554b7e4e82ee4b23155ade680c985e2f657c208a |
|
03-May-2017 |
Sandeep Patil <sspatil@google.com> |
Revert "Revert "move file_context APIs out of libselinux_vendor"" This reverts commit 379af6c574b0981035f6f42e3130652d7c3ba789. Also make sure label_file.c is compiled in all targets that libselinux is built for. Bug: 37343404 Bug: 37919668 Test: Build and boot Change-Id: I7e06ad6cad13d157ba1fb6bfd23ce9ceddf3ba79 Signed-off-by: Sandeep Patil <sspatil@google.com>
/external/selinux/libselinux/src/label.c
|
379af6c574b0981035f6f42e3130652d7c3ba789 |
|
03-May-2017 |
Nick Kralevich <nnk@google.com> |
Revert "move file_context APIs out of libselinux_vendor" MAC builds have the following compile error: Undefined symbols for architecture x86_64: "_selabel_file_init", referenced from: _initfuncs in label.o ld: symbol(s) not found for architecture x86_64 clang.real: error: linker command failed with exit code 1 (use -v to see invocation) Reverting patchset. This reverts commit 17430be32e2b6b5fd90b95057159a2a65ea790f5. Test: code compiles Change-Id: If6a5182f2b42a5de637d8867979906685a21e165
/external/selinux/libselinux/src/label.c
|
17430be32e2b6b5fd90b95057159a2a65ea790f5 |
|
01-May-2017 |
Sandeep Patil <sspatil@google.com> |
move file_context APIs out of libselinux_vendor libselinux_vendor does not need any file_context handling and so make those APIs part of platform libselinux and remove them out of vendor. This will also let us remove the PCRE2 dependency from libselinux_vendor Bug: 37343404 Test: Build and boot Change-Id: I7aa3c03e471fc1cf130270c922d2f0922ee87e3a Signed-off-by: Sandeep Patil <sspatil@google.com>
/external/selinux/libselinux/src/label.c
|
2cc30d6029d52690bf01b2dc4a04d8af3a49261f |
|
12-Apr-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Merge remote-tracking branch 'aosp/upstream-master' into mymerge Bug: 36508258 Test: build and boot Marlin. Change-Id: Ic5f92ad304dca23ddbfaaffd86489f3a556f9a1e
|
64afa1aff1cd610d2493f780e2a44b551f668b84 |
|
11-Dec-2016 |
Nick Kralevich <nnk@google.com> |
libselinux: add O_CLOEXEC Makes libselinux safer and less likely to leak file descriptors when used as part of a multithreaded program. Signed-off-by: Nick Kralevich <nnk@google.com>
/external/selinux/libselinux/src/label.c
|
55b5b7a646589f2eb3b77ab4f58ccc1d2b010727 |
|
07-Apr-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libselinux: do not dereference a NULL pointer when calloc() fails selabel_is_digest_set() contains the following code: digest = calloc(1, sizeof(*digest)); if (!digest) goto err; /* ... */ err: free(digest->digest); If calloc() failed, digest is NULL but is dereferenced when the execution jumps to label err. Check that digest is not NULL before freeing its fields. This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libselinux/src/label.c
|
50400d38203e4db08314168e60c281cc61a717a8 |
|
12-Dec-2016 |
dcashman <dcashman@google.com> |
Add ability to specify multiple input files to the selabel_open. The file_contexts labeling backend, specified in label_file.c, currently assumes that only one path will be specified as an option to selabel_open(). The split of platform and non-platform policy on device, however, will necessitate the loading of two disparate policy files. Rather than combining the files and then calling the existing API on a newly-formed file, just add the ability to specify multiple files to use. Order of opt specification to selabel_open matters. update: Fixed a double-free in the original change that caused the updater to randomly crash during OTA (b/33938747) Bug: 31363362 Bug: 33938747 Test: Device builds and boots w/no additional denials with split context files. Test: Angler can successfully finish sideloaded OTA with updater binary that is with this change Change-Id: I85cd1525990f6ad054861e62327bd9c2aac03b02 Signed-off-by: Daniel Cashman <dcashman@google.com> Signed-off-by: Sandeep Patil <sspatil@google.com>
/external/selinux/libselinux/src/label.c
|
66e671111140090a1452db969fc2913c9561c10f |
|
30-Dec-2016 |
Tianjie Xu <xunchang@google.com> |
Revert "Add ability to specify multiple input files to the selabel_open." This reverts commit da7b3079f5053dc233b83c570362cb29db8ab2c5. Change-Id: I1c9aebcedead1473720ab26102f12d71d7edbee5
/external/selinux/libselinux/src/label.c
|
da7b3079f5053dc233b83c570362cb29db8ab2c5 |
|
12-Dec-2016 |
dcashman <dcashman@google.com> |
Add ability to specify multiple input files to the selabel_open. The file_contexts labeling backend, specified in label_file.c, currently assumes that only one path will be specified as an option to selabel_open(). The split of platform and non-platform policy on device, however, will necessitate the loading of two disparate policy files. Rather than combining the files and then calling the existing API on a newly-formed file, just add the ability to specify multiple files to use. Order of opt specification to selabel_open matters. Bug: 31363362 Test: Device builds and boots w/no additional denials with split context files. Change-Id: I85cd1525990f6ad054861e62327bd9c2aac03b02
/external/selinux/libselinux/src/label.c
|
e029ace4d92eee8ba0990e1afbe356ae77b114cc |
|
29-Sep-2016 |
Janis Danisevskis <jdanis@android.com> |
libselinux: makes android label back ends configurable Android label back ends are now configurable by NO_ANDROID_BACKEND, which is set if on ANDROID_HOST != y. Signed-off-by: Janis Danisevskis <jdanis@android.com>
/external/selinux/libselinux/src/label.c
|
6dd85b9e0e1d0e875263cc8cba3e3d4383974700 |
|
29-Sep-2016 |
Janis Danisevskis <jdanis@android.com> |
libselinux: android: fix lax service context lookup We use the same lookup function for service contexts that we use for property contexts. However, property contexts are namespace based and only compare the prefix. This may lead to service associations with a wrong label. This patch introduces a new back end for android services with a stricter lookup function. Now the service name must match the key of the service label exactly. Signed-off-by: Janis Danisevskis <jdanis@android.com>
/external/selinux/libselinux/src/label.c
|
84d07ebd48c85902c8ac54359f2b345881f64ad2 |
|
26-Sep-2016 |
William Roberts <william.c.roberts@intel.com> |
libselinux: introduce configurable backends On Android for both the host build, and the target, certain backends are not needed: - X Backend - DB Backend - Media Backend Introduce the following defines for removing them from the built library: - NO_X_BACKEND - NO_DB_BACKEND - NO_MEDIA_BACKEND When configured with these options and an attempt is made to use them, selabel_open() will return ENOTSUP. Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label.c
|
90c2d42e033f8c83bfb1f236df788287650f8042 |
|
27-Oct-2015 |
William Roberts <william.c.roberts@intel.com> |
libselinux: label_file: fix memory leaks and uninitialized jump Some error's were reported by valgrind (below) fix them. The test cases on which these leaks were detected: 1. properly formed file_contexts file. 2. malformed file_contexts file, unknown type. 3. malformed file_contexts file, type that fails on validate callback. 4. malformed file_contexts file, invalid regex. 5. malformed file_contexts file, invalid mode. ==3819== Conditional jump or move depends on uninitialised value(s) ==3819== at 0x12A682: closef (label_file.c:577) ==3819== by 0x12A196: selabel_close (label.c:163) ==3819== by 0x10A2FD: cleanup (checkfc.c:218) ==3819== by 0x5089258: __run_exit_handlers (exit.c:82) ==3819== by 0x50892A4: exit (exit.c:104) ==3819== by 0x10A231: main (checkfc.c:361) ==3819== Uninitialised value was created by a heap allocation ==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x12BB31: process_file (label_file.h:273) ==3819== by 0x12A2BA: selabel_file_init (label_file.c:522) ==3819== by 0x12A0BB: selabel_open (label.c:88) ==3819== by 0x10A038: main (checkfc.c:292) ==3819== ==3819== ==3819== HEAP SUMMARY: ==3819== in use at exit: 729 bytes in 19 blocks ==3819== total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated ==3819== ==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2 ==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x50D5839: strdup (strdup.c:42) ==3819== by 0x12A2A6: selabel_file_init (label_file.c:517) ==3819== by 0x12A0BB: selabel_open (label.c:88) ==3819== by 0x10A038: main (checkfc.c:292) ==3819== ==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x12A1D2: selabel_file_init (label_file.c:886) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x50D5839: strdup (strdup.c:42) ==4238== by 0x12A2A6: selabel_file_init (label_file.c:517) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x50D5889: strndup (strndup.c:45) ==4238== by 0x12CDDF: read_spec_entries (label_support.c:37) ==4238== by 0x12B72D: process_file (label_file.h:392) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6 ==4238== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x117C9B: avtab_insert_node (avtab.c:105) ==4238== by 0x117C10: avtab_insert (avtab.c:163) ==4238== by 0x11880A: avtab_read_item (avtab.c:566) ==4238== by 0x118BD3: avtab_read (avtab.c:600) ==4238== by 0x125BDD: policydb_read (policydb.c:3854) ==4238== by 0x109F87: main (checkfc.c:273) ==4238== ==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217) ==4238== by 0x12B239: compile_regex (label_file.h:357) ==4238== by 0x12B9C7: process_file (label_file.h:429) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x13EBE5: pcre_study (pcre_study.c:1565) ==4238== by 0x12B25D: compile_regex (label_file.h:366) ==4238== by 0x12B9C7: process_file (label_file.h:429) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libselinux/src/label.c
|
e40bbea95f555fe9708cbbc39895bd67a8ac6c48 |
|
30-Sep-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add selabel_digest function selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during selabel_open(3) will return an SHA1 digest of the spec files, plus a list of the specfiles used to calculate the digest. There is a test utility supplied that will demonstrate the functionality. The use case for selabel_digest(3) is to implement an selinux_restorecon function based on the Android version that writes a hash of the file_contexts files to an extended attribute to enhance performance (see external/libselinux/src/android.c selinux_android_restorecon()). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label.c
|
6f295008efd72baac05ecd88587b706e50a77e49 |
|
05-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: add selabel_cmp interface and label_file backend Add a selabel_cmp() interface for comparing two label configurations, and implement it for the file backend (i.e. for file_contexts). This allows comparing two file_contexts configurations to see if the first is a subset of, equal/identical to, a superset of, or incomparable to the second. The motivating use case is to allow comparing two file_contexts.bin files in Android CTS to confirm that a device file_contexts.bin file contains all of the entries in the AOSP general file_contexts. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label.c
|
f2cd2f821fa34e8c7a12744626e19208463aa4e2 |
|
10-Jul-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add const to selinux_opt for label backends. Change selabel_open and label backends to take a 'const struct selinux_opt' argument. This work has already been done for the Android version components. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/libselinux/src/label.c
|
e7f970ffd1a8dbb26051405719a2288d34e856f6 |
|
06-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add selabel partial and best match APIs Add support for new API functions selabel_partial_match and selabel_lookup_best_match ported from the Android libselinux fork. Add supporting man(3) pages and test utilities: selabel_lookup, selabel_lookup_best_match and selabel_partial_match. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/label.c
|
9eb9c9327563014ad6a807814e7975424642d5b9 |
|
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/label.c
|
22671378f1ace857be4697a3b3aaf1645076d398 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Fix label substituion to work with the equiv path of "/" Software collections are setting up equiv directories to the root directory.
/external/selinux/libselinux/src/label.c
|
fd56c5230cea6b81fbe74d1d0a228936a6797923 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Separate out the calling of local subs and dist subs in selabel_sub We want to allow users to setup their substitions to run fist and then run the distro subs second. This fixes the problem where a user defines a sub like /usr/local/foobar and we ignore it. We need this for software collections which is setting up local subs of /opt/src/foobar/root /
/external/selinux/libselinux/src/label.c
|
cfc492cf11e1b641e2a0478907d56a17b771a067 |
|
31-May-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
libselinux: New Android property labeling backend This is already in the android repo. This is here to prevent potential conflicts of the selabel indices, and possibly with an eye toward an eventual reunification of the two libselinuxes down the road. Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label.c
|
2ca19f3f676a2747a38cf2d7dcf5037ccc8a9eb1 |
|
25-May-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: asprintf return code must be checked Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label.c
|
16a37c9f94c1e2dfb865e17e4200d2824d4971f5 |
|
19-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux - correct selabel invalid context logging When selabel_lookup found an invalid context with validation enabled, it always stated it was 'file_contexts' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label.c
|
023c9c1fdee963606d830b70db108bd9031390f4 |
|
03-Oct-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: label: cosmetic cleanups Return early to save an indent. Clean up all memory on ENOMEM conditions. Use '\0' instead of 0 for nul terminiator. Style changes to make Eric happy. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label.c
|
441cf2ea924c13ed5002012aadd128f71d9e9c9d |
|
18-Apr-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: selabel_open fix processing of substitution files libselinux selabel_open function always processed the substitution files (if installed) from the active policy contexts/files/file_contexts.subs and subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This patch now processes the correct subs files when selabel_open is called with SELABEL_CTX_FILE. The other backends could also process their own substitution files if needed in their own areas. [move the init declaration to label_internal.h - eparis] Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/label.c
|
20b43b3fd3d392c4f12a963a4e46c264e7ed5163 |
|
06-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch adds a new subs_dist file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The idea is to allow distributions to ship a subs file as well as let the user modify subs. In F16 we are looking at shipping a file_contexts.subs_dist file like this cat file_contexts.subs_dist /run /var/run /run/lock /var/lock /var/run/lock /var/lock /lib64 /lib /usr/lib64 /usr/lib The we will remove all (64)? from policy. This will allow us to make sure all /usr/lib/libBLAH is labeled the same as /usr/lib64/libBLAH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c1ksACgkQrlYvE4MpobNXcQCgqgAiQJxmwa1+NdIq8E3tQRp6 QT0An0ihA60di9CRsEqEdVbSaHOwtte5 =LXgd -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libselinux/src/label.c
|
a00fd94a46e92a233f4e613660e9962918f28207 |
|
03-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
selabel: Store substitution data in the handle instead of globally. This is for thread safety. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/label.c
|
70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83 |
|
15-Mar-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
This patch allows selabel_*() interfaces to provide an expected security context for the given database object identified by its name and object class. It is necessary to implement a feature something like the restorecon on databases. The specfile shall be described as follows: ------------------------ # # The specfile for database objects # (for SE-PostgreSQL) # # <object class> <object name> <security context> # db_database * system_u:object_r:sepgsql_db_t:s0 db_schema *.pg_catalog system_u:obejct_r:sepgsql_sys_schema_t:s0 db_schema *.* system_u:object_r:sepgsql_schema_t:s0 db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0 db_table *.*.* system_u:object_r:sepgsql_table_t:s0 ------------------------ - All the characters after the '#' are ignored. - Wildcards ('*' and '?') are available. - It returns the first match security context. Note that hierarchy of the namespace of database objects depends on RDBMS. So, author of the specfile needs to write correct patterns which are suitable for the target RDBMS. The patched selabel_*() interfaces don't have any heuristics for the namespace hierarchy to be suitable for widespread RDBMSs. In the case of SE-PgSQL, when we lookup an expected security context for the 'my_table' table in the 'public' schema and 'postgres' database, the caller shall provide 'postgres.public.my_table' as a key. In the default, it tries to read a specfile which maps database objects and security context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts. Note that when another RDBMS uses this interface, it needs to give an explicit SELABEL_OPT_PATH option on the selabel_open(). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/label.c
|
20271d94ed2b26b94b052ba6ed90b63566cecbb7 |
|
04-Jun-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: SELinux context patch Date: Mon, 18 May 2009 14:16:12 -0400 This patch adds context files for virtual_domain and virtual_image, these are both being used to locat the default context to be executed by svirt. I also included the subs patch which I submitted before. This patch allows us to substitute prefixes to matchpathcon. So we can say /export/home == /home and /web == /var/www Author: Chad Sellers Email: csellers@tresys.com Flipped free()'s in original patch when strdup'd fail to proper order. Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libselinux/src/label.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/label.c
|