diff --git libsepol-2.7/cil/include/cil/cil.h libsepol-2.7/cil/include/cil/cil.h index 86117f2..f8cfc3b 100644 --- libsepol-2.7/cil/include/cil/cil.h +++ libsepol-2.7/cil/include/cil/cil.h @@ -50,6 +50,7 @@ extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size); extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size); extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size); extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit); +extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls); extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow); extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables); extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown); diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c index c02a41a..5a64c2b 100644 --- libsepol-2.7/cil/src/cil.c +++ libsepol-2.7/cil/src/cil.c @@ -1691,6 +1691,11 @@ void cil_set_mls(struct cil_db *db, int mls) db->mls = mls; } +void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) +{ + db->multiple_decls = multiple_decls; +} + void cil_set_target_platform(struct cil_db *db, int target_platform) { db->target_platform = target_platform; @@ -2059,6 +2064,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr) (*attr)->expr_list = NULL; (*attr)->types = NULL; (*attr)->used = CIL_FALSE; + (*attr)->keep = CIL_FALSE; } void cil_typeattributeset_init(struct cil_typeattributeset **attrset) diff --git libsepol-2.7/cil/src/cil_binary.c libsepol-2.7/cil/src/cil_binary.c index c0ca60f..431cd9c 100644 --- libsepol-2.7/cil/src/cil_binary.c +++ libsepol-2.7/cil/src/cil_binary.c @@ -567,7 +567,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil char *key = NULL; type_datum_t *sepol_attr = NULL; - if (!cil_attr->used) { + if (!cil_attr->keep) { return SEPOL_OK; } @@ -632,7 +632,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct ebitmap_node_t *tnode; unsigned int i; - if (!cil_attr->used) { + if (!cil_attr->keep) { return SEPOL_OK; } @@ -1442,7 +1442,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy attr = (struct cil_typeattribute *)datum; - return !attr->used || (ebitmap_cardinality(attr->types) < db->attrs_expand_size); + return !attr->keep || (ebitmap_cardinality(attr->types) < db->attrs_expand_size); } int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor) @@ -2525,7 +2525,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d if (rc != SEPOL_OK) { if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) { struct cil_typeattribute *attr = item->data; - if (!attr->used) { + if (!attr->keep) { rc = 0; } } diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c index 04492e5..e84336b 100644 --- libsepol-2.7/cil/src/cil_build_ast.c +++ libsepol-2.7/cil/src/cil_build_ast.c @@ -82,10 +82,33 @@ exit: return rc; } -int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) +/* + * Determine whether or not multiple declarations of the same key can share a + * datum, given the new datum and the one already present in a given symtab. + */ +int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur, + __attribute__((unused)) struct cil_symtab_datum *old, + enum cil_flavor f) +{ + int rc = CIL_FALSE; + + switch (f) { + case CIL_TYPE: + case CIL_TYPEATTRIBUTE: + /* type and typeattribute statements insert empty datums, ret true */ + rc = CIL_TRUE; + break; + default: + break; + } + return rc; +} + +int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) { int rc = SEPOL_ERR; symtab_t *symtab = NULL; + struct cil_symtab_datum *prev; rc = __cil_verify_name((const char*)key); if (rc != SEPOL_OK) { @@ -103,15 +126,26 @@ int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node if (symtab != NULL) { rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node); if (rc == SEPOL_EEXIST) { - cil_log(CIL_ERR, "Re-declaration of %s %s\n", - cil_node_to_string(ast_node), key); - if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { - if (sflavor == CIL_SYM_BLOCKS) { - struct cil_tree_node *node = datum->nodes->head->data; - cil_tree_log(node, CIL_ERR, "Previous declaration"); + if (!db->multiple_decls || + cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev) != SEPOL_OK || + !cil_is_datum_multiple_decl(datum, prev, nflavor)) { + + /* multiple_decls not ok, ret error */ + cil_log(CIL_ERR, "Re-declaration of %s %s\n", + cil_node_to_string(ast_node), key); + if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { + if (sflavor == CIL_SYM_BLOCKS) { + struct cil_tree_node *node = datum->nodes->head->data; + cil_tree_log(node, CIL_ERR, "Previous declaration"); + } } + goto exit; } - goto exit; + /* multiple_decls is enabled and works for this datum type, add node */ + cil_list_append(prev->nodes, CIL_NODE, ast_node); + ast_node->data = prev; + cil_symtab_datum_destroy(datum); + free(datum); } } diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h index 6d6a7d9..8393e39 100644 --- libsepol-2.7/cil/src/cil_internal.h +++ libsepol-2.7/cil/src/cil_internal.h @@ -316,6 +316,7 @@ struct cil_db { int preserve_tunables; int handle_unknown; int mls; + int multiple_decls; int target_platform; int policy_version; }; @@ -530,6 +531,7 @@ struct cil_typeattribute { struct cil_list *expr_list; ebitmap_t *types; int used; // whether or not this attribute was used in a binary policy rule + int keep; }; struct cil_typeattributeset { diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c index 729b6e0..99eb53c 100644 --- libsepol-2.7/cil/src/cil_policy.c +++ libsepol-2.7/cil/src/cil_policy.c @@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder) } } -static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, char *kind) +static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, const char *kind) { struct cil_list_item *i1, *i2, *i3; struct cil_default *def; @@ -1085,7 +1085,7 @@ static void cil_typeattributes_to_policy(FILE *out, struct cil_list *types, stru type = i1->data; cil_list_for_each(i2, attributes) { attribute = i2->data; - if (!attribute->used) + if (!attribute->keep) continue; if (ebitmap_get_bit(attribute->types, type->value)) { if (first) { diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c index ad073e8..a212245 100644 --- libsepol-2.7/cil/src/cil_post.c +++ libsepol-2.7/cil/src/cil_post.c @@ -1297,6 +1297,55 @@ static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db return CIL_TRUE; } +static void __mark_neverallow_attrs(struct cil_list *expr_list) +{ + struct cil_list_item *curr; + + cil_list_for_each(curr, expr_list) { + if (curr->flavor == CIL_DATUM) { + if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) { + struct cil_typeattribute *attr = curr->data; + if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { + __mark_neverallow_attrs(attr->expr_list); + } else { + attr->used |= CIL_ATTR_NEVERALLOW; + } + } + } else if (curr->flavor == CIL_LIST) { + __mark_neverallow_attrs(curr->data); + } + } +} + +static int __cil_post_db_neverallow_attr_helper(struct cil_tree_node *node, uint32_t *finished, __attribute__((unused)) void *extra_args) +{ + switch (node->flavor) { + case CIL_BLOCK: { + struct cil_block *blk = node->data; + if (blk->is_abstract == CIL_TRUE) { + *finished = CIL_TREE_SKIP_HEAD; + } + break; + } + case CIL_MACRO: { + *finished = CIL_TREE_SKIP_HEAD; + break; + } + case CIL_TYPEATTRIBUTE: { + struct cil_typeattribute *attr = node->data; + if ((attr->used & CIL_ATTR_NEVERALLOW) && + strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { + __mark_neverallow_attrs(attr->expr_list); + } + break; + } + default: + break; + } + + return SEPOL_OK; +} + static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) { int rc = SEPOL_ERR; @@ -1320,7 +1369,7 @@ static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finis rc = __evaluate_type_expression(attr, db); if (rc != SEPOL_OK) goto exit; } - attr->used = cil_typeattribute_used(attr, db); + attr->keep = cil_typeattribute_used(attr, db); break; } case CIL_ROLEATTRIBUTE: { @@ -2031,6 +2080,12 @@ static int cil_post_db(struct cil_db *db) goto exit; } + rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db); + if (rc != SEPOL_OK) { + cil_log(CIL_INFO, "Failed to mark attributes used by generated attributes used in neverallow rules\n"); + goto exit; + } + rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db); if (rc != SEPOL_OK) { cil_log(CIL_INFO, "Failed to create attribute bitmaps\n"); diff --git libsepol-2.7/cil/src/cil_reset_ast.c libsepol-2.7/cil/src/cil_reset_ast.c index 8a13a1c..43e6b88 100644 --- libsepol-2.7/cil/src/cil_reset_ast.c +++ libsepol-2.7/cil/src/cil_reset_ast.c @@ -186,6 +186,7 @@ static void cil_reset_typeattr(struct cil_typeattribute *attr) attr->expr_list = NULL; } attr->used = CIL_FALSE; + attr->keep = CIL_FALSE; } static void cil_reset_typeattributeset(struct cil_typeattributeset *tas) diff --git libsepol-2.7/cil/src/cil_strpool.c libsepol-2.7/cil/src/cil_strpool.c index b1396d2..97d4c4b 100644 --- libsepol-2.7/cil/src/cil_strpool.c +++ libsepol-2.7/cil/src/cil_strpool.c @@ -119,6 +119,7 @@ void cil_strpool_destroy(void) if (cil_strpool_readers == 0) { hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL); hashtab_destroy(cil_strpool_tab); + cil_strpool_tab = NULL; } pthread_mutex_unlock(&cil_strpool_mutex); } diff --git libsepol-2.7/cil/src/cil_tree.c libsepol-2.7/cil/src/cil_tree.c index d36401b..b394a9d 100644 --- libsepol-2.7/cil/src/cil_tree.c +++ libsepol-2.7/cil/src/cil_tree.c @@ -503,15 +503,19 @@ exit: void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr) { char *expr_str; + int rc; cil_log(CIL_INFO, "("); if (datum_expr != NULL) { - cil_expr_to_string(datum_expr, &expr_str); + rc = cil_expr_to_string(datum_expr, &expr_str); } else { - cil_expr_to_string(str_expr, &expr_str); + rc = cil_expr_to_string(str_expr, &expr_str); + } + if (rc < 0) { + cil_log(CIL_INFO, "ERROR)"); + return; } - cil_log(CIL_INFO, "%s)", expr_str); free(expr_str); } diff --git libsepol-2.7/include/Makefile libsepol-2.7/include/Makefile index 56b7a11..1ad4eca 100644 --- libsepol-2.7/include/Makefile +++ libsepol-2.7/include/Makefile @@ -1,17 +1,17 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -INCDIR ?= $(PREFIX)/include/sepol +PREFIX ?= /usr +INCDIR = $(PREFIX)/include/sepol CILDIR ?= ../cil all: install: all - test -d $(INCDIR) || install -m 755 -d $(INCDIR) - test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil - install -m 644 $(wildcard sepol/*.h) $(INCDIR) - install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) + install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil indent: ../../scripts/Lindent $(wildcard sepol/*.h) diff --git libsepol-2.7/include/sepol/policydb/avtab.h libsepol-2.7/include/sepol/policydb/avtab.h index 958848e..10ecde9 100644 --- libsepol-2.7/include/sepol/policydb/avtab.h +++ libsepol-2.7/include/sepol/policydb/avtab.h @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Yuichi Nakamura diff --git libsepol-2.7/include/sepol/policydb/constraint.h libsepol-2.7/include/sepol/policydb/constraint.h index 927bdc0..b91fc4e 100644 --- libsepol-2.7/include/sepol/policydb/constraint.h +++ libsepol-2.7/include/sepol/policydb/constraint.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/include/sepol/policydb/context.h libsepol-2.7/include/sepol/policydb/context.h index 2eaa686..c27c334 100644 --- libsepol-2.7/include/sepol/policydb/context.h +++ libsepol-2.7/include/sepol/policydb/context.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/include/sepol/policydb/ebitmap.h libsepol-2.7/include/sepol/policydb/ebitmap.h index e90371e..94fb7ef 100644 --- libsepol-2.7/include/sepol/policydb/ebitmap.h +++ libsepol-2.7/include/sepol/policydb/ebitmap.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/include/sepol/policydb/flask_types.h libsepol-2.7/include/sepol/policydb/flask_types.h index e01669c..714176f 100644 --- libsepol-2.7/include/sepol/policydb/flask_types.h +++ libsepol-2.7/include/sepol/policydb/flask_types.h @@ -1,7 +1,7 @@ /* -*- linux-c -*- */ /* - * Author : Stephen Smalley, + * Author : Stephen Smalley, */ #ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ diff --git libsepol-2.7/include/sepol/policydb/hashtab.h libsepol-2.7/include/sepol/policydb/hashtab.h index ae5674a..ef1bb67 100644 --- libsepol-2.7/include/sepol/policydb/hashtab.h +++ libsepol-2.7/include/sepol/policydb/hashtab.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/include/sepol/policydb/mls_types.h libsepol-2.7/include/sepol/policydb/mls_types.h index 568386c..a06723b 100644 --- libsepol-2.7/include/sepol/policydb/mls_types.h +++ libsepol-2.7/include/sepol/policydb/mls_types.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Trusted Computer Solutions, Inc. * diff --git libsepol-2.7/include/sepol/policydb/policydb.h libsepol-2.7/include/sepol/policydb/policydb.h index 1b2d782..f8626ef 100644 --- libsepol-2.7/include/sepol/policydb/policydb.h +++ libsepol-2.7/include/sepol/policydb/policydb.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Joshua Brindle diff --git libsepol-2.7/include/sepol/policydb/services.h libsepol-2.7/include/sepol/policydb/services.h index efdf7de..6ef27a8 100644 --- libsepol-2.7/include/sepol/policydb/services.h +++ libsepol-2.7/include/sepol/policydb/services.h @@ -2,7 +2,7 @@ /* -*- linux-c -*- */ /* - * Author : Stephen Smalley, + * Author : Stephen Smalley, */ #ifndef _SEPOL_POLICYDB_SERVICES_H_ diff --git libsepol-2.7/include/sepol/policydb/sidtab.h libsepol-2.7/include/sepol/policydb/sidtab.h index 2df1a50..893e6f0 100644 --- libsepol-2.7/include/sepol/policydb/sidtab.h +++ libsepol-2.7/include/sepol/policydb/sidtab.h @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/include/sepol/policydb/symtab.h libsepol-2.7/include/sepol/policydb/symtab.h index 68b5ad4..8b9ddca 100644 --- libsepol-2.7/include/sepol/policydb/symtab.h +++ libsepol-2.7/include/sepol/policydb/symtab.h @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/man/Makefile libsepol-2.7/man/Makefile index 1192433..9b75454 100644 --- libsepol-2.7/man/Makefile +++ libsepol-2.7/man/Makefile @@ -1,12 +1,13 @@ # Installation directories. -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 -MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 +PREFIX ?= /usr +MAN8DIR ?= $(PREFIX)/share/man/man8 +MAN3DIR ?= $(PREFIX)/share/man/man3 all: install: all - mkdir -p $(MAN3DIR) - mkdir -p $(MAN8DIR) - install -m 644 man3/*.3 $(MAN3DIR) - install -m 644 man8/*.8 $(MAN8DIR) + mkdir -p $(DESTDIR)$(MAN3DIR) + mkdir -p $(DESTDIR)$(MAN8DIR) + install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR) + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) diff --git libsepol-2.7/man/man3/sepol_genbools.3 libsepol-2.7/man/man3/sepol_genbools.3 index dcfb69d..5363383 100644 --- libsepol-2.7/man/man3/sepol_genbools.3 +++ libsepol-2.7/man/man3/sepol_genbools.3 @@ -1,4 +1,4 @@ -.TH "sepol_genbools" "3" "11 August 2004" "sds@epoch.ncsc.mil" "SE Linux binary policy API documentation" +.TH "sepol_genbools" "3" "11 August 2004" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation" .SH "NAME" sepol_genbools \- Rewrite a binary policy with different boolean settings .SH "SYNOPSIS" diff --git libsepol-2.7/man/man8/genpolbools.8 libsepol-2.7/man/man8/genpolbools.8 index afeaced..fc792c8 100644 --- libsepol-2.7/man/man8/genpolbools.8 +++ libsepol-2.7/man/man8/genpolbools.8 @@ -1,4 +1,4 @@ -.TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation" +.TH "genpolbools" "8" "11 August 2004" "sds@tycho.nsa.gov" "SELinux Command Line documentation" .SH "NAME" genpolbools \- Rewrite a binary policy with different boolean settings .SH "SYNOPSIS" diff --git libsepol-2.7/src/Makefile libsepol-2.7/src/Makefile index 819d261..ccb7023 100644 --- libsepol-2.7/src/Makefile +++ libsepol-2.7/src/Makefile @@ -1,10 +1,9 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include LIBDIR ?= $(PREFIX)/lib -SHLIBDIR ?= $(DESTDIR)/lib +SHLIBDIR ?= /lib RANLIB ?= ranlib -LIBBASE ?= $(shell basename $(LIBDIR)) CILDIR ?= ../cil VERSION = $(shell cat ../VERSION) @@ -52,7 +51,7 @@ $(LIBSO): $(LOBJS) $(LIBMAP) ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION - sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ + sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ $(LIBMAP): $(LIBMAP).in ifneq ($(DISABLE_CIL),y) @@ -80,16 +79,16 @@ endif $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< install: all - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) - install -m 644 $(LIBA) $(LIBDIR) - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) - install -m 755 $(LIBSO) $(SHLIBDIR) - test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) clean: -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED) diff --git libsepol-2.7/src/avtab.c libsepol-2.7/src/avtab.c index 3854d6f..257f051 100644 --- libsepol-2.7/src/avtab.c +++ libsepol-2.7/src/avtab.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Yuichi Nakamura diff --git libsepol-2.7/src/booleans.c libsepol-2.7/src/booleans.c index c914a28..30fcf29 100644 --- libsepol-2.7/src/booleans.c +++ libsepol-2.7/src/booleans.c @@ -155,6 +155,7 @@ int sepol_bool_query(sepol_handle_t * handle, booldatum = hashtab_search(policydb->p_bools.table, name); if (!booldatum) { *response = NULL; + free(name); return STATUS_SUCCESS; } diff --git libsepol-2.7/src/ebitmap.c libsepol-2.7/src/ebitmap.c index 218adc2..76e6e41 100644 --- libsepol-2.7/src/ebitmap.c +++ libsepol-2.7/src/ebitmap.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/src/hashtab.c libsepol-2.7/src/hashtab.c index ec49c15..f5407ab 100644 --- libsepol-2.7/src/hashtab.c +++ libsepol-2.7/src/hashtab.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated : Karl MacMillan diff --git libsepol-2.7/src/kernel_to_cil.c libsepol-2.7/src/kernel_to_cil.c index f1905a9..0055c23 100644 --- libsepol-2.7/src/kernel_to_cil.c +++ libsepol-2.7/src/kernel_to_cil.c @@ -2788,7 +2788,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) { struct ocontext *ibpkeycon; char subnet_prefix_str[INET6_ADDRSTRLEN]; - struct in6_addr subnet_prefix = {0}; + struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; uint16_t low; uint16_t high; char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ diff --git libsepol-2.7/src/kernel_to_conf.c libsepol-2.7/src/kernel_to_conf.c index a74873f..95aa92f 100644 --- libsepol-2.7/src/kernel_to_conf.c +++ libsepol-2.7/src/kernel_to_conf.c @@ -2649,7 +2649,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) { struct ocontext *ibpkeycon; char subnet_prefix_str[INET6_ADDRSTRLEN]; - struct in6_addr subnet_prefix = {0}; + struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; uint16_t low; uint16_t high; char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ diff --git libsepol-2.7/src/libsepol.map.in libsepol-2.7/src/libsepol.map.in index dd1fec2..2a9996f 100644 --- libsepol-2.7/src/libsepol.map.in +++ libsepol-2.7/src/libsepol.map.in @@ -49,6 +49,7 @@ LIBSEPOL_1.1 { cil_set_mls; cil_set_attrs_expand_generated; cil_set_attrs_expand_size; + cil_set_multiple_decls; cil_write_policy_conf; sepol_ppfile_to_module_package; sepol_module_package_to_cil; diff --git libsepol-2.7/src/libsepol.pc.in libsepol-2.7/src/libsepol.pc.in index e52f589..f807fec 100644 --- libsepol-2.7/src/libsepol.pc.in +++ libsepol-2.7/src/libsepol.pc.in @@ -1,6 +1,6 @@ prefix=@prefix@ exec_prefix=${prefix} -libdir=${exec_prefix}/@libdir@ +libdir=@libdir@ includedir=@includedir@ Name: libsepol diff --git libsepol-2.7/src/mls.c libsepol-2.7/src/mls.c index be85475..bf1fdbd 100644 --- libsepol-2.7/src/mls.c +++ libsepol-2.7/src/mls.c @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Trusted Computer Solutions, Inc. * diff --git libsepol-2.7/src/mls.h libsepol-2.7/src/mls.h index 98da3d3..5ca3cd5 100644 --- libsepol-2.7/src/mls.h +++ libsepol-2.7/src/mls.h @@ -1,4 +1,4 @@ -/* Author: Stephen Smalley, +/* Author: Stephen Smalley, * Updated: Trusted Computer Solutions, Inc. * * Support for enhanced MLS infrastructure. diff --git libsepol-2.7/src/module_to_cil.c libsepol-2.7/src/module_to_cil.c index 619a48f..15b58a7 100644 --- libsepol-2.7/src/module_to_cil.c +++ libsepol-2.7/src/module_to_cil.c @@ -2687,7 +2687,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, int rc = -1; struct ocontext *ibpkeycon; char subnet_prefix_str[INET6_ADDRSTRLEN]; - struct in6_addr subnet_prefix = {0}; + struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; uint16_t high; uint16_t low; diff --git libsepol-2.7/src/policydb.c libsepol-2.7/src/policydb.c index 691101e..c752123 100644 --- libsepol-2.7/src/policydb.c +++ libsepol-2.7/src/policydb.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Trusted Computer Solutions, Inc. @@ -1420,6 +1420,8 @@ void ocontext_selinux_free(ocontext_t **ocontexts) if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || i == OCON_FSUSE) free(ctmp->u.name); + else if (i == OCON_IBENDPORT) + free(ctmp->u.ibendport.dev_name); free(ctmp); } } diff --git libsepol-2.7/src/services.c libsepol-2.7/src/services.c index 10338a6..d40793e 100644 --- libsepol-2.7/src/services.c +++ libsepol-2.7/src/services.c @@ -1,6 +1,6 @@ /* - * Author : Stephen Smalley, + * Author : Stephen Smalley, */ /* * Updated: Trusted Computer Solutions, Inc. diff --git libsepol-2.7/src/sidtab.c libsepol-2.7/src/sidtab.c index 5bd7999..23b2e8f 100644 --- libsepol-2.7/src/sidtab.c +++ libsepol-2.7/src/sidtab.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/src/symtab.c libsepol-2.7/src/symtab.c index c1e625d..9a417ca 100644 --- libsepol-2.7/src/symtab.c +++ libsepol-2.7/src/symtab.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* FLASK */ diff --git libsepol-2.7/src/write.c libsepol-2.7/src/write.c index e486e28..1fb3095 100644 --- libsepol-2.7/src/write.c +++ libsepol-2.7/src/write.c @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, */ +/* Author : Stephen Smalley, */ /* * Updated: Trusted Computer Solutions, Inc. diff --git libsepol-2.7/utils/Makefile libsepol-2.7/utils/Makefile index fba1d8a..31932c1 100644 --- libsepol-2.7/utils/Makefile +++ libsepol-2.7/utils/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin CFLAGS ?= -Wall -Werror @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) all: $(TARGETS) install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) clean: -rm -f $(TARGETS) *.o