Commit Graph

127 Commits

Author SHA1 Message Date
Stephen Smalley
34e196c3c2 Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-28 08:29:44 -04:00
Jeff Vander Stoep
7f1ec68362 dispol: display operations as ranges
Displays operations ranges more concisely. E.g.

{ 0x8901-0x8930 }

instead of

{ 0x8901 0x8902 0x8903 0x8904 80x8905 0x0806 ... 0x8930 }

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-28 08:29:24 -04:00
Stephen Smalley
11f2e159f6 Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-23 08:45:20 -04:00
Stephen Smalley
6dafd3ded9 dispol: Extend to display operations.
Also drop expanding of rules; just display the rules in their
original form.  I think expansion was a relic of an older policy
version where we did not preserve attributes in the kernel policy.
In any event, it seems more useful to display the rules unmodified.

Change-Id: I85095a35cfb48138cd9cf01cde6dd0330e342c61
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-23 08:42:07 -04:00
Stephen Smalley
a2ceeba03c Update libsepol and checkpolicy ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-23 08:33:18 -04:00
Jeff Vander Stoep
80bc7ee8fa Add support for ioctl command whitelisting
Adds support for new policy statements whitelisting individual ioctl
commands. Ioctls provide many of the operations necessary for driver control.
The typical driver supports a device specific set of operations accessible
by the ioctl system call and specified by the command argument. SELinux
provides per operation access control to many system operations e.g. chown,
kill, setuid, ipc_lock, etc. Ioclts on the other hand are granted on a per
file descriptor basis using the ioctl permission, meaning that the set of
operations provided by the driver are granted on an all-or-nothing basis.
In some cases this may be acceptable, but often the same driver provides a
large and diverse set of operations such as benign and necessary functionality
as well as dangerous capabilities or access to system information that should
be restricted.

Example policy:
allow <source> <target>:<class> { 0x8900-0x8905 0x8910 }
auditallow <source> <target>:<class> 0x8901

The ioctl permission is still required in order to make an ioctl call. If no
individual ioctl commands are specified, only the ioctl permission is
checked by the kernel - i.e. status quo. This allows ioctl whitelisting to
done in a targeted manner, protecting desired drivers without requiring every
ioctl command to be known and specified before use and otherwise allowing
existing policy to be used as-is.

This only implements ioctl whitelisting support for monolithic kernel policies
built via checkpolicy. Support for modules and CIL remains to be done.

Bug: 19419509
Change-Id: I198e8c9279b94d8ce4ae5625018daa99577ee970
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
2015-04-23 08:30:33 -04:00
James Carter
c0064fb732 Update ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-02 10:52:25 -04:00
James Carter
b1d9456295 checkpolicy: Add support for generating CIL
Add support to checkpolicy and checkmodule for generating CIL as their
output.

Add new options "-C" and "--cil" to specify CIL as the output format.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-01 13:09:26 -04:00
Stephen Smalley
3057bcf6a0 Update ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-18 08:37:10 -04:00
Daniel De Graaf
f029067709 libsepol, checkpolicy: add device tree ocontext nodes to Xen policy
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:44 -04:00
Daniel De Graaf
82030de5dc libsepol, checkpolicy: widen Xen IOMEM ocontext entries
This expands IOMEMCON device context entries to 64 bits.  This change is
required to support static I/O memory range labeling for systems with
over 16TB of physical address space.  The policy version number change
is shared with the next patch.

While this makes no changes to SELinux policy, a new SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:18 -04:00
Daniel De Graaf
aab2d9f904 checkpolicy: Expand allowed character set in paths
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:14 -04:00
Stephen Smalley
93e557cab6 Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-10 12:46:47 -04:00
Stephen Smalley
560af476b8 checkpolicy: Fix precedence between number and filesystem tokens.
When the FILESYSTEM token was added to support filesystem names that
start with a digit (e.g. 9p), it was given higher precedence than
NUMBER and therefore all values specified in hex (with 0x prefix)
in policy will incorrectly match FILESYSTEM and yield a syntax error.
This breaks use of iomem ranges in Xen policy and will break ioctl
command ranges in a future SELinux policy version.  Switch the
precedence.  This does mean that you cannot currently have a filesystem
with a name that happens to be 0x followed by a hexval but hopefully
that isn't an issue.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-10 12:39:17 -04:00
Stephen Smalley
68ed273fde Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-26 15:02:21 -05:00
Emre Can Kucukoglu
0551fb1080 checkpolicy: fgets function warnings fix for dismod and dispol
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-26 15:00:27 -05:00
Steve Lawrence
f0c9966f88 Bump to final release 2015-02-02 09:38:10 -05:00
Stephen Smalley
37b7248edc Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-21 14:01:15 -05:00
Dan Albert
c540479a36 Global C++11 compatibility.
Our build system compiles flex/bison as C++ rather than C, but a few
projects add `-x c` to their flags, forcing the compiler to compile
them as C. This causes the compiler to reject the global C++ standard
flag, so we need to explicitly provide a C standard flag to override
it.

Bug: 18466763
Change-Id: I49a6aeecf4abc563bd77127778b6d214e3851037
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-21 14:00:01 -05:00
Stephen Smalley
3f121151ca Update libsepol and checkpolicy ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20 16:24:10 -05:00
dcashman
ed7a6ba24a Allow libsepol C++ static library on device.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20 10:31:15 -05:00
Dan Albert
b1bbd3030b Clear errno before call to strtol(3).
Since strtol(3) doesn't clear errno on success, anything that sets
errno prior to this call will make it look like the call failed. This
happens when built with ASAN.

Signed-off-by: Dan Albert <danalbert@google.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-12-11 08:29:34 -05:00
Steve Lawrence
823ebc8c6b Bump to release candidate 7 2014-12-03 10:06:26 -05:00
Steve Lawrence
07e75a9cc7 Bump to release candidate 6 2014-11-12 08:30:15 -05:00
Steve Lawrence
d1db56c52b Bump to release candidate 5 2014-10-29 11:01:03 -04:00
Steve Lawrence
6280387034 Bump to release candidate 4 2014-10-06 15:03:24 -04:00
Steve Lawrence
ff5bbe6dcf Bump VERSION/ChangeLog for release candidate 3
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 10:16:34 -04:00
Scapelli
387dc6342e Add missing semicolon to parser rule "cond_else"
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:54 -04:00
Nicolas Iooss
5af8c5adb2 checkpolicy: fix gcc -Wunused-variable warnings
Add __attribute__ ((unused)) to unused function parameters.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:41 -04:00
Nicolas Iooss
c4a4a1a7ed Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter".  Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:38 -04:00
Nicolas Iooss
7dcb7a5946 checkpolicy: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:28 -04:00
Nicolas Iooss
581d3eb128 checkpolicy: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:13 -04:00
Nicolas Iooss
832e7017f8 checkpolicy: constify the message written by yyerror and yywarn
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:06 -04:00
Nicolas Iooss
8db96d0cb4 checkpolicy: add printf format attribute to relevant functions
Once __attribute__ ((format(printf, 1, 2))) is added to yyerror2,
"gcc -Wformat -Wformat-security" shows some issues.  Fix them.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:03 -04:00
Steve Lawrence
8f9d3a7c95 Fix typos in ChangeLog and Versions 2014-08-26 14:20:48 -04:00
Steve Lawrence
79fd2d06ab Bump versions and update ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 09:48:54 -04:00
Stephen Smalley
1e6482134b Bump version and update ChangeLog for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-06 13:30:27 -04:00
Stephen Smalley
53e1304103 Add support for building dispol program.
This is a program for displaying the contents of a binary policy file.

Change-Id: Iba94d6b13ac1abbc084da5631dc2bf4107e548d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-04-09 08:34:32 -04:00
Stephen Smalley
35b3c259a7 2.3-rc1 (release candidate 1).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-25 13:24:44 -04:00
Stephen Smalley
84c9c828a0 Update ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-24 15:05:09 -04:00
Nick Kralevich
e91b5d2ad0 Maybe fix darwin compile error.
external/checkpolicy/policy_define.c:63: error: 'PATH_MAX' undeclared here (not in a function)
  [deleted]
  make: *** [out/host/darwin-x86/obj/EXECUTABLES/checkpolicy_intermediates/policy_define.o] Error 1
  make: *** Waiting for unfinished jobs....

Change-Id: If3795c7e62ed0d685ad07047f46014f77b87b4a8
2014-03-24 15:03:31 -04:00
Stephen Smalley
0e00684f69 Report source file and line information for neverallow failures.
Change-Id: I0def97a5f2f6097e2dad7bcd5395b8fa740d7073
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-24 15:02:57 -04:00
Stephen Smalley
8c5171d76e Update checkpolicy/ChangeLog. 2014-02-20 14:24:43 -05:00
Stephen Smalley
bfb806120a Prevent incompatible option combinations.
checkmodule -m and -b are fundamentally incompatible with each other,
so reject attempts to use them together.

Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1064603

Also fix the error message for -m with -U to use stderr.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-20 14:20:20 -05:00
Stephen Smalley
2001fa0e9d dismod and dispol do not use libselinux.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-20 14:19:50 -05:00
Stephen Smalley
534f5a74bb Update libsepol and checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 09:35:58 -05:00
Richard Haines
ab9cbb1f8e checkpolicy: Add debug feature to display constraints / validatetrans
Allow mls/constraint mls/validatetrans constraints to be displayed
in debug mode. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined
types/attributes will be returned.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2013-11-06 09:31:34 -05:00
Stephen Smalley
7c4bb77999 Version bump for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:45:19 -04:00
Stephen Smalley
a08010023b Update ChangeLogs and bump VERSIONs to an intermediate value.
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version.  Switching to 2-component versions.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-25 15:14:23 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
2013-10-24 15:24:17 -04:00