diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 8eeb276..5cc510b 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,1327 +1,49 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.30.3/include/selinux/setrans.h ---- nsalibselinux/include/selinux/setrans.h 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.30.3/include/selinux/setrans.h 2006-05-03 09:25:00.000000000 -0400 -@@ -0,0 +1,32 @@ -+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ -+ -+#ifndef _SETRANS_H -+#define _SETRANS_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* This must be called once, prior to calling any other -+ translation function. -+ Returns nonzero if translations cannot be performed, -+ or 0 otherwise. */ -+int init_context_translations(void); -+ -+/* Perform context translation. -+ Caller must free the resulting context. -+ Returns nonzero if error or 0 otherwise. */ -+int translate_context(const char *, char **); -+int untranslate_context(const char *, char **); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix" -+ -+#define SETRANS_INIT 1 -+#define RAW_TO_TRANS_CONTEXT 2 -+#define TRANS_TO_RAW_CONTEXT 3 -+ -+#endif /* _SETRANS_H */ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c libselinux-1.30.3/src/canonicalize_context.c ---- nsalibselinux/src/canonicalize_context.c 2005-11-08 09:34:17.000000000 -0500 -+++ libselinux-1.30.3/src/canonicalize_context.c 2006-05-03 11:00:33.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - #include -@@ -23,7 +22,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -64,22 +63,16 @@ - security_context_t rcon = con; - security_context_t rcanoncon; - -- if (context_translations && trans_to_raw_context(con, &rcon)) -+ -+ if (selinux_trans_to_raw_context(con, &rcon)) - return -1; - - ret = security_canonicalize_context_raw(rcon, &rcanoncon); - -- if (context_translations) { -- freecon(rcon); -- if (!ret) { -- if (raw_to_trans_context(rcanoncon, canoncon)) { -- *canoncon = NULL; -- ret = -1; -- } -- freecon(rcanoncon); -- } -- } else if (!ret) { -- *canoncon = rcanoncon; -+ freecon(rcon); -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rcanoncon, canoncon); -+ freecon(rcanoncon); - } - - return ret; -diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.30.3/src/check_context.c ---- nsalibselinux/src/check_context.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/check_context.c 2006-05-03 10:59:57.000000000 -0400 -@@ -32,13 +32,12 @@ - int ret; - security_context_t rcon = con; - -- if (context_translations && trans_to_raw_context(con, &rcon)) -+ if (selinux_trans_to_raw_context(con, &rcon)) - return -1; - - ret = security_check_context_raw(rcon); - -- if (context_translations) -- freecon(rcon); -+ freecon(rcon); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.30.3/src/compute_av.c ---- nsalibselinux/src/compute_av.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/compute_av.c 2006-05-03 11:00:48.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - #include -@@ -26,7 +25,7 @@ - if (fd < 0) - return -1; - -- len = PAGE_SIZE; -+ len = selinux_page_size; - buf = malloc(len); - if (!buf) { - ret = -1; -@@ -70,21 +69,17 @@ - security_context_t rscon = scon; - security_context_t rtcon = tcon; - -- if (context_translations) { -- if (trans_to_raw_context(scon, &rscon)) -- return -1; -- if (trans_to_raw_context(tcon, &rtcon)) { -- freecon(rscon); -- return -1; -- } -+ if (selinux_trans_to_raw_context(scon, &rscon)) -+ return -1; -+ if (selinux_trans_to_raw_context(tcon, &rtcon)) { -+ freecon(rscon); -+ return -1; - } - - ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd); - -- if (context_translations) { -- freecon(rscon); -- freecon(rtcon); -- } -+ freecon(rscon); -+ freecon(rtcon); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.30.3/src/compute_create.c ---- nsalibselinux/src/compute_create.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/compute_create.c 2006-05-03 11:04:26.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - #include -@@ -25,7 +24,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -66,29 +65,21 @@ - security_context_t rtcon = tcon; - security_context_t rnewcon; - -- if (context_translations) { -- if (trans_to_raw_context(scon, &rscon)) -- return -1; -- if (trans_to_raw_context(tcon, &rtcon)) { -- freecon(rscon); -- return -1; -- } -+ if (selinux_trans_to_raw_context(scon, &rscon)) -+ return -1; -+ if (selinux_trans_to_raw_context(tcon, &rtcon)) { -+ freecon(rscon); -+ return -1; - } - - ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon); - -- if (context_translations) { -- freecon(rscon); -- freecon(rtcon); -- if (!ret) { -- if (raw_to_trans_context(rnewcon, newcon)) { -- *newcon = NULL; -- ret = -1; -- } -- freecon(rnewcon); -- } -- } else if (!ret) -- *newcon = rnewcon; -+ freecon(rscon); -+ freecon(rtcon); -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rnewcon, newcon); -+ freecon(rnewcon); -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.30.3/src/compute_member.c ---- nsalibselinux/src/compute_member.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/compute_member.c 2006-05-03 11:01:44.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - #include -@@ -25,7 +24,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -66,29 +65,24 @@ - security_context_t rtcon = tcon; - security_context_t rnewcon; - -- if (context_translations) { -- if (trans_to_raw_context(scon, &rscon)) -- return -1; -- if (trans_to_raw_context(tcon, &rtcon)) { -- freecon(rscon); -- return -1; -- } -+ if (selinux_trans_to_raw_context(scon, &rscon)) -+ return -1; -+ if (selinux_trans_to_raw_context(tcon, &rtcon)) { -+ freecon(rscon); -+ return -1; - } - - ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon); - -- if (context_translations) { -- freecon(rscon); -- freecon(rtcon); -- if (!ret) { -- if (raw_to_trans_context(rnewcon, newcon)) { -- *newcon = NULL; -- ret = -1; -- } -- freecon(rnewcon); -+ freecon(rscon); -+ freecon(rtcon); -+ if (!ret) { -+ if (selinux_raw_to_trans_context(rnewcon, newcon)) { -+ *newcon = NULL; -+ ret = -1; - } -- } else if (!ret) -- *newcon = rnewcon; -+ freecon(rnewcon); -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.30.3/src/compute_relabel.c ---- nsalibselinux/src/compute_relabel.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/compute_relabel.c 2006-05-03 11:04:30.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - #include -@@ -25,7 +24,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -66,29 +65,21 @@ - security_context_t rtcon = tcon; - security_context_t rnewcon; - -- if (context_translations) { -- if (trans_to_raw_context(scon, &rscon)) -- return -1; -- if (trans_to_raw_context(tcon, &rtcon)) { -- freecon(rscon); -- return -1; -- } -+ if (selinux_trans_to_raw_context(scon, &rscon)) -+ return -1; -+ if (selinux_trans_to_raw_context(tcon, &rtcon)) { -+ freecon(rscon); -+ return -1; - } - - ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon); - -- if (context_translations) { -- freecon(rscon); -- freecon(rtcon); -- if (!ret) { -- if (raw_to_trans_context(rnewcon, newcon)) { -- *newcon = NULL; -- ret = -1; -- } -- freecon(rnewcon); -- } -- } else if (!ret) -- *newcon = rnewcon; -+ freecon(rscon); -+ freecon(rtcon); -+ if (!ret) { -+ ret=selinux_raw_to_trans_context(rnewcon, newcon); -+ freecon(rnewcon); -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.30.3/src/compute_user.c ---- nsalibselinux/src/compute_user.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/compute_user.c 2006-05-03 11:02:16.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - #include -@@ -26,7 +25,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -82,24 +81,22 @@ - int ret; - security_context_t rscon = scon; - -- if (context_translations && trans_to_raw_context(scon, &rscon)) -+ if (selinux_trans_to_raw_context(scon, &rscon)) - return -1; - - ret = security_compute_user_raw(rscon, user, con); - -- if (context_translations) { -- freecon(rscon); -- if (!ret) { -- security_context_t *ptr, tmpcon; -- for (ptr = *con; *ptr; ptr++) { -- if (raw_to_trans_context(*ptr, &tmpcon)) { -- freeconary(*con); -- *con = NULL; -- return -1; -- } -- freecon(*ptr); -- *ptr = tmpcon; -+ freecon(rscon); -+ if (!ret) { -+ security_context_t *ptr, tmpcon; -+ for (ptr = *con; *ptr; ptr++) { -+ if (selinux_raw_to_trans_context(*ptr, &tmpcon)) { -+ freeconary(*con); -+ *con = NULL; -+ return -1; - } -+ freecon(*ptr); -+ *ptr = tmpcon; - } - } - -diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30.3/src/enabled.c ---- nsalibselinux/src/enabled.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/enabled.c 2006-05-02 14:48:35.000000000 -0400 -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include - #include "policy.h" - -@@ -22,7 +21,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - enabled = -1; -diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.3/src/fgetfilecon.c ---- nsalibselinux/src/fgetfilecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/fgetfilecon.c 2006-05-03 10:55:46.000000000 -0400 -@@ -52,14 +52,10 @@ - - ret = fgetfilecon_raw(fd, &rcontext); - -- if (context_translations && ret > 0) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (ret > 0) { -+ ret=selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (ret > 0) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.30.3/src/fsetfilecon.c ---- nsalibselinux/src/fsetfilecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/fsetfilecon.c 2006-05-03 11:02:20.000000000 -0400 -@@ -18,13 +18,12 @@ - int ret; - security_context_t rcontext = context; - -- if (context_translations && trans_to_raw_context(context, &rcontext)) -+ if (selinux_trans_to_raw_context(context, &rcontext)) - return -1; - - ret = fsetfilecon_raw(fd, rcontext); - -- if (context_translations) -- freecon(rcontext); -+ freecon(rcontext); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30.3/src/getcon.c ---- nsalibselinux/src/getcon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/getcon.c 2006-05-03 11:02:25.000000000 -0400 -@@ -4,7 +4,6 @@ - #include "selinux_internal.h" - #include - #include --#include - #include "policy.h" - - int getcon_raw(security_context_t *context) -@@ -18,7 +17,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -51,14 +50,13 @@ - - ret = getcon_raw(&rcontext); - -- if (context_translations && !ret) { -- if (raw_to_trans_context(rcontext, context)) { -+ if (!ret) { -+ if (selinux_raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.30.6/utils/avcstat.c +--- nsalibselinux/utils/avcstat.c 2005-05-19 15:24:25.000000000 -0400 ++++ libselinux-1.30.6/utils/avcstat.c 2006-05-09 15:09:13.000000000 -0400 +@@ -27,12 +27,12 @@ + #define HEADERS "lookups hits misses allocations reclaims frees" + + struct avc_cache_stats { +- unsigned int lookups; +- unsigned int hits; +- unsigned int misses; +- unsigned int allocations; +- unsigned int reclaims; +- unsigned int frees; ++ unsigned long long lookups; ++ unsigned long long hits; ++ unsigned long long misses; ++ unsigned long long allocations; ++ unsigned long long reclaims; ++ unsigned long long frees; + }; + + static int interval; +@@ -172,7 +172,7 @@ + while ((line = strtok(NULL, "\n"))) { + struct avc_cache_stats tmp; + +- ret = sscanf(line, "%u %u %u %u %u %u", ++ ret = sscanf(line, "%Lu %Lu %Lu %Lu %Lu %Lu", + &tmp.lookups, + &tmp.hits, + &tmp.misses, +@@ -195,7 +195,7 @@ + die("unable to parse \'%s\': no data", avcstatfile); + + if (cumulative || (!cumulative && !i)) +- printf("%10u %10u %10u %10u %10u %10u\n", ++ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", + tot.lookups, tot.hits, tot.misses, + tot.allocations, tot.reclaims, tot.frees); + else { +@@ -205,7 +205,7 @@ + rel.allocations = tot.allocations - last.allocations; + rel.reclaims = tot.reclaims - last.reclaims; + rel.frees = tot.frees - last.frees; +- printf("%10u %10u %10u %10u %10u %10u\n", ++ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", + rel.lookups, rel.hits, rel.misses, + rel.allocations, rel.reclaims, rel.frees); } - freecon(rcontext); -- } else if (!ret) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.30.3/src/getexeccon.c ---- nsalibselinux/src/getexeccon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getexeccon.c 2006-05-03 11:04:35.000000000 -0400 -@@ -3,7 +3,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - -@@ -18,7 +17,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -56,14 +55,10 @@ - - ret = getexeccon_raw(&rcontext); - -- if (context_translations && !ret) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (!ret) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.3/src/getfilecon.c ---- nsalibselinux/src/getfilecon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/getfilecon.c 2006-05-03 10:54:32.000000000 -0400 -@@ -52,14 +52,10 @@ - - ret = getfilecon_raw(path, &rcontext); - -- if (context_translations && ret > 0) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (ret > 0) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (ret > 0) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.30.3/src/getfscreatecon.c ---- nsalibselinux/src/getfscreatecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getfscreatecon.c 2006-05-03 11:04:45.000000000 -0400 -@@ -3,7 +3,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - -@@ -18,7 +17,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -56,14 +55,10 @@ - - ret = getfscreatecon_raw(&rcontext); - -- if (context_translations && !ret) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (!ret) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.30.3/src/getpeercon.c ---- nsalibselinux/src/getpeercon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getpeercon.c 2006-05-03 11:03:09.000000000 -0400 -@@ -51,14 +51,10 @@ - - ret = getpeercon_raw(fd, &rcontext); - -- if (context_translations && !ret) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (!ret) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.30.3/src/getpidcon.c ---- nsalibselinux/src/getpidcon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/getpidcon.c 2006-05-03 11:03:33.000000000 -0400 -@@ -4,7 +4,6 @@ - #include - #include - #include --#include - #include "selinux_internal.h" - #include "policy.h" - -@@ -22,7 +21,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -55,14 +54,10 @@ - - ret = getpidcon_raw(pid, &rcontext); - -- if (context_translations && !ret) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (!ret) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.30.3/src/getprevcon.c ---- nsalibselinux/src/getprevcon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/getprevcon.c 2006-05-03 11:03:45.000000000 -0400 -@@ -4,7 +4,6 @@ - #include "selinux_internal.h" - #include - #include --#include - #include "policy.h" - - int getprevcon_raw(security_context_t *context) -@@ -18,7 +17,7 @@ - if (fd < 0) - return -1; - -- size = PAGE_SIZE; -+ size = selinux_page_size; - buf = malloc(size); - if (!buf) { - ret = -1; -@@ -51,14 +50,10 @@ - - ret = getprevcon_raw(&rcontext); - -- if (context_translations && !ret) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (!ret) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (!ret) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/src/init.c ---- nsalibselinux/src/init.c 2005-12-14 14:16:46.000000000 -0500 -+++ libselinux-1.30.3/src/init.c 2006-05-03 10:30:57.000000000 -0400 -@@ -4,15 +4,16 @@ - #include - #include - #include --#include - #include - #include -+#include - - #include "dso.h" - #include "policy.h" - #include "selinux_internal.h" - - char *selinux_mnt = NULL; -+int selinux_page_size=0; - - static void init_selinuxmnt(void) - { -@@ -27,11 +28,12 @@ - if (!fp) - return; - -- size = PAGE_SIZE; -+ size = selinux_page_size; -+ - buf = malloc(size); - if (!buf) - goto out; -- -+ - memset(buf, 0, size); - - while(( bufp = fgets_unlocked(buf, size, fp))) -@@ -75,65 +77,15 @@ - } - hidden_def(set_selinuxmnt) - --int context_translations hidden; --void *translation_lib_handle hidden; -- --/* from libsetrans.c */ --extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp); --extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp); -- -- - static void init_translations(void) - { --#ifdef SHARED -- int (*lib_trans_init)(void) = NULL; -- -- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW); -- if (!translation_lib_handle) -- return; -- -- dlerror(); -- -- lib_trans_init = dlsym(translation_lib_handle, -- "init_context_translations"); -- if (dlerror() || lib_trans_init()) -- return; -- -- lib_raw_to_trans_context = dlsym(translation_lib_handle, -- "translate_context"); -- if (dlerror()) -- return; -- -- lib_trans_to_raw_context = dlsym(translation_lib_handle, -- "untranslate_context"); -- if (dlerror()) -- return; -- -- context_translations = 1; --#endif --} -- --static void fini_translations(void) --{ --#ifdef SHARED -- context_translations = 0; -- if (translation_lib_handle) { -- int (*lib_trans_finish)(void) = NULL; -- -- lib_trans_finish = dlsym(translation_lib_handle, -- "finish_context_translations"); -- if (! dlerror()) -- lib_trans_finish(); -- -- dlclose(translation_lib_handle); -- translation_lib_handle = NULL; -- } --#endif -+ init_context_translations(); - } - - static void init_lib(void) __attribute__ ((constructor)); - static void init_lib(void) - { -+ selinux_page_size = sysconf(_SC_PAGE_SIZE); - init_selinuxmnt(); - init_translations(); - } -@@ -141,6 +93,5 @@ - static void fini_lib(void) __attribute__ ((destructor)); - static void fini_lib(void) - { -- fini_translations(); - fini_selinuxmnt(); - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.3/src/lgetfilecon.c ---- nsalibselinux/src/lgetfilecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/lgetfilecon.c 2006-05-03 10:55:25.000000000 -0400 -@@ -52,14 +52,10 @@ - - ret = lgetfilecon_raw(path, &rcontext); - -- if (context_translations && ret > 0) { -- if (raw_to_trans_context(rcontext, context)) { -- *context = NULL; -- ret = -1; -- } -+ if (ret > 0) { -+ ret = selinux_raw_to_trans_context(rcontext, context); - freecon(rcontext); -- } else if (ret > 0) -- *context = rcontext; -+ } - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.30.3/src/lsetfilecon.c ---- nsalibselinux/src/lsetfilecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/lsetfilecon.c 2006-05-03 11:03:50.000000000 -0400 -@@ -18,13 +18,12 @@ - int ret; - security_context_t rcontext = context; - -- if (context_translations && trans_to_raw_context(context, &rcontext)) -+ if (selinux_trans_to_raw_context(context, &rcontext)) - return -1; - - ret = lsetfilecon_raw(path, rcontext); - -- if (context_translations) -- freecon(rcontext); -+ freecon(rcontext); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.30.3/src/matchmediacon.c ---- nsalibselinux/src/matchmediacon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/matchmediacon.c 2006-05-03 11:03:54.000000000 -0400 -@@ -59,13 +59,10 @@ - return -1; - } - -- if (context_translations) { -- if (raw_to_trans_context(ptr2, con)) { -- *con = NULL; -- return -1; -- } -- } else -- *con = strdup(ptr2); -+ if (selinux_raw_to_trans_context(ptr2, con)) { -+ *con = NULL; -+ return -1; -+ } - - return 0; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.3/src/matchpathcon.c ---- nsalibselinux/src/matchpathcon.c 2006-04-14 07:21:23.000000000 -0400 -+++ libselinux-1.30.3/src/matchpathcon.c 2006-05-03 11:04:01.000000000 -0400 -@@ -591,19 +591,14 @@ - if (myflags & MATCHPATHCON_NOTRANS) - goto skip_trans; - -- if (context_translations) { -- if (raw_to_trans_context(context, &tmpcon)) { -- myprintf("%s: line %u has invalid " -- "context %s\n", -- path, lineno, context); -- return 0; -- } -- free(context); -- context = tmpcon; -- } else { -- if (STRIP_LEVEL(&context, mls_enabled)) -- return -1; -+ if (selinux_raw_to_trans_context(context, &tmpcon)) { -+ myprintf("%s: line %u has invalid " -+ "context %s\n", -+ path, lineno, context); -+ return 0; - } -+ free(context); -+ context = tmpcon; - - skip_trans: - if (myflags & MATCHPATHCON_VALIDATE) { -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.3/src/selinux_internal.h ---- nsalibselinux/src/selinux_internal.h 2005-12-01 10:10:32.000000000 -0500 -+++ libselinux-1.30.3/src/selinux_internal.h 2006-05-03 10:56:53.000000000 -0400 -@@ -65,9 +65,6 @@ - hidden_proto(selinux_translations_path); - hidden_proto(selinux_getenforcemode); - --extern int context_translations hidden; --extern int hidden trans_to_raw_context(char *trans, char **rawp); --extern int hidden raw_to_trans_context(char *raw, char **transp); -- - extern int load_setlocaldefs hidden; - extern int require_seusers hidden; -+extern int selinux_page_size hidden; -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.30.3/src/selinuxswig.i ---- nsalibselinux/src/selinuxswig.i 2006-04-14 07:21:23.000000000 -0400 -+++ libselinux-1.30.3/src/selinuxswig.i 2006-05-02 13:08:05.000000000 -0400 -@@ -28,9 +28,18 @@ - %typemap(in, numinputs=0) security_context_t *(security_context_t temp) { - $1 = &temp; - } --%typemap(argout) security_context_t * { -- $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); -+%typemap(argout) security_context_t * (char *temp) { -+ if (*$1) -+ temp = *$1; -+ else -+ temp = ""; -+ $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp)); -+} -+ -+%typemap(in) security_context_t { -+ $1 = (security_context_t)PyString_AsString($input); - } -+ - %typedef unsigned mode_t; - - extern int is_selinux_enabled(void); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.30.3/src/setcon.c ---- nsalibselinux/src/setcon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/setcon.c 2006-05-03 11:04:05.000000000 -0400 -@@ -32,13 +32,12 @@ - int ret; - security_context_t rcontext = context; - -- if (context_translations && trans_to_raw_context(context, &rcontext)) -+ if (selinux_trans_to_raw_context(context, &rcontext)) - return -1; - - ret = setcon_raw(rcontext); - -- if (context_translations) -- freecon(rcontext); -+ freecon(rcontext); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.30.3/src/setexeccon.c ---- nsalibselinux/src/setexeccon.c 2005-08-23 13:34:34.000000000 -0400 -+++ libselinux-1.30.3/src/setexeccon.c 2006-05-03 11:04:09.000000000 -0400 -@@ -28,13 +28,12 @@ - int ret; - security_context_t rcontext = context; - -- if (context_translations && trans_to_raw_context(context, &rcontext)) -+ if (selinux_trans_to_raw_context(context, &rcontext)) - return -1; - - ret = setexeccon_raw(rcontext); - -- if (context_translations) -- freecon(rcontext); -+ freecon(rcontext); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.30.3/src/setfilecon.c ---- nsalibselinux/src/setfilecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/setfilecon.c 2006-05-03 11:04:13.000000000 -0400 -@@ -18,13 +18,12 @@ - int ret; - security_context_t rcontext = context; - -- if (context_translations && trans_to_raw_context(context, &rcontext)) -+ if (selinux_trans_to_raw_context(context, &rcontext)) - return -1; - - ret = setfilecon_raw(path, rcontext); - -- if (context_translations) -- freecon(rcontext); -+ freecon(rcontext); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.30.3/src/setfscreatecon.c ---- nsalibselinux/src/setfscreatecon.c 2005-08-25 11:32:02.000000000 -0400 -+++ libselinux-1.30.3/src/setfscreatecon.c 2006-05-03 11:04:17.000000000 -0400 -@@ -28,13 +28,12 @@ - int ret; - security_context_t rcontext = context; - -- if (context_translations && trans_to_raw_context(context, &rcontext)) -+ if (selinux_trans_to_raw_context(context, &rcontext)) - return -1; - - ret = setfscreatecon_raw(rcontext); - -- if (context_translations) -- freecon(rcontext); -+ freecon(rcontext); - - return ret; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.3/src/setrans_client.c ---- nsalibselinux/src/setrans_client.c 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.30.3/src/setrans_client.c 2006-05-03 10:56:24.000000000 -0400 -@@ -0,0 +1,246 @@ -+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include "selinux/setrans.h" -+#include "dso.h" -+ -+ -+/* -+ * setransd_open -+ * -+ * This function opens a socket to the setransd. -+ * Returns: on success, a file descriptor ( >= 0 ) to the socket -+ * on error, a negative value -+ */ -+static int -+setransd_open(void) -+{ -+ struct sockaddr_un addr; -+ int fd; -+ -+ fd = socket(PF_UNIX, SOCK_STREAM, 0); -+ if (fd < 0) { -+ return -1; -+ } -+ -+ memset(&addr, 0, sizeof(addr)); -+ addr.sun_family = AF_UNIX; -+ strcpy(addr.sun_path, SETRANS_UNIX_SOCKET); -+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { -+ close(fd); -+ return -1; -+ } -+ -+ return fd; -+} -+ -+/* Returns: 0 on success, <0 on failure */ -+static int -+send_request(int fd, uint32_t function, const char *data1, const char *data2) -+{ -+ struct iovec req_hdr[4]; -+ uint32_t data1_size; -+ uint32_t data2_size; -+ struct iovec req_data[2]; -+ ssize_t count; -+ -+ if (fd < 0) -+ return -1; -+ -+ if (!data1) -+ data1 = ""; -+ if (!data2) -+ data2 = ""; -+ -+ data1_size = strlen(data1) + 1; -+ data2_size = strlen(data2) + 1; -+ -+ req_hdr[0].iov_base = &function; -+ req_hdr[0].iov_len = sizeof(function); -+ req_hdr[1].iov_base = &data1_size; -+ req_hdr[1].iov_len = sizeof(data1_size); -+ req_hdr[2].iov_base = &data2_size; -+ req_hdr[2].iov_len = sizeof(data2_size); -+ -+ while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR)); -+ if (count != (sizeof(function) + sizeof(data1_size) + -+ sizeof(data2_size) )) { -+ return -1; -+ } -+ -+ req_data[0].iov_base = (char *)data1; -+ req_data[0].iov_len = data1_size; -+ req_data[1].iov_base = (char *)data2; -+ req_data[1].iov_len = data2_size; -+ -+ while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR)); -+ if (count < 0 || (uint32_t)count != (data1_size + data2_size)) { -+ return -1; -+ } -+ -+ return 0; -+} -+ -+/* Returns: 0 on success, <0 on failure */ -+static int -+receive_response(int fd, uint32_t function, char **outdata, int32_t *ret_val) -+{ -+ struct iovec resp_hdr[3]; -+ uint32_t func; -+ uint32_t data_size; -+ char *data; -+ struct iovec resp_data; -+ ssize_t count; -+ -+ if (fd < 0) -+ return -1; -+ -+ resp_hdr[0].iov_base = &func; -+ resp_hdr[0].iov_len = sizeof(func); -+ resp_hdr[1].iov_base = &data_size; -+ resp_hdr[1].iov_len = sizeof(data_size); -+ resp_hdr[2].iov_base = ret_val; -+ resp_hdr[2].iov_len = sizeof(*ret_val); -+ -+ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)); -+ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) { -+ return -1; -+ } -+ -+ if (func != function || !data_size) { -+ return -1; -+ } -+ -+ data = malloc(data_size); -+ if (!data) { -+ return -1; -+ } -+ -+ resp_data.iov_base = data; -+ resp_data.iov_len = data_size; -+ -+ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)); -+ if (count < 0 || (uint32_t)count != data_size || data[data_size - 1] != '\0') { -+ free(data); -+ return -1; -+ } -+ -+ *outdata = data; -+ return 0; -+} -+ -+static int raw_to_trans_context(char *raw, char **transp) -+{ -+ int ret; -+ int32_t ret_val; -+ int fd; -+ -+ *transp = NULL; -+ -+ fd = setransd_open(); -+ if (fd < 0) -+ return fd; -+ -+ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL); -+ if (ret) -+ goto out; -+ -+ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val); -+ if (ret) -+ goto out; -+ -+ ret = ret_val; -+out: -+ close(fd); -+ return ret; -+} -+ -+static int trans_to_raw_context(char *trans, char **rawp) -+{ -+ int ret; -+ int32_t ret_val; -+ int fd; -+ -+ *rawp = NULL; -+ -+ fd = setransd_open(); -+ if (fd < 0) -+ return fd; -+ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL); -+ if (ret) -+ goto out; -+ -+ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val); -+ if (ret) -+ goto out; -+ -+ ret = ret_val; -+out: -+ close(fd); -+ return ret_val; -+} -+ -+ -+int -+init_context_translations(void) -+{ -+ int ret, fd; -+ int32_t ret_val; -+ char *out = NULL; -+ -+ fd = setransd_open(); -+ if (fd < 0) -+ return fd; -+ -+ ret = send_request(fd, SETRANS_INIT, NULL, NULL); -+ if (ret) -+ goto out; -+ -+ ret = receive_response(fd, SETRANS_INIT, &out, &ret_val); -+ free(out); -+ if (!ret) -+ ret = ret_val; -+out: -+ close(fd); -+ return ret; -+} -+ -+ -+int selinux_trans_to_raw_context(security_context_t trans, -+ security_context_t *rawp) -+{ -+ if (!trans) { -+ *rawp = NULL; -+ return 0; -+ } -+ -+ if (trans_to_raw_context(trans, rawp)) -+ *rawp = strdup(trans); -+ return *rawp ? 0 : -1; -+} -+ -+int selinux_raw_to_trans_context(security_context_t raw, -+ security_context_t *transp) -+{ -+ if (!raw) { -+ *transp = NULL; -+ return 0; -+ } -+ -+ if (raw_to_trans_context(raw, transp)) -+ *transp = strdup(raw); -+ -+ return *transp ? 0 : -1; -+} -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.3/src/setrans_internal.h ---- nsalibselinux/src/setrans_internal.h 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.30.3/src/setrans_internal.h 2006-05-03 09:18:19.000000000 -0400 -@@ -0,0 +1,8 @@ -+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ -+ -+#define SETRANS_UNIX_SOCKET "/var/.setrans-unix" -+ -+#define SETRANS_INIT 1 -+#define RAW_TO_TRANS_CONTEXT 2 -+#define TRANS_TO_RAW_CONTEXT 3 -+ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.30.3/src/trans.c ---- nsalibselinux/src/trans.c 2005-08-31 12:33:10.000000000 -0400 -+++ libselinux-1.30.3/src/trans.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,59 +0,0 @@ --#include "selinux_internal.h" --#include -- --int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden; --int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden; -- --int hidden trans_to_raw_context(char *trans, char **rawp) --{ -- *rawp = NULL; -- if (!trans) -- return 0; -- -- if (trans && lib_trans_to_raw_context(trans, rawp)) -- *rawp = strdup(trans); -- -- return *rawp ? 0 : -1; --} -- --int selinux_trans_to_raw_context(security_context_t trans, -- security_context_t *rawp) --{ -- if (context_translations) -- return trans_to_raw_context(trans, rawp); -- -- if (!trans) { -- *rawp = NULL; -- return 0; -- } -- -- *rawp = strdup(trans); -- return *rawp ? 0 : -1; --} -- --int hidden raw_to_trans_context(char *raw, char **transp) --{ -- *transp = NULL; -- if (!raw) -- return 0; -- -- if (raw && lib_raw_to_trans_context(raw, transp)) -- *transp = strdup(raw); -- -- return *transp ? 0 : -1; --} -- --int selinux_raw_to_trans_context(security_context_t raw, -- security_context_t *transp) --{ -- if (context_translations) -- return raw_to_trans_context(raw, transp); -- -- if (!raw) { -- *transp = NULL; -- return 0; -- } -- -- *transp = strdup(raw); -- return *transp ? 0 : -1; --} diff --git a/libselinux.spec b/libselinux.spec index 8b062be..997efeb 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,13 +2,14 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.30.6 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRequires: libsepol-devel >= %{libsepolver} -Requires: libsepol >= %{libsepolver} +Requires: libsepol >= %{libsepolver} setransd BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -48,6 +49,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make clean @@ -110,6 +112,9 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Tue May 9 2006 Dan Walsh 1.30.6-2 +- Add Russell's AVC patch to handle large numbers + * Mon May 8 2006 Dan Walsh 1.30.6-1 - Upgrade to latest from NSA * Merged getfscreatecon man page fix from Dan Walsh.