rpms/libsepol
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Handle booleans.local

Browse Source
This commit is contained in:
Daniel J Walsh 2005-03-29 15:39:54 +00:00
parent b85e3425be
commit 041a966553
2 changed files with 110 additions and 270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

373
libsepol-rhat.patch
View File

@ -1,275 +1,110 @@
diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/sepol.h libsepol-1.3.6/include/sepol/sepol.h diff --exclude-from=exclude -N -u -r nsalibsepol/src/genbools.c libsepol-1.5.2/src/genbools.c
--- nsalibsepol/include/sepol/sepol.h 2005-02-17 17:55:48.000000000 -0500 --- nsalibsepol/src/genbools.c 2005-03-08 15:15:26.000000000 -0500
+++ libsepol-1.3.6/include/sepol/sepol.h 2005-02-25 10:18:10.000000000 -0500 +++ libsepol-1.5.2/src/genbools.c 2005-03-29 10:20:54.000000000 -0500
@@ -32,5 +32,6 @@ @@ -24,11 +24,40 @@
/* Check context validity against currently set binary policy. */ return dest;
extern int sepol_check_context(char *context);
-
+/* Turn on or off sepol error messages. */
+extern void sepol_debug(int on);
#endif
diff --exclude-from=exclude -N -u -r nsalibsepol/src/genbools.c libsepol-1.3.6/src/genbools.c
--- nsalibsepol/src/genbools.c 2005-02-25 09:44:03.000000000 -0500
+++ libsepol-1.3.6/src/genbools.c 2005-02-25 09:50:17.000000000 -0500
@@ -87,7 +87,7 @@
pf.data = data;
pf.len = len;
if (policydb_read(&policydb,&pf, 0)) {
- fprintf(stderr, "Can't read binary policy: %s\n",
+ __sepol_debug_printf("Can't read binary policy: %s\n",
strerror(errno));
return -1;
}
@@ -97,12 +97,12 @@
sepol_set_policyvers(policydb.policyvers);
if (load_booleans(&policydb, booleans) < 0) {
- fprintf(stderr, "Warning! Error while reading %s: %s\n",
+ __sepol_debug_printf("Warning! Error while reading %s: %s\n",
booleans, strerror(errno));
}
if (evaluate_conds(&policydb) < 0) {
- fprintf(stderr, "Error while re-evaluating conditionals: %s\n",
+ __sepol_debug_printf("Error while re-evaluating conditionals: %s\n",
strerror(errno));
return -1;
}
@@ -111,7 +111,7 @@
pf.len = len;
rc = policydb_write(&policydb, &pf);
if (rc) {
- fprintf(stderr, "Can't write binary policy: %s\n",
+ __sepol_debug_printf("Can't write binary policy: %s\n",
strerror(errno));
return -1;
}
@@ -129,7 +129,7 @@
pf.data = data;
pf.len = len;
if (policydb_read(&policydb,&pf, 0)) {
- fprintf(stderr, "Can't read binary policy: %s\n",
+ __sepol_debug_printf("Can't read binary policy: %s\n",
strerror(errno));
return -1;
}
@@ -154,7 +154,7 @@
}
if (evaluate_conds(&policydb) < 0) {
- fprintf(stderr, "Error while re-evaluating conditionals: %s\n",
+ __sepol_debug_printf("Error while re-evaluating conditionals: %s\n",
strerror(errno));
return -1;
}
@@ -163,7 +163,7 @@
pf.len = len;
rc = policydb_write(&policydb, &pf);
if (rc) {
- fprintf(stderr, "Can't write binary policy: %s\n",
+ __sepol_debug_printf("Can't write binary policy: %s\n",
strerror(errno));
return -1;
}
diff --exclude-from=exclude -N -u -r nsalibsepol/src/genusers.c libsepol-1.3.6/src/genusers.c
--- nsalibsepol/src/genusers.c 2005-02-25 09:44:03.000000000 -0500
+++ libsepol-1.3.6/src/genusers.c 2005-02-25 14:44:19.680658712 -0500
@@ -7,12 +7,25 @@
#include <sepol/policydb.h>
#include <sepol/mls.h>
+#include <stdarg.h>
#include "private.h"
+static int gdebug=1;
+
+void sepol_debug(int on) { gdebug=on; };
+
+void __sepol_debug_printf(const char *fmt, ...) {
+ if (gdebug) {
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf (stderr, fmt, ap);
+ va_end(ap);
+ }
+}
#undef BADLINE
#define BADLINE() { \
- fprintf(stderr, "%s: invalid entry %s on line %u\n", \
+ __sepol_debug_printf("%s: invalid entry %s on line %u\n", \
path, buffer, lineno); \
continue; \
} }
@@ -68,10 +81,11 @@
/* Adding a new user definition. */ +static int process_boolean(char *buffer, char *name, int namesize, int *val) {
usrdatum = (user_datum_t *) malloc(sizeof(user_datum_t)); + char name1[BUFSIZ];
if (!id || !usrdatum) { + char *ptr;
- fprintf(stderr, "%s: out of memory for %s on line %u\n", + char *tok=strtok_r(buffer,"=",&ptr);
+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", + if (tok) {
path, buffer, lineno); + strncpy(name1,tok, BUFSIZ-1);
errno = ENOMEM; + strtrim(name,name1,namesize-1);
free(buffer); + if ( name[0]=='#' ) return 0;
+ fclose(fp); + tok=strtok_r(NULL,"\0",&ptr);
return -1; + if (tok) {
} + while (isspace(*tok)) tok++;
memset(usrdatum, 0, sizeof(user_datum_t)); + *val = -1;
@@ -81,10 +95,11 @@ + if (isdigit(tok[0]))
rc = hashtab_insert(policydb->p_users.table, + *val=atoi(tok);
id, (hashtab_datum_t) usrdatum); + else if (!strncmp(tok, "true", sizeof("true")-1))
if (rc) { + *val = 1;
- fprintf(stderr, "%s: out of memory for %s on line %u\n", + else if (!strncmp(tok, "false", sizeof("false")-1))
+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", + *val = 0;
path, buffer, lineno); + if (*val != 0 && *val != 1) {
errno = ENOMEM; + fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok);
free(buffer); + return -1;
+ fclose(fp); + }
return -1; +
+ }
+ }
+ return 1;
+}
+
static int load_booleans(struct policydb *policydb, char *path) {
FILE *boolf;
- char buffer[BUFSIZ];
+ char *buffer=NULL;
+ size_t size=0;
+ char localbools[BUFSIZ];
char name[BUFSIZ];
- char name1[BUFSIZ];
int val;
int errors=0;
struct cond_bool_datum *datum;
@@ -37,28 +66,29 @@
if (boolf == NULL)
return -1;
- while (fgets(buffer, sizeof(buffer), boolf)) {
- char *tok=strtok(buffer,"=");
- if (tok) {
- strncpy(name1,tok, BUFSIZ-1);
- strtrim(name,name1,BUFSIZ-1);
- if ( name[0]=='#' ) continue;
- tok=strtok(NULL,"\0");
- if (tok) {
- while (isspace(*tok)) tok++;
- val = -1;
- if (isdigit(tok[0]))
- val=atoi(tok);
- else if (!strncasecmp(tok, "true", sizeof("true")-1))
- val = 1;
- else if (!strncasecmp(tok, "false", sizeof("false")-1))
- val = 0;
- if (val != 0 && val != 1) {
- fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok);
- errors++;
- continue;
- }
-
+ while (getline(&buffer, &size, boolf) > 0) {
+ int ret=process_boolean(buffer, name, sizeof(name), &val);
+ if (ret==-1)
+ errors++;
+ if (ret==1) {
+ datum = hashtab_search(policydb->p_bools.table, name);
+ if (!datum) {
+ fprintf(stderr,"unknown boolean %s\n", name);
+ errors++;
+ continue;
+ }
+ datum->state = val;
+ }
+ }
+ fclose(boolf);
+ snprintf(localbools,sizeof(localbools), "%s.local", path);
+ boolf = fopen(localbools,"r");
+ if (boolf != NULL) {
+ while (getline(&buffer, &size, boolf) > 0) {
+ int ret=process_boolean(buffer, name, sizeof(name), &val);
+ if (ret==-1)
+ errors++;
+ if (ret==1) {
datum = hashtab_search(policydb->p_bools.table, name);
if (!datum) {
fprintf(stderr,"unknown boolean %s\n", name);
@@ -68,9 +98,9 @@
datum->state = val;
} }
} }
@@ -128,7 +143,7 @@ + fclose(boolf);
roldatum = hashtab_search(policydb->p_roles.table, q);
if (!roldatum) {
- fprintf(stderr, "%s: undefined role %s in %s on line %u\n",
+ __sepol_debug_printf("%s: undefined role %s in %s on line %u\n",
path, q, buffer, lineno);
continue;
}
@@ -136,7 +151,7 @@
for (bit = ebitmap_startbit(&roldatum->dominates); bit < ebitmap_length(&roldatum->dominates); bit++) {
if (ebitmap_get_bit(&roldatum->dominates, bit))
if (ebitmap_set_bit(&usrdatum->roles, bit, 1)) {
- fprintf(stderr, "%s: out of memory for %s on line %u\n",
+ __sepol_debug_printf("%s: out of memory for %s on line %u\n",
path, buffer, lineno);
errno = ENOMEM;
free(buffer);
@@ -172,10 +187,11 @@
scontext = malloc(p - q);
if (!scontext) {
- fprintf(stderr, "%s: out of memory for %s on line %u\n",
+ __sepol_debug_printf("%s: out of memory for %s on line %u\n",
path, buffer, lineno);
errno = ENOMEM;
free(buffer);
+ fclose(fp);
return -1;
}
r = scontext;
@@ -191,7 +207,7 @@
context_init(&context);
rc = mls_context_to_sid(policydb, oldc, &r, &context);
if (rc) {
- fprintf(stderr, "%s: invalid level %s in %s on line %u\n",
+ __sepol_debug_printf("%s: invalid level %s in %s on line %u\n",
path, scontext, buffer, lineno);
free(scontext);
continue;
@@ -218,10 +234,11 @@
scontext = malloc(p - q);
if (!scontext) {
- fprintf(stderr, "%s: out of memory for %s on line %u\n",
+ __sepol_debug_printf("%s: out of memory for %s on line %u\n",
path, buffer, lineno);
errno = ENOMEM;
free(buffer);
+ fclose(fp);
return -1;
}
r = scontext;
@@ -237,7 +254,7 @@
context_init(&context);
rc = mls_context_to_sid(policydb, oldc, &r, &context);
if (rc) {
- fprintf(stderr, "%s: invalid range %s in %s on line %u\n",
+ __sepol_debug_printf("%s: invalid range %s in %s on line %u\n",
path, scontext, buffer, lineno);
free(scontext);
continue;
@@ -248,7 +265,7 @@
} }
- fclose(boolf);
free(buffer);
- -
+ fclose(fp); + free(buffer);
return 0; if (errors)
} errno = EINVAL;
@@ -334,7 +351,7 @@
pf.data = data;
pf.len = len;
if (policydb_read(&policydb,&pf, 0)) {
- fprintf(stderr, "%s: Can't read binary policy: %s\n",
+ __sepol_debug_printf("%s: Can't read binary policy: %s\n",
__FUNCTION__, strerror(errno));
return -1;
}
@@ -342,7 +359,7 @@
/* Load base set of system users from the policy package. */
snprintf(path, sizeof path, "%s/system.users", usersdir);
if (load_users(&policydb, path) < 0) {
- fprintf(stderr, "%s: Can't load system.users: %s\n",
+ __sepol_debug_printf("%s: Can't load system.users: %s\n",
__FUNCTION__, strerror(errno));
return -1;
}
@@ -350,7 +367,7 @@
/* Load locally defined users. */
snprintf(path, sizeof path, "%s/local.users", usersdir);
if (load_users(&policydb, path) < 0) {
- fprintf(stderr, "%s: Can't load local.users: %s\n",
+ __sepol_debug_printf("%s: Can't load local.users: %s\n",
__FUNCTION__, strerror(errno));
return -1;
}
@@ -374,7 +391,7 @@
pf.len = 0;
rc = policydb_write(&policydb, &pf);
if (rc) {
- fprintf(stderr, "Can't compute length of binary policy: %s\n",
+ __sepol_debug_printf("Can't compute length of binary policy: %s\n",
strerror(errno));
return -1;
}
@@ -383,7 +400,7 @@
pf.type = PF_USE_MEMORY;
pf.data = malloc(pf.len);
if (!pf.data) {
- fprintf(stderr, "%s: %s\n", __FUNCTION__, strerror(errno));
+ __sepol_debug_printf("%s: %s\n", __FUNCTION__, strerror(errno));
return -1;
}
@@ -394,7 +411,7 @@
/* Write out the new binary policy image. */
rc = policydb_write(&policydb, &pf);
if (rc) {
- fprintf(stderr, "Can't write binary policy: %s\n",
+ __sepol_debug_printf("Can't write binary policy: %s\n",
strerror(errno));
free(pf.data);
return -1;
diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-1.3.6/src/libsepol.map
--- nsalibsepol/src/libsepol.map 2005-02-17 17:55:49.000000000 -0500
+++ libsepol-1.3.6/src/libsepol.map 2005-02-25 10:19:28.000000000 -0500
@@ -1,4 +1,4 @@
{
- global: sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers;
+ global: sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; sepol_debug;
local: *;
};
diff --exclude-from=exclude -N -u -r nsalibsepol/src/private.h libsepol-1.3.6/src/private.h
--- nsalibsepol/src/private.h 2005-02-07 10:23:04.000000000 -0500
+++ libsepol-1.3.6/src/private.h 2005-02-25 10:20:39.000000000 -0500
@@ -25,6 +25,7 @@
};
extern struct policydb_compat_info *policydb_lookup_compat(int version);
+extern void __sepol_debug_printf(const char *fmt, ...);
/* Reading from a policy "file". */
static inline void *next_entry(struct policy_file * fp, size_t bytes)

7
libsepol.spec
View File

@ -1,10 +1,11 @@
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsepol Name: libsepol
Version: 1.5.2 Version: 1.5.2
Release: 1 Release: 2
License: GPL License: GPL
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
patch: libsepol-rhat.patch
Prefix: %{_prefix} Prefix: %{_prefix}
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
Provides: libsepol.so Provides: libsepol.so
@ -36,6 +37,7 @@ needed for developing applications that manipulate binary policies.
%prep %prep
%setup -q %setup -q
%patch -p1 -b .rhat
%build %build
make CFLAGS="%{optflags}" make CFLAGS="%{optflags}"
@ -71,6 +73,9 @@ rm -rf ${RPM_BUILD_ROOT}
/%{_lib}/libsepol.so.1 /%{_lib}/libsepol.so.1
%changelog %changelog
* Thu Mar 24 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-2
- Handle booleans.local
* Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-1 * Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-1
- Update to latest from NSA - Update to latest from NSA
* Added man page for sepol_check_context. * Added man page for sepol_check_context.