Commit Graph

1357 Commits

Author SHA1 Message Date
Miro Hrončok
42ac8d6dc4 libselinux: selinux.py - use os.walk() instead of os.path.walk()
os.path.walk() function is deprecated and has been removed in Python 3

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-04-21 08:15:02 -04:00
Stephen Smalley
27d5377cc7 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-17 12:38:10 -04:00
Stephen Smalley
685f4aeead libselinux: is_selinux_enabled(): drop no-policy-loaded test.
SELinux can be disabled via the selinux=0 kernel parameter or via
/sys/fs/selinux/disable (triggered by setting SELINUX=disabled in
/etc/selinux/config).  In either case, selinuxfs will be unmounted
and unregistered and therefore it is sufficient to check for the
selinuxfs mount.  We do not need to check for no-policy-loaded and
treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2
days.  Drop the no-policy-loaded test, which was a bit of a hack anyway
(checking whether getcon_raw() returned "kernel" as that can only happen
if no policy is yet loaded and therefore security_sid_to_context() only
has the initial SID name available to return as the context).

May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074
by virtue of removing the call to getcon_raw() and therefore avoiding
use of tls on is_selinux_enabled() calls.  Regardless, it will make
is_selinux_enabled() faster and simpler.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-17 09:38:18 -04:00
Stephen Smalley
220151c0ef Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 11:41:46 -04:00
Petr Lautrbach
219eea83ce policycoreutils: setfiles/restorecon: fix -r/-R option
A spec file was incorrectly stored as rootpath when -r option was used

Fixes:
/sbin/setfiles:  /tmp/install_root is not located in /etc/selinux/targeted/contexts/files/file_contexts

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-04-16 11:40:55 -04:00
Stephen Smalley
b03543cdc0 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 09:52:05 -04:00
Stephen Smalley
974f565415 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 09:51:31 -04:00
Stephen Smalley
549912d229 org.selinux.policy: Require auth_admin_keep for all actions.
Fedora permits obtaining local policy customizations and the list
of policy modules without admin authentication, but we would prefer
more conservative defaults upstream.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 09:40:31 -04:00
Stephen Smalley
082f1d1274 libselinux: Remove deprecated mudflap option.
The mudflap run time checker was removed in GCC 4.9.  The
option no longer does anything and triggers a warning from gcc 4.9
and later.  Remove it.  We might want to add -fsanitize=address
to enable AddressSanitizer in its place, but that should be a separate
change.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 08:23:55 -04:00
Nick Kralevich
39b5c1028c Add empty top level Android.mk / CleanSpec.mk files
Needed to allow Android to keep building with a copy of the SELinux
source code checked into external/selinux

Bug: 19963152
Change-Id: I4e192bb6ca5d185e11540aca7253e729d92a00c1
2015-04-16 07:54:09 -04:00
Stephen Smalley
c304a7d82e Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 07:53:29 -04:00
Stephen Smalley
c4bd396492 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 07:50:25 -04:00
Ben Shelton
9df4988846 libselinux: Mount procfs before checking /proc/filesystems
In the case where the SELinux security module is not loaded in the
kernel and it's early enough in the boot process that /proc has not yet
been mounted, selinuxfs_exists() will incorrectly return 1, and
selinux_init_load_policy() will print a message like this to the
console:

Mount failed for selinuxfs on /sys/fs/selinux:  No such file or directory

To fix this, mount the procfs before attempting to open
/proc/filesystems, and unmount it when done if it was initially not
mounted.  This is the same thing that selinux_init_load_policy() does
when reading /proc/cmdline.

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
2015-04-16 07:49:14 -04:00
Yuli Khodorkovskiy
16796d8dc1 libsepol: Don't use symbol versioning for static object files
Libraries such as libqpol that link with libsepol statically do not understand
the symbolic versioning in libsepol. This patch disables the symbolic versioning
in libsepol if building the static library or building for Android.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-04-15 15:20:20 -04:00
Stephen Smalley
b35f8536dd Add an empty relabel target to secilc Makfile.
So that building from top-level as per the README does not
fail when it reaches the secilc directory.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-10 09:50:57 -04:00
Stephen Smalley
cacf51cef0 libsepol, secilc: Fix build for Android
The Android build does not like the symbol versioning introduced
by commit 8147bc7; the build fails with:
host SharedLib: libsepol (out/host/linux-x86/obj/lib/libsepol.so)
prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8//x86_64-linux/bin/ld: error: symbol cil_build_policydb has undefined version
prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8//x86_64-linux/bin/ld: error: symbol cil_build_policydb has undefined version LIBSEPOL_1.1
clang: error: linker command failed with exit code 1 (use -v to see invocation)

Omit the versioned symbols and simply use the current interfaces
when building on Android.

Commit 36f62b7 also broke the Android build by moving secilc out of
libsepol, because the libsepol headers were not installed by the Android.mk
file.

Export the required libsepol headers for use by secilc and adjust secilc
to pick them up from the right location on Android.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-02 12:01:10 -04:00
James Carter
c0064fb732 Update ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-02 10:52:25 -04:00
James Carter
b1d9456295 checkpolicy: Add support for generating CIL
Add support to checkpolicy and checkmodule for generating CIL as their
output.

Add new options "-C" and "--cil" to specify CIL as the output format.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-01 13:09:26 -04:00
James Carter
4514332550 libsepol: add function to generate CIL from a module policydb
Add a new function, sepol_module_policydb_to_cil, that generates
CIL from a module (not kernel) policydb. Refactor
sepol_module_package_to_cil() to use the new function.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-01 13:09:21 -04:00
James Carter
758a7fe501 libsepol, policycoreutils: Move functions to convert a module package to CIL
Move code to convert a policy module to CIL from the policy package to
CIL conversion tool, pp, in policycoreutils to libsepol. The only changes
to the code are the additions of the prefix "sepol_" to the functions
sepol_module_package_to_cil() and sepol_ppfile_to_module_package(). This
code is being changed from GPL to LGPL with permission from Tresys.

Convert pp to use the renamed functions in libsepol.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-01 13:09:17 -04:00
Stephen Smalley
1b7f3248ec Add secilc to release script.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-31 12:41:28 -04:00
Stephen Smalley
bfe17c0630 Add VERSION and (empty) ChangeLog files to secilc.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-31 12:40:24 -04:00
Stephen Smalley
a94cfaebfc Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-31 12:38:41 -04:00
Yuli Khodorkovskiy
36f62b78f1 libsepol: Move secilc out of libsepol
Since the secilc compiler is independent of libsepol, move secilc out of
libsepol. Linke secilc dynamically rather than statically with libsepol.

- Move secilc source, test policies, docs, and secilc manpage to secilc
  directory.
- Remove unneeded Makefile from libsepol/cil. To build secilc, run make
  in the secilc directory.
- Add target to install the secilc binary to /usr/bin/.
- Create an Android makefile for secilc and move secilc out of libsepol
  Android makefile.
- Add cil_set_mls to libsepol public API as it is needed by secilc.
- Remove policy.conf from testing since it is no longer used.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-03-31 12:31:38 -04:00
Stephen Smalley
d05b06298b Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-30 10:56:33 -04:00
Jason Zaman
055cc407fc run_init: Use a ring buffer in open_init_pty
open_init_pty uses select() to handle all the file descriptors. There is
a very high CPU usage due to select() always returning immediately with
the fd is available for write. This uses a ring buffer and only calls
select on the read/write fds that have data that needs to be
read/written which eliminates the high CPU usage.

This also correctly returns the exit code from the child process.

This was originally from debian where they have been carrying it as a
patch for a long time. Then we got a bug report in gentoo which this
also happens to fix. The original debian patch had the ring buffer
written in C++ so I modified the class into a struct and some static
methods so it is C-only at the request of Steve Lawrence.

Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956
Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=532616

Signed-off-by: Jason Zaman <jason@perfinion.com>
Tested-by: Laurent Bigonville <bigon@bigon.be>
2015-03-30 10:53:41 -04:00
Nicolas Iooss
4be2fd4576 run_init: fix open_init_pty avaibility check
If /usr/sbin/open_init_pty is not found or is not executable,
access("/usr/sbin/open_init_pty", X_OK) returns -1, not zero.

Use "!= 0" like in other places in SELinux userland libraries and tools.
2015-03-30 10:51:58 -04:00
Steve Lawrence
78a472da14 Update libsepol ChangeLog 2015-03-23 12:51:33 -04:00
Richard Haines
d03e9373e8 libsepol: Fix building Xen policy with devicetreecon
Problems fixed:
1) Fix core dump when building CIL policy (corrupted double-linked list)
   by Steve Lawrence <slawrence@tresys.com>
2) Binary policy failed to read with devicetreecon statement.
3) Free path name - With a Xen policy running secilc/valgrind
   there are no memory errors.

Also added devicetreecon statement to CIL policy.cil and updated the CIL
Reference Guide.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-03-23 12:47:58 -04:00
Stephen Smalley
156c91cab2 Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-19 14:34:18 -04:00
Thomas Hurd
c046d974c5 libsepol: bool_copy_callback set state on creation
Boolean states are only written on a declaration.
If a module is turned off which includes a tunable declaration that
is required in another module, the state is never set. This patch
sets the state when the booldatum is created so that an uninitialized
memory read does not occur in cond_write_bool and write garbage to
the link binary.  This can cause a failure in cond_read_bool when
running semodule_expand.

Signed-off-by: Thomas Hurd <thurd@tresys.com>
2015-03-19 14:33:47 -04:00
Stephen Smalley
072bb765a1 Update libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-19 13:02:52 -04:00
Thomas Hurd
a4e290e425 libsemanage: Fix logic in bunzip for uncompressed pp files
Unconditionally check the magic number before BZ2_bzReadOpen()
instead of only when bzip_blocksize=0, since it falls through.
That way if the file is not compressed it will return immediately
and map_file can mmap it. If the file is compressed then it will
go through the BZ2 functions and any errors will be reported correctly.

This fixes 0afd5de5c1 so that a bz2 error
isn't reported when a uncompressed pp is installed successfully.

Signed-off-by: Thomas Hurd <thurd@tresys.com>
2015-03-19 13:01:11 -04:00
Stephen Smalley
3057bcf6a0 Update ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-18 08:37:10 -04:00
Daniel De Graaf
f029067709 libsepol, checkpolicy: add device tree ocontext nodes to Xen policy
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:44 -04:00
Daniel De Graaf
82030de5dc libsepol, checkpolicy: widen Xen IOMEM ocontext entries
This expands IOMEMCON device context entries to 64 bits.  This change is
required to support static I/O memory range labeling for systems with
over 16TB of physical address space.  The policy version number change
is shared with the next patch.

While this makes no changes to SELinux policy, a new SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:18 -04:00
Daniel De Graaf
aab2d9f904 checkpolicy: Expand allowed character set in paths
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:14 -04:00
Petr Lautrbach
b6d5805c7a libsemanage: fix fname[] initialization in test_utilities.c
There's no guaranty that last item in "char fname[]" will be a null character.
Fixes segfault on some systems:

  Test: semanage_nc_sort ...passedtest_semanage_findval: : Invalid argument
libsemanage-tests: TestRun.c:160: CU_assertImplementation: Assertion `((void *)0) != f_pCurTest' failed.
make[1]: *** [test] Aborted (core dumped)

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-03-18 08:16:04 -04:00
Stephen Smalley
50788b155d Update libselinux and policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-13 14:18:34 -04:00
Petr Lautrbach
417cb8d076 Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0

- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-03-13 14:14:23 -04:00
Stephen Smalley
93e557cab6 Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-10 12:46:47 -04:00
Stephen Smalley
560af476b8 checkpolicy: Fix precedence between number and filesystem tokens.
When the FILESYSTEM token was added to support filesystem names that
start with a digit (e.g. 9p), it was given higher precedence than
NUMBER and therefore all values specified in hex (with 0x prefix)
in policy will incorrectly match FILESYSTEM and yield a syntax error.
This breaks use of iomem ranges in Xen policy and will break ioctl
command ranges in a future SELinux policy version.  Switch the
precedence.  This does mean that you cannot currently have a filesystem
with a name that happens to be 0x followed by a hexval but hopefully
that isn't an issue.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-10 12:39:17 -04:00
Steve Lawrence
8a9978727d libsemanage: use the new CIL API
- Do not pass in the policydb where not necessary
- Tell CIL what policy version and target platform to use when building
  the policydb

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-02-27 08:58:52 -05:00
Steve Lawrence
8147bc7622 libsepol: clean up the CIL API
- No longer require the caller to create a sepol_policydb. CIL is now
  responsible for that
- Since the user is no longer responsible for creating the policydb, two
  functions are added to let CIL know how it should configure the
  policydb, to set the policy version and the target platform
- Some functions, like cil_compile, do not need a policydb. Additionally
  some functions, like cil_filecons_to_string use the policydb, but could
  be rewritten to not require it. In these cases, remove the policydb
  from the API, and rewrite functions so they don't depend on it. The
  only function that uses a policydb is cil_build_policydb
- Add functions and symbolic versioning to maintain binary backwards
  compatability. API backwards compatability is not maintained

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-02-27 08:58:52 -05:00
Steve Lawrence
13d502d5f1 Update libsemanage ChangeLog 2015-02-27 08:45:21 -05:00
Yuli Khodorkovskiy
432077b4dd libsemanage: Fix memory leaks when parsing semanage.conf
- Free args as they are parsed and strdup args when neccessary. Memory used for
  lex initialization is now freed using yylex_destroy().
- Add noyywrap option to flex. This is the correct way to make the scanner
  not call yywrap upon an end of file. Before, we were overriding the
  function and returning 1.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-02-27 08:42:09 -05:00
Yuli Khodorkovskiy
057197c69a libsemanage: Add option to remove HLL files after compilation
This adds a 'remove-hll' option to semanage.conf. If set to 'true', all
HLL files will be removed from the SELinux store after successfully
buildling the SELinux modules. The default for this option is 'false'.

In order to delete already compiled HLL files, the modules need to be
recompiled with the ignore-module-cache option.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-02-27 08:41:59 -05:00
Stephen Smalley
68ed273fde Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-26 15:02:21 -05:00
Emre Can Kucukoglu
0551fb1080 checkpolicy: fgets function warnings fix for dismod and dispol
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-26 15:00:27 -05:00
Steve Lawrence
65ed279322 Update libsemanage ChangeLog 2015-02-26 11:24:07 -05:00