| a609434b95fb5aaee9da24d2e98be7eea741b040 |
|
18-Nov-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: normalize enforce values from the kernel
Normalize enforce values received from the kernel via
/sys/fs/selinux/enforce or netlink selinux notifications
to ensure that we always return a 0 or 1 to userspace code.
selinux_status_getenforce(), which reads the enforce value
via the SELinux kernel status page (/sys/fs/selinux/status)
already normalizes its result, so we do not need to update it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/avc_internal.c
|
| 4c519cd73031a7c1711d87801be11c716e887d44 |
|
01-Nov-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: avc_internal.c: allow building with clang
Resolves the following errors from clang:
avc_internal.c:105:25: error: cast from 'char *' to 'struct nlmsghdr *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
^~~~~~~~~~~~~~~~~~~~~~
avc_internal.c:161:25: error: cast from 'char *' to 'struct nlmsghdr *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
^~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/avc_internal.c
|
| 417cb8d076a31c57710429b255aebc595613eb6b |
|
13-Mar-2015 |
Petr Lautrbach <plautrba@redhat.com> |
Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0
- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
/external/selinux/libselinux/src/avc_internal.c
|
| aa62cd60f7192123b509c2518e7a2083e34a65a2 |
|
29-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: Fix errors found by coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/avc_internal.c
|
| 1c8a7c194d3a3f72be5d02d50df2f7b679aeabe7 |
|
31-Jul-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Ensure that we only close the selinux netlink socket once.
Taken from our Android libselinux tree. From Stephen Smalley.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/avc_internal.c
|
| 378dfe4d6ab7c007013d8534d2bc902dd6c29833 |
|
03-Feb-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: avc_netlink_recieve handle EINTR
should continue to poll if it receinves an EINTR rather then exiting with an error.
This was a major bug within dbus that was causing dbus to crash it was
discussed at the time whether this is a dbus bug or an libselinux bug,
it was decided that we should fix it within libselinux.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/avc_internal.c
|
| 61d005b739f34b9471244428769a156d57358c9c |
|
26-Feb-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
libselinux: fix avc_netlink_loop() error caused by nonblocking mode.
avc_open() creates the netlink socket in nonblocking mode. If the
application later takes control of the netlink socket with
avc_netlink_acquire_fd() and then calls avc_netlink_loop(), it
will fail with EWOULDBLOCK.
To remedy this, remove the O_NONBLOCK flag from the netlink socket
at the start of avc_netlink_loop(). Also, with this fix, there is
no need for avc_open() to ever create a blocking socket, so change
that and update the man page.
-v2: use poll() in avc_netlink_check_nb(). This makes both
avc_netlink_loop() and avc_netlink_check_nb() independent of the
O_NONBLOCK flag.
-v3: move poll() to avc_receive() internal function; patch by
KaiGai Kohei <kaigai@kaigai.gr.jp>
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/avc_internal.c
|
| 318748d65917fa5a96c17ce3b564074e43482d75 |
|
08-Apr-2009 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
The attached patch enables userspace object managers to handle notification
messages via netlink socket from SELinux.
* Two new callbacks were added to selinux_set_callback(3)
- SELINUX_CB_SETENFORCE
is invoked when it got SELNL_MSG_SETENFORCE message in the
avc_netlink_process().
- SELINUX_CB_POLICYLOAD
is invoked when it got SELNL_MSG_POLICYLOAD message in the
avc_netlink_process().
* Three functions were exposed to applications.
- int avc_netlink_open(int blocking);
- void avc_netlink_loop(void);
- void avc_netlink_close(void);
Due to a few reasons, SE-PostgreSQL implements its own userspace
avc, so it needs to copy and paste some of avc_internal.c.
This update enables to share common part from such kind of application.
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
/external/selinux/libselinux/src/avc_internal.c
|
| 7ab6b29011dc62b0f344087e1ca4d8cdd2a9e508 |
|
11-Mar-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Netlink socket handoff functions from Adam Jackson.
/external/selinux/libselinux/src/avc_internal.c
|
| eee0f022e44ade05143eeee3748dd78fbd17966b |
|
31-Oct-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Put a proper message type into each message logged by the userspace AVC.
Currently, the message types are defined but not used.
This will allow better separation of messages when logging to facilities
such as libaudit.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/avc_internal.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/avc_internal.c
|