libselinux/libselinux-rhat.patch
Dan Walsh 5f9e3146a2 Update to upstream
* Remove -lpthread from pkg-config file; it is not required.
2013-11-25 15:24:16 -05:00

223 lines
5.2 KiB
Diff

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 02dd829..6dfdb46 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -114,7 +114,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index e419f1a..fdeca93 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -16,6 +16,82 @@
#include <dlfcn.h>
#include "policy.h"
#include <limits.h>
+#include <lzma.h>
+
+static char *lzmaread(int fd, size_t *rsize) {
+ int capacity = 64*1024;
+ char *buf = NULL;
+ int tmpsize = 8 * 1024;
+ unsigned char tmp[tmpsize];
+ unsigned char tmp_out[tmpsize];
+ size_t size = 0;
+ lzma_stream strm = LZMA_STREAM_INIT;
+ lzma_action action = LZMA_RUN;
+ lzma_ret ret;
+
+ FILE *stream = fdopen (fd, "r");
+ if (!stream) {
+ return NULL;
+ }
+ ret = lzma_stream_decoder(&strm, UINT64_MAX,
+ LZMA_CONCATENATED);
+
+ strm.avail_in = 0;
+ strm.next_out = tmp_out;
+ strm.avail_out = tmpsize;
+
+ buf = (char *) malloc (capacity);
+ if (!buf)
+ goto err;
+
+ while (1) {
+ if (strm.avail_in == 0) {
+ strm.next_in = tmp;
+ strm.avail_in = fread(tmp, 1, tmpsize, stream);
+
+ if (ferror(stream)) {
+ // POSIX says that fread() sets errno if
+ // an error occurred. ferror() doesn't
+ // touch errno.
+ goto err;
+ }
+ if (feof(stream)) action = LZMA_FINISH;
+ }
+
+ ret = lzma_code(&strm, action);
+
+ // Write and check write error before checking decoder error.
+ // This way as much data as possible gets written to output
+ // even if decoder detected an error.
+ if (strm.avail_out == 0 || ret != LZMA_OK) {
+ const size_t num = tmpsize - strm.avail_out;
+ if (num > capacity) {
+ buf = (char*) realloc (buf, size*2);
+ capacity = size;
+ }
+ memcpy (buf+size, tmp_out, num);
+ capacity -= num;
+ size += num;
+ strm.next_out = tmp_out;
+ strm.avail_out = tmpsize;
+ }
+ if (ret != LZMA_OK) {
+ if (ret == LZMA_STREAM_END) {
+ break;
+ } else {
+ goto err;
+ }
+ }
+ }
+ *rsize = size;
+
+ goto exit;
+err:
+ free(buf); buf = NULL;
+exit:
+ lzma_end(&strm);
+ return buf;
+}
int security_load_policy(void *data, size_t len)
{
@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
struct stat sb;
struct utsname uts;
size_t size;
- void *map, *data;
+ void *map = NULL, *data=NULL;
int fd, rc = -1, prot;
sepol_policydb_t *policydb;
sepol_policy_file_t *pf;
@@ -181,24 +257,28 @@ checkbool:
goto dlclose;
}
- if (fstat(fd, &sb) < 0) {
- fprintf(stderr,
- "SELinux: Could not stat policy file %s: %s\n",
- path, strerror(errno));
- goto close;
- }
-
- prot = PROT_READ;
- if (setlocaldefs || preservebools)
- prot |= PROT_WRITE;
+ data = lzmaread(fd,&size);
- size = sb.st_size;
- data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
- if (map == MAP_FAILED) {
- fprintf(stderr,
- "SELinux: Could not map policy file %s: %s\n",
+ if (!data) {
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr,
+ "SELinux: Could not stat policy file %s: %s\n",
path, strerror(errno));
- goto close;
+ goto close;
+ }
+
+ prot = PROT_READ;
+ if (setlocaldefs || preservebools)
+ prot |= PROT_WRITE;
+
+ size = sb.st_size;
+ data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr,
+ "SELinux: Could not map policy file %s: %s\n",
+ path, strerror(errno));
+ goto close;
+ }
}
if (vers > kernvers && usesepol) {
@@ -210,6 +290,8 @@ checkbool:
goto unmap;
}
policy_file_set_mem(pf, data, size);
+ if (!map)
+ free(data);
if (policydb_read(policydb, pf)) {
policy_file_free(pf);
policydb_free(policydb);
@@ -223,7 +305,8 @@ checkbool:
path);
policy_file_free(pf);
policydb_free(policydb);
- munmap(map, sb.st_size);
+ if (map)
+ munmap(map, sb.st_size);
close(fd);
vers--;
goto search;
@@ -275,7 +358,7 @@ checkbool:
#endif
}
-
+
rc = security_load_policy(data, size);
if (rc)
@@ -286,7 +369,8 @@ checkbool:
unmap:
if (data != map)
free(data);
- munmap(map, sb.st_size);
+ if (map)
+ munmap(map, sb.st_size);
close:
close(fd);
dlclose:
@@ -410,7 +494,7 @@ int selinux_init_load_policy(int *enforce)
* already mounted and selinuxmnt set above.
*/
- if (seconfig == -1) {
+ if (*enforce == -1) {
/* Runtime disable of SELinux. */
rc = security_disable();
if (rc == 0) {
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index 2d7369e..2a00807 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
#include <stdio.h>
+#include <syslog.h>
#include "selinux_internal.h"
#include "label_internal.h"
#include "callbacks.h"
@@ -62,7 +63,7 @@ static void
{
va_list ap;
va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
+ vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
}