date:20161114

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

2016-11-14 Thread Nicolas Iooss

On Tue, Nov 15, 2016 at 12:06 AM, William Roberts 
wrote:

> On Mon, Nov 14, 2016 at 3:00 PM, Nicolas Iooss 
> wrote:
> > The SWIG wrapper already includes the header files using #include (look
> at
> > the beginning of libselinux/src/selinuxswig_python.i [1] for example).
> The
> > script exception.h reads the header files (through gcc -aux-info) to
> > generate some SWIG code for almost every interface returning an integer
> > (this code converts a negative return value to the raising of a Python
> > OSError exception).
> >
> > In SWIG documentation [2] I have not found a way to automatically apply a
> > %exception block to all functions matched by the pattern "it returns an
> > integer". As you seem to believe I missed something,
>
> I don't think you did.
>
> could you please
> > explain how you would proceed here?
>
> Yeah that script is just generating a bunch of interface code, I would
> just remove that script
> and write it by hand. The only downfall is that you would have to add
> a stub if you add something
> to the header file, but I don't consider that a downside, I prefer to
> be explicit. Especially
> considering they already had to put a function in the script to skip.
> I don't think the script provides
> much value.

This kind of question is about the way maintainers want to manage the
maintenance and development of the code. I understand the need to keep
things simple, but how replacing the script with a "static file"
(selinuxswig_python_exception.i, or its integration into
selinuxswig_python.i) would keep working on the project simple or make it
more complex is something I do not know.
An alternative approach would be something like projects using autotools
do: keep the script in the git tree but package releases with
selinuxswig_python_exception.i (and semanage...exception.i) so that end
users do not have to build it.

Nicolas
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

2016-11-14 Thread William Roberts

On Mon, Nov 14, 2016 at 3:00 PM, Nicolas Iooss  wrote:
> The SWIG wrapper already includes the header files using #include (look at
> the beginning of libselinux/src/selinuxswig_python.i [1] for example). The
> script exception.h reads the header files (through gcc -aux-info) to
> generate some SWIG code for almost every interface returning an integer
> (this code converts a negative return value to the raising of a Python
> OSError exception).
>
> In SWIG documentation [2] I have not found a way to automatically apply a
> %exception block to all functions matched by the pattern "it returns an
> integer". As you seem to believe I missed something,

I don't think you did.

could you please
> explain how you would proceed here?

Yeah that script is just generating a bunch of interface code, I would
just remove that script
and write it by hand. The only downfall is that you would have to add
a stub if you add something
to the header file, but I don't consider that a downside, I prefer to
be explicit. Especially
considering they already had to put a function in the script to skip.
I don't think the script provides
much value.

>
> Nicolas
>
> [1]
> https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/selinuxswig_python.i#L11
> [2] http://www.swig.org/Doc3.0/SWIGDocumentation.html
>
>
> On Mon, Nov 14, 2016 at 11:15 PM, William Roberts 
> wrote:
>>
>> For a more long term solution, why not just give swig a header file
>> (you can ifdef on SWIG for anything to omit), or write the interface
>> file by hand. I ended up using a hybrid approach for one my projects
>> (the build system is a mess):
>>
>>
>> https://bitbucket.org/miniat/0x1-miniat/src/f84cb76ab0fbe645ee9c48d30221b29283745778/vm/src/miniat_python.i?at=master=file-view-default
>>
>>
>> On Mon, Nov 14, 2016 at 1:57 PM, Nicolas Iooss 
>> wrote:
>> > clang does not support -aux-info option. When exception.sh is run with
>> > CC=clang, use gcc to build selinuxswig_python_exception.i and
>> > semanageswig_python_exception.i.
>> >
>> > This does not solve the issue of building libselinux and libsemanage
>> > Python wrappers on a system without gcc. However parsing the result of
>> > "gcc -aux-info" is easier than parsing the header files so stay with
>> > this command at least for now.
>> >
>> > Signed-off-by: Nicolas Iooss 
>> > ---
>> >  libselinux/src/exception.sh  | 6 +-
>> >  libsemanage/src/exception.sh | 6 +-
>> >  2 files changed, 10 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh
>> > index a58bf3f45778..a3ff83235ced 100755
>> > --- a/libselinux/src/exception.sh
>> > +++ b/libselinux/src/exception.sh
>> > @@ -15,6 +15,10 @@ echo "
>> >  ;;
>> >  esac
>> >  }
>> > -${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
>> > ../include/selinux/selinux.h
>> > +if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
>> > ../include/selinux/selinux.h
>> > +then
>> > +# clang does not support -aux-info so fall back to gcc
>> > +gcc -x c -c -I../include - -aux-info temp.aux <
>> > ../include/selinux/selinux.h
>> > +fi
>> >  for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except
>> > $i ; done
>> >  rm -f -- temp.aux -.o
>> > diff --git a/libsemanage/src/exception.sh b/libsemanage/src/exception.sh
>> > index d18959cbe85d..a4095f4f8ba6 100644
>> > --- a/libsemanage/src/exception.sh
>> > +++ b/libsemanage/src/exception.sh
>> > @@ -9,6 +9,10 @@ echo "
>> >  }
>> >  "
>> >  }
>> > -${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
>> > ../include/semanage/semanage.h
>> > +if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
>> > ../include/semanage/semanage.h
>> > +then
>> > +# clang does not support -aux-info so fall back to gcc
>> > +gcc -x c -c -I../include - -aux-info temp.aux <
>> > ../include/semanage/semanage.h
>> > +fi
>> >  for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ;
>> > done
>> >  rm -f -- temp.aux -.o
>> > --
>> > 2.10.2
>> >
>> > ___
>> > Selinux mailing list
>> > Selinux@tycho.nsa.gov
>> > To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>> > To get help, send an email containing "help" to
>> > selinux-requ...@tycho.nsa.gov.
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>
>



-- 
Respectfully,

William C Roberts
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

2016-11-14 Thread Nicolas Iooss

The SWIG wrapper already includes the header files using #include (look at
the beginning of libselinux/src/selinuxswig_python.i [1] for example). The
script exception.h reads the header files (through gcc -aux-info) to
generate some SWIG code for almost every interface returning an integer
(this code converts a negative return value to the raising of a
Python OSError exception).

In SWIG documentation [2] I have not found a way to automatically apply a
%exception block to all functions matched by the pattern "it returns an
integer". As you seem to believe I missed something, could you please
explain how you would proceed here?

Nicolas

[1]
https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/selinuxswig_python.i#L11
[2] http://www.swig.org/Doc3.0/SWIGDocumentation.html

On Mon, Nov 14, 2016 at 11:15 PM, William Roberts 
wrote:

> For a more long term solution, why not just give swig a header file
> (you can ifdef on SWIG for anything to omit), or write the interface
> file by hand. I ended up using a hybrid approach for one my projects
> (the build system is a mess):
>
> https://bitbucket.org/miniat/0x1-miniat/src/f84cb76ab0fbe645ee9c48d30221b2
> 9283745778/vm/src/miniat_python.i?at=master=file-view-default
>
>
> On Mon, Nov 14, 2016 at 1:57 PM, Nicolas Iooss 
> wrote:
> > clang does not support -aux-info option. When exception.sh is run with
> > CC=clang, use gcc to build selinuxswig_python_exception.i and
> > semanageswig_python_exception.i.
> >
> > This does not solve the issue of building libselinux and libsemanage
> > Python wrappers on a system without gcc. However parsing the result of
> > "gcc -aux-info" is easier than parsing the header files so stay with
> > this command at least for now.
> >
> > Signed-off-by: Nicolas Iooss 
> > ---
> >  libselinux/src/exception.sh  | 6 +-
> >  libsemanage/src/exception.sh | 6 +-
> >  2 files changed, 10 insertions(+), 2 deletions(-)
> >
> > diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh
> > index a58bf3f45778..a3ff83235ced 100755
> > --- a/libselinux/src/exception.sh
> > +++ b/libselinux/src/exception.sh
> > @@ -15,6 +15,10 @@ echo "
> >  ;;
> >  esac
> >  }
> > -${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
> ../include/selinux/selinux.h
> > +if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
> ../include/selinux/selinux.h
> > +then
> > +# clang does not support -aux-info so fall back to gcc
> > +gcc -x c -c -I../include - -aux-info temp.aux <
> ../include/selinux/selinux.h
> > +fi
> >  for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except
> $i ; done
> >  rm -f -- temp.aux -.o
> > diff --git a/libsemanage/src/exception.sh b/libsemanage/src/exception.sh
> > index d18959cbe85d..a4095f4f8ba6 100644
> > --- a/libsemanage/src/exception.sh
> > +++ b/libsemanage/src/exception.sh
> > @@ -9,6 +9,10 @@ echo "
> >  }
> >  "
> >  }
> > -${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
> ../include/semanage/semanage.h
> > +if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux <
> ../include/semanage/semanage.h
> > +then
> > +# clang does not support -aux-info so fall back to gcc
> > +gcc -x c -c -I../include - -aux-info temp.aux <
> ../include/semanage/semanage.h
> > +fi
> >  for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
> >  rm -f -- temp.aux -.o
> > --
> > 2.10.2
> >
> > ___
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> > To get help, send an email containing "help" to
> selinux-requ...@tycho.nsa.gov.
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 4/4] selinux: Convert isec->lock into a spinlock

2016-11-14 Thread Paul Moore

On Thu, Nov 10, 2016 at 4:18 PM, Andreas Gruenbacher
 wrote:
> Convert isec->lock from a mutex into a spinlock.  Instead of holding the
> lock while sleeping in inode_doinit_with_dentry, set isec->initialized
> to LABEL_PENDING and release the lock.  Then, when the sid has been
> determined, re-acquire the lock.  If isec->initialized is still set to
> LABEL_PENDING, set isec->sid; otherwise, the sid has been set by another
> task (LABEL_INITIALIZED) or invalidated (LABEL_INVALID) in the meantime.
>
> This fixes a deadlock on gfs2 where
>
>  * one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds
>isec->lock, and tries to acquire the inode's glock, and
>
>  * another task is in do_xmote -> inode_go_inval ->
>selinux_inode_invalidate_secctx, holds the inode's glock, and tries
>to acquire isec->lock.
>
> Signed-off-by: Andreas Gruenbacher 
> ---
>  security/selinux/hooks.c  | 108 
> --
>  security/selinux/include/objsec.h |   5 +-
>  2 files changed, 72 insertions(+), 41 deletions(-)

We shouldn't need the spinlocks on the socket_post_create() and the
socket_accept() hooks as the callers should still have exclusive
access to the socket/inode at that point.

I didn't check all the callers of the inode_init_security(), but it
looks like the same idea applies.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index cf5067e..4af31f1 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -231,7 +231,7 @@ static int inode_alloc_security(struct inode *inode)
> if (!isec)
> return -ENOMEM;
>
> -   mutex_init(>lock);
> +   spin_lock_init(>lock);
> INIT_LIST_HEAD(>list);
> isec->inode = inode;
> isec->sid = SECINITSID_UNLABELED;
> @@ -1381,7 +1381,8 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
>  {
> struct superblock_security_struct *sbsec = NULL;
> struct inode_security_struct *isec = inode->i_security;
> -   u32 sid;
> +   u32 task_sid, sid = 0;
> +   u16 sclass;
> struct dentry *dentry;
>  #define INITCONTEXTLEN 255
> char *context = NULL;
> @@ -1391,7 +1392,7 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
> if (isec->initialized == LABEL_INITIALIZED)
> return 0;
>
> -   mutex_lock(>lock);
> +   spin_lock(>lock);
> if (isec->initialized == LABEL_INITIALIZED)
> goto out_unlock;
>
> @@ -1410,12 +1411,18 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
> goto out_unlock;
> }
>
> +   sclass = isec->sclass;
> +   task_sid = isec->task_sid;
> +   sid = isec->sid;
> +   isec->initialized = LABEL_PENDING;
> +   spin_unlock(>lock);
> +
> switch (sbsec->behavior) {
> case SECURITY_FS_USE_NATIVE:
> break;
> case SECURITY_FS_USE_XATTR:
> if (!(inode->i_opflags & IOP_XATTR)) {
> -   isec->sid = sbsec->def_sid;
> +   sid = sbsec->def_sid;
> break;
> }
> /* Need a dentry, since the xattr API requires one.
> @@ -1437,7 +1444,7 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
>  * inode_doinit with a dentry, before these inodes 
> could
>  * be used again by userspace.
>  */
> -   goto out_unlock;
> +   goto out;
> }
>
> len = INITCONTEXTLEN;
> @@ -1445,7 +1452,7 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
> if (!context) {
> rc = -ENOMEM;
> dput(dentry);
> -   goto out_unlock;
> +   goto out;
> }
> context[len] = '\0';
> rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, 
> context, len);
> @@ -1456,14 +1463,14 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
> rc = __vfs_getxattr(dentry, inode, 
> XATTR_NAME_SELINUX, NULL, 0);
> if (rc < 0) {
> dput(dentry);
> -   goto out_unlock;
> +   goto out;
> }
> len = rc;
> context = kmalloc(len+1, GFP_NOFS);
> if (!context) {
> rc = -ENOMEM;
> dput(dentry);
> -   goto out_unlock;
> +   goto out;
>

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

2016-11-14 Thread William Roberts

For a more long term solution, why not just give swig a header file
(you can ifdef on SWIG for anything to omit), or write the interface
file by hand. I ended up using a hybrid approach for one my projects
(the build system is a mess):

https://bitbucket.org/miniat/0x1-miniat/src/f84cb76ab0fbe645ee9c48d30221b29283745778/vm/src/miniat_python.i?at=master=file-view-default


On Mon, Nov 14, 2016 at 1:57 PM, Nicolas Iooss  wrote:
> clang does not support -aux-info option. When exception.sh is run with
> CC=clang, use gcc to build selinuxswig_python_exception.i and
> semanageswig_python_exception.i.
>
> This does not solve the issue of building libselinux and libsemanage
> Python wrappers on a system without gcc. However parsing the result of
> "gcc -aux-info" is easier than parsing the header files so stay with
> this command at least for now.
>
> Signed-off-by: Nicolas Iooss 
> ---
>  libselinux/src/exception.sh  | 6 +-
>  libsemanage/src/exception.sh | 6 +-
>  2 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh
> index a58bf3f45778..a3ff83235ced 100755
> --- a/libselinux/src/exception.sh
> +++ b/libselinux/src/exception.sh
> @@ -15,6 +15,10 @@ echo "
>  ;;
>  esac
>  }
> -${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
> ../include/selinux/selinux.h
> +if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
> ../include/selinux/selinux.h
> +then
> +# clang does not support -aux-info so fall back to gcc
> +gcc -x c -c -I../include - -aux-info temp.aux < 
> ../include/selinux/selinux.h
> +fi
>  for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except $i ; 
> done
>  rm -f -- temp.aux -.o
> diff --git a/libsemanage/src/exception.sh b/libsemanage/src/exception.sh
> index d18959cbe85d..a4095f4f8ba6 100644
> --- a/libsemanage/src/exception.sh
> +++ b/libsemanage/src/exception.sh
> @@ -9,6 +9,10 @@ echo "
>  }
>  "
>  }
> -${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
> ../include/semanage/semanage.h
> +if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
> ../include/semanage/semanage.h
> +then
> +# clang does not support -aux-info so fall back to gcc
> +gcc -x c -c -I../include - -aux-info temp.aux < 
> ../include/semanage/semanage.h
> +fi
>  for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
>  rm -f -- temp.aux -.o
> --
> 2.10.2
>
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.



-- 
Respectfully,

William C Roberts
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 2/2] libselinux, libsemanage: swig: use SWIG_fail when an error occurs

2016-11-14 Thread Nicolas Iooss

Using SWIG_fail in the Python SWIG wrappers makes the wrapping function
destroy/free the memory which could have been dynamically allocated
before calling the wrapped function. This thus prevents possible memory
leaks in the wrappers of set*con(), set*con_raw(), security_compute_*(),
etc.

Signed-off-by: Nicolas Iooss 
---
 libselinux/src/exception.sh  | 2 +-
 libsemanage/src/exception.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh
index a3ff83235ced..d6c8c71713ad 100755
--- a/libselinux/src/exception.sh
+++ b/libselinux/src/exception.sh
@@ -8,7 +8,7 @@ echo "
   \$action 
   if (result < 0) {
  PyErr_SetFromErrno(PyExc_OSError);
- return NULL;
+ SWIG_fail;
   }
 }
 "
diff --git a/libsemanage/src/exception.sh b/libsemanage/src/exception.sh
index a4095f4f8ba6..97bc2ae879f2 100644
--- a/libsemanage/src/exception.sh
+++ b/libsemanage/src/exception.sh
@@ -4,7 +4,7 @@ echo "
   \$action
   if (result < 0) {
  PyErr_SetFromErrno(PyExc_OSError);
- return NULL;
+ SWIG_fail;
   }
 }
 "
-- 
2.10.2

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 1/2] libselinux,libsemanage: fall back to gcc in exception.sh

2016-11-14 Thread Nicolas Iooss

clang does not support -aux-info option. When exception.sh is run with
CC=clang, use gcc to build selinuxswig_python_exception.i and
semanageswig_python_exception.i.

This does not solve the issue of building libselinux and libsemanage
Python wrappers on a system without gcc. However parsing the result of
"gcc -aux-info" is easier than parsing the header files so stay with
this command at least for now.

Signed-off-by: Nicolas Iooss 
---
 libselinux/src/exception.sh  | 6 +-
 libsemanage/src/exception.sh | 6 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh
index a58bf3f45778..a3ff83235ced 100755
--- a/libselinux/src/exception.sh
+++ b/libselinux/src/exception.sh
@@ -15,6 +15,10 @@ echo "
 ;;
 esac
 }
-${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
../include/selinux/selinux.h
+if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
../include/selinux/selinux.h
+then
+# clang does not support -aux-info so fall back to gcc
+gcc -x c -c -I../include - -aux-info temp.aux < 
../include/selinux/selinux.h
+fi
 for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except $i ; 
done 
 rm -f -- temp.aux -.o
diff --git a/libsemanage/src/exception.sh b/libsemanage/src/exception.sh
index d18959cbe85d..a4095f4f8ba6 100644
--- a/libsemanage/src/exception.sh
+++ b/libsemanage/src/exception.sh
@@ -9,6 +9,10 @@ echo "
 }
 "
 }
-${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
../include/semanage/semanage.h
+if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < 
../include/semanage/semanage.h
+then
+# clang does not support -aux-info so fall back to gcc
+gcc -x c -c -I../include - -aux-info temp.aux < 
../include/semanage/semanage.h
+fi
 for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
 rm -f -- temp.aux -.o
-- 
2.10.2

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 1/1] secilc: do not build secilc man page if it is up to date

2016-11-14 Thread Nicolas Iooss

When running "make all" several times in the root directory of the
project, the following lines always appear (and the command takes some
seconds to complete on my system with a slow hard drive):

xmlto man secilc.8.xml
Note: Writing secilc.8

This is because "make man" always builds secilc.8 even though
secilc.8.xml has not been modified. Introduce an intermediate target to
avoid this behavior.

Signed-off-by: Nicolas Iooss 
---
 secilc/Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/secilc/Makefile b/secilc/Makefile
index 9bea186ba0b9..40254ce44caf 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -25,7 +25,9 @@ $(SECILC): $(SECILC_OBJS)
 test: $(SECILC)
./$(SECILC) test/policy.cil
 
-man: $(MANPAGE).xml
+man: $(MANPAGE)
+
+$(MANPAGE): $(MANPAGE).xml
$(XMLTO) man $(MANPAGE).xml
 
 install: all man
-- 
2.10.2

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 4/4] libselinux,libsemanage: link Python wrapper with Python

2016-11-14 Thread Nicolas Iooss

When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Python wrapper module needs to be
linked with the right libpython.so. This library is found using
pkg-config in a new PYLIBS variable.

Signed-off-by: Nicolas Iooss 
---
 libselinux/src/Makefile  | 5 +++--
 libsemanage/src/Makefile | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 82a1010af2d8..928cc049cedb 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -13,6 +13,7 @@ LIBDIR ?= $(PREFIX)/lib
 SHLIBDIR ?= $(DESTDIR)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
+PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
 PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; 
print(site.getsitepackages()[0])')
 RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] 
+ " -I" + RbConfig::CONFIG["rubyhdrdir"]')
 RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " 
-lruby"')
@@ -131,7 +132,7 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(SWIGSO): $(SWIGLOBJ)
-   $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
+   $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) $(PYLIBS) 
-L$(LIBDIR)
 
 $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
$(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) $(RUBYLIBS) 
-L$(LIBDIR)
@@ -154,7 +155,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ 
$<
 
 $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
-   $(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBSEPOLA) 
-L$(LIBDIR)
+   $(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBSEPOLA) 
$(PYLIBS) -L$(LIBDIR)
 
 %.o:  %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index 5c7bc6c6ea65..5176582f654d 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -13,6 +13,7 @@ LIBDIR ?= $(PREFIX)/lib
 SHLIBDIR ?= $(DESTDIR)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
+PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
 PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; 
print(site.getsitepackages()[0])')
 RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] 
+ " -I" + RbConfig::CONFIG["rubyhdrdir"]')
 RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " 
-lruby"')
@@ -79,7 +80,7 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
 
 $(SWIGSO): $(SWIGLOBJ)
-   $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR)
+   $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage $(PYLIBS) 
-L$(LIBDIR)
 
 $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage $(RUBYLIBS) 
-L$(LIBDIR)
-- 
2.10.2

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 1/4] libselinux,libsemanage: use Ruby to define RUBYINC

2016-11-14 Thread Nicolas Iooss

This makes building libselinux and libsemanage  more robust on systems
with several versions of Ruby installed: when building, only RUBY needs
to be set, without wondering about PKG_CONFIG_PATH or other environment
variables.

Using RbConfig::CONFIG["rubyarchhdrdir"] only works with Ruby >= 2.0 but
since previous Ruby versions are retired since 2015-02-23 this should
not have any impact
(https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/).

While at it, in libsemanage, use RbConfig::CONFIG["vendorarchdir"] to
install the Ruby extension, like commit 1cd80faa53b6 ("libselinux:
versioned ruby pkg-config and query vendorarchdir properly") did for
libselinux.

My main motivation with this patch is to make the build configuration
easier to define on Travis-CI or other continuous integration platforms.

Signed-off-by: Nicolas Iooss 
---
 libselinux/src/Makefile  | 3 +--
 libsemanage/src/Makefile | 6 ++
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 76efe49586c0..4fe1f7002181 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -14,8 +14,7 @@ SHLIBDIR ?= $(DESTDIR)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
 PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; 
print(site.getsitepackages()[0])')
-RUBYLIBVER ?= $(shell $(RUBY) -e 'print 
RUBY_VERSION.split(".")[0..1].join(".")')
-RUBYINC ?= $(shell $(PKG_CONFIG) --exists ruby-$(RUBYLIBVER) && $(PKG_CONFIG) 
--cflags ruby-$(RUBYLIBVER) || $(PKG_CONFIG) --cflags ruby)
+RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] 
+ " -I" + RbConfig::CONFIG["rubyhdrdir"]')
 RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts 
RbConfig::CONFIG["vendorarchdir"]')
 LIBBASE ?= $(shell basename $(LIBDIR))
 LIBSEPOLA ?= $(LIBDIR)/libsepol.a
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index cd29a8abf5ab..c646f274cbc1 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -15,10 +15,8 @@ INCLUDEDIR ?= $(PREFIX)/include
 PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % 
sys.version_info[0:2])')
 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
 PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-RUBYLIBVER ?= $(shell $(RUBY) -e 'print 
RUBY_VERSION.split(".")[0..1].join(".")')
-RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
-RUBYINC ?= $(shell $(PKG_CONFIG) --cflags ruby-$(RUBYLIBVER))
-RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] 
+ " -I" + RbConfig::CONFIG["rubyhdrdir"]')
+RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts 
RbConfig::CONFIG["vendorarchdir"]')
 
 LIBBASE=$(shell basename $(LIBDIR))
 
-- 
2.10.2

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 3/4] selinux: Clean up initialization of isec->sclass

2016-11-14 Thread Paul Moore

On Thu, Nov 10, 2016 at 4:18 PM, Andreas Gruenbacher
 wrote:
> Now that isec->initialized == LABEL_INITIALIZED implies that
> isec->sclass is valid, skip such inodes immediately in
> inode_doinit_with_dentry.
>
> For the remaining inodes, initialize isec->sclass at the beginning of
> inode_doinit_with_dentry to simplify the code.
>
> Signed-off-by: Andreas Gruenbacher 
> ---
>  security/selinux/hooks.c | 10 --
>  1 file changed, 4 insertions(+), 6 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index e4527d9..cf5067e 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1389,12 +1389,15 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
> int rc = 0;
>
> if (isec->initialized == LABEL_INITIALIZED)
> -   goto out;
> +   return 0;
>
> mutex_lock(>lock);
> if (isec->initialized == LABEL_INITIALIZED)
> goto out_unlock;
>
> +   if (isec->sclass == SECCLASS_FILE)
> +   isec->sclass = inode_mode_to_security_class(inode->i_mode);
> +
> sbsec = inode->i_sb->s_security;
> if (!(sbsec->flags & SE_SBINITIALIZED)) {
> /* Defer initialization until selinux_complete_init,
> @@ -1512,7 +1515,6 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
> isec->sid = sbsec->sid;
>
> /* Try to obtain a transition SID. */
> -   isec->sclass = inode_mode_to_security_class(inode->i_mode);
> rc = security_transition_sid(isec->task_sid, sbsec->sid,
>  isec->sclass, NULL, );
> if (rc)
> @@ -1548,7 +1550,6 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
>  */
> if (!dentry)
> goto out_unlock;
> -   isec->sclass = 
> inode_mode_to_security_class(inode->i_mode);
> rc = selinux_genfs_get_sid(dentry, isec->sclass,
>sbsec->flags, );
> dput(dentry);
> @@ -1563,9 +1564,6 @@ static int inode_doinit_with_dentry(struct inode 
> *inode, struct dentry *opt_dent
>
>  out_unlock:
> mutex_unlock(>lock);
> -out:
> -   if (isec->sclass == SECCLASS_FILE)
> -   isec->sclass = inode_mode_to_security_class(inode->i_mode);
> return rc;
>  }
>
> --
> 2.7.4
>



-- 
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] libselinux: fix subdir build and usage of cmdline CFLAGS

2016-11-14 Thread Jason Zaman

On Mon, Nov 14, 2016 at 06:31:09PM +, Roberts, William C wrote:
> 
> 
> > -Original Message-
> > From: Stephen Smalley [mailto:s...@tycho.nsa.gov]
> > Sent: Monday, November 14, 2016 10:12 AM
> > To: selinux@tycho.nsa.gov
> > Cc: Roberts, William C ; Stephen Smalley
> > 
> > Subject: [PATCH] libselinux: fix subdir build and usage of cmdline CFLAGS
> > 
> > commit 16c123f4b1f3c8d20b3f597df161d7e635620923 ("libselinux:
> > support ANDROID_HOST=1 on Mac") broke the ability to run make in the src
> > subdirectory of libselinux (because OS and COMPILER were not defined) and 
> > also
> > caused some warning flags that could be overridden via command-line CFLAGS 
> > to
> > be mandatory.  Fix it.
> 
> Ack.
> 
> It would be nice if we could avoid the duplication running repent throughout 
> these make files,
> maybe include a file that has the definitions/callable functions for all of 
> this stuff?

I just noticed some weirdness in a bunch of the makefiles too. Some of
the variables randomly default to different things depending on the
package. including a base makefile would be nice but the problem is when
packaged up they are separate tarballs.

We'd probably need to unify everything and duplicate it in each of the
subdirs and then the release script should diff them and make sure there
are no discrepancies before release.
> 
> > 
> > Signed-off-by: Stephen Smalley 
> > ---
> >  libselinux/src/Makefile   | 12 ++--
> >  libselinux/utils/Makefile | 10 +-
> >  2 files changed, 19 insertions(+), 3 deletions(-)
> > 
> > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index
> > 24946ce..76efe49 100644
> > --- a/libselinux/src/Makefile
> > +++ b/libselinux/src/Makefile
> > @@ -23,6 +23,14 @@ LIBSEPOLA ?= $(LIBDIR)/libsepol.a  VERSION = $(shell cat
> > ../VERSION)  LIBVERSION = 1
> > 
> > +OS ?= $(shell uname)
> > +
> > +ifeq ($(shell $(CC) -v 2>&1 | grep "clang"),) COMPILER ?= gcc else
> > +COMPILER ?= clang endif
> > +
> >  LIBA=libselinux.a
> >  TARGET=libselinux.so
> >  LIBPC=libselinux.pc
> > @@ -67,12 +75,12 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-
> > security -Winit-self -Wmissi  LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-
> > z,relro
> > 
> >  ifeq ($(COMPILER), gcc)
> > -override CFLAGS += -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -
> > Wsync-nand \
> > +CFLAGS += -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat
> > +-Wsync-nand \
> > -Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -
> > Wsuggest-attribute=const \
> > -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines
> > -Wjump-misses-init \
> > -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-
> > D_FORTIFY_SOURCE=2  else -override CFLAGS += -Wunused-command-line-
> > argument
> > +CFLAGS += -Wunused-command-line-argument
> >  endif
> > 
> >  ifeq ($(OS), Darwin)
> > diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile index
> > a4f9903..7744184 100644
> > --- a/libselinux/utils/Makefile
> > +++ b/libselinux/utils/Makefile
> > @@ -5,6 +5,14 @@ USRBINDIR ?= $(PREFIX)/sbin  SBINDIR ?= $(DESTDIR)/sbin
> > INCLUDEDIR ?= $(PREFIX)/include
> > 
> > +OS ?= $(shell uname)
> > +
> > +ifeq ($(shell $(CC) -v 2>&1 | grep "clang"),) COMPILER ?= gcc else
> > +COMPILER ?= clang endif
> > +
> >  MAX_STACK_SIZE=8192
> >  CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -
> > Wmissing-include-dirs \
> >-Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-
> > arith \ @@ -26,7 +34,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -
> > Wformat-security -Winit-self -Wmissi  LD_SONAME_FLAGS=-soname,$(LIBSO),-
> > z,defs,-z,relro
> > 
> >  ifeq ($(COMPILER), gcc)
> > -override CFLAGS += -fipa-pure-const -Wpacked-bitfield-compat -Wsync-nand -
> > Wcoverage-mismatch \
> > +CFLAGS += -fipa-pure-const -Wpacked-bitfield-compat -Wsync-nand
> > +-Wcoverage-mismatch \
> > -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-
> > attribute=const \
> > -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines
> > -Wjump-misses-init \
> > -Wno-suggest-attribute=pure -Wno-suggest-attribute=const
> > --
> > 2.7.4
> 
> 
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 2/4] proc: Pass file mode to proc_pid_make_inode

2016-11-14 Thread Paul Moore

On Thu, Nov 10, 2016 at 4:18 PM, Andreas Gruenbacher
 wrote:
> Pass the file mode of the proc inode to be created to
> proc_pid_make_inode.  In proc_pid_make_inode, initialize inode->i_mode
> before calling security_task_to_inode.  This allows selinux to set
> isec->sclass right away without introducing "half-initialized" inode
> security structs.
>
> Signed-off-by: Andreas Gruenbacher 
> ---
>  fs/proc/base.c   | 23 +--
>  fs/proc/fd.c |  6 ++
>  fs/proc/internal.h   |  2 +-
>  fs/proc/namespaces.c |  3 +--
>  security/selinux/hooks.c |  1 +
>  5 files changed, 14 insertions(+), 21 deletions(-)

Seems reasonable, merged.

> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index ca651ac..6eae4d0 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -1664,7 +1664,8 @@ const struct inode_operations 
> proc_pid_link_inode_operations = {
>
>  /* building an inode */
>
> -struct inode *proc_pid_make_inode(struct super_block * sb, struct 
> task_struct *task)
> +struct inode *proc_pid_make_inode(struct super_block * sb,
> + struct task_struct *task, umode_t mode)
>  {
> struct inode * inode;
> struct proc_inode *ei;
> @@ -1678,6 +1679,7 @@ struct inode *proc_pid_make_inode(struct super_block * 
> sb, struct task_struct *t
>
> /* Common stuff */
> ei = PROC_I(inode);
> +   inode->i_mode = mode;
> inode->i_ino = get_next_ino();
> inode->i_mtime = inode->i_atime = inode->i_ctime = 
> current_time(inode);
> inode->i_op = _def_inode_operations;
> @@ -2004,7 +2006,9 @@ proc_map_files_instantiate(struct inode *dir, struct 
> dentry *dentry,
> struct proc_inode *ei;
> struct inode *inode;
>
> -   inode = proc_pid_make_inode(dir->i_sb, task);
> +   inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK |
> +   ((mode & FMODE_READ ) ? S_IRUSR : 0) |
> +   ((mode & FMODE_WRITE) ? S_IWUSR : 0));
> if (!inode)
> return -ENOENT;
>
> @@ -2013,12 +2017,6 @@ proc_map_files_instantiate(struct inode *dir, struct 
> dentry *dentry,
>
> inode->i_op = _map_files_link_inode_operations;
> inode->i_size = 64;
> -   inode->i_mode = S_IFLNK;
> -
> -   if (mode & FMODE_READ)
> -   inode->i_mode |= S_IRUSR;
> -   if (mode & FMODE_WRITE)
> -   inode->i_mode |= S_IWUSR;
>
> d_set_d_op(dentry, _map_files_dentry_operations);
> d_add(dentry, inode);
> @@ -2372,12 +2370,11 @@ static int proc_pident_instantiate(struct inode *dir,
> struct inode *inode;
> struct proc_inode *ei;
>
> -   inode = proc_pid_make_inode(dir->i_sb, task);
> +   inode = proc_pid_make_inode(dir->i_sb, task, p->mode);
> if (!inode)
> goto out;
>
> ei = PROC_I(inode);
> -   inode->i_mode = p->mode;
> if (S_ISDIR(inode->i_mode))
> set_nlink(inode, 2);/* Use getattr to fix if necessary */
> if (p->iop)
> @@ -3059,11 +3056,10 @@ static int proc_pid_instantiate(struct inode *dir,
>  {
> struct inode *inode;
>
> -   inode = proc_pid_make_inode(dir->i_sb, task);
> +   inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | 
> S_IXUGO);
> if (!inode)
> goto out;
>
> -   inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
> inode->i_op = _tgid_base_inode_operations;
> inode->i_fop = _tgid_base_operations;
> inode->i_flags|=S_IMMUTABLE;
> @@ -3352,11 +3348,10 @@ static int proc_task_instantiate(struct inode *dir,
> struct dentry *dentry, struct task_struct *task, const void *ptr)
>  {
> struct inode *inode;
> -   inode = proc_pid_make_inode(dir->i_sb, task);
> +   inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | 
> S_IXUGO);
>
> if (!inode)
> goto out;
> -   inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
> inode->i_op = _tid_base_inode_operations;
> inode->i_fop = _tid_base_operations;
> inode->i_flags|=S_IMMUTABLE;
> diff --git a/fs/proc/fd.c b/fs/proc/fd.c
> index d21dafe..4274f83 100644
> --- a/fs/proc/fd.c
> +++ b/fs/proc/fd.c
> @@ -183,14 +183,13 @@ proc_fd_instantiate(struct inode *dir, struct dentry 
> *dentry,
> struct proc_inode *ei;
> struct inode *inode;
>
> -   inode = proc_pid_make_inode(dir->i_sb, task);
> +   inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK);
> if (!inode)
> goto out;
>
> ei = PROC_I(inode);
> ei->fd = fd;
>
> -   inode->i_mode = S_IFLNK;
> inode->i_op = _pid_link_inode_operations;
> inode->i_size = 64;
>
> @@ -322,14 +321,13 @@ proc_fdinfo_instantiate(struct inode *dir, struct 
> dentry *dentry,
> struct proc_inode *ei;
> struct inode *inode;
>
> -

Re: [RFC] Split up policycoreutils

2016-11-14 Thread Jason Zaman

On Tue, Nov 08, 2016 at 02:42:31PM -0500, Stephen Smalley wrote:
> On 10/31/2016 02:05 PM, Stephen Smalley wrote:
> > On 10/21/2016 01:47 PM, Stephen Smalley wrote:
> >> Hi,
> >>
> >> policycoreutils started life as a small set of utilities that were
> >> necessary or at least widely used in production on a SELinux system.
> >> Over time though it has grown to include many optional components, and
> >> even within a given subdirectory (e.g. sepolicy) there seem to be a
> >> number of components that should be optional (e.g. the dbus service).
> >> I'd like to propose that we move a number of components out of
> >> policycoreutils into their own top-level subdirectory (possibly grouping
> >> some of the related ones together).
> >>
> >> Some possible components to move and the rationale for doing so include:
> >>
> >> - gui: not required for operation.  Unsure if this is even used outside
> >> of Fedora, or how widely it is used within Fedora compared to the
> >> command line tools. Packaged separately by Fedora as part of
> >> policycoreutils-gui.
> >>
> >> - mcstrans: not required for operation outside of MLS environments (and
> >> even there, only if using that label encoding functionality), not built
> >> by default even upstream (omitted from policycoreutils/Makefile).
> >> Packaged separately in Fedora as mcstrans.
> >>
> >> - restorecond: not required for operation, adds dbus and glib
> >> dependencies, largely obsoleted by name-based type transition support in
> >> the kernel.  Packaged separately in Fedora as policycoreutils-restorecond.
> >>
> >> - sandbox: not required for basic operation of SELinux.  Packaged
> >> separately by Fedora as policycoreutils-sandbox.
> >>  restorecond
> >> - semodule_deps/expand/link: developer tools only, not required for
> >> operation, unlike semodule.  Packaged separately by Fedora as part of
> >> policycoreutils-devel.
> >>
> >> - sepolicy/{org.selinux*,selinux_client.py,selinux_server.py}: D-BUS
> >> service for managing SELinux, not required for basic operation, not
> >> desirable in high security environments. Packaged separately by Fedora
> >> as part of policycoreutils-gui.  Could perhaps be combined with the gui
> >> above, although I think they are logically distinct.
> >>
> >> We could of course go further, but those seem to be the most obvious
> >> candidates.
> >>
> >> Thoughts?
> > 
> > For discussion purposes, I've pushed a splitpolicycoreutils branch that
> > moves the above components and others identified in the discussion
> > thread, and makes it easy to omit the non-core components from the
> > build.  Take a look and see what you think.  Known issues:
> > 
> > - I did not deal with splitting the policycoreutils/po files and moving
> > them around.  Not sure what the best way to handle that is.
> > 
> > - python/sepolicy likely needs further rearrangement. I am unclear on
> > the purpose/use of the desktop file and pixmaps; if those are only for
> > the gui, then they can be moved to gui/, but I don't understand why they
> > are called sepolicy* or located here.  Also, should
> > python/sepolicy/sepolicy/sedbus.py be moved over to dbus/ or stay here?
> > Dan?
> > 
> > - dbus/selinux_client.py (formerly
> > policycoreutils/sepolicy/selinux_client.py) seems like leftover testing
> > cruft.  Remove?
> > 
> > - restorecond presently reuses source code directly from setfiles, so
> > building it as a separate package may be a nuisance.  OTOH, I'm not
> > entirely clear on whether restorecond needs to be kept around at all
> > anymore?
> > 
> > - policycoreutils/sepolgen-ifgen contains a single C program,
> > sepolgen-ifgen-attr-helper, that is only used by
> > python/audit2allow/sepolgen-ifgen.  Any reason to not just coalesce it
> > into python/audit2allow even though it is not python itself?
> > 
> > - After the restructuring, the only script left in policycoreutils is
> > fixfiles.  Technically, that's not required for production either as one
> > can always just run setfiles or restorecon directly, but distros seem to
> > rely on it.  Is it worth moving just to free policycoreutils of any bash
> > dependencies, and if so, where?
> > 
> > - I moved policycoreutils/semodule_{deps,expand,link} into a new
> > semodule-utils directory.  This might however be slightly confusing
> > since semodule and semodule_package remain in policycoreutils since they
> > are required and not merely for developers.  Feel free to suggest
> > another name or structure.  Actually, I guess semodule_package might be
> > optional now with CIL, so perhaps that one can be moved too.
> 
> I've made further changes on the splitpolicycoreutils branch based on
> the discussion (as well as rebasing it on latest master).  This is a
> call for final comments or objections before merging it to master.  With
> the current branch, we will have the following source tar files in a
> release:
> 
> Unchanged:
> * libsepol
> * libselinux
> * libsemanage
> * checkpolicy
> * secilc
> 
>

RE: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug

2016-11-14 Thread Roberts, William C



> -Original Message-
> From: Selinux [mailto:selinux-boun...@tycho.nsa.gov] On Behalf Of Roberts,
> William C
> Sent: Monday, November 14, 2016 10:44 AM
> To: Stephen Smalley ; selinux@tycho.nsa.gov
> Subject: RE: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug
> 
> 
> 
> > -Original Message-
> > From: Selinux [mailto:selinux-boun...@tycho.nsa.gov] On Behalf Of
> > Stephen Smalley
> > Sent: Monday, November 14, 2016 9:48 AM
> > To: selinux@tycho.nsa.gov
> > Cc: Stephen Smalley 
> > Subject: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug
> >
> > The combining logic for dontaudit rules was wrong, causing a dontaudit
> > A B:C *; rule to be clobbered by a dontaudit A B:C p; rule.
> >
> > Reported-by: Nick Kralevich 
> > Signed-off-by: Stephen Smalley 
> > ---
> >  libsepol/src/expand.c | 16 
> >  1 file changed, 12 insertions(+), 4 deletions(-)
> >
> > diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index
> > 004a029..d7adbf8
> > 100644
> > --- a/libsepol/src/expand.c
> > +++ b/libsepol/src/expand.c
> > @@ -1604,7 +1604,8 @@ static int expand_range_trans(expand_state_t *
> > state, static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
> >avtab_t * avtab, avtab_key_t * key,
> >cond_av_list_t ** cond,
> > -  av_extended_perms_t *xperms)
> > +  av_extended_perms_t *xperms,
> > +  char *alloced)
> >  {
> > avtab_ptr_t node;
> > avtab_datum_t avdatum;
> > @@ -1658,6 +1659,11 @@ static avtab_ptr_t
> > find_avtab_node(sepol_handle_t * handle,
> > nl->next = *cond;
> > *cond = nl;
> > }
> > +   if (alloced)
> > +   *alloced = 1;
> > +   } else {
> > +   if (alloced)
> > +   *alloced = 0;
> > }
> >
> > return node;
> > @@ -1750,7 +1756,7 @@ static int expand_terule_helper(sepol_handle_t *
> > handle,
> > return EXPAND_RULE_CONFLICT;
> > }
> >
> > -   node = find_avtab_node(handle, avtab, , cond, NULL);
> > +   node = find_avtab_node(handle, avtab, , cond, NULL,
> > NULL);
> > if (!node)
> > return -1;
> > if (enabled) {
> > @@ -1790,6 +1796,7 @@ static int expand_avrule_helper(sepol_handle_t *
> > handle,
> > class_perm_node_t *cur;
> > uint32_t spec = 0;
> > unsigned int i;
> > +   char alloced;
> >
> > if (specified & AVRULE_ALLOWED) {
> > spec = AVTAB_ALLOWED;
> > @@ -1824,7 +1831,8 @@ static int expand_avrule_helper(sepol_handle_t *
> > handle,
> > avkey.target_class = cur->tclass;
> > avkey.specified = spec;
> >
> > -   node = find_avtab_node(handle, avtab, , cond,
> > extended_perms);
> > +   node = find_avtab_node(handle, avtab, , cond,
> > +  extended_perms, );
> > if (!node)
> > return EXPAND_RULE_ERROR;
> > if (enabled) {
> > @@ -1850,7 +1858,7 @@ static int expand_avrule_helper(sepol_handle_t *
> > handle,
> >  */
> > avdatump->data &= cur->data;
> > } else if (specified & AVRULE_DONTAUDIT) {
> > -   if (avdatump->data)
> > +   if (!alloced)
> > avdatump->data &= ~cur->data;
> > else
> > avdatump->data = ~cur->data;
> 
> This seems awkward to me. If the insertion created a new empty node why
> wouldn't !avdump->data be true (note the addition of the not operator)?

I misstated that a bit, but the !avdump->data was the else case. I am really
saying why didn't this work before? In my mind, we don't care if its allocated
we care if it's set or not.

> 
> Or perhaps a mechanism to actual set the data on allocation, this way the 
> logic is
> Just &=.
> 
> > --
> > 2.7.4
> >
> > ___
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> > To get help, send an email containing "help" to 
> > selinux-requ...@tycho.nsa.gov.
> 
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

RE: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug

2016-11-14 Thread Roberts, William C



> -Original Message-
> From: Selinux [mailto:selinux-boun...@tycho.nsa.gov] On Behalf Of Stephen
> Smalley
> Sent: Monday, November 14, 2016 9:48 AM
> To: selinux@tycho.nsa.gov
> Cc: Stephen Smalley 
> Subject: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug
> 
> The combining logic for dontaudit rules was wrong, causing a dontaudit A B:C 
> *;
> rule to be clobbered by a dontaudit A B:C p; rule.
> 
> Reported-by: Nick Kralevich 
> Signed-off-by: Stephen Smalley 
> ---
>  libsepol/src/expand.c | 16 
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 
> 004a029..d7adbf8
> 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -1604,7 +1604,8 @@ static int expand_range_trans(expand_state_t * state,
> static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
>  avtab_t * avtab, avtab_key_t * key,
>  cond_av_list_t ** cond,
> -av_extended_perms_t *xperms)
> +av_extended_perms_t *xperms,
> +char *alloced)
>  {
>   avtab_ptr_t node;
>   avtab_datum_t avdatum;
> @@ -1658,6 +1659,11 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t *
> handle,
>   nl->next = *cond;
>   *cond = nl;
>   }
> + if (alloced)
> + *alloced = 1;
> + } else {
> + if (alloced)
> + *alloced = 0;
>   }
> 
>   return node;
> @@ -1750,7 +1756,7 @@ static int expand_terule_helper(sepol_handle_t *
> handle,
>   return EXPAND_RULE_CONFLICT;
>   }
> 
> - node = find_avtab_node(handle, avtab, , cond, NULL);
> + node = find_avtab_node(handle, avtab, , cond, NULL,
> NULL);
>   if (!node)
>   return -1;
>   if (enabled) {
> @@ -1790,6 +1796,7 @@ static int expand_avrule_helper(sepol_handle_t *
> handle,
>   class_perm_node_t *cur;
>   uint32_t spec = 0;
>   unsigned int i;
> + char alloced;
> 
>   if (specified & AVRULE_ALLOWED) {
>   spec = AVTAB_ALLOWED;
> @@ -1824,7 +1831,8 @@ static int expand_avrule_helper(sepol_handle_t *
> handle,
>   avkey.target_class = cur->tclass;
>   avkey.specified = spec;
> 
> - node = find_avtab_node(handle, avtab, , cond,
> extended_perms);
> + node = find_avtab_node(handle, avtab, , cond,
> +extended_perms, );
>   if (!node)
>   return EXPAND_RULE_ERROR;
>   if (enabled) {
> @@ -1850,7 +1858,7 @@ static int expand_avrule_helper(sepol_handle_t *
> handle,
>*/
>   avdatump->data &= cur->data;
>   } else if (specified & AVRULE_DONTAUDIT) {
> - if (avdatump->data)
> + if (!alloced)
>   avdatump->data &= ~cur->data;
>   else
>   avdatump->data = ~cur->data;

This seems awkward to me. If the insertion created a new empty node
why wouldn't !avdump->data be true (note the addition of the not operator)?

Or perhaps a mechanism to actual set the data on allocation, this way the logic 
is
Just &=.

> --
> 2.7.4
> 
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 1/1] libsemanage: semanage_seuser_key_create: copy name

2016-11-14 Thread Stephen Smalley

On 11/12/2016 07:05 AM, Nicolas Iooss wrote:
> When removing a login using semanage with Python 3 the following error
> occurs:
> 
> # semanage login -l | grep my_user
> my_user   user_u
> 
> # semanage login --delete my_user
> ValueError: Login mapping for my_user is not defined
> 
> This is due to a use-after-free in the swig-generated code for python3
> bindings.
> 
> Copy the user name in semanage_seuser_key_create() and free it in
> semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol:
> sepol_{bool|iface|user}_key_create: copy name") did.

Thanks, applied.

> 
> Signed-off-by: Nicolas Iooss 
> ---
>  libsemanage/src/seuser_record.c | 11 ---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c
> index 8823b1ed1c7b..1ed459486228 100644
> --- a/libsemanage/src/seuser_record.c
> +++ b/libsemanage/src/seuser_record.c
> @@ -33,7 +33,7 @@ struct semanage_seuser {
>  
>  struct semanage_seuser_key {
>   /* This user's name */
> - const char *name;
> + char *name;
>  };
>  
>  int semanage_seuser_key_create(semanage_handle_t * handle,
> @@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle,
>   ERR(handle, "out of memory, could not create seuser key");
>   return STATUS_ERR;
>   }
> - tmp_key->name = name;
> + tmp_key->name = strdup(name);
> + if (!tmp_key->name) {
> + ERR(handle, "out of memory, could not create seuser key");
> + free(tmp_key);
> + return STATUS_ERR;
> + }
>  
>   *key_ptr = tmp_key;
>   return STATUS_SUCCESS;
> @@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract)
>  
>  void semanage_seuser_key_free(semanage_seuser_key_t * key)
>  {
> -
> + free(key->name);
>   free(key);
>  }
>  
> 

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH] libselinux: fix subdir build and usage of cmdline CFLAGS

2016-11-14 Thread Stephen Smalley

commit 16c123f4b1f3c8d20b3f597df161d7e635620923 ("libselinux:
support ANDROID_HOST=1 on Mac") broke the ability to run make
in the src subdirectory of libselinux (because OS and COMPILER
were not defined) and also caused some warning flags that could
be overridden via command-line CFLAGS to be mandatory.  Fix it.

Signed-off-by: Stephen Smalley 
---
 libselinux/src/Makefile   | 12 ++--
 libselinux/utils/Makefile | 10 +-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 24946ce..76efe49 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -23,6 +23,14 @@ LIBSEPOLA ?= $(LIBDIR)/libsepol.a
 VERSION = $(shell cat ../VERSION)
 LIBVERSION = 1
 
+OS ?= $(shell uname)
+
+ifeq ($(shell $(CC) -v 2>&1 | grep "clang"),)
+COMPILER ?= gcc
+else
+COMPILER ?= clang
+endif
+
 LIBA=libselinux.a 
 TARGET=libselinux.so
 LIBPC=libselinux.pc
@@ -67,12 +75,12 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k 
-Wformat-security -Winit-self -Wmissi
 LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro
 
 ifeq ($(COMPILER), gcc)
-override CFLAGS += -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat 
-Wsync-nand \
+CFLAGS += -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc 
-Wsuggest-attribute=const \
-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines 
-Wjump-misses-init \
-Wno-suggest-attribute=pure -Wno-suggest-attribute=const 
-Wp,-D_FORTIFY_SOURCE=2
 else
-override CFLAGS += -Wunused-command-line-argument
+CFLAGS += -Wunused-command-line-argument
 endif
 
 ifeq ($(OS), Darwin)
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index a4f9903..7744184 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -5,6 +5,14 @@ USRBINDIR ?= $(PREFIX)/sbin
 SBINDIR ?= $(DESTDIR)/sbin
 INCLUDEDIR ?= $(PREFIX)/include
 
+OS ?= $(shell uname)
+
+ifeq ($(shell $(CC) -v 2>&1 | grep "clang"),)
+COMPILER ?= gcc
+else
+COMPILER ?= clang
+endif
+
 MAX_STACK_SIZE=8192
 CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self 
-Wmissing-include-dirs \
   -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow 
-Wpointer-arith \
@@ -26,7 +34,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security 
-Winit-self -Wmissi
 LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro
 
 ifeq ($(COMPILER), gcc)
-override CFLAGS += -fipa-pure-const -Wpacked-bitfield-compat -Wsync-nand 
-Wcoverage-mismatch \
+CFLAGS += -fipa-pure-const -Wpacked-bitfield-compat -Wsync-nand 
-Wcoverage-mismatch \
-Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines 
-Wjump-misses-init \
-Wno-suggest-attribute=pure -Wno-suggest-attribute=const
-- 
2.7.4

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug

2016-11-14 Thread Stephen Smalley

The combining logic for dontaudit rules was wrong, causing
a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
rule.

Reported-by: Nick Kralevich 
Signed-off-by: Stephen Smalley 
---
 libsepol/src/expand.c | 16 
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 004a029..d7adbf8 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -1604,7 +1604,8 @@ static int expand_range_trans(expand_state_t * state,
 static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
   avtab_t * avtab, avtab_key_t * key,
   cond_av_list_t ** cond,
-  av_extended_perms_t *xperms)
+  av_extended_perms_t *xperms,
+  char *alloced)
 {
avtab_ptr_t node;
avtab_datum_t avdatum;
@@ -1658,6 +1659,11 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * 
handle,
nl->next = *cond;
*cond = nl;
}
+   if (alloced)
+   *alloced = 1;
+   } else {
+   if (alloced)
+   *alloced = 0;
}
 
return node;
@@ -1750,7 +1756,7 @@ static int expand_terule_helper(sepol_handle_t * handle,
return EXPAND_RULE_CONFLICT;
}
 
-   node = find_avtab_node(handle, avtab, , cond, NULL);
+   node = find_avtab_node(handle, avtab, , cond, NULL, NULL);
if (!node)
return -1;
if (enabled) {
@@ -1790,6 +1796,7 @@ static int expand_avrule_helper(sepol_handle_t * handle,
class_perm_node_t *cur;
uint32_t spec = 0;
unsigned int i;
+   char alloced;
 
if (specified & AVRULE_ALLOWED) {
spec = AVTAB_ALLOWED;
@@ -1824,7 +1831,8 @@ static int expand_avrule_helper(sepol_handle_t * handle,
avkey.target_class = cur->tclass;
avkey.specified = spec;
 
-   node = find_avtab_node(handle, avtab, , cond, 
extended_perms);
+   node = find_avtab_node(handle, avtab, , cond,
+  extended_perms, );
if (!node)
return EXPAND_RULE_ERROR;
if (enabled) {
@@ -1850,7 +1858,7 @@ static int expand_avrule_helper(sepol_handle_t * handle,
 */
avdatump->data &= cur->data;
} else if (specified & AVRULE_DONTAUDIT) {
-   if (avdatump->data)
+   if (!alloced)
avdatump->data &= ~cur->data;
else
avdatump->data = ~cur->data;
-- 
2.7.4

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] libsepol: fix checkpolicy dontaudit compiler bug

2016-11-14 Thread Stephen Smalley

On 11/14/2016 10:59 AM, Stephen Smalley wrote:
> The combining logic for dontaudit rules was wrong, causing
> a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
> rule.
> 
> Reported-by: Nick Kralevich 
> Signed-off-by: Stephen Smalley 

Sorry, that's not correct either.  NAKing my own patch.

> ---
>  libsepol/src/expand.c | 5 +
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 004a029..cdfb792 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -1850,10 +1850,7 @@ static int expand_avrule_helper(sepol_handle_t * 
> handle,
>*/
>   avdatump->data &= cur->data;
>   } else if (specified & AVRULE_DONTAUDIT) {
> - if (avdatump->data)
> - avdatump->data &= ~cur->data;
> - else
> - avdatump->data = ~cur->data;
> + avdatump->data &= ~cur->data;
>   } else if (specified & AVRULE_XPERMS) {
>   xperms = avdatump->xperms;
>   if (!xperms) {
> 

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH] libsepol: fix checkpolicy dontaudit compiler bug

2016-11-14 Thread Stephen Smalley

The combining logic for dontaudit rules was wrong, causing
a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
rule.

Reported-by: Nick Kralevich 
Signed-off-by: Stephen Smalley 
---
 libsepol/src/expand.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 004a029..cdfb792 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -1850,10 +1850,7 @@ static int expand_avrule_helper(sepol_handle_t * handle,
 */
avdatump->data &= cur->data;
} else if (specified & AVRULE_DONTAUDIT) {
-   if (avdatump->data)
-   avdatump->data &= ~cur->data;
-   else
-   avdatump->data = ~cur->data;
+   avdatump->data &= ~cur->data;
} else if (specified & AVRULE_XPERMS) {
xperms = avdatump->xperms;
if (!xperms) {
-- 
2.7.4

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] Security: selinux - Improvement in code readability when

2016-11-14 Thread Paul Moore

On Fri, Nov 11, 2016 at 3:48 AM, Shailendra Verma
 wrote:
> From: "Shailendra Verma" 
>
> There is no need to call kfree() if memdup_user() fails, as no memory
> was allocated and the error in the error-valued pointer should be returned.
>
> Signed-off-by: Shailendra Verma 
> ---
>  security/selinux/selinuxfs.c |5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Hello Shailendra,

Thank you for your patch, but I prefer the readability of the code as
it currently stands.

-- 
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH] Security: selinux - Improvement in code readability when

2016-11-14 Thread Shailendra Verma

From: "Shailendra Verma" 

There is no need to call kfree() if memdup_user() fails, as no memory
was allocated and the error in the error-valued pointer should be returned.

Signed-off-by: Shailendra Verma 
---
 security/selinux/selinuxfs.c |5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 72c145d..b6d0a23 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1166,7 +1166,7 @@ static ssize_t sel_write_bool(struct file *filep, const 
char __user *buf,
 
length = -EINVAL;
if (sscanf(page, "%d", _value) != 1)
-   goto out;
+   goto out1;
 
if (new_value)
new_value = 1;
@@ -1174,9 +1174,10 @@ static ssize_t sel_write_bool(struct file *filep, const 
char __user *buf,
bool_pending_values[index] = new_value;
length = count;
 
+out1:
+   kfree(page);
 out:
mutex_unlock(_mutex);
-   kfree(page);
return length;
 }
 
-- 
1.7.9.5

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [SECILC] does not seem to filter redundant attributes and rules

2016-11-14 Thread Dominick Grift

On 11/14/2016 11:11 AM, Dominick Grift wrote:
> On 11/09/2016 03:52 PM, James Carter wrote:
>> On 11/09/2016 07:40 AM, Dominick Grift wrote:
>>> I am in the process of a DSSP rewrite, taking a different approach this
>>> time.
>>>
>>> However I encountered something that seems suboptimal:
>>>
>>> SECILC seems to not filter redundant attributes and rules
>>>
>>> Example i have a type attribute and it has rules associated with it.
>>> However, the type attribute is not associated with any types.
>>>
>>> I was hoping that SECILC would be smart enough to determine that it
>>> might as well filter both the type attribute as well as the rules
>>> associated with it.
>>>
>>> To reproduce:
>>>
>>> git clone https://github.com/DefenSec/dssp1-base.git
>>> cd dssp1-base
>>> secilc `ls *.cil`
>>> sesearch -ASCT -s lib.ld_so.read_files_subj_type_attribute policy.30
>>> seinfo -xalib.ld_so.read_files_subj_type_attribute policy.30
>>>
>>>
>>> Am i expecting the impossible by expecting SECILC to be smart enough to
>>> determine that something is redundant, and that it can be filtered out
>>> until it becomes applicable?
>>>
>>>
>>
>> I don't think that it would be too hard to remove attributes that have
>> no types associated with them along with rules containing those
>> attributes. I have this nagging feeling, though, that there is a reason
>> that we didn't do that. I'll have to think about it a bit.
>>
>> Jim
> 
> Have you given this some thought?
> 
> I suspect this could have significant impact.
> 
> consider the following:
> 
> CIL encourages the use of attributes to the fullest extent, and with
> dssp1 i have taken this to heart.
> 
> This should make dssp1 very scale-able. The more an identifier is used
> the greater the potential benefit.
> 
> Attributes and templates are at the heart of dssp1 and if the dssp1
> model turns out to work (it is still a work in progress and I dont quite
> see where this is eventually taking me) then this would be a very
> welcome feature.
> 
> If you want to see the current state of dssp1:
> 
> git clone https://github.com/DefenSec/dssp1-base.git
> cd dssp1-base
> secilc `ls *.cil`
> seinfo policy.30

Here is a 10 minute demo that tries to explain the benefits and the
current drawbacks of this approach (for anyone interested)

https://www.youtube.com/watch?v=MdqjVgjXvM8

> 
>>
>>
>>>
>>> ___
>>> Selinux mailing list
>>> Selinux@tycho.nsa.gov
>>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>>> To get help, send an email containing "help" to
>>> selinux-requ...@tycho.nsa.gov.
>>>
>>
>>
> 
> 


-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get=0x3B6C5F1D2C7B6B02
Dominick Grift



signature.asc
Description: OpenPGP digital signature
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

Re: [PATCH 4/4] selinux: Convert isec->lock into a spinlock

Re: [PATCH 1/2] libselinux, libsemanage: fall back to gcc in exception.sh

[PATCH 2/2] libselinux, libsemanage: swig: use SWIG_fail when an error occurs

[PATCH 1/2] libselinux,libsemanage: fall back to gcc in exception.sh

[PATCH 1/1] secilc: do not build secilc man page if it is up to date

[PATCH 4/4] libselinux,libsemanage: link Python wrapper with Python

[PATCH 1/4] libselinux,libsemanage: use Ruby to define RUBYINC

Re: [PATCH 3/4] selinux: Clean up initialization of isec->sclass

Re: [PATCH] libselinux: fix subdir build and usage of cmdline CFLAGS

Re: [PATCH 2/4] proc: Pass file mode to proc_pid_make_inode

Re: [RFC] Split up policycoreutils

RE: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug

RE: [PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug

Re: [PATCH 1/1] libsemanage: semanage_seuser_key_create: copy name

[PATCH] libselinux: fix subdir build and usage of cmdline CFLAGS

[PATCH v2] libsepol: fix checkpolicy dontaudit compiler bug

Re: [PATCH] libsepol: fix checkpolicy dontaudit compiler bug

[PATCH] libsepol: fix checkpolicy dontaudit compiler bug

Re: [PATCH] Security: selinux - Improvement in code readability when

[PATCH] Security: selinux - Improvement in code readability when

Re: [SECILC] does not seem to filter redundant attributes and rules

24 matches

Site Navigation

Mail list logo

Footer information