2005-09-13 16:48:16 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.26/include/selinux/selinux.h
|
2005-09-12 15:52:30 +00:00
|
|
|
--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400
|
2005-09-16 18:42:27 +00:00
|
|
|
+++ libselinux-1.26/include/selinux/selinux.h 2005-09-16 14:16:26.000000000 -0400
|
2005-09-12 15:52:30 +00:00
|
|
|
@@ -304,6 +304,12 @@
|
|
|
|
|
extern int selinux_getenforcemode(int *enforce);
|
|
|
|
|
|
|
|
|
|
/*
|
2005-09-13 16:48:16 +00:00
|
|
|
+ selinux_getpolicytype reads the /etc/selinux/config file and determines
|
2005-09-12 15:52:30 +00:00
|
|
|
+ whether the policy tyep for this machine, type must be freed.
|
|
|
|
|
+ */
|
2005-09-13 16:48:16 +00:00
|
|
|
+extern void selinux_getpolicytype(char **type);
|
2005-09-12 15:52:30 +00:00
|
|
|
+
|
|
|
|
|
+/*
|
|
|
|
|
selinux_policy_root reads the /etc/selinux/config file and returns
|
|
|
|
|
the directory path under which the compiled policy file and context
|
|
|
|
|
configuration files exist.
|
2005-09-19 17:36:11 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-1.26/src/get_context_list.c
|
|
|
|
|
--- nsalibselinux/src/get_context_list.c 2005-08-11 22:41:15.000000000 -0400
|
|
|
|
|
+++ libselinux-1.26/src/get_context_list.c 2005-09-16 16:22:03.000000000 -0400
|
|
|
|
|
@@ -288,6 +288,40 @@
|
|
|
|
|
return strcmp(c1->con, c2->con);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+int get_ordered_context_list_with_level (const char *user,
|
|
|
|
|
+ const char *level,
|
|
|
|
|
+ security_context_t fromcon,
|
|
|
|
|
+ security_context_t **list)
|
|
|
|
|
+{
|
|
|
|
|
+ int rc;
|
|
|
|
|
+ int freefrom = 0;
|
|
|
|
|
+ context_t con;
|
|
|
|
|
+
|
|
|
|
|
+ if (!level)
|
|
|
|
|
+ return get_ordered_context_list (user, fromcon, list);
|
|
|
|
|
+
|
|
|
|
|
+ if (!fromcon) {
|
|
|
|
|
+ rc = getcon(&fromcon);
|
|
|
|
|
+ if (rc < 0)
|
|
|
|
|
+ return rc;
|
|
|
|
|
+ freefrom = 1;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ con=context_new(fromcon);
|
|
|
|
|
+ if (con) {
|
|
|
|
|
+ context_range_set(con, level);
|
|
|
|
|
+ rc = get_ordered_context_list (user, context_str(con), list);
|
|
|
|
|
+ context_free(con);
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ rc=-1;
|
|
|
|
|
+
|
|
|
|
|
+ if (freefrom)
|
|
|
|
|
+ freecon(fromcon);
|
|
|
|
|
+
|
|
|
|
|
+ return rc;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
int get_ordered_context_list (const char *user,
|
|
|
|
|
security_context_t fromcon,
|
|
|
|
|
security_context_t **list)
|
2005-09-13 16:48:16 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.26/src/matchpathcon.c
|
|
|
|
|
--- nsalibselinux/src/matchpathcon.c 2005-08-24 09:07:11.000000000 -0400
|
2005-09-16 19:53:29 +00:00
|
|
|
+++ libselinux-1.26/src/matchpathcon.c 2005-09-16 15:54:01.000000000 -0400
|
2005-09-16 18:42:27 +00:00
|
|
|
@@ -12,6 +12,7 @@
|
|
|
|
|
#include <regex.h>
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
#include "policy.h"
|
|
|
|
|
+#include <selinux/context.h>
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
#ifdef __GNUC__
|
2005-09-16 19:53:29 +00:00
|
|
|
@@ -25,6 +26,19 @@
|
2005-09-13 16:48:16 +00:00
|
|
|
va_end(ap);
|
|
|
|
|
}
|
|
|
|
|
|
2005-09-16 19:53:29 +00:00
|
|
|
+#define STRIP_LEVEL(CON) \
|
2005-09-13 16:48:16 +00:00
|
|
|
+ if (! mls_enabled) { \
|
2005-09-16 18:42:27 +00:00
|
|
|
+ security_context_t newcon; \
|
|
|
|
|
+ context_t con=context_new(CON); \
|
2005-09-16 19:53:29 +00:00
|
|
|
+ if (con) { \
|
2005-09-16 18:42:27 +00:00
|
|
|
+ context_range_set(con,NULL); \
|
|
|
|
|
+ newcon=strdup(context_str(con));\
|
|
|
|
|
+ context_free(con); \
|
|
|
|
|
+ freecon(CON); \
|
|
|
|
|
+ CON=newcon; \
|
2005-09-16 19:53:29 +00:00
|
|
|
+ } \
|
2005-09-16 18:42:27 +00:00
|
|
|
+ }
|
2005-09-13 16:48:16 +00:00
|
|
|
+
|
|
|
|
|
static void (*myprintf)(const char *fmt, ...) = &default_printf;
|
|
|
|
|
|
|
|
|
|
void set_matchpathcon_printf(void (*f)(const char *fmt, ...))
|
2005-09-16 19:53:29 +00:00
|
|
|
@@ -415,7 +429,7 @@
|
2005-09-13 16:48:16 +00:00
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
-static int process_line( const char *path, char *line_buf, int pass, unsigned lineno) {
|
|
|
|
|
+static int process_line( const char *path, char *line_buf, int pass, unsigned lineno, int mls_enabled) {
|
|
|
|
|
int items, len, regerr;
|
|
|
|
|
char *buf_p;
|
|
|
|
|
char *regex, *type, *context;
|
2005-09-16 19:53:29 +00:00
|
|
|
@@ -438,6 +452,7 @@
|
2005-09-13 16:48:16 +00:00
|
|
|
} else if (items == 2) {
|
|
|
|
|
/* The type field is optional. */
|
|
|
|
|
free(context);
|
|
|
|
|
+ STRIP_LEVEL(type)
|
|
|
|
|
context = type;
|
|
|
|
|
type = 0;
|
|
|
|
|
}
|
2005-09-16 19:53:29 +00:00
|
|
|
@@ -510,7 +525,7 @@
|
2005-09-13 16:48:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
skip_type:
|
|
|
|
|
-
|
|
|
|
|
+ STRIP_LEVEL(context)
|
|
|
|
|
spec_arr[nspec].context = context;
|
|
|
|
|
|
|
|
|
|
if (strcmp(context, "<<none>>")) {
|
2005-09-16 19:53:29 +00:00
|
|
|
@@ -557,6 +572,7 @@
|
2005-09-13 16:48:16 +00:00
|
|
|
unsigned int lineno, pass, i, j, maxnspec;
|
|
|
|
|
spec_t *spec_copy=NULL;
|
|
|
|
|
int status=-1;
|
|
|
|
|
+ int mls_enabled=is_selinux_mls_enabled();
|
|
|
|
|
|
|
|
|
|
/* Open the specification file. */
|
|
|
|
|
if (!path)
|
2005-09-16 19:53:29 +00:00
|
|
|
@@ -590,20 +606,20 @@
|
2005-09-13 16:48:16 +00:00
|
|
|
lineno = 0;
|
|
|
|
|
nspec = 0;
|
|
|
|
|
while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {
|
|
|
|
|
- if (process_line(path, line_buf, pass, ++lineno) != 0)
|
|
|
|
|
+ if (process_line(path, line_buf, pass, ++lineno, mls_enabled) != 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
lineno = 0;
|
|
|
|
|
if (homedirfp)
|
|
|
|
|
while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {
|
|
|
|
|
- if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
|
|
|
|
|
+ if (process_line(homedir_path, line_buf, pass, ++lineno, mls_enabled) != 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lineno = 0;
|
|
|
|
|
if (localfp)
|
|
|
|
|
while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {
|
|
|
|
|
- if (process_line(local_path, line_buf, pass, ++lineno) != 0)
|
|
|
|
|
+ if (process_line(local_path, line_buf, pass, ++lineno, mls_enabled) != 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
2005-09-16 17:43:14 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.26/src/selinux_config.c
|
2005-09-12 15:52:30 +00:00
|
|
|
--- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500
|
2005-09-16 18:42:27 +00:00
|
|
|
+++ libselinux-1.26/src/selinux_config.c 2005-09-16 14:16:26.000000000 -0400
|
2005-09-13 16:48:16 +00:00
|
|
|
@@ -85,6 +85,29 @@
|
2005-09-01 15:23:17 +00:00
|
|
|
|
2005-09-12 15:52:30 +00:00
|
|
|
static int use_compat_file_path;
|
|
|
|
|
|
2005-09-13 16:48:16 +00:00
|
|
|
+void selinux_getpolicytype(char **rtype) {
|
2005-09-12 15:52:30 +00:00
|
|
|
+ char *type=SELINUXDEFAULT;
|
|
|
|
|
+ char buf[4097];
|
2005-09-13 16:48:16 +00:00
|
|
|
+ int i=0;
|
|
|
|
|
+ int len=sizeof(SELINUXTYPETAG)-1;
|
2005-09-12 15:52:30 +00:00
|
|
|
+ FILE *cfg = fopen(SELINUXCONFIG,"r");
|
|
|
|
|
+ if (cfg) {
|
|
|
|
|
+ while (fgets_unlocked(buf, 4096, cfg)) {
|
|
|
|
|
+ if (strncmp(buf,SELINUXTYPETAG,len)==0) {
|
|
|
|
|
+ type=buf+len;
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ fclose(cfg);
|
|
|
|
|
+ }
|
|
|
|
|
+ i=strlen(type)-1;
|
|
|
|
|
+ while ((i>=0) &&
|
|
|
|
|
+ (isspace(type[i]) || iscntrl(type[i]))) {
|
|
|
|
|
+ type[i]=0;
|
|
|
|
|
+ i--;
|
|
|
|
|
+ }
|
|
|
|
|
+ *rtype=strdup(type);
|
|
|
|
|
+}
|
|
|
|
|
int selinux_getenforcemode(int *enforce) {
|
|
|
|
|
int ret=-1;
|
|
|
|
|
FILE *cfg = fopen(SELINUXCONFIG,"r");
|
2005-09-13 16:48:16 +00:00
|
|
|
@@ -122,38 +145,24 @@
|
2005-09-12 15:52:30 +00:00
|
|
|
|
|
|
|
|
static void init_selinux_policyroot(void)
|
|
|
|
|
{
|
|
|
|
|
- char *type=SELINUXDEFAULT;
|
2005-09-13 16:48:16 +00:00
|
|
|
- int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
|
2005-09-12 15:52:30 +00:00
|
|
|
- char buf[4097];
|
|
|
|
|
- FILE *cfg;
|
2005-09-13 16:48:16 +00:00
|
|
|
+ char *type=NULL;
|
|
|
|
|
+ int i=0, len, len2;
|
2005-09-12 15:52:30 +00:00
|
|
|
if (selinux_policyroot) return;
|
|
|
|
|
if (access(SELINUXDIR, F_OK) != 0) {
|
|
|
|
|
selinux_policyroot = SECURITYDIR;
|
|
|
|
|
use_compat_file_path = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
- cfg = fopen(SELINUXCONFIG,"r");
|
|
|
|
|
- if (cfg) {
|
|
|
|
|
- while (fgets_unlocked(buf, 4096, cfg)) {
|
|
|
|
|
- if (strncmp(buf,SELINUXTYPETAG,len)==0) {
|
|
|
|
|
- type=buf+len;
|
|
|
|
|
- break;
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- fclose(cfg);
|
|
|
|
|
- }
|
|
|
|
|
- i=strlen(type)-1;
|
|
|
|
|
- while ((i>=0) &&
|
|
|
|
|
- (isspace(type[i]) || iscntrl(type[i]))) {
|
|
|
|
|
- type[i]=0;
|
|
|
|
|
- i--;
|
|
|
|
|
- }
|
2005-09-13 16:48:16 +00:00
|
|
|
+ selinux_getpolicytype(&type);
|
2005-09-12 15:52:30 +00:00
|
|
|
+ if (!type) return;
|
|
|
|
|
len=sizeof(SELINUXDIR) + strlen(type);
|
|
|
|
|
selinux_policyroot=malloc(len);
|
|
|
|
|
- if (!selinux_policyroot)
|
|
|
|
|
+ if (!selinux_policyroot) {
|
|
|
|
|
+ free(type);
|
|
|
|
|
return;
|
|
|
|
|
+ }
|
|
|
|
|
snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
|
|
|
|
|
-
|
|
|
|
|
+ free(type);
|
|
|
|
|
for (i = 0; i < NEL; i++) {
|
|
|
|
|
len2 = len + strlen(file_path_suffixes_data.str
|
|
|
|
|
+ file_path_suffixes_idx[i])+1;
|
