The hash table implementation uses `& (SIDTAB_SIZE - 1)` to truncate
generated hashes to the number of buckets. This operation is equal to
`% SIDTAB_SIZE` if and only if the size is a power of two (which seems
to be always the case). One property of the binary and with a power of
two (and probably a small one <=2048) is all higher bits are discarded.
Thus a hash function is needed with a good avalanche effect, which the
current one is not.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reported by Clang Analyzer:
is_customizable_type.c:36:3: warning: Potential leak of memory pointed to by 'buf' [unix.Malloc]
36 | fclose(fp);
| ^~~~~~
Fixes: 9911f2ac6f ("libselinux: check for stream rewind failures")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Update for commit 494eb683f3 ("libselinux: add getpidprevcon").
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Introduce reallocarray(3), a realloc(3) wrapper incorporating a
multiplication overflow check.
Add private implementation in case the function is not provided by the
standard C library.
Use in appropriate locations.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
* mention -r <role> and -v command line options in usage string
* use distinct error messages on getseuser(3) and
get_default_context_with_[role]level(3) failure
* always print program name on error
* drop unnecessary double parenthesis
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
selabel_lookup(3) is expected to set errno on lookup failure, i.e. when
it returns NULL. Set errno if a regular expression failed to compile in
compile_regex().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Some entries might have been already parsed and allocated.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
selabel_get_digest_all_partial_matches is dynamically linked against
libselinux, so it should not depend on any internals and thus do not
make use of an internal header file
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Move the check whether to validate or not to the caller, to avoid all
having to carry the complete selabel_handle around.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Use fseek(3) instead of rewind(3) to detect failures.
Drop the final rewind in digest_add_specfile(), since all callers are
going to close the stream without any further action.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Define selabel_subs_init() only if its call-sites are enabled.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Fix the typo and adjust the logic accordingly so the android backend is
not build by default, but if either ANDROID_HOST or
LABEL_BACKEND_ANDROID is set to y.
Fixes: c2a58cc525 ("libselinux: LABEL_BACKEND_ANDROID add option to enable")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Drop parameter NULL check since the only caller does a NULL check on the
argument.
Avoid strlen(3) call by comparing by hand.
Drop unreachable return statement.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
selabel_open(3) expects the backend to be of type unsigned int.
Also initialize with a macro flag instead raw 0.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Check (for the probably impossible) case the serialized data is longer
than the compiled fcontext format supports.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
selinux_check_access.c:43:10: warning: cast to union type is a GNU extension [-Wgnu-union-cast]
43 | (union selinux_callback)cb_auditinfo);
| ^ ~~~~~~~~~~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Merge malloc(3) plus memset(3) call into calloc(3).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Comparing two selabel handles should (and currently does) not modify
them.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Drop overrides of warning flags which are not triggered by any code.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
The flag -fipa-pure-const is enabled by default in GCC at -O0 and above.
The flag is not supported by Clang, which might result in issues if a
compilation database was created via GCC.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Drop unused parameter from selabel_is_digest_set(). It is only written
to but writes to the function local copy of the pointer are void.
Constify read-only handle parameter of selabel_validate() and
compat_validate().
Constify read-only from-address parameter of digest_add_specfile().
Constify read-only function pointer array initfuncs.
Merge malloc(3) and memset(3) calls into calloc(3).
Simplify boolean assignment.
Drop duplicate include file.
Drop return at end of void function.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Print usage information and exit if required path option is not given
or superfluous arguments are given.
Constify read-only variables assigned command line arguments.
Simplify bool evaluation.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Since they are being removed, there will be nothing to install.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
The Russian translations have not been maintained and are out of
date, so remove them. This removes the man8 translations and the
ru directory.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
The Russian translations have not been maintained and are out of
date, so remove them. Because of the size, this just removes the
man5 translations.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
Change "NSA SELinux" to just "SELinux" and remove NSA from the
SELinux manual pages.
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Introduce a helper binary to print the number of policy reloads on the
running system.
Print only a single number to ease the usage by scripts.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Check the return value of calloc() to avoid null pointer reference.
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
When semodule -i some.pp to install a module package, duplicate items are
detected for the module. The detection function is nodups_specs in
libselinux/src/label_file.c. The algorithm complexity of implementing
this function is O(M*(N^2)). M is a symbol related to the length of a string.
N indicates the number of data->nspec. In scenarios where N is very large, the
efficiency is very low.
To solve this problem, I propose to use the hash table to detect duplicates.
The algorithm complexity of new implementing is O(M*N). The execution
efficiency will be greatly improved.
Comparison between the execution time of the nodups_specs function.
Old double-layer loop implementation O(M*(N^2)):
semodule -i myapp1.pp
nodups_specs data->nspec: 5002
nodups_specs start: 11785.242s
nodups_specs end: 11785.588s
nodups_specs consumes: 0.346s
semodule -i myapp2.pp
nodups_specs data->nspec: 10002
nodups_specs start: 11804.280s
nodups_specs end: 11806.546s
nodups_specs consumes: 2.266s
semodule -i myapp3.pp
nodups_specs data->nspec: 20002
nodups_specs start: 11819.106s
nodups_specs end: 11830.892s
nodups_specs consumes: 11.786s
New hash table implementation O(M*N):
semodule -i myapp1.pp
nodups_specs data->nspec: 5002
nodups_specs start: 11785.588s
nodups_specs end: 11785.590s
nodups_specs consumes: 0.002s
semodule -i myapp2.pp
nodups_specs data->nspec: 10002
nodups_specs start: 11806.546s
nodups_specs end: 11806.552s
nodups_specs consumes: 0.006s
semodule -i myapp3.pp
nodups_specs data->nspec: 20002
nodups_specs start: 11830.892s
nodups_specs end: 11830.905s
nodups_specs consumes: 0.013s
Signed-off-by: wanghuizhao <wanghuizhao1@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
To adapt to the scenarios of libselinux, this patch does three things:
1. Add a new function hashtab_destroy_key. This function is used to
reclaim memory using the customized key destruction method.
2. Changed the macro definition to _SELINUX_HASHTAB_H_.
3. Add a function declaration to the header file.
Signed-off-by: wanghuizhao <wanghuizhao1@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
To use hashtab in libselinux, migrate the existing hashtab template
from policycoreutils/newrole to libselinux.
Signed-off-by: wanghuizhao <wanghuizhao1@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
Explicitly set CFLAGS for the pip install command, similar to calling
setup.py, to ignore known compiler warnings treated as errors, e.g.:
selinuxswig_python_wrap.c:3593:19: error: 'sidget' is deprecated [-Werror,-Wdeprecated-declarations]
result = (int)sidget(arg1);
^
selinuxswig_python_wrap.c:15024:1: error: no previous prototype for function 'PyInit__selinux' [-Werror,-Wmissing-prototypes]
SWIG_init(void) {
^
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
Add a note that querying a foreign process via its PID is inherently
racy.
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Add the public interfaces getpidprevcon(3) and getpidprevcon_raw(3), and
the utility getpidprevcon to gather the previous context before the last
exec of a given process.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The hash mask is set to 2^16 - 1, which does not fit into a signed 16
bit integer. Use uint32_t to be on the safe side. Also use size_t for
counting in debug function.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Add const qualifier to read-only state struct.
Minimize scope of function local variables, to reduce complexity.
Pass only the file type related file flags to selabel_lookup(3).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The optimization flag -funit-at-a-time is enabled by default in GCC[1]
and not supported by Clang:
clang: error: optimization flag '-funit-at-a-time' is not supported [-Werror,-Wignored-optimization-argument]
[1]: https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
pcre's behavior is changed so that pcre2_match always allocates heap for
match_data, rather than stack, regardless of size. The heap isn't freed
until explicitly calling pcre2_match_data_free. This new behavior may
result in heap overhead, which may increase the peak memory usage about
a few megabytes. It's because regex_match is first called for regex_data
objects, and then regex_data objects are freed at once.
To workaround it, free match_data as soon as we call regex_match. It's
fine because libselinux currently doesn't use match_data, but use only
the return value.
Signed-off-by: Inseob Kim <inseob@google.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Found by codespell(1) and typos[1].
[1]: https://github.com/crate-ci/typos
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
When the python bindings are installed to a destdir with pip install
--prefix= --root=, pip tries to uninstall the existing root-owned
package and fails
Fixes:
running build_ext
python3 -m pip install --prefix=/usr `test -n "/tmp/selinux-release//build-master" && echo --root /tmp/selinux-release//build-master` .
Processing /tmp/selinux-release/selinux-master/libselinux/src
Preparing metadata (setup.py) ... done
Building wheels for collected packages: selinux
Building wheel for selinux (setup.py) ... done
Created wheel for selinux: filename=selinux-3.4-cp310-cp310-linux_x86_64.whl size=725511 sha256=b35e9cdb2a6efce389eeece45446826b4ac6b41f81fdc128893f947036f27e8e
Stored in directory: /tmp/pip-ephem-wheel-cache-kemjh99e/wheels/ca/2d/1e/d1ab52426d9add92931471cfa0d2558bcbeed89084af2388c9
Successfully built selinux
Installing collected packages: selinux
Attempting uninstall: selinux
Found existing installation: selinux 3.4
Uninstalling selinux-3.4:
ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: '__init__.cpython-310.pyc'
Consider using the `--user` option or check the permissions.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
Fixes:
/usr/lib/python3.11/site-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
