diff --git a/libsepol-rhat.patch b/libsepol-rhat.patch index 109f00f..345b758 100644 --- a/libsepol-rhat.patch +++ b/libsepol-rhat.patch @@ -1,77 +1,88 @@ -diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/handle.h libsepol-2.0.5/include/sepol/handle.h ---- nsalibsepol/include/sepol/handle.h 2007-07-16 14:20:40.000000000 -0400 -+++ libsepol-2.0.5/include/sepol/handle.h 2007-08-10 09:42:16.000000000 -0400 -@@ -7,6 +7,10 @@ - /* Create and return a sepol handle. */ - sepol_handle_t *sepol_handle_create(void); +Index: libsepol/src/module.c +=================================================================== +--- libsepol/src/module.c (revision 2538) ++++ libsepol/src/module.c (working copy) +@@ -353,21 +353,27 @@ + struct policy_file *file, + size_t ** offsets, uint32_t * sections) + { +- uint32_t buf[3], nsec; ++ uint32_t *buf = NULL, nsec; + unsigned i; +- size_t *off; ++ size_t *off = NULL; + int rc; -+/* Set whether or not to disable dontaudits, 0 is default and does -+ * not disable dontaudits, 1 disables them */ -+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit); -+ - /* Destroy a sepol handle. */ - void sepol_handle_destroy(sepol_handle_t *); ++ buf = malloc(sizeof(uint32_t)*3); ++ if (!buf) { ++ ERR(file->handle, "out of memory"); ++ goto err; ++ } ++ + rc = next_entry(buf, file, sizeof(uint32_t) * 3); + if (rc < 0) { + ERR(file->handle, "module package header truncated"); +- return -1; ++ goto err; + } + if (le32_to_cpu(buf[0]) != SEPOL_MODULE_PACKAGE_MAGIC) { + ERR(file->handle, + "wrong magic number for module package: expected %u, got %u", + SEPOL_MODULE_PACKAGE_MAGIC, le32_to_cpu(buf[0])); +- return -1; ++ goto err; + } -diff --exclude-from=exclude -N -u -r nsalibsepol/src/expand.c libsepol-2.0.5/src/expand.c ---- nsalibsepol/src/expand.c 2007-07-16 14:20:41.000000000 -0400 -+++ libsepol-2.0.5/src/expand.c 2007-08-10 09:42:16.000000000 -0400 -@@ -1367,6 +1367,8 @@ - } else if (specified & AVRULE_AUDITDENY) { - spec = AVTAB_AUDITDENY; - } else if (specified & AVRULE_DONTAUDIT) { -+ if (handle->disable_dontaudit) -+ return EXPAND_RULE_SUCCESS; - spec = AVTAB_AUDITDENY; - } else if (specified & AVRULE_NEVERALLOW) { - spec = AVTAB_NEVERALLOW; -diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.c libsepol-2.0.5/src/handle.c ---- nsalibsepol/src/handle.c 2007-07-16 14:20:41.000000000 -0400 -+++ libsepol-2.0.5/src/handle.c 2007-08-10 09:42:16.000000000 -0400 -@@ -1,4 +1,5 @@ - #include -+#include - #include "handle.h" - #include "debug.h" + mod->version = le32_to_cpu(buf[1]); +@@ -376,23 +382,29 @@ + if (nsec > MAXSECTIONS) { + ERR(file->handle, "too many sections (%u) in module package", + nsec); +- return -1; ++ goto err; + } -@@ -13,9 +14,18 @@ - sh->msg_callback = sepol_msg_default_handler; - sh->msg_callback_arg = NULL; + off = (size_t *) malloc((nsec + 1) * sizeof(size_t)); + if (!off) { + ERR(file->handle, "out of memory"); +- return -1; ++ goto err; + } -+ /* by default do not disable dontaudits */ -+ sh->disable_dontaudit = 0; -+ - return sh; - } +- rc = next_entry(off, file, sizeof(uint32_t) * nsec); ++ free(buf); ++ buf = malloc(sizeof(uint32_t) * nsec); ++ if (!buf) { ++ ERR(file->handle, "out of memory"); ++ goto err; ++ } ++ rc = next_entry(buf, file, sizeof(uint32_t) * nsec); + if (rc < 0) { + ERR(file->handle, "module package offset array truncated"); +- return -1; ++ goto err; + } -+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit) -+{ -+ assert(sh !=NULL); -+ sh->disable_dontaudit = disable_dontaudit; -+} -+ - void sepol_handle_destroy(sepol_handle_t * sh) - { - free(sh); -diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.h libsepol-2.0.5/src/handle.h ---- nsalibsepol/src/handle.h 2007-07-16 14:20:40.000000000 -0400 -+++ libsepol-2.0.5/src/handle.h 2007-08-10 09:42:16.000000000 -0400 -@@ -14,6 +14,9 @@ - void (*msg_callback) (void *varg, - sepol_handle_t * handle, const char *fmt, ...); - void *msg_callback_arg; -+ -+ int disable_dontaudit; + for (i = 0; i < nsec; i++) { +- off[i] = le32_to_cpu(off[i]); ++ off[i] = le32_to_cpu(buf[i]); + if (i && off[i] < off[i - 1]) { + ERR(file->handle, "offsets are not increasing (at %u, " + "offset %zu -> %zu", i, off[i - 1], +@@ -401,10 +413,15 @@ + } + } + +- ++ free(buf); + off[nsec] = policy_file_length(file); + *offsets = off; + return 0; + - }; ++err: ++ free(buf); ++ free(off); ++ return -1; + } - #endif -diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-2.0.5/src/libsepol.map ---- nsalibsepol/src/libsepol.map 2007-07-16 14:20:41.000000000 -0400 -+++ libsepol-2.0.5/src/libsepol.map 2007-08-10 09:42:16.000000000 -0400 -@@ -12,5 +12,6 @@ - sepol_policydb_*; sepol_set_policydb_from_file; - sepol_policy_kern_*; - sepol_policy_file_*; -+ sepol_set_disable_dontaudit; - local: *; - }; + /* Flags for which sections have been seen during parsing of module package. */ diff --git a/libsepol.spec b/libsepol.spec index 7d57e35..19e923f 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -2,11 +2,12 @@ Summary: SELinux binary policy manipulation library Name: libsepol Version: 2.0.7 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz URL: http://www.selinuxproject.org +Patch: libsepol-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Provides: libsepol.so @@ -38,6 +39,7 @@ needed for developing applications that manipulate binary policies. %prep %setup -q +%patch -p 1 -b .rhat # sparc64 is an -fPIC arch, so we need to fix it here %ifarch sparc64 sed -i 's/fpic/fPIC/g' src/Makefile