Commit Graph

1617 Commits

Author SHA1 Message Date
William Roberts
d13bff623b libsepol: bound attr_type_map access by nprim
Correct an invalid memory access when attr_type_map array
indexing is outside of bounds.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-17 09:56:25 -04:00
William Roberts
305986f58c genfs_read: fix use heap-use-after-free
The newc variable is calloc'd and assigned to a new
owner during a loop. After the first assignment of newc
to newgenfs->head, the subsequent iteration could fail
before the newc is reseated with a new heap allocation
pointer. When the subsequent iteration fails, the
newc variable is freed. Later, an attempt it made to
free the same pointer assigned to newgenfs->head.

To correct this, clear newc after every loop iteration.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-17 09:56:12 -04:00
William Roberts
33de30a284 ebitmap: detect invalid bitmap
When count is 0 and the highbit is not zero, the ebitmap is not
valid and the internal node is not allocated. This causes issues
when routines, like mls_context_isvalid() attempt to use the
ebitmap_for_each_bit() and ebitmap_node_get_bit() as they assume
a highbit > 0 will have a node allocated.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-17 09:55:57 -04:00
William Roberts
b612314bf3 libsepol: ensure key is valid before doing search
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-17 09:55:44 -04:00
William Roberts
8b4ad4fde5 libsepol: fix invalid access of NULL on type_val_to_struct
In type_set_expand:
When nprim, the table index counter, is greater than the value of initizalized
entries in the type_val_to_struct[] array, detect this as invalid
and return an error.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-17 09:55:31 -04:00
James Carter
58e0c3207f Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-15 14:22:39 -04:00
Miroslav Vadkerti
cc5b484c2b semanage: correct fcontext auditing
For modify action actually audit the selinux type, i.e. use setype
variable.

For deleting equal fcontext rules do not audit ftype, as the ftype value
for equal rules makes little sense.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-15 12:29:06 -04:00
Miroslav Vadkerti
7f34831c7b semanage: default to "s0" if serange empty for port modify
In case serange is empty, but the record is beeing modified
(setype was supplied), use default "s0" range. With the original
code the audit event would be printed with no range (i.e.
"system_u:object_r:ssh_port_t:")

Note that default "s0" is currently used in other places
of seobject.py.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-15 12:29:00 -04:00
Miroslav Vadkerti
e414249c4a semanage: use socket.getprotobyname for protocol
This patch removes proto_to_audit dictionary and uses
standard socket.getprotobyname(protocol) to resolve
protocol number from given protocol name.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-15 12:28:53 -04:00
James Carter
da3e2f51d9 Updated libselinux and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-11 14:38:52 -04:00
Richard Haines
e05312831b policycoreutils: restorecond - Modify to use selinux_restorecon
Modify restorecond to make use of the libselinux selinux_restorecon*
set of functions. Also removed obsolete matchpathcon* functions.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-08-11 14:34:02 -04:00
Richard Haines
602347c742 policycoreutils: setfiles - Modify to use selinux_restorecon
Modify setfiles and restorecon to make use of the libselinux
selinux_restorecon* set of functions.

The output from these commands should be much the same as before
with some minor wording changes, the only exceptions being that for
setfiles(8) and restorecon(8) the following options have been added:
1) -I to ignore checking the directory digests.
2) -m to ignore reading /proc/mounts.
These additional options are described in the updated man pages.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-08-11 14:33:58 -04:00
Richard Haines
f2e77865e1 libselinux: Add setfiles support to selinux_restorecon(3)
Add additional error handling, flags, xdev handling, alt_rootpath and
add/remove non-seclabel fs's to support setfiles(8), restorecon(8)
and restorecond(8) functionality.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-08-11 14:33:55 -04:00
Richard Haines
d4a46eec3f libselinux: Evaluate inodes in selinux_restorecon(3)
This patch adds inode evaluation services from policycoreutiles/setfiles
to selinux_restorecon.c

The overall objective is to modify restorecon(8) and setfiles(8)
to use selinux_restorecon(3) services.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-08-11 14:33:51 -04:00
Stephen Smalley
6fc26b0ec9 Updated policycoreutils ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-08-11 10:02:05 -04:00
Miroslav Vadkerti
8fef0902f0 semanage: fix modify action in node and interface
The modify actions of security context mappings for
interface and node actully called add action.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-11 10:01:18 -04:00
James Carter
3f524c60fe Updated libsemanage ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-10 10:29:16 -04:00
Petr Lautrbach
7d97c7bf00 libselinux/ChangeLog: Fix the author of the last libselinux change
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-10 10:20:16 -04:00
Miroslav Vadkerti
0b6f56e623 semanage: swap tcp and udp protocol numbers
The tcp/udp protocol numbers were accidentaly swapped in
the original patch 'semanage: add auditing of changes in records'.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-10 10:20:13 -04:00
James Carter
50d8a181e8 Updated libsepol and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-09 16:16:58 -04:00
Petr Lautrbach
e069f16f54 policycoreutils: 'fixfiles check' should not change anything
-n was not being passed down to restorecon properly in the code path
for -C and -N

Patch-by: Dan Callaghan <dcallagh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-09 15:55:26 -04:00
William Roberts
8e8a648e92 libsepol: fix memory leak in expand.c
ebitmap_set_bit() can possible allocate nodes, however, the bail early
style of type_set_expand() could leave internal ebitmaps allocated
but not free'd.

Modify type_set_expand() so that it free's all allocated ebitmaps
before returning the error code to the calling routine.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-09 15:55:22 -04:00
William Roberts
6e7d04ac0b libsepol: fix invalid read when policy file is corrupt
AFL Found this bug:
==6523== Invalid read of size 8
==6523==    at 0x4166B4: type_set_expand (expand.c:2508)
==6523==    by 0x43A0B8: policydb_role_cache (policydb.c:790)
==6523==    by 0x41CD70: hashtab_map (hashtab.c:235)
==6523==    by 0x43AC9E: policydb_index_others (policydb.c:1103)
==6523==    by 0x441B14: policydb_read (policydb.c:3888)
==6523==    by 0x442A1F: sepol_policydb_read (policydb_public.c:174)
==6523==    by 0x407ED4: init (check_seapp.c:885)
==6523==    by 0x408D97: main (check_seapp.c:1231)

This occurs when the type_val_to_struct[] mapping array
doesn't contain the type indicated in the ebitmap.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-09 15:55:15 -04:00
Vit Mojzis
671f83b42b policycoreutils/sepolicy: Check get_rpm_nvr_list() return value
get_rpm_nvr_list can fail to get the version of selinux-policy rpm
package, which leads to error during spec file creation (attempt to
invoke __getitem__ of "None" object).

This patch sets the policy number to "0.0.0" in case rpm failed to
get it. This change should be safe because it affects only an example
of spec file.

Variable "POLICYCOREUTILSVER" was removed (unused).

fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1321499

Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
  File "/bin/selinux-polgengui", line 360, in forward
    self.generate_policy()
  File "/bin/selinux-polgengui", line 506, in generate_policy
    self.info(my_policy.generate(outputdir))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1382, in generate
    out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1228, in write_spec
    fd.write(self.generate_spec())
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1190, in generate_spec
    selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
  TypeError: 'NoneType' object has no attribute '__getitem__'

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2016-08-09 15:55:08 -04:00
Petr Lautrbach
2e60a2c80e policycoreutils: Don't use subprocess.getstatusoutput() in Python 2 code
The commit 7574a50f tried to improve compatibility with Python 3. It changed
the code to use subprocess.getstatusoutput() instead of
commands.getstatusoutput(). Unfortunately subprocess.getstatusoutput() is not
available in Python 2. This patch changes how getstatusoutput() is imported so
the code works on Python 2 and Python 3.

Fixes:
$ chcat -d something
Traceback (most recent call last):
  File "/usr/bin/chcat", line 432, in <module>
    sys.exit(chcat_replace(["s0"], cmds, login_ind))
  File "/usr/bin/chcat", line 271, in chcat_replace
    rc = subprocess.getstatusoutput(cmd)
AttributeError: 'module' object has no attribute 'getstatusoutput'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-09 15:55:02 -04:00
Miroslav Vadkerti
4c5b8a9568 semanage: add auditing of changes in records
Common Criteria requirement FMT_MSA.1 needs any configuration change
that affect enforcement of policy to be audited. This patch adds
auditing of changes in security context mappings for network ports,
interfaces, nodes and file contexts.

A new function log_change is introduced that audits additions,
modification and removal of the mappings via the USER_MAC_CONFIG_CHANGE
audit event.

The format of the audit events was discussed with the audit userspace
maintainer.

This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=829175

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2016-08-09 15:54:57 -04:00
James Carter
59b645c050 Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-08 15:56:46 -04:00
James Carter
b190e6e37d sepolicy: Add python3 support to test_sepolicy.py
Use assertNotEqual() and assertEqual() instead of assert_().
Convert print statements to print functions.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-08 15:50:18 -04:00
Jason Zaman
d2424c6c98 semanage: Print usage when no args
https://bugs.python.org/issue16308

Traceback (most recent call last):
  File "semanage", line 932, in <module>
    do_parser()
  File "semanage", line 911, in do_parser
    args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
05d1cead3d policycoreutils/gui: py3 support for modules that changed name
StringIO moved to io and commands moved to subprocess

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
4d340e467a policycoreutils/gui: update to python3
print functions
exceptions, e => as e
keys.sort() => sorted(d.keys())

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
af59544e5f policycoreutils: gettext compat for py2 and 3
Install gettext the same way everywhere and have fallbacks to use
str/unicode depending on python version.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b43991f913 policycoreutils: import sepolicy directly
instead of from sepolicy import foo. Makes it easier to grep for
consumers that still need to be fixed.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
7f956419c2 sepolicy: dont alias sepolicy.search and sepolicy.info
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
f300803045 sepolicy: update exceptions and print for python3
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b87db86f79 sepolicy: C Module init for python3
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
356a6e2566 sepolicy: Add python3 PyInt and PyString defs
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
925bb39ba2 semanage: misc style issues
Unused imports
== None should be is None

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
35d44f17af seobject: use sorted() instead of .sort()
2to3 wanted to wrap all the .keys() calls in list() but doing sorted()
directly is better.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b51c39499b semanage: py3 support for print function and map/filter
map and filter were turned into list comprehensions.
This was done using python's 2to3 utility.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Steve Lawrence
4209c00afe Update libsepol ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-05 07:37:08 -04:00
William Roberts
ca3ec93ad0 module_to_cil: fix possible use of uninitialized value
Correct errors like these reported by gcc:

module_to_cil.c: In function ‘block_to_cil’:
module_to_cil.c:229:20: error: ‘attr_list’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  struct list_node *curr = (*attr_list)->head;

Usages of attr_list_destroy() were called when list_init()
fails.

stack_init() and stack_destroy() also suffered from the
aforementioned issue.

To correct the issue, initialize stack and list variables to
NULL.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-08-05 07:36:24 -04:00
Steve Lawrence
6dc34b2b6f Update libselinux ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-04 08:56:52 -04:00
Laurent Bigonville
46c4f3a716 libselinux/utils/Makefile: Fix in tree compilation
Some tools need the sepol/sepol.h header
2016-08-04 08:54:15 -04:00
Steve Lawrence
af7aa0b9ad Update policycoreutils ChangeLog.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-04 08:43:39 -04:00
Petr Lautrbach
62a2a94419 policycoreutils: semodule - remove 'q' from getopt string
Users are confused that this option is not documented or that
'semodule -q' doesn't show:

semodule: invalid option -- 'q'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-04 08:42:15 -04:00
Stephen Smalley
a736d9d070 Updated libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-28 10:52:34 -04:00
James Carter
46e157b470 libsepol/cil: Warn instead of fail if permission is not resolve
If a policy module package has been created with a policy that contains
a permission and then is used on a system without that permission CIL
will fail with an error when it cannot resolve the permission.

This will prevent the installation on policy and the user will not
know that the policy has not been installed.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-07-28 10:51:38 -04:00
James Carter
d5396d8312 Updated libsepol ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-07-26 13:43:18 -04:00
Steve Lawrence
7a137eb75f libsepol/cil: Ignore object_r in userrole mappings when creating policy binary
Commit 77779d2ca, which added support for userattributes in CIL,
accidentally removed code that ignored object_r when adding userrole
mappings to the policydb. This meant that running commands like
`semanage user -l` would incorrectly show object_r. This patch adds that
code back in. Note that CIL requires that these mappings exist to
properly validate file contexts, so pp2cil's behavior of creating these
mappings is not modified.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-07-26 13:41:43 -04:00