rpms
/
libsepol
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libsepol-2.7-5 

- cil: Create new keep field for type attribute sets
- build: follow standard semantics for DESTDIR and PREFIX
- cil: show an error when cil_expr_to_string() fails
This commit is contained in:
Petr Lautrbach 2018-03-13 12:29:08 +01:00
parent eb32e87623
commit fc3f64a7e0
2 changed files with 264 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

260
libsepol-fedora.patch
View File

@ -11,7 +11,7 @@ index 86117f2..f8cfc3b 100644
extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables);
extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown);
diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c
index c02a41a..3fe68af 100644
index c02a41a..5a64c2b 100644
--- libsepol-2.7/cil/src/cil.c
+++ libsepol-2.7/cil/src/cil.c
@@ -1691,6 +1691,11 @@ void cil_set_mls(struct cil_db *db, int mls)
@ -26,6 +26,54 @@ index c02a41a..3fe68af 100644
void cil_set_target_platform(struct cil_db *db, int target_platform)
{
db->target_platform = target_platform;
@@ -2059,6 +2064,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr)
(*attr)->expr_list = NULL;
(*attr)->types = NULL;
(*attr)->used = CIL_FALSE;
+ (*attr)->keep = CIL_FALSE;
}
void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
diff --git libsepol-2.7/cil/src/cil_binary.c libsepol-2.7/cil/src/cil_binary.c
index c0ca60f..431cd9c 100644
--- libsepol-2.7/cil/src/cil_binary.c
+++ libsepol-2.7/cil/src/cil_binary.c
@@ -567,7 +567,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil
char *key = NULL;
type_datum_t *sepol_attr = NULL;
- if (!cil_attr->used) {
+ if (!cil_attr->keep) {
return SEPOL_OK;
}
@@ -632,7 +632,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct
ebitmap_node_t *tnode;
unsigned int i;
- if (!cil_attr->used) {
+ if (!cil_attr->keep) {
return SEPOL_OK;
}
@@ -1442,7 +1442,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy
attr = (struct cil_typeattribute *)datum;
- return !attr->used || (ebitmap_cardinality(attr->types) < db->attrs_expand_size);
+ return !attr->keep || (ebitmap_cardinality(attr->types) < db->attrs_expand_size);
}
int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
@@ -2525,7 +2525,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
if (rc != SEPOL_OK) {
if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) {
struct cil_typeattribute *attr = item->data;
- if (!attr->used) {
+ if (!attr->keep) {
rc = 0;
}
}
diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c
index 04492e5..e84336b 100644
--- libsepol-2.7/cil/src/cil_build_ast.c
@ -100,7 +148,7 @@ index 04492e5..e84336b 100644
}
diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h
index 6d6a7d9..136a004 100644
index 6d6a7d9..8393e39 100644
--- libsepol-2.7/cil/src/cil_internal.h
+++ libsepol-2.7/cil/src/cil_internal.h
@@ -316,6 +316,7 @@ struct cil_db {
@ -111,8 +159,16 @@ index 6d6a7d9..136a004 100644
int target_platform;
int policy_version;
};
@@ -530,6 +531,7 @@ struct cil_typeattribute {
struct cil_list *expr_list;
ebitmap_t *types;
int used; // whether or not this attribute was used in a binary policy rule
+ int keep;
};
struct cil_typeattributeset {
diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c
index 729b6e0..6d4987c 100644
index 729b6e0..99eb53c 100644
--- libsepol-2.7/cil/src/cil_policy.c
+++ libsepol-2.7/cil/src/cil_policy.c
@@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder)
@ -124,8 +180,17 @@ index 729b6e0..6d4987c 100644
{
struct cil_list_item *i1, *i2, *i3;
struct cil_default *def;
@@ -1085,7 +1085,7 @@ static void cil_typeattributes_to_policy(FILE *out, struct cil_list *types, stru
type = i1->data;
cil_list_for_each(i2, attributes) {
attribute = i2->data;
- if (!attribute->used)
+ if (!attribute->keep)
continue;
if (ebitmap_get_bit(attribute->types, type->value)) {
if (first) {
diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c
index ad073e8..3e013c9 100644
index ad073e8..a212245 100644
--- libsepol-2.7/cil/src/cil_post.c
+++ libsepol-2.7/cil/src/cil_post.c
@@ -1297,6 +1297,55 @@ static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db
@ -184,6 +249,15 @@ index ad073e8..3e013c9 100644
static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args)
{
int rc = SEPOL_ERR;
@@ -1320,7 +1369,7 @@ static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finis
rc = __evaluate_type_expression(attr, db);
if (rc != SEPOL_OK) goto exit;
}
- attr->used = cil_typeattribute_used(attr, db);
+ attr->keep = cil_typeattribute_used(attr, db);
break;
}
case CIL_ROLEATTRIBUTE: {
@@ -2031,6 +2080,12 @@ static int cil_post_db(struct cil_db *db)
goto exit;
}
@ -197,6 +271,18 @@ index ad073e8..3e013c9 100644
rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db);
if (rc != SEPOL_OK) {
cil_log(CIL_INFO, "Failed to create attribute bitmaps\n");
diff --git libsepol-2.7/cil/src/cil_reset_ast.c libsepol-2.7/cil/src/cil_reset_ast.c
index 8a13a1c..43e6b88 100644
--- libsepol-2.7/cil/src/cil_reset_ast.c
+++ libsepol-2.7/cil/src/cil_reset_ast.c
@@ -186,6 +186,7 @@ static void cil_reset_typeattr(struct cil_typeattribute *attr)
attr->expr_list = NULL;
}
attr->used = CIL_FALSE;
+ attr->keep = CIL_FALSE;
}
static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)
diff --git libsepol-2.7/cil/src/cil_strpool.c libsepol-2.7/cil/src/cil_strpool.c
index b1396d2..97d4c4b 100644
--- libsepol-2.7/cil/src/cil_strpool.c
@ -209,6 +295,63 @@ index b1396d2..97d4c4b 100644
}
pthread_mutex_unlock(&cil_strpool_mutex);
}
diff --git libsepol-2.7/cil/src/cil_tree.c libsepol-2.7/cil/src/cil_tree.c
index d36401b..b394a9d 100644
--- libsepol-2.7/cil/src/cil_tree.c
+++ libsepol-2.7/cil/src/cil_tree.c
@@ -503,15 +503,19 @@ exit:
void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr)
{
char *expr_str;
+ int rc;
cil_log(CIL_INFO, "(");
if (datum_expr != NULL) {
- cil_expr_to_string(datum_expr, &expr_str);
+ rc = cil_expr_to_string(datum_expr, &expr_str);
} else {
- cil_expr_to_string(str_expr, &expr_str);
+ rc = cil_expr_to_string(str_expr, &expr_str);
+ }
+ if (rc < 0) {
+ cil_log(CIL_INFO, "ERROR)");
+ return;
}
-
cil_log(CIL_INFO, "%s)", expr_str);
free(expr_str);
}
diff --git libsepol-2.7/include/Makefile libsepol-2.7/include/Makefile
index 56b7a11..1ad4eca 100644
--- libsepol-2.7/include/Makefile
+++ libsepol-2.7/include/Makefile
@@ -1,17 +1,17 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCDIR ?= $(PREFIX)/include/sepol
+PREFIX ?= /usr
+INCDIR = $(PREFIX)/include/sepol
CILDIR ?= ../cil
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil
indent:
../../scripts/Lindent $(wildcard sepol/*.h)
diff --git libsepol-2.7/include/sepol/policydb/avtab.h libsepol-2.7/include/sepol/policydb/avtab.h
index 958848e..10ecde9 100644
--- libsepol-2.7/include/sepol/policydb/avtab.h
@ -327,6 +470,30 @@ index 68b5ad4..8b9ddca 100644
/* FLASK */
diff --git libsepol-2.7/man/Makefile libsepol-2.7/man/Makefile
index 1192433..9b75454 100644
--- libsepol-2.7/man/Makefile
+++ libsepol-2.7/man/Makefile
@@ -1,12 +1,13 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
-MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+PREFIX ?= /usr
+MAN8DIR ?= $(PREFIX)/share/man/man8
+MAN3DIR ?= $(PREFIX)/share/man/man3
all:
install: all
- mkdir -p $(MAN3DIR)
- mkdir -p $(MAN8DIR)
- install -m 644 man3/*.3 $(MAN3DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN3DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
diff --git libsepol-2.7/man/man3/sepol_genbools.3 libsepol-2.7/man/man3/sepol_genbools.3
index dcfb69d..5363383 100644
--- libsepol-2.7/man/man3/sepol_genbools.3
@ -347,6 +514,57 @@ index afeaced..fc792c8 100644
.SH "NAME"
genpolbools \- Rewrite a binary policy with different boolean settings
.SH "SYNOPSIS"
diff --git libsepol-2.7/src/Makefile libsepol-2.7/src/Makefile
index 819d261..ccb7023 100644
--- libsepol-2.7/src/Makefile
+++ libsepol-2.7/src/Makefile
@@ -1,10 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
RANLIB ?= ranlib
-LIBBASE ?= $(shell basename $(LIBDIR))
CILDIR ?= ../cil
VERSION = $(shell cat ../VERSION)
@@ -52,7 +51,7 @@ $(LIBSO): $(LOBJS) $(LIBMAP)
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
$(LIBMAP): $(LIBMAP).in
ifneq ($(DISABLE_CIL),y)
@@ -80,16 +79,16 @@ endif
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
clean:
-rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
diff --git libsepol-2.7/src/avtab.c libsepol-2.7/src/avtab.c
index 3854d6f..257f051 100644
--- libsepol-2.7/src/avtab.c
@ -430,6 +648,18 @@ index dd1fec2..2a9996f 100644
cil_write_policy_conf;
sepol_ppfile_to_module_package;
sepol_module_package_to_cil;
diff --git libsepol-2.7/src/libsepol.pc.in libsepol-2.7/src/libsepol.pc.in
index e52f589..f807fec 100644
--- libsepol-2.7/src/libsepol.pc.in
+++ libsepol-2.7/src/libsepol.pc.in
@@ -1,6 +1,6 @@
prefix=@prefix@
exec_prefix=${prefix}
-libdir=${exec_prefix}/@libdir@
+libdir=@libdir@
includedir=@includedir@
Name: libsepol
diff --git libsepol-2.7/src/mls.c libsepol-2.7/src/mls.c
index be85475..bf1fdbd 100644
--- libsepol-2.7/src/mls.c
@ -528,3 +758,25 @@ index e486e28..1fb3095 100644
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git libsepol-2.7/utils/Makefile libsepol-2.7/utils/Makefile
index fba1d8a..31932c1 100644
--- libsepol-2.7/utils/Makefile
+++ libsepol-2.7/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
clean:
-rm -f $(TARGETS) *.o

11
libsepol.spec
View File

@ -1,13 +1,13 @@
Summary: SELinux binary policy manipulation library
Name: libsepol
Version: 2.7
Release: 4%{?dist}
Release: 5%{?dist}
License: LGPLv2+
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsepol-2.7.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsepol
# HEAD https://github.com/fedora-selinux/selinux/commit/2d0b90c1d95ec908f94c06337ec07a96b7d1205e
# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261eb
Patch1: libsepol-fedora.patch
URL: https://github.com/SELinuxProject/selinux/wiki
BuildRequires: gcc
@ -64,7 +64,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man3
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolbools
rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolusers
rm -f ${RPM_BUILD_ROOT}%{_bindir}/chkcon
@ -97,6 +97,11 @@ exit 0
%{_libdir}/libsepol.so.1
%changelog
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
- cil: Create new keep field for type attribute sets
- build: follow standard semantics for DESTDIR and PREFIX
- cil: show an error when cil_expr_to_string() fails
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild