diff --git a/.cvsignore b/.cvsignore index 823174a..3810e1b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -79,3 +79,4 @@ libselinux-1.29.8.tgz libselinux-1.30.tgz libselinux-1.30.1.tgz libselinux-1.30.3.tgz +libselinux-1.30.5.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index d7ec9ab..8eeb276 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,42 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.30.3/include/selinux/setrans.h +--- nsalibselinux/include/selinux/setrans.h 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-1.30.3/include/selinux/setrans.h 2006-05-03 09:25:00.000000000 -0400 +@@ -0,0 +1,32 @@ ++/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ ++ ++#ifndef _SETRANS_H ++#define _SETRANS_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* This must be called once, prior to calling any other ++ translation function. ++ Returns nonzero if translations cannot be performed, ++ or 0 otherwise. */ ++int init_context_translations(void); ++ ++/* Perform context translation. ++ Caller must free the resulting context. ++ Returns nonzero if error or 0 otherwise. */ ++int translate_context(const char *, char **); ++int untranslate_context(const char *, char **); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix" ++ ++#define SETRANS_INIT 1 ++#define RAW_TO_TRANS_CONTEXT 2 ++#define TRANS_TO_RAW_CONTEXT 3 ++ ++#endif /* _SETRANS_H */ diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c libselinux-1.30.3/src/canonicalize_context.c --- nsalibselinux/src/canonicalize_context.c 2005-11-08 09:34:17.000000000 -0500 -+++ libselinux-1.30.3/src/canonicalize_context.c 2006-05-02 14:48:20.000000000 -0400 ++++ libselinux-1.30.3/src/canonicalize_context.c 2006-05-03 11:00:33.000000000 -0400 @@ -5,7 +5,6 @@ #include #include @@ -18,9 +54,57 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c li buf = malloc(size); if (!buf) { ret = -1; +@@ -64,22 +63,16 @@ + security_context_t rcon = con; + security_context_t rcanoncon; + +- if (context_translations && trans_to_raw_context(con, &rcon)) ++ ++ if (selinux_trans_to_raw_context(con, &rcon)) + return -1; + + ret = security_canonicalize_context_raw(rcon, &rcanoncon); + +- if (context_translations) { +- freecon(rcon); +- if (!ret) { +- if (raw_to_trans_context(rcanoncon, canoncon)) { +- *canoncon = NULL; +- ret = -1; +- } +- freecon(rcanoncon); +- } +- } else if (!ret) { +- *canoncon = rcanoncon; ++ freecon(rcon); ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rcanoncon, canoncon); ++ freecon(rcanoncon); + } + + return ret; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.30.3/src/check_context.c +--- nsalibselinux/src/check_context.c 2005-08-23 13:34:34.000000000 -0400 ++++ libselinux-1.30.3/src/check_context.c 2006-05-03 10:59:57.000000000 -0400 +@@ -32,13 +32,12 @@ + int ret; + security_context_t rcon = con; + +- if (context_translations && trans_to_raw_context(con, &rcon)) ++ if (selinux_trans_to_raw_context(con, &rcon)) + return -1; + + ret = security_check_context_raw(rcon); + +- if (context_translations) +- freecon(rcon); ++ freecon(rcon); + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.30.3/src/compute_av.c --- nsalibselinux/src/compute_av.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/compute_av.c 2006-05-02 14:48:22.000000000 -0400 ++++ libselinux-1.30.3/src/compute_av.c 2006-05-03 11:00:48.000000000 -0400 @@ -5,7 +5,6 @@ #include #include @@ -38,9 +122,38 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1 buf = malloc(len); if (!buf) { ret = -1; +@@ -70,21 +69,17 @@ + security_context_t rscon = scon; + security_context_t rtcon = tcon; + +- if (context_translations) { +- if (trans_to_raw_context(scon, &rscon)) +- return -1; +- if (trans_to_raw_context(tcon, &rtcon)) { +- freecon(rscon); +- return -1; +- } ++ if (selinux_trans_to_raw_context(scon, &rscon)) ++ return -1; ++ if (selinux_trans_to_raw_context(tcon, &rtcon)) { ++ freecon(rscon); ++ return -1; + } + + ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd); + +- if (context_translations) { +- freecon(rscon); +- freecon(rtcon); +- } ++ freecon(rscon); ++ freecon(rtcon); + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.30.3/src/compute_create.c --- nsalibselinux/src/compute_create.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/compute_create.c 2006-05-02 14:48:23.000000000 -0400 ++++ libselinux-1.30.3/src/compute_create.c 2006-05-03 11:04:26.000000000 -0400 @@ -5,7 +5,6 @@ #include #include @@ -58,9 +171,50 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselin buf = malloc(size); if (!buf) { ret = -1; +@@ -66,29 +65,21 @@ + security_context_t rtcon = tcon; + security_context_t rnewcon; + +- if (context_translations) { +- if (trans_to_raw_context(scon, &rscon)) +- return -1; +- if (trans_to_raw_context(tcon, &rtcon)) { +- freecon(rscon); +- return -1; +- } ++ if (selinux_trans_to_raw_context(scon, &rscon)) ++ return -1; ++ if (selinux_trans_to_raw_context(tcon, &rtcon)) { ++ freecon(rscon); ++ return -1; + } + + ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon); + +- if (context_translations) { +- freecon(rscon); +- freecon(rtcon); +- if (!ret) { +- if (raw_to_trans_context(rnewcon, newcon)) { +- *newcon = NULL; +- ret = -1; +- } +- freecon(rnewcon); +- } +- } else if (!ret) +- *newcon = rnewcon; ++ freecon(rscon); ++ freecon(rtcon); ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rnewcon, newcon); ++ freecon(rnewcon); ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.30.3/src/compute_member.c --- nsalibselinux/src/compute_member.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/compute_member.c 2006-05-02 14:48:25.000000000 -0400 ++++ libselinux-1.30.3/src/compute_member.c 2006-05-03 11:01:44.000000000 -0400 @@ -5,7 +5,6 @@ #include #include @@ -78,9 +232,52 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselin buf = malloc(size); if (!buf) { ret = -1; +@@ -66,29 +65,24 @@ + security_context_t rtcon = tcon; + security_context_t rnewcon; + +- if (context_translations) { +- if (trans_to_raw_context(scon, &rscon)) +- return -1; +- if (trans_to_raw_context(tcon, &rtcon)) { +- freecon(rscon); +- return -1; +- } ++ if (selinux_trans_to_raw_context(scon, &rscon)) ++ return -1; ++ if (selinux_trans_to_raw_context(tcon, &rtcon)) { ++ freecon(rscon); ++ return -1; + } + + ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon); + +- if (context_translations) { +- freecon(rscon); +- freecon(rtcon); +- if (!ret) { +- if (raw_to_trans_context(rnewcon, newcon)) { +- *newcon = NULL; +- ret = -1; +- } +- freecon(rnewcon); ++ freecon(rscon); ++ freecon(rtcon); ++ if (!ret) { ++ if (selinux_raw_to_trans_context(rnewcon, newcon)) { ++ *newcon = NULL; ++ ret = -1; + } +- } else if (!ret) +- *newcon = rnewcon; ++ freecon(rnewcon); ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.30.3/src/compute_relabel.c --- nsalibselinux/src/compute_relabel.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/compute_relabel.c 2006-05-02 14:48:27.000000000 -0400 ++++ libselinux-1.30.3/src/compute_relabel.c 2006-05-03 11:04:30.000000000 -0400 @@ -5,7 +5,6 @@ #include #include @@ -98,9 +295,50 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libseli buf = malloc(size); if (!buf) { ret = -1; +@@ -66,29 +65,21 @@ + security_context_t rtcon = tcon; + security_context_t rnewcon; + +- if (context_translations) { +- if (trans_to_raw_context(scon, &rscon)) +- return -1; +- if (trans_to_raw_context(tcon, &rtcon)) { +- freecon(rscon); +- return -1; +- } ++ if (selinux_trans_to_raw_context(scon, &rscon)) ++ return -1; ++ if (selinux_trans_to_raw_context(tcon, &rtcon)) { ++ freecon(rscon); ++ return -1; + } + + ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon); + +- if (context_translations) { +- freecon(rscon); +- freecon(rtcon); +- if (!ret) { +- if (raw_to_trans_context(rnewcon, newcon)) { +- *newcon = NULL; +- ret = -1; +- } +- freecon(rnewcon); +- } +- } else if (!ret) +- *newcon = rnewcon; ++ freecon(rscon); ++ freecon(rtcon); ++ if (!ret) { ++ ret=selinux_raw_to_trans_context(rnewcon, newcon); ++ freecon(rnewcon); ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.30.3/src/compute_user.c --- nsalibselinux/src/compute_user.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/compute_user.c 2006-05-02 14:48:32.000000000 -0400 ++++ libselinux-1.30.3/src/compute_user.c 2006-05-03 11:02:16.000000000 -0400 @@ -5,7 +5,6 @@ #include #include @@ -118,6 +356,42 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux buf = malloc(size); if (!buf) { ret = -1; +@@ -82,24 +81,22 @@ + int ret; + security_context_t rscon = scon; + +- if (context_translations && trans_to_raw_context(scon, &rscon)) ++ if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + + ret = security_compute_user_raw(rscon, user, con); + +- if (context_translations) { +- freecon(rscon); +- if (!ret) { +- security_context_t *ptr, tmpcon; +- for (ptr = *con; *ptr; ptr++) { +- if (raw_to_trans_context(*ptr, &tmpcon)) { +- freeconary(*con); +- *con = NULL; +- return -1; +- } +- freecon(*ptr); +- *ptr = tmpcon; ++ freecon(rscon); ++ if (!ret) { ++ security_context_t *ptr, tmpcon; ++ for (ptr = *con; *ptr; ptr++) { ++ if (selinux_raw_to_trans_context(*ptr, &tmpcon)) { ++ freeconary(*con); ++ *con = NULL; ++ return -1; + } ++ freecon(*ptr); ++ *ptr = tmpcon; + } + } + diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30.3/src/enabled.c --- nsalibselinux/src/enabled.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/enabled.c 2006-05-02 14:48:35.000000000 -0400 @@ -138,9 +412,49 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30 buf = malloc(size); if (!buf) { enabled = -1; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.3/src/fgetfilecon.c +--- nsalibselinux/src/fgetfilecon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/fgetfilecon.c 2006-05-03 10:55:46.000000000 -0400 +@@ -52,14 +52,10 @@ + + ret = fgetfilecon_raw(fd, &rcontext); + +- if (context_translations && ret > 0) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (ret > 0) { ++ ret=selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (ret > 0) +- *context = rcontext; ++ } + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.30.3/src/fsetfilecon.c +--- nsalibselinux/src/fsetfilecon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/fsetfilecon.c 2006-05-03 11:02:20.000000000 -0400 +@@ -18,13 +18,12 @@ + int ret; + security_context_t rcontext = context; + +- if (context_translations && trans_to_raw_context(context, &rcontext)) ++ if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = fsetfilecon_raw(fd, rcontext); + +- if (context_translations) +- freecon(rcontext); ++ freecon(rcontext); + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30.3/src/getcon.c --- nsalibselinux/src/getcon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/getcon.c 2006-05-02 14:48:37.000000000 -0400 ++++ libselinux-1.30.3/src/getcon.c 2006-05-03 11:02:25.000000000 -0400 @@ -4,7 +4,6 @@ #include "selinux_internal.h" #include @@ -158,9 +472,27 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30. buf = malloc(size); if (!buf) { ret = -1; +@@ -51,14 +50,13 @@ + + ret = getcon_raw(&rcontext); + +- if (context_translations && !ret) { +- if (raw_to_trans_context(rcontext, context)) { ++ if (!ret) { ++ if (selinux_raw_to_trans_context(rcontext, context)) { + *context = NULL; + ret = -1; + } + freecon(rcontext); +- } else if (!ret) +- *context = rcontext; ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.30.3/src/getexeccon.c --- nsalibselinux/src/getexeccon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getexeccon.c 2006-05-02 14:48:39.000000000 -0400 ++++ libselinux-1.30.3/src/getexeccon.c 2006-05-03 11:04:35.000000000 -0400 @@ -3,7 +3,6 @@ #include #include @@ -178,9 +510,48 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1 buf = malloc(size); if (!buf) { ret = -1; +@@ -56,14 +55,10 @@ + + ret = getexeccon_raw(&rcontext); + +- if (context_translations && !ret) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (!ret) +- *context = rcontext; ++ } + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.3/src/getfilecon.c +--- nsalibselinux/src/getfilecon.c 2005-08-23 13:34:34.000000000 -0400 ++++ libselinux-1.30.3/src/getfilecon.c 2006-05-03 10:54:32.000000000 -0400 +@@ -52,14 +52,10 @@ + + ret = getfilecon_raw(path, &rcontext); + +- if (context_translations && ret > 0) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (ret > 0) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (ret > 0) +- *context = rcontext; ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.30.3/src/getfscreatecon.c --- nsalibselinux/src/getfscreatecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getfscreatecon.c 2006-05-02 14:48:41.000000000 -0400 ++++ libselinux-1.30.3/src/getfscreatecon.c 2006-05-03 11:04:45.000000000 -0400 @@ -3,7 +3,6 @@ #include #include @@ -198,9 +569,48 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselin buf = malloc(size); if (!buf) { ret = -1; +@@ -56,14 +55,10 @@ + + ret = getfscreatecon_raw(&rcontext); + +- if (context_translations && !ret) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (!ret) +- *context = rcontext; ++ } + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.30.3/src/getpeercon.c +--- nsalibselinux/src/getpeercon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/getpeercon.c 2006-05-03 11:03:09.000000000 -0400 +@@ -51,14 +51,10 @@ + + ret = getpeercon_raw(fd, &rcontext); + +- if (context_translations && !ret) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (!ret) +- *context = rcontext; ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.30.3/src/getpidcon.c --- nsalibselinux/src/getpidcon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getpidcon.c 2006-05-02 14:48:43.000000000 -0400 ++++ libselinux-1.30.3/src/getpidcon.c 2006-05-03 11:03:33.000000000 -0400 @@ -4,7 +4,6 @@ #include #include @@ -218,9 +628,27 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1. buf = malloc(size); if (!buf) { ret = -1; +@@ -55,14 +54,10 @@ + + ret = getpidcon_raw(pid, &rcontext); + +- if (context_translations && !ret) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (!ret) +- *context = rcontext; ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.30.3/src/getprevcon.c --- nsalibselinux/src/getprevcon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/getprevcon.c 2006-05-02 14:48:45.000000000 -0400 ++++ libselinux-1.30.3/src/getprevcon.c 2006-05-03 11:03:45.000000000 -0400 @@ -4,7 +4,6 @@ #include "selinux_internal.h" #include @@ -238,9 +666,27 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1 buf = malloc(size); if (!buf) { ret = -1; +@@ -51,14 +50,10 @@ + + ret = getprevcon_raw(&rcontext); + +- if (context_translations && !ret) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (!ret) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (!ret) +- *context = rcontext; ++ } + + return ret; + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/src/init.c --- nsalibselinux/src/init.c 2005-12-14 14:16:46.000000000 -0500 -+++ libselinux-1.30.3/src/init.c 2006-05-02 14:48:04.000000000 -0400 ++++ libselinux-1.30.3/src/init.c 2006-05-03 10:30:57.000000000 -0400 @@ -4,15 +4,16 @@ #include #include @@ -274,7 +720,67 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/ memset(buf, 0, size); while(( bufp = fgets_unlocked(buf, size, fp))) -@@ -134,6 +136,7 @@ +@@ -75,65 +77,15 @@ + } + hidden_def(set_selinuxmnt) + +-int context_translations hidden; +-void *translation_lib_handle hidden; +- +-/* from libsetrans.c */ +-extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp); +-extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp); +- +- + static void init_translations(void) + { +-#ifdef SHARED +- int (*lib_trans_init)(void) = NULL; +- +- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW); +- if (!translation_lib_handle) +- return; +- +- dlerror(); +- +- lib_trans_init = dlsym(translation_lib_handle, +- "init_context_translations"); +- if (dlerror() || lib_trans_init()) +- return; +- +- lib_raw_to_trans_context = dlsym(translation_lib_handle, +- "translate_context"); +- if (dlerror()) +- return; +- +- lib_trans_to_raw_context = dlsym(translation_lib_handle, +- "untranslate_context"); +- if (dlerror()) +- return; +- +- context_translations = 1; +-#endif +-} +- +-static void fini_translations(void) +-{ +-#ifdef SHARED +- context_translations = 0; +- if (translation_lib_handle) { +- int (*lib_trans_finish)(void) = NULL; +- +- lib_trans_finish = dlsym(translation_lib_handle, +- "finish_context_translations"); +- if (! dlerror()) +- lib_trans_finish(); +- +- dlclose(translation_lib_handle); +- translation_lib_handle = NULL; +- } +-#endif ++ init_context_translations(); + } + static void init_lib(void) __attribute__ ((constructor)); static void init_lib(void) { @@ -282,11 +788,115 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/ init_selinuxmnt(); init_translations(); } +@@ -141,6 +93,5 @@ + static void fini_lib(void) __attribute__ ((destructor)); + static void fini_lib(void) + { +- fini_translations(); + fini_selinuxmnt(); + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.3/src/lgetfilecon.c +--- nsalibselinux/src/lgetfilecon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/lgetfilecon.c 2006-05-03 10:55:25.000000000 -0400 +@@ -52,14 +52,10 @@ + + ret = lgetfilecon_raw(path, &rcontext); + +- if (context_translations && ret > 0) { +- if (raw_to_trans_context(rcontext, context)) { +- *context = NULL; +- ret = -1; +- } ++ if (ret > 0) { ++ ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); +- } else if (ret > 0) +- *context = rcontext; ++ } + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.30.3/src/lsetfilecon.c +--- nsalibselinux/src/lsetfilecon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/lsetfilecon.c 2006-05-03 11:03:50.000000000 -0400 +@@ -18,13 +18,12 @@ + int ret; + security_context_t rcontext = context; + +- if (context_translations && trans_to_raw_context(context, &rcontext)) ++ if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = lsetfilecon_raw(path, rcontext); + +- if (context_translations) +- freecon(rcontext); ++ freecon(rcontext); + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.30.3/src/matchmediacon.c +--- nsalibselinux/src/matchmediacon.c 2005-08-23 13:34:34.000000000 -0400 ++++ libselinux-1.30.3/src/matchmediacon.c 2006-05-03 11:03:54.000000000 -0400 +@@ -59,13 +59,10 @@ + return -1; + } + +- if (context_translations) { +- if (raw_to_trans_context(ptr2, con)) { +- *con = NULL; +- return -1; +- } +- } else +- *con = strdup(ptr2); ++ if (selinux_raw_to_trans_context(ptr2, con)) { ++ *con = NULL; ++ return -1; ++ } + + return 0; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.3/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2006-04-14 07:21:23.000000000 -0400 ++++ libselinux-1.30.3/src/matchpathcon.c 2006-05-03 11:04:01.000000000 -0400 +@@ -591,19 +591,14 @@ + if (myflags & MATCHPATHCON_NOTRANS) + goto skip_trans; + +- if (context_translations) { +- if (raw_to_trans_context(context, &tmpcon)) { +- myprintf("%s: line %u has invalid " +- "context %s\n", +- path, lineno, context); +- return 0; +- } +- free(context); +- context = tmpcon; +- } else { +- if (STRIP_LEVEL(&context, mls_enabled)) +- return -1; ++ if (selinux_raw_to_trans_context(context, &tmpcon)) { ++ myprintf("%s: line %u has invalid " ++ "context %s\n", ++ path, lineno, context); ++ return 0; + } ++ free(context); ++ context = tmpcon; + + skip_trans: + if (myflags & MATCHPATHCON_VALIDATE) { diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.3/src/selinux_internal.h --- nsalibselinux/src/selinux_internal.h 2005-12-01 10:10:32.000000000 -0500 -+++ libselinux-1.30.3/src/selinux_internal.h 2006-05-02 14:11:05.000000000 -0400 -@@ -71,3 +71,4 @@ ++++ libselinux-1.30.3/src/selinux_internal.h 2006-05-03 10:56:53.000000000 -0400 +@@ -65,9 +65,6 @@ + hidden_proto(selinux_translations_path); + hidden_proto(selinux_getenforcemode); +-extern int context_translations hidden; +-extern int hidden trans_to_raw_context(char *trans, char **rawp); +-extern int hidden raw_to_trans_context(char *raw, char **transp); +- extern int load_setlocaldefs hidden; extern int require_seusers hidden; +extern int selinux_page_size hidden; @@ -314,3 +924,404 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- %typedef unsigned mode_t; extern int is_selinux_enabled(void); +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.30.3/src/setcon.c +--- nsalibselinux/src/setcon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/setcon.c 2006-05-03 11:04:05.000000000 -0400 +@@ -32,13 +32,12 @@ + int ret; + security_context_t rcontext = context; + +- if (context_translations && trans_to_raw_context(context, &rcontext)) ++ if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = setcon_raw(rcontext); + +- if (context_translations) +- freecon(rcontext); ++ freecon(rcontext); + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.30.3/src/setexeccon.c +--- nsalibselinux/src/setexeccon.c 2005-08-23 13:34:34.000000000 -0400 ++++ libselinux-1.30.3/src/setexeccon.c 2006-05-03 11:04:09.000000000 -0400 +@@ -28,13 +28,12 @@ + int ret; + security_context_t rcontext = context; + +- if (context_translations && trans_to_raw_context(context, &rcontext)) ++ if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = setexeccon_raw(rcontext); + +- if (context_translations) +- freecon(rcontext); ++ freecon(rcontext); + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.30.3/src/setfilecon.c +--- nsalibselinux/src/setfilecon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/setfilecon.c 2006-05-03 11:04:13.000000000 -0400 +@@ -18,13 +18,12 @@ + int ret; + security_context_t rcontext = context; + +- if (context_translations && trans_to_raw_context(context, &rcontext)) ++ if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = setfilecon_raw(path, rcontext); + +- if (context_translations) +- freecon(rcontext); ++ freecon(rcontext); + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.30.3/src/setfscreatecon.c +--- nsalibselinux/src/setfscreatecon.c 2005-08-25 11:32:02.000000000 -0400 ++++ libselinux-1.30.3/src/setfscreatecon.c 2006-05-03 11:04:17.000000000 -0400 +@@ -28,13 +28,12 @@ + int ret; + security_context_t rcontext = context; + +- if (context_translations && trans_to_raw_context(context, &rcontext)) ++ if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = setfscreatecon_raw(rcontext); + +- if (context_translations) +- freecon(rcontext); ++ freecon(rcontext); + + return ret; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.3/src/setrans_client.c +--- nsalibselinux/src/setrans_client.c 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-1.30.3/src/setrans_client.c 2006-05-03 10:56:24.000000000 -0400 +@@ -0,0 +1,246 @@ ++/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ ++ ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include "selinux/setrans.h" ++#include "dso.h" ++ ++ ++/* ++ * setransd_open ++ * ++ * This function opens a socket to the setransd. ++ * Returns: on success, a file descriptor ( >= 0 ) to the socket ++ * on error, a negative value ++ */ ++static int ++setransd_open(void) ++{ ++ struct sockaddr_un addr; ++ int fd; ++ ++ fd = socket(PF_UNIX, SOCK_STREAM, 0); ++ if (fd < 0) { ++ return -1; ++ } ++ ++ memset(&addr, 0, sizeof(addr)); ++ addr.sun_family = AF_UNIX; ++ strcpy(addr.sun_path, SETRANS_UNIX_SOCKET); ++ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { ++ close(fd); ++ return -1; ++ } ++ ++ return fd; ++} ++ ++/* Returns: 0 on success, <0 on failure */ ++static int ++send_request(int fd, uint32_t function, const char *data1, const char *data2) ++{ ++ struct iovec req_hdr[4]; ++ uint32_t data1_size; ++ uint32_t data2_size; ++ struct iovec req_data[2]; ++ ssize_t count; ++ ++ if (fd < 0) ++ return -1; ++ ++ if (!data1) ++ data1 = ""; ++ if (!data2) ++ data2 = ""; ++ ++ data1_size = strlen(data1) + 1; ++ data2_size = strlen(data2) + 1; ++ ++ req_hdr[0].iov_base = &function; ++ req_hdr[0].iov_len = sizeof(function); ++ req_hdr[1].iov_base = &data1_size; ++ req_hdr[1].iov_len = sizeof(data1_size); ++ req_hdr[2].iov_base = &data2_size; ++ req_hdr[2].iov_len = sizeof(data2_size); ++ ++ while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR)); ++ if (count != (sizeof(function) + sizeof(data1_size) + ++ sizeof(data2_size) )) { ++ return -1; ++ } ++ ++ req_data[0].iov_base = (char *)data1; ++ req_data[0].iov_len = data1_size; ++ req_data[1].iov_base = (char *)data2; ++ req_data[1].iov_len = data2_size; ++ ++ while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR)); ++ if (count < 0 || (uint32_t)count != (data1_size + data2_size)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ ++/* Returns: 0 on success, <0 on failure */ ++static int ++receive_response(int fd, uint32_t function, char **outdata, int32_t *ret_val) ++{ ++ struct iovec resp_hdr[3]; ++ uint32_t func; ++ uint32_t data_size; ++ char *data; ++ struct iovec resp_data; ++ ssize_t count; ++ ++ if (fd < 0) ++ return -1; ++ ++ resp_hdr[0].iov_base = &func; ++ resp_hdr[0].iov_len = sizeof(func); ++ resp_hdr[1].iov_base = &data_size; ++ resp_hdr[1].iov_len = sizeof(data_size); ++ resp_hdr[2].iov_base = ret_val; ++ resp_hdr[2].iov_len = sizeof(*ret_val); ++ ++ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)); ++ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) { ++ return -1; ++ } ++ ++ if (func != function || !data_size) { ++ return -1; ++ } ++ ++ data = malloc(data_size); ++ if (!data) { ++ return -1; ++ } ++ ++ resp_data.iov_base = data; ++ resp_data.iov_len = data_size; ++ ++ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)); ++ if (count < 0 || (uint32_t)count != data_size || data[data_size - 1] != '\0') { ++ free(data); ++ return -1; ++ } ++ ++ *outdata = data; ++ return 0; ++} ++ ++static int raw_to_trans_context(char *raw, char **transp) ++{ ++ int ret; ++ int32_t ret_val; ++ int fd; ++ ++ *transp = NULL; ++ ++ fd = setransd_open(); ++ if (fd < 0) ++ return fd; ++ ++ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL); ++ if (ret) ++ goto out; ++ ++ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val); ++ if (ret) ++ goto out; ++ ++ ret = ret_val; ++out: ++ close(fd); ++ return ret; ++} ++ ++static int trans_to_raw_context(char *trans, char **rawp) ++{ ++ int ret; ++ int32_t ret_val; ++ int fd; ++ ++ *rawp = NULL; ++ ++ fd = setransd_open(); ++ if (fd < 0) ++ return fd; ++ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL); ++ if (ret) ++ goto out; ++ ++ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val); ++ if (ret) ++ goto out; ++ ++ ret = ret_val; ++out: ++ close(fd); ++ return ret_val; ++} ++ ++ ++int ++init_context_translations(void) ++{ ++ int ret, fd; ++ int32_t ret_val; ++ char *out = NULL; ++ ++ fd = setransd_open(); ++ if (fd < 0) ++ return fd; ++ ++ ret = send_request(fd, SETRANS_INIT, NULL, NULL); ++ if (ret) ++ goto out; ++ ++ ret = receive_response(fd, SETRANS_INIT, &out, &ret_val); ++ free(out); ++ if (!ret) ++ ret = ret_val; ++out: ++ close(fd); ++ return ret; ++} ++ ++ ++int selinux_trans_to_raw_context(security_context_t trans, ++ security_context_t *rawp) ++{ ++ if (!trans) { ++ *rawp = NULL; ++ return 0; ++ } ++ ++ if (trans_to_raw_context(trans, rawp)) ++ *rawp = strdup(trans); ++ return *rawp ? 0 : -1; ++} ++ ++int selinux_raw_to_trans_context(security_context_t raw, ++ security_context_t *transp) ++{ ++ if (!raw) { ++ *transp = NULL; ++ return 0; ++ } ++ ++ if (raw_to_trans_context(raw, transp)) ++ *transp = strdup(raw); ++ ++ return *transp ? 0 : -1; ++} +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.3/src/setrans_internal.h +--- nsalibselinux/src/setrans_internal.h 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-1.30.3/src/setrans_internal.h 2006-05-03 09:18:19.000000000 -0400 +@@ -0,0 +1,8 @@ ++/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ ++ ++#define SETRANS_UNIX_SOCKET "/var/.setrans-unix" ++ ++#define SETRANS_INIT 1 ++#define RAW_TO_TRANS_CONTEXT 2 ++#define TRANS_TO_RAW_CONTEXT 3 ++ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.30.3/src/trans.c +--- nsalibselinux/src/trans.c 2005-08-31 12:33:10.000000000 -0400 ++++ libselinux-1.30.3/src/trans.c 1969-12-31 19:00:00.000000000 -0500 +@@ -1,59 +0,0 @@ +-#include "selinux_internal.h" +-#include +- +-int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden; +-int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden; +- +-int hidden trans_to_raw_context(char *trans, char **rawp) +-{ +- *rawp = NULL; +- if (!trans) +- return 0; +- +- if (trans && lib_trans_to_raw_context(trans, rawp)) +- *rawp = strdup(trans); +- +- return *rawp ? 0 : -1; +-} +- +-int selinux_trans_to_raw_context(security_context_t trans, +- security_context_t *rawp) +-{ +- if (context_translations) +- return trans_to_raw_context(trans, rawp); +- +- if (!trans) { +- *rawp = NULL; +- return 0; +- } +- +- *rawp = strdup(trans); +- return *rawp ? 0 : -1; +-} +- +-int hidden raw_to_trans_context(char *raw, char **transp) +-{ +- *transp = NULL; +- if (!raw) +- return 0; +- +- if (raw && lib_raw_to_trans_context(raw, transp)) +- *transp = strdup(raw); +- +- return *transp ? 0 : -1; +-} +- +-int selinux_raw_to_trans_context(security_context_t raw, +- security_context_t *transp) +-{ +- if (context_translations) +- return raw_to_trans_context(raw, transp); +- +- if (!raw) { +- *transp = NULL; +- return 0; +- } +- +- *transp = strdup(raw); +- return *transp ? 0 : -1; +-} diff --git a/libselinux.spec b/libselinux.spec index fc8e8b8..882d00e 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,17 +1,14 @@ -%define libsepolver 1.12-1 -%define libsetransver 0.1.20-1 +%define libsepolver 1.12.6-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 1.30.3 -Release: 2 +Version: 1.30.5 +Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz -Patch: libselinux-rhat.patch BuildRequires: libsepol-devel >= %{libsepolver} Requires: libsepol >= %{libsepolver} -Requires: libsetrans >= %{libsetransver} BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -51,7 +48,6 @@ needed for developing SELinux applications. %prep %setup -q -%patch -p1 -b .rhat %build make clean @@ -63,6 +59,8 @@ mkdir -p ${RPM_BUILD_ROOT}/%{_lib} mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} +mkdir -p ${RPM_BUILD_ROOT}/var/run/setrans + make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" BINDIR="${RPM_BUILD_ROOT}%{_sbindir}" install install-pywrap # Nuke the files we don't want to distribute @@ -97,6 +95,7 @@ exit 0 %{_libdir}/libselinux.so %{_sbindir}/* %{_mandir}/man8/* +/var/run/setrans %files devel %defattr(-,root,root) @@ -111,6 +110,16 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Mon May 8 2006 Dan Walsh 1.30.5-1 + * Merged fix warnings patch from Karl MacMillan. + * Merged setrans client support from Dan Walsh. + This removes use of libsetrans. + * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. + * Merged swig typemap fixes from Glauber de Oliveira Costa. + +* Wed May 3 2006 Dan Walsh 1.30.3-3 +- Change the way translations work, Use setransd/remove libsetrans + * Tue May 2 2006 Dan Walsh 1.30.3-2 - Add selinuxswig fixes - Stop using PAGE_SIZE and start using sysconf(_SC_PAGE_SIZE) diff --git a/sources b/sources index b0a7258..e5c1b93 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -70d1525b98d5906a9ac2566aeca7a65e libselinux-1.30.3.tgz +45c50620a9346d6d77f2a3229ffa26d2 libselinux-1.30.5.tgz