| 914e591c416ae6145588a99f8cd3f02b8468accf |
|
13-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: fix audit2why error handling if SELinux is disabled.
If SELinux is disabled, then selinux_current_policy_path() returns NULL.
At present, if you run audit2allow on a SELinux-disabled host without
the -p option, you get:
unable to open (null): Bad address
We haven't seen this because most people running audit2allow are doing
it on SELinux-enabled hosts and using the host policy. But for Android,
the build host OS often has SELinux disabled and we need to pass audit2allow
the path to the Android policy. Handle this case and provide a hint to
the user.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/audit2why.c
|
| 9eb9c9327563014ad6a807814e7975424642d5b9 |
|
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of security_context_t and fix const declarations.
In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller. Easiest fix is to replace them all with
const char *. And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them. typedef left to permit
building legacy users until such a time as all are updated.
This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 6d0f11142172ef8a827e53e871030d26829ab39f |
|
28-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Change audit2why to return constraint information on denial.
This patch uses Richard Haines fixes in libsepol to help identify which
constraint is blocking access. The end goal is helping policy writers
and administrators to diagnose issues with their policy.
/external/selinux/libselinux/src/audit2why.c
|
| 56258807ea4b33cf3c7a1dbf1b574ab77c91f899 |
|
25-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert "Richard Haines patch that allows us discover constraint violation information"
This reverts commit 56b49ab7114f367f46b70e41d84dc7e6d52d5209.
Conflicts:
libselinux/src/audit2why.c
/external/selinux/libselinux/src/audit2why.c
|
| 7eec00a5be8b5cebcbbc9a30b42b34f4a623c587 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Add selinux_current_policy_path, which returns the a pointer to the loaded policy
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file. It is more likely that you are examining the running policy.
/external/selinux/libselinux/src/audit2why.c
|
| 756013edc51bf9db084acec447f8fb35a06b9517 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
This patch fixes python parsing.
Eliminates a potential memory leaks.
/external/selinux/libselinux/src/audit2why.c
|
| 56b49ab7114f367f46b70e41d84dc7e6d52d5209 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Richard Haines patch that allows us discover constraint violation information
Basically we need this information to allow audit2allow/audit2why to better
describe which constraint is being broken.
/external/selinux/libselinux/src/audit2why.c
|
| aa62cd60f7192123b509c2518e7a2083e34a65a2 |
|
29-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: Fix errors found by coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 7504bbd87302c61f39f8f7641df63213f5da6cd8 |
|
21-Nov-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: audit2why: Cleanup audit2why analysys function
Tee-tiny cleanup to remove needless {}
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| d09bcb75f5e7c87ba4b8fd8b55ec28c69a1c94fa |
|
19-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: do not leak on multiple init() calls
If init() was already called then avc will be set. If avc is set just
return.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 019e6fd6d4e383ae82b65a2f5868e377dd8af571 |
|
15-Oct-2012 |
rhatdan <dwalsh@redhat.com> |
libselinux: audit2why: Fix segfault if finish() called twice
If audit2why.finish is called more than once the global avc variable
will be NULL, and thus dereferencing it will obviously cause problems.
Thus just bail if avc is NULL and we know cleanup is done.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 933840af6c41ea0203485227c4ac2258f15d40f5 |
|
04-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: make sure path is nul terminated
We use strncpy which could leave a non-nul terminated string if the
source is longer than PATH_MAX. Add that nul.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 9b3055ada5fffd40c2b8fb23485364bba2c4c111 |
|
19-Apr-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: silence -Wmissing-prototypes warning
The init functions are non-static but did not have a prototype
declaration. They are called magically from python, so just declare the
prototype to silence the warning.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 74a9a5296688e2617d669b346d3f5ef6e31ae2d9 |
|
27-Oct-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: audit2why: close fd on enomem
Potential file descriptor leak on this code path, need to close file
descriptor if out of memory.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 8faf23de0b534a19555691e8ba111dcde8f02af3 |
|
03-Aug-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: work around python bug not defining SIZEOF_SOCKET_T
A at least one broken python headers didn't define SIZEOF_SOCKET_T.
Define it if we happen upon one of those.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 802369fbe2c7aadc6a9de3c5c5c4f60b81203d5d |
|
05-Jul-2011 |
Eric Paris <eparis@redhat.com> |
audit2allow: do not print statistics
I believe this is just to stop flooding the screen with libsepol
statistics every time you run audit2allow or any other libsepol command.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 2ea80c28a560ede4ad318aa7ccbfd5f555264465 |
|
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: fix python audit2why binding error
There is a missing error check in audit2why.c. Check for error and
return NULL if we can't initialize instead of just pretending it worked.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 874bac80bbfbf0a5af51bfa02cad2c233aac7273 |
|
24-Jun-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
Patch for python3 for libselinux
Allow the specification of python3 in the swig creation
This patch adds the new option PYPREFIX which causes the swig created
libraries to have a prefix. This allows one to build both the python2
and python3 libraries in the same source tree. The install will then
later strip this prefix back off when it drops the files into the python
approriate site package directory.
This patch also needs to update the PYINC definition as newer python
patckages on fedora exist in /usr/include/python3.2mu instead of
/usr/include/python3.2 as the other method of detemrining PYINC would
have found.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/audit2why.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/audit2why.c
|