| ce633ba7e938be2773a77f750b7f6f78732a690e |
|
07-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Fix core dumps with corrupt *.bin files
Check buffer address limits when processing *.bin files
to catch any over-runs. On failure process text file instead.
To test, the bin files were corrupted by adding and removing
various bits of data. Various file sizes were also checked and
all were caught by the patch.
(cherry picked from commit a351eb01a8238c1bd465619c6c5885c2da1c6663)
Change-Id: I3fcecbb02f8f73e516695a82efbe497fff0788a7
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| 417cb8d076a31c57710429b255aebc595613eb6b |
|
13-Mar-2015 |
Petr Lautrbach <plautrba@redhat.com> |
Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0
- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 716e3820c571fa082f2a57c040802c54ed422f37 |
|
24-Feb-2015 |
Nick Kralevich <nnk@google.com> |
libselinux: label_file: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 14342674191ca11c4455ff7ac9b76b05173eb575 |
|
02-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: pcre_study can return NULL without error.
Per the man page, pcre_study can return NULL without error if
it could not find any additional information. Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.
Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| ae5de8ae697675ce674262f10a54fe3b37968a70 |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libselinux: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libselinux/src/label_file.c
|
| ac33098a807671204720aae97d6bcf6429d3fa92 |
|
09-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add pcre version string to the compiled file_contexts format.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| f458b7607618ad3d95568b595065c745c3c69022 |
|
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge branch 'fedora' into master-merge
Conflicts:
libselinux/src/Makefile
libselinux/src/selinux_config.c
policycoreutils/audit2allow/audit2allow.1
policycoreutils/scripts/fixfiles.8
policycoreutils/semanage/semanage.8
policycoreutils/sepolicy/Makefile
policycoreutils/sepolicy/sepolicy/transition.py
policycoreutils/setsebool/setsebool.8
|
| f1598dff7e951f0dbfb68d9c45bc15fe6d2e821e |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.
See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
/external/selinux/libselinux/src/label_file.c
|
| fd56c5230cea6b81fbe74d1d0a228936a6797923 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Separate out the calling of local subs and dist subs in selabel_sub
We want to allow users to setup their substitions to run fist and then run
the distro subs second. This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it. We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
/external/selinux/libselinux/src/label_file.c
|
| fceca652c137084a891e1cf070ba9c8c063bc949 |
|
21-Oct-2013 |
Joe MacDonald <joe@deserted.net> |
libselinux: avoid shadowing 'stat' in load_mmap
label_file.c: In function ‘load_mmap’:
label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow]
cc1: all warnings being treated as errors
Signed-off-by: Joe MacDonald <joe@deserted.net>
/external/selinux/libselinux/src/label_file.c
|
| a15451b523d267b4dbf94616e9473ab196b88525 |
|
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.
See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
/external/selinux/libselinux/src/label_file.c
|
| 0834ff302264319097eb3f52295f5f671091cba9 |
|
23-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: do not leak file contexts with mmap'd backend
We use strdup to store the intended context when we have an mmap'd
file backend. We, however, skipped freeing those contexts.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| efb6347dd3c089f6e4fa6fbe06e23964a16acee1 |
|
23-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: unmap file contexts on selabel_close()
We were leaking all of the file context db because we didn't unmap them
on selabel_close()
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| aa62cd60f7192123b509c2518e7a2083e34a65a2 |
|
29-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: Fix errors found by coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| a293048a59aa8eae68f76d1bafe08acba9285f97 |
|
01-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: do not leak mmapfd
On failure, common if .bin is older than the text version, we will leak
the mmapfd. Don't do that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 9ebd779353764299e40f63f843eb26209ffbd771 |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use precompiled filecontext when possible
When loading the filecontext database, check to see if there is a newer
binary version. If so, mmap that file, is used to populate the regex db
instead of reading from the text representation and compiling regex's as
needed. If the text file is newer it will use the text version and
ignore the binary version.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 16b578895e5c20ad6594186a14a04d848c735889 |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: new process_file function
We currently duplicate code 3 times for the main file, the homedirs, and
the local file. Just put that stuff in its own function so we don't
have to deal with it multiple times.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 79b6a8d78fc184b01133ac11d1d0c683633dcaf3 |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: only run regex files one time
We currectly run all of the regex files 2 times. The first time counts
the lines and does the simple validatation. We then allocate an array
of exactly the right size to hold the entries and run them a second time
doing stronger validation, regex compile, etc.
This is dumb. Just run them one time and use realloc to grow the size
of the array as needed. At the end the array will get sized perfectly
to fit by the sorting function, so even if we accidentally allocated
entra memory we'll get it back.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| ee88185aff38b18b16da0d0ed38796d7142632d1 |
|
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: add accessors for the pcre extra data
When we use an mmap backed version of data we need to declare the pcre
extra data since we are only given a point to the data->buffer. Since
sometimes the spec will hold a pointer to the extra data and sometimes
we want to declare it on the stack I introduce and use an accessor for
the extra data instead of using it directly.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 247759031a3e41e5a0f462dc7dfecc0d79d1652e |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move regex sorting to the header
We want to do the same thing in the compiler and as we do in in the code
which reads regexes in from the text file. Move that sorting into the header.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 48682e2853f3c66a628adcaf0dbd6030630802f2 |
|
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move spec_hasMetaChars to header
So we can use it in the new compile utility, move the
spec_hasMetaChars() function, which looks for things like .*?+^$ in
regular expressions into the internal header file.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| fcc895661d0cfc619f0895e5c8cb3017cc97364e |
|
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: drop useless ncomp field from label_file data
The libselinux label_file backend counted the number of regexes which
had been compiled. We didn't use it and it wasn't useful information.
Stop doing it.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 9937685cbe8ae6a57cd0b653f2e04f1f45efe46e |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move stem/spec handling to header
We want to be able to find the stem and the spec from our new utility.
So move those functions to the header file.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| b9482941ce29e17cd669da457ec3bc176e43fcc6 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move error reporting back into caller
If we want to use these functions in utilities we shouldn't call such
libselinux internal functions. Move the error reporting up to the
caller.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| f744f239fbfcd1f74bac3196acd616d871ab6108 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: do string to mode_t conversion in a helper function
So the string to mode_t conversion in a helper function so it can be
used later by a regex compilation program.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| c27101a58317a3d535437f6bd82a3af4a7140074 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move definitions to include file
We want to use some label_file internals in a utility to compile
fcontext files into binary data for fast use. So start pushing
structures and such into a header file.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| dc1db39e28d8319ee72429dfb5fdbb18208d8977 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: remove all typedefs
I hate them. They just indirectly you needlessly. Just use the struct
definitions.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 091eb526dd2036d993517d09e4fc67b2bec3ec5e |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use PCRE instead of glibc regex functions
The PCRE functions are about x10 faster than the glibc functions. So
use the external library.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 16a37c9f94c1e2dfb865e17e4200d2824d4971f5 |
|
19-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux - correct selabel invalid context logging
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| d4a39ca15b5a41b545630aeaa04e96fe7c0346fe |
|
29-Sep-2011 |
Eric Paris <eparis@redhat.com> |
policycoreutils: label_file: style changes to make Eric happy.
Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a
wider monitor so I can read the code.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 4f621a168682f96d0c98f7818493397766b13fd2 |
|
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: do not check fcontext duplicates on use
Tools like restorecon or systemd, which load the fcontext database to
make labeling decisions do not need to check for duplicate rules. Only
the first rule will be used. Instead we should only check for
duplicates when new rules are added to the database. And fail the
transaction if we find one.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 441cf2ea924c13ed5002012aadd128f71d9e9c9d |
|
18-Apr-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: selabel_open fix processing of substitution files
libselinux selabel_open function always processed the substitution files (if
installed) from the active policy contexts/files/file_contexts.subs and
subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This
patch now processes the correct subs files when selabel_open is called with
SELABEL_CTX_FILE. The other backends could also process their own substitution
files if needed in their own areas.
[move the init declaration to label_internal.h - eparis]
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 8f007923dd4ff89652479587d96e22bc63dbf822 |
|
02-Jun-2010 |
Chad Sellers <csellers@tresys.com> |
[PATCH] Remove duplicate slashes in paths in selabel_lookup
This patch simply removes duplicate slashes (meaning "//") from
pathnames passed into selabel_lookup. It does not do a full
realpath() calculation (e.g. following symlinks, etc.), as the
client should really do that before calling into libselinux.
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libselinux/src/label_file.c
|
| 070505f16f59b1ddbc6af670a04a3610253f50fc |
|
16-Feb-2010 |
Stephen Smalley <sds@tycho.nsa.gov> |
label_file.c:434: error: implicit declaration of function 'fstat'
On Mon, 2010-02-15 at 14:19 -0800, Justin Mattock wrote:
> this is new:
>
>
> make[2]: Leaving directory `/home/kernel/selinux/libselinux/include'
> make -C src install
> make[2]: Entering directory `/home/kernel/selinux/libselinux/src'
> cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
> -Wmissing-format-attribute -I../include -I/usr/include -D_GNU_SOURCE
> -D_FILE_OFFSET_BITS=64 -c -o label_file.o label_file.c
> cc1: warnings being treated as errors
> label_file.c: In function 'init':
> label_file.c:434: error: implicit declaration of function 'fstat'
> label_file.c:436: error: implicit declaration of function 'S_ISREG'
> make[2]: *** [label_file.o] Error 1
> make[2]: Leaving directory `/home/kernel/selinux/libselinux/src'
> make[1]: *** [install] Error 2
> make[1]: Leaving directory `/home/kernel/selinux/libselinux'
> make: *** [install] Error 1
>
> three areas where this could of been created
> update glibc
> updated kernel
> update userspace(altohugh there was not vary many commits in the pull).
Newer glibc headers expose a failure to #include the required headers
for stat(2). Also exposes a conflict in redefining close() in that
file. Patch below should fix.
/external/selinux/libselinux/src/label_file.c
|
| a4af847dc6f52688a25bb0323ff3b84b13dded67 |
|
11-Apr-2009 |
Hiroshi Shinji <hiroshi.shinji@gmail.com> |
Author: Hiroshi Shinji
Email: hiroshi.shinji@gmail.com
Subject: Memory leak in libselinux/src/label_file.c
Date: Fri, 3 Apr 2009 13:58:01 +0900
Hi,
I found memory leak in libselinux/src/label_file.c.
Please fix it.
Regards,
--
Hiroshi Shinji
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libselinux/src/label_file.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/label_file.c
|