The newc variable is calloc'd and assigned to a new
owner during a loop. After the first assignment of newc
to newgenfs->head, the subsequent iteration could fail
before the newc is reseated with a new heap allocation
pointer. When the subsequent iteration fails, the
newc variable is freed. Later, an attempt it made to
free the same pointer assigned to newgenfs->head.
To correct this, clear newc after every loop iteration.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
When count is 0 and the highbit is not zero, the ebitmap is not
valid and the internal node is not allocated. This causes issues
when routines, like mls_context_isvalid() attempt to use the
ebitmap_for_each_bit() and ebitmap_node_get_bit() as they assume
a highbit > 0 will have a node allocated.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
In type_set_expand:
When nprim, the table index counter, is greater than the value of initizalized
entries in the type_val_to_struct[] array, detect this as invalid
and return an error.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
For modify action actually audit the selinux type, i.e. use setype
variable.
For deleting equal fcontext rules do not audit ftype, as the ftype value
for equal rules makes little sense.
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
In case serange is empty, but the record is beeing modified
(setype was supplied), use default "s0" range. With the original
code the audit event would be printed with no range (i.e.
"system_u:object_r:ssh_port_t:")
Note that default "s0" is currently used in other places
of seobject.py.
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
This patch removes proto_to_audit dictionary and uses
standard socket.getprotobyname(protocol) to resolve
protocol number from given protocol name.
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
Modify restorecond to make use of the libselinux selinux_restorecon*
set of functions. Also removed obsolete matchpathcon* functions.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Modify setfiles and restorecon to make use of the libselinux
selinux_restorecon* set of functions.
The output from these commands should be much the same as before
with some minor wording changes, the only exceptions being that for
setfiles(8) and restorecon(8) the following options have been added:
1) -I to ignore checking the directory digests.
2) -m to ignore reading /proc/mounts.
These additional options are described in the updated man pages.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Add additional error handling, flags, xdev handling, alt_rootpath and
add/remove non-seclabel fs's to support setfiles(8), restorecon(8)
and restorecond(8) functionality.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This patch adds inode evaluation services from policycoreutiles/setfiles
to selinux_restorecon.c
The overall objective is to modify restorecon(8) and setfiles(8)
to use selinux_restorecon(3) services.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
The modify actions of security context mappings for
interface and node actully called add action.
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
The tcp/udp protocol numbers were accidentaly swapped in
the original patch 'semanage: add auditing of changes in records'.
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
-n was not being passed down to restorecon properly in the code path
for -C and -N
Patch-by: Dan Callaghan <dcallagh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
ebitmap_set_bit() can possible allocate nodes, however, the bail early
style of type_set_expand() could leave internal ebitmaps allocated
but not free'd.
Modify type_set_expand() so that it free's all allocated ebitmaps
before returning the error code to the calling routine.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
AFL Found this bug:
==6523== Invalid read of size 8
==6523== at 0x4166B4: type_set_expand (expand.c:2508)
==6523== by 0x43A0B8: policydb_role_cache (policydb.c:790)
==6523== by 0x41CD70: hashtab_map (hashtab.c:235)
==6523== by 0x43AC9E: policydb_index_others (policydb.c:1103)
==6523== by 0x441B14: policydb_read (policydb.c:3888)
==6523== by 0x442A1F: sepol_policydb_read (policydb_public.c:174)
==6523== by 0x407ED4: init (check_seapp.c:885)
==6523== by 0x408D97: main (check_seapp.c:1231)
This occurs when the type_val_to_struct[] mapping array
doesn't contain the type indicated in the ebitmap.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
get_rpm_nvr_list can fail to get the version of selinux-policy rpm
package, which leads to error during spec file creation (attempt to
invoke __getitem__ of "None" object).
This patch sets the policy number to "0.0.0" in case rpm failed to
get it. This change should be safe because it affects only an example
of spec file.
Variable "POLICYCOREUTILSVER" was removed (unused).
fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1321499
Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
File "/bin/selinux-polgengui", line 360, in forward
self.generate_policy()
File "/bin/selinux-polgengui", line 506, in generate_policy
self.info(my_policy.generate(outputdir))
File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1382, in generate
out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1228, in write_spec
fd.write(self.generate_spec())
File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1190, in generate_spec
selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
TypeError: 'NoneType' object has no attribute '__getitem__'
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
The commit 7574a50f tried to improve compatibility with Python 3. It changed
the code to use subprocess.getstatusoutput() instead of
commands.getstatusoutput(). Unfortunately subprocess.getstatusoutput() is not
available in Python 2. This patch changes how getstatusoutput() is imported so
the code works on Python 2 and Python 3.
Fixes:
$ chcat -d something
Traceback (most recent call last):
File "/usr/bin/chcat", line 432, in <module>
sys.exit(chcat_replace(["s0"], cmds, login_ind))
File "/usr/bin/chcat", line 271, in chcat_replace
rc = subprocess.getstatusoutput(cmd)
AttributeError: 'module' object has no attribute 'getstatusoutput'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Common Criteria requirement FMT_MSA.1 needs any configuration change
that affect enforcement of policy to be audited. This patch adds
auditing of changes in security context mappings for network ports,
interfaces, nodes and file contexts.
A new function log_change is introduced that audits additions,
modification and removal of the mappings via the USER_MAC_CONFIG_CHANGE
audit event.
The format of the audit events was discussed with the audit userspace
maintainer.
This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=829175
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
Use assertNotEqual() and assertEqual() instead of assert_().
Convert print statements to print functions.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
https://bugs.python.org/issue16308
Traceback (most recent call last):
File "semanage", line 932, in <module>
do_parser()
File "semanage", line 911, in do_parser
args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Install gettext the same way everywhere and have fallbacks to use
str/unicode depending on python version.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
instead of from sepolicy import foo. Makes it easier to grep for
consumers that still need to be fixed.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2to3 wanted to wrap all the .keys() calls in list() but doing sorted()
directly is better.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
map and filter were turned into list comprehensions.
This was done using python's 2to3 utility.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Correct errors like these reported by gcc:
module_to_cil.c: In function ‘block_to_cil’:
module_to_cil.c:229:20: error: ‘attr_list’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
struct list_node *curr = (*attr_list)->head;
Usages of attr_list_destroy() were called when list_init()
fails.
stack_init() and stack_destroy() also suffered from the
aforementioned issue.
To correct the issue, initialize stack and list variables to
NULL.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Users are confused that this option is not documented or that
'semodule -q' doesn't show:
semodule: invalid option -- 'q'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
If a policy module package has been created with a policy that contains
a permission and then is used on a system without that permission CIL
will fail with an error when it cannot resolve the permission.
This will prevent the installation on policy and the user will not
know that the policy has not been installed.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Commit 77779d2ca, which added support for userattributes in CIL,
accidentally removed code that ignored object_r when adding userrole
mappings to the policydb. This meant that running commands like
`semanage user -l` would incorrectly show object_r. This patch adds that
code back in. Note that CIL requires that these mappings exist to
properly validate file contexts, so pp2cil's behavior of creating these
mappings is not modified.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>