaked if one argument of rpm_execon() is not
  a sequence of bytes.

The Ruby wrapper has no such flaws but can not be used as it is because
it misses some glue code to convert argv and envp arguments to char
*const [] values (even though the destructor is present!).

As it is not possible to remove rpm_execcon() without changing
libselinux soname (it would be an ABI break) like b67fefd991
("libselinux: set DISABLE_RPM default to y.") tried to do, disable this
interface locally in the SWIG wrappers.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-07 15:55:08 -05:00
Stephen Smalley
1ce3e23b89 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-04 15:41:20 -04:00
Laurent Bigonville
b8711e2eaf Revert "libselinux: support new python3 functions"
With the reverted commit applied, some functions were returning arrays
of bytes instead of python strings under python3 this was causing issues
with string manipulation functions like split().

Swig (checked with 3.0.7) is adding compatibility macros that take care
of the differences between python2 and python3.

This reverts commit 63df0f7ef1.

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-11-04 15:41:20 -04:00
Stephen Smalley
6ff9318af9 Updated ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-02 09:01:38 -04:00
Stephen Smalley
9dcbc12e1f Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-01 17:31:11 -04:00
William Roberts
e4f2bcce24 libselinux/utils: fix all the noreturn errors
When building with clang, multiple noreturn issues arise,
for instance:

selabel_partial_match.c:11:1: error: function 'usage' could be declared with attribute 'noreturn' [-Werror,-Wmissing-noreturn]

Fix these.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-01 17:29:49 -04:00
Stephen Smalley
4c519cd730 libselinux: avc_internal.c: allow building with clang
Resolves the following errors from clang:
avc_internal.c:105:25: error: cast from 'char *' to 'struct nlmsghdr *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
        struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
                               ^~~~~~~~~~~~~~~~~~~~~~
avc_internal.c:161:25: error: cast from 'char *' to 'struct nlmsghdr *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
        struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
                               ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-01 16:59:47 -04:00
Stephen Smalley
6e6134cb7e Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-01 16:31:27 -04:00
William Roberts
8fee76a538 libselinux: fix compiler flags for linux + clang
As reported by Nicolas Iooss, the clang + linux build seems
broken:

 clang-3.9: warning: argument unused during compilation: '-undefined
dynamic_lookup'
  /usr/bin/ld: unrecognised option: -install_name
  clang-3.9: error: linker command failed with exit code 1 (use -v to
see invocation)

We already have those options set for Darwin, just drop them from the
clang side.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-01 16:30:51 -04:00
Stephen Smalley
5917a96f39 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-10-27 10:42:04 -04:00
vmojzis
0776dca575 libselinux: fix pointer handling in realpath_not_final
Loop designed for stripping leading "//" was changing
the only pointer referencing block of memory allocated
by "strdup", resulting in "free()" failure. The loop
had no effect because "realpath" is used later on.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1376598

Signed-off-by: vmojzis <vmojzis@redhat.com>
2016-10-27 10:40:36 -04:00
Stephen Smalley
7a4cd7f8ff Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-10-27 10:40:19 -04:00
Laurent Bigonville
14d7064348 libselinux: Allow overriding libsepol.a location during build
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-10-27 10:38:04 -04:00
Stephen Smalley
f6f58732aa Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-10-27 10:37:12 -04:00
Laurent Bigonville
640edd601b libselinux: Add clean-pywrap and clean-rubywrap targets
Add clean targets to just clean the python and ruby wrapper objects

Also clean $(SWIGRUBYSO) and $(AUDIT2WHYLOBJ) objects

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-10-27 10:35:37 -04:00
Stephen Smalley
5edd70ff9b Updated libselinux and libsepol ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-10-18 14:03:21 -04:00
William Roberts
3c3381bf8b libselinux: add booleans.c to ANDROID_HOST=y recipe
We build booleans.c with DISABLE_BOOL set on Android host
and target. Add that file to the upstream Makefile.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-10-18 13:54:12 -04:00
William Roberts
a796218749 libselinux: DISABLE_BOOL move to include headers
Some systems, like Mac, don't have stdio_ext.h. Since we're
building with DISABLE_BOOL=y on Mac, just include the
header files with the DISABLE define, and use the bare
minimum headers for DISABLE_BOOL=y.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-10-18 13:53:54 -04:00
William Roberts
16c123f4b1 libselinux: support ANDROID_HOST=1 on Mac
To build on mac, first build libsepol with
no DESTDIR set.

Secondly, build libselinux with ANDROID_HOST=y

This configuration can be used to test the Android
host build on Mac.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-10-18 13:52:23 -04:00
William Roberts
d7b11d7e1c libselinux/utils: add noreturn to sefcontext_compile
When building on mac, one encounters this error:
sefcontext_compile.c:270:1: error: function 'usage' could be declared with attribute 'noreturn' [-Werror,-Wmissing-noreturn]

To correct this, add the attribute noreturn to the function.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-10-18 13:51:23 -04:00
William Roberts
502b48f4db libselinux: fix required alignment for sha1.c on mac
When building on mac with ANDROID_HOST=y, clang complains:
sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
    CHAR64LONG16*       block = (CHAR64LONG16*) workspace;

Rather then casting the bytearray to the CHAR64LONG16 union,
just create a stack workspace of type CHAR64LONG16.

This will prevent alignment issues with the data accesses.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-10-18 13:51:11 -04:00