Cross Reference: /external/selinux/libsemanage/src/semanage

History log of /external/selinux/libsemanage/src/semanage_store.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
d56c2b434e99f60612c1290e82021ecbcbfaf5e6	21-Jul-2015	Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>	libsemanage: Add file_contexts and seusers to the store This patch writes file_contexts and seusers to the policy store as well as /etc/selinux/. Additionally, file_contexts and seusers are now parsed from the store rather than the final directory which was the old behavior. This allows all policy related files to be kept in the policy store. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
9638af24a1e890d673549f0b25d854458e07032e	02-Jul-2015	Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>	libsemanage: Add policy binary and file_contexts.local to the store This patch writes policy.kern and file_contexts.local to the policy store as well as /etc/selinux/. Additionally, policy.kern and file_contexts.local are now parsed from the store rather than the final directory which was the old behavior. This allows all policy related files to be kept in the policy store. This patch also renames /var/lib/selinux/tmp to 'final' and changes policy.kern in the store to longer be a symlink. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
5e75b96e91534ae37405e1e417f4627f1e47d5c2	03-Apr-2014	Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>	libsemanage: add the ability to set an alternative root path for store Allow an alternative selinux store root path to be used. The option can be set in semanage.conf as store_root. If no option is provided, the default path for the store_root is "/var/lib/selinux". Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
cae4a4c951aa19b2717254d76deeb986af466238	07-Feb-2014	Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>	libsemanage: add support for HLL to CIL compilers An HLL to CIL compiler must exist in the compiler_directory path which is configubrable in semanage.conf. By default, this path is /usr/libexec/selinux/hll/. The compiler name needs to match the HLL language extension. For example, for pp files, /usr/libexec/selinux/hll/pp must exist. The HLL infrastructure uncompresses the HLL module and pipes the data to the appropriate CIL compiler. The output CIL from the compiler is read from another pipe, compressed, and saved to the module store as a cached CIL file. This file will be used on all subsequent policy builds, unless a new module is installed with the same name at the same priority, at which point the cache is deleted and is subsequently rebuilt and cached. A new option is added to semanage.conf, ignore_cache, which if set to true will cause the cached CIL files to be ignored and all HLL files to be recompiled and the resulting CIL to be recached. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
ddaa6e6ecac1f0e99905b143c1c25178fe344d7f	17-Nov-2011	Steve Lawrence <slawrence@tresys.com>	libsemanage: use libcil for compiling modules Also finally removes the concept of a "base" module and special "_base" handling. Signed-off-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
d5bcc2285f7a4a739f1b38eeb66d345c3427b1b3	14-Oct-2011	Steve Lawrence <slawrence@tresys.com>	libsemanage: update install functions to support CIL With CIL, the filename and language extension are no longer stored in the modules themselves like with pp files. So parse this information from the filename when given a file to install, and require the information be passed when just data. Symbolic versioning is used to maintain ABI compatability with the old install functions. API compatability is not maintained. Also, remove version from the module info struct and the semanage_module_info_{get,set}_version functions. These functions have not been part of an official release, so removing them without providing ABI/API compatability should not break anything. Because versioning is removed, semanage_module_upgrade can no longer perform the necessary checks to ensure an old module is not overriding a newer module. So, this just remove the upgrade functions from the API. Functions are added to maintain ABI compatability, which call the install functions. Also, CIL has no concept of a base module, so remove the notion of a base module, including the API functions semanage_module_base_install and related functions. To maintain ABI compatability, functions are added which call the new install functions, thus treating base modules as if they are normal modules. Signed-off-by: Steve Lawrence <slawrence@tresys.com> Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
8da5b141e37fe2115d0a06c9a15965a0b8adf62a	10-Nov-2011	Steve Lawrence <slawrence@tresys.com>	libsemanage: rewrite semanage_direct_list to not assume binary modular policies Rather than getting the list of pp modules and parsing their headers to get the name, use the new source policy functions to get the necessary information from the module store. Signed-off-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
c35678eb6dd8ba0ad289617a359ab080a6dc03d8	22-Nov-2011	Steve Lawrence <slawrence@tresys.com>	libsemanage: add back support for semange_set_root using the new source policy infrastructure Removed in commits: - Revert "libsemanage: introduce semanage_set_root and friends" - Revert "libsemanage: Alternate path for semanage.conf" - Revert "libsemanage: Use default semanage.conf as a fallback" Signed-off-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
bb5121efbde783ed8216a17cfc0cb23b47e7874f	24-Dec-2009	Caleb Case <ccase@tresys.com>	libsemanage: installing/removing modules via info and key These functions install/remove modules based on the module info/key. The motivation for these interfaces is to provide the additional information about a module (version, language, and enabled status) at install time and also to separate the meta-data in preparation for supporting source policies. This patch combines the implementations of all the install/remove functions to use the semanage_direct_install_info and semanage_direct_remove_key functions. The motivation here is to reduce the amount of duplicate installation code (for example, semanage_direct_install and semanage_direct_install_file have separate but similar implementations). With this patch the transition from the old store layout to the new one is finished. This is accomplished mostly through the modification of install functions and semanage_get_modules_names. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
f2c4e796af114de7c2776a7070b01687b416b7c7	24-Dec-2009	Caleb Case <ccase@tresys.com>	libsemanage: provide function to get new base module path The base module is being moved in with the other modules so that it can benefit from the priority framework. This patch provides a utility function for getting the highest priority base module path. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
e37fa2f63be89afab9b5f5ddfedbd589d0676c4e	24-Dec-2009	Caleb Case <ccase@tresys.com>	libsemanage: split final files into /var/lib/selinux/tmp This patch moves the final files from inside /var/lib/selinux/<store>/[active\|previous\|tmp] to /var/lib/selinux/tmp/<store>. The move is done to facilitate using source control management on the /var/lib/selinux/<store> directory. If these files remain in /var/lib/selinux/<store> they will pose a size problem if an SCM like git is used as we'd be storing lots of binary diffs. We are suggesting making this change now, rather than later when source policy, SCM, and CIL[1] support are available, to ease the migration burden. These are the files that have been moved: /var/lib/selinux/<store>/active/... /var/lib/selinux/tmp/<store>/... file_contexts contexts/files/file_contexts file_contexts.homedirs contexts/files/file_contexts.homedirs file_contexts.local contexts/files/file_contexts.local netfilter_contexts contexts/netfilter_contexts policy.kern policy/policy.<policyversion> seusers.final seusers The layout of these files in /var/lib/selinux/tmp/<store> is designed to mirror their locations in /etc/selinux/<store>. This should help clarify the relationship between these final files and the files installed in etc. One consequence of this move is that reverting to the previous policy version requires a policy rebuild. Currently you can revert without rebuilding. [1] CIL RFC: http://marc.info/?l=selinux&m=124759244409438&w=2 Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
aea047c76904a907c0acb15ab4a6399ffe32dd63	24-Dec-2009	Caleb Case <ccase@tresys.com>	libsemanage: move the module store to /var/lib/selinux This patch moves the module store from /etc/selinux/<store>/modules to /var/lib/selinux/<store>. This move will allow for the use of a read-only /etc/selinux. Currently that is not possible with semanage because of the lock files. A consequence of this move is that packagers of libsemanage should create the /var/lib/selinux directory. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
844810d9ace7a13257b7bf715d9d6acd7131e741	27-Sep-2011	Steve Lawrence <slawrence@tresys.com>	Revert "libsemanage: introduce semanage_set_root and friends" This reverts commit 9cd587f5533456e7b26601e27e65744272e2e783. Conflicts: libsemanage/include/semanage/handle.h /external/selinux/libsemanage/src/semanage_store.c
30a2df81eb8a03f1414b30d7a9783d378d08c53d	27-Sep-2011	Steve Lawrence <slawrence@tresys.com>	Revert "Last attempt at upstreaming semodule_disable patch." This reverts commit 654dcb897e49908a958dae55cf29793412c4b390. Conflicts: policycoreutils/semodule/semodule.c /external/selinux/libsemanage/src/semanage_store.c
7475f818693f9153d6fb412cd0cd76804be592b7	27-Sep-2011	Steve Lawrence <slawrence@tresys.com>	Revert "libsemanage: change module disabled from rename to symlink" This reverts commit 60c780ffb6e7a48a2121e871ad20471a8fe0337d. /external/selinux/libsemanage/src/semanage_store.c
07e1c247cff83a084e9e39ba33ee1571e2c37e92	01-Aug-2013	Steve Lawrence <slawrence@tresys.com>	Revert "libsemanage: Alternate path for semanage.conf" This reverts commit 66dd98b83a519840a26be7fa5644c982524f3bf7. /external/selinux/libsemanage/src/semanage_store.c
f43e4eba2477ce8fd066b2a808c8e2f8a79dc0af	01-Aug-2013	Steve Lawrence <slawrence@tresys.com>	Revert "libsemanage: Cleanup/fix enable/disable/remove module." This reverts commit c9b09be4244f3c90cee19d9e3feca324f0e0e636. /external/selinux/libsemanage/src/semanage_store.c
fa095ad7a1c412de36d6f18cf4143f88182918ba	20-May-2014	Steve Lawrence <slawrence@tresys.com>	libsemanage: only try to compile file contexts if they exist It is not a requirement that all file context files exists (e.g. file_contexts.local is not mandatory). However, sefcontext_compile is executed for all file contexts files regardless of existance, which results in an error when they do not exist and causes policy load to fail. This modifies libsemanage so that sefcontext_compile is only executed on file contexts that do exist. Signed-off-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
b14294c01f2848adcb3daaf6dfc74c671cb514e3	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Remove the policy.kern after policy is build and replace with symbolic link. We want to shink the space required by selinux-policy for small cloud images. This file has no purpose after policy is built. /external/selinux/libsemanage/src/semanage_store.c
3f52a123af40bae33bde2a1f2ecfb2320b61f9ad	06-Feb-2013	Eric Paris <eparis@redhat.com>	libsemanage: semanage_store: fix segfault introduced to fix memory leak In the patch to fix a minor memory leak, I introduced a garuanteed segfault. The point to the stack variable will never be NULL, whereas the value on the stack will be. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
295abb370b4a78d36d30a0e35655e2a85608ed3e	05-Feb-2013	Eric Paris <eparis@redhat.com>	libsemanage: semanage_store: do not leak memory in semanage_exec_prog If vork() failed we would leak the arguments created in split_args(). Reorder the function so it will hopefully be easy to read and will not leak memory. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
06f2a7c3a92f9f945504159d4657b318f7237db3	05-Feb-2013	Eric Paris <eparis@redhat.com>	libsemanage: semanage_store: do not leak fd We use creat to create the lock file needed later. But we never close that fd, so it just sits around until the program exits. After we create the file we don't need to hold onto the fd. close it. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
78d618422bbf8774edaeaa3df549c2d4d1b06dd1	05-Feb-2013	Eric Paris <eparis@redhat.com>	libsemanage: semanage_store: do not leak on strdup failure Inside split_args we do a = realloc(b) and strdup. If the realloc succeeds and then the strdup fails, we return NULL to the caller. The caller will then jump to an error code which will do a free(b). This is fine if the realloc failed, but is a big problem if realloc worked. If it worked b is now meaningless and a needs to be freed. I change the function interface to return an error and to update "b" from the caller. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
d16ebaace10b246f411d65caa83c7ebdafd0a300	05-Feb-2013	Eric Paris <eparis@redhat.com>	libsemanage: semanage_store: rewrite for readability We did a bunch of: if ((blah = function(a0, a1, a2)) == NULL) { goto err; } else { something = blah; } Which takes 5 lines and is a pain to read. Instead: blah = function(a0, a1, a2); if (blah == NULL) goto err; something = blah; Which takes 4 lines and is easier to read! Winning! Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
2276a2fa51517ead7f4cf028263dee4b5e2bb46a	05-Dec-2012	Eric Paris <eparis@redhat.com>	libsemanage: fixes from coverity Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
c9b09be4244f3c90cee19d9e3feca324f0e0e636	21-Nov-2012	Dan Walsh <dwalsh@redhat.com>	libsemanage: Cleanup/fix enable/disable/remove module. If you specified a portion of the module name the code would disable the module rather then giving you an error. For example. semodule -d http Would disable the httpd module. As a matter of fact semodule -r h Would disable the first module file name that began with h. This patch gets the real file name out of the modules and compares it to the name specified. It also consolodates a bunch of duplicated code, and fixes a return code bug. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
28baa721e0f544d0899b68eb5eee070ed2b4b02b	14-Sep-2012	rhatdan <dwalsh@redhat.com>	libsemanage: Add sefcontext_compile to compile regex everytime policy is rebuilt Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
fade75f1e2f2bda739214e079e27a50dadd61e64	07-Jun-2012	Eric Paris <eparis@redhat.com>	libsemanage: semanage_store: fix snprintf length argument by using asprintf We calculated a length, allocated a space for the string, then used snprintf to fill the array giving it a different length. Rather than doing all that math ourselves, just use asprintf and let libraries get it right. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
a6c9140cbbe02c3dfb32798f9e5ba333297ba64b	07-Jun-2012	Eric Paris <eparis@redhat.com>	libsemanage: ignore 80 column limit for readability 80 columns just suck. Ignore it when we are only a little bit over. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
66dd98b83a519840a26be7fa5644c982524f3bf7	04-Jan-2012	Dan Walsh <dwalsh@redhat.com>	libsemanage: Alternate path for semanage.conf Currently the semanage.conf file is hard coded to /etc/selinux/semanage.conf even when an alternate root path is specified. Use the semanage.conf found inside the altername root instead of the system global version. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
86e8daafc3755820272c0f36a3dd115f0b01c93d	20-Oct-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: maintain mode even if umask is tighter When certain programs were run which created new files they would get default permissions based on the current users umask. However these files should get the same permissions as those files which they replaced. Do that. Patch from: Stephen Smalley Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
e4bc1b223debcc6747fef4d7a2a0a320c0208a88	01-Sep-2011	Harry Ciao <qingtao.cao@windriver.com>	libsepol: libsemanage: policycoreutils: Create a new preserve_tunables flag in sepol_handle_t. By default only the effective branch of a tunable conditional would be expanded and written to raw policy, while all needless unused branches would be discarded. Add a new option '-P' or "--preserve_tunables" to the semodule program. By default it is 0, if set to 1 then the above preserve_tunables flag in the sepol_handle_t would be set to 1 accordingly. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
60c780ffb6e7a48a2121e871ad20471a8fe0337d	29-Jun-2011	Eric Paris <eparis@redhat.com>	libsemanage: change module disabled from rename to symlink Change the way libsemanage handles disabled modules. In the current method libsemanage renames the FOO.pp file to FOO.pp.disabled and then the rebuild process ignores .disabled modules. Since we want to start shipping /etc/selinux/targeted/modules/active/modules/.pp within the payload of the rpm. If we continued this method, a policy update would re-enable a module. The new mechanism will just create a symbolic link between FOO.pp and FOO.pp.disabled. Then the library will check all modules, and if a module has a link, it will not be compiled into the policy. This solves the rpm update problem. and actually gives us an easier update capability since if FOO.pp.disabled already exists using the old method, it will continue to work with the new method. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
4b00b5c6a4876f3470b53252bad7a1e6f91899fc	04-Aug-2011	Dan Walsh <dwalsh@redhat.com>	libsemanage: print error debug info for buggy fc files Currently if you have a bug in a fc file, the store only reports that you have a problem but not the name of the module, or any hint of what is wrong. This patch will print out as much as been collected in the file_spec at the time of the error. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
9cd587f5533456e7b26601e27e65744272e2e783	29-Jun-2011	Eric Paris <eparis@redhat.com>	libsemanage: introduce semanage_set_root and friends Allow applications to specify an alternate root for selinux stores. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
d67b1ea1cbe30afb4894634f06ca25916b03cbd7	24-Jun-2011	Eric Paris <eparis@redhat.com>	libsemanage: drop the -no-unused-parameter build flag Annote the couple of places they are needed and drop the flag Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libsemanage/src/semanage_store.c
654dcb897e49908a958dae55cf29793412c4b390	24-Feb-2010	Daniel J Walsh <dwalsh@redhat.com>	Last attempt at upstreaming semodule_disable patch. This patch allows you to disable/Enable policy modules. It never seems to get upstreamed. :^( Signed-off-by: Joshua Brindle <method@manicmethod.com> /external/selinux/libsemanage/src/semanage_store.c
0b2f9ef8f3f91cd6e202dc8bdfe8e1156ae6c01a	25-Jan-2010	Stephen Smalley <sds@tycho.nsa.gov>	bzip support in libsemanage and out of memory (userspace ticket 7) On Sun, 2010-01-24 at 21:29 +0100, Guido Trentalancia wrote: > Hi ! > > Has anybody had any time to look at this ticket: > http://userspace.selinuxproject.org/trac/ticket/7 ? > > I have experienced the same issue and verified that the problem is actually triggered by the bzip support (as pointed out by Stephen Smalley back in August). In fact, if I use bzip-blocksize=0 in semanage.conf then the problem disappears... > > Otherwise with a default semanage.conf and bzip enabled, I get: > > libsepol.module_package_read_offsets: offset greater than file size (at 4, offset 200478 -> 8192 (No such file or directory). > libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/refpolicy/modules/tmp/base.pp. (No such file or directory). > semodule: Failed! > > I am using libsepol-2.0.41 and libsemanage-2.0.42. Looking into this more closely, I believe this is another manifestation of: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543915#17 which was ultimately traced down to two issues: 1) A missing offset check in libsepol (fixed in libsepol 2.0.38), and 2) A bug / lack of binary mode support in the fmemopen implementation in glibc that was later fixed, see: http://sourceware.org/bugzilla/show_bug.cgi?id=6544 Maybe you have the older glibc still? Looking at the libsemanage code though, I think we could in fact avoid any dependency on fmemopen by using the native libsepol support for operating on a memory region via sepol_policy_file_set_mem(), ala: Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libsemanage/src/semanage_store.c
bd74c23c7beaf340d3e21f84a253e3c994fe3623	21-Oct-2009	Chad Sellers <csellers@tresys.com>	libsemanage: Add function to turn off file contexts validation This patch adds a function to turn off file contexts validation. We need this for cross-installs in rpm, where we install policy into a chroot that has binaries of a different architecture which cannot be executed on the build system. So, we would like to use this function to disable executing setfiles. This of course means the file contexts could be invalid, but we're willing to take that risk. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libsemanage/src/semanage_store.c
8edc3f9730aab6bd8f52dafb9686baddaac83954	05-Aug-2009	Stephen Smalley <sds@tycho.nsa.gov>	libsemanage: do not hard link files Remove the support for hard linking files in semanage_copy_file, as it is unsafe and can leave the active store corrupted if something goes wrong during the transaction. It also can leave the installed policy files with incorrect file modes or security contexts. To do this safely, we would need to change all functions that write to the sandbox files to first unlink the destination file. This was done in the original patch for the write_file helper but not for other cases. It would need to be done for all functions that open.O_CREAT or fopen.w on a file in the sandbox. We also don't want this applied to the installed policy files, as they need to be created with appropriate file modes and security contexts that may differ from the sandbox files. At present, the hard link support will only affect the installed policy files when they are first created; afterward the link() call will always fail with EEXIST since they are not unlinked prior to installation (nor would that be safe as it could leave the system without a policy - rename would make more sense in that situation). If we were to re-introduce hard link support, we ought to use different helpers or flags for installing the policy files than for copying the active store to the temporary sandbox to avoid affecting both. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libsemanage/src/semanage_store.c
ee9827000137fed2d3300124115fc1572acafe2f	04-Aug-2009	Stephen Smalley <sds@tycho.nsa.gov>	libsemanage: Enable configuration of bzip behavior Allow the administrator to customize the bzip block size and "small" flag via semanage.conf. After applying you can add entries like these to your /etc/selinux/semanage.conf to trade off memory vs disk space (block size) and to trade off memory vs runtime (small): bzip-blocksize=4 bzip-small=true You can also disable bzip compression altogether for your module store via: bzip-blocksize=0 The semanage.conf entries are now validated against legal value ranges at handle creation time. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libsemanage/src/semanage_store.c
200efad4cb63fb35eb8a063d4bb0b0a3672ff66c	07-Jul-2009	Christopher Pardy <cpardy@redhat.com>	libsemanage: maintain disable dontaudit state between handle commits Currently any changes made to the policy which require committing a handle cause dontaudit rules to be re-enabled. This is confusing, and frustrating for users who want to edit policy with dontaudit rules turned off. This patch allows semanage to remember the last state of the dontaudit rules and apply them as default whenever a handle is connected. Additionally other functions may check for the file semanage creates to determine if dontaudit rules are turned on. This knowledge can be useful for tools like SETroubleshoot which may want to change their behavior depending on the state of the dontaudit rules. In the event that a the file cannot be created a call to commit will fail. Signed-off-by: Christopher Pardy <cpardy@redhat.com> [sds: Removed duplicate from other patch and cleaned up style.] [sds: Changed uses of semanage_fname to semanage_path.] Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libsemanage/src/semanage_store.c
df77db47e5fffde8905dd7de006ab18ecd4b59f8	05-Jan-2009	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Now that F11 has started, I am putting in the compression support. Date: Mon, 12 Jan 2009 10:37:23 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joshua Brindle wrote: > Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> libsemanage patch to add compression. >> >> Uses bzip compression, all pp files in active/previous stored in >> compressed state. Added new interfaces to be user by policycoreutils to >> specify file rather then memory map. >> >> Also uses link instead of copy whenever possible to save disk space. >> Seeing about a 10 fold savings on policy footprint. > > resend > > Comments inline > >> diff --exclude-from=exclude -N -u -r > nsalibsemanage/include/semanage/modules.h > libsemanage-2.0.28/include/semanage/modules.h >> --- nsalibsemanage/include/semanage/modules.h 2008-08-28 > 09:34:24.000000000 -0400 >> +++ libsemanage-2.0.28/include/semanage/modules.h 2008-10-13 > 12:35:22.000000000 -0400 >> @@ -30,10 +30,16 @@ >> >> int semanage_module_install(semanage_handle_t , >> char module_data, size_t data_len); >> +int semanage_module_install_file(semanage_handle_t , >> + const char module_name); >> int semanage_module_upgrade(semanage_handle_t , >> char module_data, size_t data_len); >> +int semanage_module_upgrade_file(semanage_handle_t , >> + const char module_name); >> int semanage_module_install_base(semanage_handle_t , >> char module_data, size_t data_len); >> +int semanage_module_install_base_file(semanage_handle_t , >> + const char module_name); >> int semanage_module_remove(semanage_handle_t , char module_name); >> >> /* semanage_module_info is for getting information on installed >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile > libsemanage-2.0.28/src/Makefile >> --- nsalibsemanage/src/Makefile 2008-08-28 09:34:24.000000000 -0400 >> +++ libsemanage-2.0.28/src/Makefile 2008-10-13 12:35:22.000000000 -0400 >> @@ -54,7 +54,7 @@ >> ranlib $@ >> >> $(LIBSO): $(LOBJS) >> - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr > -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs >> + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 > -lustr -L$(LIBDIR) > -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs >> ln -sf $@ $(TARGET) >> >> conf-scan.c: conf-scan.l conf-parse.h >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c > libsemanage-2.0.28/src/direct_api.c >> --- nsalibsemanage/src/direct_api.c 2008-09-15 12:20:44.000000000 -0400 >> +++ libsemanage-2.0.28/src/direct_api.c 2008-10-13 16:36:51.000000000 > -0400 >> @@ -50,6 +50,7 @@ >> #include "semanage_store.h" >> #include "database_policydb.h" >> #include "policy.h" >> +#include <sys/mman.h> >> >> static void semanage_direct_destroy(semanage_handle_t * sh); >> static int semanage_direct_disconnect(semanage_handle_t * sh); >> @@ -57,10 +58,13 @@ >> static int semanage_direct_commit(semanage_handle_t * sh); >> static int semanage_direct_install(semanage_handle_t * sh, char data, >> size_t data_len); >> +static int semanage_direct_install_file(semanage_handle_t sh, const > char module_name); >> static int semanage_direct_upgrade(semanage_handle_t sh, char data, >> size_t data_len); >> +static int semanage_direct_upgrade_file(semanage_handle_t sh, const > char module_name); >> static int semanage_direct_install_base(semanage_handle_t sh, char > base_data, >> size_t data_len); >> +static int semanage_direct_install_base_file(semanage_handle_t sh, > const char module_name); >> static int semanage_direct_remove(semanage_handle_t sh, char > module_name); >> static int semanage_direct_list(semanage_handle_t sh, >> semanage_module_info_t ** modinfo, >> @@ -73,8 +77,11 @@ >> .begin_trans = semanage_direct_begintrans, >> .commit = semanage_direct_commit, >> .install = semanage_direct_install, >> + .install_file = semanage_direct_install_file, >> .upgrade = semanage_direct_upgrade, >> + .upgrade_file = semanage_direct_upgrade_file, >> .install_base = semanage_direct_install_base, >> + .install_base_file = semanage_direct_install_base_file, >> .remove = semanage_direct_remove, >> .list = semanage_direct_list >> }; >> @@ -378,12 +385,157 @@ >> return 0; >> } >> >> +#include <stdlib.h> >> +#include <bzlib.h> >> +#include <string.h> >> +#include <sys/sendfile.h> >> + >> +/* bzip() a file to 'data', returning the total number of > uncompressed bytes >> + in the file. Returns 0 if file could not be decompressed. / > > Why 0? Can we make this -1? > Fixed >> +static size_t bzip(const char filename, char data, size_t num_bytes) { >> + BZFILE b; >> + size_t size = 1<<16; >> + int bzerror; >> + size_t total = 0; >> + size_t len = 0; >> + FILE f; >> + >> + if ((f = fopen(filename, "wb")) == NULL) { >> + return 0; >> + } >> + >> + b = BZ2_bzWriteOpen( &bzerror, f, 9, 0, 0); >> + if (bzerror != BZ_OK) { >> + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); >> + return 0; >> + } >> + >> + while ( num_bytes > total ) { >> + if (num_bytes - total > size) { >> + len = size; >> + } else { >> + len = num_bytes - total; >> + } >> + BZ2_bzWrite ( &bzerror, b, &data[total], len ); >> + if (bzerror == BZ_IO_ERROR) { >> + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); >> + return 0; >> + } >> + total += len; >> + } >> + >> + BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); >> + fclose(f); >> + if (bzerror == BZ_IO_ERROR) { >> + return 0; >> + } >> + return total; >> +} >> + >> +/ bunzip() a file to 'data', returning the total number of > uncompressed bytes >> + in the file. Returns 0 if file could not be decompressed. / > > Same as above. > Fixed >> +size_t bunzip(FILE f, char *data) { >> + BZFILE b; >> + size_t nBuf; >> + char buf[1<<18]; >> + size_t size = sizeof(buf); >> + int bzerror; >> + size_t total=0; >> + >> + b = BZ2_bzReadOpen ( &bzerror, f, 0, 0, NULL, 0 ); >> + if ( bzerror != BZ_OK ) { >> + BZ2_bzReadClose ( &bzerror, b ); >> + return 0; >> + } >> + >> + char uncompress = realloc(NULL, size); >> + >> + while ( bzerror == BZ_OK) { >> + nBuf = BZ2_bzRead ( &bzerror, b, buf, sizeof(buf)); >> + if (( bzerror == BZ_OK ) \|\| ( bzerror == BZ_STREAM_END )) { >> + if (total + nBuf > size) { >> + size = 2; >> + uncompress = realloc(uncompress, size); >> + } >> + memcpy(&uncompress[total], buf, nBuf); >> + total += nBuf; >> + } >> + } >> + if ( bzerror != BZ_STREAM_END ) { >> + BZ2_bzReadClose ( &bzerror, b ); >> + free(uncompress); >> + return 0; >> + } >> + BZ2_bzReadClose ( &bzerror, b ); >> + >> + data = uncompress; >> + return total; >> +} >> + >> +/ mmap() a file to 'data', >> + If the file is bzip compressed map_file will uncompress >> + * the file into 'data'. >> + Returns the total number of bytes in memory . >> + * Returns 0 if file could not be opened or mapped. / > > Same as above > Fixed >> +static size_t map_file(int fd, char data, int compressed) >> +{ >> + int size; >> + char uncompress; >> + if ((size = bunzip(fdopen(fd, "r"), &uncompress)) > 0) { >> + data = mmap(0, size, PROT_READ\|PROT_WRITE, > MAP_PRIVATE\|MAP_ANONYMOUS, 0, 0); >> + if (data == MAP_FAILED) { >> + free(uncompress); >> + return 0; >> + } else { >> + memcpy(data, uncompress, size); >> + } >> + free(uncompress); >> + compressed = 1; >> + } else { >> + struct stat sb; >> + if (fstat(fd, &sb) == -1 \|\| >> + (data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == >> + MAP_FAILED) { >> + size = 0; >> + } else { >> + size = sb.st_size; >> + } >> + compressed = 0; >> + } >> + >> + return size; >> +} >> + >> +static int dupfile( const char dest, int src_fd) { >> + int dest_fd = -1; >> + int retval = 0; >> + int cnt; >> + char buf[1<<18]; >> + >> + if (lseek(src_fd, 0, SEEK_SET) == -1 ) return -1; >> + >> + if ((dest_fd = open(dest, O_WRONLY \| O_CREAT \| O_TRUNC, >> + S_IRUSR \| S_IWUSR)) == -1) { >> + return -1; >> + } >> + >> + while (( retval == 0 ) && >> + ( cnt = read(src_fd, buf, sizeof(buf)))> 0 ) { >> + if (write(dest_fd, buf, cnt) < cnt) retval = -1; >> + } >> + close(dest_fd); >> + return retval; >> +} >> + >> /* Writes a block of data to a file. Returns 0 on success, -1 on >> * error. / >> static int write_file(semanage_handle_t sh, >> const char filename, char data, size_t num_bytes) >> { >> int out; >> + >> + /* Unlink no matter what, incase this file is a hard link, ignore > error / >> + unlink(filename); >> if ((out = >> open(filename, O_WRONLY \| O_CREAT \| O_TRUNC, >> S_IRUSR \| S_IWUSR)) == -1) { >> @@ -499,7 +651,7 @@ >> sepol_policydb_t out = NULL; >> >> /* Declare some variables / >> - int modified, fcontexts_modified, ports_modified, >> + int modified = 0, fcontexts_modified, ports_modified, >> seusers_modified, users_extra_modified; >> dbase_config_t users = semanage_user_dbase_local(sh); >> dbase_config_t users_base = semanage_user_base_dbase_local(sh); >> @@ -815,7 +967,9 @@ >> &filename)) != 0) { >> goto cleanup; >> } >> - if (write_file(sh, filename, data, data_len) == -1) { >> + >> + if (bzip(filename, data, data_len) == 0) { >> + ERR(sh, "Error while writing to %s.", filename); >> retval = -3; >> } >> retval = 0; > retval = -3 gets smashed immediately afterward > >> @@ -826,19 +980,60 @@ >> return retval; >> } >> >> -/ Similar to semanage_direct_install(), except that it checks that >> - * there already exists a module with the same name and that the >> - * module is an older version then the one in 'data'. Returns 0 on >> - * success, -1 if out of memory, -2 if the data does not represent a >> - * valid module file, -3 if error while writing file or reading >> - * modules directory, -4 if there does not exist an older module or if >> - * the previous module is same or newer than 'data'. >> - / >> -static int semanage_direct_upgrade(semanage_handle_t sh, >> - char data, size_t data_len) >> +/ Attempts to link a module to the sandbox's module directory, > unlinking any >> + * previous module stored within. Returns 0 on success, -1 if out of > memory, -2 if the >> + * data does not represent a valid module file, -3 if error while >> + * writing file. / >> + >> +static int semanage_direct_install_file(semanage_handle_t sh, >> + const char install_filename) >> { >> + >> + int retval = -1; >> + char data = NULL; >> + size_t data_len = 0; >> + int compressed = 0; >> + int in_fd = -1; >> + >> + if ((in_fd = open(install_filename, O_RDONLY)) == -1) { >> + return 0; > > returning 0 on failure here > Fixed >> + } >> + >> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { >> + goto cleanup; >> + } >> + >> + if (compressed) { >> + char module_name = NULL, version = NULL, filename = NULL; >> + if ((retval = parse_module_headers(sh, data, data_len, >> + &module_name, &version, >> + &filename)) != 0) { >> + goto cleanup; > > Probably need to free module_name, version, filename here > Why these are cleaned up in cleanup and if it gets an error it should not have allocated memory? >> + } >> + >> + if (data_len > 0) munmap(data, data_len); >> + data_len = 0; >> + retval = dupfile(filename, in_fd); >> + free(version); >> + free(filename); >> + free(module_name); >> + >> + } else { >> + retval = semanage_direct_install(sh, data, data_len); >> + } >> + >> + cleanup: >> + close(in_fd); >> + if (data_len > 0) munmap(data, data_len); >> + >> + return retval; >> +} >> + >> + >> +static int get_direct_upgrade_filename(semanage_handle_t sh, >> + char data, size_t data_len, char outfilename) { >> int i, retval, num_modules = 0; >> - char module_name = NULL, version = NULL, filename = NULL; >> + char filename = NULL, module_name = NULL, version = NULL; > > ? Removed > >> semanage_module_info_t modinfo = NULL; >> if ((retval = parse_module_headers(sh, data, data_len, >> &module_name, &version, >> @@ -868,14 +1063,10 @@ >> if (retval == -4) { >> ERR(sh, "There does not already exist a module named %s.", >> module_name); >> - goto cleanup; >> - } >> - if (write_file(sh, filename, data, data_len) == -1) { >> - retval = -3; >> } >> + >> cleanup: >> free(version); >> - free(filename); >> free(module_name); >> for (i = 0; modinfo != NULL && i < num_modules; i++) { >> semanage_module_info_t m = >> @@ -883,6 +1074,80 @@ >> semanage_module_info_datum_destroy(m); >> } >> free(modinfo); >> + if (retval == 0) { >> + outfilename = filename; >> + } else { >> + free(filename); >> + } >> + return retval; >> +} >> + >> +/* Similar to semanage_direct_install(), except that it checks that >> + * there already exists a module with the same name and that the >> + * module is an older version then the one in 'data'. Returns 0 on >> + * success, -1 if out of memory, -2 if the data does not represent a >> + * valid module file, -3 if error while writing file or reading >> + * modules directory, -4 if there does not exist an older module or if >> + * the previous module is same or newer than 'data'. >> + / >> +static int semanage_direct_upgrade(semanage_handle_t sh, >> + char data, size_t data_len) >> +{ >> + char filename = NULL; >> + int retval = get_direct_upgrade_filename(sh, >> + data, data_len, >> + &filename); >> + if (retval == 0) { >> + if (bzip(filename, data, data_len) == 0) { >> + ERR(sh, "Error while writing to %s.", filename); >> + retval = -3; >> + } >> + free(filename); >> + } >> + return retval; >> +} >> + >> +/* Attempts to link a module to the sandbox's module directory, > unlinking any >> + * previous module stored within. >> + * Returns 0 on success, -1 if out of memory, -2 if the >> + * data does not represent a valid module file, -3 if error while >> + * writing file. / >> + >> +static int semanage_direct_upgrade_file(semanage_handle_t sh, >> + const char module_filename) >> +{ >> + int retval = -1; >> + char data = NULL; >> + size_t data_len = 0; >> + int compressed = 0; >> + int in_fd = -1; >> + >> + if ((in_fd = open(module_filename, O_RDONLY)) == -1) { >> + return 0; > > returning 0 on failure > Fixed >> + } >> + >> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { >> + goto cleanup; >> + } >> + >> + if (compressed) { >> + char filename = NULL; >> + retval = get_direct_upgrade_filename(sh, >> + data, data_len, >> + &filename); >> + >> + if (retval != 0) goto cleanup; >> + >> + retval = dupfile(filename, in_fd); >> + free(filename); >> + } else { >> + retval = semanage_direct_upgrade(sh, data, data_len); >> + } >> + >> + cleanup: >> + close(in_fd); >> + if (data_len > 0) munmap(data, data_len); >> + >> return retval; >> } >> >> @@ -903,7 +1168,8 @@ >> if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) { >> goto cleanup; >> } >> - if (write_file(sh, filename, base_data, data_len) == -1) { >> + if (bzip(filename, base_data, data_len) == 0) { >> + ERR(sh, "Error while writing to %s.", filename); >> retval = -3; >> } >> retval = 0; > > retval gets smashed > Fixed, this was an existing bug, BTW >> @@ -911,6 +1177,49 @@ >> return retval; >> } >> >> +/ Writes a base module into a sandbox, overwriting any previous base >> + * module. >> + * Returns 0 on success, -1 if out of memory, -2 if the data does not > represent >> + * a valid base module file, -3 if error while writing file. >> + / >> +static int semanage_direct_install_base_file(semanage_handle_t sh, >> + const char install_filename) >> +{ >> + int retval = -1; >> + char data = NULL; >> + size_t data_len = 0; >> + int compressed = 0; >> + int in_fd; >> + >> + if ((in_fd = open(install_filename, O_RDONLY)) == -1) { >> + return 0; > > returning 0 on failure > Fixed >> + } >> + >> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { >> + goto cleanup; >> + } >> + >> + if (compressed) { >> + const char filename = NULL; >> + if ((retval = parse_base_headers(sh, data, data_len)) != 0) { >> + goto cleanup; >> + } >> + if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) { >> + goto cleanup; >> + } >> + >> + retval = dupfile(filename, in_fd); >> + } else { >> + retval = semanage_direct_install_base(sh, data, data_len); >> + } >> + >> + cleanup: >> + close(in_fd); >> + if (data_len > 0) munmap(data, data_len); >> + >> + return retval; >> +} >> + >> / Removes a module from the sandbox. Returns 0 on success, -1 if out >> * of memory, -2 if module not found or could not be removed. / >> static int semanage_direct_remove(semanage_handle_t sh, char > module_name) >> @@ -1005,15 +1314,26 @@ >> report it / >> continue; >> } >> + size_t size; >> + char data = NULL; >> + >> + if ((size = bunzip(fp, &data)) != 0) { >> + fclose(fp); >> + fp = fmemopen(data, size, "rb"); > > unhandled error from fclose and fmemopen > Fixed fmemopen failure, we don't check fclose failure anywhere in the code. >> + } >> + rewind(fp); >> + >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> sepol_policy_file_set_fp(pf, fp); >> if (sepol_module_package_info(pf, &type, &name, &version)) { >> fclose(fp); >> + free(data); >> free(name); >> free(version); >> continue; >> } >> fclose(fp); >> + free(data); >> if (type == SEPOL_POLICY_MOD) { >> (modinfo)[num_modules].name = name; >> (modinfo)[num_modules].version = version; >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.h > libsemanage-2.0.28/src/direct_api.h >> --- nsalibsemanage/src/direct_api.h 2008-08-28 09:34:24.000000000 -0400 >> +++ libsemanage-2.0.28/src/direct_api.h 2008-10-13 12:35:22.000000000 > -0400 >> @@ -37,4 +37,7 @@ >> >> int semanage_direct_access_check(struct semanage_handle sh); >> >> +#include <stdio.h> >> +size_t bunzip(FILE f, char *data); >> + >> #endif >> diff --exclude-from=exclude -N -u -r > nsalibsemanage/src/libsemanage.map libsemanage-2.0.28/src/libsemanage.map >> --- nsalibsemanage/src/libsemanage.map 2008-08-28 09:34:24.000000000 > -0400 >> +++ libsemanage-2.0.28/src/libsemanage.map 2008-10-13 > 12:35:22.000000000 -0400 >> @@ -3,8 +3,10 @@ >> semanage_is_managed; semanage_connect; semanage_disconnect; >> semanage_msg_; >> semanage_begin_transaction; semanage_commit; >> - semanage_module_install; semanage_module_upgrade; >> - semanage_module_install_base; semanage_module_remove; >> + semanage_module_install; semanage_module_install_file; >> + semanage_module_upgrade; semanage_module_upgrade_file; >> + semanage_module_install_base; semanage_module_install_base_file; >> + semanage_module_remove; >> semanage_module_list; semanage_module_info_datum_destroy; >> semanage_module_list_nth; semanage_module_get_name; >> semanage_module_get_version; semanage_select_store; >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c > libsemanage-2.0.28/src/modules.c >> --- nsalibsemanage/src/modules.c 2008-08-28 09:34:24.000000000 -0400 >> +++ libsemanage-2.0.28/src/modules.c 2008-10-13 12:35:22.000000000 -0400 >> @@ -52,6 +52,25 @@ >> return sh->funcs->install(sh, module_data, data_len); >> } >> >> +int semanage_module_install_file(semanage_handle_t * sh, >> + const char module_name) { >> + >> + if (sh->funcs->install_file == NULL) { >> + ERR(sh, >> + "No install function defined for this connection type."); >> + return -1; >> + } else if (!sh->is_connected) { >> + ERR(sh, "Not connected."); >> + return -1; >> + } else if (!sh->is_in_transaction) { >> + if (semanage_begin_transaction(sh) < 0) { >> + return -1; >> + } >> + } >> + sh->modules_modified = 1; >> + return sh->funcs->install_file(sh, module_name); >> +} >> + >> int semanage_module_upgrade(semanage_handle_t sh, >> char module_data, size_t data_len) >> { >> @@ -71,6 +90,25 @@ >> return sh->funcs->upgrade(sh, module_data, data_len); >> } >> >> +int semanage_module_upgrade_file(semanage_handle_t sh, >> + const char module_name) { >> + >> + if (sh->funcs->upgrade_file == NULL) { >> + ERR(sh, >> + "No upgrade function defined for this connection type."); >> + return -1; >> + } else if (!sh->is_connected) { >> + ERR(sh, "Not connected."); >> + return -1; >> + } else if (!sh->is_in_transaction) { >> + if (semanage_begin_transaction(sh) < 0) { >> + return -1; >> + } >> + } >> + sh->modules_modified = 1; >> + return sh->funcs->upgrade_file(sh, module_name); >> +} >> + >> int semanage_module_install_base(semanage_handle_t sh, >> char module_data, size_t data_len) >> { >> @@ -90,6 +128,25 @@ >> return sh->funcs->install_base(sh, module_data, data_len); >> } >> >> +int semanage_module_install_base_file(semanage_handle_t sh, >> + const char module_name) { >> + >> + if (sh->funcs->install_base_file == NULL) { >> + ERR(sh, >> + "No install base function defined for this connection type."); >> + return -1; >> + } else if (!sh->is_connected) { >> + ERR(sh, "Not connected."); >> + return -1; >> + } else if (!sh->is_in_transaction) { >> + if (semanage_begin_transaction(sh) < 0) { >> + return -1; >> + } >> + } >> + sh->modules_modified = 1; >> + return sh->funcs->install_base_file(sh, module_name); >> +} >> + >> int semanage_module_remove(semanage_handle_t sh, char module_name) >> { >> if (sh->funcs->remove == NULL) { >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h > libsemanage-2.0.28/src/policy.h >> --- nsalibsemanage/src/policy.h 2008-08-28 09:34:24.000000000 -0400 >> +++ libsemanage-2.0.28/src/policy.h 2008-10-13 12:35:22.000000000 -0400 >> @@ -49,8 +49,14 @@ >> / Install a policy module / >> int (install) (struct semanage_handle , char , size_t); >> >> + /* Install a policy module / >> + int (install_file) (struct semanage_handle , const char ); >> + >> /* Upgrade a policy module / >> int (upgrade) (struct semanage_handle , char , size_t); >> + >> + /* Upgrade a policy module / >> + int (upgrade_file) (struct semanage_handle , const char ); >> >> /* Remove a policy module / >> int (remove) (struct semanage_handle , char ); >> @@ -61,6 +67,9 @@ >> >> /* Install base policy / >> int (install_base) (struct semanage_handle , char , size_t); >> + >> + /* Install a base module / >> + int (install_base_file) (struct semanage_handle , const char ); >> }; >> >> /* Should be backend independent / >> diff --exclude-from=exclude -N -u -r > nsalibsemanage/src/semanage_store.c libsemanage-2.0.28/src/semanage_store.c >> --- nsalibsemanage/src/semanage_store.c 2008-09-15 12:20:44.000000000 > -0400 >> +++ libsemanage-2.0.28/src/semanage_store.c 2008-10-13 > 12:57:29.000000000 -0400 >> @@ -440,6 +440,8 @@ >> char tmp[PATH_MAX]; >> char buf[4192]; >> >> + if (link(src,dst) == 0) return 0; >> + >> n = snprintf(tmp, PATH_MAX, "%s.tmp", dst); >> if (n < 0 \|\| n >= PATH_MAX) >> return -1; >> @@ -1522,16 +1524,26 @@ >> ERR(sh, "Could not open module file %s for reading.", filename); >> goto cleanup; >> } >> + size_t size; >> + char data = NULL; >> + >> + if ((size = bunzip(fp, &data)) != 0) { >> + fclose(fp); >> + fp = fmemopen(data, size, "rb"); >> + } > > unhandled error from fclose and fmemopen > Fixed as above > >> + rewind(fp); >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> sepol_policy_file_set_fp(pf, fp); >> sepol_policy_file_set_handle(pf, sh->sepolh); >> if (sepol_module_package_read(*package, pf, 0) == -1) { >> ERR(sh, "Error while reading from module file %s.", filename); >> fclose(fp); >> + free(data); >> goto cleanup; >> } >> sepol_policy_file_free(pf); >> fclose(fp); >> + free(data); >> return retval; >> >> cleanup: > > /external/selinux/libsemanage/src/semanage_store.c
9e2c58f924c074c3f2b644e4a4ec197e1b629431	11-Nov-2008	Christopher J. PeBenito <cpebenito@tresys.com>	homedir_template generation skips USER lines The current libsemanage code does not correctly add lines which include USER in them into the homedir_template, for example: /tmp/gconfd-USER -d system_u:object_r:ROLE_tmp_t This line was included in the past since it has ROLE. However, with the switch to UBAC separations, the line has changed to: /tmp/gconfd-USER -d system_u:object_r:user_tmp_t and is no longer included. The follwing patch fixes. Signed-off-by: Joshua Brindle <method@manicmethod.com> /external/selinux/libsemanage/src/semanage_store.c
e319cd8538dca80c4a6f9ad2669b14e02f255853	15-Sep-2008	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: libsemage patch to not compile modules for seusers and fcontext Date: Wed, 10 Sep 2008 10:30:08 -0400 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ivan Gyurdiev wrote: > >>> I'm a little unclear on what this is doing - can you clarify? >>> >> This is clearing the existing seusers.final file, otherwise delete was >> not working. >> > I think the previous code was doing more - it was merging the local file > with the shipped base package file, like this: > > data = extract_file_from_policy_package( ) > write_file ( "seusers.final", data ) > if ( data != null ) { > seusers.clear_cache() // thereby forcing reload from > seusers.final when cache() is called again (in merge_components) > } else { > seusers.clear() > } > > It's also doing this three times (once for fcontexts, once for seusers, > once for seusers_extra). > The problem is that you're skipping the link_sandbox call, which builds > the base package, containing this information. > > Ivan > > Ok I found some problems with the previous patch and did some code reuse. I added a function that only read base.pp in order to handle the base user_extra and seusers problem. Signed-off-by: Joshua Brindle <method@manicmethod.com> /external/selinux/libsemanage/src/semanage_store.c
13cd4c8960688af11ad23b4c946149015c80d549	19-Aug-2008	Joshua Brindle <method@manicmethod.com>	initial import from svn trunk revision 2950 /external/selinux/libsemanage/src/semanage_store.c