selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-02-13 08:07:38 +00:00

Go to file

Nick Kralevich 908898846a policy_define.c: don't free memory returned from queue_head() Unlike queue_remove(), queue_head() does not modify the queue, but rather, returns a pointer to an element within the queue. Freeing the memory associated with a value returned from that function corrupts subsequent users of the queue, who may try to reference this now-deallocated memory. This causes the following policy generation errors on Android: FAILED: out/target/product/bullhead/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy_nvr.cil /bin/bash -c "out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o out/target/product/bullhead/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy_nvr.cil out/target/product/bullhead/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy.conf" system/sepolicy/public/app.te:241:ERROR 'only ioctl extended permissions are supported' at token ';' on line 6784: #line 241 } }; checkpolicy: error(s) encountered while parsing configuration because the value of "id" in: id = queue_remove(id_queue); if (strcmp(id,"ioctl") == 0) { ... } else { yyerror("only ioctl extended permissions are supported"); ... } is now garbage. This is a partial revert of the following commit: `c1ba8311` checkpolicy: free id where it was leaked Signed-off-by: Nick Kralevich <nnk@google.com>		2017-01-13 14:43:38 -05:00
checkpolicy	policy_define.c: don't free memory returned from queue_head()	2017-01-13 14:43:38 -05:00
dbus	Add stub make test targets to new subdirs	2016-11-16 11:20:05 -05:00
gui	Add stub make test targets to new subdirs	2016-11-16 11:20:05 -05:00
libselinux	libselinux: replace all malloc + memset by calloc in android label backend.	2017-01-13 10:46:29 -05:00
libsemanage	libsemanage: increment the right index variable in for loop	2017-01-06 14:08:26 -05:00
libsepol	libsepol: make capability index an unsigned int	2017-01-09 16:00:14 -05:00
mcstrans	mcstransd: fix and reorder includes	2017-01-09 16:00:28 -05:00
policycoreutils	restorecon manpage: link back to fixfiles	2017-01-12 14:59:36 -05:00
python	policycoreutils, python: Fix bad manpage formatting in "SEE ALSO"	2017-01-12 14:59:31 -05:00
restorecond	policycoreutils/restorecond: Decrease loglevel of termination message	2017-01-06 14:06:40 -05:00
sandbox	sandbox: make test not fail on systems without SELinux	2016-11-17 16:44:57 -05:00
scripts	Fix release script	2016-11-16 11:19:51 -05:00
secilc	secilc: Add secil2conf which creates a policy.conf from CIL policy	2016-11-30 10:18:19 -05:00
semodule-utils	semodule-utils: Drop -lselinux from Makefiles.	2016-11-16 11:19:51 -05:00
.gitignore	restorecond: Add gitignore	2016-11-16 11:20:05 -05:00
CleanSpec.mk	Add empty top level Android.mk / CleanSpec.mk files	2015-04-16 07:54:09 -04:00
Makefile	Build mcstrans.	2016-11-16 11:19:50 -05:00
README	libsemanage: remove ustr library from Makefiles, README and pkg-config	2016-12-21 13:40:11 -05:00

README

Please submit all bug reports and patches to selinux@tycho.nsa.gov.
Subscribe via selinux-join@tycho.nsa.gov.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig xmlto redhat-rpm-config

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.