rpms/libselinux
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go

Browse Source 
- Add Int_to_mcs function to generate MCS labels from integers.
This commit is contained in:
Dan Walsh 2014-01-24 11:10:54 -05:00
parent 0aa8cbe3ec
commit ee8c867b33
2 changed files with 164 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
libselinux-rhat.patch
View File

@ -10,14 +10,14 @@ index fd4f0b1..51469bc 100644
DISABLE_SETRANS ?= n
diff --git a/libselinux/golang/Makefile b/libselinux/golang/Makefile
new file mode 100644
index 0000000..e0be66f
index 0000000..ad3e481
--- /dev/null
+++ b/libselinux/golang/Makefile
@@ -0,0 +1,17 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+GODIR ?= $(PREFIX)/share/gocode/src/selinux
+
+LIBDIR ?= $(DESTDIR)/usr/lib
+GODIR ?= $(LIBDIR)/golang/src/pkg/github.com/selinux
+all:
+
+install:
@ -33,10 +33,10 @@ index 0000000..e0be66f
+relabel:
diff --git a/libselinux/golang/selinux.go b/libselinux/golang/selinux.go
new file mode 100644
index 0000000..018c955
index 0000000..9e7fdb3
--- /dev/null
+++ b/libselinux/golang/selinux.go
@@ -0,0 +1,282 @@
@@ -0,0 +1,302 @@
+package selinux
+
+/*
@ -183,6 +183,24 @@ index 0000000..018c955
+ return mcs_list[mcs]
+}
+
+func Int_to_mcs(id int, catRange uint32) string {
+ if ((id < 1) || (id >523776)) {
+ return "";
+ }
+
+ SETSIZE := int(catRange);
+ TIER := SETSIZE;
+
+ ORD := id;
+ for ;ORD > TIER; {
+ ORD = ORD - TIER;
+ TIER -= 1;
+ }
+ TIER = SETSIZE - TIER;
+ ORD = ORD + TIER;
+ return fmt.Sprintf("s0:c%d,c%d", TIER, ORD);
+}
+
+func uniq_mcs(catRange uint32) string {
+ var n uint32
+ var c1,c2 uint32
@ -264,7 +282,7 @@ index 0000000..018c955
+ }
+exit:
+ var scon Context
+ mcs := uniq_mcs(1024)
+ mcs := Int_to_mcs(os.Getpid(), 1024)
+ scon = New_context(process_label)
+ scon.Set_level(mcs)
+ process_label = scon.Get()
@ -314,10 +332,12 @@ index 0000000..018c955
+ } else {
+ fmt.Println("Disabled")
+ }
+ fmt.Println(Selinux_getenforce())
+ fmt.Println(Selinux_getenforcemode())
+ fmt.Println("getenforce ", Selinux_getenforce())
+ fmt.Println("getenforcemode ", Selinux_getenforcemode())
+ flabel,_ = Matchpathcon("/home/dwalsh/.emacs", 0)
+ fmt.Println(flabel)
+ pid := os.Getpid()
+ fmt.Printf("PID:%d MCS:%s\n", pid, Int_to_mcs(pid, 1023))
+}
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 02dd829..6dfdb46 100644
@ -332,6 +352,134 @@ index 02dd829..6dfdb46 100644
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
index 0b696bb..506e236 100644
--- a/libselinux/src/avc_sidtab.c
+++ b/libselinux/src/avc_sidtab.c
@@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s,
int hvalue, rc = 0;
struct sidtab_node *cur;
+ if (! ctx) {
+ errno=EINVAL;
+ return -1;
+ }
+
*sid = NULL;
hvalue = sidtab_hash(ctx);
diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
index 176c45a..6075025 100644
--- a/libselinux/src/canonicalize_context.c
+++ b/libselinux/src/canonicalize_context.c
@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const security_context_t con,
size_t size;
int fd, ret;
+ if (! con) {
+ errno=EINVAL;
+ return -1;
+ }
+
if (!selinux_mnt) {
errno = ENOENT;
return -1;
diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
index 33ab5e3..1277bdd 100644
--- a/libselinux/src/check_context.c
+++ b/libselinux/src/check_context.c
@@ -14,6 +14,11 @@ int security_check_context_raw(const security_context_t con)
char path[PATH_MAX];
int fd, ret;
+ if (! con) {
+ errno=EINVAL;
+ return -1;
+ }
+
if (!selinux_mnt) {
errno = ENOENT;
return -1;
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
index 5962c0b..61ea454 100644
--- a/libselinux/src/compute_av.c
+++ b/libselinux/src/compute_av.c
@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const security_context_t scon,
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/access", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
index 3c05be3..34a1ccd 100644
--- a/libselinux/src/compute_create.c
+++ b/libselinux/src/compute_create.c
@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const security_context_t scon,
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/create", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
index dad0a77..7850986 100644
--- a/libselinux/src/compute_member.c
+++ b/libselinux/src/compute_member.c
@@ -25,6 +25,11 @@ int security_compute_member_raw(const security_context_t scon,
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/member", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
index 656f00a..2560e78 100644
--- a/libselinux/src/compute_relabel.c
+++ b/libselinux/src/compute_relabel.c
@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const security_context_t scon,
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
index 3b39ddd..af20735 100644
--- a/libselinux/src/compute_user.c
+++ b/libselinux/src/compute_user.c
@@ -24,6 +24,11 @@ int security_compute_user_raw(const security_context_t scon,
return -1;
}
+ if (! scon) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/user", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
index 9963f7a..37f9d74 100644
--- a/libselinux/src/fsetfilecon.c
@ -352,7 +500,7 @@ index 9963f7a..37f9d74 100644
security_context_t ccontext = NULL;
int err = errno;
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index e419f1a..fdeca93 100644
index e419f1a..275672d 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -16,6 +16,82 @@

10
libselinux.spec
View File

@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.2.2
Release: 2%{?dist}
Release: 3%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@ -213,9 +213,9 @@ rm -rf %{buildroot}
%defattr(-,root,root,-)
%{_libdir}/libselinux.so
%{_libdir}/pkgconfig/libselinux.pc
%dir %{_libdir}/golang/src/pkg/github.com/selinux
%{_libdir}/golang/src/pkg/github.com/selinux/selinux.go
%dir %{_includedir}/selinux
%dir %{_datadir}/gocode/src/selinux
%{_datadir}/gocode/src/selinux/selinux.go
%{_includedir}/selinux/*
%{_mandir}/man3/*
@ -243,6 +243,10 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
* Fri Jan 24 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-3
- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go
- Add Int_to_mcs function to generate MCS labels from integers.
* Tue Jan 14 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-2
- Add ghost flag for /var/run/setrans