diff -up libselinux-2.1.12/src/avc_internal.c.f19 libselinux-2.1.12/src/avc_internal.c
--- libselinux-2.1.12/src/avc_internal.c.f19 2012-09-13 13:26:50.000000000 -0400
+++ libselinux-2.1.12/src/avc_internal.c 2013-03-06 13:55:15.411795519 -0500
@@ -60,13 +60,12 @@ int avc_netlink_open(int blocking)
int len, rc = 0;
struct sockaddr_nl addr;
- fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_SELINUX);
+ fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX);
if (fd < 0) {
rc = fd;
goto out;
}
- fcntl(fd, F_SETFD, FD_CLOEXEC);
if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) {
close(fd);
fd = -1;
diff -up libselinux-2.1.12/src/fgetfilecon.c.f19 libselinux-2.1.12/src/fgetfilecon.c
--- libselinux-2.1.12/src/fgetfilecon.c.f19 2012-09-13 13:26:50.000000000 -0400
+++ libselinux-2.1.12/src/fgetfilecon.c 2013-03-06 13:55:15.412795523 -0500
@@ -39,7 +39,7 @@ int fgetfilecon_raw(int fd, security_con
out:
if (ret == 0) {
/* Re-map empty attribute values to errors. */
- errno = EOPNOTSUPP;
+ errno = ENOTSUP;
ret = -1;
}
if (ret < 0)
diff -up libselinux-2.1.12/src/getfilecon.c.f19 libselinux-2.1.12/src/getfilecon.c
--- libselinux-2.1.12/src/getfilecon.c.f19 2012-09-13 13:26:50.000000000 -0400
+++ libselinux-2.1.12/src/getfilecon.c 2013-03-06 13:55:15.412795523 -0500
@@ -39,7 +39,7 @@ int getfilecon_raw(const char *path, sec
out:
if (ret == 0) {
/* Re-map empty attribute values to errors. */
- errno = EOPNOTSUPP;
+ errno = ENOTSUP;
ret = -1;
}
if (ret < 0)
diff -up libselinux-2.1.12/src/label_file.c.f19 libselinux-2.1.12/src/label_file.c
--- libselinux-2.1.12/src/label_file.c.f19 2013-03-06 13:55:15.394795448 -0500
+++ libselinux-2.1.12/src/label_file.c 2013-03-08 12:37:41.305333387 -0500
@@ -245,6 +245,7 @@ static int load_mmap(struct selabel_hand
char *addr;
size_t len;
int stem_map_len, *stem_map;
+ struct mmap_area *mmap_area;
uint32_t *magic;
uint32_t *section_len;
@@ -255,7 +256,7 @@ static int load_mmap(struct selabel_hand
return -1;
mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
- if (!mmapfd)
+ if (mmapfd < 0)
return -1;
rc = fstat(mmapfd, &mmap_stat);
@@ -281,13 +282,26 @@ static int load_mmap(struct selabel_hand
len += (sysconf(_SC_PAGE_SIZE) - 1);
len &= ~(sysconf(_SC_PAGE_SIZE) - 1);
+ mmap_area = malloc(sizeof(*mmap_area));
+ if (!mmap_area) {
+ close(mmapfd);
+ return -1;
+ }
+
addr = mmap(NULL, len, PROT_READ, MAP_PRIVATE, mmapfd, 0);
close(mmapfd);
if (addr == MAP_FAILED) {
+ free(mmap_area);
perror("mmap");
return -1;
}
+ /* save where we mmap'd the file to cleanup on close() */
+ mmap_area->addr = addr;
+ mmap_area->len = len;
+ mmap_area->next = data->mmap_areas;
+ data->mmap_areas = mmap_area;
+
/* check if this looks like an fcontext file */
magic = (uint32_t *)addr;
if (*magic != SELINUX_MAGIC_COMPILED_FCONTEXT)
@@ -330,8 +344,10 @@ static int load_mmap(struct selabel_hand
newid = find_stem(data, buf, stem_len);
if (newid < 0) {
newid = store_stem(data, buf, stem_len);
- if (newid < 0)
- return newid;
+ if (newid < 0) {
+ rc = newid;
+ goto err;
+ }
data->stem_arr[newid].from_mmap = 1;
}
stem_map[i] = newid;
@@ -347,7 +363,7 @@ static int load_mmap(struct selabel_hand
rc = grow_specs(data);
if (rc < 0)
- return rc;
+ goto err;
spec = &data->spec_arr[data->nspec];
spec->from_mmap = 1;
@@ -355,9 +371,11 @@ static int load_mmap(struct selabel_hand
plen = (uint32_t *)addr;
addr += sizeof(uint32_t);
+ rc = -1;
spec->lr.ctx_raw = strdup((char *)addr);
if (!spec->lr.ctx_raw)
- return -1;
+ goto err;
+
addr += *plen;
plen = (uint32_t *)addr;
@@ -370,12 +388,10 @@ static int load_mmap(struct selabel_hand
/* map the stem id from the mmap file to the data->stem_arr */
stem_id = *(int32_t *)addr;
- if (stem_id == -1) {
+ if (stem_id == -1 || stem_id >= stem_map_len)
spec->stem_id = -1;
- } else {
- assert(stem_id <= stem_map_len);
+ else
spec->stem_id = stem_map[stem_id];
- }
addr += sizeof(int32_t);
/* retrieve the hasMetaChars bit */
@@ -395,11 +411,12 @@ static int load_mmap(struct selabel_hand
data->nspec++;
}
-
+ /* win */
+ rc = 0;
+err:
free(stem_map);
- /* win */
- return 0;
+ return rc;
}
static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix)
@@ -529,18 +546,19 @@ finish:
static void closef(struct selabel_handle *rec)
{
struct saved_data *data = (struct saved_data *)rec->data;
+ struct mmap_area *area, *last_area;
struct spec *spec;
struct stem *stem;
unsigned int i;
for (i = 0; i < data->nspec; i++) {
spec = &data->spec_arr[i];
+ free(spec->lr.ctx_trans);
+ free(spec->lr.ctx_raw);
if (spec->from_mmap)
continue;
free(spec->regex_str);
free(spec->type_str);
- free(spec->lr.ctx_raw);
- free(spec->lr.ctx_trans);
if (spec->regcomp) {
pcre_free(spec->regex);
pcre_free_study(spec->sd);
@@ -558,7 +576,14 @@ static void closef(struct selabel_handle
free(data->spec_arr);
if (data->stem_arr)
free(data->stem_arr);
-
+
+ area = data->mmap_areas;
+ while (area) {
+ munmap(area->addr, area->len);
+ last_area = area;
+ area = area->next;
+ free(last_area);
+ }
free(data);
}
@@ -624,6 +649,8 @@ static struct selabel_lookup_rec *lookup
break;
} else if (rc == PCRE_ERROR_NOMATCH)
continue;
+
+ errno = ENOENT;
/* else it's an error */
goto finish;
}
@@ -635,6 +662,7 @@ static struct selabel_lookup_rec *lookup
goto finish;
}
+ errno = 0;
ret = &spec_arr[i].lr;
finish:
diff -up libselinux-2.1.12/src/label_file.h.f19 libselinux-2.1.12/src/label_file.h
--- libselinux-2.1.12/src/label_file.h.f19 2013-03-06 13:55:15.395795452 -0500
+++ libselinux-2.1.12/src/label_file.h 2013-03-06 13:55:15.414795531 -0500
@@ -33,6 +33,13 @@ struct stem {
char from_mmap;
};
+/* Where we map the file in during selabel_open() */
+struct mmap_area {
+ void *addr;
+ size_t len;
+ struct mmap_area *next;
+};
+
/* Our stored configuration */
struct saved_data {
/*
@@ -49,6 +56,7 @@ struct saved_data {
struct stem *stem_arr;
int num_stems;
int alloc_stems;
+ struct mmap_area *mmap_areas;
};
static inline pcre_extra *get_pcre_extra(struct spec *spec)
diff -up libselinux-2.1.12/src/lgetfilecon.c.f19 libselinux-2.1.12/src/lgetfilecon.c
--- libselinux-2.1.12/src/lgetfilecon.c.f19 2012-09-13 13:26:50.000000000 -0400
+++ libselinux-2.1.12/src/lgetfilecon.c 2013-03-06 13:55:15.415795536 -0500
@@ -39,7 +39,7 @@ int lgetfilecon_raw(const char *path, se
out:
if (ret == 0) {
/* Re-map empty attribute values to errors. */
- errno = EOPNOTSUPP;
+ errno = ENOTSUP;
ret = -1;
}
if (ret < 0)
diff -up libselinux-2.1.12/src/mapping.c.f19 libselinux-2.1.12/src/mapping.c
--- libselinux-2.1.12/src/mapping.c.f19 2012-09-13 13:26:50.000000000 -0400
+++ libselinux-2.1.12/src/mapping.c 2013-03-06 13:55:15.415795536 -0500
@@ -66,7 +66,7 @@ selinux_set_mapping(struct security_clas
goto err2;
k = 0;
- while (p_in->perms && p_in->perms[k]) {
+ while (p_in->perms[k]) {
/* An empty permission string skips ahead */
if (!*p_in->perms[k]) {
k++;
diff -up libselinux-2.1.12/utils/sefcontext_compile.c.f19 libselinux-2.1.12/utils/sefcontext_compile.c
--- libselinux-2.1.12/utils/sefcontext_compile.c.f19 2013-03-06 13:59:26.567841949 -0500
+++ libselinux-2.1.12/utils/sefcontext_compile.c 2013-03-08 12:24:54.014002976 -0500
@@ -145,7 +145,7 @@ static int process_file(struct saved_dat
* u32 - data length of the pcre regex study daya
* char - a buffer holding the raw pcre regex study data
*/
-static int write_binary_file(struct saved_data *data, char *filename)
+static int write_binary_file(struct saved_data *data, int fd)
{
struct spec *specs = data->spec_arr;
FILE *bin_file;
@@ -153,8 +153,9 @@ static int write_binary_file(struct save
uint32_t magic = SELINUX_MAGIC_COMPILED_FCONTEXT;
uint32_t section_len;
uint32_t i;
+ int rc;
- bin_file = fopen(filename, "w");
+ bin_file = fdopen(fd, "w");
if (!bin_file) {
perror("fopen output_file");
exit(EXIT_FAILURE);
@@ -163,19 +164,19 @@ static int write_binary_file(struct save
/* write some magic number */
len = fwrite(&magic, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* write the version */
section_len = SELINUX_COMPILED_FCONTEXT_MAX_VERS;
len = fwrite(§ion_len, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* write the number of stems coming */
section_len = data->num_stems;
len = fwrite(§ion_len, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
for (i = 0; i < section_len; i++) {
char *stem = data->stem_arr[i].buf;
@@ -184,20 +185,20 @@ static int write_binary_file(struct save
/* write the strlen (aka no nul) */
len = fwrite(&stem_len, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* include the nul in the file */
stem_len += 1;
len = fwrite(stem, sizeof(char), stem_len, bin_file);
if (len != stem_len)
- return -1;
+ goto err;
}
/* write the number of regexes coming */
section_len = data->nspec;
len = fwrite(§ion_len, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
for (i = 0; i < section_len; i++) {
char *context = specs[i].lr.ctx_raw;
@@ -208,82 +209,85 @@ static int write_binary_file(struct save
pcre_extra *sd = get_pcre_extra(&specs[i]);
uint32_t to_write;
size_t size;
- int rc;
/* length of the context string (including nul) */
to_write = strlen(context) + 1;
len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* original context strin (including nul) */
len = fwrite(context, sizeof(char), to_write, bin_file);
if (len != to_write)
- return -1;
+ goto err;
/* length of the original regex string (including nul) */
to_write = strlen(regex_str) + 1;
len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* original regex string */
len = fwrite(regex_str, sizeof(char), to_write, bin_file);
if (len != to_write)
- return -1;
+ goto err;
/* binary F_MODE bits */
len = fwrite(&mode, sizeof(mode), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* stem for this regex (could be -1) */
len = fwrite(&stem_id, sizeof(stem_id), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* does this spec have a metaChar? */
to_write = specs[i].hasMetaChars;
len = fwrite(&to_write, sizeof(to_write), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* determine the size of the pcre data in bytes */
rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
if (rc < 0)
- return -1;
+ goto err;
/* write the number of bytes in the pcre data */
to_write = size;
len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* write the actual pcre data as a char array */
len = fwrite(re, 1, to_write, bin_file);
if (len != to_write)
- return -1;
+ goto err;
/* determine the size of the pcre study info */
rc = pcre_fullinfo(re, sd, PCRE_INFO_STUDYSIZE, &size);
if (rc < 0)
- return -1;
+ goto err;
/* write the number of bytes in the pcre study data */
to_write = size;
len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
if (len != 1)
- return -1;
+ goto err;
/* write the actual pcre study data as a char array */
len = fwrite(sd->study_data, 1, to_write, bin_file);
if (len != to_write)
- return -1;
+ goto err;
}
+ rc = 0;
+out:
fclose(bin_file);
-
- return 0;
+ return rc;
+err:
+ rc = -1;
+ goto out;
}
static int free_specs(struct saved_data *data)
@@ -317,7 +321,9 @@ int main(int argc, char *argv[])
const char *path;
char stack_path[PATH_MAX + 1];
int rc;
-
+ char *tmp= NULL;
+ int fd;
+
if (argc != 2) {
fprintf(stderr, "usage: %s input_file\n", argv[0]);
exit(EXIT_FAILURE);
@@ -338,13 +344,29 @@ int main(int argc, char *argv[])
rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path);
if (rc < 0 || rc >= sizeof(stack_path))
return rc;
- rc = write_binary_file(&data, stack_path);
+
+ if (asprintf(&tmp, "%sXXXXXX", stack_path) < 0)
+ return -1;
+
+ fd = mkstemp(tmp);
+ if (fd < 0)
+ goto err;
+
+ rc = write_binary_file(&data, fd);
+
if (rc < 0)
- return rc;
+ goto err;
+ rename(tmp, stack_path);
rc = free_specs(&data);
if (rc < 0)
- return rc;
+ goto err;
- return 0;
+ rc = 0;
+out:
+ free(tmp);
+ return rc;
+err:
+ rc = -1;
+ goto out;
}