Commit Graph

2634 Commits

Author SHA1 Message Date
Stephen Smalley
7bece3768b libselinux: export flush_class_cache(), call it on policyload
Rename flush_class_cache() to selinux_flush_class_cache(), export it
for direct use by userspace policy enforcers, and call it on all policy
load notifications rather than only when using selinux_check_access().
This ensures that policy reloads that change a userspace class or
permission value will be reflected by subsequent string_to_security_class()
or string_to_av_perm() calls.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-24 08:28:37 -05:00
Stephen Smalley
784b029c3f libselinux: update man pages for userspace policy enforcers
Despite deprecating use of flask.h and av_permissions.h back in 2014,
the man pages for avc_has_perm(3) and security_compute_av(3) were not
updated to provide instructions on how to dynamically map class/permission
names nor to encourage use of selinux_check_access(3) instead of these
interfaces.  Also, while selinux_set_mapping(3) supports dynamic
class/perm mapping at initialization, it does not support changes to
the class/perm values at runtime upon a policy reload, and no
instructions were provided on how to set up a callback to support
this case.  Update the man pages accordingly.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: William Roberts <bill.c.roberts@gmail.com>
2020-01-21 14:32:42 -05:00
Stephen Smalley
89674c2ff7 libselinux: remove flask.h and av_permissions.h
The flask.h and av_permissions.h header files were deprecated and
all selinux userspace references to them were removed in
commit 76913d8adb ("Deprecate use of flask.h and av_permissions.h.")
back in 2014 and included in the 20150202 / 2.4 release.
All userspace object managers should have been updated
to use the dynamic class/perm mapping support since that time.
Remove these headers finally to ensure that no users remain and
that no future uses are ever introduced.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2020-01-21 14:31:41 -05:00
Joshua Schmidlkofer
5bbe32a7e5 python/semanage: check variable type of port before trying to split
While using Ansible's Selinux module to manage ports, I discovered
that numerical ports caused an unhandled exception in 'seobject.py'.
This appears to be a bug, and I am proposing a fix which checks the
type of the argument before operating on it.  This maintains the
original functionality in the case of a string, and acts in the same
fashion if you supply an integer.

I did not find any open bug report against the SELinux project. The
downstream bug report is here:
https://github.com/ansible/ansible/issues/60968

Signed-off-by: Joshua Schmidlkofer <joshua@joshuainnovates.us>
2019-12-10 15:21:16 -05:00
Petr Lautrbach
dca7ce8195
Update VERSIONs to 3.0 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-28 13:46:48 +01:00
Petr Lautrbach
6e187f8a2a Update VERSIONs to 3.0-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-22 13:54:17 +01:00
Petr Lautrbach
adb8bdd429 dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot
When org.selinux.relabel_on_boot(0) was called twice, it failed with
FileNotFoundError.

Fixes:
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
    method return sender=:1.53 -> dest=:1.54 reply_serial=2
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
    method return sender=:1.53 -> dest=:1.55 reply_serial=2
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
    Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-21 12:07:07 -05:00
Petr Lautrbach
214cb61d53 Travis-CI: Drop Python 2 from matrix
As a result of Python 2 sunset - https://www.python.org/doc/sunset-python-2/ -
Python 2 code will not be supported in this project anymore and new Python code
should be written only for Python 3.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-21 12:06:43 -05:00
Baichuan Kong
ad2208ec22 restorecond: Fix redundant console log output error
When starting restorecond without any option the following redundant
console log is outputed:

/dev/log 100.0%
/var/volatile/run/syslogd.pid 100.0%
...

This is caused by two global variables of same name r_opts. When
executes r_opts = opts in restore_init(), it originally intends
to assign the address of struct r_opts in "restorecond.c" to the
pointer *r_opts in "restore.c".

However, the address is assigned to the struct r_opts and covers
the value of low eight bytes in it. That causes unexpected value
of member varibale 'nochange' and 'verbose' in struct r_opts, thus
affects value of 'restorecon_flags' and executes unexpected operations
when restorecon the files such as the redundant console log output or
file label nochange.

Cause restorecond/restore.c is copied from policycoreutils/setfiles,
which share the same pattern. It also has potential risk to generate
same problems, So fix it in case.

Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
2019-11-15 08:12:16 -05:00
Nicolas Iooss
91cd4600db
libselinux,libsemanage: check in python_exception.i files
Generating selinuxswig_python_exception.i and
semanageswig_python_exception.i requires gcc, which appears to be
unavailable on some platform. Work around this issue by adding the
generated files to the git repository.

While at it, remove a stray space in the generated
selinuxswig_python_exception.i.

Original thread: https://lore.kernel.org/selinux/20191012172357.GB19655@imap.altlinux.org/T/#ma78bd7fe71fb5784387a8c0cebd867d6c02ee6e4

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: Michael Shigorin <mike@altlinux.org>
2019-11-13 08:34:46 +01:00
Nicolas Iooss
dd9c70e0d7
libselinux,libsemanage: fix python_exception.i dependencies
selinuxswig_python_exception.i and semanageswig_python_exception.i need
to be regenerated when either an input header file changes or
exception.sh changes. Add the missing items to the respective Makefiles.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-11-13 08:34:42 +01:00
Nicolas Iooss
5815cc9843
libselinux,libsemanage: never create -.o in exception.sh
Files starting with "-" causes issues in commands such as "rm *.o". For
libselinux and libsemanage, when exception.sh fails to remove "-.o",
"make clean" fails with:

    rm: invalid option -- '.'
    Try 'rm ./-.o' to remove the file '-.o'.
    Try 'rm --help' for more information.

Fix this by making exception.sh create "temp.o" instead of "-.o".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-11-13 08:34:35 +01:00
Petr Lautrbach
8375671d30 python/sepolicy: Revert "Only invoke RPM on RPM-enabled Linux distributions"
Commit 73b7ff410c ("Only invoke RPM on RPM-enabled Linux distributions") used
platform.linux_distribution() function to detect whether the system is rpm
based. This function is deprecated since Python 3.5 and it's removed from Python
3.8 - https://bugs.python.org/issue28167

The original problem is already fixed by another commit
671f83b42b ("policycoreutils/sepolicy: Check get_rpm_nvr_list() return
value"):

    $ sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home
    Failed to retrieve rpm info for selinux-policy
    Created the following files:
    mypolicy/testpolicy.te # Type Enforcement file
    mypolicy/testpolicy.if # Interface file
    mypolicy/testpolicy.fc # File Contexts file
    mypolicy/testpolicy_selinux.spec # Spec file
    mypolicy/testpolicy.sh # Setup Script

Fixes:
     File "/usr/lib/python3.8/site-packages/sepolicy/generate.py", line 1384, in generate
       if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat", "centos", "SuSE", "fedora", "mandrake", "mandriva")):
     AttributeError: module 'platform' has no attribute 'linux_distribution'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-08 09:20:35 -05:00
Petr Lautrbach
6d5f7f20bc Replace www.nsa.gov references by github.com/SELinuxProject
The original page doesn't exist anymore.

Fixes: https://github.com/SELinuxProject/selinux/issues/170

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-08 09:20:29 -05:00
James Carter
c7527bdb60 libsepol/cil: Report disabling an optional block only at high verbose levels
Since failing to resolve a statement in an optional block is normal,
only display messages about the statement failing to resolve and the
optional block being disabled at the highest verbosity level.

These messages are now only at log level CIL_INFO instead of CIL_WARN.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2019-11-06 12:32:06 -05:00
Thomas Petazzoni
0271bf4136
libselinux/src/Makefile: don't pass bogus -I and -L to python setup.py build_ext
Using $(DESTDIR) during the build does not follow the normal/standard
semantic of DESTDIR: it is normally only needed during the
installation. Therefore, a lot of build systems/environments don't
pass any DESTDIR at build time, which causes setup.py to be called
with -I /usr/include -L /usr/lib, which breaks cross-compilation.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-02 17:32:20 +01:00
Petr Lautrbach
b3ed0a7a60 Update VERSIONs to 3.0-rc1 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-10-28 13:06:11 +01:00
Vit Mojzis
95bcd6af03 python/semanage: Document DCCP and SCTP support
Add DCCP and SCTP protocols in semanage port man page and --help
message.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-23 10:24:38 -04:00
Jason Zaman
06040cdc54 policycoreutils: semodule: Enable CIL logging
semodule -v will turn on semodule's own verbose logging but not logging
from CIL. This change makes the verbose flag also set cil's log level.

By default (ie no -v flag), this will enable CIL_ERR, and each -v will
increase the level from there.

Tested with a duplicated fcontext in the policy.
Before this change:
    # semodule -v -B
    Committing changes:
    Problems processing filecon rules
    Failed post db handling
    semodule:  Failed!

After this change:
    # semodule -v -B
    [ ... snip ... ]
    Found conflicting filecon rules
      at /var/lib/selinux/mcs/tmp/modules/400/mycustom/cil:159
      at /var/lib/selinux/mcs/tmp/modules/400/mycustom/cil:158
    Problems processing filecon rules
    Failed post db handling
    semodule:  Failed!

Closes: https://github.com/SELinuxProject/selinux/issues/176
Signed-off-by: Jason Zaman <jason@perfinion.com>
2019-10-23 10:19:49 -04:00
Masatake YAMATO
9be4e7454d checkpolicy: allow to write policy to stdout
If - is given as filename for -o option, checkpolicy
writes the policy to standard output. This helps users
to read policy.conf and/or CIL policy file with pager
like less command:

 $ checkpolicy -M -F -b /sys/fs/selinux/policy  -o - | less

The users don't have to make a temporary file.
/dev/stdout can be used instead. However, - reduces the number of
typing for the purpose. Using - for standard output (and/or standard
input) is popular convention.

Change(s) in v2:
* Check the availability of output stream only when opening
  a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2019-10-22 08:26:26 -04:00
Masatake YAMATO
b8455f774a checkpolicy: update the description for -o option in the man page
Write about policy.conf and CIL files.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2019-10-22 08:26:26 -04:00
Masatake YAMATO
a581560eb0 checkpolicy: remove a redundant if-condition
Inner if-condition in following code is redundant:

	if (outfile) {
		/* ... just referring outfile ... */
		if (outfile) {
			do_something();
		}
	}

We can simplify this to:

	if (outfile) {
		/* ... just referring outfile ... */
		do_something();
	}

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2019-10-22 08:26:26 -04:00
Ondrej Mosnacek
7494bb1298 sepolicy: generate man pages in parallel
Generating man pages takes a lot of time. Do it in parallel to speed up
the process.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2019-10-21 08:40:53 -04:00
Nicolas Iooss
b915c7a9d3 libsemanage: mark all exported function "extern"
Many functions are already marked "extern" in libsemanage's public
headers and this will help using the content of the headers in order to
automatically generate some glue code for Python bindings.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-18 07:34:46 +13:00
Nicolas Iooss
cfe4874093 libselinux: mark all exported function "extern"
Many functions are already marked "extern" in libselinux's public
headers and this will help using the content of the headers in order to
automatically generate some glue code for Python bindings.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-18 07:34:39 +13:00
Petr Lautrbach
e0e66c25e2 libsepol: Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
There's a typo in commit b8213acff8 ("libsepol: add a function to optimize
kernel policy") which added new function sepol_policydb_optimize(), but there's
sepol_optimize_policy in libsepol.map.

LIBSEPOL_3.0 is used to follow the next release version libsepol-3.0

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2019-10-17 08:40:19 -04:00
Stephen Smalley
510a679b47 python/sepolicy: call segenxml.py with python3
Fixes: https://github.com/SELinuxProject/selinux/issues/61
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-15 10:17:09 -04:00
Vit Mojzis
711fe60723 python/semanage: Add support for DCCP and SCTP protocols
Fixes:
   # semanage port -a -p sctp -t port_t 1234
   ValueError: Protocol udp or tcp is required
   # semanage port -d -p sctp -t port_t 1234
   ValueError: Protocol udp or tcp is required

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-09 09:39:04 -04:00
Vit Mojzis
991dd7402f libsemanage: Add support for DCCP and SCTP protocols
This is necessary for "semanage port" to be able to handle DCCP and SCTP
protocols.

Fixes:
    "port_parse" only handles TCP and UDP protocols

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-09 09:38:58 -04:00
Nicolas Iooss
74c5e551ca libsemanage/tests: check that string pointers are not NULL before comparing them
This silences many issues reported by Infer static analyzer about
possible NULL pointer dereferences.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-01 14:33:04 -04:00
Nicolas Iooss
7673b97e45 libsemanage/tests: return when str is NULL
CU_FAIL() does not stop the execution flow.

This issue has been found using Infer static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-01 14:33:04 -04:00
Vit Mojzis
adcc353f6e python/semanage: fix moduleRecords.customized()
Return value of "customized" has to be iterable.

Fixes:
   "semanage export" with no modules in the system (eg. monolithic policy)
   crashes:

   Traceback (most recent call last):
     File "/usr/sbin/semanage", line 970, in <module>
       do_parser()
     File "/usr/sbin/semanage", line 949, in do_parser
       args.func(args)
     File "/usr/sbin/semanage", line 771, in handleExport
       for c in OBJECT.customized():
   TypeError: 'NoneType' object is not iterable

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-01 14:04:03 -04:00
Vit Mojzis
3a9b4505bf python/semanage: Improve handling of "permissive" statements
- Add "customized" method to permissiveRecords which is than used for
  "semanage permissive --extract" and "semanage export"
- Enable "semanage permissive --deleteall" (already implemented)
- Add "permissive" to the list of modules exported using
  "semanage export"
- Update "semanage permissive" man page

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-01 14:03:55 -04:00
James Carter
9d8fd6e9b9 libsepol: Further improve binary policy optimization
This improves commit b8213acf (libsepol: add a function to optimize
kernel policy) by Ondrej Mosnacek <omosnace@redhat.com> by always
removing redundant conditional rules which have an identical rule
in the unconditional policy.

Add a flag called not_cond to is_avrule_redundant(). When checking
unconditional rules against the avtab (which stores the unconditional
rules) we need to skip the actual rule that we are checking (otherwise
a rule would be determined to be redundant with itself and bad things
would happen), but when checking a conditional rule against the avtab
we do not want to skip an identical rule (which is what currently
happens), we want to remove the redundant permissions in the conditional
rule.

A couple of examples to illustrate when redundant condtional rules
are not removed.

Example 1
  allow t1 t2:class1 perm1;
  if (bool1) {
    allow t1 t2:class1 perm1;
  }
The conditional rule is clearly redundant, but without this change it
will not be removed, because of the check for an identical rule.

Example 2
  typeattribute t1 a1;
  allow t1 t2:class1 perm1;
  allow a1 t2:class1 perm1;
  if (bool1) {
    allow t1 t2:class1 perm1;
  }
The conditional rule is again clearly redundant, but now the order of
processing during the optimization will determine whether or not the
rule is removed. Because a1 contains only t1, a1 and t1 are considered
to be supersets of each other. If the rule with the attribute is
processed first, then it will be determined to be redundant and
removed, so the conditional rule will not be removed. But if the rule
with the type is processed first, then it will be removed and the
conditional rule will be determined to be redundant with the rule with
the attribute and removed as well.

The change reduces the size of policy a bit more than the original
optimization. Looking at the change in number of allow rules, there is
about a 10% improvement over the old optimization.
           orig    old    new
Refpolicy 113284  82467  78053
Fedora    106410  64015  60008

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2019-09-30 15:13:17 -04:00
Nicolas Iooss
120681c1a3 libsepol, libsemanage: add a macro to silence static analyzer warnings in tests
Several static analyzers (clang's one, Facebook Infer, etc.) warn about
NULL pointer dereferences after a call to CU_ASSERT_PTR_NOT_NULL_FATAL()
in the test code written using CUnit framework. This is because this
CUnit macro is too complex for them to understand that the pointer
cannot be NULL: it is translated to a call to CU_assertImplementation()
with an argument as TRUE in order to mean that the call is fatal if the
asserted condition failed (cf.
http://cunit.sourceforge.net/doxdocs/group__Framework.html).

A possible solution could consist in replacing the
CU_ASSERT_..._FATAL() calls by assert() ones, as most static analyzers
know about assert(). Nevertheless this seems to go against CUnit's API.

An alternative solution consists in overriding CU_ASSERT_..._FATAL()
macros in order to expand to assert() after a call to the matching
CU_ASSERT_...() non-fatal macro. This appears to work fine and to remove
many false-positive warnings from various static analyzers.

As this substitution should only occur when using static analyzer, put
it under #ifdef __CHECKER__, which is the macro used by sparse when
analyzing the Linux kernel.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-30 08:43:41 -04:00
Nicolas Iooss
eca4ee4542 CircleCI: run scan-build and publish its results automatically
CircleCI is a continuous integration system like Travis CI, which
provides different features. Contrary to Travis CI, it is quite harder
to build the project with several build configurations (so it is not a
replacement), but it provides short-term storage for files produced by a
build job in what is called "artifacts".

Use this feature in order to store the results of clang's static
analyzer (scan-build) after every pushed commit. This way makes it
possible to quickly compare the result of the analyzer after applying
some patches that were sent for review to the mailing list, as it no
longer requires running the analyzer several times on the development
machine.

An output example is available at
https://352-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-09-21-164945-6152-1/index.html
These web pages were created by the job described at
https://circleci.com/gh/fishilico/selinux/352

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-26 09:45:47 -04:00
Petr Lautrbach
54cb5c674b Switch last 2 files using /usr/bin/env to /usr/bin/python3
Other python scripts already use python3 by default. Both files don't have exec
bits so they have to be run using python interpret on command line anyway:

    $ python3 ./setup.py ...

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-09-26 08:32:18 -04:00
Petr Lautrbach
68fbb6b0a0 python/semanage: Do not use default s0 range in "semanage login -a"
Using the "s0" default means that new login mappings are always added with "s0"
range instead of the range of SELinux user.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-09-26 08:32:10 -04:00
Petr Lautrbach
5dfa95c686 gui: Fix remove module in system-config-selinux
When a user tried to remove a policy module with priority other than 400 via
GUI, it failed with a message:

libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).

This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
"semodule -r NAME".

From Jono Hein <fredwacko40@hotmail.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-09-26 08:31:56 -04:00
Petr Lautrbach
f4e741a144 policycoreutils/fixfiles: Force full relabel when SELinux is disabled
The previous check used getfilecon to check whether / slash contains a label,
but getfilecon fails only when SELinux is disabled. Therefore it's better to
check this using selinuxenabled.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-09-26 08:31:45 -04:00
Petr Lautrbach
d3a8fc4c03 policycoreutils/fixfiles: Fix [-B] [-F] onboot
Commit 6e289bb7bf ("policycoreutils: fixfiles: remove bad modes of "relabel"
command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
`fixfiles -B onboot` to show usage instead of updating /.autorelabel

The code is restructured to handle -B for different modes correctly.

Fixes:
    # fixfiles -B onboot
    Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel
    ...

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-09-26 08:31:33 -04:00
Vit Mojzis
152aeb152f policycoreutils/fixfiles: Fix "verify" option
"restorecon -n" (used in the "restore" function) has to be used with
"-v" to display the files whose labels would be changed.

Fixes:
   Fixfiles verify does not report misslabelled files unless "-v" option is
   used.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-09-24 11:08:14 -04:00
Nicolas Iooss
68b2e4416e libselinux: do not add rc to pos twice
In regex_format_error(), when error_data->error_offset is zero, rc is
not updated and should not be added to pos again.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-23 08:12:32 -04:00
Nicolas Iooss
340da085a5 libselinux: ensure strlen() is not called on NULL
When compile_regex() calls regex_prepare_data() and this function fails
in the following condition:

    *regex = regex_data_create();
    if (!(*regex))
        return -1;

... error_data has been zero-ed and compile_regex() calls:

    regex_format_error(&error_data,
        regex_error_format_buffer,
        sizeof(regex_error_format_buffer));

This leads to a call to strlen(error_data->error_buffer), where
error_data->error_buffer is NULL.

Avoid this by checking that error_data->error_buffer is not NULL before
trying to format it.

This issue has been found using clang's static analyzer:
https://337-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-09-01-181851-6152-1/report-0b122b.html#EndPath

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-23 08:12:32 -04:00
Nicolas Iooss
b550c0e202
Fix many misspellings
Use codespell (https://github.com/codespell-project/codespell) in order
to find many common misspellings that are present in English texts.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-18 22:47:35 +02:00
Nicolas Iooss
e17e489ee3 Add configuration file for lgtm.com
Add a configuration file in order to parse the C code on
https://lgtm.com/projects/g/SELinuxProject/selinux/

The documentation about this file is on
https://help.semmle.com/lgtm-enterprise/user/help/lgtm.yml-configuration-file.html
and
https://help.semmle.com/lgtm-enterprise/user/help/cpp-extraction.html

Fixes: https://github.com/SELinuxProject/selinux/issues/98

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-18 08:24:11 -04:00
Mike Palmiotto
86df2b27a7 libselinux: fix string conversion of unknown perms
Commit c19395d722 fixed some handling of unknown
classes/permissions, but missed the case where an unknown permission is loaded
and then subsequently logged, either via denial or auditallow. If a permission
set has some valid values mixed with unknown values, say `{ read write foo }`,
a check on `{ read write foo }` would fail to log the entire set.

To fix this, skip over the bad permissions/classes when expanding them to
strings. The unknowns should be logged during `selinux_set_mapping`, so
there is no need for further logging of the actual unknown permissions.

Signed-off-by: Mike Palmiotto <mike.palmiotto@crunchydata.com>
2019-09-18 08:20:30 -04:00
Nicolas Iooss
cfc57c2e70 libsepol/tests: do not dereference a NULL pointer
In test_attr_types, the pointer decl is allowed to be NULL in the
beginning, but is dereferenced to produce a helpful message right before
a CU_ASSERT_FATAL. Make this derefence not happen if the pointer is
NULL.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-17 10:38:59 -04:00
Nicolas Iooss
0da7718310 python/sepolicy: remove unnecessary pass statement
This issue has been found using lgtm.com analyzer:
eac5e661ca/files/python/sepolicy/sepolicy/__init__.py (x9f8225117f52fb01):1

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-17 10:38:54 -04:00
Nicolas Iooss
af67fa5d95 python/chcat: remove unnecessary assignment
chcat_add() defines variable cmd twice before calling
subprocess.check_call(cmd, ...). Remove the first definition.

This bug was found using lgtm.com analyzer:
eac5e661ca/files/python/chcat/chcat (L118)

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-17 10:38:49 -04:00