Commit Graph

2516 Commits

Author SHA1 Message Date
Vit Mojzis
e5f312667b
python/sepolicy: Update to work with setools-4.2.0
Change in internal setools API causes sepolicy to crash when processing
AVRules.

    File "python/sepolicy/sepolicy/__init__.py", line 277, in _setools_rule_to_dict
        if isinstance(rule, setools.policyrep.terule.AVRule):
    AttributeError: module 'setools.policyrep' has no attribute 'terule'

See https://github.com/SELinuxProject/setools/issues/8 for more details.

Stop using internal setools API:

- use AttributeError instead of setools specific exceptions
- evaluate conditional expressions using conditional.evaluate() instead
of qpol_symbol.is_enabled()

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-09-25 21:30:15 +02:00
Nick Kralevich via Selinux
2896967775 secilc: better error handling
Fix a situation where the secilc command line tool could return success
even though the compilation failed.

  $ secilc /dev/null -o /dev/null -f /dev/null
  Failure reading file: /dev/null
  $ echo $?
  0

Signed-off-by: Nick Kralevich <nnk@google.com>
2018-09-25 08:05:41 -07:00
Nick Kralevich via Selinux
0a71c5f3eb whitespace and spelling cleanup
Signed-off-by: Nick Kralevich <nnk@google.com>
2018-09-25 08:05:41 -07:00
Nick Kralevich via Selinux
854fdc1ac4 checkpolicy: remove extraneous policy build noise
Reduce noise when calling the checkpolicy command line. In Android, this
creates unnecessary build noise which we'd like to avoid.

https://en.wikipedia.org/wiki/Unix_philosophy

  Rule of Silence
  Developers should design programs so that they do not print
  unnecessary output. This rule aims to allow other programs
  and developers to pick out the information they need from a
  program's output without having to parse verbosity.

An alternative approach would be to add a -s (silent) option to these
tools, or to have the Android build system redirect stdout to /dev/null.

Signed-off-by: Nick Kralevich <nnk@google.com>
2018-09-21 12:51:36 -07:00
liwugang
98a951fa76
checkpolicy: check the result value of hashtable_search
Signed-off-by: liwugang <liwugang@xiaomi.com>
2018-09-19 20:43:39 +02:00
Nicolas Iooss
c5389c7c45
semanage: add a missing space in ibendport help
Currently, in:

    # semanage ibendport --help
    usage: semanage ibendport [-h] [-n] [-N] [-s STORE] [ --add -t TYPE
    -z IBDEV_NAME -r RANGE ( port ) | --delete -z IBDEV_NAME -r RANGE(
    port ) | --deleteall  | --extract  | --list -C | --modify -t TYPE -z
    IBDEV_NAME -r RANGE ( port ) ]

... a space is missing between "RANGE" and "( port )" in the usage of
--delete. Add it by splitting the string correctly in the usage line
definition.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-09-09 21:35:51 +02:00
Nicolas Iooss
7dd66ea49a
semanage: "semanage user" does not use -s, fix documentation
Both "semanage user --help" and "man 8 semanage-user" state that
"semanage user" accepts option -s, but this is incorrect: -s is not
needed to specify the SELinux user on the command line, contrary to
"semanage login" for example. Fix the documention.

While at it, remove many spaces from the helptext of option --roles. I
do not know where they came from, but they were reduced to a single
space when displayed anyway.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-09-09 21:35:44 +02:00
Nicolas Iooss
b573f65238
libsemanage: use previous seuser when getting the previous name
I missed this bug in commit 9ec0ea143ab5 ("libsemanage: use previous
seuser when getting the previous name").

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-09-05 22:07:37 +02:00
Vit Mojzis
343442e99b
libsemanage: Include user name in ROLE_REMOVE audit events
Use "previous" user name when no new user is available in
semanage_seuser_audit. Otherwise "id=0" is logged instead of
"acct=user_name" ("id=0" is hard coded value).

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1622045
2018-09-05 21:46:51 +02:00
Hollis Blanchard
70b9658d8c
Fix build break around __atomic_*() with GCC<4.7
The __atomic_* GCC primitives were introduced in GCC 4.7, but Red Hat
Enterprise Linux 6.x (for example) provides GCC 4.4. Tweak the current code to
use the (most conservative) __sync_synchronize() primitive provided by those
older GCC versions.

Fixes https://github.com/SELinuxProject/selinux/issues/97

(Really, no __atomic or __sync operations are needed here at all, since POSIX
4.12 "Memory Synchronization" says pthread_mutex_lock() and
pthread_mutex_unlock() "synchronize memory with respect to other threads"...)
2018-08-22 22:56:08 +02:00
Vit Mojzis
220a51b921
libsemanage: reset umask before creating directories
Restrictive umask may cause creating directories with with unintended
access mode. Reset umask before creating directories to avoid this
issue.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186422

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-08-22 07:46:12 +02:00
Nicolas Iooss
6f01778406
python: remove semicolon from end of lines
Python does not need to end a statement with a semicolon. Doing this
gets reported by linters such as flake8 ("E703 statement ends with a
semicolon").

Remove such semicolons in the code and enable this warning in
scripts/run-flake8.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 17:55:19 +02:00
Nicolas Iooss
b5e2da2654
Travis-CI: upgrade to Ubuntu 16.04 LTS Xenial Xerus
Ubuntu 14.04 uses SWIG 2.0.11 which produces Python files which contain
lines ending with a semicolon:

    __del__ = lambda self : None;

Ubuntu 16.04 uses SWIG 3.0.8, which does not put a semicolon. Moreover
Travis CI only support Python 3.7 with Ubuntu 16.04. The reason for this
is clearly stated on
https://docs.travis-ci.com/user/languages/python/#development-releases-support :

    Recent Python branches require OpenSSL 1.0.2+. As this library is
    not available for Trusty, 3.7, 3.7-dev, 3.8-dev, and nightly do not
    work (or use outdated archive).

Enabling Python 3.7 in Travis CI build matrix is therefore another
reason to upgrade .travis.yml to Ubuntu 16.04. As this new template does
not support Python 3.4 nor 3.5, and does not support PyPy2.7 yet, drop
them from the build matrix.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 17:55:17 +02:00
Nicolas Iooss
70c06e38be
libselinux: add a const to suppress a build warning with Python 3.7
On systems using Python 3.7, when compiling libselinux Python wrappers
(with "make install-pywrap"), the following warning is reported by gcc:

    audit2why.c: In function ‘analyze’:
    audit2why.c:364:11: warning: assignment discards ‘const’ qualifier
    from pointer target type [-Wdiscarded-qualifiers]
       permstr = _PyUnicode_AsString( strObj );
               ^

Make permstr "const char *" in order to suppress this warning.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 17:55:13 +02:00
Nicolas Iooss
92024b1544
libsemanage: make pywrap-test.py compatible with Python 3
This program can be useful in order to test the Python API of
libsemanage. Make it usable in Python 3 using 2to3 and some tweaks.

While at it, fix warnings reported by flake8 linter.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 15:18:27 +02:00
Nicolas Iooss
fea7eecee4
libsemanage: reindent pywrap-test.py with spaces
Only use spaces to indent Python code. This reduces the number of
warnings reported by Python linters.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 15:18:26 +02:00
Nicolas Iooss
41764b73a7
Travis-CI: run flake8 on Python code
flake8 is a Python linter which is able to detect issues in Python code
(syntax errors, undefined variables, etc.). It has been used to find
bugs in the project. In order to prevent the introduction of new bugs
which can be detected by it, add a script which runs it and use it in
Travis-CI.

flake8 can be used to detect code which is not written according to PEP8
style guide (which forbids whitespaces in some places, enforces the use
of space-indenting, specifies how many blank lines are used between
functions, etc.). As SELinux code does not follow this style guide,
scripts/run-flake8 disables many warnings related to this when running
the linter.

In order to silence flake8 warnings, the Python code can also be
modified. However fixing every "do not use bare 'except'" in the project
needs to be done carefully and takes much time.
This is why the warnings which are disabled have been ordered in three
lists:
* The warnings which can be activated in a not-so-distant future after
  the code has been modified.
* The warnings related to PEP8 which cannot be activated without a major
  cleaning work of the codebase (for example to modify white spaces)
* The warnings which are introduced by code generated by SWIG 3.0.12,
  which would require patches in SWIG in order to be activated (there
  is right now only one such warning).

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-18 12:00:24 +02:00
Nicolas Iooss
fa671f434e
python/sepolicy: add missing % in network tab help text
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 23:00:08 +02:00
Nicolas Iooss
6ea7f067c8
python/sepolicy: do not import types
This module is not used and its name conflicts with variable "types".

This issue has been found using flake8. This Python linter reported:

    python/sepolicy/sepolicy/generate.py:657:5: F811 redefinition of
    unused 'types' from line 31

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:10 +02:00
Nicolas Iooss
052a4fde73
python/sepolicy: do not import sepolicy.generate.DAEMON twice
This issue has been found using flake8. This Python linter reported:

    python/sepolicy/sepolicy.py:582:5: F811 redefinition of unused
    'DAEMON' from line 582

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:10 +02:00
Nicolas Iooss
a33528b0d2
python/sepolicy: use variables which exist in the gui.py
Some function used variables which were not defined when populating
self.cur_dict with an operation. Fix this, even though the old values do
not seem to be used.

This issue has been found using flake8. This Python linter reported:

    python/sepolicy/sepolicy/gui.py:2020:101: F821 undefined name 'oldsetype'
    python/sepolicy/sepolicy/gui.py:2020:122: F821 undefined name 'oldmls'
    python/sepolicy/sepolicy/gui.py:2020:142: F821 undefined name 'oldclass'
    python/sepolicy/sepolicy/gui.py:2050:133: F821 undefined name 'oldmls'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:10 +02:00
Nicolas Iooss
8fac024785
python/sepolicy: fix "procotol" misspelling
procotol -> protocol

This issue has been found using flake8. This Python linter reported:

    python/sepolicy/sepolicy/gui.py:2525:132: F821 undefined name 'procotol'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:09 +02:00
Nicolas Iooss
052dcf62fd
python/sepolgen: use self when accessing members in FilesystemUse
This silences the following flake8 errors:

    python/sepolgen/src/sepolgen/refpolicy.py:758:25: F821 undefined name 'XATTR'
    python/sepolgen/src/sepolgen/refpolicy.py:760:27: F821 undefined name 'TRANS'
    python/sepolgen/src/sepolgen/refpolicy.py:762:27: F821 undefined name 'TASK'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:09 +02:00
Nicolas Iooss
e6dd227272
python/sepolgen: remove buggy code
av_extract_params() may call __param_insert() with only 2 parameters
instead of 4, which has no chance to work fine. Moreover it uses "PERM",
which is undefined. As nobody complained about this code, it seems to be
dead, so remove it.

This issue has been found using flake8. This Python linter reported:

    python/sepolgen/src/sepolgen/interfaces.py:158:37: F821 undefined
    name 'PERM'

While at it, fix a typo in a comment.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:09 +02:00
Nicolas Iooss
20db6a5a73
python/sepolgen: silence linter warning about has_key
flake8 warns about using has_key():

    python/sepolgen/src/sepolgen/refparser.py:315:15: W601 .has_key() is
    deprecated, use 'in'

However "spt.has_key(id)" uses function SupportMacros.has_key(), which
is not the same as the "in" operator. Silence this warning by using "#
noqa".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:09 +02:00
Nicolas Iooss
3d3c51d607
python/sepolgen: fix refpolicy parsing of "permissive"
p_permissive() uses an undefined variable t, which is buggy. In order to
ignore permissive statements, the function only needs to "pass".

flake8 reported the following error:

    python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
495c4c894a
python/sepolicy: use lowercase variable name
SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and
"selinux_label", which leads to using an undefined variable, as reported
by flake8:

    python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
1fb0c7790c
python/sepolicy: drop unused CheckPolicyType
CheckPolicyType class is not used in sepolicy and has been written from
an buggy copy-paste: "newval.append(v)" does not make any sense in
CheckPolicyType.__call__, as reported by flake8:

    python/sepolicy/sepolicy.py:190:13: F821 undefined name 'newval'
    python/sepolicy/sepolicy.py:190:27: F821 undefined name 'v'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
a0c167ed22
python/sepolgen: return NotImplemented instead of raising it
sepolgen uses "return NotImplemented" (in access.py and matching.py) in
order to make Python's sorting function use an other call to compare
objects. For this to work, "NotImplemented" needs to be returned, not
raised like _compare's default implementation does.

This issue has been found using flake8. This Python linter reported:

    python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise
    NotImplemented' should be 'raise NotImplementedError'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
03c708d28d
python/sepolgen: do not import twice the modules
util.py starts by importing "locale" and "sys", so there is no need to
import these modules again in the functions.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:07 +02:00
Nicolas Iooss
646bdeb939
libselinux: fix flake8 warnings in SWIG-generated code
flake8, a Python linter, complains:

    libselinux/src/selinux.py💯1: F401 'errno' imported but unused
    libselinux/src/selinux.py💯1: F401 'stat' imported but unused
    libselinux/src/selinux.py💯14: E401 multiple imports on one line
    libselinux/src/selinux.py:130:16: E111 indentation is not a multiple of four
    libselinux/src/selinux.py:130:45: E231 missing whitespace after ','

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:07 +02:00
Nicolas Iooss
f6e7613bd3
python/semanage: fix Python syntax of catching several exceptions
"except OSError, ImportError:" does not perform what it says: it is the
Python 2 syntax of catching OSError exceptions as "ImportError" (like
"except OSError, e:"), and this is indeed caught by Python3:

      File "./python/semanage/seobject.py", line 143
        except OSError, ImportError:
                      ^
    SyntaxError: invalid syntax

The correct syntax consists in using parentheses.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-06 22:06:48 +02:00
Vit Mojzis
b12e246739 python/semanage: Replace bare except with specific one
The corresponding except clause should only be used for
exceptions caused by audit module error or unavailability.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-07-14 18:00:25 +02:00
Vit Mojzis
cf8eed5431 python/semanage: Fix logger class definition
Test if audit module is enabled so that logger class is defined
correctly.

Fixes:
"semanage fcontext -l" fails with "OSError: Protocol not supported" when
booting with audit=0

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-07-14 17:59:56 +02:00
Nicolas Iooss
d0ca433e21
mcstrans: fix memory leaks reported by clang's static analyzer
There are many memory leaks in mcstrans. Clean them up in order to
reduce the noise in clang's static analyzer report. Some are remaining,
because they are more complex to fix.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:09:06 +02:00
Nicolas Iooss
f9a56ed765
Travis-CI: use new location of refpolicy repository
refpolicy moved from github.com/TresysTechnology to
github.com/SELinuxProject. It is still used in sepolgen tests (they
build modules using Makefile.devel and build.conf) so update the
location of the repository.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:08:57 +02:00
Nicolas Iooss
2b0fbebd50
restorecond: close the PID file if writing to it failed
write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
it fails to write the PID to it. Close the file before returning.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:08:27 +02:00
Yuri Chornoivan
f032946cf9 Fix minor typos
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2018-06-30 20:28:25 +02:00
Vit Mojzis
5e33a44c66 python/semanage: Stop logging loginRecords changes
semanage_seuser_modify_local and semanage_seuser_del_local already do
the logging.
Moreover, semanage log for loginRecords.__add was flawed since it
reported old-{seuser,role,range} of default user instead of None. This
was caused by selinux.getseuserbyname, which returns values for default
user when the specified username is not found.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1294663

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-06-26 09:53:16 -04:00
Jan Zarsky
42b4a44b74 python: add xperms support to audit2allow
Add support for extended permissions to audit2allow. Extend AuditParser
to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to
generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow
to turn on generating of extended permission AV rules.

AVCMessage parses the ioctlcmd field in AVC messages. AuditParser
converts the ioctlcmd values into generic representation of extended
permissions that is stored in access vectors.

Extended permissions are represented by operations (currently only
'ioctl') and values associated to the operations. Values (for example
'~{ 0x42 1234 23-34 }') are stored in the XpermSet class.

PolicyGenerator contains new method to turn on generating of xperms.
When turned on, for each access vector, standard AV rule and possibly
several xperm AV rules are generated. Xperm AV rules are represented by
the AVExtRule class.

With xperm generating turned off, PolicyGenerator provides comments
about extended permissions in certain situations. When the AVC message
contains the ioctlcmd field and the access would be allowed according to
the policy, PolicyGenerator warns about xperm rules being the possible
cause of the denial.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2018-06-16 10:36:14 +02:00
Jan Zarsky
474f9b08d4 python/sepolgen: fix access vector initialization
In access module, in AccessVector.__init__() method, when init_list is
not None, the access vector is initialized by from_list() method.
However, this method does not assign attributes self.audit_msgs,
self.type, and self.data. Fix this by assigning these attributes in
__init__() method.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2018-06-16 10:34:53 +02:00
Jan Zarsky
a98314d8c1 python/sepolgen: print all AV rules correctly
In refpolicy module, in AVRule.__rule_type_str() method, self.rule_type
was not checked for value self.NEVERALLOW so that string "neverallow"
was never returned. Fix this by checking all four possible values and
returning correct strings.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2018-06-16 10:34:53 +02:00
Nicolas Iooss
416900cb11 scripts: add a helper script to run clang's static analyzer
Using clang's static analyzer is as simple as running "scan-build make",
but in order to obtain clean and reproducible results, the build
environment has to be cleaned beforehand ("make clean distclean").

Moreover the project requires running "make install" before "make test"
in order to install the dependencies needed for the tests, and running
these tests with the newly-built libraries requires a specific
LD_LIBRARY_PATH. This new script takes care of setting up everything
which is needed.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:03:17 -04:00
Nicolas Iooss
45f0525b8e libsepol/cil: use a colon instead of a semicolon to report rc
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:03:04 -04:00
Nicolas Iooss
e303de242c libsepol/tests: fix use of unitialized variable
When write_binary_policy() fails to open the binary policy, it calls
sepol_handle_destroy(f.handle) but structure f has not been initialized
at this point. Use variable handle instead.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:02:42 -04:00
Nicolas Iooss
49a4963911 libsepol/tests: read_binary_policy() does not use f.handle
f.handle is never set in read_binary_policy() so there is no need to
call sepol_handle_destroy() on it. Moreover clang's static analyzer
warns about an uninitialized argument value in the first call.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:00:54 -04:00
Nicolas Iooss
819c605bfc policycoreutils/hll/pp: remove unused variable
pp's main() never set outfd to anything else than -1 so there is no
point in closing it.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Nicolas Iooss
b614069e66 policycoreutils/secon: free scon_trans before returning
disp_con() leaks scon_trans if it returns early.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Nicolas Iooss
0ed08c8ffe policycoreutils/secon: fix typo in comment
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Nicolas Iooss
91ef21e31f python/sepolgen: fix typo in PathChoooser name
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00