|
|
bc0a935 |
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.26/include/selinux/selinux.h
|
|
|
017ea0e |
--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400
|
|
|
bc0a935 |
+++ libselinux-1.26/include/selinux/selinux.h 2005-09-12 17:05:36.000000000 -0400
|
|
|
017ea0e |
@@ -304,6 +304,12 @@
|
|
|
017ea0e |
extern int selinux_getenforcemode(int *enforce);
|
|
|
017ea0e |
|
|
|
017ea0e |
/*
|
|
|
bc0a935 |
+ selinux_getpolicytype reads the /etc/selinux/config file and determines
|
|
|
017ea0e |
+ whether the policy tyep for this machine, type must be freed.
|
|
|
017ea0e |
+ */
|
|
|
bc0a935 |
+extern void selinux_getpolicytype(char **type);
|
|
|
017ea0e |
+
|
|
|
017ea0e |
+/*
|
|
|
017ea0e |
selinux_policy_root reads the /etc/selinux/config file and returns
|
|
|
017ea0e |
the directory path under which the compiled policy file and context
|
|
|
017ea0e |
configuration files exist.
|
|
|
bc0a935 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.26/src/init.c
|
|
|
017ea0e |
--- nsalibselinux/src/init.c 2005-09-01 13:21:11.000000000 -0400
|
|
|
bc0a935 |
+++ libselinux-1.26/src/init.c 2005-09-12 17:13:20.000000000 -0400
|
|
|
017ea0e |
@@ -8,6 +8,7 @@
|
|
|
017ea0e |
#include <asm/page.h>
|
|
|
017ea0e |
#include <stdio.h>
|
|
|
017ea0e |
#include <dlfcn.h>
|
|
|
017ea0e |
+#include <limits.h>
|
|
|
017ea0e |
|
|
|
017ea0e |
#include "dso.h"
|
|
|
017ea0e |
#include "policy.h"
|
|
|
017ea0e |
@@ -85,9 +86,14 @@
|
|
|
017ea0e |
static void init_translations(void)
|
|
|
59d6552 |
{
|
|
|
017ea0e |
#ifdef SHARED
|
|
|
017ea0e |
+ char *path[PATH_MAX];
|
|
|
017ea0e |
+ char *type=NULL;
|
|
|
59d6552 |
int (*lib_trans_init)(void) = NULL;
|
|
|
017ea0e |
-
|
|
|
017ea0e |
- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
|
|
|
bc0a935 |
+ selinux_getpolicytype(&type);
|
|
|
017ea0e |
+ if (!type) return;
|
|
|
bc0a935 |
+ snprintf(path, PATH_MAX-1, "/$LIB/selinux/%s/libsetrans.so.0", type);
|
|
|
017ea0e |
+ free(type);
|
|
|
017ea0e |
+ translation_lib_handle = dlopen(path, RTLD_NOW);
|
|
|
59d6552 |
if (!translation_lib_handle)
|
|
|
59d6552 |
return;
|
|
|
e7e35da |
|
|
|
bc0a935 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.26/src/matchpathcon.c
|
|
|
bc0a935 |
--- nsalibselinux/src/matchpathcon.c 2005-08-24 09:07:11.000000000 -0400
|
|
|
bc0a935 |
+++ libselinux-1.26/src/matchpathcon.c 2005-09-12 17:05:37.000000000 -0400
|
|
|
bc0a935 |
@@ -25,6 +25,20 @@
|
|
|
bc0a935 |
va_end(ap);
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
|
|
|
bc0a935 |
+#define STRIP_LEVEL(CON) \
|
|
|
bc0a935 |
+ if (! mls_enabled) { \
|
|
|
bc0a935 |
+ int i=0; \
|
|
|
bc0a935 |
+ int ctr=0; \
|
|
|
bc0a935 |
+ while (CON[i]) { \
|
|
|
bc0a935 |
+ if (CON[i] == ':') ctr++; \
|
|
|
bc0a935 |
+ if (ctr==3) { \
|
|
|
bc0a935 |
+ CON[i]=0; \
|
|
|
bc0a935 |
+ break; \
|
|
|
bc0a935 |
+ } \
|
|
|
bc0a935 |
+ i++; \
|
|
|
bc0a935 |
+ } \
|
|
|
bc0a935 |
+ }
|
|
|
bc0a935 |
+
|
|
|
bc0a935 |
static void (*myprintf)(const char *fmt, ...) = &default_printf;
|
|
|
bc0a935 |
|
|
|
bc0a935 |
void set_matchpathcon_printf(void (*f)(const char *fmt, ...))
|
|
|
bc0a935 |
@@ -415,7 +429,7 @@
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
return;
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
-static int process_line( const char *path, char *line_buf, int pass, unsigned lineno) {
|
|
|
bc0a935 |
+static int process_line( const char *path, char *line_buf, int pass, unsigned lineno, int mls_enabled) {
|
|
|
bc0a935 |
int items, len, regerr;
|
|
|
bc0a935 |
char *buf_p;
|
|
|
bc0a935 |
char *regex, *type, *context;
|
|
|
bc0a935 |
@@ -438,6 +452,7 @@
|
|
|
bc0a935 |
} else if (items == 2) {
|
|
|
bc0a935 |
/* The type field is optional. */
|
|
|
bc0a935 |
free(context);
|
|
|
bc0a935 |
+ STRIP_LEVEL(type)
|
|
|
bc0a935 |
context = type;
|
|
|
bc0a935 |
type = 0;
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
@@ -510,7 +525,7 @@
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
|
|
|
bc0a935 |
skip_type:
|
|
|
bc0a935 |
-
|
|
|
bc0a935 |
+ STRIP_LEVEL(context)
|
|
|
bc0a935 |
spec_arr[nspec].context = context;
|
|
|
bc0a935 |
|
|
|
bc0a935 |
if (strcmp(context, "<<none>>")) {
|
|
|
bc0a935 |
@@ -557,6 +572,7 @@
|
|
|
bc0a935 |
unsigned int lineno, pass, i, j, maxnspec;
|
|
|
bc0a935 |
spec_t *spec_copy=NULL;
|
|
|
bc0a935 |
int status=-1;
|
|
|
bc0a935 |
+ int mls_enabled=is_selinux_mls_enabled();
|
|
|
bc0a935 |
|
|
|
bc0a935 |
/* Open the specification file. */
|
|
|
bc0a935 |
if (!path)
|
|
|
bc0a935 |
@@ -590,20 +606,20 @@
|
|
|
bc0a935 |
lineno = 0;
|
|
|
bc0a935 |
nspec = 0;
|
|
|
bc0a935 |
while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {
|
|
|
bc0a935 |
- if (process_line(path, line_buf, pass, ++lineno) != 0)
|
|
|
bc0a935 |
+ if (process_line(path, line_buf, pass, ++lineno, mls_enabled) != 0)
|
|
|
bc0a935 |
goto finish;
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
lineno = 0;
|
|
|
bc0a935 |
if (homedirfp)
|
|
|
bc0a935 |
while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {
|
|
|
bc0a935 |
- if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
|
|
|
bc0a935 |
+ if (process_line(homedir_path, line_buf, pass, ++lineno, mls_enabled) != 0)
|
|
|
bc0a935 |
goto finish;
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
|
|
|
bc0a935 |
lineno = 0;
|
|
|
bc0a935 |
if (localfp)
|
|
|
bc0a935 |
while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {
|
|
|
bc0a935 |
- if (process_line(local_path, line_buf, pass, ++lineno) != 0)
|
|
|
bc0a935 |
+ if (process_line(local_path, line_buf, pass, ++lineno, mls_enabled) != 0)
|
|
|
bc0a935 |
goto finish;
|
|
|
bc0a935 |
}
|
|
|
bc0a935 |
|
|
|
bc0a935 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.26/src/selinux_config.c
|
|
|
017ea0e |
--- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500
|
|
|
bc0a935 |
+++ libselinux-1.26/src/selinux_config.c 2005-09-13 12:46:22.682193000 -0400
|
|
|
bc0a935 |
@@ -85,6 +85,29 @@
|
|
|
59d6552 |
|
|
|
017ea0e |
static int use_compat_file_path;
|
|
|
017ea0e |
|
|
|
bc0a935 |
+void selinux_getpolicytype(char **rtype) {
|
|
|
017ea0e |
+ char *type=SELINUXDEFAULT;
|
|
|
017ea0e |
+ char buf[4097];
|
|
|
bc0a935 |
+ int i=0;
|
|
|
bc0a935 |
+ int len=sizeof(SELINUXTYPETAG)-1;
|
|
|
017ea0e |
+ FILE *cfg = fopen(SELINUXCONFIG,"r");
|
|
|
017ea0e |
+ if (cfg) {
|
|
|
017ea0e |
+ while (fgets_unlocked(buf, 4096, cfg)) {
|
|
|
017ea0e |
+ if (strncmp(buf,SELINUXTYPETAG,len)==0) {
|
|
|
017ea0e |
+ type=buf+len;
|
|
|
017ea0e |
+ break;
|
|
|
017ea0e |
+ }
|
|
|
017ea0e |
+ }
|
|
|
017ea0e |
+ fclose(cfg);
|
|
|
017ea0e |
+ }
|
|
|
017ea0e |
+ i=strlen(type)-1;
|
|
|
017ea0e |
+ while ((i>=0) &&
|
|
|
017ea0e |
+ (isspace(type[i]) || iscntrl(type[i]))) {
|
|
|
017ea0e |
+ type[i]=0;
|
|
|
017ea0e |
+ i--;
|
|
|
017ea0e |
+ }
|
|
|
017ea0e |
+ *rtype=strdup(type);
|
|
|
017ea0e |
+}
|
|
|
017ea0e |
int selinux_getenforcemode(int *enforce) {
|
|
|
017ea0e |
int ret=-1;
|
|
|
017ea0e |
FILE *cfg = fopen(SELINUXCONFIG,"r");
|
|
|
bc0a935 |
@@ -122,38 +145,24 @@
|
|
|
017ea0e |
|
|
|
017ea0e |
static void init_selinux_policyroot(void)
|
|
|
017ea0e |
{
|
|
|
017ea0e |
- char *type=SELINUXDEFAULT;
|
|
|
bc0a935 |
- int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
|
|
|
017ea0e |
- char buf[4097];
|
|
|
017ea0e |
- FILE *cfg;
|
|
|
bc0a935 |
+ char *type=NULL;
|
|
|
bc0a935 |
+ int i=0, len, len2;
|
|
|
017ea0e |
if (selinux_policyroot) return;
|
|
|
017ea0e |
if (access(SELINUXDIR, F_OK) != 0) {
|
|
|
017ea0e |
selinux_policyroot = SECURITYDIR;
|
|
|
017ea0e |
use_compat_file_path = 1;
|
|
|
017ea0e |
return;
|
|
|
017ea0e |
}
|
|
|
017ea0e |
- cfg = fopen(SELINUXCONFIG,"r");
|
|
|
017ea0e |
- if (cfg) {
|
|
|
017ea0e |
- while (fgets_unlocked(buf, 4096, cfg)) {
|
|
|
017ea0e |
- if (strncmp(buf,SELINUXTYPETAG,len)==0) {
|
|
|
017ea0e |
- type=buf+len;
|
|
|
017ea0e |
- break;
|
|
|
017ea0e |
- }
|
|
|
017ea0e |
- }
|
|
|
017ea0e |
- fclose(cfg);
|
|
|
017ea0e |
- }
|
|
|
017ea0e |
- i=strlen(type)-1;
|
|
|
017ea0e |
- while ((i>=0) &&
|
|
|
017ea0e |
- (isspace(type[i]) || iscntrl(type[i]))) {
|
|
|
017ea0e |
- type[i]=0;
|
|
|
017ea0e |
- i--;
|
|
|
017ea0e |
- }
|
|
|
bc0a935 |
+ selinux_getpolicytype(&type);
|
|
|
017ea0e |
+ if (!type) return;
|
|
|
017ea0e |
len=sizeof(SELINUXDIR) + strlen(type);
|
|
|
017ea0e |
selinux_policyroot=malloc(len);
|
|
|
017ea0e |
- if (!selinux_policyroot)
|
|
|
017ea0e |
+ if (!selinux_policyroot) {
|
|
|
017ea0e |
+ free(type);
|
|
|
017ea0e |
return;
|
|
|
017ea0e |
+ }
|
|
|
017ea0e |
snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
|
|
|
017ea0e |
-
|
|
|
017ea0e |
+ free(type);
|
|
|
017ea0e |
for (i = 0; i < NEL; i++) {
|
|
|
017ea0e |
len2 = len + strlen(file_path_suffixes_data.str
|
|
|
017ea0e |
+ file_path_suffixes_idx[i])+1;
|