Commit Graph

2716 Commits

Author SHA1 Message Date
Stephen Smalley
f8c110c8a6 libsepol,checkpolicy: remove use of hardcoded security class values
libsepol carried its own (outdated) copy of flask.h with the generated
security class and initial SID values for use by the policy
compiler and the forked copy of the security server code
leveraged by tools such as audit2why.  Convert libsepol and
checkpolicy entirely to looking up class values from the policy,
remove the SECCLASS_* definitions from its flask.h header, and move
the header with its remaining initial SID definitions private to
libsepol.  While we are here, fix the sepol_compute_sid() logic to
properly support features long since added to the policy and kernel,
although there are no users of it other than checkpolicy -d (debug)
and it is not exported to users of the shared library.  There
are still some residual differences between the kernel logic and
libsepol.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2020-03-12 07:50:55 +01:00
Daniel Burgener
62a91d7d71 checkpolicy: Add --werror flag to checkmodule and checkpolicy to treat warnings as errors.
When the lexer encounters an unexpected character in a policy source file, it prints a warning, discards the character and moves on.  In some build environments, these characters could be a symptom of an earlier problem, such as unintended results of expansion of preprocessor macros, and the ability to have the compiler halt on such issues would be helpful for diagnosis.

Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-03-11 14:39:39 -04:00
Ondrej Mosnacek
692716fc5f libsepol/cil: raise default attrs_expand_size to 2
The value attrs_expand_size == 1 removes all empty attributes, but it
also makes sense to expand all attributes that have only one type. This
removes some redundant rules (there is sometimes the same rule for the
type and the attribute) and reduces the number of attributes that the
kernel has to go through when looking up rules.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2020-03-11 14:26:48 -04:00
Daniel Burgener
42b13ba15a checkpolicy: Treat invalid characters as an error
Previously the behavior was to warn, discard the character and proceed.
Now the build will halt upon encountering an unexpected character.

Signed-off-by: Daniel Burgener <dburgener@linux.microsoft.com>
Acked-by: James Carter <jwcart2@gmail.com>
2020-03-11 14:14:03 -04:00
James Carter
879d222c4f libsepol/cil: Do not check flavor when checking for duplicate parameters
A parameter of a macro was only considered to be a duplicate if it
matched both the name and flavor of another parameter. While it is
true that CIL is able to differentiate between those two parameters,
there is no reason to use the same name for two macro parameters and
it is better to return an error for what is probably an error.

Remove the check of the flavors when checking for duplicate parameters.

Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-03-11 12:28:18 +01:00
James Carter
04c42b9d70 libsepol/cil: Check if name is a macro parameter first
Type transition file names are stored in a symbol table. Before the
name is added, the symbol table is searched to see if the name had
already been inserted. If it has, then the already existing datum is
returned. If it has not, then the name is added if either the
typetransition rule does not occur in a macro or the name is not one
of the macro parameters.

Checking for a previous insertion before checking if the name is a
macro parameter can cause a macro parameter to be treated as the
actual name if a previous type transition file name is the same as
the parameter.

Now check the name to see if it a macro paramter before checking for
its existence in the symbol table.

Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-03-11 12:28:18 +01:00
Ondrej Mosnacek
9fe58752e8 Revert "libsepol: cache ebitmap cardinality value"
This reverts commit 542e878690.

After 6968ea9775 ("libsepol: make ebitmap_cardinality() of linear
complexity"), the caching only saves ~0.06 % of total semodule -BN
running time (on x86_64 without using the POPCNT instruction), so it's
no longer worth the added complexity.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-03-09 08:39:51 -04:00
William Roberts
fc093ad757 libselinux: drop symbols from map
Previously, libselinux was exporting the following symbols:
  - dir_xattr_list;
  - map_class;
  - map_decision;
  - map_perm;
  - myprintf_compat;
  - unmap_class;
  - unmap_perm;

However, these appear to be unused and can safely be dropped.

This is done as a seperate commit to so it can easily be reverted
seperately for any reasons.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-05 13:07:34 -06:00
William Roberts
3eb91bec55 Makefile: add linker script to minimize exports
Add a linker script that exports only what was previosly exported by
libselinux.

This was checked by generating an old export map (from master):
nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map

Then creating a new one for this library after this patch is applied:
nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map

And diffing them:
diff old.map new.map

Fixes: #179

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-05 13:07:34 -06:00
William Roberts
7f9edee769 Makefile: add -fno-semantic-interposition
Add -fno-semantic-interposition to CFLAGS. This will restore
the DSO infrastructures protections to insure internal callers
of exported symbols call into libselinux and not something laoding first
in the library list.

Clang has this enabled by default.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-05 13:07:34 -06:00
William Roberts
4246bb550d dso: drop hidden_proto and hidden_def
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-05 13:07:34 -06:00
James Carter
d1d81b6c1f libsepol: Create the macro ebitmap_is_empty() and use it where needed
Create the macro ebitmap_is_empty() to check if an ebitmap is empty.
Use ebitmap_is_empty(), instead of ebitmap_cardinality() or
ebitmap_length(), to check whether or not an ebitmap is empty.

Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-03-02 13:23:59 +01:00
Nicolas Iooss
6968ea9775
libsepol: make ebitmap_cardinality() of linear complexity
As ebitmap_get_bit() complexity is linear in the size of the bitmap, the
complexity of ebitmap_cardinality() is quadratic. This can be optimized
by browsing the nodes of the bitmap directly in ebitmap_cardinality().

While at it, use built-in function __builtin_popcountll() to count the
ones in the 64-bit value n->map for each bitmap node. This seems better
suited than "count++". This seems to work on gcc and clang on x86,
x86_64, ARM and ARM64 but if it causes compatibility issues with some
compilers or architectures (or with older versions of gcc or clang),
the use of __builtin_popcountll() can be replaced by a C implementation
of a popcount algorithm.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2020-03-01 21:51:23 +01:00
Stephen Smalley
a41dfeb55d libselinux: deprecate security_compute_user(), update man pages
commit 1f89c4e787 ("libselinux: Eliminate
use of security_compute_user()") eliminated the use of
security_compute_user() by get_ordered_context_list().  Deprecate
all use of security_compute_user() by updating the headers and man
pages and logging a warning message on any calls to it.  Remove
the example utility that called the interface. While here, also
fix the documentation of correct usage of the user argument to these
interfaces.

Fixes: https://github.com/SELinuxProject/selinux/issues/70
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2020-02-27 17:30:56 +01:00
Ondrej Mosnacek
ee4b20ca10 libsepol: grow hashtab dynamically
Detect when the hashtab's load factor gets too high and try to grow it
and rehash it in such case. If the reallocation fails, just keep the
hashtab at its current size, since this is not a fatal error (it will
just be slower).

This speeds up semodule -BN on Fedora from ~8.9s to ~7.2s (1.7 seconds
saved).

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-02-21 15:15:41 -05:00
Ondrej Mosnacek
00bdfefcce libsepol, newrole: remove unused hashtab functions
hashtab_replace() and hashtab_map_remove_on_error() aren't used
anywhere, no need to keep them around...

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-02-21 15:15:41 -05:00
Mikhail Novosyolov
8d3f5f7425 libselinux: Fix Ru translation of failsafe context
From failsafe_context(5):
"The failsafe_context file allows SELinux-aware applications such as
PAM(8) to obtain a known valid login context for an administrator if
no valid default entries can be found elsewhere."

"Надёжный" means "reliable", "резервный" means "reserve",
the last variant is much closer to what "failsafe" really does.

Discussed with and approved by previous translators:
https://github.com/SELinuxProject/selinux/pull/203

Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2020-02-21 09:12:23 +01:00
Petr Lautrbach
1f89c4e787 libselinux: Eliminate use of security_compute_user()
get_ordered_context_list() code used to ask the kernel to compute the complete
set of reachable contexts using /sys/fs/selinux/user aka
security_compute_user(). This set can be so huge so that it doesn't fit into a
kernel page and security_compute_user() fails. Even if it doesn't fail,
get_ordered_context_list() throws away the vast majority of the returned
contexts because they don't match anything in
/etc/selinux/targeted/contexts/default_contexts or
/etc/selinux/targeted/contexts/users/

get_ordered_context_list() is rewritten to compute set of contexts based on
/etc/selinux/targeted/contexts/users/ and
/etc/selinux/targeted/contexts/default_contexts files and to return only valid
contexts, using security_check_context(), from this set.

Fixes: https://github.com/SELinuxProject/selinux/issues/28

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2020-02-20 09:47:23 -05:00
Christian Göttsche
4b33c9da64 libselinux: drop error return from is_selinux_enabled documentation
Since commit e3cab998b4 ("libselinux
mountpoint changing patch.") for version 20120216 is_selinux_enabled()
does never return -1; drop mentions in the man-page and header file.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-02-18 10:38:19 -05:00
Ondrej Mosnacek
542e878690 libsepol: cache ebitmap cardinality value
According to profiling of semodule -BN, ebitmap_cardinality() is called
quite often and contributes a lot to the total runtime. Cache its result
in the ebitmap struct to reduce this overhead. The cached value is
invalidated on most modifying operations, but ebitmap_cardinality() is
usually called once the ebitmap doesn't change any more.

After this patch, the time to do 'semodule -BN' on Fedora Rawhide has
decreased from ~10.9s to ~8.9s (2s saved).

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
[sds@tycho.nsa.gov: correct times per follow-up on list]
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-02-18 10:36:21 -05:00
Ondrej Mosnacek
a60343cabf libsepol/cil: remove unnecessary hash tables
The filename_- and range_trans_table ancillary hash tables in
cil_binary.c just duplicate the final policydb content and can be simply
removed.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-02-11 10:02:27 -05:00
Nick Kralevich
cfa868e4d3 label_file.c: Fix MAC build
On Android, the label_file.c file is compiled for all platforms,
including OSX. OSX has a slightly different prototype for the
getxattr function.

ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options);

which causes a compile error when compiling libselinux on OSX.

  ```
  external/selinux/libselinux/src/label_file.c:1038:37: error: too few arguments to function call, expected 6, have 4
                                       read_digest, SHA1_HASH_SIZE);
                                                                ^
  /Applications/Xcode9.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/xattr.h:61:1: note: 'getxattr' declared here
  ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options);
  ^
  1 error generated.
  ```

On OSX builds, add the additional arguments so that the code compiles.

As both SELinux labels and the restorecon partial digest are stored in
extended attributes, it's theoretically possible that someone
could assign SELinux labels and hash digests on OSX filesystems.
Doing so would be extremely weird and completely untested, but
theoretically possible.

Signed-off-by: Nick Kralevich <nnk@google.com>
2020-02-11 09:47:41 -05:00
Ondrej Mosnacek
0129422714 Travis-CI: test that DEBUG build works
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-02-07 16:29:04 -05:00
Ondrej Mosnacek
1967477913 libsemanage: preserve parent Makefile's flags in debug mode
Do not override CFLAGS and LDFLAGS in libsemange Makefile under DEBUG=1,
to make it possible to build the whole tree using the root Makefile with
DEBUG=1.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-02-07 16:29:04 -05:00
James Carter
26a994539d libsepol/cil: Rewrite verification of map classes and classpermissionsets
The classperms associated with each map class permission and with each
classpermissionset are verified in __cil_verify_classperms() which had
multiple problems with how it did the verification.

1) Verification was short-circuited when the first normal class is found.
  The second classpermissionset statement below would not have been
  verified.
    (classpermission cp1)
    (classpermissionset cp1 (CLASS (PERM)))
    (classpermissionset cp1 cp2)

2) The classperms of a map class permission and classpermissionset were
not checked for being NULL before the function recursively called itself.
This would result in a segfault if the missing map or set was referred to
before the classmap or classpermission occured. This error was reported by
Dominick Grift (dominick.grift@defensec.nl).
  These rules would cause a segfault.
    (classmap cm1 (mp1))
    (classmapping cm1 mp1 (cm2 (mp2)))
    (classmap cm2 (mp2))
  But an error would be produced for these rules.
    (classmap cm1 (mp1))
    (classmap cm2 (mp2))
    (classmapping cm2 mp2 (cm1 (mp1)))

3) The loop detection logic was incomplete and could only detect a loop
with a certain statement ordering.
  These rules would cause a stack overflow.
    (classmap cm1 (mp1))
    (classmapping cm1 mp1 (cm2 (mp2)))
    (classmap cm2 (mp2))
    (classmapping cm2 mp2 (cm3 (mp3)))
    (classmap cm3 (mp3))
    (classmapping cm3 mp3 (cm2 (mp2)))

Rewrote __cil_verify_classperms() to fix these errors.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2020-02-06 11:01:07 -05:00
Christian Göttsche
3854698833 libsepol: add support for new polcap genfs_seclabel_symlinks
Add support for new SELinux policy capability genfs_seclabel_symlinks.
With this capability enabled symlinks on kernel filesystems will receive
contexts based on genfscon statements, like directories and files,
and not be restricted to the respective filesystem root sid.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-02-06 10:50:54 -05:00
Stephen Smalley
8677ce5e8f libsepol,checkpolicy: support omitting unused initial sid contexts
Remove restrictions in libsepol and checkpolicy that required all
declared initial SIDs to be assigned a context.  With this patch,
it is possible to build and load a policy that drops the sid <sidname>
<context> declarations for the unused initial SIDs.  It is still
required to retain the sid <sidname> declarations (in the flask
definitions) in order to preserve the initial SID ordering/values.
The unused initial SIDs can be renamed, e.g. to add an unused_
prefix or similar, if desired, since the names used in the policy
are not stored in the kernel binary policy.

In CIL policies, the (sid ...) and (sidorder (...)) statements
must be left intact for compatibility but the (sidcontext ...)
statements for the unused initial SIDs can be omitted after this change.

With current kernels, if one removes an unused initial SID context
from policy, builds policy with this change applied and loads the
policy into the kernel, cat /sys/fs/selinux/initial_contexts/<sidname>
will show the unlabeled context.  With the kernel patch to remove unused
initial SIDs, the /sys/fs/selinux/initial_contexts/<sidname>
file will not be created for unused initial SIDs in the first place.

NB If an unused initial SID was assigned a context different from
the unlabeled context in existing policy, then it is not safe to
remove that initial SID context from policy and reload policy on
the running kernel that was booted with the original policy.  This
is because that kernel may have assigned that SID to various kernel
objects already and those objects will then be treated as having
the unlabeled context after the removal.  In refpolicy, examples
of such initial SIDs are the "fs" SID and the "sysctl" SID.  Even
though these initial SIDs are not directly used (in code) by the current
kernel, their contexts are being applied to filesystems and sysctl files by
policy and therefore the SIDs are being assigned to objects.

NB The "sysctl" SID was in use by the kernel up until
commit 8e6c96935fcc1ed3dbebc96fddfef3f2f2395afc ("security/selinux:
fix /proc/sys/ labeling) circa v2.6.39.  Removing its context from
policy will cause sysctl(2) or /proc/sys accesses to end up
performing permission checks against the unlabeled context and
likely encounter denials for kernels < 2.6.39.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-29 10:17:02 -05:00
Ondrej Mosnacek
a551b2d35a Makefile: always build with -fno-common
GCC 10 has it enabled by default and everything now builds OK with it,
so add it to CFLAGS to avoid breaking the build in the future.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-01-27 10:51:23 -05:00
Ondrej Mosnacek
4d330d0d31 checkpolicy: remove unused te_assertions
This variable is declared in a header file, but never defined or used.
The te_assert structure definition is only used in this declaration, so
remove both.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-01-27 10:51:21 -05:00
Ondrej Mosnacek
3d32fc24d6 libsepol: remove leftovers of cil_mem_error_handler
Commit 4459d635b8 ("libsepol: Remove cil_mem_error_handler() function
pointer") replaced cil_mem_error_handler usage with inline contents of
the default handler. However, it left over the header declaration and
two callers. Convert these as well and remove the header declaration.

This also fixes a build failure with -fno-common.

Fixes: 4459d635b8 ("libsepol: Remove cil_mem_error_handler() function pointer")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-01-27 10:51:18 -05:00
Ondrej Mosnacek
a96e8c59ec libsepol: fix CIL_KEY_* build errors with -fno-common
GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
global variables to be defined only once in cil.c and declared in the
header file correctly with the 'extern' keyword, so that other units
including the file don't generate duplicate definitions.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-01-27 10:51:14 -05:00
James Carter
11264556d8 libsepol/cil: Fix bug in cil_copy_avrule() in extended permission handling
When copying an avrule with extended permissions (permx) in
cil_copy_avrule(), the check for a named permx checks the new permx
instead of the old one, so the check will always fail. This leads to a
segfault when trying to copy a named permx because there will be an
attempt to copy the nonexistent permx struct instead of the name of
the named permx.

Check whether the original is a named permx instead of the new one.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2020-01-27 09:15:01 +01:00
Stephen Smalley
7bece3768b libselinux: export flush_class_cache(), call it on policyload
Rename flush_class_cache() to selinux_flush_class_cache(), export it
for direct use by userspace policy enforcers, and call it on all policy
load notifications rather than only when using selinux_check_access().
This ensures that policy reloads that change a userspace class or
permission value will be reflected by subsequent string_to_security_class()
or string_to_av_perm() calls.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-24 08:28:37 -05:00
Stephen Smalley
784b029c3f libselinux: update man pages for userspace policy enforcers
Despite deprecating use of flask.h and av_permissions.h back in 2014,
the man pages for avc_has_perm(3) and security_compute_av(3) were not
updated to provide instructions on how to dynamically map class/permission
names nor to encourage use of selinux_check_access(3) instead of these
interfaces.  Also, while selinux_set_mapping(3) supports dynamic
class/perm mapping at initialization, it does not support changes to
the class/perm values at runtime upon a policy reload, and no
instructions were provided on how to set up a callback to support
this case.  Update the man pages accordingly.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: William Roberts <bill.c.roberts@gmail.com>
2020-01-21 14:32:42 -05:00
Stephen Smalley
89674c2ff7 libselinux: remove flask.h and av_permissions.h
The flask.h and av_permissions.h header files were deprecated and
all selinux userspace references to them were removed in
commit 76913d8adb ("Deprecate use of flask.h and av_permissions.h.")
back in 2014 and included in the 20150202 / 2.4 release.
All userspace object managers should have been updated
to use the dynamic class/perm mapping support since that time.
Remove these headers finally to ensure that no users remain and
that no future uses are ever introduced.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2020-01-21 14:31:41 -05:00
Joshua Schmidlkofer
5bbe32a7e5 python/semanage: check variable type of port before trying to split
While using Ansible's Selinux module to manage ports, I discovered
that numerical ports caused an unhandled exception in 'seobject.py'.
This appears to be a bug, and I am proposing a fix which checks the
type of the argument before operating on it.  This maintains the
original functionality in the case of a string, and acts in the same
fashion if you supply an integer.

I did not find any open bug report against the SELinux project. The
downstream bug report is here:
https://github.com/ansible/ansible/issues/60968

Signed-off-by: Joshua Schmidlkofer <joshua@joshuainnovates.us>
2019-12-10 15:21:16 -05:00
Petr Lautrbach
dca7ce8195
Update VERSIONs to 3.0 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-28 13:46:48 +01:00
Petr Lautrbach
6e187f8a2a Update VERSIONs to 3.0-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-22 13:54:17 +01:00
Petr Lautrbach
adb8bdd429 dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot
When org.selinux.relabel_on_boot(0) was called twice, it failed with
FileNotFoundError.

Fixes:
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
    method return sender=:1.53 -> dest=:1.54 reply_serial=2
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
    method return sender=:1.53 -> dest=:1.55 reply_serial=2
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
    Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-21 12:07:07 -05:00
Petr Lautrbach
214cb61d53 Travis-CI: Drop Python 2 from matrix
As a result of Python 2 sunset - https://www.python.org/doc/sunset-python-2/ -
Python 2 code will not be supported in this project anymore and new Python code
should be written only for Python 3.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-21 12:06:43 -05:00
Baichuan Kong
ad2208ec22 restorecond: Fix redundant console log output error
When starting restorecond without any option the following redundant
console log is outputed:

/dev/log 100.0%
/var/volatile/run/syslogd.pid 100.0%
...

This is caused by two global variables of same name r_opts. When
executes r_opts = opts in restore_init(), it originally intends
to assign the address of struct r_opts in "restorecond.c" to the
pointer *r_opts in "restore.c".

However, the address is assigned to the struct r_opts and covers
the value of low eight bytes in it. That causes unexpected value
of member varibale 'nochange' and 'verbose' in struct r_opts, thus
affects value of 'restorecon_flags' and executes unexpected operations
when restorecon the files such as the redundant console log output or
file label nochange.

Cause restorecond/restore.c is copied from policycoreutils/setfiles,
which share the same pattern. It also has potential risk to generate
same problems, So fix it in case.

Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
2019-11-15 08:12:16 -05:00
Nicolas Iooss
91cd4600db
libselinux,libsemanage: check in python_exception.i files
Generating selinuxswig_python_exception.i and
semanageswig_python_exception.i requires gcc, which appears to be
unavailable on some platform. Work around this issue by adding the
generated files to the git repository.

While at it, remove a stray space in the generated
selinuxswig_python_exception.i.

Original thread: https://lore.kernel.org/selinux/20191012172357.GB19655@imap.altlinux.org/T/#ma78bd7fe71fb5784387a8c0cebd867d6c02ee6e4

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: Michael Shigorin <mike@altlinux.org>
2019-11-13 08:34:46 +01:00
Nicolas Iooss
dd9c70e0d7
libselinux,libsemanage: fix python_exception.i dependencies
selinuxswig_python_exception.i and semanageswig_python_exception.i need
to be regenerated when either an input header file changes or
exception.sh changes. Add the missing items to the respective Makefiles.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-11-13 08:34:42 +01:00
Nicolas Iooss
5815cc9843
libselinux,libsemanage: never create -.o in exception.sh
Files starting with "-" causes issues in commands such as "rm *.o". For
libselinux and libsemanage, when exception.sh fails to remove "-.o",
"make clean" fails with:

    rm: invalid option -- '.'
    Try 'rm ./-.o' to remove the file '-.o'.
    Try 'rm --help' for more information.

Fix this by making exception.sh create "temp.o" instead of "-.o".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-11-13 08:34:35 +01:00
Petr Lautrbach
8375671d30 python/sepolicy: Revert "Only invoke RPM on RPM-enabled Linux distributions"
Commit 73b7ff410c ("Only invoke RPM on RPM-enabled Linux distributions") used
platform.linux_distribution() function to detect whether the system is rpm
based. This function is deprecated since Python 3.5 and it's removed from Python
3.8 - https://bugs.python.org/issue28167

The original problem is already fixed by another commit
671f83b42b ("policycoreutils/sepolicy: Check get_rpm_nvr_list() return
value"):

    $ sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home
    Failed to retrieve rpm info for selinux-policy
    Created the following files:
    mypolicy/testpolicy.te # Type Enforcement file
    mypolicy/testpolicy.if # Interface file
    mypolicy/testpolicy.fc # File Contexts file
    mypolicy/testpolicy_selinux.spec # Spec file
    mypolicy/testpolicy.sh # Setup Script

Fixes:
     File "/usr/lib/python3.8/site-packages/sepolicy/generate.py", line 1384, in generate
       if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat", "centos", "SuSE", "fedora", "mandrake", "mandriva")):
     AttributeError: module 'platform' has no attribute 'linux_distribution'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-08 09:20:35 -05:00
Petr Lautrbach
6d5f7f20bc Replace www.nsa.gov references by github.com/SELinuxProject
The original page doesn't exist anymore.

Fixes: https://github.com/SELinuxProject/selinux/issues/170

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-08 09:20:29 -05:00
James Carter
c7527bdb60 libsepol/cil: Report disabling an optional block only at high verbose levels
Since failing to resolve a statement in an optional block is normal,
only display messages about the statement failing to resolve and the
optional block being disabled at the highest verbosity level.

These messages are now only at log level CIL_INFO instead of CIL_WARN.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2019-11-06 12:32:06 -05:00
Thomas Petazzoni
0271bf4136
libselinux/src/Makefile: don't pass bogus -I and -L to python setup.py build_ext
Using $(DESTDIR) during the build does not follow the normal/standard
semantic of DESTDIR: it is normally only needed during the
installation. Therefore, a lot of build systems/environments don't
pass any DESTDIR at build time, which causes setup.py to be called
with -I /usr/include -L /usr/lib, which breaks cross-compilation.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-02 17:32:20 +01:00
Petr Lautrbach
b3ed0a7a60 Update VERSIONs to 3.0-rc1 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-10-28 13:06:11 +01:00
Vit Mojzis
95bcd6af03 python/semanage: Document DCCP and SCTP support
Add DCCP and SCTP protocols in semanage port man page and --help
message.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-23 10:24:38 -04:00