Commit Graph

1698 Commits

Author SHA1 Message Date
James Carter
50d8a181e8 Updated libsepol and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-09 16:16:58 -04:00
Petr Lautrbach
e069f16f54 policycoreutils: 'fixfiles check' should not change anything
-n was not being passed down to restorecon properly in the code path
for -C and -N

Patch-by: Dan Callaghan <dcallagh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-09 15:55:26 -04:00
William Roberts
8e8a648e92 libsepol: fix memory leak in expand.c
ebitmap_set_bit() can possible allocate nodes, however, the bail early
style of type_set_expand() could leave internal ebitmaps allocated
but not free'd.

Modify type_set_expand() so that it free's all allocated ebitmaps
before returning the error code to the calling routine.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-09 15:55:22 -04:00
William Roberts
6e7d04ac0b libsepol: fix invalid read when policy file is corrupt
AFL Found this bug:
==6523== Invalid read of size 8
==6523==    at 0x4166B4: type_set_expand (expand.c:2508)
==6523==    by 0x43A0B8: policydb_role_cache (policydb.c:790)
==6523==    by 0x41CD70: hashtab_map (hashtab.c:235)
==6523==    by 0x43AC9E: policydb_index_others (policydb.c:1103)
==6523==    by 0x441B14: policydb_read (policydb.c:3888)
==6523==    by 0x442A1F: sepol_policydb_read (policydb_public.c:174)
==6523==    by 0x407ED4: init (check_seapp.c:885)
==6523==    by 0x408D97: main (check_seapp.c:1231)

This occurs when the type_val_to_struct[] mapping array
doesn't contain the type indicated in the ebitmap.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-09 15:55:15 -04:00
Vit Mojzis
671f83b42b policycoreutils/sepolicy: Check get_rpm_nvr_list() return value
get_rpm_nvr_list can fail to get the version of selinux-policy rpm
package, which leads to error during spec file creation (attempt to
invoke __getitem__ of "None" object).

This patch sets the policy number to "0.0.0" in case rpm failed to
get it. This change should be safe because it affects only an example
of spec file.

Variable "POLICYCOREUTILSVER" was removed (unused).

fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1321499

Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
  File "/bin/selinux-polgengui", line 360, in forward
    self.generate_policy()
  File "/bin/selinux-polgengui", line 506, in generate_policy
    self.info(my_policy.generate(outputdir))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1382, in generate
    out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1228, in write_spec
    fd.write(self.generate_spec())
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1190, in generate_spec
    selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
  TypeError: 'NoneType' object has no attribute '__getitem__'

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2016-08-09 15:55:08 -04:00
Petr Lautrbach
2e60a2c80e policycoreutils: Don't use subprocess.getstatusoutput() in Python 2 code
The commit 7574a50f tried to improve compatibility with Python 3. It changed
the code to use subprocess.getstatusoutput() instead of
commands.getstatusoutput(). Unfortunately subprocess.getstatusoutput() is not
available in Python 2. This patch changes how getstatusoutput() is imported so
the code works on Python 2 and Python 3.

Fixes:
$ chcat -d something
Traceback (most recent call last):
  File "/usr/bin/chcat", line 432, in <module>
    sys.exit(chcat_replace(["s0"], cmds, login_ind))
  File "/usr/bin/chcat", line 271, in chcat_replace
    rc = subprocess.getstatusoutput(cmd)
AttributeError: 'module' object has no attribute 'getstatusoutput'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-09 15:55:02 -04:00
Miroslav Vadkerti
4c5b8a9568 semanage: add auditing of changes in records
Common Criteria requirement FMT_MSA.1 needs any configuration change
that affect enforcement of policy to be audited. This patch adds
auditing of changes in security context mappings for network ports,
interfaces, nodes and file contexts.

A new function log_change is introduced that audits additions,
modification and removal of the mappings via the USER_MAC_CONFIG_CHANGE
audit event.

The format of the audit events was discussed with the audit userspace
maintainer.

This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=829175

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-09 15:54:57 -04:00
James Carter
59b645c050 Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-08 15:56:46 -04:00
James Carter
b190e6e37d sepolicy: Add python3 support to test_sepolicy.py
Use assertNotEqual() and assertEqual() instead of assert_().
Convert print statements to print functions.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-08 15:50:18 -04:00
Jason Zaman
d2424c6c98 semanage: Print usage when no args
https://bugs.python.org/issue16308

Traceback (most recent call last):
  File "semanage", line 932, in <module>
    do_parser()
  File "semanage", line 911, in do_parser
    args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
05d1cead3d policycoreutils/gui: py3 support for modules that changed name
StringIO moved to io and commands moved to subprocess

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
4d340e467a policycoreutils/gui: update to python3
print functions
exceptions, e => as e
keys.sort() => sorted(d.keys())

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
af59544e5f policycoreutils: gettext compat for py2 and 3
Install gettext the same way everywhere and have fallbacks to use
str/unicode depending on python version.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b43991f913 policycoreutils: import sepolicy directly
instead of from sepolicy import foo. Makes it easier to grep for
consumers that still need to be fixed.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
7f956419c2 sepolicy: dont alias sepolicy.search and sepolicy.info
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
f300803045 sepolicy: update exceptions and print for python3
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b87db86f79 sepolicy: C Module init for python3
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
356a6e2566 sepolicy: Add python3 PyInt and PyString defs
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
925bb39ba2 semanage: misc style issues
Unused imports
== None should be is None

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
35d44f17af seobject: use sorted() instead of .sort()
2to3 wanted to wrap all the .keys() calls in list() but doing sorted()
directly is better.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b51c39499b semanage: py3 support for print function and map/filter
map and filter were turned into list comprehensions.
This was done using python's 2to3 utility.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Steve Lawrence
4209c00afe Update libsepol ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-05 07:37:08 -04:00
William Roberts
ca3ec93ad0 module_to_cil: fix possible use of uninitialized value
Correct errors like these reported by gcc:

module_to_cil.c: In function ‘block_to_cil’:
module_to_cil.c:229:20: error: ‘attr_list’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  struct list_node *curr = (*attr_list)->head;

Usages of attr_list_destroy() were called when list_init()
fails.

stack_init() and stack_destroy() also suffered from the
aforementioned issue.

To correct the issue, initialize stack and list variables to
NULL.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-05 07:36:24 -04:00
Steve Lawrence
6dc34b2b6f Update libselinux ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-04 08:56:52 -04:00
Laurent Bigonville
46c4f3a716 libselinux/utils/Makefile: Fix in tree compilation
Some tools need the sepol/sepol.h header
2016-08-04 08:54:15 -04:00
Steve Lawrence
af7aa0b9ad Update policycoreutils ChangeLog.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-04 08:43:39 -04:00
Petr Lautrbach
62a2a94419 policycoreutils: semodule - remove 'q' from getopt string
Users are confused that this option is not documented or that
'semodule -q' doesn't show:

semodule: invalid option -- 'q'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-04 08:42:15 -04:00
Stephen Smalley
a736d9d070 Updated libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-28 10:52:34 -04:00
James Carter
46e157b470 libsepol/cil: Warn instead of fail if permission is not resolve
If a policy module package has been created with a policy that contains
a permission and then is used on a system without that permission CIL
will fail with an error when it cannot resolve the permission.

This will prevent the installation on policy and the user will not
know that the policy has not been installed.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-07-28 10:51:38 -04:00
James Carter
d5396d8312 Updated libsepol ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-07-26 13:43:18 -04:00
Steve Lawrence
7a137eb75f libsepol/cil: Ignore object_r in userrole mappings when creating policy binary
Commit 77779d2ca, which added support for userattributes in CIL,
accidentally removed code that ignored object_r when adding userrole
mappings to the policydb. This meant that running commands like
`semanage user -l` would incorrectly show object_r. This patch adds that
code back in. Note that CIL requires that these mappings exist to
properly validate file contexts, so pp2cil's behavior of creating these
mappings is not modified.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-07-26 13:41:43 -04:00
Stephen Smalley
c17727e54f Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-25 13:57:21 -04:00
Petr Lautrbach
859c82d8e6 policycoreutils: Remove unused autoconf files from po/
None of *.in and POTFILES* files is used in current build process.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-07-25 13:54:49 -04:00
Piotr Drąg
bc69158385 policycoreutils: Remove duplicate, empty translation files
policycoreutils carries many duplicate, empty translation files.
They are a remnant of broken Transifex's system for managing
translation codes. This commit removes them.

Signed-off-by: Piotr Drąg <piotrdrag@gmail.com>
2016-07-25 13:54:43 -04:00
Stephen Smalley
4a3fbdae6e Updated checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-25 13:54:10 -04:00
Stephen Smalley
2c1979f0a6 Extend checkpolicy pathname matching.
checkpolicy currently imposes arbitrary limits on pathnames used
in genfscon and other statements.  This prevents specifying certain
paths in /proc such as those containing comma (,) characters.

Generalize the PATH, QPATH, and FILENAME patterns to support most
legal pathnames.

For simplicity, we do not support pathnames containing newlines or
quotes.

Reported-by: Inamdar Sharif <isharif@nvidia.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-14 11:41:28 -04:00
Stephen Smalley
c983674138 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-12 15:36:44 -04:00
Jason Zaman
0576ba5268 open_init_pty: Do not error on EINTR
There is a signal handler so that the select returns EINTR when the
child exits. EINTR is used to then clean up and flush the remaining
buffers. It should not error.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-07-12 15:35:23 -04:00
James Carter
77e86c0b8c Updated libsepol ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-07-12 14:27:57 -04:00
Petr Lautrbach
747a440fdd libsepol: Add missing return to sepol_node_query()
Due to the missing return in sepol_node_query(), the function always
set *response to NULL whenever a protocol was SEPOL_PROTO_IP6

Fixes:
sudo semanage node -a -M ::1 -p ipv6 -t node_t ::1
sudo semanage node -m -M ::1 -p ipv6 -t node_t ::1
[1]    12968 segmentation fault (core dumped)  semanage node -m -M ::1 -p ipv6 -t node_t ::1

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-07-12 13:48:05 -04:00
Stephen Smalley
144b74905c Updated libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-01 13:04:15 -04:00
Thomas Petazzoni
0635cd495b Add missing <stdarg.h> include
Add missing <stdarg.h> include

This is needed to fix the build on uClibc, due to the usage of
va_list.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-01 13:02:15 -04:00
Stephen Smalley
74e25b1e81 Updated ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-01 12:58:23 -04:00
Petr Lautrbach
03e87ff2a9 policycoreutils: fix [-s STORE] typos in semanage
semanage and semanage man pages used wrong usage of
[-S STORE] in synopsis

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-07-01 12:54:17 -04:00
Petr Lautrbach
a9604c30a5 libselinux: Change the location of _selinux.so
There was a change in swig-3.10 to use importlib instead of imp. While
the implementation with imp looked for _selinux.so also into the same directory
as __init__.py is, a new module with importlib searchs only standard paths.
It means that we need to move _selinux.so from $(PYLIBDIR)/site-packages/selinux/
to $(PYLIBDIR)/site-packages/.

Fixes:
>>> import selinux
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 21, in <module>
    _selinux = swig_import_helper()
  File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 20, in swig_import_helper
    return importlib.import_module('_selinux')
  File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
ImportError: No module named _selinux

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-07-01 12:54:12 -04:00
Stephen Smalley
e55b86e7c6 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-06-23 13:00:16 -04:00
David King
d6413cdbd2 libselinux: man: Clarify is_selinux_mls_enabled() description
Improve the description by mentioning that if is_selinux_mls_enabled(),
it simply means that the kernel has MLS support and the policy contains
MLS features. To check whether MLS support is enabled on the running
system, use selinux_getpolicytype().

Signed-off-by: David King <dking@redhat.com>
2016-06-23 12:58:15 -04:00
David King
984fd069e2 libselinux: man: Explain how to free policy type from selinux_getpolicytype()
Additionally, fix a typo.

Signed-off-by: David King <dking@redhat.com>
2016-06-23 12:58:03 -04:00
Stephen Smalley
7dd0afc9a1 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-06-23 12:57:50 -04:00
Petr Lautrbach
7c1a5e3b03 libselinux: compare absolute pathname in matchpathcon -V
filepath needs to be resolved first in order to be correctly found by
selabel_lookup_raw()

Fixes:
$ matchpathcon -V passwd
passwd has context system_u:object_r:passwd_file_t:s0, should be
system_u:object_r:passwd_file_t:s0

$ echo $?
1

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-06-23 12:56:06 -04:00