libsepol-2.5-6
- Change logic of bounds checking to match change in kernel - Fix multiple spelling errors
This commit is contained in:
parent
d88ffa19a4
commit
0a1d1e58aa
|
@ -1,8 +1,8 @@
|
|||
diff --git libsepol-2.5/Android.mk libsepol-2.5/Android.mk
|
||||
index a43b343..5d2c96b 100644
|
||||
index a43b343..6d89f17 100644
|
||||
--- libsepol-2.5/Android.mk
|
||||
+++ libsepol-2.5/Android.mk
|
||||
@@ -64,6 +64,7 @@ cil_src_files := \
|
||||
@@ -64,14 +64,11 @@ cil_src_files := \
|
||||
cil/src/cil_verify.c
|
||||
|
||||
common_cflags := \
|
||||
|
@ -10,11 +10,21 @@ index a43b343..5d2c96b 100644
|
|||
-Wall -W -Wundef \
|
||||
-Wshadow -Wmissing-noreturn \
|
||||
-Wmissing-format-attribute
|
||||
|
||||
-ifeq ($(HOST_OS), darwin)
|
||||
-common_cflags += -DDARWIN
|
||||
-endif
|
||||
-
|
||||
common_includes := \
|
||||
$(LOCAL_PATH)/include/ \
|
||||
$(LOCAL_PATH)/src/ \
|
||||
diff --git libsepol-2.5/ChangeLog libsepol-2.5/ChangeLog
|
||||
index ace3d54..12e2ebc 100644
|
||||
index ace3d54..2abcff4 100644
|
||||
--- libsepol-2.5/ChangeLog
|
||||
+++ libsepol-2.5/ChangeLog
|
||||
@@ -1,3 +1,12 @@
|
||||
@@ -1,3 +1,14 @@
|
||||
+ * Change logic of bounds checking to match change in kernel, from James Carter.
|
||||
+ * Fix multiple spelling errors, from Laurent Bigonville.
|
||||
+ * Only apply bounds checking to source types in rules, from Stephen Smalley.
|
||||
+ * Fix CIL and not add an attribute as a type in the attr_type_map, from James Carter
|
||||
+ * Build policy on systems not supporting DCCP protocol, from Richard Haines.
|
||||
|
@ -269,7 +279,7 @@ index 1135e06..90fee8e 100644
|
|||
cil_log(CIL_ERR, "Invalid protocol\n");
|
||||
rc = SEPOL_ERR;
|
||||
diff --git libsepol-2.5/cil/src/cil_find.c libsepol-2.5/cil/src/cil_find.c
|
||||
index 75de886..8e0688c 100644
|
||||
index 75de886..4134242 100644
|
||||
--- libsepol-2.5/cil/src/cil_find.c
|
||||
+++ libsepol-2.5/cil/src/cil_find.c
|
||||
@@ -69,7 +69,11 @@ static int cil_type_match_any(struct cil_symtab_datum *d1, struct cil_symtab_dat
|
||||
|
@ -285,6 +295,15 @@ index 75de886..8e0688c 100644
|
|||
}
|
||||
return CIL_FALSE;
|
||||
}
|
||||
@@ -379,7 +383,7 @@ int cil_find_matching_avrule_in_ast(struct cil_tree_node *current, enum cil_flav
|
||||
|
||||
rc = cil_tree_walk(current, __cil_find_matching_avrule_in_ast, NULL, NULL, &args);
|
||||
if (rc) {
|
||||
- cil_log(CIL_ERR, "An error occured while searching for avrule in AST\n");
|
||||
+ cil_log(CIL_ERR, "An error occurred while searching for avrule in AST\n");
|
||||
}
|
||||
|
||||
return rc;
|
||||
diff --git libsepol-2.5/cil/src/cil_internal.h libsepol-2.5/cil/src/cil_internal.h
|
||||
index a0a5480..a75ddf8 100644
|
||||
--- libsepol-2.5/cil/src/cil_internal.h
|
||||
|
@ -496,8 +515,52 @@ index fbf397f..f4429ad 100644
|
|||
if (rc == 0)
|
||||
goto exit;
|
||||
}
|
||||
diff --git libsepol-2.5/src/genbools.c libsepol-2.5/src/genbools.c
|
||||
index 6a06ec9..c81e848 100644
|
||||
--- libsepol-2.5/src/genbools.c
|
||||
+++ libsepol-2.5/src/genbools.c
|
||||
@@ -79,7 +79,7 @@ static int load_booleans(struct policydb *policydb, const char *path,
|
||||
if (boolf == NULL)
|
||||
goto localbool;
|
||||
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
if ((buffer = (char *)malloc(255 * sizeof(char))) == NULL) {
|
||||
ERR(NULL, "out of memory");
|
||||
return -1;
|
||||
@@ -111,7 +111,7 @@ static int load_booleans(struct policydb *policydb, const char *path,
|
||||
boolf = fopen(localbools, "r");
|
||||
if (boolf != NULL) {
|
||||
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
|
||||
while(fgets(buffer, 255, boolf) != NULL) {
|
||||
#else
|
||||
diff --git libsepol-2.5/src/genusers.c libsepol-2.5/src/genusers.c
|
||||
index 7826b71..0b98a76 100644
|
||||
--- libsepol-2.5/src/genusers.c
|
||||
+++ libsepol-2.5/src/genusers.c
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
#include <sepol/policydb/policydb.h>
|
||||
|
||||
-#ifndef DARWIN
|
||||
+#ifndef __APPLE__
|
||||
#include <stdio_ext.h>
|
||||
#endif
|
||||
|
||||
@@ -47,7 +47,7 @@ static int load_users(struct policydb *policydb, const char *path)
|
||||
if (fp == NULL)
|
||||
return -1;
|
||||
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
if ((buffer = (char *)malloc(255 * sizeof(char))) == NULL) {
|
||||
ERR(NULL, "out of memory");
|
||||
return -1;
|
||||
diff --git libsepol-2.5/src/hierarchy.c libsepol-2.5/src/hierarchy.c
|
||||
index 6f73195..b24b39e 100644
|
||||
index 6f73195..778541a 100644
|
||||
--- libsepol-2.5/src/hierarchy.c
|
||||
+++ libsepol-2.5/src/hierarchy.c
|
||||
@@ -121,18 +121,6 @@ static int bounds_expand_rule(sepol_handle_t *handle, policydb_t *p,
|
||||
|
@ -519,10 +582,26 @@ index 6f73195..b24b39e 100644
|
|||
exit:
|
||||
return rc;
|
||||
}
|
||||
@@ -329,31 +317,6 @@ static int bounds_check_rule(sepol_handle_t *handle, policydb_t *p,
|
||||
if (rc) goto exit;
|
||||
}
|
||||
}
|
||||
@@ -313,45 +301,21 @@ static int bounds_check_rule(sepol_handle_t *handle, policydb_t *p,
|
||||
ebitmap_for_each_bit(&p->attr_type_map[tgt - 1], tnode, i) {
|
||||
if (!ebitmap_node_get_bit(tnode, i))
|
||||
continue;
|
||||
- avtab_key.target_type = i + 1;
|
||||
- d = bounds_not_covered(global_avtab, cur_avtab,
|
||||
- &avtab_key, data);
|
||||
- if (!d) continue;
|
||||
td = p->type_val_to_struct[i];
|
||||
if (td && td->bounds) {
|
||||
avtab_key.target_type = td->bounds;
|
||||
d = bounds_not_covered(global_avtab, cur_avtab,
|
||||
&avtab_key, data);
|
||||
- if (!d) continue;
|
||||
- }
|
||||
- (*numbad)++;
|
||||
- rc = bounds_add_bad(handle, child, i+1, class, d, bad);
|
||||
- if (rc) goto exit;
|
||||
- }
|
||||
- }
|
||||
- if (ebitmap_get_bit(&p->attr_type_map[tgt - 1], child - 1)) {
|
||||
- avtab_key.target_type = parent;
|
||||
- ebitmap_for_each_bit(&p->attr_type_map[src - 1], tnode, i) {
|
||||
|
@ -539,18 +618,23 @@ index 6f73195..b24b39e 100644
|
|||
- td = p->type_val_to_struct[i];
|
||||
- if (td && td->bounds) {
|
||||
- avtab_key.source_type = td->bounds;
|
||||
- d = bounds_not_covered(global_avtab, cur_avtab,
|
||||
- &avtab_key, data);
|
||||
+ } else {
|
||||
+ avtab_key.target_type = i + 1;
|
||||
d = bounds_not_covered(global_avtab, cur_avtab,
|
||||
&avtab_key, data);
|
||||
- if (!d) continue;
|
||||
- }
|
||||
}
|
||||
- (*numbad)++;
|
||||
- rc = bounds_add_bad(handle, i+1, child, class, d, bad);
|
||||
- if (rc) goto exit;
|
||||
- }
|
||||
- }
|
||||
+ if (d) {
|
||||
+ (*numbad)++;
|
||||
+ rc = bounds_add_bad(handle, child, i+1, class, d, bad);
|
||||
+ if (rc) goto exit;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
exit:
|
||||
return rc;
|
||||
diff --git libsepol-2.5/src/module_to_cil.c libsepol-2.5/src/module_to_cil.c
|
||||
index 18ec6b9..38f0dc3 100644
|
||||
--- libsepol-2.5/src/module_to_cil.c
|
||||
|
@ -573,6 +657,28 @@ index 18ec6b9..38f0dc3 100644
|
|||
default:
|
||||
log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
|
||||
rc = -1;
|
||||
diff --git libsepol-2.5/src/node_record.c libsepol-2.5/src/node_record.c
|
||||
index bd48ba0..21043b6 100644
|
||||
--- libsepol-2.5/src/node_record.c
|
||||
+++ libsepol-2.5/src/node_record.c
|
||||
@@ -70,7 +70,7 @@ static int node_parse_addr(sepol_handle_t * handle,
|
||||
return STATUS_ERR;
|
||||
}
|
||||
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
memcpy(addr_bytes, in_addr.s6_addr, 16);
|
||||
#else
|
||||
memcpy(addr_bytes, in_addr.s6_addr32, 16);
|
||||
@@ -162,7 +162,7 @@ static int node_expand_addr(sepol_handle_t * handle,
|
||||
{
|
||||
struct in6_addr addr;
|
||||
memset(&addr, 0, sizeof(struct in6_addr));
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
memcpy(&addr.s6_addr[0], addr_bytes, 16);
|
||||
#else
|
||||
memcpy(&addr.s6_addr32[0], addr_bytes, 16);
|
||||
diff --git libsepol-2.5/src/port_record.c libsepol-2.5/src/port_record.c
|
||||
index 6a33d93..ed9093b 100644
|
||||
--- libsepol-2.5/src/port_record.c
|
||||
|
@ -616,3 +722,25 @@ index 607a629..62ec602 100644
|
|||
default:
|
||||
ERR(handle, "invalid protocol %u " "found in policy", proto);
|
||||
return STATUS_ERR;
|
||||
diff --git libsepol-2.5/src/private.h libsepol-2.5/src/private.h
|
||||
index 8a6d4bb..9c700c9 100644
|
||||
--- libsepol-2.5/src/private.h
|
||||
+++ libsepol-2.5/src/private.h
|
||||
@@ -5,7 +5,7 @@
|
||||
#include <sepol/policydb/policydb.h>
|
||||
|
||||
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
#include <sys/types.h>
|
||||
#include <machine/endian.h>
|
||||
#else
|
||||
@@ -16,7 +16,7 @@
|
||||
#include <errno.h>
|
||||
#include <dso.h>
|
||||
|
||||
-#ifdef DARWIN
|
||||
+#ifdef __APPLE__
|
||||
#define __BYTE_ORDER BYTE_ORDER
|
||||
#define __LITTLE_ENDIAN LITTLE_ENDIAN
|
||||
#endif
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsepol
|
||||
Version: 2.5
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: LGPLv2+
|
||||
Group: System Environment/Libraries
|
||||
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsepol-2.5.tar.gz
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh libsepol
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/3d38b0a219c3697546d813b6da9fff4d0da04a1e
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/b4fd6cda6dede7a90892aac8f138b86b3ebda3e8
|
||||
Patch1: libsepol-fedora.patch
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||
BuildRequires: flex
|
||||
|
@ -106,6 +106,10 @@ exit 0
|
|||
%{_libdir}/libsepol.so.1
|
||||
|
||||
%changelog
|
||||
* Fri May 06 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-6
|
||||
- Change logic of bounds checking to match change in kernel
|
||||
- Fix multiple spelling errors
|
||||
|
||||
* Mon May 02 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
|
||||
- Only apply bounds checking to source types in rules
|
||||
- Fix CIL and not add an attribute as a type in the attr_type_map
|
||||
|
|
Loading…
Reference in New Issue