psss / rpms / libselinux

Forked from rpms/libselinux 5 years ago
Clone
Source Code
GIT

Files

  1.   d6f11ce40d7cb8b902766121e19b58ef75f5890f
  2.   libselinux-rhat.patch
Blob Blame History Raw 
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 02dd829..6dfdb46 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -114,7 +114,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
 	ln -sf $@ $(TARGET) 
 
 $(LIBPC): $(LIBPC).in ../VERSION
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index e419f1a..fdeca93 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -16,6 +16,82 @@
 #include <dlfcn.h>
 #include "policy.h"
 #include <limits.h>
+#include <lzma.h>
+
+static char *lzmaread(int fd, size_t *rsize) {
+	int capacity = 64*1024;
+	char *buf = NULL;
+	int tmpsize = 8 * 1024;
+	unsigned char tmp[tmpsize];
+	unsigned char tmp_out[tmpsize];
+	size_t size = 0;
+	lzma_stream strm = LZMA_STREAM_INIT;
+	lzma_action action = LZMA_RUN;
+	lzma_ret ret;
+	
+	FILE *stream = fdopen (fd, "r");
+	if (!stream) {
+		return NULL;
+	}
+	ret = lzma_stream_decoder(&strm, UINT64_MAX,
+				  LZMA_CONCATENATED);
+	
+	strm.avail_in = 0;
+	strm.next_out = tmp_out;
+	strm.avail_out = tmpsize;
+	
+	buf = (char *) malloc (capacity);
+	if (!buf)
+		goto err;
+	
+	while (1) {
+		if (strm.avail_in == 0) {
+			strm.next_in = tmp;
+			strm.avail_in = fread(tmp, 1, tmpsize, stream);
+			
+			if (ferror(stream)) {
+				// POSIX says that fread() sets errno if
+				// an error occurred. ferror() doesn't
+				// touch errno.
+				goto err;
+			}
+			if (feof(stream)) action = LZMA_FINISH;
+		}
+		
+		ret = lzma_code(&strm, action);
+		
+		// Write and check write error before checking decoder error.
+		// This way as much data as possible gets written to output
+		// even if decoder detected an error.
+		if (strm.avail_out == 0 || ret != LZMA_OK) {
+			const size_t num =  tmpsize - strm.avail_out;
+			if (num > capacity) {
+				buf = (char*) realloc (buf, size*2);
+				capacity = size;
+			}
+			memcpy (buf+size, tmp_out, num);
+			capacity -= num;
+			size += num;
+			strm.next_out = tmp_out;
+			strm.avail_out = tmpsize;
+		}
+		if (ret != LZMA_OK) {
+			if (ret == LZMA_STREAM_END) {
+				break;
+			} else {
+				goto err;
+			}
+		}
+	}
+	*rsize = size;
+	
+	goto exit;
+err:
+	free(buf); buf = NULL;
+exit:
+	lzma_end(&strm);
+	return buf;
+}
 
 int security_load_policy(void *data, size_t len)
 {
@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
 	struct stat sb;
 	struct utsname uts;
 	size_t size;
-	void *map, *data;
+	void *map = NULL, *data=NULL;
 	int fd, rc = -1, prot;
 	sepol_policydb_t *policydb;
 	sepol_policy_file_t *pf;
@@ -181,24 +257,28 @@ checkbool:
 		goto dlclose;
 	}
 
-	if (fstat(fd, &sb) < 0) {
-		fprintf(stderr,
-			"SELinux:  Could not stat policy file %s:  %s\n",
-			path, strerror(errno));
-		goto close;
-	}
-
-	prot = PROT_READ;
-	if (setlocaldefs || preservebools)
-		prot |= PROT_WRITE;
+	data = lzmaread(fd,&size);
 
-	size = sb.st_size;
-	data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
-	if (map == MAP_FAILED) {
-		fprintf(stderr,
-			"SELinux:  Could not map policy file %s:  %s\n",
+	if (!data) {
+		if (fstat(fd, &sb) < 0) {
+			fprintf(stderr,
+				"SELinux:  Could not stat policy file %s:  %s\n",
 			path, strerror(errno));
-		goto close;
+			goto close;
+		}
+		
+		prot = PROT_READ;
+		if (setlocaldefs || preservebools)
+			prot |= PROT_WRITE;
+		
+		size = sb.st_size;
+		data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+		if (map == MAP_FAILED) {
+			fprintf(stderr,
+				"SELinux:  Could not map policy file %s:  %s\n",
+				path, strerror(errno));
+			goto close;
+		}
 	}
 
 	if (vers > kernvers && usesepol) {
@@ -210,6 +290,8 @@ checkbool:
 			goto unmap;
 		}
 		policy_file_set_mem(pf, data, size);
+		if (!map)
+			free(data);
 		if (policydb_read(policydb, pf)) {
 			policy_file_free(pf);
 			policydb_free(policydb);
@@ -223,7 +305,8 @@ checkbool:
 				path);
 			policy_file_free(pf);
 			policydb_free(policydb);
-			munmap(map, sb.st_size);
+			if (map)
+				munmap(map, sb.st_size);
 			close(fd);
 			vers--;
 			goto search;
@@ -275,7 +358,7 @@ checkbool:
 #endif
 	}
 
-
+	
 	rc = security_load_policy(data, size);
 	
 	if (rc)
@@ -286,7 +369,8 @@ checkbool:
       unmap:
 	if (data != map)
 		free(data);
-	munmap(map, sb.st_size);
+	if (map)
+		munmap(map, sb.st_size);
       close:
 	close(fd);
       dlclose:
@@ -410,7 +494,7 @@ int selinux_init_load_policy(int *enforce)
 	 * already mounted and selinuxmnt set above.
 	 */
 
-	if (seconfig == -1) {
+	if (*enforce == -1) {
 		/* Runtime disable of SELinux. */
 		rc = security_disable();
 		if (rc == 0) {
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index 2d7369e..2a00807 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -2,6 +2,7 @@
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
+#include <syslog.h>
 #include "selinux_internal.h"
 #include "label_internal.h"
 #include "callbacks.h"
@@ -62,7 +63,7 @@ static void
 {
 	va_list ap;
 	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
+	vsyslog(LOG_ERR, fmt, ap);
 	va_end(ap);
 }
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.