Commit Graph

1155 Commits

Author SHA1 Message Date
Richard Haines
c2c2bd34c9 libsepol: Update CIL documentation
Reformat secilc(8) man page for readability and correct url

Remove unused/obsolete info and correct portcon statement in the
Reference Guide.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-02-26 08:30:51 -05:00
Steve Lawrence
9aa60660a5 Update policycoreutils changelog 2015-02-25 08:31:05 -05:00
Andrew Spiers
7fc51977a5 typo in semanage-port.8
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-02-25 08:29:08 -05:00
Stephen Smalley
ae44b7bb39 libselinux: sefcontext_compile: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 12:20:42 -05:00
Stephen Smalley
07ed7784cf Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 10:50:56 -05:00
Nick Kralevich
716e3820c5 libselinux: label_file: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 10:42:09 -05:00
Stephen Smalley
b2beb5304d Update libselinux Changelog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 11:08:51 -05:00
Stephen Smalley
2d5ac1c931 libselinux: getcon.3: Fix setcon description.
The man page description for setcon() was never updated for the
introduction of bounded transitions in Linux 2.6.28.  Update it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 10:54:56 -05:00
Stephen Smalley
cc8995f08c Merge branch 'master' of github.com:SELinuxProject/selinux 2015-02-23 09:08:35 -05:00
Stephen Smalley
02104d01ae Add further build dependencies.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 09:08:13 -05:00
Steve Lawrence
68f356e21a Update libsepol ChangeLog 2015-02-23 08:25:35 -05:00
Chris PeBenito
e7694874c2 libsepol: Fix error path in mls_semantic_level_expand().
If the level contains a category that is not associated with a sensitivity,
the code correctly detects the condition, but does not return an error.

Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-02-23 08:25:35 -05:00
Stephen Smalley
38bbed0511 Note that all bug reports and patches should go to selinux@tycho.nsa.gov.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-20 12:26:27 -05:00
Steve Lawrence
8222f5551a Update libsepol Changelog 2015-02-18 09:26:44 -05:00
Steve Lawrence
28ae74e112 Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656' 2015-02-18 09:25:20 -05:00
Steve Lawrence
76ba6eaa73 Squashed 'libsepol/cil/' changes from 08520e9..28ad56e
28ad56e Store file paths in the string pool
da42c28 Use the new fqn datum field for generated strings
5df35f5 Fix a typo in .gitignore that was not ignoring files in docs/
479051c Modify how blocks are copied into blockinherits
793d12d Fix memory leak in classpermissionset
e5bb941 Added several new test policies
d6f2710 Refactored the name resolution code
ba61ee8 Changed how datums are handled when destroying a tree.
36e6818 Reimplemented the code to fully qualify names.
43fa823 Fixed two bugs in cil_copy_ast.c
9ff6072 Small fix to cil_list_remove()
4eecdbe Changed how root node of the AST is initialized.
172b918 Cleanup unused symtab_datum from disabled optionals
06df2d2 Add policy binary and file_contexts to .gitignore

git-subtree-dir: libsepol/cil
git-subtree-split: 28ad56e90c9b923ddf4a186e772645b4c086b6cc
2015-02-18 09:25:20 -05:00
Stephen Smalley
d8b2a0ab50 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:46:45 -05:00
Stephen Smalley
914e591c41 libselinux: fix audit2why error handling if SELinux is disabled.
If SELinux is disabled, then selinux_current_policy_path() returns NULL.
At present, if you run audit2allow on a SELinux-disabled host without
the -p option, you get:
unable to open (null):  Bad address

We haven't seen this because most people running audit2allow are doing
it on SELinux-enabled hosts and using the host policy.  But for Android,
the build host OS often has SELinux disabled and we need to pass audit2allow
the path to the Android policy.  Handle this case and provide a hint to
the user.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:15:34 -05:00
stephensmalley
80d7cd3773 Merge pull request #6 from cspeterson/typo
Fixed typo/grammatical error
2015-02-12 13:43:58 -05:00
Christopher
6d198c0031 Fixed typo/grammatical error 2015-02-08 01:34:55 -05:00
Stephen Smalley
98d497389b Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 13:36:01 -05:00
Stephen Smalley
00beeba1fc Maybe fix MacOS X build.
s6_addr32 is not portable; use s6_addr instead.

Change-Id: I21c237588d3e7200cefa3af96065f657dae4b1e7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 13:34:26 -05:00
Stephen Smalley
ee7bea53d7 More build dependencies.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 11:27:50 -05:00
Stephen Smalley
54075fb3cd Update libselinux and libsepol ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 11:25:41 -05:00
Stephen Smalley
eea6a900a6 Enable building CIL in the host libsepol.
Enable building CIL as part of the host libsepol.
This will allow using it for host-side policy tools.
Omit it from the device libsepol used for the CTS for now,
unless/until such a time as we find it necessary there.

Also build secilc, the CIL compiler.

Change-Id: I2f04a720d9143a9c84fbab211511f76d82581b0b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 11:18:44 -05:00
Stephen Smalley
4ef938a184 Note non-standard build dependencies.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 11:15:24 -05:00
Stephen Smalley
1434267419 libselinux: pcre_study can return NULL without error.
Per the man page, pcre_study can return NULL without error if
it could not find any additional information.  Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.

Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-02 16:11:10 -05:00
Robert Craig
eb0ba200b5 libselinux: Adjustments to android property backend.
Allow the android property backend parser to accept the
SELABEL_OPT_VALIDATE option and to perform a validate
callback.

Extracted from the Android external/libselinux tree.

Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
2015-02-02 15:36:13 -05:00
Stephen Smalley
2fa21cc840 libselinux: Only check SELinux enabled status once in selinux_check_access().
Move the SELinux enabled check to the once handler so that we do
not perform this on each call to selinux_check_access().  Reduces
overhead in both the SELinux-enabled and the SELinux-disabled cases.

Extracted from the Android external/libselinux tree.

Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-02 14:09:06 -05:00
Steve Lawrence
f0c9966f88 Bump to final release 2015-02-02 09:38:10 -05:00
Stephen Smalley
37b7248edc Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-21 14:01:15 -05:00
Dan Albert
c540479a36 Global C++11 compatibility.
Our build system compiles flex/bison as C++ rather than C, but a few
projects add `-x c` to their flags, forcing the compiler to compile
them as C. This causes the compiler to reject the global C++ standard
flag, so we need to explicitly provide a C standard flag to override
it.

Bug: 18466763
Change-Id: I49a6aeecf4abc563bd77127778b6d214e3851037
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-21 14:00:01 -05:00
Stephen Smalley
3f121151ca Update libsepol and checkpolicy ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20 16:24:10 -05:00
dcashman
ed7a6ba24a Allow libsepol C++ static library on device.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20 10:31:15 -05:00
Stephen Smalley
1d71622a37 Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-15 13:55:40 -05:00
John Brooks
acb2a9bede Tweak avtab hash table parameters for better performance
Using the Fedora 20 targeted policy, running check_assertions requires
an avtab with around 22 million elements. With the default limit of 4096
buckets, performance is abysmal: it takes more than an hour to populate
the hash. Profiling shows most of that time under avtab_search_node.

This patch increases the hash from 13 to 20 bits and to a maximum of
1048576 buckets. The time for check_assertions on that policy is reduced
to about 3 minutes, which is enough to re-enable those checks as part of
the build process.

A full size table will allocate 4-8 MB of memory, up from 16-32 KB. In a
cursory review, these tables are usually short-lived and only 1-3 are
allocated together. Compared to the cost of entries in this table (up to
1 GB using the same policy), this isn't a significant increase.

Signed-off-by: John Brooks <john.brooks@jolla.com>
2015-01-15 10:44:01 -05:00
John Brooks
798950e055 Use a better hash function for libsepol's avtab
This function, based on murmurhash3, has much better distribution than
the original. Using the current default of 4096 buckets, there are many
fewer collisions:

Before:
2893000 entries and 4096/4096 buckets used, longest chain length 1649
After:
2732000 entries and 4096/4096 buckets used, longest chain length 764

The difference becomes much more significant when buckets are increased.
A naive attempt to expand the current function to larger outputs doesn't
yield any significant improvement; so this function is a prerequisite
for increasing the bucket size.

Signed-off-by: John Brooks <john.brooks@jolla.com>
2015-01-15 10:44:01 -05:00
John Brooks
76ea9f8987 Build libsepol with -O2
libsepol contains performance sensitive code; in particular, compiler
optimizations save a few minutes off of the optimized policydb hash
tables.

Signed-off-by: John Brooks <john.brooks@jolla.com>
2015-01-15 10:44:01 -05:00
Dan Albert
b1bbd3030b Clear errno before call to strtol(3).
Since strtol(3) doesn't clear errno on success, anything that sets
errno prior to this call will make it look like the call failed. This
happens when built with ASAN.

Signed-off-by: Dan Albert <danalbert@google.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-12-11 08:29:34 -05:00
Steve Lawrence
823ebc8c6b Bump to release candidate 7 2014-12-03 10:06:26 -05:00
Steve Lawrence
5b9a172bf9 scripts: update release script to not output file name twice
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-12-03 10:06:26 -05:00
Steve Lawrence
80afe7b2ce Squashed 'libsepol/cil/' changes from 15b955e..08520e9
08520e9 Do not associate the object_r role with users
5c771ff Move symtab from cil_db to root ast node
c27cace Refactored cil_get_symtab()
a25af5a Fixed bug in copying an AST.
ca5e3f8 Fixed the source of two potential memory leaks when copying an AST.
2aef1b8 Fix bug when blockabstract statements failed to resolve

git-subtree-dir: libsepol/cil
git-subtree-split: 08520e91db86bdbb8ce393afa35c1465bdc7f63b
2014-12-03 10:05:59 -05:00
Steve Lawrence
72dc45bf54 Merge commit '80afe7b2ce0b06f93b6b3a07e58cab1aee8afc91' 2014-12-03 10:05:59 -05:00
Steve Lawrence
f21b2e138c libsemanage: ensure migrated files have the correct types
All files in /var/lib/selinux/ are now labeled the same as those in
/etc/selinux/<store>/modules/active, which in refpolicy is semanage_store_t.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-12-03 10:05:25 -05:00
Laurent Bigonville
b9abc5c6e7 Add "RuntimeDirectory=setrans" to the mcstrans.service
Add "RuntimeDirectory=setrans" to the mcstrans.service, this will make
systemd automatically create the /run/setrans directory before starting
the service.

This directory contains the ".setrans-unix" socket created by the
daemon.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-12-03 10:05:25 -05:00
Steve Lawrence
b817a523c4 libsemanage: close hll file descriptors
Stops leaking of file descriptors to things like load_policy and
setfiles.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-12-03 10:05:24 -05:00
Stephen Smalley
678ec5df79 Fix expand logic for policy versions older than 24.
This was broken for older policy versions when we updated to
version 24.

Broken by commit 787f2f00f5d8ed6f5f.

Change-Id: I4063334c5c0462ef5c3706611c7dff5c60c612aa
Reported-by: William Roberts <bill.c.roberts@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-12-03 09:49:22 -05:00
Stephen Smalley
9da070f700 libsepol: Report all neverallow violations.
Switch libsepol check_assertions() from only reporting the first violation
to reporting them all.

Change-Id: I45b3502ff96b1d093574e1fecff93a582f8d00bd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-12-03 09:49:13 -05:00
Jason Zaman
877acdb31f semanage_migrate_store: Python3 support
Mainly used the 2to3 conversion tool. Also added in a __future__
import so that the script continues to work on Python 2.

Tested on 2.7, 3.3, 3.4. Should work on 2.6 too but untested.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-11-20 09:59:11 -05:00
Steve Lawrence
7a09af2123 policycoreutils: pp: add roletype statements for both declared and required type/typeattributes
Currently, roletype statements are only added for types when they are
declared (not required). This means that in policy like:

  require {
    type foo_t;
  }
  type bar_t;
  role staff_r types foo_t, bar_t;

only bar_t is associated with staff_r. This patch moves the code that
generates roletype statements for types to outside the SCOPE_DECL check
so that roletype statements are generated for all types, regardless of
the required/declared scope. It further moves the code outside of the
type/typeattribute flavor check so that roletype statements are also
generated for typeattributes.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Tested-by: Jason Zaman <jason@perfinion.com>
2014-11-19 14:25:33 -05:00