From 017ea0e76caa9b65b0372b633099c473cc6b5966 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 12 Sep 2005 15:52:30 +0000 Subject: [PATCH] - Update from NSA Merged modified form of patch to avoid dlopen/dlclose by the static libselinux from Dan Walsh. Users of the static libselinux will not have any context translation by default. --- .cvsignore | 1 + libselinux-rhat.patch | 131 +++++++++++++++++++++++++++++++++++++----- libselinux.spec | 6 +- sources | 2 +- 4 files changed, 123 insertions(+), 17 deletions(-) diff --git a/.cvsignore b/.cvsignore index 156329d..e1389a4 100644 --- a/.cvsignore +++ b/.cvsignore @@ -45,3 +45,4 @@ libselinux-1.25.4.tgz libselinux-1.25.5.tgz libselinux-1.25.6.tgz libselinux-1.25.7.tgz +libselinux-1.26.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 7e66693..aa25ffa 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,19 +1,122 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.6/src/init.c ---- nsalibselinux/src/init.c 2005-08-25 16:18:01.000000000 -0400 -+++ libselinux-1.25.6/src/init.c 2005-09-01 11:23:11.000000000 -0400 -@@ -86,6 +86,7 @@ - { - int (*lib_trans_init)(void) = NULL; +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.25.7/include/selinux/selinux.h +--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400 ++++ libselinux-1.25.7/include/selinux/selinux.h 2005-09-12 11:33:32.000000000 -0400 +@@ -304,6 +304,12 @@ + extern int selinux_getenforcemode(int *enforce); -+#ifdef __PIC__ - translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW); + /* ++ selinux_gettype reads the /etc/selinux/config file and determines ++ whether the policy tyep for this machine, type must be freed. ++ */ ++extern void selinux_gettype(char **type); ++ ++/* + selinux_policy_root reads the /etc/selinux/config file and returns + the directory path under which the compiled policy file and context + configuration files exist. +diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/src/init.c +--- nsalibselinux/src/init.c 2005-09-01 13:21:11.000000000 -0400 ++++ libselinux-1.25.7/src/init.c 2005-09-12 11:36:33.000000000 -0400 +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + + #include "dso.h" + #include "policy.h" +@@ -85,9 +86,14 @@ + static void init_translations(void) + { + #ifdef SHARED ++ char *path[PATH_MAX]; ++ char *type=NULL; + int (*lib_trans_init)(void) = NULL; +- +- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW); ++ selinux_gettype(&type); ++ if (!type) return; ++ snprintf(path, PATH_MAX-1, "/lib/selinux/lib%s.so.0", type); ++ free(type); ++ translation_lib_handle = dlopen(path, RTLD_NOW); if (!translation_lib_handle) return; -@@ -108,6 +109,7 @@ - return; - context_translations = 1; -+#endif - } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.25.7/src/selinux_config.c +--- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500 ++++ libselinux-1.25.7/src/selinux_config.c 2005-09-12 11:35:35.000000000 -0400 +@@ -85,6 +85,28 @@ - static void fini_translations(void) + static int use_compat_file_path; + ++void selinux_gettype(char **rtype) { ++ char *type=SELINUXDEFAULT; ++ char buf[4097]; ++ int len, i; ++ FILE *cfg = fopen(SELINUXCONFIG,"r"); ++ if (cfg) { ++ while (fgets_unlocked(buf, 4096, cfg)) { ++ if (strncmp(buf,SELINUXTYPETAG,len)==0) { ++ type=buf+len; ++ break; ++ } ++ } ++ fclose(cfg); ++ } ++ i=strlen(type)-1; ++ while ((i>=0) && ++ (isspace(type[i]) || iscntrl(type[i]))) { ++ type[i]=0; ++ i--; ++ } ++ *rtype=strdup(type); ++} + int selinux_getenforcemode(int *enforce) { + int ret=-1; + FILE *cfg = fopen(SELINUXCONFIG,"r"); +@@ -122,38 +144,24 @@ + + static void init_selinux_policyroot(void) + { +- char *type=SELINUXDEFAULT; ++ char *type=NULL; + int i=0, len=sizeof(SELINUXTYPETAG)-1, len2; +- char buf[4097]; +- FILE *cfg; + if (selinux_policyroot) return; + if (access(SELINUXDIR, F_OK) != 0) { + selinux_policyroot = SECURITYDIR; + use_compat_file_path = 1; + return; + } +- cfg = fopen(SELINUXCONFIG,"r"); +- if (cfg) { +- while (fgets_unlocked(buf, 4096, cfg)) { +- if (strncmp(buf,SELINUXTYPETAG,len)==0) { +- type=buf+len; +- break; +- } +- } +- fclose(cfg); +- } +- i=strlen(type)-1; +- while ((i>=0) && +- (isspace(type[i]) || iscntrl(type[i]))) { +- type[i]=0; +- i--; +- } ++ selinux_gettype(&type); ++ if (!type) return; + len=sizeof(SELINUXDIR) + strlen(type); + selinux_policyroot=malloc(len); +- if (!selinux_policyroot) ++ if (!selinux_policyroot) { ++ free(type); + return; ++ } + snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type); +- ++ free(type); + for (i = 0; i < NEL; i++) { + len2 = len + strlen(file_path_suffixes_data.str + + file_path_suffixes_idx[i])+1; diff --git a/libselinux.spec b/libselinux.spec index 43a2bfd..a463450 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,11 +1,12 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 1.25.7 +Version: 1.26 Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz -#Patch: libselinux-rhat.patch +Prereq: libsetrans >= 0.1.4-2 +Patch: libselinux-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -35,6 +36,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="-g %{optflags}" diff --git a/sources b/sources index 41864d8..558a01e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cc15bd74ab7508117da03334182330fd libselinux-1.25.7.tgz +73e7b7cf0a11594611b2ce8188a0fb22 libselinux-1.26.tgz