libselinux/libselinux-rhat.patch
Daniel J Walsh 98a597a060 Merged fix warnings patch from Karl MacMillan.
Merged setrans client support from Dan Walsh. This removes use of
    libsetrans.
Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
Merged swig typemap fixes from Glauber de Oliveira Costa.
2006-05-08 14:08:21 +00:00

1328 lines
33 KiB
Diff

diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.30.3/include/selinux/setrans.h
--- nsalibselinux/include/selinux/setrans.h 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.30.3/include/selinux/setrans.h 2006-05-03 09:25:00.000000000 -0400
@@ -0,0 +1,32 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#ifndef _SETRANS_H
+#define _SETRANS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This must be called once, prior to calling any other
+ translation function.
+ Returns nonzero if translations cannot be performed,
+ or 0 otherwise. */
+int init_context_translations(void);
+
+/* Perform context translation.
+ Caller must free the resulting context.
+ Returns nonzero if error or 0 otherwise. */
+int translate_context(const char *, char **);
+int untranslate_context(const char *, char **);
+
+#ifdef __cplusplus
+}
+#endif
+
+#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
+
+#define SETRANS_INIT 1
+#define RAW_TO_TRANS_CONTEXT 2
+#define TRANS_TO_RAW_CONTEXT 3
+
+#endif /* _SETRANS_H */
diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c libselinux-1.30.3/src/canonicalize_context.c
--- nsalibselinux/src/canonicalize_context.c 2005-11-08 09:34:17.000000000 -0500
+++ libselinux-1.30.3/src/canonicalize_context.c 2006-05-03 11:00:33.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>
@@ -23,7 +22,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -64,22 +63,16 @@
security_context_t rcon = con;
security_context_t rcanoncon;
- if (context_translations && trans_to_raw_context(con, &rcon))
+
+ if (selinux_trans_to_raw_context(con, &rcon))
return -1;
ret = security_canonicalize_context_raw(rcon, &rcanoncon);
- if (context_translations) {
- freecon(rcon);
- if (!ret) {
- if (raw_to_trans_context(rcanoncon, canoncon)) {
- *canoncon = NULL;
- ret = -1;
- }
- freecon(rcanoncon);
- }
- } else if (!ret) {
- *canoncon = rcanoncon;
+ freecon(rcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
+ freecon(rcanoncon);
}
return ret;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.30.3/src/check_context.c
--- nsalibselinux/src/check_context.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/check_context.c 2006-05-03 10:59:57.000000000 -0400
@@ -32,13 +32,12 @@
int ret;
security_context_t rcon = con;
- if (context_translations && trans_to_raw_context(con, &rcon))
+ if (selinux_trans_to_raw_context(con, &rcon))
return -1;
ret = security_check_context_raw(rcon);
- if (context_translations)
- freecon(rcon);
+ freecon(rcon);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.30.3/src/compute_av.c
--- nsalibselinux/src/compute_av.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/compute_av.c 2006-05-03 11:00:48.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>
@@ -26,7 +25,7 @@
if (fd < 0)
return -1;
- len = PAGE_SIZE;
+ len = selinux_page_size;
buf = malloc(len);
if (!buf) {
ret = -1;
@@ -70,21 +69,17 @@
security_context_t rscon = scon;
security_context_t rtcon = tcon;
- if (context_translations) {
- if (trans_to_raw_context(scon, &rscon))
- return -1;
- if (trans_to_raw_context(tcon, &rtcon)) {
- freecon(rscon);
- return -1;
- }
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
}
ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
- if (context_translations) {
- freecon(rscon);
- freecon(rtcon);
- }
+ freecon(rscon);
+ freecon(rtcon);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.30.3/src/compute_create.c
--- nsalibselinux/src/compute_create.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/compute_create.c 2006-05-03 11:04:26.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>
@@ -25,7 +24,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -66,29 +65,21 @@
security_context_t rtcon = tcon;
security_context_t rnewcon;
- if (context_translations) {
- if (trans_to_raw_context(scon, &rscon))
- return -1;
- if (trans_to_raw_context(tcon, &rtcon)) {
- freecon(rscon);
- return -1;
- }
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
}
ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon);
- if (context_translations) {
- freecon(rscon);
- freecon(rtcon);
- if (!ret) {
- if (raw_to_trans_context(rnewcon, newcon)) {
- *newcon = NULL;
- ret = -1;
- }
- freecon(rnewcon);
- }
- } else if (!ret)
- *newcon = rnewcon;
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rnewcon, newcon);
+ freecon(rnewcon);
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.30.3/src/compute_member.c
--- nsalibselinux/src/compute_member.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/compute_member.c 2006-05-03 11:01:44.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>
@@ -25,7 +24,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -66,29 +65,24 @@
security_context_t rtcon = tcon;
security_context_t rnewcon;
- if (context_translations) {
- if (trans_to_raw_context(scon, &rscon))
- return -1;
- if (trans_to_raw_context(tcon, &rtcon)) {
- freecon(rscon);
- return -1;
- }
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
}
ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
- if (context_translations) {
- freecon(rscon);
- freecon(rtcon);
- if (!ret) {
- if (raw_to_trans_context(rnewcon, newcon)) {
- *newcon = NULL;
- ret = -1;
- }
- freecon(rnewcon);
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ if (selinux_raw_to_trans_context(rnewcon, newcon)) {
+ *newcon = NULL;
+ ret = -1;
}
- } else if (!ret)
- *newcon = rnewcon;
+ freecon(rnewcon);
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.30.3/src/compute_relabel.c
--- nsalibselinux/src/compute_relabel.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/compute_relabel.c 2006-05-03 11:04:30.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>
@@ -25,7 +24,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -66,29 +65,21 @@
security_context_t rtcon = tcon;
security_context_t rnewcon;
- if (context_translations) {
- if (trans_to_raw_context(scon, &rscon))
- return -1;
- if (trans_to_raw_context(tcon, &rtcon)) {
- freecon(rscon);
- return -1;
- }
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
}
ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
- if (context_translations) {
- freecon(rscon);
- freecon(rtcon);
- if (!ret) {
- if (raw_to_trans_context(rnewcon, newcon)) {
- *newcon = NULL;
- ret = -1;
- }
- freecon(rnewcon);
- }
- } else if (!ret)
- *newcon = rnewcon;
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ ret=selinux_raw_to_trans_context(rnewcon, newcon);
+ freecon(rnewcon);
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.30.3/src/compute_user.c
--- nsalibselinux/src/compute_user.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/compute_user.c 2006-05-03 11:02:16.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>
@@ -26,7 +25,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -82,24 +81,22 @@
int ret;
security_context_t rscon = scon;
- if (context_translations && trans_to_raw_context(scon, &rscon))
+ if (selinux_trans_to_raw_context(scon, &rscon))
return -1;
ret = security_compute_user_raw(rscon, user, con);
- if (context_translations) {
- freecon(rscon);
- if (!ret) {
- security_context_t *ptr, tmpcon;
- for (ptr = *con; *ptr; ptr++) {
- if (raw_to_trans_context(*ptr, &tmpcon)) {
- freeconary(*con);
- *con = NULL;
- return -1;
- }
- freecon(*ptr);
- *ptr = tmpcon;
+ freecon(rscon);
+ if (!ret) {
+ security_context_t *ptr, tmpcon;
+ for (ptr = *con; *ptr; ptr++) {
+ if (selinux_raw_to_trans_context(*ptr, &tmpcon)) {
+ freeconary(*con);
+ *con = NULL;
+ return -1;
}
+ freecon(*ptr);
+ *ptr = tmpcon;
}
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30.3/src/enabled.c
--- nsalibselinux/src/enabled.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/enabled.c 2006-05-02 14:48:35.000000000 -0400
@@ -5,7 +5,6 @@
#include <stdlib.h>
#include <errno.h>
#include <limits.h>
-#include <asm/page.h>
#include <stdio.h>
#include "policy.h"
@@ -22,7 +21,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
enabled = -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.3/src/fgetfilecon.c
--- nsalibselinux/src/fgetfilecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/fgetfilecon.c 2006-05-03 10:55:46.000000000 -0400
@@ -52,14 +52,10 @@
ret = fgetfilecon_raw(fd, &rcontext);
- if (context_translations && ret > 0) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (ret > 0) {
+ ret=selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (ret > 0)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.30.3/src/fsetfilecon.c
--- nsalibselinux/src/fsetfilecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/fsetfilecon.c 2006-05-03 11:02:20.000000000 -0400
@@ -18,13 +18,12 @@
int ret;
security_context_t rcontext = context;
- if (context_translations && trans_to_raw_context(context, &rcontext))
+ if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = fsetfilecon_raw(fd, rcontext);
- if (context_translations)
- freecon(rcontext);
+ freecon(rcontext);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30.3/src/getcon.c
--- nsalibselinux/src/getcon.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/getcon.c 2006-05-03 11:02:25.000000000 -0400
@@ -4,7 +4,6 @@
#include "selinux_internal.h"
#include <stdlib.h>
#include <errno.h>
-#include <asm/page.h>
#include "policy.h"
int getcon_raw(security_context_t *context)
@@ -18,7 +17,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -51,14 +50,13 @@
ret = getcon_raw(&rcontext);
- if (context_translations && !ret) {
- if (raw_to_trans_context(rcontext, context)) {
+ if (!ret) {
+ if (selinux_raw_to_trans_context(rcontext, context)) {
*context = NULL;
ret = -1;
}
freecon(rcontext);
- } else if (!ret)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.30.3/src/getexeccon.c
--- nsalibselinux/src/getexeccon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getexeccon.c 2006-05-03 11:04:35.000000000 -0400
@@ -3,7 +3,6 @@
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
@@ -18,7 +17,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -56,14 +55,10 @@
ret = getexeccon_raw(&rcontext);
- if (context_translations && !ret) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (!ret)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.3/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/getfilecon.c 2006-05-03 10:54:32.000000000 -0400
@@ -52,14 +52,10 @@
ret = getfilecon_raw(path, &rcontext);
- if (context_translations && ret > 0) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (ret > 0)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.30.3/src/getfscreatecon.c
--- nsalibselinux/src/getfscreatecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getfscreatecon.c 2006-05-03 11:04:45.000000000 -0400
@@ -3,7 +3,6 @@
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
@@ -18,7 +17,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -56,14 +55,10 @@
ret = getfscreatecon_raw(&rcontext);
- if (context_translations && !ret) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (!ret)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.30.3/src/getpeercon.c
--- nsalibselinux/src/getpeercon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getpeercon.c 2006-05-03 11:03:09.000000000 -0400
@@ -51,14 +51,10 @@
ret = getpeercon_raw(fd, &rcontext);
- if (context_translations && !ret) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (!ret)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.30.3/src/getpidcon.c
--- nsalibselinux/src/getpidcon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getpidcon.c 2006-05-03 11:03:33.000000000 -0400
@@ -4,7 +4,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
-#include <asm/page.h>
#include "selinux_internal.h"
#include "policy.h"
@@ -22,7 +21,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -55,14 +54,10 @@
ret = getpidcon_raw(pid, &rcontext);
- if (context_translations && !ret) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (!ret)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.30.3/src/getprevcon.c
--- nsalibselinux/src/getprevcon.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/getprevcon.c 2006-05-03 11:03:45.000000000 -0400
@@ -4,7 +4,6 @@
#include "selinux_internal.h"
#include <stdlib.h>
#include <errno.h>
-#include <asm/page.h>
#include "policy.h"
int getprevcon_raw(security_context_t *context)
@@ -18,7 +17,7 @@
if (fd < 0)
return -1;
- size = PAGE_SIZE;
+ size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
@@ -51,14 +50,10 @@
ret = getprevcon_raw(&rcontext);
- if (context_translations && !ret) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (!ret)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/src/init.c
--- nsalibselinux/src/init.c 2005-12-14 14:16:46.000000000 -0500
+++ libselinux-1.30.3/src/init.c 2006-05-03 10:30:57.000000000 -0400
@@ -4,15 +4,16 @@
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
-#include <asm/page.h>
#include <stdio.h>
#include <dlfcn.h>
+#include <unistd.h>
#include "dso.h"
#include "policy.h"
#include "selinux_internal.h"
char *selinux_mnt = NULL;
+int selinux_page_size=0;
static void init_selinuxmnt(void)
{
@@ -27,11 +28,12 @@
if (!fp)
return;
- size = PAGE_SIZE;
+ size = selinux_page_size;
+
buf = malloc(size);
if (!buf)
goto out;
-
+
memset(buf, 0, size);
while(( bufp = fgets_unlocked(buf, size, fp)))
@@ -75,65 +77,15 @@
}
hidden_def(set_selinuxmnt)
-int context_translations hidden;
-void *translation_lib_handle hidden;
-
-/* from libsetrans.c */
-extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp);
-extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp);
-
-
static void init_translations(void)
{
-#ifdef SHARED
- int (*lib_trans_init)(void) = NULL;
-
- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
- if (!translation_lib_handle)
- return;
-
- dlerror();
-
- lib_trans_init = dlsym(translation_lib_handle,
- "init_context_translations");
- if (dlerror() || lib_trans_init())
- return;
-
- lib_raw_to_trans_context = dlsym(translation_lib_handle,
- "translate_context");
- if (dlerror())
- return;
-
- lib_trans_to_raw_context = dlsym(translation_lib_handle,
- "untranslate_context");
- if (dlerror())
- return;
-
- context_translations = 1;
-#endif
-}
-
-static void fini_translations(void)
-{
-#ifdef SHARED
- context_translations = 0;
- if (translation_lib_handle) {
- int (*lib_trans_finish)(void) = NULL;
-
- lib_trans_finish = dlsym(translation_lib_handle,
- "finish_context_translations");
- if (! dlerror())
- lib_trans_finish();
-
- dlclose(translation_lib_handle);
- translation_lib_handle = NULL;
- }
-#endif
+ init_context_translations();
}
static void init_lib(void) __attribute__ ((constructor));
static void init_lib(void)
{
+ selinux_page_size = sysconf(_SC_PAGE_SIZE);
init_selinuxmnt();
init_translations();
}
@@ -141,6 +93,5 @@
static void fini_lib(void) __attribute__ ((destructor));
static void fini_lib(void)
{
- fini_translations();
fini_selinuxmnt();
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.3/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/lgetfilecon.c 2006-05-03 10:55:25.000000000 -0400
@@ -52,14 +52,10 @@
ret = lgetfilecon_raw(path, &rcontext);
- if (context_translations && ret > 0) {
- if (raw_to_trans_context(rcontext, context)) {
- *context = NULL;
- ret = -1;
- }
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
- } else if (ret > 0)
- *context = rcontext;
+ }
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.30.3/src/lsetfilecon.c
--- nsalibselinux/src/lsetfilecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/lsetfilecon.c 2006-05-03 11:03:50.000000000 -0400
@@ -18,13 +18,12 @@
int ret;
security_context_t rcontext = context;
- if (context_translations && trans_to_raw_context(context, &rcontext))
+ if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = lsetfilecon_raw(path, rcontext);
- if (context_translations)
- freecon(rcontext);
+ freecon(rcontext);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.30.3/src/matchmediacon.c
--- nsalibselinux/src/matchmediacon.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/matchmediacon.c 2006-05-03 11:03:54.000000000 -0400
@@ -59,13 +59,10 @@
return -1;
}
- if (context_translations) {
- if (raw_to_trans_context(ptr2, con)) {
- *con = NULL;
- return -1;
- }
- } else
- *con = strdup(ptr2);
+ if (selinux_raw_to_trans_context(ptr2, con)) {
+ *con = NULL;
+ return -1;
+ }
return 0;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.3/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2006-04-14 07:21:23.000000000 -0400
+++ libselinux-1.30.3/src/matchpathcon.c 2006-05-03 11:04:01.000000000 -0400
@@ -591,19 +591,14 @@
if (myflags & MATCHPATHCON_NOTRANS)
goto skip_trans;
- if (context_translations) {
- if (raw_to_trans_context(context, &tmpcon)) {
- myprintf("%s: line %u has invalid "
- "context %s\n",
- path, lineno, context);
- return 0;
- }
- free(context);
- context = tmpcon;
- } else {
- if (STRIP_LEVEL(&context, mls_enabled))
- return -1;
+ if (selinux_raw_to_trans_context(context, &tmpcon)) {
+ myprintf("%s: line %u has invalid "
+ "context %s\n",
+ path, lineno, context);
+ return 0;
}
+ free(context);
+ context = tmpcon;
skip_trans:
if (myflags & MATCHPATHCON_VALIDATE) {
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.3/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h 2005-12-01 10:10:32.000000000 -0500
+++ libselinux-1.30.3/src/selinux_internal.h 2006-05-03 10:56:53.000000000 -0400
@@ -65,9 +65,6 @@
hidden_proto(selinux_translations_path);
hidden_proto(selinux_getenforcemode);
-extern int context_translations hidden;
-extern int hidden trans_to_raw_context(char *trans, char **rawp);
-extern int hidden raw_to_trans_context(char *raw, char **transp);
-
extern int load_setlocaldefs hidden;
extern int require_seusers hidden;
+extern int selinux_page_size hidden;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.30.3/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2006-04-14 07:21:23.000000000 -0400
+++ libselinux-1.30.3/src/selinuxswig.i 2006-05-02 13:08:05.000000000 -0400
@@ -28,9 +28,18 @@
%typemap(in, numinputs=0) security_context_t *(security_context_t temp) {
$1 = &temp;
}
-%typemap(argout) security_context_t * {
- $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1));
+%typemap(argout) security_context_t * (char *temp) {
+ if (*$1)
+ temp = *$1;
+ else
+ temp = "";
+ $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp));
+}
+
+%typemap(in) security_context_t {
+ $1 = (security_context_t)PyString_AsString($input);
}
+
%typedef unsigned mode_t;
extern int is_selinux_enabled(void);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.30.3/src/setcon.c
--- nsalibselinux/src/setcon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/setcon.c 2006-05-03 11:04:05.000000000 -0400
@@ -32,13 +32,12 @@
int ret;
security_context_t rcontext = context;
- if (context_translations && trans_to_raw_context(context, &rcontext))
+ if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = setcon_raw(rcontext);
- if (context_translations)
- freecon(rcontext);
+ freecon(rcontext);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.30.3/src/setexeccon.c
--- nsalibselinux/src/setexeccon.c 2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/setexeccon.c 2006-05-03 11:04:09.000000000 -0400
@@ -28,13 +28,12 @@
int ret;
security_context_t rcontext = context;
- if (context_translations && trans_to_raw_context(context, &rcontext))
+ if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = setexeccon_raw(rcontext);
- if (context_translations)
- freecon(rcontext);
+ freecon(rcontext);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.30.3/src/setfilecon.c
--- nsalibselinux/src/setfilecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/setfilecon.c 2006-05-03 11:04:13.000000000 -0400
@@ -18,13 +18,12 @@
int ret;
security_context_t rcontext = context;
- if (context_translations && trans_to_raw_context(context, &rcontext))
+ if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = setfilecon_raw(path, rcontext);
- if (context_translations)
- freecon(rcontext);
+ freecon(rcontext);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.30.3/src/setfscreatecon.c
--- nsalibselinux/src/setfscreatecon.c 2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/setfscreatecon.c 2006-05-03 11:04:17.000000000 -0400
@@ -28,13 +28,12 @@
int ret;
security_context_t rcontext = context;
- if (context_translations && trans_to_raw_context(context, &rcontext))
+ if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = setfscreatecon_raw(rcontext);
- if (context_translations)
- freecon(rcontext);
+ freecon(rcontext);
return ret;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.3/src/setrans_client.c
--- nsalibselinux/src/setrans_client.c 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.30.3/src/setrans_client.c 2006-05-03 10:56:24.000000000 -0400
@@ -0,0 +1,246 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <netdb.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
+#include "selinux/setrans.h"
+#include "dso.h"
+
+
+/*
+ * setransd_open
+ *
+ * This function opens a socket to the setransd.
+ * Returns: on success, a file descriptor ( >= 0 ) to the socket
+ * on error, a negative value
+ */
+static int
+setransd_open(void)
+{
+ struct sockaddr_un addr;
+ int fd;
+
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd < 0) {
+ return -1;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strcpy(addr.sun_path, SETRANS_UNIX_SOCKET);
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ close(fd);
+ return -1;
+ }
+
+ return fd;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+send_request(int fd, uint32_t function, const char *data1, const char *data2)
+{
+ struct iovec req_hdr[4];
+ uint32_t data1_size;
+ uint32_t data2_size;
+ struct iovec req_data[2];
+ ssize_t count;
+
+ if (fd < 0)
+ return -1;
+
+ if (!data1)
+ data1 = "";
+ if (!data2)
+ data2 = "";
+
+ data1_size = strlen(data1) + 1;
+ data2_size = strlen(data2) + 1;
+
+ req_hdr[0].iov_base = &function;
+ req_hdr[0].iov_len = sizeof(function);
+ req_hdr[1].iov_base = &data1_size;
+ req_hdr[1].iov_len = sizeof(data1_size);
+ req_hdr[2].iov_base = &data2_size;
+ req_hdr[2].iov_len = sizeof(data2_size);
+
+ while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR));
+ if (count != (sizeof(function) + sizeof(data1_size) +
+ sizeof(data2_size) )) {
+ return -1;
+ }
+
+ req_data[0].iov_base = (char *)data1;
+ req_data[0].iov_len = data1_size;
+ req_data[1].iov_base = (char *)data2;
+ req_data[1].iov_len = data2_size;
+
+ while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR));
+ if (count < 0 || (uint32_t)count != (data1_size + data2_size)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+receive_response(int fd, uint32_t function, char **outdata, int32_t *ret_val)
+{
+ struct iovec resp_hdr[3];
+ uint32_t func;
+ uint32_t data_size;
+ char *data;
+ struct iovec resp_data;
+ ssize_t count;
+
+ if (fd < 0)
+ return -1;
+
+ resp_hdr[0].iov_base = &func;
+ resp_hdr[0].iov_len = sizeof(func);
+ resp_hdr[1].iov_base = &data_size;
+ resp_hdr[1].iov_len = sizeof(data_size);
+ resp_hdr[2].iov_base = ret_val;
+ resp_hdr[2].iov_len = sizeof(*ret_val);
+
+ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR));
+ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
+ return -1;
+ }
+
+ if (func != function || !data_size) {
+ return -1;
+ }
+
+ data = malloc(data_size);
+ if (!data) {
+ return -1;
+ }
+
+ resp_data.iov_base = data;
+ resp_data.iov_len = data_size;
+
+ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR));
+ if (count < 0 || (uint32_t)count != data_size || data[data_size - 1] != '\0') {
+ free(data);
+ return -1;
+ }
+
+ *outdata = data;
+ return 0;
+}
+
+static int raw_to_trans_context(char *raw, char **transp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *transp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+
+ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+out:
+ close(fd);
+ return ret;
+}
+
+static int trans_to_raw_context(char *trans, char **rawp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *rawp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+out:
+ close(fd);
+ return ret_val;
+}
+
+
+int
+init_context_translations(void)
+{
+ int ret, fd;
+ int32_t ret_val;
+ char *out = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+
+ ret = send_request(fd, SETRANS_INIT, NULL, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, SETRANS_INIT, &out, &ret_val);
+ free(out);
+ if (!ret)
+ ret = ret_val;
+out:
+ close(fd);
+ return ret;
+}
+
+
+int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t *rawp)
+{
+ if (!trans) {
+ *rawp = NULL;
+ return 0;
+ }
+
+ if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
+ return *rawp ? 0 : -1;
+}
+
+int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t *transp)
+{
+ if (!raw) {
+ *transp = NULL;
+ return 0;
+ }
+
+ if (raw_to_trans_context(raw, transp))
+ *transp = strdup(raw);
+
+ return *transp ? 0 : -1;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.3/src/setrans_internal.h
--- nsalibselinux/src/setrans_internal.h 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.30.3/src/setrans_internal.h 2006-05-03 09:18:19.000000000 -0400
@@ -0,0 +1,8 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#define SETRANS_UNIX_SOCKET "/var/.setrans-unix"
+
+#define SETRANS_INIT 1
+#define RAW_TO_TRANS_CONTEXT 2
+#define TRANS_TO_RAW_CONTEXT 3
+
diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.30.3/src/trans.c
--- nsalibselinux/src/trans.c 2005-08-31 12:33:10.000000000 -0400
+++ libselinux-1.30.3/src/trans.c 1969-12-31 19:00:00.000000000 -0500
@@ -1,59 +0,0 @@
-#include "selinux_internal.h"
-#include <string.h>
-
-int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden;
-int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden;
-
-int hidden trans_to_raw_context(char *trans, char **rawp)
-{
- *rawp = NULL;
- if (!trans)
- return 0;
-
- if (trans && lib_trans_to_raw_context(trans, rawp))
- *rawp = strdup(trans);
-
- return *rawp ? 0 : -1;
-}
-
-int selinux_trans_to_raw_context(security_context_t trans,
- security_context_t *rawp)
-{
- if (context_translations)
- return trans_to_raw_context(trans, rawp);
-
- if (!trans) {
- *rawp = NULL;
- return 0;
- }
-
- *rawp = strdup(trans);
- return *rawp ? 0 : -1;
-}
-
-int hidden raw_to_trans_context(char *raw, char **transp)
-{
- *transp = NULL;
- if (!raw)
- return 0;
-
- if (raw && lib_raw_to_trans_context(raw, transp))
- *transp = strdup(raw);
-
- return *transp ? 0 : -1;
-}
-
-int selinux_raw_to_trans_context(security_context_t raw,
- security_context_t *transp)
-{
- if (context_translations)
- return raw_to_trans_context(raw, transp);
-
- if (!raw) {
- *transp = NULL;
- return 0;
- }
-
- *transp = strdup(raw);
- return *transp ? 0 : -1;
-}