Add -p option that will take a binary policy file to validate
context entries in the text file_contexts file.
Should validation fail the binary file will not be written.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
File labels assigned using the lookup_best_match() function do not
assign the best match if its regex contains metacharacters in the
binary file_contexts file version.
This change adds a new entry in the binary file with the calculated
prefix length that is then read when processing the file. This fix
also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS.
This patch relies on patch [1] that fixes the same problem
for text based file_contexts files.
[1] http://marc.info/?l=selinux&m=143576498713964&w=2
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
If you add some local file contexts via semanage fcontext -a and
later delete them all via semanage fcontext -D, you get an empty
file_contexts.local file. Then when you try to load it, getline()
returns 0 and we fall through to the out path without having set rc.
In label_file.c, rc will always be non-zero at this point because
we will have failed the load_mmap() call. In sefcontext_compile,
rc may contain random garbage at this point. Explicitly set rc
before the loop.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Update file contexts generation and loading to use common code.
Remove "status = 0; after "status = sort_specs(data);" otherwise
the function will never indicate a failure.
The file labeling code also has minor formatting, white space
removal etc. changes.
label_file.c - Move process_line function to label_file.h
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind. Also added optional -o output
file parameter - updated man page to reflect this change.
V2 - Revert to using compat_validate instead of selabel_validate.
V3 - Revert to using callback for validation now the problem has been
fixed by commit e889148494
("libselinux: build sefcontext_compile with static libselinux")
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Currently sscanf is used with %ms parameters that are not supported
on all platforms. The new read_spec_entries function may be used
to replace these where required. This patch updates
sefcontext_compile, label_file and label_android_property services
to use the new function.
The file and property services have been tested on Android emulator
and the file service on Fedora 21.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Currently sefcontext_compile defines the mode field as mode_t whose
size will vary depending on the architecture (e.g. 32 bit / 64 bit).
This patch sets the size when writing/reading binary files to
uint32_t. The file version is set to SELINUX_COMPILED_FCONTEXT_MODE
V2 fixes those listed in http://marc.info/?l=selinux&m=143273965514292&w=2
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Fixes two types of errors which appear when building with gcc-5.0.0
- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Currently the compiled file context files can end up with different
permissions then the original. This can lead to non priv users
not being able to read the compiled versions.
We open the file which is to be used to write the binary format of file
contexts. If we hit an error actually writing things out, we return,
but never close the fd. Do not leak.
Signed-off-by: Eric Paris <eparis@redhat.com>
This is a new 'compiler' which tranforms the file context database into
a binary format. This binary format may be mmap'd in later removing the
need to compile the regular expression at run time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
