Commit Graph

1552 Commits

Author SHA1 Message Date
Nicolas Iooss
1e979a7a36 libsemanage: tests: do not overwrite CFLAGS and LDFLAGS
libsemanage/tests/Makefile currently overwrites CFLAGS and LDFLAGS
contents.  This makes building with custom flags (e.g. with address
sanitizer) harder.  Append flags to these variables instead.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:43:20 -05:00
Nicolas Iooss
061c4fcbd4 policycoreutils: sepolicy: do not overwrite CFLAGS
sepolicy Makefile overwrites CFLAGS value, which prevents compiling its
Python module with custom compilation flags.  Modify it to append flags
to CFLAGS instead, like other policycoreutils programs do.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:42:45 -05:00
Nicolas Iooss
168f653d28 policycoreutils: sepolicy: rename policy global variable
Variable policy is both a global variable and a parameter to some
functions in policycoreutils/sepolicy/search.c.  This makes the building
fail when using -Wshadow -Werror compilation flags.

Fix this by renaming the global variable global_policy.  This does not
change the API of the Python module.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:36:27 -05:00
Nicolas Iooss
5b6287fafc libsemanage: no longer use variables with unused attribute
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:34:51 -05:00
Nicolas Iooss
172ce53ffa libsepol: fix __attribute__((unused)) annotations
clang warns about variables which are used in a function body even
though they were marked __attribute__((unused)).  For example:

    interfaces.c:129:2: error: 'handle' was marked unused but was used
    [-Werror,-Wused-but-marked-unused]
            handle = NULL;
            ^
    interfaces.c:233:2: error: 'handle' was marked unused but was used
    [-Werror,-Wused-but-marked-unused]
            handle = NULL;
            ^

Remove these warnings either by removing meaningless assigments or by
removing the attribute.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:32:15 -05:00
Steve Lawrence
e97d3eca99 Update libsepol, libsemanage, policycoreutils, and sepolgen ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-01 09:05:47 -05:00
Nicolas Iooss
d1b49d833e policycoreutils: newrole: add missing defined in #if
When building newrole with gcc 5.3.0 and some warning flags, the
compiler reports:

  newrole.c:77:33: error: "NAMESPACE_PRIV" is not defined [-Werror=undef]
  #if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
                                  ^

Indeed, "defined" is missing here.  This nevertheless worked so far
because when NAMESPACE_PRIV was selected in the Makefile, newrole.c was
compiled with "-DNAMESPACE_PRIV", which defined NAMESPACE_PRIV to 1.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:54:30 -05:00
Nicolas Iooss
302443cbbb sepolgen: Support latest refpolicy interfaces
Some refpolicy interfaces use:

* "$" character in paths, for example in kernel/selinux.if:

    genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)

* empty members in ifelse statement, for example in system/init.if:

    ifelse(`$5',`',`',`
        ...
    ')

Modify sepolgen/refparser grammar accordingly.

This fixes the following syntax errors reported by sepolgen-ifgen:

    /usr/share/selinux/refpolicy/include/kernel/selinux.if: Syntax error
    on line 43 gen_context [type=GEN_CONTEXT]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 1416 ' [type=SQUOTE]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 1422 ' [type=SQUOTE]

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:54:30 -05:00
Nicolas Iooss
211baf74ef sepolgen: Make sepolgen-ifgen output deterministic with Python>=3.3
Since Python 3.3, dictionary hashes are randomized and iterating over
them is no longer deterministic.  This makes it difficult to compare
outputs of sepolgen-ifgen command.

Make sepolgen-ifgen deterministic again with Python>=3.3 by always
sorting the dictonaries and sets which are used to produce output.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:54:30 -05:00
Nicolas Iooss
033ea27c09 libsemanage: move modinfo_tmp definition before goto cleanup
In semanage_direct_set_module_info() and semanage_direct_list_all()
functions, when modinfo_tmp variable gets initialized, a branch to
"cleanup" label may have already been taken.  This leads to this
variable being possibly used uninitialized in these functions.

This is reported by clang:

    direct_api.c:2491:41: error: variable 'modinfo_tmp' may be
    uninitialized when used here [-Werror,-Wconditional-uninitialized]
            ret = semanage_module_info_destroy(sh, modinfo_tmp);
                                                   ^~~~~~~~~~~
    direct_api.c:2334:2: note: variable 'modinfo_tmp' is declared here
            semanage_module_info_t *modinfo_tmp = NULL;
            ^

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:25:13 -05:00
Nicolas Iooss
a11ce9dae5 libsemanage: initialize bools_modified variable.
In semanage_direct_commit() error path, bools_modified can be used in a
if statement without being initialized (when a "goto cleanup" is taken
early).  clang warns about this bug:

    direct_api.c:1441:18: error: variable 'bools_modified' may be
    uninitialized when used here [-Werror,-Wconditional-uninitialized]
            if (modified || bools_modified) {
                            ^~~~~~~~~~~~~~
    direct_api.c:1087:48: note: initialize the variable 'bools_modified'
    to silence this warning
                preserve_tunables_modified, bools_modified,
                                                          ^
                                                           = 0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:25:13 -05:00
Nicolas Iooss
1bfb1a4ffd libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
clang warns that __cil_permx_to_sepol_class_perms() return value, rc,
may be unitialized:

    ../cil/src/cil_binary.c:4188:9: error: variable 'rc' may be
    uninitialized when used here [-Werror,-Wconditional-uninitialized]
            return rc;
                   ^~
    ../cil/src/cil_binary.c:4148:8: note: initialize the variable 'rc'
    to silence this warning
            int rc;
                  ^
                   = 0

This theoretically happens when cil_expand_class(permx->obj) returns an
empty list.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:25:13 -05:00
Steve Lawrence
f7088b70af Update policycoreutils ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-12 08:48:12 -05:00
Lukas Vrabec
0fc39ca4f7 Added missing descriptions for --*-key params in secon man page.
Fixed secon help, merged descriptions for --current-* and --self-*
params.

Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
2016-01-12 08:39:14 -05:00
Lukas Vrabec
dd7a9363d9 Add description of missing newrole parameter -p in newrole man page.
Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
2016-01-12 08:39:14 -05:00
Steve Lawrence
3e558a7d1b secilc: update dependency information and man page creation
- Update libsepol dependency to 2.5
- Update Makefile to build the man page when just running 'make'

https://marc.info/?l=selinux&m=145220517200709&w=2

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-08 09:38:40 -05:00
Steve Lawrence
b3b5ede9ca Update ChangeLog and VERSION for release candidate
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-07 10:01:31 -05:00
Steve Lawrence
7526d1ad93 Update policycoreutils ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-07 10:01:01 -05:00
Petr Lautrbach
f590d37704 policycoreutils: semanage: list reserver_port_t
reserver_port_t was omitted in 'semanage port -l'. There seems to be no
reason for that nowadays therefore we can list it.

Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1225806

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-01-04 08:55:14 -05:00
Steve Lawrence
b3c1d4e425 Update libselinux and policycoreutils ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-17 09:14:05 -05:00
Laurent Bigonville
7d8f5ce9b8 policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing
Some teminal emulators (like the latest version of gnome-terminal) are
not setting entries in the utmp file, this leads getlogin() to return an
empty string.

Fallback to the name of the user running the chcat process.
2015-12-17 08:56:01 -05:00
Dan Walsh
f2a8ae9172 libselinux/man: Add information about thread specific on setfscreatecon
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-17 08:56:01 -05:00
Petr Lautrbach
554f75b4ee libselinux: Don't wrap rpm_execcon with DISABLE_RPM
a2737333 commit introduced a possibility to build libselinux without
rpm_execcon() when DISABLE_RPM is set. However, it didn't cover SWIG
bindings. With this commit the rpm_execcon() bindings are not created.

Fixes:
ImportError: /usr/lib64/python3.5/site-packages/selinux/_selinux.so: undefined symbol: rpm_execcon
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-17 08:56:01 -05:00
James Carter
59ed638c6d Updated secilc ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-12-16 09:51:38 -05:00
Yuli Khodorkovskiy
12c7dfc553 secilc/docs: Convert DocBook documentation into github markdown
Converting to github markdown allows for easier integration with the
SELinux project wiki and viewing of documentation directly on github without
creating PDFs or reading through DocBook XML.

The conversion of DocBook to github markdown would not format tables or
keyword links properly. By maintaining the documentation in github
markdown in the repository, the content is well formatted with a table of
contents when viewing in the github wiki or in the repository.

The migration from DocBook to github markdown was done using Pandoc and
manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook
conversion were added back. An introduction and design philosphy was
also pulled from the SELinux project wiki to provide more cohesion
to the current documentation.

Running make will now convert the github markdown into PDF and HTML.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 16:18:34 -05:00
James Carter
f02f2aee90 Updated libsepol ChangeLog
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-12-08 09:07:49 -05:00
Steve Lawrence
f610cac79a libsepol/cil: Validate extended avrules and permissionxs
Classes used in extended avrules and permissionxs must have an "ioctl"
permission. Add validation to ensure that is the case, or print an error
message otherwise.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-07 16:21:35 -05:00
James Carter
a2a3c6d03f Updated libsepol and secilc ChangeLogs
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-12-02 15:18:25 -05:00
Steve Lawrence
0013416550 secilc/docs: Add documentation for neverallowx rules
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-02 15:15:22 -05:00
Steve Lawrence
f5602f5ff9 libsepol/cil: Add support for neverallowx
Add a new statement, neverallowx, which has the same syntax as allowx:

  (neverallowx foo bar (ioctl file (range 0x2000 0x20FF)))
  (allowx foo bar (ioctl file (0x20A0))) ; this fails

Much of the changes just move functions around or split functions up to
ease the sharing of avrule and avrulex comparisons with neverallows.
This refactoring also modifies the avrule struct to include a union of
either class permission information for standard avrules or extended
permission information for extended avrules, also done to support
sharing code.

This also changes assertion.c and avtab.c to allow
check_assertion_avtab_match to work with extended avrules.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-02 15:15:03 -05:00
Steve Lawrence
b41468cd9d libsepol/cil: Remove duplicated 'if' condition in cil_tree
David Binderman wrote:
> Hello there,
>
> ./cil/src/cil_tree.c:1279:36: warning: duplicated 'if' condition [-Wduplicated-cond]
>
> Source code is
>
>             if (filecon->context_str != NULL) {
>                 cil_log(CIL_INFO, " %s", filecon->context_str);
>             } else if (filecon->context != NULL) {
>                 cil_tree_print_context(filecon->context);
>             } else if (filecon->context_str != NULL) {
>                 cil_log(CIL_INFO, " %s", filecon->context_str);
>             }
>
> Two mentions of filecon->context_str. Suggest code rework.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-01 15:40:28 -05:00
Stephen Smalley
36d164ca56 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-12-01 15:36:19 -05:00
Petr Lautrbach
fa438ddf50 policycoreutils: replace string.join() with str.join()
Fixes Python 3 error:
  AttributeError: module 'string' has no attribute 'join'

Based on a patch by Tomas Radej <tradej@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-01 15:33:36 -05:00
Petr Lautrbach
b300d3d43a policycoreutils: fix 'semanage permissive -l' subcommand
This reverts the commit 97d06737 which introduced a regression on '-l'
which started to require at least one argument and fixes the original
problem other way. A args.parser value is set now and handlePermissive
function uses it to print an usage message when args.type is not set.

Fixes: semanage permissive -l
  usage: semanage permissive [-h] (-a | -d | -l) [-n] [-N] [-S STORE]
                             type [type ...]
  semanage permissive: error: the following arguments are required: type

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-01 15:33:11 -05:00
Stephen Smalley
d257b02dde Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:38:14 -05:00
Richard Haines
46320aefc2 libselinux: Correct line count for property and service contexts files
When a line number is displayed for context errors they are
x2 the correct value, so reset line count for each pass.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Jeff Vander Stoep <jeffv@google.com>
2015-11-24 16:37:57 -05:00
Stephen Smalley
6c925600fa Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:36:44 -05:00
Richard Haines
0ca5562e97 libsepol: Fully expand neverallowxperm rules
Currently neverallowxperm rules will be resolved correctly when
building policy, however they are not detectable when using tools
such as an updated version of setools. This patch will allow
these to be viewed in the same way as neverallow rules are in a
text based kernel policy file (e.g. policy.conf).

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Jeff Vander Stoep <jeffv@google.com>
2015-11-24 16:36:07 -05:00
Stephen Smalley
4a1169a367 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:34:56 -05:00
Ville Skyttä
572fcef2ba libselinux, policycoreutils: Man page warning fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2015-11-24 16:32:13 -05:00
James Carter
e29d606f62 Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-20 13:29:30 -05:00
Miroslav Grepl
0f4620d611 policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level.
If "level" option is used to start sandbox commands, this level is not propagated
to specified  homedir and tmpdir directories. See rhbz #1279006.

Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
2015-11-20 13:14:10 -05:00
James Carter
50c349df8f Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-19 16:19:33 -05:00
Petr Lautrbach
97d067376a policycoreutils: Require at least one argument for 'semanage permissive -d'
Fixes: python ./semanage permissive -d
Traceback (most recent call last):
  File "./semanage", line 925, in <module>
    do_parser()
  File "./semanage", line 904, in do_parser
    args.func(args)
  File "./semanage", line 708, in handlePermissive
    OBJECT.delete(args.type)
  File "/selinux.git/policycoreutils/semanage/seobject.py", line 479, in delete
    for n in name.split():
AttributeError: 'NoneType' object has no attribute 'split'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-19 16:17:59 -05:00
Petr Lautrbach
8922ff887f policycoreutils: improve sepolicy command line interface
Previously, when sepolicy was run without any argument, the usage message
with the error "too few arguments" was shown. Using Python 3 it threw a traceback.
This patch unifies behavior on Py2 and Py3 so that sepolicy shows the help
message in this case.

Fixes:
Traceback (most recent call last):
  File "/usr/bin/sepolicy", line 647, in <module>
    args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-19 16:17:51 -05:00
James Carter
b6e70257bd Updated sepolgen ChangeLog
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-19 16:17:05 -05:00
Petr Lautrbach
5f2aca2418 sepolgen: Use key function in sort()
In Py3.0, the cmp parameter in sort() function was removed and key keyword is
available since Py2.4.

Fixes: # cat avc.log | audit2allow -R
Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 363, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 351, in main
    self.__output()
  File "/usr/bin/audit2allow", line 308, in __output
    g.set_gen_refpol(ifs, perm_maps)
  File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 101, in set_gen_refpol
    self.ifgen = InterfaceGenerator(if_set, perm_maps)
  File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 353, in __init__
    self.hack_check_ifs(ifs)
  File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 365, in hack_check_ifs
    params.sort(param_comp)
TypeError: must use keyword argument for key function

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-13 10:32:07 -05:00
James Carter
80f5957a84 Updated libsepol ChangeLog
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-13 10:14:37 -05:00
Yuli Khodorkovskiy
71dd7b7133 secilc: Add support for unordered classes
Resolves https://github.com/SELinuxProject/cil/issues/3

An 'unordered' keyword provides the ability to append classes to the current
list of ordered classes. This allows users to not need knowledge of existing
classes when creating a class and fixes dependencies on classes when removing a
module. This enables userspace object managers with custom objects to be
modularized.

If a class is declared in both an unordered and ordered statement, then the
ordered statement will supercede the unordered declaration.

Example usage:

    ; Appends new_class to the existing list of classes
    (class new_class ())
    (classorder (unordered new_class))

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-10 13:26:52 -05:00
Stephen Smalley
8dc4c05b79 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-28 08:58:17 -04:00