rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Eliminate forth param from mls context when mls is not enabled.

Browse Source
This commit is contained in:
Daniel J Walsh 2005-09-13 16:48:16 +00:00
parent 017ea0e76c
commit bc0a935c8c
2 changed files with 106 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
libselinux-rhat.patch
View File

@ -1,22 +1,22 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.25.7/include/selinux/selinux.h diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.26/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400 --- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400
+++ libselinux-1.25.7/include/selinux/selinux.h 2005-09-12 11:33:32.000000000 -0400 +++ libselinux-1.26/include/selinux/selinux.h 2005-09-12 17:05:36.000000000 -0400
@@ -304,6 +304,12 @@ @@ -304,6 +304,12 @@
extern int selinux_getenforcemode(int *enforce); extern int selinux_getenforcemode(int *enforce);
/* /*
+ selinux_gettype reads the /etc/selinux/config file and determines + selinux_getpolicytype reads the /etc/selinux/config file and determines
+ whether the policy tyep for this machine, type must be freed. + whether the policy tyep for this machine, type must be freed.
+ */ + */
+extern void selinux_gettype(char **type); +extern void selinux_getpolicytype(char **type);
+ +
+/* +/*
selinux_policy_root reads the /etc/selinux/config file and returns selinux_policy_root reads the /etc/selinux/config file and returns
the directory path under which the compiled policy file and context the directory path under which the compiled policy file and context
configuration files exist. configuration files exist.
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/src/init.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.26/src/init.c
--- nsalibselinux/src/init.c 2005-09-01 13:21:11.000000000 -0400 --- nsalibselinux/src/init.c 2005-09-01 13:21:11.000000000 -0400
+++ libselinux-1.25.7/src/init.c 2005-09-12 11:36:33.000000000 -0400 +++ libselinux-1.26/src/init.c 2005-09-12 17:13:20.000000000 -0400
@@ -8,6 +8,7 @@ @@ -8,6 +8,7 @@
#include <asm/page.h> #include <asm/page.h>
#include <stdio.h> #include <stdio.h>
@ -34,25 +34,108 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/
int (*lib_trans_init)(void) = NULL; int (*lib_trans_init)(void) = NULL;
- -
- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW); - translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
+ selinux_gettype(&type); + selinux_getpolicytype(&type);
+ if (!type) return; + if (!type) return;
+ snprintf(path, PATH_MAX-1, "/lib/selinux/lib%s.so.0", type); + snprintf(path, PATH_MAX-1, "/$LIB/selinux/%s/libsetrans.so.0", type);
+ free(type); + free(type);
+ translation_lib_handle = dlopen(path, RTLD_NOW); + translation_lib_handle = dlopen(path, RTLD_NOW);
if (!translation_lib_handle) if (!translation_lib_handle)
return; return;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.25.7/src/selinux_config.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.26/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.26/src/matchpathcon.c 2005-09-12 17:05:37.000000000 -0400
@@ -25,6 +25,20 @@
va_end(ap);
}
+#define STRIP_LEVEL(CON) \
+ if (! mls_enabled) { \
+ int i=0; \
+ int ctr=0; \
+ while (CON[i]) { \
+ if (CON[i] == ':') ctr++; \
+ if (ctr==3) { \
+ CON[i]=0; \
+ break; \
+ } \
+ i++; \
+ } \
+ }
+
static void (*myprintf)(const char *fmt, ...) = &default_printf;
void set_matchpathcon_printf(void (*f)(const char *fmt, ...))
@@ -415,7 +429,7 @@
}
return;
}
-static int process_line( const char *path, char *line_buf, int pass, unsigned lineno) {
+static int process_line( const char *path, char *line_buf, int pass, unsigned lineno, int mls_enabled) {
int items, len, regerr;
char *buf_p;
char *regex, *type, *context;
@@ -438,6 +452,7 @@
} else if (items == 2) {
/* The type field is optional. */
free(context);
+ STRIP_LEVEL(type)
context = type;
type = 0;
}
@@ -510,7 +525,7 @@
}
skip_type:
-
+ STRIP_LEVEL(context)
spec_arr[nspec].context = context;
if (strcmp(context, "<<none>>")) {
@@ -557,6 +572,7 @@
unsigned int lineno, pass, i, j, maxnspec;
spec_t *spec_copy=NULL;
int status=-1;
+ int mls_enabled=is_selinux_mls_enabled();
/* Open the specification file. */
if (!path)
@@ -590,20 +606,20 @@
lineno = 0;
nspec = 0;
while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {
- if (process_line(path, line_buf, pass, ++lineno) != 0)
+ if (process_line(path, line_buf, pass, ++lineno, mls_enabled) != 0)
goto finish;
}
lineno = 0;
if (homedirfp)
while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {
- if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
+ if (process_line(homedir_path, line_buf, pass, ++lineno, mls_enabled) != 0)
goto finish;
}
lineno = 0;
if (localfp)
while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {
- if (process_line(local_path, line_buf, pass, ++lineno) != 0)
+ if (process_line(local_path, line_buf, pass, ++lineno, mls_enabled) != 0)
goto finish;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.26/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500 --- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500
+++ libselinux-1.25.7/src/selinux_config.c 2005-09-12 11:35:35.000000000 -0400 +++ libselinux-1.26/src/selinux_config.c 2005-09-13 12:46:22.682193000 -0400
@@ -85,6 +85,28 @@ @@ -85,6 +85,29 @@
static int use_compat_file_path; static int use_compat_file_path;
+void selinux_gettype(char **rtype) { +void selinux_getpolicytype(char **rtype) {
+ char *type=SELINUXDEFAULT; + char *type=SELINUXDEFAULT;
+ char buf[4097]; + char buf[4097];
+ int len, i; + int i=0;
+ int len=sizeof(SELINUXTYPETAG)-1;
+ FILE *cfg = fopen(SELINUXCONFIG,"r"); + FILE *cfg = fopen(SELINUXCONFIG,"r");
+ if (cfg) { + if (cfg) {
+ while (fgets_unlocked(buf, 4096, cfg)) { + while (fgets_unlocked(buf, 4096, cfg)) {
@ -74,15 +157,16 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
int selinux_getenforcemode(int *enforce) { int selinux_getenforcemode(int *enforce) {
int ret=-1; int ret=-1;
FILE *cfg = fopen(SELINUXCONFIG,"r"); FILE *cfg = fopen(SELINUXCONFIG,"r");
@@ -122,38 +144,24 @@ @@ -122,38 +145,24 @@
static void init_selinux_policyroot(void) static void init_selinux_policyroot(void)
{ {
- char *type=SELINUXDEFAULT; - char *type=SELINUXDEFAULT;
+ char *type=NULL; - int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
- char buf[4097]; - char buf[4097];
- FILE *cfg; - FILE *cfg;
+ char *type=NULL;
+ int i=0, len, len2;
if (selinux_policyroot) return; if (selinux_policyroot) return;
if (access(SELINUXDIR, F_OK) != 0) { if (access(SELINUXDIR, F_OK) != 0) {
selinux_policyroot = SECURITYDIR; selinux_policyroot = SECURITYDIR;
@ -105,7 +189,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
- type[i]=0; - type[i]=0;
- i--; - i--;
- } - }
+ selinux_gettype(&type); + selinux_getpolicytype(&type);
+ if (!type) return; + if (!type) return;
len=sizeof(SELINUXDIR) + strlen(type); len=sizeof(SELINUXDIR) + strlen(type);
selinux_policyroot=malloc(len); selinux_policyroot=malloc(len);

7
libselinux.spec
View File

@ -1,11 +1,11 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 1.26 Version: 1.26
Release: 1 Release: 2
License: Public domain (uncopyrighted) License: Public domain (uncopyrighted)
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
Prereq: libsetrans >= 0.1.4-2 Prereq: libsetrans >= 0.1.4-3
Patch: libselinux-rhat.patch Patch: libselinux-rhat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@ -86,6 +86,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
- Eliminate forth param from mls context when mls is not enabled.
* Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-1 * Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-1
- Update from NSA - Update from NSA
* Merged modified form of patch to avoid dlopen/dlclose by * Merged modified form of patch to avoid dlopen/dlclose by