PERFORCE change 105785 for review
Todd Miller
millert at FreeBSD.org
Thu Sep 7 13:58:44 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105785
Change 105785 by millert at millert_g5tower on 2006/09/07 13:38:33
Update to libselinux_1_30_27 from sourceforge svn
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/fgetfilecon.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfilecon.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfscreatecon.c#3 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getkeycreatecon.c#2 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getprocattrcon.c#2 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/lgetfilecon.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/load_policy.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/procattr.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux.py#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig.i#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig_wrap.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setexeccon.c#3 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setfscreatecon.c#3 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setkeycreatecon.c#2 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setprocattrcon.c#2 delete
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#3 (text+ko) ====
@@ -1,3 +1,21 @@
+1.30.27 2006-08-24
+ * Merged patch to not log avc stats upon a reset from Steve Grubb.
+ * Applied patch to revert compat_net setting upon policy load.
+
+1.30.26 2006-08-11
+ * Merged file context homedir and local path functions from
+ Chris PeBenito.
+
+1.30.25 2006-08-11
+ * Rework functions that access /proc/pid/attr to access the
+ per-thread nodes, and unify the code to simplify maintenance.
+
+1.30.24 2006-08-10
+ * Merged return value fix for *getfilecon() from Dan Walsh.
+
+1.30.23 2006-08-10
+ * Merged sockcreate interfaces from Eric Paris.
+
1.30.22 2006-08-03
* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#3 (text+ko) ====
@@ -1,1 +1,1 @@
-1.30.22
+1.30.27
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#3 (text+ko) ====
@@ -87,6 +87,17 @@
extern int setkeycreatecon(security_context_t context);
extern int setkeycreatecon_raw(security_context_t context);
+/* Get sockcreate context, and set *con to refer to it.
+ Sets *con to NULL if no socket create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+ extern int getsockcreatecon(security_context_t * con);
+ extern int getsockcreatecon_raw(security_context_t * con);
+
+/* Set the sockcreate security context for subsequent socket creations.
+ Call with NULL if you want to reset to the default. */
+ extern int setsockcreatecon(security_context_t context);
+ extern int setsockcreatecon_raw(security_context_t context);
+
/* Wrappers for the xattr API. */
/* Get file context, and set *con to refer to it.
@@ -409,6 +420,8 @@
extern const char *selinux_default_context_path(void);
extern const char *selinux_user_contexts_path(void);
extern const char *selinux_file_context_path(void);
+ extern const char *selinux_file_context_homedir_path(void);
+ extern const char *selinux_file_context_local_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_contexts_path(void);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#5 (text+ko) ====
@@ -20,8 +20,7 @@
#OBJS += getfscreatecon.o setfscreatecon.o setexeccon.o
# The following are Linux-specific
-#OBJS += getkeycreatecon.o getprocattrcon.o rpm.o \
-# setkeycreatecon.o setprocattrcon.o
+#OBJS += procattr.c rpm.o
AR = ar cq
RANLIB = ranlib
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#4 (text+ko) ====
@@ -1199,8 +1199,6 @@
{
int rc;
- avc_av_stats();
-
rc = avc_reset();
avc_get_lock(avc_lock);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/fgetfilecon.c#3 (text+ko) ====
@@ -42,5 +42,8 @@
freecon(rcontext);
}
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+
return ret;
}
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#3 (text+ko) ====
@@ -15,3 +15,5 @@
S_(SEUSERS, "/seusers")
S_(TRANSLATIONS, "/setrans.conf")
S_(NETFILTER_CONTEXTS, "/contexts/netfilter_contexts")
+ S_(FILE_CONTEXTS_HOMEDIR, "/contexts/files/file_contexts.homedir")
+ S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local")
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfilecon.c#3 (text+ko) ====
@@ -40,6 +40,8 @@
ret = selinux_raw_to_trans_context(rcontext, context);
freecon(rcontext);
}
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
return ret;
}
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/lgetfilecon.c#3 (text+ko) ====
@@ -40,5 +40,7 @@
freecon(rcontext);
}
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
return ret;
}
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/load_policy.c#3 (text+ko) ====
@@ -39,7 +39,7 @@
struct stat sb;
size_t size;
void *map, *data;
- int fd, rc = -1, *values, len, i, prot, compat_net;
+ int fd, rc = -1, *values, len, i, prot;
sepol_policydb_t *policydb;
sepol_policy_file_t *pf;
@@ -69,23 +69,20 @@
if (map == MAP_FAILED)
goto close;
- if (sepol_policy_file_create(&pf))
- goto unmap;
- if (sepol_policydb_create(&policydb)) {
- sepol_policy_file_free(pf);
- goto unmap;
- }
- sepol_policy_file_set_mem(pf, data, size);
- if (sepol_policydb_read(policydb, pf)) {
- sepol_policy_file_free(pf);
- sepol_policydb_free(policydb);
- goto unmap;
- }
-
- compat_net = sepol_policydb_compat_net(policydb);
-
if (vers > kernvers) {
/* Need to downgrade to kernel-supported version. */
+ if (sepol_policy_file_create(&pf))
+ goto unmap;
+ if (sepol_policydb_create(&policydb)) {
+ sepol_policy_file_free(pf);
+ goto unmap;
+ }
+ sepol_policy_file_set_mem(pf, data, size);
+ if (sepol_policydb_read(policydb, pf)) {
+ sepol_policy_file_free(pf);
+ sepol_policydb_free(policydb);
+ goto unmap;
+ }
if (sepol_policydb_set_vers(policydb, kernvers) ||
sepol_policydb_to_image(NULL, policydb, &data, &size)) {
/* Downgrade failed, keep searching. */
@@ -96,11 +93,10 @@
vers--;
goto search;
}
+ sepol_policy_file_free(pf);
+ sepol_policydb_free(policydb);
}
- sepol_policy_file_free(pf);
- sepol_policydb_free(policydb);
-
if (load_setlocaldefs) {
void *olddata = data;
size_t oldsize = size;
@@ -140,20 +136,6 @@
rc = security_load_policy(data, size);
-#ifdef __linux__
- if (!rc && selinux_mnt) {
- int fd2;
- char buf[2];
- snprintf(path, sizeof path, "%s/compat_net", selinux_mnt);
- fd2 = open(path, O_RDWR);
- if (fd2 < 0)
- goto unmap;
- buf[0] = compat_net ? '1' : '0';
- buf[1] = '\0';
- (void)write(fd2, buf, 2);
- close(fd2);
- }
-#endif
unmap:
if (data != map)
free(data);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#3 (text+ko) ====
@@ -8,26 +8,28 @@
#include "dso.h"
/* Indices for file paths arrays. */
-#define BASEDIR 0
-#define POLICYDIR 1
-#define BINPOLICY 2
-#define MIGSCS 3
-#define CONTEXTS_DIR 4
-#define FILE_CONTEXTS 5
-#define HOMEDIR_CONTEXTS 6
-#define DEFAULT_CONTEXTS 7
-#define USER_CONTEXTS 8
-#define FAILSAFE_CONTEXT 9
-#define DEFAULT_TYPE 10
-#define BOOLEANS 11
-#define MEDIA_CONTEXTS 12
-#define REMOVABLE_CONTEXT 13
-#define CUSTOMIZABLE_TYPES 14
-#define USERS_DIR 15
-#define SEUSERS 16
-#define TRANSLATIONS 17
-#define NETFILTER_CONTEXTS 18
-#define NEL 19
+#define BASEDIR 0
+#define POLICYDIR 1
+#define BINPOLICY 2
+#define MIGSCS 3
+#define CONTEXTS_DIR 4
+#define FILE_CONTEXTS 5
+#define HOMEDIR_CONTEXTS 6
+#define DEFAULT_CONTEXTS 7
+#define USER_CONTEXTS 8
+#define FAILSAFE_CONTEXT 9
+#define DEFAULT_TYPE 10
+#define BOOLEANS 11
+#define MEDIA_CONTEXTS 12
+#define REMOVABLE_CONTEXT 13
+#define CUSTOMIZABLE_TYPES 14
+#define USERS_DIR 15
+#define SEUSERS 16
+#define TRANSLATIONS 17
+#define NETFILTER_CONTEXTS 18
+#define FILE_CONTEXTS_HOMEDIR 19
+#define FILE_CONTEXTS_LOCAL 20
+#define NEL 21
static char *file_paths[NEL];
static char *file_suffixes[NEL] = {
@@ -221,14 +223,14 @@
{
return (file_paths[BINPOLICY]);
}
-hidden_def(selinux_binary_policy_path)
+hidden_def(selinux_binary_policy_path)
const char *
selinux_migscs_path(void)
{
return (file_paths[MIGSCS]);
}
-hidden_def(selinux_migscs_path)
+hidden_def(selinux_migscs_path)
const char *
selinux_file_context_path(void)
@@ -252,7 +254,7 @@
hidden_def(selinux_media_context_path)
const char *
-selinux_customizable_types_path(void)
+selinux_customizable_types_path(void)
{
return (file_paths[CUSTOMIZABLE_TYPES]);
}
@@ -262,7 +264,7 @@
selinux_contexts_path(void)
{
return (file_paths[CONTEXTS_DIR]);
-}
+}
const char *
selinux_user_contexts_path(void)
@@ -293,7 +295,7 @@
hidden_def(selinux_usersconf_path)
const char *
-selinux_translations_path()
+selinux_translations_path()
{
return (file_paths[TRANSLATIONS]);
}
@@ -304,3 +306,15 @@
return (file_paths[NETFILTER_CONTEXTS]);
}
hidden_def(selinux_netfilter_context_path)
+
+const char *selinux_file_context_homedir_path()
+{
+ return (file_paths[FILE_CONTEXTS_HOMEDIR]);
+}
+hidden_def(selinux_file_context_homedir_path)
+
+const char *selinux_file_context_local_path()
+{
+ return (file_paths[FILE_CONTEXTS_LOCAL]);
+}
+hidden_def(selinux_file_context_local_path)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux.py#3 (text+ko) ====
@@ -54,6 +54,8 @@
setfscreatecon = _selinux.setfscreatecon
getkeycreatecon = _selinux.getkeycreatecon
setkeycreatecon = _selinux.setkeycreatecon
+getsockcreatecon = _selinux.getsockcreatecon
+setsockcreatecon = _selinux.setsockcreatecon
getfilecon = _selinux.getfilecon
lgetfilecon = _selinux.lgetfilecon
fgetfilecon = _selinux.fgetfilecon
@@ -89,6 +91,8 @@
selinux_default_context_path = _selinux.selinux_default_context_path
selinux_user_contexts_path = _selinux.selinux_user_contexts_path
selinux_file_context_path = _selinux.selinux_file_context_path
+selinux_file_context_homedir_path = _selinux.selinux_file_context_homedir_path
+selinux_file_context_local_path = _selinux.selinux_file_context_local_path
selinux_homedir_context_path = _selinux.selinux_homedir_context_path
selinux_media_context_path = _selinux.selinux_media_context_path
selinux_contexts_path = _selinux.selinux_contexts_path
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#3 (text+ko) ====
@@ -36,7 +36,9 @@
#define SEUSERS 13
#define TRANSLATIONS 14
#define NETFILTER_CONTEXTS 15
-#define NEL 16
+#define FILE_CONTEXTS_HOMEDIR 16
+#define FILE_CONTEXTS_LOCAL 17
+#define NEL 18
/* New layout is relative to SELINUXDIR/policytype. */
static char *file_paths[NEL];
@@ -392,3 +394,17 @@
}
hidden_def(selinux_netfilter_context_path)
+
+const char *selinux_file_context_homedir_path()
+{
+ return get_path(FILE_CONTEXTS_HOMEDIR);
+}
+
+hidden_def(selinux_file_context_homedir_path)
+
+const char *selinux_file_context_local_path()
+{
+ return get_path(FILE_CONTEXTS_LOCAL);
+}
+
+hidden_def(selinux_file_context_local_path)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#3 (text+ko) ====
@@ -44,8 +44,10 @@
hidden_proto(setexeccon_raw)
hidden_proto(getfscreatecon_raw)
hidden_proto(getkeycreatecon_raw)
+ hidden_proto(getsockcreatecon_raw)
hidden_proto(setfscreatecon_raw)
hidden_proto(setkeycreatecon_raw)
+ hidden_proto(setsockcreatecon_raw)
hidden_proto(security_getenforce)
hidden_proto(security_setenforce)
hidden_proto(selinux_binary_policy_path)
@@ -54,6 +56,8 @@
hidden_proto(selinux_failsafe_context_path)
hidden_proto(selinux_removable_context_path)
hidden_proto(selinux_file_context_path)
+ hidden_proto(selinux_file_context_homedir_path)
+ hidden_proto(selinux_file_context_local_path)
hidden_proto(selinux_netfilter_context_path)
hidden_proto(selinux_homedir_context_path)
hidden_proto(selinux_user_contexts_path)
@@ -75,11 +79,3 @@
extern int require_seusers hidden;
extern int selinux_page_size hidden;
extern int cache_trans hidden;
-
-/* Generic /proc pid attr handlers. These will either get or set the context
- from or into the proc location passed to them. */
-extern int hidden getprocattrcon(security_context_t * con, const char *path);
-extern int hidden getprocattrcon_raw(security_context_t * con,
- const char *path);
-extern int hidden setprocattrcon(security_context_t con, const char *path);
-extern int hidden setprocattrcon_raw(security_context_t con, const char *path);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig.i#3 (text+ko) ====
@@ -54,6 +54,8 @@
extern int setfscreatecon(security_context_t context);
extern int getkeycreatecon(security_context_t *con);
extern int setkeycreatecon(security_context_t context);
+extern int getsockcreatecon(security_context_t *con);
+extern int setsockcreatecon(security_context_t context);
extern int getfilecon(const char *path, security_context_t *con);
extern int lgetfilecon(const char *path, security_context_t *con);
extern int fgetfilecon(int fd, security_context_t *con);
@@ -99,6 +101,8 @@
extern const char *selinux_default_context_path(void);
extern const char *selinux_user_contexts_path(void);
extern const char *selinux_file_context_path(void);
+extern const char *selinux_file_context_homedir_path(void);
+extern const char *selinux_file_context_local_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_contexts_path(void);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig_wrap.c#3 (text+ko) ====
@@ -3064,6 +3064,50 @@
}
+SWIGINTERN PyObject *_wrap_getsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 ;
+ char *temp10 ;
+
+ {
+ arg1 = &temp1;
+ }
+ if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon")) SWIG_fail;
+ result = (int)getsockcreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg1)
+ temp10 = *arg1;
+ else
+ temp10 = "";
+ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp10));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 ;
+ int result;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon",&obj0)) SWIG_fail;
+ {
+ arg1 = (security_context_t)PyString_AsString(obj0);
+ }
+ result = (int)setsockcreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_getfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *arg1 = (char *) 0 ;
@@ -3878,6 +3922,32 @@
}
+SWIGINTERN PyObject *_wrap_selinux_file_context_homedir_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_homedir_path")) SWIG_fail;
+ result = (char *)selinux_file_context_homedir_path();
+ resultobj = SWIG_FromCharPtr(result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_local_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_local_path")) SWIG_fail;
+ result = (char *)selinux_file_context_local_path();
+ resultobj = SWIG_FromCharPtr(result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_selinux_homedir_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *result = 0 ;
@@ -4285,6 +4355,8 @@
{ (char *)"setfscreatecon", _wrap_setfscreatecon, METH_VARARGS, NULL},
{ (char *)"getkeycreatecon", _wrap_getkeycreatecon, METH_VARARGS, NULL},
{ (char *)"setkeycreatecon", _wrap_setkeycreatecon, METH_VARARGS, NULL},
+ { (char *)"getsockcreatecon", _wrap_getsockcreatecon, METH_VARARGS, NULL},
+ { (char *)"setsockcreatecon", _wrap_setsockcreatecon, METH_VARARGS, NULL},
{ (char *)"getfilecon", _wrap_getfilecon, METH_VARARGS, NULL},
{ (char *)"lgetfilecon", _wrap_lgetfilecon, METH_VARARGS, NULL},
{ (char *)"fgetfilecon", _wrap_fgetfilecon, METH_VARARGS, NULL},
@@ -4318,6 +4390,8 @@
{ (char *)"selinux_default_context_path", _wrap_selinux_default_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_user_contexts_path", _wrap_selinux_user_contexts_path, METH_VARARGS, NULL},
{ (char *)"selinux_file_context_path", _wrap_selinux_file_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_homedir_path", _wrap_selinux_file_context_homedir_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_local_path", _wrap_selinux_file_context_local_path, METH_VARARGS, NULL},
{ (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL},
More information about the trustedbsd-cvs
mailing list