| 8bc6b3db05ef1db0cfc152c7864004e5e65027a0 |
|
21-Feb-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Process file_contexts in the same order as specified
When multiple file_contexts file paths are specified [1], read in
and process files in the order specified.
The load order of regexes matters. We expect platform
provided regexes before device-specific customizations. Loading
device policy first causes Marlin to not boot.
[1] https://android-review.googlesource.com/#/c/332384/,
Change-Id: I0608a898d8c81dcbf47b9cdf8eec33a6b0a20a5f
Bug: 33746608
Test: Marlin builds and boots with the CL in [1].
/external/selinux/libselinux/src/label_file.c
|
| 50400d38203e4db08314168e60c281cc61a717a8 |
|
12-Dec-2016 |
dcashman <dcashman@google.com> |
Add ability to specify multiple input files to the selabel_open.
The file_contexts labeling backend, specified in label_file.c, currently assumes
that only one path will be specified as an option to selabel_open(). The split
of platform and non-platform policy on device, however, will necessitate the
loading of two disparate policy files. Rather than combining the files and then
calling the existing API on a newly-formed file, just add the ability to specify
multiple files to use. Order of opt specification to selabel_open matters.
update: Fixed a double-free in the original change that caused the
updater to randomly crash during OTA (b/33938747)
Bug: 31363362
Bug: 33938747
Test: Device builds and boots w/no additional denials with split context files.
Test: Angler can successfully finish sideloaded OTA with updater binary
that is with this change
Change-Id: I85cd1525990f6ad054861e62327bd9c2aac03b02
Signed-off-by: Daniel Cashman <dcashman@google.com>
Signed-off-by: Sandeep Patil <sspatil@google.com>
/external/selinux/libselinux/src/label_file.c
|
| 66e671111140090a1452db969fc2913c9561c10f |
|
30-Dec-2016 |
Tianjie Xu <xunchang@google.com> |
Revert "Add ability to specify multiple input files to the selabel_open."
This reverts commit da7b3079f5053dc233b83c570362cb29db8ab2c5.
Change-Id: I1c9aebcedead1473720ab26102f12d71d7edbee5
/external/selinux/libselinux/src/label_file.c
|
| da7b3079f5053dc233b83c570362cb29db8ab2c5 |
|
12-Dec-2016 |
dcashman <dcashman@google.com> |
Add ability to specify multiple input files to the selabel_open.
The file_contexts labeling backend, specified in label_file.c, currently assumes
that only one path will be specified as an option to selabel_open(). The split
of platform and non-platform policy on device, however, will necessitate the
loading of two disparate policy files. Rather than combining the files and then
calling the existing API on a newly-formed file, just add the ability to specify
multiple files to use. Order of opt specification to selabel_open matters.
Bug: 31363362
Test: Device builds and boots w/no additional denials with split context files.
Change-Id: I85cd1525990f6ad054861e62327bd9c2aac03b02
/external/selinux/libselinux/src/label_file.c
|
| 2ec56b3da94978fa7ed8a5672f2dc12a3be972f7 |
|
28-Sep-2016 |
William Roberts <william.c.roberts@intel.com> |
libselinux: fix unused variable error
When building for Android, this error manifests itself:
label_file.c:570:7: error: unused variable ‘subs_file’ [-Werror=unused-variable]
char subs_file[PATH_MAX + 1];
Fix it by moving the variable into the ifdef'd usage block.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label_file.c
|
| 3b68c6f9e981e3665ae8f80e6ca16be59a6a91c8 |
|
28-Sep-2016 |
Janis Danisevskis <jdanis@android.com> |
libselinux: Add architecture string to file_context.bin
Serialized precompiled regular expressins are architecture
dependent when using PCRE2. This patch
- bumps the SELINUX_COMPILED_FCONTEXT version to 5 and
- adds a field to the output indicating the architecture
compatibility.
libselinux can cope with an architecture mismatch by
ignoring the precompiled data in the input file and recompiling
the regular expressions at runtime. It can also load older
versions of file_contexts.bin if they where built with
sefcontext_compile using the exact same version of the
pcre1/2 as selinux.
Signed-off-by: Janis Danisevskis <jdanis@android.com>
/external/selinux/libselinux/src/label_file.c
|
| 0fdfdcc8a38e5c74c52d72380b42bd075aa0f20a |
|
26-Sep-2016 |
William Roberts <william.c.roberts@intel.com> |
libselinux: add ifdef'ing for ANDROID and BUILD_HOST
On Android, certain discrepancies arise for unused functionality or
for dealing with the differences in Bionic libc. This patch includes
all the "ifdef'ing" required and introduces the BUILD_HOST define.
The BUILD_HOST define removes functionality not needed when building
libselinux for the Android build host machine.
Note that not all the libselinux src files are used to build
the host and target libraries on Android.
Change-Id: I7984e7b769c4dfa627d6cf311411fa2c93bb7ef7
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label_file.c
|
| f7ec9d9137ee0927207b76ca361d92a3b2db3b47 |
|
24-Sep-2016 |
William Roberts <william.c.roberts@intel.com> |
libselinux: drop unused stdio_ext.h header file
Nothing was being used from the stdio_ext.h header file, so
remove it. Additionally, Mac builds, required for the
Android build, do not have this header.
Change-Id: Ic61c87fcda79ffebeef93a20a2b3802f048bb0b0
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label_file.c
|
| ba9bb2ebcb2875eb5d9a968ac99e889c1d7c354b |
|
16-Sep-2016 |
William Roberts <william.c.roberts@intel.com> |
libselinux: correct error path to always try text
patch 5e15a52aaa cleans up the process_file() routine,
but introduced a bug. If the binary file cannot be
opened, always attempt to fall back to the textual file,
this was not occurring.
The logic should be:
1. Open the newest file between base path + suffix and
base_path + suffix + ".bin"
2. If anything fails, attempt to load the oldest file.
The result, with a concrete example, would be:
If file_contexts is the newest file, and it cannot be
processed, the code will fall back to file_contexts.bin
and vice versa.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label_file.c
|
| 50f0910cf05bdc1d10710c7c3fb748a178473387 |
|
15-Sep-2016 |
Janis Danisevskis <jdanis@google.com> |
libselinux: add support for pcre2
This patch moves all pcre1/2 dependencies into the new files regex.h
and regex.c implementing the common denominator of features needed
by libselinux. The compiler flag -DUSE_PCRE2 toggles between the
used implementations.
As of this patch libselinux supports either pcre or pcre2 but not
both at the same time. The persistently stored file contexts
information differs. This means libselinux can only load file
context files generated by sefcontext_compile build with the
same pcre variant.
Also, for pcre2 the persistent format is architecture dependent.
Stored precompiled regular expressions can only be used on the
same architecture they were generated on. If pcre2 is used,
sefcontext_compile now respects the "-r". This flag makes
sefcontext_compile include the precompiled regular expressions
in the output file. The default is to omit them, so that the
output remains portable at the cost of having to recompile
the regular expressions at load time, or rather on first use.
Signed-off-by: Janis Danisevskis <jdanis@google.com>
/external/selinux/libselinux/src/label_file.c
|
| 0a0e5afbb40d70e7b7a38b797f649e5d56f91bf7 |
|
09-Sep-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: fix coding style problems with the prior commit
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 5e15a52aaa3a3446840255e668e196789677ef49 |
|
09-Sep-2016 |
William Roberts <william.c.roberts@intel.com> |
libselinux: clean up process file
The current process_file() code will open the file
twice on the case of a binary file, correct this.
The general flow through process_file() was a bit
difficult to read, streamline the routine to be
more readable.
Detailed statistics of before and after:
Source lines of code reported by cloc on modified files:
before: 735
after: 742
Object size difference:
before: 195530 bytes
after: 195485 bytes
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label_file.c
|
| 6e2bdb770f6311060b111e87bd7af653e225be9d |
|
17-Aug-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux, sefcontext_compile: handle NULL pcre study data
pcre_study() can return a NULL result if no additional information
could be determined for the pattern. Thus, sefcontext_compile
needs to correctly handle the case where the study data is NULL
when generating file_contexts.bin, and libselinux needs to correctly
handle it when loading file_contexts.bin. Fix them both.
This change enables:
semanage fcontext -a -t httpd_exec_t "(/.*)?"
to succeed, since the regex itself is valid but there is no
additional information produced by pcre_study().
Reported-by: Vit Mojzis <vmojzis@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 90c2d42e033f8c83bfb1f236df788287650f8042 |
|
27-Oct-2015 |
William Roberts <william.c.roberts@intel.com> |
libselinux: label_file: fix memory leaks and uninitialized jump
Some error's were reported by valgrind (below) fix them. The test
cases on which these leaks were detected:
1. properly formed file_contexts file.
2. malformed file_contexts file, unknown type.
3. malformed file_contexts file, type that fails on validate callback.
4. malformed file_contexts file, invalid regex.
5. malformed file_contexts file, invalid mode.
==3819== Conditional jump or move depends on uninitialised value(s)
==3819== at 0x12A682: closef (label_file.c:577)
==3819== by 0x12A196: selabel_close (label.c:163)
==3819== by 0x10A2FD: cleanup (checkfc.c:218)
==3819== by 0x5089258: __run_exit_handlers (exit.c:82)
==3819== by 0x50892A4: exit (exit.c:104)
==3819== by 0x10A231: main (checkfc.c:361)
==3819== Uninitialised value was created by a heap allocation
==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819== by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819== by 0x12BB31: process_file (label_file.h:273)
==3819== by 0x12A2BA: selabel_file_init (label_file.c:522)
==3819== by 0x12A0BB: selabel_open (label.c:88)
==3819== by 0x10A038: main (checkfc.c:292)
==3819==
==3819==
==3819== HEAP SUMMARY:
==3819== in use at exit: 729 bytes in 19 blocks
==3819== total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated
==3819==
==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2
==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819== by 0x50D5839: strdup (strdup.c:42)
==3819== by 0x12A2A6: selabel_file_init (label_file.c:517)
==3819== by 0x12A0BB: selabel_open (label.c:88)
==3819== by 0x10A038: main (checkfc.c:292)
==3819==
==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6
==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238== by 0x12A1D2: selabel_file_init (label_file.c:886)
==4238== by 0x12A0BB: selabel_open (label.c:88)
==4238== by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6
==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238== by 0x50D5839: strdup (strdup.c:42)
==4238== by 0x12A2A6: selabel_file_init (label_file.c:517)
==4238== by 0x12A0BB: selabel_open (label.c:88)
==4238== by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6
==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238== by 0x50D5889: strndup (strndup.c:45)
==4238== by 0x12CDDF: read_spec_entries (label_support.c:37)
==4238== by 0x12B72D: process_file (label_file.h:392)
==4238== by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238== by 0x12A0BB: selabel_open (label.c:88)
==4238== by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6
==4238== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238== by 0x117C9B: avtab_insert_node (avtab.c:105)
==4238== by 0x117C10: avtab_insert (avtab.c:163)
==4238== by 0x11880A: avtab_read_item (avtab.c:566)
==4238== by 0x118BD3: avtab_read (avtab.c:600)
==4238== by 0x125BDD: policydb_read (policydb.c:3854)
==4238== by 0x109F87: main (checkfc.c:273)
==4238==
==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6
==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238== by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217)
==4238== by 0x12B239: compile_regex (label_file.h:357)
==4238== by 0x12B9C7: process_file (label_file.h:429)
==4238== by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238== by 0x12A0BB: selabel_open (label.c:88)
==4238== by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6
==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238== by 0x13EBE5: pcre_study (pcre_study.c:1565)
==4238== by 0x12B25D: compile_regex (label_file.h:366)
==4238== by 0x12B9C7: process_file (label_file.h:429)
==4238== by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238== by 0x12A0BB: selabel_open (label.c:88)
==4238== by 0x10A038: main (checkfc.c:292)
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label_file.c
|
| e0456053d045997fa072565eb9b2c95ce9c9724a |
|
15-Oct-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Fix selabel_open(3) services if no digest requested
If selabel_open is called with no request for a digest it will fail
with ENOENT. This fixes all the labeling routines to resolve this
problem. The utils/selabel_digest example has also been updated
to allow calling selabel_open with and without digest requests to
aid testing.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| e40bbea95f555fe9708cbbc39895bd67a8ac6c48 |
|
30-Sep-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add selabel_digest function
selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during
selabel_open(3) will return an SHA1 digest of the spec files, plus
a list of the specfiles used to calculate the digest. There is a
test utility supplied that will demonstrate the functionality.
The use case for selabel_digest(3) is to implement an selinux_restorecon
function based on the Android version that writes a hash of the
file_contexts files to an extended attribute to enhance performance
(see external/libselinux/src/android.c selinux_android_restorecon()).
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| 5d19497b5c30bcab9e5e60ac73df5fc3da4e0466 |
|
15-Sep-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Fix mmap memory release for file labeling
Ensure the mmap start address and length are not modified so the memory
used can be released when selabel_close(3) is called.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| 8a9d25a8e9cb716d6de3276555d29e132ca8c973 |
|
07-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: do not treat an empty file_contexts(.local) as an error
file_contexts can be legitimately empty, particularly when dealing with
a file_contexts.local file. The change to test for file_contexts.bin
format by magic number was treating an EOF condition as a fatal error,
thereby causing an error on empty file_contexts.local files. Only
treat it as an error if there was truly an error on the read, as
checked via ferror(). Otherwise, clear the error and EOF indicators
so that they do not persist when we rewind the file and try to read
it as text.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 49346faa05bf42615478429883284449809a8ec1 |
|
06-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: support context validation on file_contexts.bin
If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then
we should validate contexts in the same manner as with file_contexts.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 9f9e3f2102fd0e49fe5ae059df4b401eb44f63db |
|
05-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: test for file_contexts.bin format
Check to see if the file whose path is passed to selabel_open() starts
with the file_contexts.bin magic number, and if so, automatically
treat it as a file_contexts.bin file. This allows one to open
file_contexts.bin formatted files without necessarily having a .bin
file suffix. This removes the need for the previously added
.bin file suffix test.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 6f295008efd72baac05ecd88587b706e50a77e49 |
|
05-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: add selabel_cmp interface and label_file backend
Add a selabel_cmp() interface for comparing two label configurations,
and implement it for the file backend (i.e. for file_contexts). This
allows comparing two file_contexts configurations to see if the first
is a subset of, equal/identical to, a superset of, or incomparable to
the second. The motivating use case is to allow comparing two
file_contexts.bin files in Android CTS to confirm that a device
file_contexts.bin file contains all of the entries in the AOSP
general file_contexts.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 09ea624d1231798dddfbb32321628424e0ea30e1 |
|
04-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: support specifying file_contexts.bin file path
At present, the label_file backend expects to be provided the path
to the text file_contexts file and always appends the .bin suffix
when checking for the binary file_contexts.bin file. If one
attempts to directly specify the path to a file_contexts.bin file
to selabel_open(), it will fail as the code will append a second
.bin suffix to it. Check to see if the file path already has a .bin
suffix and do not append it in that case.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 0454b7ac2c5d24b9c2ad69eacd483dddcd67cb31 |
|
04-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: support file_contexts.bin without file_contexts
Change the label_file backend in libselinux to support systems
that only have file_contexts.bin files installed and do not ship
a file_contexts file at all. Only fail if neither file can be
loaded.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| f2cd2f821fa34e8c7a12744626e19208463aa4e2 |
|
10-Jul-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add const to selinux_opt for label backends.
Change selabel_open and label backends to take a
'const struct selinux_opt' argument. This work has already
been done for the Android version components.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| f309a0e88c1fb66939b6be544955e2b459449568 |
|
04-Jul-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Fix binary file labels for regexes with metachars
File labels assigned using the lookup_best_match() function do not
assign the best match if its regex contains metacharacters in the
binary file_contexts file version.
This change adds a new entry in the binary file with the calculated
prefix length that is then read when processing the file. This fix
also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS.
This patch relies on patch [1] that fixes the same problem
for text based file_contexts files.
[1] http://marc.info/?l=selinux&m=143576498713964&w=2
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| aab9d90b35cf8991ff4e65a5fcdcfd54ed534229 |
|
22-Jun-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: Correctly handle an empty file_contexts file.
If you add some local file contexts via semanage fcontext -a and
later delete them all via semanage fcontext -D, you get an empty
file_contexts.local file. Then when you try to load it, getline()
returns 0 and we fall through to the out path without having set rc.
In label_file.c, rc will always be non-zero at this point because
we will have failed the load_mmap() call. In sefcontext_compile,
rc may contain random garbage at this point. Explicitly set rc
before the loop.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 3cb6078ae5e9a811b1b40faee7bb5108d5f7fbe8 |
|
16-Jun-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Enhance file context support
Update file contexts generation and loading to use common code.
Remove "status = 0; after "status = sort_specs(data);" otherwise
the function will never indicate a failure.
The file labeling code also has minor formatting, white space
removal etc. changes.
label_file.c - Move process_line function to label_file.h
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind. Also added optional -o output
file parameter - updated man page to reflect this change.
V2 - Revert to using compat_validate instead of selabel_validate.
V3 - Revert to using callback for validation now the problem has been
fixed by commit e88914849490c3fc17b0e5ed67387e47f2701d3c
("libselinux: build sefcontext_compile with static libselinux")
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| 59e02f65ca6d819eb1d591f21d2e8c96514676f6 |
|
08-Jun-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: Drop confusing comment.
When Eamon created label_file.c, he drew code from the setfiles program,
which I originally wrote. At the time, setfiles had a comment
about being derived in part from the setfiles.pl script written by SCC, so
Eamon put a comment in label_file.c that tried to preserve that lineage.
However, there was no real code lineage there. The setfiles program
was inspired by the setfiles.pl perl script, but the implementation was
a complete rewrite. And while label_file.c drew some data structures and
code from the setfiles C program, it had nothing to do with the setfiles.pl
script at all. Just drop the comment; it serves no purpose.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| af41e2b5ff197f5e66262868fdc3a03963cd104e |
|
01-Jun-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add read_spec_entries function to replace sscanf
Currently sscanf is used with %ms parameters that are not supported
on all platforms. The new read_spec_entries function may be used
to replace these where required. This patch updates
sefcontext_compile, label_file and label_android_property services
to use the new function.
The file and property services have been tested on Android emulator
and the file service on Fedora 21.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| f233d010155f71b4dbc28ba2a576111fe0723999 |
|
27-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Support consistent mode size for bin files
Currently sefcontext_compile defines the mode field as mode_t whose
size will vary depending on the architecture (e.g. 32 bit / 64 bit).
This patch sets the size when writing/reading binary files to
uint32_t. The file version is set to SELINUX_COMPILED_FCONTEXT_MODE
V2 fixes those listed in http://marc.info/?l=selinux&m=143273965514292&w=2
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| f7148d5973c55928d52dae4accd3a69385c50e3f |
|
24-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
Fix more bin file processing core dumps
The reading of bin files has been changed to follow that of loading
policy to catch over-runs. Entries that should be NUL terminated are
also checked. If any error, then process the text file. This should
fix all problems highlighted in [1] with V2 fixing those in [2].
V3 corrects int32_t/uint32_t for *_len entries and V4 fixes [3]
and adds pcre_fullinfo checks to validate regex and study data
sizes. pcre_fullinfo also validates its magic number.
Tested with bin files built using sefcontext_compile PCRE_VERS 1 and 2.
The following is a rough guide to the difference in processing a bin
file against a text file:
6K entries - x5
4K entries - x4
1K entries - x3
500 entries - x2
[1] http://marc.info/?l=selinux&m=143101983922281&w=2
[2] http://marc.info/?l=selinux&m=143161763905159&w=2
[3] http://marc.info/?l=selinux&m=143204170705586&w=2
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| a351eb01a8238c1bd465619c6c5885c2da1c6663 |
|
07-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Fix core dumps with corrupt *.bin files
Check buffer address limits when processing *.bin files
to catch any over-runs. On failure process text file instead.
To test, the bin files were corrupted by adding and removing
various bits of data. Various file sizes were also checked and
all were caught by the patch.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label_file.c
|
| e7f970ffd1a8dbb26051405719a2288d34e856f6 |
|
06-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add selabel partial and best match APIs
Add support for new API functions selabel_partial_match and
selabel_lookup_best_match ported from the Android libselinux
fork.
Add supporting man(3) pages and test utilities: selabel_lookup,
selabel_lookup_best_match and selabel_partial_match.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 417cb8d076a31c57710429b255aebc595613eb6b |
|
13-Mar-2015 |
Petr Lautrbach <plautrba@redhat.com> |
Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0
- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 716e3820c571fa082f2a57c040802c54ed422f37 |
|
24-Feb-2015 |
Nick Kralevich <nnk@google.com> |
libselinux: label_file: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| 14342674191ca11c4455ff7ac9b76b05173eb575 |
|
02-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: pcre_study can return NULL without error.
Per the man page, pcre_study can return NULL without error if
it could not find any additional information. Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.
Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| ae5de8ae697675ce674262f10a54fe3b37968a70 |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libselinux: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libselinux/src/label_file.c
|
| ac33098a807671204720aae97d6bcf6429d3fa92 |
|
09-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add pcre version string to the compiled file_contexts format.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label_file.c
|
| f458b7607618ad3d95568b595065c745c3c69022 |
|
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge branch 'fedora' into master-merge
Conflicts:
libselinux/src/Makefile
libselinux/src/selinux_config.c
policycoreutils/audit2allow/audit2allow.1
policycoreutils/scripts/fixfiles.8
policycoreutils/semanage/semanage.8
policycoreutils/sepolicy/Makefile
policycoreutils/sepolicy/sepolicy/transition.py
policycoreutils/setsebool/setsebool.8
|
| f1598dff7e951f0dbfb68d9c45bc15fe6d2e821e |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.
See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
/external/selinux/libselinux/src/label_file.c
|
| fd56c5230cea6b81fbe74d1d0a228936a6797923 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Separate out the calling of local subs and dist subs in selabel_sub
We want to allow users to setup their substitions to run fist and then run
the distro subs second. This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it. We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
/external/selinux/libselinux/src/label_file.c
|
| fceca652c137084a891e1cf070ba9c8c063bc949 |
|
21-Oct-2013 |
Joe MacDonald <joe@deserted.net> |
libselinux: avoid shadowing 'stat' in load_mmap
label_file.c: In function ‘load_mmap’:
label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow]
cc1: all warnings being treated as errors
Signed-off-by: Joe MacDonald <joe@deserted.net>
/external/selinux/libselinux/src/label_file.c
|
| a15451b523d267b4dbf94616e9473ab196b88525 |
|
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.
See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
/external/selinux/libselinux/src/label_file.c
|
| 0834ff302264319097eb3f52295f5f671091cba9 |
|
23-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: do not leak file contexts with mmap'd backend
We use strdup to store the intended context when we have an mmap'd
file backend. We, however, skipped freeing those contexts.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| efb6347dd3c089f6e4fa6fbe06e23964a16acee1 |
|
23-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: unmap file contexts on selabel_close()
We were leaking all of the file context db because we didn't unmap them
on selabel_close()
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| aa62cd60f7192123b509c2518e7a2083e34a65a2 |
|
29-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: Fix errors found by coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| a293048a59aa8eae68f76d1bafe08acba9285f97 |
|
01-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: do not leak mmapfd
On failure, common if .bin is older than the text version, we will leak
the mmapfd. Don't do that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 9ebd779353764299e40f63f843eb26209ffbd771 |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use precompiled filecontext when possible
When loading the filecontext database, check to see if there is a newer
binary version. If so, mmap that file, is used to populate the regex db
instead of reading from the text representation and compiling regex's as
needed. If the text file is newer it will use the text version and
ignore the binary version.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 16b578895e5c20ad6594186a14a04d848c735889 |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: new process_file function
We currently duplicate code 3 times for the main file, the homedirs, and
the local file. Just put that stuff in its own function so we don't
have to deal with it multiple times.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 79b6a8d78fc184b01133ac11d1d0c683633dcaf3 |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: only run regex files one time
We currectly run all of the regex files 2 times. The first time counts
the lines and does the simple validatation. We then allocate an array
of exactly the right size to hold the entries and run them a second time
doing stronger validation, regex compile, etc.
This is dumb. Just run them one time and use realloc to grow the size
of the array as needed. At the end the array will get sized perfectly
to fit by the sorting function, so even if we accidentally allocated
entra memory we'll get it back.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| ee88185aff38b18b16da0d0ed38796d7142632d1 |
|
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: add accessors for the pcre extra data
When we use an mmap backed version of data we need to declare the pcre
extra data since we are only given a point to the data->buffer. Since
sometimes the spec will hold a pointer to the extra data and sometimes
we want to declare it on the stack I introduce and use an accessor for
the extra data instead of using it directly.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 247759031a3e41e5a0f462dc7dfecc0d79d1652e |
|
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move regex sorting to the header
We want to do the same thing in the compiler and as we do in in the code
which reads regexes in from the text file. Move that sorting into the header.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 48682e2853f3c66a628adcaf0dbd6030630802f2 |
|
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move spec_hasMetaChars to header
So we can use it in the new compile utility, move the
spec_hasMetaChars() function, which looks for things like .*?+^$ in
regular expressions into the internal header file.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| fcc895661d0cfc619f0895e5c8cb3017cc97364e |
|
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: drop useless ncomp field from label_file data
The libselinux label_file backend counted the number of regexes which
had been compiled. We didn't use it and it wasn't useful information.
Stop doing it.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 9937685cbe8ae6a57cd0b653f2e04f1f45efe46e |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move stem/spec handling to header
We want to be able to find the stem and the spec from our new utility.
So move those functions to the header file.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| b9482941ce29e17cd669da457ec3bc176e43fcc6 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move error reporting back into caller
If we want to use these functions in utilities we shouldn't call such
libselinux internal functions. Move the error reporting up to the
caller.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| f744f239fbfcd1f74bac3196acd616d871ab6108 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: do string to mode_t conversion in a helper function
So the string to mode_t conversion in a helper function so it can be
used later by a regex compilation program.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| c27101a58317a3d535437f6bd82a3af4a7140074 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move definitions to include file
We want to use some label_file internals in a utility to compile
fcontext files into binary data for fast use. So start pushing
structures and such into a header file.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| dc1db39e28d8319ee72429dfb5fdbb18208d8977 |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: remove all typedefs
I hate them. They just indirectly you needlessly. Just use the struct
definitions.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 091eb526dd2036d993517d09e4fc67b2bec3ec5e |
|
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use PCRE instead of glibc regex functions
The PCRE functions are about x10 faster than the glibc functions. So
use the external library.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 16a37c9f94c1e2dfb865e17e4200d2824d4971f5 |
|
19-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux - correct selabel invalid context logging
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| d4a39ca15b5a41b545630aeaa04e96fe7c0346fe |
|
29-Sep-2011 |
Eric Paris <eparis@redhat.com> |
policycoreutils: label_file: style changes to make Eric happy.
Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a
wider monitor so I can read the code.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 4f621a168682f96d0c98f7818493397766b13fd2 |
|
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: do not check fcontext duplicates on use
Tools like restorecon or systemd, which load the fcontext database to
make labeling decisions do not need to check for duplicate rules. Only
the first rule will be used. Instead we should only check for
duplicates when new rules are added to the database. And fail the
transaction if we find one.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 441cf2ea924c13ed5002012aadd128f71d9e9c9d |
|
18-Apr-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: selabel_open fix processing of substitution files
libselinux selabel_open function always processed the substitution files (if
installed) from the active policy contexts/files/file_contexts.subs and
subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This
patch now processes the correct subs files when selabel_open is called with
SELABEL_CTX_FILE. The other backends could also process their own substitution
files if needed in their own areas.
[move the init declaration to label_internal.h - eparis]
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label_file.c
|
| 8f007923dd4ff89652479587d96e22bc63dbf822 |
|
02-Jun-2010 |
Chad Sellers <csellers@tresys.com> |
[PATCH] Remove duplicate slashes in paths in selabel_lookup
This patch simply removes duplicate slashes (meaning "//") from
pathnames passed into selabel_lookup. It does not do a full
realpath() calculation (e.g. following symlinks, etc.), as the
client should really do that before calling into libselinux.
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libselinux/src/label_file.c
|
| 070505f16f59b1ddbc6af670a04a3610253f50fc |
|
16-Feb-2010 |
Stephen Smalley <sds@tycho.nsa.gov> |
label_file.c:434: error: implicit declaration of function 'fstat'
On Mon, 2010-02-15 at 14:19 -0800, Justin Mattock wrote:
> this is new:
>
>
> make[2]: Leaving directory `/home/kernel/selinux/libselinux/include'
> make -C src install
> make[2]: Entering directory `/home/kernel/selinux/libselinux/src'
> cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn
> -Wmissing-format-attribute -I../include -I/usr/include -D_GNU_SOURCE
> -D_FILE_OFFSET_BITS=64 -c -o label_file.o label_file.c
> cc1: warnings being treated as errors
> label_file.c: In function 'init':
> label_file.c:434: error: implicit declaration of function 'fstat'
> label_file.c:436: error: implicit declaration of function 'S_ISREG'
> make[2]: *** [label_file.o] Error 1
> make[2]: Leaving directory `/home/kernel/selinux/libselinux/src'
> make[1]: *** [install] Error 2
> make[1]: Leaving directory `/home/kernel/selinux/libselinux'
> make: *** [install] Error 1
>
> three areas where this could of been created
> update glibc
> updated kernel
> update userspace(altohugh there was not vary many commits in the pull).
Newer glibc headers expose a failure to #include the required headers
for stat(2). Also exposes a conflict in redefining close() in that
file. Patch below should fix.
/external/selinux/libselinux/src/label_file.c
|
| a4af847dc6f52688a25bb0323ff3b84b13dded67 |
|
11-Apr-2009 |
Hiroshi Shinji <hiroshi.shinji@gmail.com> |
Author: Hiroshi Shinji
Email: hiroshi.shinji@gmail.com
Subject: Memory leak in libselinux/src/label_file.c
Date: Fri, 3 Apr 2009 13:58:01 +0900
Hi,
I found memory leak in libselinux/src/label_file.c.
Please fix it.
Regards,
--
Hiroshi Shinji
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libselinux/src/label_file.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/label_file.c
|