diff --git a/libsepol-rhat.patch b/libsepol-rhat.patch index 89a4eb3..746dc6d 100644 --- a/libsepol-rhat.patch +++ b/libsepol-rhat.patch @@ -1,275 +1,110 @@ -diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/sepol.h libsepol-1.3.6/include/sepol/sepol.h ---- nsalibsepol/include/sepol/sepol.h 2005-02-17 17:55:48.000000000 -0500 -+++ libsepol-1.3.6/include/sepol/sepol.h 2005-02-25 10:18:10.000000000 -0500 -@@ -32,5 +32,6 @@ - /* Check context validity against currently set binary policy. */ - extern int sepol_check_context(char *context); - -- -+/* Turn on or off sepol error messages. */ -+extern void sepol_debug(int on); - #endif -diff --exclude-from=exclude -N -u -r nsalibsepol/src/genbools.c libsepol-1.3.6/src/genbools.c ---- nsalibsepol/src/genbools.c 2005-02-25 09:44:03.000000000 -0500 -+++ libsepol-1.3.6/src/genbools.c 2005-02-25 09:50:17.000000000 -0500 -@@ -87,7 +87,7 @@ - pf.data = data; - pf.len = len; - if (policydb_read(&policydb,&pf, 0)) { -- fprintf(stderr, "Can't read binary policy: %s\n", -+ __sepol_debug_printf("Can't read binary policy: %s\n", - strerror(errno)); - return -1; - } -@@ -97,12 +97,12 @@ - sepol_set_policyvers(policydb.policyvers); - - if (load_booleans(&policydb, booleans) < 0) { -- fprintf(stderr, "Warning! Error while reading %s: %s\n", -+ __sepol_debug_printf("Warning! Error while reading %s: %s\n", - booleans, strerror(errno)); - } - - if (evaluate_conds(&policydb) < 0) { -- fprintf(stderr, "Error while re-evaluating conditionals: %s\n", -+ __sepol_debug_printf("Error while re-evaluating conditionals: %s\n", - strerror(errno)); - return -1; - } -@@ -111,7 +111,7 @@ - pf.len = len; - rc = policydb_write(&policydb, &pf); - if (rc) { -- fprintf(stderr, "Can't write binary policy: %s\n", -+ __sepol_debug_printf("Can't write binary policy: %s\n", - strerror(errno)); - return -1; - } -@@ -129,7 +129,7 @@ - pf.data = data; - pf.len = len; - if (policydb_read(&policydb,&pf, 0)) { -- fprintf(stderr, "Can't read binary policy: %s\n", -+ __sepol_debug_printf("Can't read binary policy: %s\n", - strerror(errno)); - return -1; - } -@@ -154,7 +154,7 @@ - } +diff --exclude-from=exclude -N -u -r nsalibsepol/src/genbools.c libsepol-1.5.2/src/genbools.c +--- nsalibsepol/src/genbools.c 2005-03-08 15:15:26.000000000 -0500 ++++ libsepol-1.5.2/src/genbools.c 2005-03-29 10:20:54.000000000 -0500 +@@ -24,11 +24,40 @@ + return dest; + } - if (evaluate_conds(&policydb) < 0) { -- fprintf(stderr, "Error while re-evaluating conditionals: %s\n", -+ __sepol_debug_printf("Error while re-evaluating conditionals: %s\n", - strerror(errno)); - return -1; - } -@@ -163,7 +163,7 @@ - pf.len = len; - rc = policydb_write(&policydb, &pf); - if (rc) { -- fprintf(stderr, "Can't write binary policy: %s\n", -+ __sepol_debug_printf("Can't write binary policy: %s\n", - strerror(errno)); ++static int process_boolean(char *buffer, char *name, int namesize, int *val) { ++ char name1[BUFSIZ]; ++ char *ptr; ++ char *tok=strtok_r(buffer,"=",&ptr); ++ if (tok) { ++ strncpy(name1,tok, BUFSIZ-1); ++ strtrim(name,name1,namesize-1); ++ if ( name[0]=='#' ) return 0; ++ tok=strtok_r(NULL,"\0",&ptr); ++ if (tok) { ++ while (isspace(*tok)) tok++; ++ *val = -1; ++ if (isdigit(tok[0])) ++ *val=atoi(tok); ++ else if (!strncmp(tok, "true", sizeof("true")-1)) ++ *val = 1; ++ else if (!strncmp(tok, "false", sizeof("false")-1)) ++ *val = 0; ++ if (*val != 0 && *val != 1) { ++ fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok); ++ return -1; ++ } ++ ++ } ++ } ++ return 1; ++} ++ + static int load_booleans(struct policydb *policydb, char *path) { + FILE *boolf; +- char buffer[BUFSIZ]; ++ char *buffer=NULL; ++ size_t size=0; ++ char localbools[BUFSIZ]; + char name[BUFSIZ]; +- char name1[BUFSIZ]; + int val; + int errors=0; + struct cond_bool_datum *datum; +@@ -37,28 +66,29 @@ + if (boolf == NULL) return -1; - } -diff --exclude-from=exclude -N -u -r nsalibsepol/src/genusers.c libsepol-1.3.6/src/genusers.c ---- nsalibsepol/src/genusers.c 2005-02-25 09:44:03.000000000 -0500 -+++ libsepol-1.3.6/src/genusers.c 2005-02-25 14:44:19.680658712 -0500 -@@ -7,12 +7,25 @@ - - #include - #include -+#include - - #include "private.h" -+static int gdebug=1; -+ -+void sepol_debug(int on) { gdebug=on; }; -+ -+void __sepol_debug_printf(const char *fmt, ...) { -+ if (gdebug) { -+ va_list ap; -+ va_start(ap, fmt); -+ vfprintf (stderr, fmt, ap); -+ va_end(ap); +- while (fgets(buffer, sizeof(buffer), boolf)) { +- char *tok=strtok(buffer,"="); +- if (tok) { +- strncpy(name1,tok, BUFSIZ-1); +- strtrim(name,name1,BUFSIZ-1); +- if ( name[0]=='#' ) continue; +- tok=strtok(NULL,"\0"); +- if (tok) { +- while (isspace(*tok)) tok++; +- val = -1; +- if (isdigit(tok[0])) +- val=atoi(tok); +- else if (!strncasecmp(tok, "true", sizeof("true")-1)) +- val = 1; +- else if (!strncasecmp(tok, "false", sizeof("false")-1)) +- val = 0; +- if (val != 0 && val != 1) { +- fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok); +- errors++; +- continue; +- } +- ++ while (getline(&buffer, &size, boolf) > 0) { ++ int ret=process_boolean(buffer, name, sizeof(name), &val); ++ if (ret==-1) ++ errors++; ++ if (ret==1) { ++ datum = hashtab_search(policydb->p_bools.table, name); ++ if (!datum) { ++ fprintf(stderr,"unknown boolean %s\n", name); ++ errors++; ++ continue; ++ } ++ datum->state = val; ++ } + } -+} - #undef BADLINE - #define BADLINE() { \ -- fprintf(stderr, "%s: invalid entry %s on line %u\n", \ -+ __sepol_debug_printf("%s: invalid entry %s on line %u\n", \ - path, buffer, lineno); \ - continue; \ - } -@@ -68,10 +81,11 @@ - /* Adding a new user definition. */ - usrdatum = (user_datum_t *) malloc(sizeof(user_datum_t)); - if (!id || !usrdatum) { -- fprintf(stderr, "%s: out of memory for %s on line %u\n", -+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", - path, buffer, lineno); - errno = ENOMEM; - free(buffer); -+ fclose(fp); - return -1; - } - memset(usrdatum, 0, sizeof(user_datum_t)); -@@ -81,10 +95,11 @@ - rc = hashtab_insert(policydb->p_users.table, - id, (hashtab_datum_t) usrdatum); - if (rc) { -- fprintf(stderr, "%s: out of memory for %s on line %u\n", -+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", - path, buffer, lineno); - errno = ENOMEM; - free(buffer); -+ fclose(fp); - return -1; ++ fclose(boolf); ++ snprintf(localbools,sizeof(localbools), "%s.local", path); ++ boolf = fopen(localbools,"r"); ++ if (boolf != NULL) { ++ while (getline(&buffer, &size, boolf) > 0) { ++ int ret=process_boolean(buffer, name, sizeof(name), &val); ++ if (ret==-1) ++ errors++; ++ if (ret==1) { + datum = hashtab_search(policydb->p_bools.table, name); + if (!datum) { + fprintf(stderr,"unknown boolean %s\n", name); +@@ -68,9 +98,9 @@ + datum->state = val; } } -@@ -128,7 +143,7 @@ - - roldatum = hashtab_search(policydb->p_roles.table, q); - if (!roldatum) { -- fprintf(stderr, "%s: undefined role %s in %s on line %u\n", -+ __sepol_debug_printf("%s: undefined role %s in %s on line %u\n", - path, q, buffer, lineno); - continue; - } -@@ -136,7 +151,7 @@ - for (bit = ebitmap_startbit(&roldatum->dominates); bit < ebitmap_length(&roldatum->dominates); bit++) { - if (ebitmap_get_bit(&roldatum->dominates, bit)) - if (ebitmap_set_bit(&usrdatum->roles, bit, 1)) { -- fprintf(stderr, "%s: out of memory for %s on line %u\n", -+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", - path, buffer, lineno); - errno = ENOMEM; - free(buffer); -@@ -172,10 +187,11 @@ - - scontext = malloc(p - q); - if (!scontext) { -- fprintf(stderr, "%s: out of memory for %s on line %u\n", -+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", - path, buffer, lineno); - errno = ENOMEM; - free(buffer); -+ fclose(fp); - return -1; - } - r = scontext; -@@ -191,7 +207,7 @@ - context_init(&context); - rc = mls_context_to_sid(policydb, oldc, &r, &context); - if (rc) { -- fprintf(stderr, "%s: invalid level %s in %s on line %u\n", -+ __sepol_debug_printf("%s: invalid level %s in %s on line %u\n", - path, scontext, buffer, lineno); - free(scontext); - continue; -@@ -218,10 +234,11 @@ - - scontext = malloc(p - q); - if (!scontext) { -- fprintf(stderr, "%s: out of memory for %s on line %u\n", -+ __sepol_debug_printf("%s: out of memory for %s on line %u\n", - path, buffer, lineno); - errno = ENOMEM; - free(buffer); -+ fclose(fp); - return -1; - } - r = scontext; -@@ -237,7 +254,7 @@ - context_init(&context); - rc = mls_context_to_sid(policydb, oldc, &r, &context); - if (rc) { -- fprintf(stderr, "%s: invalid range %s in %s on line %u\n", -+ __sepol_debug_printf("%s: invalid range %s in %s on line %u\n", - path, scontext, buffer, lineno); - free(scontext); - continue; -@@ -248,7 +265,7 @@ ++ fclose(boolf); } - - free(buffer); +- fclose(boolf); - -+ fclose(fp); - return 0; - } - -@@ -334,7 +351,7 @@ - pf.data = data; - pf.len = len; - if (policydb_read(&policydb,&pf, 0)) { -- fprintf(stderr, "%s: Can't read binary policy: %s\n", -+ __sepol_debug_printf("%s: Can't read binary policy: %s\n", - __FUNCTION__, strerror(errno)); - return -1; - } -@@ -342,7 +359,7 @@ - /* Load base set of system users from the policy package. */ - snprintf(path, sizeof path, "%s/system.users", usersdir); - if (load_users(&policydb, path) < 0) { -- fprintf(stderr, "%s: Can't load system.users: %s\n", -+ __sepol_debug_printf("%s: Can't load system.users: %s\n", - __FUNCTION__, strerror(errno)); - return -1; - } -@@ -350,7 +367,7 @@ - /* Load locally defined users. */ - snprintf(path, sizeof path, "%s/local.users", usersdir); - if (load_users(&policydb, path) < 0) { -- fprintf(stderr, "%s: Can't load local.users: %s\n", -+ __sepol_debug_printf("%s: Can't load local.users: %s\n", - __FUNCTION__, strerror(errno)); - return -1; - } -@@ -374,7 +391,7 @@ - pf.len = 0; - rc = policydb_write(&policydb, &pf); - if (rc) { -- fprintf(stderr, "Can't compute length of binary policy: %s\n", -+ __sepol_debug_printf("Can't compute length of binary policy: %s\n", - strerror(errno)); - return -1; - } -@@ -383,7 +400,7 @@ - pf.type = PF_USE_MEMORY; - pf.data = malloc(pf.len); - if (!pf.data) { -- fprintf(stderr, "%s: %s\n", __FUNCTION__, strerror(errno)); -+ __sepol_debug_printf("%s: %s\n", __FUNCTION__, strerror(errno)); - return -1; - } - -@@ -394,7 +411,7 @@ - /* Write out the new binary policy image. */ - rc = policydb_write(&policydb, &pf); - if (rc) { -- fprintf(stderr, "Can't write binary policy: %s\n", -+ __sepol_debug_printf("Can't write binary policy: %s\n", - strerror(errno)); - free(pf.data); - return -1; -diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-1.3.6/src/libsepol.map ---- nsalibsepol/src/libsepol.map 2005-02-17 17:55:49.000000000 -0500 -+++ libsepol-1.3.6/src/libsepol.map 2005-02-25 10:19:28.000000000 -0500 -@@ -1,4 +1,4 @@ - { -- global: sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; -+ global: sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; sepol_debug; - local: *; - }; -diff --exclude-from=exclude -N -u -r nsalibsepol/src/private.h libsepol-1.3.6/src/private.h ---- nsalibsepol/src/private.h 2005-02-07 10:23:04.000000000 -0500 -+++ libsepol-1.3.6/src/private.h 2005-02-25 10:20:39.000000000 -0500 -@@ -25,6 +25,7 @@ - }; - - extern struct policydb_compat_info *policydb_lookup_compat(int version); -+extern void __sepol_debug_printf(const char *fmt, ...); ++ free(buffer); + if (errors) + errno = EINVAL; - /* Reading from a policy "file". */ - static inline void *next_entry(struct policy_file * fp, size_t bytes) diff --git a/libsepol.spec b/libsepol.spec index 3fc3577..98d587d 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,10 +1,11 @@ Summary: SELinux binary policy manipulation library Name: libsepol Version: 1.5.2 -Release: 1 +Release: 2 License: GPL Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz +patch: libsepol-rhat.patch Prefix: %{_prefix} BuildRoot: %{_tmppath}/%{name}-buildroot Provides: libsepol.so @@ -36,6 +37,7 @@ needed for developing applications that manipulate binary policies. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="%{optflags}" @@ -71,6 +73,9 @@ rm -rf ${RPM_BUILD_ROOT} /%{_lib}/libsepol.so.1 %changelog +* Thu Mar 24 2005 Dan Walsh 1.5.2-2 +- Handle booleans.local + * Thu Mar 17 2005 Dan Walsh 1.5.2-1 - Update to latest from NSA * Added man page for sepol_check_context.