Hello community, here is the log from the commit of package libsepol for openSUSE:Factory checked in at 2018-11-26 10:13:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsepol (Old) and /work/SRC/openSUSE:Factory/.libsepol.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsepol" Mon Nov 26 10:13:49 2018 rev:39 rq:651127 version:2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/libsepol/libsepol.changes 2018-05-30 12:31:18.870054591 +0200 +++ /work/SRC/openSUSE:Factory/.libsepol.new.19453/libsepol.changes 2018-11-26 10:13:49.686187900 +0100 @@ -1,0 +2,15 @@ +Thu Nov 8 09:34:54 UTC 2018 - Jan Engelhardt <jeng...@inai.de> + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jseg...@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Wed Oct 17 11:54:52 UTC 2018 - jseg...@suse.com + +- Update to version 2.8 (bsc#1111732) + +------------------------------------------------------------------- Old: ---- libsepol-2.7.tar.gz New: ---- libsepol-2.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsepol.spec ++++++ --- /var/tmp/diff_new_pack.2L3Rj1/_old 2018-11-26 10:13:50.074187445 +0100 +++ /var/tmp/diff_new_pack.2L3Rj1/_new 2018-11-26 10:13:50.074187445 +0100 @@ -12,18 +12,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: libsepol -Version: 2.7 +Version: 2.8 Release: 0 Summary: SELinux binary policy manipulation library License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Url: https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/%{name}-%{version}.tar.gz Source2: baselibs.conf BuildRequires: flex BuildRequires: pkgconfig @@ -92,7 +92,7 @@ make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install +%make_install LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" %post -n libsepol1 -p /sbin/ldconfig %postun -n libsepol1 -p /sbin/ldconfig ++++++ libsepol-2.7.tar.gz -> libsepol-2.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/VERSION new/libsepol-2.8/VERSION --- old/libsepol-2.7/VERSION 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/VERSION 2018-05-24 20:21:09.000000000 +0200 @@ -1 +1 @@ -2.7 +2.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/include/cil/cil.h new/libsepol-2.8/cil/include/cil/cil.h --- old/libsepol-2.7/cil/include/cil/cil.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/include/cil/cil.h 2018-05-24 20:21:09.000000000 +0200 @@ -50,6 +50,7 @@ extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size); extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size); extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit); +extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls); extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow); extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables); extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil.c new/libsepol-2.8/cil/src/cil.c --- old/libsepol-2.7/cil/src/cil.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil.c 2018-05-24 20:21:09.000000000 +0200 @@ -109,6 +109,7 @@ CIL_KEY_UDP = cil_strpool_add("udp"); CIL_KEY_TCP = cil_strpool_add("tcp"); CIL_KEY_DCCP = cil_strpool_add("dccp"); + CIL_KEY_SCTP = cil_strpool_add("sctp"); CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); CIL_KEY_ALLOW = cil_strpool_add("allow"); @@ -1691,6 +1692,11 @@ db->mls = mls; } +void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) +{ + db->multiple_decls = multiple_decls; +} + void cil_set_target_platform(struct cil_db *db, int target_platform) { db->target_platform = target_platform; @@ -2059,6 +2065,7 @@ (*attr)->expr_list = NULL; (*attr)->types = NULL; (*attr)->used = CIL_FALSE; + (*attr)->keep = CIL_FALSE; } void cil_typeattributeset_init(struct cil_typeattributeset **attrset) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_binary.c new/libsepol-2.8/cil/src/cil_binary.c --- old/libsepol-2.7/cil/src/cil_binary.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_binary.c 2018-05-24 20:21:09.000000000 +0200 @@ -34,6 +34,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include <sepol/policydb/policydb.h> #include <sepol/policydb/polcaps.h> @@ -567,7 +570,7 @@ char *key = NULL; type_datum_t *sepol_attr = NULL; - if (!cil_attr->used) { + if (!cil_attr->keep) { return SEPOL_OK; } @@ -632,7 +635,7 @@ ebitmap_node_t *tnode; unsigned int i; - if (!cil_attr->used) { + if (!cil_attr->keep) { return SEPOL_OK; } @@ -1442,7 +1445,7 @@ attr = (struct cil_typeattribute *)datum; - return !attr->used || (ebitmap_cardinality(attr->types) < db->attrs_expand_size); + return !attr->keep || (ebitmap_cardinality(attr->types) < db->attrs_expand_size); } int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor) @@ -2525,7 +2528,7 @@ if (rc != SEPOL_OK) { if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) { struct cil_typeattribute *attr = item->data; - if (!attr->used) { + if (!attr->keep) { rc = 0; } } @@ -3272,6 +3275,9 @@ case CIL_PROTOCOL_DCCP: new_ocon->u.port.protocol = IPPROTO_DCCP; break; + case CIL_PROTOCOL_SCTP: + new_ocon->u.port.protocol = IPPROTO_SCTP; + break; default: /* should not get here */ rc = SEPOL_ERR; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_build_ast.c new/libsepol-2.8/cil/src/cil_build_ast.c --- old/libsepol-2.7/cil/src/cil_build_ast.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_build_ast.c 2018-05-24 20:21:09.000000000 +0200 @@ -82,10 +82,33 @@ return rc; } -int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) +/* + * Determine whether or not multiple declarations of the same key can share a + * datum, given the new datum and the one already present in a given symtab. + */ +int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur, + __attribute__((unused)) struct cil_symtab_datum *old, + enum cil_flavor f) +{ + int rc = CIL_FALSE; + + switch (f) { + case CIL_TYPE: + case CIL_TYPEATTRIBUTE: + /* type and typeattribute statements insert empty datums, ret true */ + rc = CIL_TRUE; + break; + default: + break; + } + return rc; +} + +int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) { int rc = SEPOL_ERR; symtab_t *symtab = NULL; + struct cil_symtab_datum *prev; rc = __cil_verify_name((const char*)key); if (rc != SEPOL_OK) { @@ -103,15 +126,26 @@ if (symtab != NULL) { rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node); if (rc == SEPOL_EEXIST) { - cil_log(CIL_ERR, "Re-declaration of %s %s\n", - cil_node_to_string(ast_node), key); - if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { - if (sflavor == CIL_SYM_BLOCKS) { - struct cil_tree_node *node = datum->nodes->head->data; - cil_tree_log(node, CIL_ERR, "Previous declaration"); + if (!db->multiple_decls || + cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev) != SEPOL_OK || + !cil_is_datum_multiple_decl(datum, prev, nflavor)) { + + /* multiple_decls not ok, ret error */ + cil_log(CIL_ERR, "Re-declaration of %s %s\n", + cil_node_to_string(ast_node), key); + if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { + if (sflavor == CIL_SYM_BLOCKS) { + struct cil_tree_node *node = datum->nodes->head->data; + cil_tree_log(node, CIL_ERR, "Previous declaration"); + } } + goto exit; } - goto exit; + /* multiple_decls is enabled and works for this datum type, add node */ + cil_list_append(prev->nodes, CIL_NODE, ast_node); + ast_node->data = prev; + cil_symtab_datum_destroy(datum); + free(datum); } } @@ -4371,6 +4405,8 @@ portcon->proto = CIL_PROTOCOL_TCP; } else if (proto == CIL_KEY_DCCP) { portcon->proto = CIL_PROTOCOL_DCCP; + } else if (proto == CIL_KEY_SCTP) { + portcon->proto = CIL_PROTOCOL_SCTP; } else { cil_log(CIL_ERR, "Invalid protocol\n"); rc = SEPOL_ERR; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_internal.h new/libsepol-2.8/cil/src/cil_internal.h --- old/libsepol-2.7/cil/src/cil_internal.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_internal.h 2018-05-24 20:21:09.000000000 +0200 @@ -103,6 +103,7 @@ char *CIL_KEY_TCP; char *CIL_KEY_UDP; char *CIL_KEY_DCCP; +char *CIL_KEY_SCTP; char *CIL_KEY_AUDITALLOW; char *CIL_KEY_TUNABLEIF; char *CIL_KEY_ALLOW; @@ -316,6 +317,7 @@ int preserve_tunables; int handle_unknown; int mls; + int multiple_decls; int target_platform; int policy_version; }; @@ -530,6 +532,7 @@ struct cil_list *expr_list; ebitmap_t *types; int used; // whether or not this attribute was used in a binary policy rule + int keep; }; struct cil_typeattributeset { @@ -738,7 +741,8 @@ enum cil_protocol { CIL_PROTOCOL_UDP = 1, CIL_PROTOCOL_TCP, - CIL_PROTOCOL_DCCP + CIL_PROTOCOL_DCCP, + CIL_PROTOCOL_SCTP }; struct cil_ibpkeycon { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_policy.c new/libsepol-2.8/cil/src/cil_policy.c --- old/libsepol-2.7/cil/src/cil_policy.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_policy.c 2018-05-24 20:21:09.000000000 +0200 @@ -775,7 +775,7 @@ } } -static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, char *kind) +static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, const char *kind) { struct cil_list_item *i1, *i2, *i3; struct cil_default *def; @@ -1085,7 +1085,7 @@ type = i1->data; cil_list_for_each(i2, attributes) { attribute = i2->data; - if (!attribute->used) + if (!attribute->keep) continue; if (ebitmap_get_bit(attribute->types, type->value)) { if (first) { @@ -1757,6 +1757,8 @@ fprintf(out, "tcp "); } else if (portcon->proto == CIL_PROTOCOL_DCCP) { fprintf(out, "dccp "); + } else if (portcon->proto == CIL_PROTOCOL_SCTP) { + fprintf(out, "sctp "); } if (portcon->port_low == portcon->port_high) { fprintf(out, "%d ", portcon->port_low); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_post.c new/libsepol-2.8/cil/src/cil_post.c --- old/libsepol-2.7/cil/src/cil_post.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_post.c 2018-05-24 20:21:09.000000000 +0200 @@ -53,6 +53,83 @@ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db); static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db); +static int cats_compare(struct cil_cats *a, struct cil_cats *b) +{ + struct cil_list_item *i, *j; + int rc; + + if (a == b) return 0; + if (!a) return -1; + if (!b) return 1; + + /* Expects cat expression to have been evaluated */ + cil_list_for_each(i, a->datum_expr) { + cil_list_for_each(j, b->datum_expr) { + rc = strcmp(DATUM(i->data)->fqn, DATUM(j->data)->fqn); + if (!rc) return rc; + } + } + return 0; +} + +static int level_compare(struct cil_level *a, struct cil_level *b) +{ + int rc; + + if (a == b) return 0; + if (!a) return -1; + if (!b) return 1; + + if (a->sens != b->sens) { + rc = strcmp(DATUM(a->sens)->fqn, DATUM(b->sens)->fqn); + if (rc != 0) return rc; + } + if (a->cats != b->cats) { + return cats_compare(a->cats, b->cats); + } + return 0; +} + +static int range_compare(struct cil_levelrange *a, struct cil_levelrange *b) +{ + int rc; + + if (a == b) return 0; + if (!a) return -1; + if (!b) return 1; + + if (a->low != b->low) { + rc = level_compare(a->low, b->low); + if (rc != 0) return rc; + } + if (a->high != b->high) { + return level_compare(a->high, b->high); + } + return 0; +} + +static int context_compare(struct cil_context *a, struct cil_context *b) +{ + int rc; + + if (a->user != b->user) { + rc = strcmp(DATUM(a->user)->fqn, DATUM(b->user)->fqn); + if (rc != 0) return rc; + } + if (a->role != b->role) { + rc = strcmp(DATUM(a->role)->fqn, DATUM(b->role)->fqn); + if (rc != 0) return rc; + } + if (a->type != b->type) { + rc = strcmp(DATUM(a->type)->fqn, DATUM(b->type)->fqn); + if (rc != 0) return rc; + } + if (a->range != b->range) { + return range_compare(a->range, b->range); + } + return 0; +} + static int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor) { struct cil_list_item *curr; @@ -145,6 +222,8 @@ rc = -1; } else if (b_filecon->type < a_filecon->type) { rc = 1; + } else { + rc = strcmp(a_filecon->path_str, b_filecon->path_str); } free(a_path); @@ -190,6 +269,10 @@ rc = -1; } else if (bportcon->port_low < aportcon->port_low) { rc = 1; + } else if (aportcon->proto < bportcon->proto) { + rc = -1; + } else if (aportcon->proto > bportcon->proto) { + rc = 1; } } @@ -369,6 +452,102 @@ return rc; } +int cil_post_filecon_context_compare(const void *a, const void *b) +{ + struct cil_filecon *a_filecon = *(struct cil_filecon**)a; + struct cil_filecon *b_filecon = *(struct cil_filecon**)b; + return context_compare(a_filecon->context, b_filecon->context); +} + +int cil_post_ibpkeycon_context_compare(const void *a, const void *b) +{ + struct cil_ibpkeycon *a_ibpkeycon = *(struct cil_ibpkeycon **)a; + struct cil_ibpkeycon *b_ibpkeycon = *(struct cil_ibpkeycon **)b; + return context_compare(a_ibpkeycon->context, b_ibpkeycon->context); +} + +int cil_post_portcon_context_compare(const void *a, const void *b) +{ + struct cil_portcon *a_portcon = *(struct cil_portcon**)a; + struct cil_portcon *b_portcon = *(struct cil_portcon**)b; + return context_compare(a_portcon->context, b_portcon->context); +} + +int cil_post_genfscon_context_compare(const void *a, const void *b) +{ + struct cil_genfscon *a_genfscon = *(struct cil_genfscon**)a; + struct cil_genfscon *b_genfscon = *(struct cil_genfscon**)b; + return context_compare(a_genfscon->context, b_genfscon->context); +} + +int cil_post_netifcon_context_compare(const void *a, const void *b) +{ + int rc; + struct cil_netifcon *a_netifcon = *(struct cil_netifcon**)a; + struct cil_netifcon *b_netifcon = *(struct cil_netifcon**)b; + rc = context_compare(a_netifcon->if_context, b_netifcon->if_context); + if (rc != 0) { + return rc; + } + return context_compare(a_netifcon->packet_context, b_netifcon->packet_context); +} + +int cil_post_ibendportcon_context_compare(const void *a, const void *b) +{ + struct cil_ibendportcon *a_ibendportcon = *(struct cil_ibendportcon **)a; + struct cil_ibendportcon *b_ibendportcon = *(struct cil_ibendportcon **)b; + return context_compare(a_ibendportcon->context, b_ibendportcon->context); +} + +int cil_post_nodecon_context_compare(const void *a, const void *b) +{ + struct cil_nodecon *a_nodecon = *(struct cil_nodecon **)a; + struct cil_nodecon *b_nodecon = *(struct cil_nodecon **)b; + return context_compare(a_nodecon->context, b_nodecon->context); +} + +int cil_post_pirqcon_context_compare(const void *a, const void *b) +{ + struct cil_pirqcon *a_pirqcon = *(struct cil_pirqcon**)a; + struct cil_pirqcon *b_pirqcon = *(struct cil_pirqcon**)b; + return context_compare(a_pirqcon->context, b_pirqcon->context); +} + +int cil_post_iomemcon_context_compare(const void *a, const void *b) +{ + struct cil_iomemcon *a_iomemcon = *(struct cil_iomemcon**)a; + struct cil_iomemcon *b_iomemcon = *(struct cil_iomemcon**)b; + return context_compare(a_iomemcon->context, b_iomemcon->context); +} + +int cil_post_ioportcon_context_compare(const void *a, const void *b) +{ + struct cil_ioportcon *a_ioportcon = *(struct cil_ioportcon**)a; + struct cil_ioportcon *b_ioportcon = *(struct cil_ioportcon**)b; + return context_compare(a_ioportcon->context, b_ioportcon->context); +} + +int cil_post_pcidevicecon_context_compare(const void *a, const void *b) +{ + struct cil_pcidevicecon *a_pcidevicecon = *(struct cil_pcidevicecon**)a; + struct cil_pcidevicecon *b_pcidevicecon = *(struct cil_pcidevicecon**)b; + return context_compare(a_pcidevicecon->context, b_pcidevicecon->context); +} + +int cil_post_devicetreecon_context_compare(const void *a, const void *b) +{ + struct cil_devicetreecon *a_devicetreecon = *(struct cil_devicetreecon**)a; + struct cil_devicetreecon *b_devicetreecon = *(struct cil_devicetreecon**)b; + return context_compare(a_devicetreecon->context, b_devicetreecon->context); +} + +int cil_post_fsuse_context_compare(const void *a, const void *b) +{ + struct cil_fsuse *a_fsuse = *(struct cil_fsuse**)a; + struct cil_fsuse *b_fsuse = *(struct cil_fsuse**)b; + return context_compare(a_fsuse->context, b_fsuse->context); +} + static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) { struct cil_db *db = extra_args; @@ -1297,6 +1476,55 @@ return CIL_TRUE; } +static void __mark_neverallow_attrs(struct cil_list *expr_list) +{ + struct cil_list_item *curr; + + cil_list_for_each(curr, expr_list) { + if (curr->flavor == CIL_DATUM) { + if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) { + struct cil_typeattribute *attr = curr->data; + if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { + __mark_neverallow_attrs(attr->expr_list); + } else { + attr->used |= CIL_ATTR_NEVERALLOW; + } + } + } else if (curr->flavor == CIL_LIST) { + __mark_neverallow_attrs(curr->data); + } + } +} + +static int __cil_post_db_neverallow_attr_helper(struct cil_tree_node *node, uint32_t *finished, __attribute__((unused)) void *extra_args) +{ + switch (node->flavor) { + case CIL_BLOCK: { + struct cil_block *blk = node->data; + if (blk->is_abstract == CIL_TRUE) { + *finished = CIL_TREE_SKIP_HEAD; + } + break; + } + case CIL_MACRO: { + *finished = CIL_TREE_SKIP_HEAD; + break; + } + case CIL_TYPEATTRIBUTE: { + struct cil_typeattribute *attr = node->data; + if ((attr->used & CIL_ATTR_NEVERALLOW) && + strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { + __mark_neverallow_attrs(attr->expr_list); + } + break; + } + default: + break; + } + + return SEPOL_OK; +} + static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) { int rc = SEPOL_ERR; @@ -1320,7 +1548,7 @@ rc = __evaluate_type_expression(attr, db); if (rc != SEPOL_OK) goto exit; } - attr->used = cil_typeattribute_used(attr, db); + attr->keep = cil_typeattribute_used(attr, db); break; } case CIL_ROLEATTRIBUTE: { @@ -2015,6 +2243,74 @@ return rc; } +static int __cil_post_report_conflict(struct cil_tree_node *node, uint32_t *finished, void *extra_args) +{ + struct cil_list_item *li = extra_args; + + if (node->flavor == CIL_BLOCK) { + struct cil_block *blk = node->data; + if (blk->is_abstract == CIL_TRUE) { + *finished = CIL_TREE_SKIP_HEAD; + } + } else if (node->flavor == CIL_MACRO) { + *finished = CIL_TREE_SKIP_HEAD; + } else if (node->flavor == li->flavor) { + if (node->data == li->data) { + char *path = cil_tree_get_cil_path(node); + cil_log(CIL_WARN, " at %s:%d\n", path, node->line); + } + } + return SEPOL_OK; +} + +static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)(const void *, const void *), int (*concompar)(const void *, const void *), struct cil_db *db, enum cil_flavor flavor, const char *flavor_str) +{ + uint32_t count = sort->count; + uint32_t i, j = 0, removed = 0; + int rc = SEPOL_OK; + + if (count < 2) { + return SEPOL_OK; + } + + qsort(sort->array, sort->count, sizeof(sort->array), compar); + + for (i=1; i<count; i++) { + if (compar(&sort->array[i], &sort->array[j]) != 0) { + j++; + } else { + removed++; + if (!db->multiple_decls || + concompar(&sort->array[i], &sort->array[j]) != 0) { + struct cil_list_item li; + int rc2; + cil_log(CIL_WARN, "Found conflicting %s rules\n", + flavor_str); + rc = SEPOL_ERR; + li.flavor = flavor; + li.data = sort->array[i]; + rc2 = cil_tree_walk(db->ast->root, + __cil_post_report_conflict, + NULL, NULL, &li); + if (rc2 != SEPOL_OK) goto exit; + li.data = sort->array[j]; + rc2 = cil_tree_walk(db->ast->root, + __cil_post_report_conflict, + NULL, NULL, &li); + if (rc2 != SEPOL_OK) goto exit; + } + } + if (i != j) { + sort->array[j] = sort->array[i]; + } + } + + sort->count = count - removed; + +exit: + return rc; +} + static int cil_post_db(struct cil_db *db) { int rc = SEPOL_ERR; @@ -2031,6 +2327,12 @@ goto exit; } + rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db); + if (rc != SEPOL_OK) { + cil_log(CIL_INFO, "Failed to mark attributes used by generated attributes used in neverallow rules\n"); + goto exit; + } + rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db); if (rc != SEPOL_OK) { cil_log(CIL_INFO, "Failed to create attribute bitmaps\n"); @@ -2061,19 +2363,77 @@ goto exit; } - qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare); - qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare); - qsort(db->ibpkeycon->array, db->ibpkeycon->count, sizeof(db->ibpkeycon->array), cil_post_ibpkeycon_compare); - qsort(db->ibendportcon->array, db->ibendportcon->count, sizeof(db->ibendportcon->array), cil_post_ibendportcon_compare); - qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare); - qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare); - qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare); - qsort(db->filecon->array, db->filecon->count, sizeof(db->filecon->array), cil_post_filecon_compare); - qsort(db->pirqcon->array, db->pirqcon->count, sizeof(db->pirqcon->array), cil_post_pirqcon_compare); - qsort(db->iomemcon->array, db->iomemcon->count, sizeof(db->iomemcon->array), cil_post_iomemcon_compare); - qsort(db->ioportcon->array, db->ioportcon->count, sizeof(db->ioportcon->array), cil_post_ioportcon_compare); - qsort(db->pcidevicecon->array, db->pcidevicecon->count, sizeof(db->pcidevicecon->array), cil_post_pcidevicecon_compare); - qsort(db->devicetreecon->array, db->devicetreecon->count, sizeof(db->devicetreecon->array), cil_post_devicetreecon_compare); + rc = __cil_post_process_context_rules(db->netifcon, cil_post_netifcon_compare, cil_post_netifcon_context_compare, db, CIL_NETIFCON, CIL_KEY_NETIFCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing netifcon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->genfscon, cil_post_genfscon_compare, cil_post_genfscon_context_compare, db, CIL_GENFSCON, CIL_KEY_GENFSCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing genfscon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->ibpkeycon, cil_post_ibpkeycon_compare, cil_post_ibpkeycon_context_compare, db, CIL_IBPKEYCON, CIL_KEY_IBPKEYCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing ibpkeycon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->ibendportcon, cil_post_ibendportcon_compare, cil_post_ibendportcon_context_compare, db, CIL_IBENDPORTCON, CIL_KEY_IBENDPORTCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing ibendportcon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->portcon, cil_post_portcon_compare, cil_post_portcon_context_compare, db, CIL_PORTCON, CIL_KEY_PORTCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing portcon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->nodecon, cil_post_nodecon_compare, cil_post_nodecon_context_compare, db, CIL_NODECON, CIL_KEY_NODECON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing nodecon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->fsuse, cil_post_fsuse_compare, cil_post_fsuse_context_compare, db, CIL_FSUSE, CIL_KEY_FSUSE); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing fsuse rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->filecon, cil_post_filecon_compare, cil_post_filecon_context_compare, db, CIL_FILECON, CIL_KEY_FILECON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing filecon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->iomemcon, cil_post_iomemcon_compare, cil_post_iomemcon_context_compare, db, CIL_IOMEMCON, CIL_KEY_IOMEMCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing iomemcon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->ioportcon, cil_post_ioportcon_compare, cil_post_ioportcon_context_compare, db, CIL_IOPORTCON, CIL_KEY_IOPORTCON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing ioportcon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->pcidevicecon, cil_post_pcidevicecon_compare, cil_post_pcidevicecon_context_compare, db, CIL_PCIDEVICECON, CIL_KEY_PCIDEVICECON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing pcidevicecon rules\n"); + goto exit; + } + + rc = __cil_post_process_context_rules(db->devicetreecon, cil_post_devicetreecon_compare, cil_post_devicetreecon_context_compare, db, CIL_DEVICETREECON, CIL_KEY_DEVICETREECON); + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Problems processing devicetreecon rules\n"); + goto exit; + } exit: return rc; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_reset_ast.c new/libsepol-2.8/cil/src/cil_reset_ast.c --- old/libsepol-2.7/cil/src/cil_reset_ast.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_reset_ast.c 2018-05-24 20:21:09.000000000 +0200 @@ -186,6 +186,7 @@ attr->expr_list = NULL; } attr->used = CIL_FALSE; + attr->keep = CIL_FALSE; } static void cil_reset_typeattributeset(struct cil_typeattributeset *tas) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_resolve_ast.c new/libsepol-2.8/cil/src/cil_resolve_ast.c --- old/libsepol-2.7/cil/src/cil_resolve_ast.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_resolve_ast.c 2018-05-24 20:21:09.000000000 +0200 @@ -269,9 +269,8 @@ return rc; } -int cil_type_used(struct cil_symtab_datum *datum, int used) +void cil_type_used(struct cil_symtab_datum *datum, int used) { - int rc = SEPOL_ERR; struct cil_typeattribute *attr = NULL; if (FLAVOR(datum) == CIL_TYPEATTRIBUTE) { @@ -279,16 +278,12 @@ attr->used |= used; if ((attr->used & CIL_ATTR_EXPAND_TRUE) && (attr->used & CIL_ATTR_EXPAND_FALSE)) { - cil_log(CIL_ERR, "Conflicting use of expandtypeattribute. " - "Expandtypeattribute may be set to true or false " - "but not both. \n"); - goto exit; + cil_log(CIL_WARN, "Conflicting use of expandtypeattribute. " + "Expandtypeattribute was set to both true or false for %s. " + "Resolving to false. \n", attr->datum.name); + attr->used &= ~CIL_ATTR_EXPAND_TRUE; } } - - return SEPOL_OK; -exit: - return rc; } int cil_resolve_permissionx(struct cil_tree_node *current, struct cil_permissionx *permx, void *extra_args) @@ -488,11 +483,7 @@ goto exit; } used = expandattr->expand ? CIL_ATTR_EXPAND_TRUE : CIL_ATTR_EXPAND_FALSE; - rc = cil_type_used(attr_datum, used); - if (rc != SEPOL_OK) { - goto exit; - } - + cil_type_used(attr_datum, used); cil_list_append(expandattr->attr_datums, CIL_TYPE, attr_datum); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_strpool.c new/libsepol-2.8/cil/src/cil_strpool.c --- old/libsepol-2.7/cil/src/cil_strpool.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_strpool.c 2018-05-24 20:21:09.000000000 +0200 @@ -119,6 +119,7 @@ if (cil_strpool_readers == 0) { hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL); hashtab_destroy(cil_strpool_tab); + cil_strpool_tab = NULL; } pthread_mutex_unlock(&cil_strpool_mutex); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/cil/src/cil_tree.c new/libsepol-2.8/cil/src/cil_tree.c --- old/libsepol-2.7/cil/src/cil_tree.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/cil/src/cil_tree.c 2018-05-24 20:21:09.000000000 +0200 @@ -339,7 +339,7 @@ int pos = 0; cil_list_for_each(curr, expr) { - if (pos > COND_EXPR_MAXDEPTH) { + if (pos >= COND_EXPR_MAXDEPTH) { rc = SEPOL_ERR; goto exit; } @@ -503,15 +503,19 @@ void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr) { char *expr_str; + int rc; cil_log(CIL_INFO, "("); if (datum_expr != NULL) { - cil_expr_to_string(datum_expr, &expr_str); + rc = cil_expr_to_string(datum_expr, &expr_str); } else { - cil_expr_to_string(str_expr, &expr_str); + rc = cil_expr_to_string(str_expr, &expr_str); + } + if (rc < 0) { + cil_log(CIL_INFO, "ERROR)"); + return; } - cil_log(CIL_INFO, "%s)", expr_str); free(expr_str); } @@ -1432,6 +1436,8 @@ cil_log(CIL_INFO, " tcp"); } else if (portcon->proto == CIL_PROTOCOL_DCCP) { cil_log(CIL_INFO, " dccp"); + } else if (portcon->proto == CIL_PROTOCOL_SCTP) { + cil_log(CIL_INFO, " sctp"); } cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/Makefile new/libsepol-2.8/include/Makefile --- old/libsepol-2.7/include/Makefile 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/Makefile 2018-05-24 20:21:09.000000000 +0200 @@ -1,17 +1,17 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -INCDIR ?= $(PREFIX)/include/sepol +PREFIX ?= /usr +INCDIR = $(PREFIX)/include/sepol CILDIR ?= ../cil all: install: all - test -d $(INCDIR) || install -m 755 -d $(INCDIR) - test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil - install -m 644 $(wildcard sepol/*.h) $(INCDIR) - install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) + install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil indent: ../../scripts/Lindent $(wildcard sepol/*.h) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/avtab.h new/libsepol-2.8/include/sepol/policydb/avtab.h --- old/libsepol-2.7/include/sepol/policydb/avtab.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/avtab.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Yuichi Nakamura <yna...@hitachisoft.jp> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/constraint.h new/libsepol-2.8/include/sepol/policydb/constraint.h --- old/libsepol-2.7/include/sepol/policydb/constraint.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/constraint.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/context.h new/libsepol-2.8/include/sepol/policydb/context.h --- old/libsepol-2.7/include/sepol/policydb/context.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/context.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/ebitmap.h new/libsepol-2.8/include/sepol/policydb/ebitmap.h --- old/libsepol-2.7/include/sepol/policydb/ebitmap.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/ebitmap.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/flask_types.h new/libsepol-2.8/include/sepol/policydb/flask_types.h --- old/libsepol-2.7/include/sepol/policydb/flask_types.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/flask_types.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,7 +1,7 @@ /* -*- linux-c -*- */ /* - * Author : Stephen Smalley, <s...@epoch.ncsc.mil> + * Author : Stephen Smalley, <s...@tycho.nsa.gov> */ #ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/hashtab.h new/libsepol-2.8/include/sepol/policydb/hashtab.h --- old/libsepol-2.7/include/sepol/policydb/hashtab.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/hashtab.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/mls_types.h new/libsepol-2.8/include/sepol/policydb/mls_types.h --- old/libsepol-2.7/include/sepol/policydb/mls_types.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/mls_types.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Trusted Computer Solutions, Inc. <dgoed...@trustedcs.com> * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/policydb.h new/libsepol-2.8/include/sepol/policydb/policydb.h --- old/libsepol-2.7/include/sepol/policydb/policydb.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/policydb.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Joshua Brindle <jbrin...@tresys.com> @@ -646,9 +646,6 @@ extern void symtabs_destroy(symtab_t * symtab); extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p); -typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d, - void *args); -extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num); extern void class_perm_node_init(class_perm_node_t * x); extern void type_set_init(type_set_t * x); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/services.h new/libsepol-2.8/include/sepol/policydb/services.h --- old/libsepol-2.7/include/sepol/policydb/services.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/services.h 2018-05-24 20:21:09.000000000 +0200 @@ -2,7 +2,7 @@ /* -*- linux-c -*- */ /* - * Author : Stephen Smalley, <s...@epoch.ncsc.mil> + * Author : Stephen Smalley, <s...@tycho.nsa.gov> */ #ifndef _SEPOL_POLICYDB_SERVICES_H_ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/sidtab.h new/libsepol-2.8/include/sepol/policydb/sidtab.h --- old/libsepol-2.7/include/sepol/policydb/sidtab.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/sidtab.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/policydb/symtab.h new/libsepol-2.8/include/sepol/policydb/symtab.h --- old/libsepol-2.7/include/sepol/policydb/symtab.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/policydb/symtab.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/include/sepol/port_record.h new/libsepol-2.8/include/sepol/port_record.h --- old/libsepol-2.7/include/sepol/port_record.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/include/sepol/port_record.h 2018-05-24 20:21:09.000000000 +0200 @@ -16,6 +16,7 @@ #define SEPOL_PROTO_UDP 0 #define SEPOL_PROTO_TCP 1 #define SEPOL_PROTO_DCCP 2 +#define SEPOL_PROTO_SCTP 3 /* Key */ extern int sepol_port_compare(const sepol_port_t * port, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/man/Makefile new/libsepol-2.8/man/Makefile --- old/libsepol-2.7/man/Makefile 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/man/Makefile 2018-05-24 20:21:09.000000000 +0200 @@ -1,12 +1,13 @@ # Installation directories. -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 -MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 +PREFIX ?= /usr +MAN8DIR ?= $(PREFIX)/share/man/man8 +MAN3DIR ?= $(PREFIX)/share/man/man3 all: install: all - mkdir -p $(MAN3DIR) - mkdir -p $(MAN8DIR) - install -m 644 man3/*.3 $(MAN3DIR) - install -m 644 man8/*.8 $(MAN8DIR) + mkdir -p $(DESTDIR)$(MAN3DIR) + mkdir -p $(DESTDIR)$(MAN8DIR) + install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR) + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/man/man3/sepol_genbools.3 new/libsepol-2.8/man/man3/sepol_genbools.3 --- old/libsepol-2.7/man/man3/sepol_genbools.3 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/man/man3/sepol_genbools.3 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "sepol_genbools" "3" "11 August 2004" "s...@epoch.ncsc.mil" "SE Linux binary policy API documentation" +.TH "sepol_genbools" "3" "11 August 2004" "s...@tycho.nsa.gov" "SE Linux binary policy API documentation" .SH "NAME" sepol_genbools \- Rewrite a binary policy with different boolean settings .SH "SYNOPSIS" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/man/man8/genpolbools.8 new/libsepol-2.8/man/man8/genpolbools.8 --- old/libsepol-2.7/man/man8/genpolbools.8 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/man/man8/genpolbools.8 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "genpolbools" "8" "11 August 2004" "s...@epoch.ncsc.mil" "SELinux Command Line documentation" +.TH "genpolbools" "8" "11 August 2004" "s...@tycho.nsa.gov" "SELinux Command Line documentation" .SH "NAME" genpolbools \- Rewrite a binary policy with different boolean settings .SH "SYNOPSIS" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/Makefile new/libsepol-2.8/src/Makefile --- old/libsepol-2.7/src/Makefile 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/Makefile 2018-05-24 20:21:09.000000000 +0200 @@ -1,10 +1,9 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include LIBDIR ?= $(PREFIX)/lib -SHLIBDIR ?= $(DESTDIR)/lib +SHLIBDIR ?= /lib RANLIB ?= ranlib -LIBBASE ?= $(shell basename $(LIBDIR)) CILDIR ?= ../cil VERSION = $(shell cat ../VERSION) @@ -52,7 +51,7 @@ ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION - sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ + sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ $(LIBMAP): $(LIBMAP).in ifneq ($(DISABLE_CIL),y) @@ -80,16 +79,16 @@ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< install: all - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) - install -m 644 $(LIBA) $(LIBDIR) - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) - install -m 755 $(LIBSO) $(SHLIBDIR) - test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) clean: -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/avtab.c new/libsepol-2.8/src/avtab.c --- old/libsepol-2.7/src/avtab.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/avtab.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Yuichi Nakamura <yna...@hitachisoft.jp> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/booleans.c new/libsepol-2.8/src/booleans.c --- old/libsepol-2.7/src/booleans.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/booleans.c 2018-05-24 20:21:09.000000000 +0200 @@ -155,6 +155,7 @@ booldatum = hashtab_search(policydb->p_bools.table, name); if (!booldatum) { *response = NULL; + free(name); return STATUS_SUCCESS; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/ebitmap.c new/libsepol-2.8/src/ebitmap.c --- old/libsepol-2.7/src/ebitmap.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/ebitmap.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/genusers.c new/libsepol-2.8/src/genusers.c --- old/libsepol-2.7/src/genusers.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/genusers.c 2018-05-24 20:21:09.000000000 +0200 @@ -201,11 +201,11 @@ if (!(*p)) BADLINE(); q = p; - while (*p && strncasecmp(p, "range", 5)) + while (*p && (!isspace(*p) || strncasecmp(p + 1, "range", 5))) p++; - if (!(*p)) + if (!(*p) || p == q) BADLINE(); - *--p = 0; + *p = 0; p++; scontext = malloc(p - q); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/hashtab.c new/libsepol-2.8/src/hashtab.c --- old/libsepol-2.7/src/hashtab.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/hashtab.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated : Karl MacMillan <kmacmil...@mentalrootkit.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/ibendport_record.c new/libsepol-2.8/src/ibendport_record.c --- old/libsepol-2.7/src/ibendport_record.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/ibendport_record.c 2018-05-24 20:21:09.000000000 +0200 @@ -32,14 +32,11 @@ int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle, char **ibdev_name) { - char *tmp_ibdev_name = NULL; + *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); - tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); - - if (!tmp_ibdev_name) + if (!*ibdev_name) goto omem; - *ibdev_name = tmp_ibdev_name; return STATUS_SUCCESS; omem: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/kernel_to_cil.c new/libsepol-2.8/src/kernel_to_cil.c --- old/libsepol-2.7/src/kernel_to_cil.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/kernel_to_cil.c 2018-05-24 20:21:09.000000000 +0200 @@ -12,6 +12,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include <sepol/policydb/avtab.h> #include <sepol/policydb/conditional.h> @@ -2631,6 +2634,7 @@ case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; case IPPROTO_DCCP: protocol = "dccp"; break; + case IPPROTO_SCTP: protocol = "sctp"; break; default: sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; @@ -2788,7 +2792,7 @@ { struct ocontext *ibpkeycon; char subnet_prefix_str[INET6_ADDRSTRLEN]; - struct in6_addr subnet_prefix = {0}; + struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; uint16_t low; uint16_t high; char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/kernel_to_common.c new/libsepol-2.8/src/kernel_to_common.c --- old/libsepol-2.7/src/kernel_to_common.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/kernel_to_common.c 2018-05-24 20:21:09.000000000 +0200 @@ -10,6 +10,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include <sepol/policydb/ebitmap.h> #include <sepol/policydb/hashtab.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/kernel_to_conf.c new/libsepol-2.8/src/kernel_to_conf.c --- old/libsepol-2.7/src/kernel_to_conf.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/kernel_to_conf.c 2018-05-24 20:21:09.000000000 +0200 @@ -11,6 +11,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include <sepol/policydb/avtab.h> #include <sepol/policydb/conditional.h> @@ -2491,6 +2494,7 @@ case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; case IPPROTO_DCCP: protocol = "dccp"; break; + case IPPROTO_SCTP: protocol = "sctp"; break; default: sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; @@ -2649,7 +2653,7 @@ { struct ocontext *ibpkeycon; char subnet_prefix_str[INET6_ADDRSTRLEN]; - struct in6_addr subnet_prefix = {0}; + struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; uint16_t low; uint16_t high; char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/libsepol.map.in new/libsepol-2.8/src/libsepol.map.in --- old/libsepol-2.7/src/libsepol.map.in 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/libsepol.map.in 2018-05-24 20:21:09.000000000 +0200 @@ -49,10 +49,13 @@ cil_set_mls; cil_set_attrs_expand_generated; cil_set_attrs_expand_size; + cil_set_multiple_decls; cil_write_policy_conf; sepol_ppfile_to_module_package; sepol_module_package_to_cil; sepol_module_policydb_to_cil; sepol_kernel_policydb_to_cil; sepol_kernel_policydb_to_conf; + sepol_polcap_getnum; + sepol_polcap_getname; } LIBSEPOL_1.0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/libsepol.pc.in new/libsepol-2.8/src/libsepol.pc.in --- old/libsepol-2.7/src/libsepol.pc.in 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/libsepol.pc.in 2018-05-24 20:21:09.000000000 +0200 @@ -1,6 +1,6 @@ prefix=@prefix@ exec_prefix=${prefix} -libdir=${exec_prefix}/@libdir@ +libdir=@libdir@ includedir=@includedir@ Name: libsepol diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/mls.c new/libsepol-2.8/src/mls.c --- old/libsepol-2.7/src/mls.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/mls.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Trusted Computer Solutions, Inc. <dgoed...@trustedcs.com> * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/mls.h new/libsepol-2.8/src/mls.h --- old/libsepol-2.7/src/mls.h 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/mls.h 2018-05-24 20:21:09.000000000 +0200 @@ -1,4 +1,4 @@ -/* Author: Stephen Smalley, <s...@epoch.ncsc.mil> +/* Author: Stephen Smalley, <s...@tycho.nsa.gov> * Updated: Trusted Computer Solutions, Inc. <dgoed...@trustedcs.com> * * Support for enhanced MLS infrastructure. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/module_to_cil.c new/libsepol-2.8/src/module_to_cil.c --- old/libsepol-2.7/src/module_to_cil.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/module_to_cil.c 2018-05-24 20:21:09.000000000 +0200 @@ -30,6 +30,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include <signal.h> #include <stdarg.h> #include <stdio.h> @@ -1914,10 +1917,12 @@ free(new_val); free(val1); free(val2); - while ((val1 = stack_pop(stack)) != NULL) { - free(val1); + if (stack != NULL) { + while ((val1 = stack_pop(stack)) != NULL) { + free(val1); + } + stack_destroy(&stack); } - stack_destroy(&stack); return rc; } @@ -2656,6 +2661,7 @@ case IPPROTO_TCP: protocol = "tcp"; break; case IPPROTO_UDP: protocol = "udp"; break; case IPPROTO_DCCP: protocol = "dccp"; break; + case IPPROTO_SCTP: protocol = "sctp"; break; default: log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; @@ -2687,7 +2693,7 @@ int rc = -1; struct ocontext *ibpkeycon; char subnet_prefix_str[INET6_ADDRSTRLEN]; - struct in6_addr subnet_prefix = {0}; + struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; uint16_t high; uint16_t low; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/policydb.c new/libsepol-2.8/src/policydb.c --- old/libsepol-2.7/src/policydb.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/policydb.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Trusted Computer Solutions, Inc. <dgoed...@trustedcs.com> @@ -1420,6 +1420,8 @@ if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || i == OCON_FSUSE) free(ctmp->u.name); + else if (i == OCON_IBENDPORT) + free(ctmp->u.ibendport.dev_name); free(ctmp); } } @@ -1571,14 +1573,6 @@ return 0; } -hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) -{ - if (sym_num < 0 || sym_num >= SYM_NUM) { - return NULL; - } - return (hashtab_destroy_func_t) destroy_f[sym_num]; -} - /* * Load the initial SIDs specified in a policy database * structure into a SID table. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/port_record.c new/libsepol-2.8/src/port_record.c --- old/libsepol-2.7/src/port_record.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/port_record.c 2018-05-24 20:21:09.000000000 +0200 @@ -186,6 +186,8 @@ return "tcp"; case SEPOL_PROTO_DCCP: return "dccp"; + case SEPOL_PROTO_SCTP: + return "sctp"; default: return "???"; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/ports.c new/libsepol-2.8/src/ports.c --- old/libsepol-2.7/src/ports.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/ports.c 2018-05-24 20:21:09.000000000 +0200 @@ -2,6 +2,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif #include <stdlib.h> #include "debug.h" @@ -21,6 +24,8 @@ return IPPROTO_UDP; case SEPOL_PROTO_DCCP: return IPPROTO_DCCP; + case SEPOL_PROTO_SCTP: + return IPPROTO_SCTP; default: ERR(handle, "unsupported protocol %u", proto); return STATUS_ERR; @@ -37,6 +42,8 @@ return SEPOL_PROTO_UDP; case IPPROTO_DCCP: return SEPOL_PROTO_DCCP; + case IPPROTO_SCTP: + return SEPOL_PROTO_SCTP; default: ERR(handle, "invalid protocol %u " "found in policy", proto); return STATUS_ERR; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/services.c new/libsepol-2.8/src/services.c --- old/libsepol-2.7/src/services.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/services.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,6 +1,6 @@ /* - * Author : Stephen Smalley, <s...@epoch.ncsc.mil> + * Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Trusted Computer Solutions, Inc. <dgoed...@trustedcs.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/sidtab.c new/libsepol-2.8/src/sidtab.c --- old/libsepol-2.7/src/sidtab.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/sidtab.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/symtab.c new/libsepol-2.8/src/symtab.c --- old/libsepol-2.7/src/symtab.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/symtab.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* FLASK */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/src/write.c new/libsepol-2.8/src/write.c --- old/libsepol-2.7/src/write.c 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/src/write.c 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ -/* Author : Stephen Smalley, <s...@epoch.ncsc.mil> */ +/* Author : Stephen Smalley, <s...@tycho.nsa.gov> */ /* * Updated: Trusted Computer Solutions, Inc. <dgoed...@trustedcs.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsepol-2.7/utils/Makefile new/libsepol-2.8/utils/Makefile --- old/libsepol-2.7/utils/Makefile 2017-08-04 15:31:00.000000000 +0200 +++ new/libsepol-2.8/utils/Makefile 2018-05-24 20:21:09.000000000 +0200 @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin CFLAGS ?= -Wall -Werror @@ -12,8 +12,8 @@ all: $(TARGETS) install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) clean: -rm -f $(TARGETS) *.o