Cross Reference: /external/selinux/libselinux/src/label

History log of /external/selinux/libselinux/src/label_file.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
90c2d42e033f8c83bfb1f236df788287650f8042	27-Oct-2015	William Roberts <william.c.roberts@intel.com>	libselinux: label_file: fix memory leaks and uninitialized jump Some error's were reported by valgrind (below) fix them. The test cases on which these leaks were detected: 1. properly formed file_contexts file. 2. malformed file_contexts file, unknown type. 3. malformed file_contexts file, type that fails on validate callback. 4. malformed file_contexts file, invalid regex. 5. malformed file_contexts file, invalid mode. ==3819== Conditional jump or move depends on uninitialised value(s) ==3819== at 0x12A682: closef (label_file.c:577) ==3819== by 0x12A196: selabel_close (label.c:163) ==3819== by 0x10A2FD: cleanup (checkfc.c:218) ==3819== by 0x5089258: __run_exit_handlers (exit.c:82) ==3819== by 0x50892A4: exit (exit.c:104) ==3819== by 0x10A231: main (checkfc.c:361) ==3819== Uninitialised value was created by a heap allocation ==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x12BB31: process_file (label_file.h:273) ==3819== by 0x12A2BA: selabel_file_init (label_file.c:522) ==3819== by 0x12A0BB: selabel_open (label.c:88) ==3819== by 0x10A038: main (checkfc.c:292) ==3819== ==3819== ==3819== HEAP SUMMARY: ==3819== in use at exit: 729 bytes in 19 blocks ==3819== total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated ==3819== ==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2 ==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x50D5839: strdup (strdup.c:42) ==3819== by 0x12A2A6: selabel_file_init (label_file.c:517) ==3819== by 0x12A0BB: selabel_open (label.c:88) ==3819== by 0x10A038: main (checkfc.c:292) ==3819== ==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x12A1D2: selabel_file_init (label_file.c:886) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x50D5839: strdup (strdup.c:42) ==4238== by 0x12A2A6: selabel_file_init (label_file.c:517) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x50D5889: strndup (strndup.c:45) ==4238== by 0x12CDDF: read_spec_entries (label_support.c:37) ==4238== by 0x12B72D: process_file (label_file.h:392) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6 ==4238== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x117C9B: avtab_insert_node (avtab.c:105) ==4238== by 0x117C10: avtab_insert (avtab.c:163) ==4238== by 0x11880A: avtab_read_item (avtab.c:566) ==4238== by 0x118BD3: avtab_read (avtab.c:600) ==4238== by 0x125BDD: policydb_read (policydb.c:3854) ==4238== by 0x109F87: main (checkfc.c:273) ==4238== ==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217) ==4238== by 0x12B239: compile_regex (label_file.h:357) ==4238== by 0x12B9C7: process_file (label_file.h:429) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x13EBE5: pcre_study (pcre_study.c:1565) ==4238== by 0x12B25D: compile_regex (label_file.h:366) ==4238== by 0x12B9C7: process_file (label_file.h:429) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) Signed-off-by: William Roberts <william.c.roberts@intel.com> /external/selinux/libselinux/src/label_file.c
e0456053d045997fa072565eb9b2c95ce9c9724a	15-Oct-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Fix selabel_open(3) services if no digest requested If selabel_open is called with no request for a digest it will fail with ENOENT. This fixes all the labeling routines to resolve this problem. The utils/selabel_digest example has also been updated to allow calling selabel_open with and without digest requests to aid testing. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
e40bbea95f555fe9708cbbc39895bd67a8ac6c48	30-Sep-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add selabel_digest function selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during selabel_open(3) will return an SHA1 digest of the spec files, plus a list of the specfiles used to calculate the digest. There is a test utility supplied that will demonstrate the functionality. The use case for selabel_digest(3) is to implement an selinux_restorecon function based on the Android version that writes a hash of the file_contexts files to an extended attribute to enhance performance (see external/libselinux/src/android.c selinux_android_restorecon()). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
5d19497b5c30bcab9e5e60ac73df5fc3da4e0466	15-Sep-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Fix mmap memory release for file labeling Ensure the mmap start address and length are not modified so the memory used can be released when selabel_close(3) is called. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
8a9d25a8e9cb716d6de3276555d29e132ca8c973	07-Aug-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: do not treat an empty file_contexts(.local) as an error file_contexts can be legitimately empty, particularly when dealing with a file_contexts.local file. The change to test for file_contexts.bin format by magic number was treating an EOF condition as a fatal error, thereby causing an error on empty file_contexts.local files. Only treat it as an error if there was truly an error on the read, as checked via ferror(). Otherwise, clear the error and EOF indicators so that they do not persist when we rewind the file and try to read it as text. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
49346faa05bf42615478429883284449809a8ec1	06-Aug-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: support context validation on file_contexts.bin If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then we should validate contexts in the same manner as with file_contexts. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
9f9e3f2102fd0e49fe5ae059df4b401eb44f63db	05-Aug-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: test for file_contexts.bin format Check to see if the file whose path is passed to selabel_open() starts with the file_contexts.bin magic number, and if so, automatically treat it as a file_contexts.bin file. This allows one to open file_contexts.bin formatted files without necessarily having a .bin file suffix. This removes the need for the previously added .bin file suffix test. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
6f295008efd72baac05ecd88587b706e50a77e49	05-Aug-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: add selabel_cmp interface and label_file backend Add a selabel_cmp() interface for comparing two label configurations, and implement it for the file backend (i.e. for file_contexts). This allows comparing two file_contexts configurations to see if the first is a subset of, equal/identical to, a superset of, or incomparable to the second. The motivating use case is to allow comparing two file_contexts.bin files in Android CTS to confirm that a device file_contexts.bin file contains all of the entries in the AOSP general file_contexts. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
09ea624d1231798dddfbb32321628424e0ea30e1	04-Aug-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: support specifying file_contexts.bin file path At present, the label_file backend expects to be provided the path to the text file_contexts file and always appends the .bin suffix when checking for the binary file_contexts.bin file. If one attempts to directly specify the path to a file_contexts.bin file to selabel_open(), it will fail as the code will append a second .bin suffix to it. Check to see if the file path already has a .bin suffix and do not append it in that case. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
0454b7ac2c5d24b9c2ad69eacd483dddcd67cb31	04-Aug-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: support file_contexts.bin without file_contexts Change the label_file backend in libselinux to support systems that only have file_contexts.bin files installed and do not ship a file_contexts file at all. Only fail if neither file can be loaded. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
f2cd2f821fa34e8c7a12744626e19208463aa4e2	10-Jul-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add const to selinux_opt for label backends. Change selabel_open and label backends to take a 'const struct selinux_opt' argument. This work has already been done for the Android version components. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
f309a0e88c1fb66939b6be544955e2b459449568	04-Jul-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Fix binary file labels for regexes with metachars File labels assigned using the lookup_best_match() function do not assign the best match if its regex contains metacharacters in the binary file_contexts file version. This change adds a new entry in the binary file with the calculated prefix length that is then read when processing the file. This fix also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS. This patch relies on patch [1] that fixes the same problem for text based file_contexts files. [1] http://marc.info/?l=selinux&m=143576498713964&w=2 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
aab9d90b35cf8991ff4e65a5fcdcfd54ed534229	22-Jun-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: Correctly handle an empty file_contexts file. If you add some local file contexts via semanage fcontext -a and later delete them all via semanage fcontext -D, you get an empty file_contexts.local file. Then when you try to load it, getline() returns 0 and we fall through to the out path without having set rc. In label_file.c, rc will always be non-zero at this point because we will have failed the load_mmap() call. In sefcontext_compile, rc may contain random garbage at this point. Explicitly set rc before the loop. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
3cb6078ae5e9a811b1b40faee7bb5108d5f7fbe8	16-Jun-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Enhance file context support Update file contexts generation and loading to use common code. Remove "status = 0; after "status = sort_specs(data);" otherwise the function will never indicate a failure. The file labeling code also has minor formatting, white space removal etc. changes. label_file.c - Move process_line function to label_file.h sefcontext_compile.c - Update to use common process_line code. Now frees all malloc'ed memory, checked by valgrind. Also added optional -o output file parameter - updated man page to reflect this change. V2 - Revert to using compat_validate instead of selabel_validate. V3 - Revert to using callback for validation now the problem has been fixed by commit e88914849490c3fc17b0e5ed67387e47f2701d3c ("libselinux: build sefcontext_compile with static libselinux") Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
59e02f65ca6d819eb1d591f21d2e8c96514676f6	08-Jun-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: Drop confusing comment. When Eamon created label_file.c, he drew code from the setfiles program, which I originally wrote. At the time, setfiles had a comment about being derived in part from the setfiles.pl script written by SCC, so Eamon put a comment in label_file.c that tried to preserve that lineage. However, there was no real code lineage there. The setfiles program was inspired by the setfiles.pl perl script, but the implementation was a complete rewrite. And while label_file.c drew some data structures and code from the setfiles C program, it had nothing to do with the setfiles.pl script at all. Just drop the comment; it serves no purpose. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
af41e2b5ff197f5e66262868fdc3a03963cd104e	01-Jun-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add read_spec_entries function to replace sscanf Currently sscanf is used with %ms parameters that are not supported on all platforms. The new read_spec_entries function may be used to replace these where required. This patch updates sefcontext_compile, label_file and label_android_property services to use the new function. The file and property services have been tested on Android emulator and the file service on Fedora 21. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
f233d010155f71b4dbc28ba2a576111fe0723999	27-May-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Support consistent mode size for bin files Currently sefcontext_compile defines the mode field as mode_t whose size will vary depending on the architecture (e.g. 32 bit / 64 bit). This patch sets the size when writing/reading binary files to uint32_t. The file version is set to SELINUX_COMPILED_FCONTEXT_MODE V2 fixes those listed in http://marc.info/?l=selinux&m=143273965514292&w=2 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
f7148d5973c55928d52dae4accd3a69385c50e3f	24-May-2015	Richard Haines <richard_c_haines@btinternet.com>	Fix more bin file processing core dumps The reading of bin files has been changed to follow that of loading policy to catch over-runs. Entries that should be NUL terminated are also checked. If any error, then process the text file. This should fix all problems highlighted in [1] with V2 fixing those in [2]. V3 corrects int32_t/uint32_t for *_len entries and V4 fixes [3] and adds pcre_fullinfo checks to validate regex and study data sizes. pcre_fullinfo also validates its magic number. Tested with bin files built using sefcontext_compile PCRE_VERS 1 and 2. The following is a rough guide to the difference in processing a bin file against a text file: 6K entries - x5 4K entries - x4 1K entries - x3 500 entries - x2 [1] http://marc.info/?l=selinux&m=143101983922281&w=2 [2] http://marc.info/?l=selinux&m=143161763905159&w=2 [3] http://marc.info/?l=selinux&m=143204170705586&w=2 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
a351eb01a8238c1bd465619c6c5885c2da1c6663	07-May-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Fix core dumps with corrupt .bin files Check buffer address limits when processing .bin files to catch any over-runs. On failure process text file instead. To test, the bin files were corrupted by adding and removing various bits of data. Various file sizes were also checked and all were caught by the patch. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> /external/selinux/libselinux/src/label_file.c
e7f970ffd1a8dbb26051405719a2288d34e856f6	06-May-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add selabel partial and best match APIs Add support for new API functions selabel_partial_match and selabel_lookup_best_match ported from the Android libselinux fork. Add supporting man(3) pages and test utilities: selabel_lookup, selabel_lookup_best_match and selabel_partial_match. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
417cb8d076a31c57710429b255aebc595613eb6b	13-Mar-2015	Petr Lautrbach <plautrba@redhat.com>	Fix -Wformat errors Fixes two types of errors which appear when building with gcc-5.0.0 - format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’ - format ‘%a’ expects argument of type ‘float ’, but argument X has type ‘char *’ Signed-off-by: Petr Lautrbach <plautrba@redhat.com> /external/selinux/libselinux/src/label_file.c
716e3820c571fa082f2a57c040802c54ed422f37	24-Feb-2015	Nick Kralevich <nnk@google.com>	libselinux: label_file: handle newlines in file names restorecon on file names with newlines are not handled properly. Use PCRE_DOTALL so that dots in regular expressions match all characters, and don't exclude the newline character. See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html for background. Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
14342674191ca11c4455ff7ac9b76b05173eb575	02-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: pcre_study can return NULL without error. Per the man page, pcre_study can return NULL without error if it could not find any additional information. Errors are indicated by the combination of a NULL return value and a non-NULL error string. Fix the handling so that we do not incorrectly reject file_contexts entries. Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
ae5de8ae697675ce674262f10a54fe3b37968a70	14-Sep-2014	Nicolas Iooss <nicolas.iooss@m4x.org>	libselinux: fix gcc -Wsign-compare warnings Acked-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libselinux/src/label_file.c
ac33098a807671204720aae97d6bcf6429d3fa92	09-Jul-2014	Stephen Smalley <sds@tycho.nsa.gov>	Add pcre version string to the compiled file_contexts format. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/selinux/libselinux/src/label_file.c
f458b7607618ad3d95568b595065c745c3c69022	24-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Merge branch 'fedora' into master-merge Conflicts: libselinux/src/Makefile libselinux/src/selinux_config.c policycoreutils/audit2allow/audit2allow.1 policycoreutils/scripts/fixfiles.8 policycoreutils/semanage/semanage.8 policycoreutils/sepolicy/Makefile policycoreutils/sepolicy/sepolicy/transition.py policycoreutils/setsebool/setsebool.8
f1598dff7e951f0dbfb68d9c45bc15fe6d2e821e	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Support udev-197 and higher The errno value was not set, causing wrong return notifications and failing to have udev label things correctly. See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and see https://bugs.gentoo.org/show_bug.cgi?id=462626 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> /external/selinux/libselinux/src/label_file.c
fd56c5230cea6b81fbe74d1d0a228936a6797923	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Separate out the calling of local subs and dist subs in selabel_sub We want to allow users to setup their substitions to run fist and then run the distro subs second. This fixes the problem where a user defines a sub like /usr/local/foobar and we ignore it. We need this for software collections which is setting up local subs of /opt/src/foobar/root / /external/selinux/libselinux/src/label_file.c
fceca652c137084a891e1cf070ba9c8c063bc949	21-Oct-2013	Joe MacDonald <joe@deserted.net>	libselinux: avoid shadowing 'stat' in load_mmap label_file.c: In function ‘load_mmap’: label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow] cc1: all warnings being treated as errors Signed-off-by: Joe MacDonald <joe@deserted.net> /external/selinux/libselinux/src/label_file.c
a15451b523d267b4dbf94616e9473ab196b88525	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Support udev-197 and higher The errno value was not set, causing wrong return notifications and failing to have udev label things correctly. See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and see https://bugs.gentoo.org/show_bug.cgi?id=462626 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> /external/selinux/libselinux/src/label_file.c
0834ff302264319097eb3f52295f5f671091cba9	23-Jan-2013	Eric Paris <eparis@redhat.com>	libselinux: do not leak file contexts with mmap'd backend We use strdup to store the intended context when we have an mmap'd file backend. We, however, skipped freeing those contexts. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
efb6347dd3c089f6e4fa6fbe06e23964a16acee1	23-Jan-2013	Eric Paris <eparis@redhat.com>	libselinux: unmap file contexts on selabel_close() We were leaking all of the file context db because we didn't unmap them on selabel_close() Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
aa62cd60f7192123b509c2518e7a2083e34a65a2	29-Nov-2012	Eric Paris <eparis@redhat.com>	libselinux: Fix errors found by coverity Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
a293048a59aa8eae68f76d1bafe08acba9285f97	01-Nov-2012	Eric Paris <eparis@redhat.com>	libselinux: do not leak mmapfd On failure, common if .bin is older than the text version, we will leak the mmapfd. Don't do that. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
9ebd779353764299e40f63f843eb26209ffbd771	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: use precompiled filecontext when possible When loading the filecontext database, check to see if there is a newer binary version. If so, mmap that file, is used to populate the regex db instead of reading from the text representation and compiling regex's as needed. If the text file is newer it will use the text version and ignore the binary version. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
16b578895e5c20ad6594186a14a04d848c735889	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: new process_file function We currently duplicate code 3 times for the main file, the homedirs, and the local file. Just put that stuff in its own function so we don't have to deal with it multiple times. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
79b6a8d78fc184b01133ac11d1d0c683633dcaf3	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: only run regex files one time We currectly run all of the regex files 2 times. The first time counts the lines and does the simple validatation. We then allocate an array of exactly the right size to hold the entries and run them a second time doing stronger validation, regex compile, etc. This is dumb. Just run them one time and use realloc to grow the size of the array as needed. At the end the array will get sized perfectly to fit by the sorting function, so even if we accidentally allocated entra memory we'll get it back. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
ee88185aff38b18b16da0d0ed38796d7142632d1	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: add accessors for the pcre extra data When we use an mmap backed version of data we need to declare the pcre extra data since we are only given a point to the data->buffer. Since sometimes the spec will hold a pointer to the extra data and sometimes we want to declare it on the stack I introduce and use an accessor for the extra data instead of using it directly. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
247759031a3e41e5a0f462dc7dfecc0d79d1652e	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move regex sorting to the header We want to do the same thing in the compiler and as we do in in the code which reads regexes in from the text file. Move that sorting into the header. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
48682e2853f3c66a628adcaf0dbd6030630802f2	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move spec_hasMetaChars to header So we can use it in the new compile utility, move the spec_hasMetaChars() function, which looks for things like .*?+^$ in regular expressions into the internal header file. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
fcc895661d0cfc619f0895e5c8cb3017cc97364e	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: drop useless ncomp field from label_file data The libselinux label_file backend counted the number of regexes which had been compiled. We didn't use it and it wasn't useful information. Stop doing it. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
9937685cbe8ae6a57cd0b653f2e04f1f45efe46e	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move stem/spec handling to header We want to be able to find the stem and the spec from our new utility. So move those functions to the header file. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
b9482941ce29e17cd669da457ec3bc176e43fcc6	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move error reporting back into caller If we want to use these functions in utilities we shouldn't call such libselinux internal functions. Move the error reporting up to the caller. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
f744f239fbfcd1f74bac3196acd616d871ab6108	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: do string to mode_t conversion in a helper function So the string to mode_t conversion in a helper function so it can be used later by a regex compilation program. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
c27101a58317a3d535437f6bd82a3af4a7140074	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move definitions to include file We want to use some label_file internals in a utility to compile fcontext files into binary data for fast use. So start pushing structures and such into a header file. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
dc1db39e28d8319ee72429dfb5fdbb18208d8977	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: remove all typedefs I hate them. They just indirectly you needlessly. Just use the struct definitions. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
091eb526dd2036d993517d09e4fc67b2bec3ec5e	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: use PCRE instead of glibc regex functions The PCRE functions are about x10 faster than the glibc functions. So use the external library. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/src/label_file.c
16a37c9f94c1e2dfb865e17e4200d2824d4971f5	19-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux - correct selabel invalid context logging When selabel_lookup found an invalid context with validation enabled, it always stated it was 'file_contexts' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
d4a39ca15b5a41b545630aeaa04e96fe7c0346fe	29-Sep-2011	Eric Paris <eparis@redhat.com>	policycoreutils: label_file: style changes to make Eric happy. Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a wider monitor so I can read the code. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
4f621a168682f96d0c98f7818493397766b13fd2	29-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: do not check fcontext duplicates on use Tools like restorecon or systemd, which load the fcontext database to make labeling decisions do not need to check for duplicate rules. Only the first rule will be used. Instead we should only check for duplicates when new rules are added to the database. And fail the transaction if we find one. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
441cf2ea924c13ed5002012aadd128f71d9e9c9d	18-Apr-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: selabel_open fix processing of substitution files libselinux selabel_open function always processed the substitution files (if installed) from the active policy contexts/files/file_contexts.subs and subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This patch now processes the correct subs files when selabel_open is called with SELABEL_CTX_FILE. The other backends could also process their own substitution files if needed in their own areas. [move the init declaration to label_internal.h - eparis] Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/src/label_file.c
8f007923dd4ff89652479587d96e22bc63dbf822	02-Jun-2010	Chad Sellers <csellers@tresys.com>	[PATCH] Remove duplicate slashes in paths in selabel_lookup This patch simply removes duplicate slashes (meaning "//") from pathnames passed into selabel_lookup. It does not do a full realpath() calculation (e.g. following symlinks, etc.), as the client should really do that before calling into libselinux. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libselinux/src/label_file.c
070505f16f59b1ddbc6af670a04a3610253f50fc	16-Feb-2010	Stephen Smalley <sds@tycho.nsa.gov>	label_file.c:434: error: implicit declaration of function 'fstat' On Mon, 2010-02-15 at 14:19 -0800, Justin Mattock wrote: > this is new: > > > make[2]: Leaving directory `/home/kernel/selinux/libselinux/include' > make -C src install > make[2]: Entering directory `/home/kernel/selinux/libselinux/src' > cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn > -Wmissing-format-attribute -I../include -I/usr/include -D_GNU_SOURCE > -D_FILE_OFFSET_BITS=64 -c -o label_file.o label_file.c > cc1: warnings being treated as errors > label_file.c: In function 'init': > label_file.c:434: error: implicit declaration of function 'fstat' > label_file.c:436: error: implicit declaration of function 'S_ISREG' > make[2]: * [label_file.o] Error 1 > make[2]: Leaving directory `/home/kernel/selinux/libselinux/src' > make[1]: * [install] Error 2 > make[1]: Leaving directory `/home/kernel/selinux/libselinux' > make: *** [install] Error 1 > > three areas where this could of been created > update glibc > updated kernel > update userspace(altohugh there was not vary many commits in the pull). Newer glibc headers expose a failure to #include the required headers for stat(2). Also exposes a conflict in redefining close() in that file. Patch below should fix. /external/selinux/libselinux/src/label_file.c
a4af847dc6f52688a25bb0323ff3b84b13dded67	11-Apr-2009	Hiroshi Shinji <hiroshi.shinji@gmail.com>	Author: Hiroshi Shinji Email: hiroshi.shinji@gmail.com Subject: Memory leak in libselinux/src/label_file.c Date: Fri, 3 Apr 2009 13:58:01 +0900 Hi, I found memory leak in libselinux/src/label_file.c. Please fix it. Regards, -- Hiroshi Shinji Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libselinux/src/label_file.c
13cd4c8960688af11ad23b4c946149015c80d549	19-Aug-2008	Joshua Brindle <method@manicmethod.com>	initial import from svn trunk revision 2950 /external/selinux/libselinux/src/label_file.c