Avrules that have the negation, star, or complement flag set for types
need typeattributes and typeattributesets that are generated. This caused
issues when these generated statements were inserted into conditionals, since
typeattributes/sets are not allowed in conditionals.
This change always prints typeattributes and typeattributesets
immediately unless the types appear inside of an avrule in conditionals or blocks.
For this special case, we print the typeattributes after the end
of each conditional/block.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
Some module fc files do not contain a trailing new line. This
caused contexts to have their last character to be deleted. When
parsing each line from a fc file, we only strip off the last character
if it is a new line.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
- Create role declarations no matter if the declaration is in base or
a module. Since CIL does not permit role re-declarations, this change
will break existing policies that have the same role declared in multiple
modules. To fix this, the policies will need to change the role to be
defined in a single place.
- Pass around the avrule_decl stack rather than just the most recent
decl. The full stack is needed to determine if identifiers are in
scope
- Only create roletype statements for a role and a type in two cases:
1) The role is declared/required and the type is declared/required in
the same scope or an ancestor scope of the role
2) The type is declared/required and the role is declared/required in
an ancestor scope of the type
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
This fixes the build with "make PYTHON=python2" on systems where python
is python3.
For PYLIBVER and PYTHONLIBDIR definitions, I tested Python 2.5, 2.6, 2.7,
3.3 and 3.4. For each of them, these commands print the expected result:
python -c 'import sys;print("python%d.%d" % sys.version_info[0:2])'"
python -c "from distutils.sysconfig import *;print(get_python_lib(1))"
Acked-by: Steve Lawrence <slawrence@tresys.com>
test-linker-roles.c: In function 'module_role_tests':
test-linker-roles.c:147:7: error: array subscript is above array bounds
[-Werror=array-bounds]
decls[2] = (test_find_decl_by_sym(base, SYM_TYPES,"tag_g_m2"))->decl_id;
^
Acked-by: Steve Lawrence <slawrence@tresys.com>
In C, defining a function with () means "any number of parameters", not
"no parameter". Use (void) instead where applicable and add unused
parameters when needed.
Acked-by: Steve Lawrence <slawrence@tresys.com>
This fixes a warning from "gcc -Wwrite-strings", when
semanage_module_install_hll is called with "pp" as last parameter.
Acked-by: Steve Lawrence <slawrence@tresys.com>
gcc puts literal strings lie in read-only memory. On x86_64, trying to
write to them triggers a segmentation fault.
To detect such issues at build time, variables holding a pointer to such
strings should be "const char*". "gcc -Wwrite-strings" warns when using
non-const pointers to literal strings.
Remove gcc warnings by adding const to local variables and argumens of
internal functions.
This does *not* fix this warning:
policydb_public.c:208:10: warning: passing argument 2 of 'hashtab_search' discards 'const' qualifier from pointer target type
return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) ==
^
In file included from ../include/sepol/policydb/symtab.h:16:0,
from ../include/sepol/policydb/policydb.h:60,
from policydb_public.c:4:
../include/sepol/policydb/hashtab.h:98:24: note: expected 'hashtab_key_t' but argument is of type 'const char *'
extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k);
^
Moreover the "const" word in hashtab_search prototype does not make the
second parameter "const char*" but "char* const".
Acked-by: Steve Lawrence <slawrence@tresys.com>
Once __attribute__ ((format(printf, 1, 2))) is added to yyerror2,
"gcc -Wformat -Wformat-security" shows some issues. Fix them.
Acked-by: Steve Lawrence <slawrence@tresys.com>
log_err, cil_printf and cil_println use printf formats to process their
arguments. Use __attribute__((format(printf,...))) to make "gcc
-Wformat -Wformat-security" detect issues.
This detected this issue several times on a x86_64 system:
format '%lx' expects argument of type 'long unsigned int', but
argument has type 'uint32_t'
Fix this by introducing an explicit cast to unsigned long.
While at it, constify the format string argument of each function.
Acked-by: Steve Lawrence <slawrence@tresys.com>
Building from the root directory with "make DEBUG=1" enables -Wshadow
option. This makes the compilation fail with the following error:
semodule_unpackage.c: In function 'usage':
semodule_unpackage.c:17:25: error: declaration of 'progname' shadows a global declaration [-Werror=shadow]
static void usage(char *progname)
^
semodule_unpackage.c:14:7: error: shadowed declaration is here [-Werror=shadow]
char *progname = NULL;
^
Fix this error by no longer passing a global variable as a parameter to
usage function.
Acked-by: Steve Lawrence <slawrence@tresys.com>
Building from the root directory with "make DEBUG=1" enables -Wshadow
option. This makes the compilation fails with the following error:
cc -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror -g
-I/usr/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
-W -c -o seunshare.o seunshare.c
seunshare.c: In function 'spawn_command':
seunshare.c:141:6: error: declaration of 'child' shadows a global declaration [-Werror=shadow]
int child;
^
seunshare.c:58:12: error: shadowed declaration is here [-Werror=shadow]
static int child = 0;
^
Fix this error by renaming the "child" variable in spawn_command.
Acked-by: Steve Lawrence <slawrence@tresys.com>
"gcc -O2 -Wall -Werror" failed with two errors when building pp due to
the use of unitialized variables.
Acked-by: Steve Lawrence <slawrence@tresys.com>
"gcc -O2 -Wall -Werror" fails to compile seusers_local.c:
seusers_local.c: In function 'semanage_seuser_modify_local':
seusers_local.c:122:6: error: 'rc' may be used uninitialized in this
function [-Werror=maybe-uninitialized]
It seems rc is not initialized when the call to semanage_seuser_clone
fails in semanage_seuser_modify_local.
Acked-by: Steve Lawrence <slawrence@tresys.com>
When using "gcc -O2 -Wall -Werror" to compile libsepol, the following
error happens:
services.c: In function 'constraint_expr_eval_reason':
services.c:820:2: error: 'answer_list' may be used uninitialized in this
function [-Werror=maybe-uninitialized]
free(answer_list);
^
Indeed, because of a goto statement in constraint_expr_eval_reason
function, "free(answer_list)" can be called before answer_list has been
initialized.
Fix this error by moving the definition of answer_list to the beginning
of constraint_expr_eval_reason.
Acked-by: Steve Lawrence <slawrence@tresys.com>
mcstrans still uses CONTEXT__CONTAINS from av_permissions.h to calculate
a permission access vector. However, av_permissions.h was deprecated, so
it does not have access to the constant. This updates mcstrans to use
string_to_av_perm() to get the value for context contains.
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Add a new -S option to semodule. This option overrides store_root
in semanage.conf and sets the SELinux store's root path. If neither -S,
nor store_root are specified in semanage.conf, then the default
location is used.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Allow an alternative selinux store root path to be used. The option
can be set in semanage.conf as store_root. If no option is provided, the
default path for the store_root is "/var/lib/selinux".
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Providing --ignore-module-cache will cause the recompilating of all HLL
modules, and recaching of the resulting CIL files.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
An HLL to CIL compiler must exist in the compiler_directory path which
is configubrable in semanage.conf. By default, this path is
/usr/libexec/selinux/hll/. The compiler name needs to match the HLL
language extension. For example, for pp files,
/usr/libexec/selinux/hll/pp must exist.
The HLL infrastructure uncompresses the HLL module and pipes the data to
the appropriate CIL compiler. The output CIL from the compiler is read
from another pipe, compressed, and saved to the module store as a cached
CIL file. This file will be used on all subsequent policy builds, unless
a new module is installed with the same name at the same priority, at
which point the cache is deleted and is subsequently rebuilt and cached.
A new option is added to semanage.conf, ignore_cache, which if set to
true will cause the cached CIL files to be ignored and all HLL files to
be recompiled and the resulting CIL to be recached.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Reads in a policy package file via stdin or via filename, and writes out
the equivilent CIL to stdout or to an output file, depending on the
parameters passed in.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
- Remove version references
- Use new methods for enabling/disabling modules
- Add support to set priority when adding/removing modules
- Modify module --list output to include priority and language extension
- Update permissiveRecords call to support cil policy
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: Jason Dana <jdana@tresys.com>
We created a migration script to ease the burden of transition from the
old libsemanage store layout to the new. The script will detect all the
stores in /etc/selinux using the old layout and convert them to the new
layout in /var/lib/selinux. It also allows you to specify the default
priority to use with -p and store to operate on with -s. After migration
the script by default will leave the old store unchanged, but can be
told to remove the old modules directory with -c. Reloading policy post
migration can be disabled with the -n option.
Examples:
semanage_migrate_store
Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active
Attempting to rebuild policy from /var/lib/selinux
semanage_migrate_store -s targeted
Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active
Attempting to rebuild policy from /var/lib/selinux
semanage_migrate_store -p 150
Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active
Attempting to rebuild policy from /var/lib/selinux
Signed-off-by: Chad Sellers <csellers@tresys.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Set DISABLE_CIL=y to build libsepol without CIL support, e.g
make DISABLE_CIL=y
To enable CIL support in libsepol, set DISABLE_CIL=n. This is the default
if not specified.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Providing --upgrade or --base will now just call --install, and display
a deprecation message to the user. Additionally, because CIL has no
concept of version numbers, this removes the version output from --list.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
With CIL, the filename and language extension are no longer stored in
the modules themselves like with pp files. So parse this information
from the filename when given a file to install, and require the
information be passed when just data. Symbolic versioning is used to
maintain ABI compatability with the old install functions. API
compatability is not maintained.
Also, remove version from the module info struct and the
semanage_module_info_{get,set}_version functions. These functions have
not been part of an official release, so removing them without providing
ABI/API compatability should not break anything.
Because versioning is removed, semanage_module_upgrade can no longer
perform the necessary checks to ensure an old module is not overriding
a newer module. So, this just remove the upgrade functions from the API.
Functions are added to maintain ABI compatability, which call the
install functions.
Also, CIL has no concept of a base module, so remove the notion of a
base module, including the API functions semanage_module_base_install
and related functions. To maintain ABI compatability, functions are
added which call the new install functions, thus treating base modules
as if they are normal modules.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
The target platform used to come from the base module. However, CIL has
no concept of a base module or a target platform. This adds an option to
semanage.conf (target-platform) to control how policies should be built.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
With pp modules, the target platform information comes form the base
module. However, CIL modules have no concept of target platform. So it
must come from somewhere else. This adds an API function that allows
setting the target platform.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Rather than getting the list of pp modules and parsing their headers to get
the name, use the new source policy functions to get the necessary
information from the module store.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Removed in commits:
- Revert "libsemanage: introduce semanage_set_root and friends"
- Revert "libsemanage: Alternate path for semanage.conf"
- Revert "libsemanage: Use default semanage.conf as a fallback"
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
