diff --git a/0001-libselinux-do-not-duplicate-make-target-when-going-i.patch b/0001-libselinux-do-not-duplicate-make-target-when-going-i.patch new file mode 100644 index 0000000..3d123e5 --- /dev/null +++ b/0001-libselinux-do-not-duplicate-make-target-when-going-i.patch @@ -0,0 +1,59 @@ +From f63263c2d002fc8a4e681ea1a1b1db1e455acc49 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Thu, 22 Apr 2021 08:43:56 +0200 +Subject: [PATCH] libselinux: do not duplicate make target when going into + subdirectory + +When running "make install-pywrap", make displays: + + make[1]: Entering directory '/root/selinux/libselinux' + make -C src install-pywrap install-pywrap + make[2]: Entering directory '/root/selinux/libselinux/src' + +The duplicated "install-pywrap" is not expected. Remove it from the +Makefile. + +Signed-off-by: Nicolas Iooss +--- + libselinux/Makefile | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/libselinux/Makefile b/libselinux/Makefile +index ac16c15e8d0a..439bc6a9b7fd 100644 +--- a/libselinux/Makefile ++++ b/libselinux/Makefile +@@ -50,24 +50,24 @@ all install relabel clean distclean indent: + done + + swigify: all +- $(MAKE) -C src swigify $@ ++ $(MAKE) -C src $@ + + pywrap: +- $(MAKE) -C src pywrap $@ ++ $(MAKE) -C src $@ + + rubywrap: +- $(MAKE) -C src rubywrap $@ ++ $(MAKE) -C src $@ + + install-pywrap: +- $(MAKE) -C src install-pywrap $@ ++ $(MAKE) -C src $@ + + install-rubywrap: +- $(MAKE) -C src install-rubywrap $@ ++ $(MAKE) -C src $@ + + clean-pywrap: +- $(MAKE) -C src clean-pywrap $@ ++ $(MAKE) -C src $@ + + clean-rubywrap: +- $(MAKE) -C src clean-rubywrap $@ ++ $(MAKE) -C src $@ + + test: +-- +2.32.0 + diff --git a/0002-libselinux-selinux_check_passwd_access_internal-resp.patch b/0002-libselinux-selinux_check_passwd_access_internal-resp.patch new file mode 100644 index 0000000..9eb5b1b --- /dev/null +++ b/0002-libselinux-selinux_check_passwd_access_internal-resp.patch @@ -0,0 +1,45 @@ +From a88d24522fe74100478122c298aa4ace1af876fd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:12:38 +0200 +Subject: [PATCH] libselinux: selinux_check_passwd_access_internal(): respect + deny_unknown +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`selinux_check_passwd_access_internal()`, and thereby +`checkPasswdAccess(3)` and `selinux_check_passwd_access(3)`, does not +respect the policy defined setting of `deny_unknown`, like +`selinux_check_access(3)` does. +This means in case the security class `passwd` is not defined, success +is returned instead of failure, i.e. permission denied. + +Most policies should define the `passwd` class and the two affected +public functions are marked deprecated. + +Align the behavior with `selinux_check_access(3)` and respect +the deny_unknown setting in case the security class is not defined. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/checkAccess.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c +index b337ea64f977..022cd6b5ecab 100644 +--- a/libselinux/src/checkAccess.c ++++ b/libselinux/src/checkAccess.c +@@ -78,7 +78,9 @@ static int selinux_check_passwd_access_internal(access_vector_t requested) + passwd_class = string_to_security_class("passwd"); + if (passwd_class == 0) { + freecon(user_context); +- return 0; ++ if (security_deny_unknown() == 0) ++ return 0; ++ return -1; + } + + retval = security_compute_av_raw(user_context, +-- +2.32.0 + diff --git a/0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch b/0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch new file mode 100644 index 0000000..4fc315c --- /dev/null +++ b/0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch @@ -0,0 +1,51 @@ +From f1bc162cc272e01631e8f6d890fae71e1cb96e03 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Fri, 30 Apr 2021 21:37:02 +0200 +Subject: [PATCH] libselinux: silence -Wstringop-overflow warning from gcc + 10.3.1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When building libselinux on Fedora 33 with gcc 10.3.1, the compiler +reports: + + label_file.c: In function ‘lookup_all.isra’: + label_file.c:940:4: error: ‘strncpy’ specified bound depends on the + length of the source argument [-Werror=stringop-overflow=] + 940 | strncpy(clean_key, key, len - 1); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + label_file.c:927:8: note: length computed here + 927 | len = strlen(key); + | ^~~~~~~~~~~ + cc1: all warnings being treated as errors + +As clean_key is the result of malloc(len), there is no issue here. But +using strncpy can be considered as strange, because the size of the +string is already known and the NUL terminator is always added later, in +function ‘lookup_all.isra. + +Replace strncpy with memcpy to silence this gcc false-positive warning. + +Signed-off-by: Nicolas Iooss +Acked-by: Petr Lautrbach +--- + libselinux/src/label_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 726394ca4332..cfce23e0119e 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -909,7 +909,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, + if (!clean_key) + goto finish; + +- strncpy(clean_key, key, len - 1); ++ memcpy(clean_key, key, len - 1); + } + + clean_key[len - 1] = '\0'; +-- +2.32.0 + diff --git a/0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch b/0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch new file mode 100644 index 0000000..4041dc4 --- /dev/null +++ b/0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch @@ -0,0 +1,46 @@ +From ae34b3ca3c605f8648b10722330ef3fbc872f3d6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:35 +0200 +Subject: [PATCH] libselinux: sidtab_hash(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not discard the const qualifier of the function argument, and drop +the redundant local variable `keyp`. + +avc_sidtab.c: In function ‘sidtab_hash’: +avc_sidtab.c:23:9: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 23 | keyp = (char *)key; + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc_sidtab.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 9669264d651a..8dc875608762 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -15,14 +15,13 @@ + + static inline unsigned sidtab_hash(const char * key) + { +- char *p, *keyp; ++ const char *p; + unsigned int size; + unsigned int val; + + val = 0; +- keyp = (char *)key; +- size = strlen(keyp); +- for (p = keyp; (unsigned int)(p - keyp) < size; p++) ++ size = strlen(key); ++ for (p = key; (unsigned int)(p - key) < size; p++) + val = + (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p); + return val & (SIDTAB_SIZE - 1); +-- +2.32.0 + diff --git a/0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch b/0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch new file mode 100644 index 0000000..c370725 --- /dev/null +++ b/0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch @@ -0,0 +1,48 @@ +From d23421c65a4e53bef900d9e015833015fa123765 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:40 +0200 +Subject: [PATCH] libselinux: selinux_file_context_cmp(): do not discard const + qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +matchpathcon.c: In function ‘selinux_file_context_cmp’: +matchpathcon.c:487:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 487 | rest_a = strchr((char *)a, ':'); + | ^ +matchpathcon.c:488:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 488 | rest_b = strchr((char *)b, ':'); + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchpathcon.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c +index 2ec66650cae0..9e1fab593266 100644 +--- a/libselinux/src/matchpathcon.c ++++ b/libselinux/src/matchpathcon.c +@@ -477,15 +477,15 @@ void matchpathcon_checkmatches(char *str __attribute__((unused))) + int selinux_file_context_cmp(const char * a, + const char * b) + { +- char *rest_a, *rest_b; /* Rest of the context after the user */ ++ const char *rest_a, *rest_b; /* Rest of the context after the user */ + if (!a && !b) + return 0; + if (!a) + return -1; + if (!b) + return 1; +- rest_a = strchr((char *)a, ':'); +- rest_b = strchr((char *)b, ':'); ++ rest_a = strchr(a, ':'); ++ rest_b = strchr(b, ':'); + if (!rest_a && !rest_b) + return 0; + if (!rest_a) +-- +2.32.0 + diff --git a/0006-libselinux-label_common-do-not-discard-const-qualifi.patch b/0006-libselinux-label_common-do-not-discard-const-qualifi.patch new file mode 100644 index 0000000..0dca8cd --- /dev/null +++ b/0006-libselinux-label_common-do-not-discard-const-qualifi.patch @@ -0,0 +1,69 @@ +From 3950b1afedd1a5247dcb0eb4acffc3fe045a9fb3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:42 +0200 +Subject: [PATCH] libselinux: label_common(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As the const qualifier is discarded in label_common(), do not return a +const qualified pointer pointer from the local function `lookup_all()`. + +label_file.c: In function ‘lookup_common’: +label_file.c:994:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 994 | struct spec *result = (struct spec*)matches[0]; + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index cfce23e0119e..b080fcf1305b 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -845,7 +845,7 @@ static void closef(struct selabel_handle *rec) + // Finds all the matches of |key| in the given context. Returns the result in + // the allocated array and updates the match count. If match_count is NULL, + // stops early once the 1st match is found. +-static const struct spec **lookup_all(struct selabel_handle *rec, ++static struct spec **lookup_all(struct selabel_handle *rec, + const char *key, + int type, + bool partial, +@@ -861,7 +861,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, + unsigned int sofar = 0; + char *sub = NULL; + +- const struct spec **result = NULL; ++ struct spec **result = NULL; + if (match_count) { + *match_count = 0; + result = calloc(data->nspec, sizeof(struct spec*)); +@@ -987,11 +987,11 @@ static struct spec *lookup_common(struct selabel_handle *rec, + const char *key, + int type, + bool partial) { +- const struct spec **matches = lookup_all(rec, key, type, partial, NULL); ++ struct spec **matches = lookup_all(rec, key, type, partial, NULL); + if (!matches) { + return NULL; + } +- struct spec *result = (struct spec*)matches[0]; ++ struct spec *result = matches[0]; + free(matches); + return result; + } +@@ -1054,7 +1054,7 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key + assert(digest); + + size_t total_matches; +- const struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); ++ struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); + if (!matches) { + return false; + } +-- +2.32.0 + diff --git a/0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch b/0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch new file mode 100644 index 0000000..a60225c --- /dev/null +++ b/0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch @@ -0,0 +1,85 @@ +From 7ca82e0db464052c1ed51e77b2d61ede82dfe3ee Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:44 +0200 +Subject: [PATCH] libselinux: Sha1Finalise(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mark the argument `Buffer` of `Sha1Update()` const, since it is not +modified. + +sha1.c: In function ‘Sha1Finalise’: +sha1.c:208:25: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 208 | Sha1Update(Context, (uint8_t*)"\x80", 1); + | ^ +sha1.c:211:29: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 211 | Sha1Update(Context, (uint8_t*)"\0", 1); + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/sha1.c | 10 +++++----- + libselinux/src/sha1.h | 2 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c +index 9a8ce01dceda..664bbcf26eef 100644 +--- a/libselinux/src/sha1.c ++++ b/libselinux/src/sha1.c +@@ -151,7 +151,7 @@ void + Sha1Update + ( + Sha1Context* Context, +- void* Buffer, ++ const void* Buffer, + uint32_t BufferSize + ) + { +@@ -172,7 +172,7 @@ void + TransformFunction(Context->State, Context->Buffer); + for (; i + 63 < BufferSize; i += 64) + { +- TransformFunction(Context->State, (uint8_t*)Buffer + i); ++ TransformFunction(Context->State, (const uint8_t*)Buffer + i); + } + j = 0; + } +@@ -181,7 +181,7 @@ void + i = 0; + } + +- memcpy(&Context->Buffer[j], &((uint8_t*)Buffer)[i], BufferSize - i); ++ memcpy(&Context->Buffer[j], &((const uint8_t*)Buffer)[i], BufferSize - i); + } + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +@@ -205,10 +205,10 @@ void + finalcount[i] = (unsigned char)((Context->Count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); // Endian independent + } +- Sha1Update(Context, (uint8_t*)"\x80", 1); ++ Sha1Update(Context, (const uint8_t*)"\x80", 1); + while ((Context->Count[0] & 504) != 448) + { +- Sha1Update(Context, (uint8_t*)"\0", 1); ++ Sha1Update(Context, (const uint8_t*)"\0", 1); + } + + Sha1Update(Context, finalcount, 8); // Should cause a Sha1TransformFunction() +diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h +index eac3c195351a..f83a6e7ed7ba 100644 +--- a/libselinux/src/sha1.h ++++ b/libselinux/src/sha1.h +@@ -64,7 +64,7 @@ void + Sha1Update + ( + Sha1Context* Context, +- void* Buffer, ++ const void* Buffer, + uint32_t BufferSize + ); + +-- +2.32.0 + diff --git a/0008-libselinux-sefcontext_compile-mark-local-variable-st.patch b/0008-libselinux-sefcontext_compile-mark-local-variable-st.patch new file mode 100644 index 0000000..39366bd --- /dev/null +++ b/0008-libselinux-sefcontext_compile-mark-local-variable-st.patch @@ -0,0 +1,31 @@ +From 11194b982bb32c05548c38e4c81b1f166083f7e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:46 +0200 +Subject: [PATCH] libselinux: sefcontext_compile: mark local variable static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `policy_file` is only used in sefcontext_compile.c. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/sefcontext_compile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c +index dcb0085ad67e..6c32172d9944 100644 +--- a/libselinux/utils/sefcontext_compile.c ++++ b/libselinux/utils/sefcontext_compile.c +@@ -14,7 +14,7 @@ + #include "../src/label_file.h" + #include "../src/regex.h" + +-const char *policy_file; ++static const char *policy_file; + static int ctx_err; + + static int validate_context(char **ctxp) +-- +2.32.0 + diff --git a/0009-libselinux-avcstat-use-standard-length-modifier-for-.patch b/0009-libselinux-avcstat-use-standard-length-modifier-for-.patch new file mode 100644 index 0000000..39a1ea4 --- /dev/null +++ b/0009-libselinux-avcstat-use-standard-length-modifier-for-.patch @@ -0,0 +1,42 @@ +From 533e9d6ce07c8909c9c020cd6920a2384f7eee22 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:48 +0200 +Subject: [PATCH] libselinux: avcstat: use standard length modifier for + unsigned long long +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The format width specifier `L` is only standardized for floating point +types. Use `ll` for fixed-width data types. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/avcstat.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c +index da2392870c51..cc9a48dd4c3a 100644 +--- a/libselinux/utils/avcstat.c ++++ b/libselinux/utils/avcstat.c +@@ -205,7 +205,7 @@ int main(int argc, char **argv) + die("unable to parse \'%s\': no data", avcstatfile); + + if (cumulative || !i) +- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", ++ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n", + tot.lookups, tot.hits, tot.misses, + tot.allocations, tot.reclaims, tot.frees); + else { +@@ -215,7 +215,7 @@ int main(int argc, char **argv) + rel.allocations = tot.allocations - last.allocations; + rel.reclaims = tot.reclaims - last.reclaims; + rel.frees = tot.frees - last.frees; +- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", ++ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n", + rel.lookups, rel.hits, rel.misses, + rel.allocations, rel.reclaims, rel.frees); + } +-- +2.32.0 + diff --git a/0010-libselinux-selinux_restorecon-mark-local-variable-st.patch b/0010-libselinux-selinux_restorecon-mark-local-variable-st.patch new file mode 100644 index 0000000..28b1188 --- /dev/null +++ b/0010-libselinux-selinux_restorecon-mark-local-variable-st.patch @@ -0,0 +1,38 @@ +From 7464272caa1a69e3fc7971d1d80b6afd4785abef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:51 +0200 +Subject: [PATCH] libselinux: selinux_restorecon: mark local variable static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `dir_xattr_list` is only used inside `selinux_restorecon.c`. + +selinux_restorecon.c:65:19: warning: no previous extern declaration for non-static variable 'dir_xattr_list' [-Wmissing-variable-declarations] +struct dir_xattr *dir_xattr_list; + ^ +selinux_restorecon.c:65:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit +struct dir_xattr *dir_xattr_list; +^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_restorecon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 63fb8dc53c28..249c361fa988 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -62,7 +62,7 @@ static uint64_t fc_count = 0; /* Number of files processed so far */ + static uint64_t efile_count; /* Estimated total number of files */ + + /* Store information on directories with xattr's. */ +-struct dir_xattr *dir_xattr_list; ++static struct dir_xattr *dir_xattr_list; + static struct dir_xattr *dir_xattr_last; + + /* restorecon_flags for passing to restorecon_sb() */ +-- +2.32.0 + diff --git a/0011-libselinux-selabel_get_digests_all_partial_matches-f.patch b/0011-libselinux-selabel_get_digests_all_partial_matches-f.patch new file mode 100644 index 0000000..5187561 --- /dev/null +++ b/0011-libselinux-selabel_get_digests_all_partial_matches-f.patch @@ -0,0 +1,51 @@ +From d0c02882b7fdcf5e6478f9a82ac2946174f4bca4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:53 +0200 +Subject: [PATCH] libselinux: selabel_get_digests_all_partial_matches: free + memory after FTS_D block +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Free all memory from `selabel_get_digests_all_partial_matches()` in case +of success and failure. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + .../utils/selabel_get_digests_all_partial_matches.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c +index 0c2edc67771d..e28833d2ce97 100644 +--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c ++++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c +@@ -128,7 +128,7 @@ int main(int argc, char **argv) + printf("No SHA1 digest available for: %s\n", + ftsent->fts_path); + printf("as file_context entry is \"<>\"\n"); +- break; ++ goto cleanup; + } + + printf("The file_context entries for: %s\n", +@@ -149,11 +149,11 @@ int main(int argc, char **argv) + xattr_digest[i]); + printf("%s\n", sha1_buf); + } +- +- free(xattr_digest); +- free(calculated_digest); +- free(sha1_buf); + } ++ cleanup: ++ free(xattr_digest); ++ free(calculated_digest); ++ free(sha1_buf); + break; + } + default: +-- +2.32.0 + diff --git a/0012-libselinux-getconlist-free-memory-on-multiple-level-.patch b/0012-libselinux-getconlist-free-memory-on-multiple-level-.patch new file mode 100644 index 0000000..4a6f921 --- /dev/null +++ b/0012-libselinux-getconlist-free-memory-on-multiple-level-.patch @@ -0,0 +1,34 @@ +From d0e16077d4ded64bbc878d29e0dc22b1f5e0912f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:55 +0200 +Subject: [PATCH] libselinux: getconlist: free memory on multiple level + arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not leak memory if the program argument `l` got passed more than +once. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/getconlist.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c +index 76654b75151a..0bb2846937ca 100644 +--- a/libselinux/utils/getconlist.c ++++ b/libselinux/utils/getconlist.c +@@ -26,6 +26,7 @@ int main(int argc, char **argv) + while ((opt = getopt(argc, argv, "l:")) > 0) { + switch (opt) { + case 'l': ++ free(level); + level = strdup(optarg); + if (!level) { + fprintf(stderr, "memory allocation failure: %d(%s)\n", +-- +2.32.0 + diff --git a/0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch b/0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch new file mode 100644 index 0000000..a78e2ec --- /dev/null +++ b/0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch @@ -0,0 +1,42 @@ +From 319429ba3358c32a566f2c59898d01f2f36fdc95 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:57 +0200 +Subject: [PATCH] libselinux: exclude_non_seclabel_mounts(): drop unused + variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `num` is never read from. + +Found by clang-analyer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_restorecon.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 249c361fa988..6fb9e1ff486d 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -230,7 +230,6 @@ static int exclude_non_seclabel_mounts(void) + struct utsname uts; + FILE *fp; + size_t len; +- ssize_t num; + int index = 0, found = 0, nfile = 0; + char *mount_info[4]; + char *buf = NULL, *item; +@@ -245,7 +244,7 @@ static int exclude_non_seclabel_mounts(void) + if (!fp) + return 0; + +- while ((num = getline(&buf, &len, fp)) != -1) { ++ while (getline(&buf, &len, fp) != -1) { + found = 0; + index = 0; + item = strtok(buf, " "); +-- +2.32.0 + diff --git a/0014-libselinux-context_new-drop-dead-assignment.patch b/0014-libselinux-context_new-drop-dead-assignment.patch new file mode 100644 index 0000000..e1df68b --- /dev/null +++ b/0014-libselinux-context_new-drop-dead-assignment.patch @@ -0,0 +1,34 @@ +From 782fa6ea38f323c60fc437577af515ce44627452 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:59 +0200 +Subject: [PATCH] libselinux: context_new(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `i` is not used inside this loop, and it later +unconditionally set to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/context.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/context.c b/libselinux/src/context.c +index ce4258806c53..b2144c7cf76c 100644 +--- a/libselinux/src/context.c ++++ b/libselinux/src/context.c +@@ -37,7 +37,7 @@ context_t context_new(const char *str) + } + n->current_str = n->component[0] = n->component[1] = n->component[2] = + n->component[3] = 0; +- for (i = count = 0, p = str; *p; p++) { ++ for (count = 0, p = str; *p; p++) { + switch (*p) { + case ':': + count++; +-- +2.32.0 + diff --git a/0015-libselinux-label_x-init-drop-dead-assignment.patch b/0015-libselinux-label_x-init-drop-dead-assignment.patch new file mode 100644 index 0000000..0f9fadd --- /dev/null +++ b/0015-libselinux-label_x-init-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 9c26043af6e4947e0e3e7fb789452da0c66e11c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:01 +0200 +Subject: [PATCH] libselinux: label_x::init(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `lineno` is only used in the preceding loop and is always +set prior that to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_x.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c +index 9674529931a7..e9fa063fafff 100644 +--- a/libselinux/src/label_x.c ++++ b/libselinux/src/label_x.c +@@ -146,7 +146,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } +- lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { +-- +2.32.0 + diff --git a/0016-libselinux-label_media-init-drop-dead-assignment.patch b/0016-libselinux-label_media-init-drop-dead-assignment.patch new file mode 100644 index 0000000..3fd23ed --- /dev/null +++ b/0016-libselinux-label_media-init-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 04335ab146d18f5865bed3516d5cbc9057a3df89 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:03 +0200 +Subject: [PATCH] libselinux: label_media::init(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `lineno` is only used in the preceding loop and it always +set prior that to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_media.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c +index d202e5d5ab83..eb27deaf510e 100644 +--- a/libselinux/src/label_media.c ++++ b/libselinux/src/label_media.c +@@ -119,7 +119,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } +- lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { +-- +2.32.0 + diff --git a/0017-libselinux-setexecfilecon-drop-dead-assignment.patch b/0017-libselinux-setexecfilecon-drop-dead-assignment.patch new file mode 100644 index 0000000..ff787d6 --- /dev/null +++ b/0017-libselinux-setexecfilecon-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 411c5a54587b1459528fb8e6b66d0bebf1a5fb39 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:05 +0200 +Subject: [PATCH] libselinux: setexecfilecon(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `rc` is always unconditionally assigned by the next call of +`setexeccon()` and never read in between. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/setexecfilecon.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c +index e72ba0d98880..2c6505a96a48 100644 +--- a/libselinux/src/setexecfilecon.c ++++ b/libselinux/src/setexecfilecon.c +@@ -37,7 +37,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) + newcon = strdup(context_str(con)); + if (!newcon) + goto out; +- rc = 0; + } + + rc = setexeccon(newcon); +-- +2.32.0 + diff --git a/0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch b/0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch new file mode 100644 index 0000000..eeecd9c --- /dev/null +++ b/0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch @@ -0,0 +1,51 @@ +From db69a3d3622005d3ffd62498eac8da1ded264874 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:07 +0200 +Subject: [PATCH] libselinux: getdefaultcon: free memory on multiple same + arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not leak memory if program arguments get specified more than once. + +Found by clang-anlyzer. + +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'level' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'role' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'service' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/getdefaultcon.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c +index 96a5a8c23656..957c1cb2e307 100644 +--- a/libselinux/utils/getdefaultcon.c ++++ b/libselinux/utils/getdefaultcon.c +@@ -28,12 +28,15 @@ int main(int argc, char **argv) + while ((opt = getopt(argc, argv, "l:r:s:v")) > 0) { + switch (opt) { + case 'l': ++ free(level); + level = strdup(optarg); + break; + case 'r': ++ free(role); + role = strdup(optarg); + break; + case 's': ++ free(service); + service = strdup(optarg); + break; + case 'v': +-- +2.32.0 + diff --git a/0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch b/0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch new file mode 100644 index 0000000..e9e5446 --- /dev/null +++ b/0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch @@ -0,0 +1,62 @@ +From 6e5d16a012e1845774da106846b87090d39ea8f3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:09 +0200 +Subject: [PATCH] libselinux: store_stem(): do not free possible non-heap + object +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 11 complains: + +In file included from label_file.c:24: +In function ‘store_stem’, + inlined from ‘load_mmap’ at label_file.c:277:12, + inlined from ‘process_file’ at label_file.c:551:5: +label_file.h:289:25: error: ‘free’ called on pointer ‘*mmap_area.next_addr’ with nonzero offset 4 [-Werror=free-nonheap-object] + 289 | free(buf); + | ^~~~~~~~~ + +Free the pointer on failure at the caller instead of inside `store_stem()`. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h +index baed3341b6b3..9f6337012216 100644 +--- a/libselinux/src/label_file.h ++++ b/libselinux/src/label_file.h +@@ -286,7 +286,6 @@ static inline int store_stem(struct saved_data *data, char *buf, int stem_len) + tmp_arr = realloc(data->stem_arr, + sizeof(*tmp_arr) * alloc_stems); + if (!tmp_arr) { +- free(buf); + return -1; + } + data->alloc_stems = alloc_stems; +@@ -308,6 +307,7 @@ static inline int find_stem_from_spec(struct saved_data *data, const char *buf) + int stem_len = get_stem_from_spec(buf); + int stemid; + char *stem; ++ int r; + + if (!stem_len) + return -1; +@@ -321,7 +321,11 @@ static inline int find_stem_from_spec(struct saved_data *data, const char *buf) + if (!stem) + return -1; + +- return store_stem(data, stem, stem_len); ++ r = store_stem(data, stem, stem_len); ++ if (r < 0) ++ free(stem); ++ ++ return r; + } + + /* This will always check for buffer over-runs and either read the next entry +-- +2.32.0 + diff --git a/0020-libselinux-matchmediacon-close-file-on-error.patch b/0020-libselinux-matchmediacon-close-file-on-error.patch new file mode 100644 index 0000000..22c4c0c --- /dev/null +++ b/0020-libselinux-matchmediacon-close-file-on-error.patch @@ -0,0 +1,39 @@ +From 0280a2a70c35c5c319f82f37a685424706b03ad4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:11 +0200 +Subject: [PATCH] libselinux: matchmediacon(): close file on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Infer. + +matchmediacon.c:25: error: Resource Leak + resource of type `_IO_FILE` acquired to `return` by call to `fopen()` at line 21, column 16 is not released after line 25, column 4. + 23. while (!feof_unlocked(infile)) { + 24. if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { + 25. return -1; + ^ + 26. } + 27. if (current_line[strlen(current_line) - 1]) + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchmediacon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c +index 23d01af476d2..d3d9504348e1 100644 +--- a/libselinux/src/matchmediacon.c ++++ b/libselinux/src/matchmediacon.c +@@ -22,6 +22,7 @@ int matchmediacon(const char *media, char ** con) + return -1; + while (!feof_unlocked(infile)) { + if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { ++ fclose(infile); + return -1; + } + if (current_line[strlen(current_line) - 1]) +-- +2.32.0 + diff --git a/0021-libselinux-init_selinux_config-free-resources-on-err.patch b/0021-libselinux-init_selinux_config-free-resources-on-err.patch new file mode 100644 index 0000000..905d7fb --- /dev/null +++ b/0021-libselinux-init_selinux_config-free-resources-on-err.patch @@ -0,0 +1,53 @@ +From 9ab27e21800e8b5589eef0fa9242042567e9bc78 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:13 +0200 +Subject: [PATCH] libselinux: init_selinux_config(): free resources on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Infer. + +selinux_config.c:181: error: Resource Leak + resource of type `_IO_FILE` acquired by call to `fopen()` at line 165, column 7 is not released after line 181, column 6. + 179. type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); + 180. if (!type) + 181. return; + ^ + 182. end = type + strlen(type) - 1; + 183. while ((end > type) && + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_config.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c +index 6c5238953cb1..97f81a8b61ce 100644 +--- a/libselinux/src/selinux_config.c ++++ b/libselinux/src/selinux_config.c +@@ -177,8 +177,11 @@ static void init_selinux_config(void) + if (!strncasecmp(buf_p, SELINUXTYPETAG, + sizeof(SELINUXTYPETAG) - 1)) { + type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); +- if (!type) ++ if (!type) { ++ free(line_buf); ++ fclose(fp); + return; ++ } + end = type + strlen(type) - 1; + while ((end > type) && + (isspace(*end) || iscntrl(*end))) { +@@ -187,6 +190,8 @@ static void init_selinux_config(void) + } + if (setpolicytype(type) != 0) { + free(type); ++ free(line_buf); ++ fclose(fp); + return; + } + free(type); +-- +2.32.0 + diff --git a/0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch b/0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch new file mode 100644 index 0000000..7b4243c --- /dev/null +++ b/0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch @@ -0,0 +1,48 @@ +From bc0a0327ca6e47400e161f6d1e70e08cb350a36f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:15 +0200 +Subject: [PATCH] libselinux: label_file::init(): do not pass NULL to strdup +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If any of the build flags `BUILD_HOST` or `ANDROID` is set and the +caller did not pass an option of type `SELABEL_OPT_PATH`, the variable +`path` might be not set. +Add a check to avoid calling `strdup()` with a NULL pointer. + +Found by cppcheck. + +src/label_file.c:759:26: warning: Possible null pointer dereference: path [nullPointer] + rec->spec_file = strdup(path); + ^ +src/label_file.c:713:21: note: Assignment 'path=NULL', assigned value is 0 + const char *path = NULL; + ^ +src/label_file.c:759:26: note: Null pointer dereference + rec->spec_file = strdup(path); + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index b080fcf1305b..4268b52c84cc 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -756,6 +756,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + } + + #endif ++ ++ if (!path) ++ goto finish; ++ + rec->spec_file = strdup(path); + + /* +-- +2.32.0 + diff --git a/0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch b/0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch new file mode 100644 index 0000000..463fc49 --- /dev/null +++ b/0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch @@ -0,0 +1,80 @@ +From 65f1ccbecc30d31e66126e470d404b757eb9898e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:17 +0200 +Subject: [PATCH] libselinux: matchpathcon: free memory on realloc failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case `realloc()` fails and returns NULL, free the passed array, +instead of just setting the size helper variables to 0. + +Also free the string contents in `free_array_elts()` of the array +`con_array`, instead of just the array of pointers. + +Found by cppcheck. + +src/matchpathcon.c:86:4: error: Common realloc mistake: 'con_array' nulled but not freed upon failure [memleakOnRealloc] + con_array = (char **)realloc(con_array, sizeof(char*) * + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchpathcon.c | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c +index 9e1fab593266..075a3fb3ffcb 100644 +--- a/libselinux/src/matchpathcon.c ++++ b/libselinux/src/matchpathcon.c +@@ -78,17 +78,30 @@ static pthread_once_t once = PTHREAD_ONCE_INIT; + static pthread_key_t destructor_key; + static int destructor_key_initialized = 0; + ++static void free_array_elts(void) ++{ ++ int i; ++ for (i = 0; i < con_array_used; i++) ++ free(con_array[i]); ++ free(con_array); ++ ++ con_array_size = con_array_used = 0; ++ con_array = NULL; ++} ++ + static int add_array_elt(char *con) + { ++ char **tmp; + if (con_array_size) { + while (con_array_used >= con_array_size) { + con_array_size *= 2; +- con_array = (char **)realloc(con_array, sizeof(char*) * ++ tmp = (char **)realloc(con_array, sizeof(char*) * + con_array_size); +- if (!con_array) { +- con_array_size = con_array_used = 0; ++ if (!tmp) { ++ free_array_elts(); + return -1; + } ++ con_array = tmp; + } + } else { + con_array_size = 1000; +@@ -105,13 +118,6 @@ static int add_array_elt(char *con) + return con_array_used++; + } + +-static void free_array_elts(void) +-{ +- con_array_size = con_array_used = 0; +- free(con_array); +- con_array = NULL; +-} +- + void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c)) + { + myinvalidcon = f; +-- +2.32.0 + diff --git a/0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch b/0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch new file mode 100644 index 0000000..205b477 --- /dev/null +++ b/0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch @@ -0,0 +1,36 @@ +From e1999379dfc6d12abb9fa454ac01d4239baf361f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:19 +0200 +Subject: [PATCH] libselinux: label_db::db_init(): open file with CLOEXEC mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Open the file stream with the `e` flag, so that the underlying file +descriptor gets closed on an exec in a potential sibling thread. + +Also drop the flag `b`, since it is ignored on POSIX systems. + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_db.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c +index fba96c92299f..94c05c6d4397 100644 +--- a/libselinux/src/label_db.c ++++ b/libselinux/src/label_db.c +@@ -277,7 +277,7 @@ db_init(const struct selinux_opt *opts, unsigned nopts, + if (!path) + path = selinux_sepgsql_context_path(); + +- if ((filp = fopen(path, "rb")) == NULL) { ++ if ((filp = fopen(path, "re")) == NULL) { + free(catalog); + return NULL; + } +-- +2.32.0 + diff --git a/0025-libselinux-drop-redundant-casts-to-the-same-type.patch b/0025-libselinux-drop-redundant-casts-to-the-same-type.patch new file mode 100644 index 0000000..b680c7b --- /dev/null +++ b/0025-libselinux-drop-redundant-casts-to-the-same-type.patch @@ -0,0 +1,73 @@ +From 8827610e5045b9bce7d2fe24058548f938921ccf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:22 +0200 +Subject: [PATCH] libselinux: drop redundant casts to the same type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/audit2why.c | 2 +- + libselinux/src/avc_sidtab.c | 2 +- + libselinux/src/is_customizable_type.c | 2 +- + libselinux/src/selinux_restorecon.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c +index d56b56eb2a1a..029f874f4702 100644 +--- a/libselinux/src/audit2why.c ++++ b/libselinux/src/audit2why.c +@@ -275,7 +275,7 @@ static int __policy_init(const char *init_path) + } + + sepol_bool_iterate(avc->handle, avc->policydb, +- load_booleans, (void *)NULL); ++ load_booleans, NULL); + + /* Initialize the sidtab for subsequent use by sepol_context_to_sid + and sepol_compute_av_reason. */ +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 8dc875608762..8c81cf65d2ef 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -56,7 +56,7 @@ int sidtab_insert(struct sidtab *s, const char * ctx) + rc = -1; + goto out; + } +- newctx = (char *) strdup(ctx); ++ newctx = strdup(ctx); + if (!newctx) { + rc = -1; + avc_free(newnode); +diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c +index 92876f4d9371..1b17860c3622 100644 +--- a/libselinux/src/is_customizable_type.c ++++ b/libselinux/src/is_customizable_type.c +@@ -38,7 +38,7 @@ static int get_customizable_type_list(char *** retlist) + while (fgets_unlocked(buf, selinux_page_size, fp) + && i < ctr) { + buf[strlen(buf) - 1] = 0; +- list[i] = (char *) strdup(buf); ++ list[i] = strdup(buf); + if (!list[i]) { + unsigned int j; + for (j = 0; j < i; j++) +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 6fb9e1ff486d..999aa924ba32 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -1152,7 +1152,7 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) + unsigned char *fc_digest; + size_t num_specfiles, fc_digest_len; + +- fc_sehandle = (struct selabel_handle *) hndl; ++ fc_sehandle = hndl; + if (!fc_sehandle) + return; + +-- +2.32.0 + diff --git a/0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch b/0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch new file mode 100644 index 0000000..9ba272e --- /dev/null +++ b/0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch @@ -0,0 +1,60 @@ +From b1a4603c9208982e33291fe6dc5aa78148762530 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:24 +0200 +Subject: [PATCH] libselinux: sidtab_sid_stats(): unify parameter name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +libselinux/src/avc_sidtab.h:32:6: warning: function 'sidtab_sid_stats' has a definition with different parameter names [readability-inconsistent-declaration-parameter-name] +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; + ^ +libselinux/src/avc_sidtab.c:103:6: note: the definition seen here +void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + ^ +libselinux/src/avc_sidtab.h:32:6: note: differing parameters are named here: ('s'), in definition: ('h') +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; + ^ ~ + h + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc_sidtab.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 8c81cf65d2ef..f179d8558a45 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -100,7 +100,7 @@ sidtab_context_to_sid(struct sidtab *s, + return rc; + } + +-void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) ++void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) + { + int i, chain_len, slots_used, max_chain_len; + struct sidtab_node *cur; +@@ -108,7 +108,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + slots_used = 0; + max_chain_len = 0; + for (i = 0; i < SIDTAB_SIZE; i++) { +- cur = h->htable[i]; ++ cur = s->htable[i]; + if (cur) { + slots_used++; + chain_len = 0; +@@ -124,7 +124,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + + snprintf(buf, buflen, + "%s: %u SID entries and %d/%d buckets used, longest " +- "chain length %d\n", avc_prefix, h->nel, slots_used, ++ "chain length %d\n", avc_prefix, s->nel, slots_used, + SIDTAB_SIZE, max_chain_len); + } + +-- +2.32.0 + diff --git a/0027-libselinux-regex-unify-parameter-names.patch b/0027-libselinux-regex-unify-parameter-names.patch new file mode 100644 index 0000000..5781ab6 --- /dev/null +++ b/0027-libselinux-regex-unify-parameter-names.patch @@ -0,0 +1,42 @@ +From e057080fcc148b3b1fc613c100340c325bde6c7e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:26 +0200 +Subject: [PATCH] libselinux: regex: unify parameter names +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use the same parameter names as in the header `regex.h`. + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/regex.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c +index 770bc3ea1310..73987d9f1063 100644 +--- a/libselinux/src/regex.c ++++ b/libselinux/src/regex.c +@@ -319,7 +319,7 @@ char const *regex_version(void) + } + + int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex, +- int unused __attribute__((unused)), bool *regex_compiled) ++ int do_load_precompregex __attribute__((unused)), bool *regex_compiled) + { + int rc; + uint32_t entry_len; +@@ -387,7 +387,7 @@ static inline pcre_extra *get_pcre_extra(struct regex_data *regex) + } + + int regex_writef(struct regex_data *regex, FILE *fp, +- int unused __attribute__((unused))) ++ int do_write_precompregex __attribute__((unused))) + { + int rc; + size_t len; +-- +2.32.0 + diff --git a/0028-libselinux-label_file.c-fix-indent.patch b/0028-libselinux-label_file.c-fix-indent.patch new file mode 100644 index 0000000..f072b85 --- /dev/null +++ b/0028-libselinux-label_file.c-fix-indent.patch @@ -0,0 +1,35 @@ +From 2657e3ccbd01f09ea4c637c2d8cf23646507475a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:31 +0200 +Subject: [PATCH] libselinux: label_file.c: fix indent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +libselinux/src/label_file.c:374:4: warning: different indentation for 'if' and corresponding 'else' [readability-misleading-indentation] + else + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 4268b52c84cc..56f499faef97 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -371,7 +371,7 @@ end_arch_check: + + if (stem_id < 0 || stem_id >= (int32_t)stem_map_len) + spec->stem_id = -1; +- else ++ else + spec->stem_id = stem_map[stem_id]; + + /* retrieve the hasMetaChars bit */ +-- +2.32.0 + diff --git a/0029-libselinux-avc_destroy-3-closes-status-page.patch b/0029-libselinux-avc_destroy-3-closes-status-page.patch new file mode 100644 index 0000000..1142019 --- /dev/null +++ b/0029-libselinux-avc_destroy-3-closes-status-page.patch @@ -0,0 +1,34 @@ +From a2304cef5780d72ef0eb927b799337982c599ca9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:56:46 +0200 +Subject: [PATCH] libselinux: avc_destroy(3) closes status page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mention in the manpage of avc_destroy(3) that it does close the SELinux +status page, which might have been opened manually by the client +application. + +Signed-off-by: Christian Göttsche +--- + libselinux/man/man3/avc_open.3 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libselinux/man/man3/avc_open.3 b/libselinux/man/man3/avc_open.3 +index 3090dd5077c7..55683bb6594b 100644 +--- a/libselinux/man/man3/avc_open.3 ++++ b/libselinux/man/man3/avc_open.3 +@@ -26,6 +26,9 @@ initializes the userspace AVC and must be called before any other AVC operation + destroys the userspace AVC, freeing all internal memory structures. After this call has been made, + .BR avc_open () + must be called again before any AVC operations can be performed. ++.BR avc_destroy () ++also closes the SELinux status page, which might have been opened manually by ++.BR selinux_status_open (3). + + .BR avc_reset () + flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see +-- +2.32.0 + diff --git a/0030-libselinux-make-selinux_status_open-3-reentrant.patch b/0030-libselinux-make-selinux_status_open-3-reentrant.patch new file mode 100644 index 0000000..953b991 --- /dev/null +++ b/0030-libselinux-make-selinux_status_open-3-reentrant.patch @@ -0,0 +1,39 @@ +From c5a699046f4a08a554d2da9121924fc80bf27cba Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:56:47 +0200 +Subject: [PATCH] libselinux: make selinux_status_open(3) reentrant +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not mmap the status page again if `selinux_status_open(3)` has already +been called with success. + +`selinux_status_open(3)` might be called unintentionally multiple times, +e.g. once to manually be able to call `selinux_status_getenforce(3)` and +once indirectly through `selinux_check_access(3)` +(since libselinux 3.2). + +Signed-off-by: Christian Göttsche +--- + libselinux/src/sestatus.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c +index 12b015e088ea..531a522c0f48 100644 +--- a/libselinux/src/sestatus.c ++++ b/libselinux/src/sestatus.c +@@ -282,6 +282,10 @@ int selinux_status_open(int fallback) + long pagesize; + uint32_t seqno; + ++ if (selinux_status != NULL) { ++ return 0; ++ } ++ + if (!selinux_mnt) { + errno = ENOENT; + return -1; +-- +2.32.0 + diff --git a/0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch b/0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch new file mode 100644 index 0000000..a952d93 --- /dev/null +++ b/0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch @@ -0,0 +1,49 @@ +From 3cef4110bee88ac81dfb5e62c2a8b7902248abba Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:56:48 +0200 +Subject: [PATCH] libselinux: do not use status page fallback mode internally +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently `avc_init_internal()`, called by `avc_open(3)` and +`avc_init(3)`, does open the SELinux status page with fallback mode +enabled. + +Quote from man:selinux_status_open(3): + In this case, this function tries to open a netlink socket using + .BR avc_netlink_open (3) and overwrite corresponding callbacks + (setenforce and policyload). Thus, we need to pay attention to the + interaction with these interfaces, when fallback mode is enabled. + +Calling `selinux_status_open` internally in fallback mode is bad, cause +it overrides callbacks from client applications or the internal +fallback-callbacks get overridden by client applications. +Note that `avc_open(3)` gets called under the hood by +`selinux_check_access(3)` without checking for failure. +Also the status page is available since Linux 2.6.37, so failures of +`selinux_status_open(3)` in non-fallback mode should only be caused by +policies not allowing the client process to open/read/map +the /sys/fs/selinux/status file. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c +index 8314d7ba3de6..daaedbc6a6fd 100644 +--- a/libselinux/src/avc.c ++++ b/libselinux/src/avc.c +@@ -214,7 +214,7 @@ static int avc_init_internal(const char *prefix, + avc_enforcing = rc; + } + +- rc = selinux_status_open(1); ++ rc = selinux_status_open(0); + if (rc < 0) { + avc_log(SELINUX_ERROR, + "%s: could not open selinux status page: %d (%s)\n", +-- +2.32.0 + diff --git a/0032-libselinux-selinux_status_open-return-1-in-fallback-.patch b/0032-libselinux-selinux_status_open-return-1-in-fallback-.patch new file mode 100644 index 0000000..00ade44 --- /dev/null +++ b/0032-libselinux-selinux_status_open-return-1-in-fallback-.patch @@ -0,0 +1,36 @@ +From ed2e4db2f9941e01e65248ce5f0a9e49f3efd130 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 1 Jun 2021 17:05:23 +0200 +Subject: [PATCH] libselinux: selinux_status_open: return 1 in fallback mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case of a recurring call to `selinux_status_open(3)`, which +previously has been opened in fallback mode, return `1` according to its +documentation. + +Fixes: c5a699046f4 ("libselinux: make selinux_status_open(3) reentrant") + +Signed-off-by: Christian Göttsche +Acked-by: Petr Lautrbach +--- + libselinux/src/sestatus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c +index 531a522c0f48..89c1f6216702 100644 +--- a/libselinux/src/sestatus.c ++++ b/libselinux/src/sestatus.c +@@ -283,7 +283,7 @@ int selinux_status_open(int fallback) + uint32_t seqno; + + if (selinux_status != NULL) { +- return 0; ++ return (selinux_status == MAP_FAILED) ? 1 : 0; + } + + if (!selinux_mnt) { +-- +2.32.0 + diff --git a/0033-libselinux-improve-getcon-3-man-page.patch b/0033-libselinux-improve-getcon-3-man-page.patch new file mode 100644 index 0000000..c1b4851 --- /dev/null +++ b/0033-libselinux-improve-getcon-3-man-page.patch @@ -0,0 +1,118 @@ +From ea02e0acfaab93219359448a66edff365aef4ca5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 1 Jun 2021 17:35:09 +0200 +Subject: [PATCH] libselinux: improve getcon(3) man page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Improve formatting of section DESCRIPTION by adding list points. +Mention errno is set on failure. +Mention the returned context might be NULL if SELinux is not enabled. +Align setcon/_raw parameter by adding const. + +Signed-off-by: Christian Göttsche +Acked-by: Petr Lautrbach +--- + libselinux/man/man3/getcon.3 | 41 +++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 12 deletions(-) + +diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3 +index 67872a4dede6..e7e394f305b7 100644 +--- a/libselinux/man/man3/getcon.3 ++++ b/libselinux/man/man3/getcon.3 +@@ -7,7 +7,7 @@ freecon, freeconary \- free memory associated with SELinux security contexts + getpeercon \- get security context of a peer socket + + setcon \- set current security context of a process +-. ++ + .SH "SYNOPSIS" + .B #include + .sp +@@ -31,30 +31,39 @@ setcon \- set current security context of a process + .sp + .BI "void freeconary(char **" con ); + .sp +-.BI "int setcon(char *" context ); ++.BI "int setcon(const char *" context ); + .sp +-.BI "int setcon_raw(char *" context ); +-. ++.BI "int setcon_raw(const char *" context ); ++ + .SH "DESCRIPTION" ++.TP + .BR getcon () + retrieves the context of the current process, which must be free'd with +-freecon. ++.BR freecon (). + ++.TP + .BR getprevcon () + same as getcon but gets the context before the last exec. + ++.TP + .BR getpidcon () +-returns the process context for the specified PID. ++returns the process context for the specified PID, which must be free'd with ++.BR freecon (). + ++.TP + .BR getpeercon () +-retrieves context of peer socket, and set +-.BI * context +-to refer to it, which must be free'd with ++retrieves the context of the peer socket, which must be free'd with + .BR freecon (). + ++.TP + .BR freecon () + frees the memory allocated for a security context. + ++If ++.I con ++is NULL, no operation is performed. ++ ++.TP + .BR freeconary () + frees the memory allocated for a context array. + +@@ -62,6 +71,7 @@ If + .I con + is NULL, no operation is performed. + ++.TP + .BR setcon () + sets the current security context of the process to a new value. Note + that use of this function requires that the entire application be +@@ -110,6 +120,8 @@ context and the + .BR setcon () + will fail if it is not allowed by policy. + ++.TP ++.BR *_raw() + .BR getcon_raw (), + .BR getprevcon_raw (), + .BR getpidcon_raw (), +@@ -118,9 +130,14 @@ and + .BR setcon_raw () + behave identically to their non-raw counterparts but do not perform context + translation. +-. ++ + .SH "RETURN VALUE" +-On error \-1 is returned. On success 0 is returned. +-. ++On error \-1 is returned with errno set. On success 0 is returned. ++ ++.SH "NOTES" ++The retrieval functions might return success and set ++.I *context ++to NULL if and only if SELinux is not enabled. ++ + .SH "SEE ALSO" + .BR selinux "(8), " setexeccon "(3)" +-- +2.32.0 + diff --git a/0034-libselinux-fix-typo.patch b/0034-libselinux-fix-typo.patch new file mode 100644 index 0000000..3d9d604 --- /dev/null +++ b/0034-libselinux-fix-typo.patch @@ -0,0 +1,30 @@ +From fa4de3c9d85a310248bae516ed4535773885845b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 8 Jun 2021 17:36:44 +0200 +Subject: [PATCH] libselinux: fix typo +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: Petr Lautrbach +--- + libselinux/src/regex.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/regex.h b/libselinux/src/regex.h +index 10c3df7856e1..2dfa25342034 100644 +--- a/libselinux/src/regex.h ++++ b/libselinux/src/regex.h +@@ -44,7 +44,7 @@ struct mmap_area; + char const *regex_arch_string(void) ; + + /** +- * regex_verison returns the version string of the underlying regular ++ * regex_version returns the version string of the underlying regular + * regular expressions library. In the case of PCRE it just returns the + * result of pcre_version(). In the case of PCRE2, the very first time this + * function is called it allocates a buffer large enough to hold the version +-- +2.32.0 + diff --git a/0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch b/0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch new file mode 100644 index 0000000..fdaabab --- /dev/null +++ b/0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch @@ -0,0 +1,34 @@ +From 70b31e75fe157f4cfa5afc6589c0605868017028 Mon Sep 17 00:00:00 2001 +From: Topi Miettinen +Date: Sat, 12 Jun 2021 12:07:38 +0300 +Subject: [PATCH] selinux.8: document how mount flag nosuid affects SELinux + +Using mount flag `nosuid` also affects SELinux domain transitions but +this has not been documented well. + +Signed-off-by: Topi Miettinen +--- + libselinux/man/man8/selinux.8 | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 +index 0ef014609a36..5842150bfc72 100644 +--- a/libselinux/man/man8/selinux.8 ++++ b/libselinux/man/man8/selinux.8 +@@ -94,6 +94,13 @@ and reboot. + also has this capability. The + .BR restorecon / fixfiles + commands are also available for relabeling files. ++ ++Please note that using mount flag ++.I nosuid ++also disables SELinux domain transitions, unless permission ++.I nosuid_transition ++is used in the policy to allow this, which in turn needs also policy capability ++.IR nnp_nosuid_transition . + . + .SH AUTHOR + This manual page was written by Dan Walsh . +-- +2.32.0 + diff --git a/0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch b/0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch new file mode 100644 index 0000000..2953a46 --- /dev/null +++ b/0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch @@ -0,0 +1,46 @@ +From 4859b738136ef8889fbb71a166cfec8d313ba4e0 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Thu, 1 Jul 2021 19:06:19 +0200 +Subject: [PATCH] libselinux/utils/getseuser.c: fix build with gcc 4.8 + +Fix the following build failure with gcc 4.8 which is raised since +version 3.2 and +https://github.com/SELinuxProject/selinux/commit/156dd0de5cad31e7d437c64e11a8aef027f0a691 + +getseuser.c:53:2: error: 'for' loop initial declarations are only allowed in C99 mode + for (int i = 0; i < n; i++) + ^ + +Fixes: + - http://autobuild.buildroot.org/results/37eb0952a763256fbf6ef3c668f6c95fbdf2dd35 + +Signed-off-by: Fabrice Fontaine +--- + libselinux/utils/getseuser.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/utils/getseuser.c b/libselinux/utils/getseuser.c +index ce1b7b27dbd9..34f2e887ffa0 100644 +--- a/libselinux/utils/getseuser.c ++++ b/libselinux/utils/getseuser.c +@@ -9,7 +9,7 @@ int main(int argc, char **argv) + { + char *seuser = NULL, *level = NULL; + char **contextlist; +- int rc, n; ++ int rc, n, i; + + if (argc != 3) { + fprintf(stderr, "usage: %s linuxuser fromcon\n", argv[0]); +@@ -50,7 +50,7 @@ int main(int argc, char **argv) + if (n == 0) + printf("no valid context found\n"); + +- for (int i = 0; i < n; i++) ++ for (i = 0; i < n; i++) + printf("Context %d\t%s\n", i, contextlist[i]); + + freeconary(contextlist); +-- +2.32.0 + diff --git a/0037-libselinux-silence-Wextra-semi-stmt-warning.patch b/0037-libselinux-silence-Wextra-semi-stmt-warning.patch new file mode 100644 index 0000000..bf958ac --- /dev/null +++ b/0037-libselinux-silence-Wextra-semi-stmt-warning.patch @@ -0,0 +1,191 @@ +From 40543dceedc1510d0d27177f564db0f232689803 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Sat, 3 Jul 2021 16:31:18 +0200 +Subject: [PATCH] libselinux: silence -Wextra-semi-stmt warning + +On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt +(which is not the default build configuration), the compiler reports: + + sha1.c:90:21: error: empty expression statement has no effect; + remove unnecessary ';' to silence this warning + [-Werror,-Wextra-semi-stmt] + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + ^ + In file included from selinux_restorecon.c:39: + ./label_file.h:458:15: error: empty expression statement has no + effect; remove unnecessary ';' to silence this warning + [-Werror,-Wextra-semi-stmt] + lineno); + ^ + +Introduce "do { } while (0)" blocks to silence such warnings. + +Signed-off-by: Nicolas Iooss +--- + libselinux/src/avc_internal.h | 22 +++++++++++++------- + libselinux/src/label_internal.h | 10 +++++---- + libselinux/src/load_policy.c | 2 +- + libselinux/src/procattr.c | 4 ++-- + libselinux/src/sha1.c | 11 +++++----- + libselinux/utils/matchpathcon.c | 2 +- + libselinux/utils/selabel_lookup_best_match.c | 2 +- + 7 files changed, 31 insertions(+), 22 deletions(-) + +diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h +index da67affc9307..a9a4aa0b3c42 100644 +--- a/libselinux/src/avc_internal.h ++++ b/libselinux/src/avc_internal.h +@@ -85,10 +85,12 @@ static inline void avc_free(void *ptr) + + /* this is a macro in order to use the variadic capability. */ + #define avc_log(type, format...) \ +- if (avc_func_log) \ +- avc_func_log(format); \ +- else \ +- selinux_log(type, format); ++ do { \ ++ if (avc_func_log) \ ++ avc_func_log(format); \ ++ else \ ++ selinux_log(type, format); \ ++ } while (0) + + static inline void avc_suppl_audit(void *ptr, security_class_t class, + char *buf, size_t len) +@@ -137,14 +139,18 @@ static inline void avc_free_lock(void *lock) + #ifdef AVC_CACHE_STATS + + #define avc_cache_stats_incr(field) \ +- cache_stats.field ++; ++ do { \ ++ cache_stats.field ++; \ ++ } while (0) + #define avc_cache_stats_add(field, num) \ +- cache_stats.field += num; ++ do { \ ++ cache_stats.field += num; \ ++ } while (0) + + #else + +-#define avc_cache_stats_incr(field) +-#define avc_cache_stats_add(field, num) ++#define avc_cache_stats_incr(field) do {} while (0) ++#define avc_cache_stats_add(field, num) do {} while (0) + + #endif + +diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h +index 361b443cb9c4..782c6aa8cc0c 100644 +--- a/libselinux/src/label_internal.h ++++ b/libselinux/src/label_internal.h +@@ -128,10 +128,12 @@ extern int myprintf_compat; + extern void __attribute__ ((format(printf, 1, 2))) + (*myprintf) (const char *fmt, ...) ; + +-#define COMPAT_LOG(type, fmt...) if (myprintf_compat) \ +- myprintf(fmt); \ +- else \ +- selinux_log(type, fmt); ++#define COMPAT_LOG(type, fmt...) do { \ ++ if (myprintf_compat) \ ++ myprintf(fmt); \ ++ else \ ++ selinux_log(type, fmt); \ ++ } while (0) + + extern int + compat_validate(struct selabel_handle *rec, +diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c +index 0034fa53d6e6..5857b821e80e 100644 +--- a/libselinux/src/load_policy.c ++++ b/libselinux/src/load_policy.c +@@ -80,7 +80,7 @@ int selinux_mkload_policy(int preservebools __attribute__((unused))) + if (libsepolh) { + usesepol = 1; + dlerror(); +-#define DLERR() if ((errormsg = dlerror())) goto dlclose; ++#define DLERR() do { if ((errormsg = dlerror())) goto dlclose; } while (0) + vers_max = dlsym(libsepolh, "sepol_policy_kern_vers_max"); + DLERR(); + vers_min = dlsym(libsepolh, "sepol_policy_kern_vers_min"); +diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c +index 840570525f5f..6552ee01bca8 100644 +--- a/libselinux/src/procattr.c ++++ b/libselinux/src/procattr.c +@@ -146,7 +146,7 @@ static int getprocattrcon_raw(char ** context, + default: + errno = ENOENT; + return -1; +- }; ++ } + + if (prev_context && prev_context != UNSET) { + *context = strdup(prev_context); +@@ -240,7 +240,7 @@ static int setprocattrcon_raw(const char * context, + default: + errno = ENOENT; + return -1; +- }; ++ } + + if (!context && !*prev_context) + return 0; +diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c +index 664bbcf26eef..a848467785f3 100644 +--- a/libselinux/src/sha1.c ++++ b/libselinux/src/sha1.c +@@ -16,6 +16,7 @@ + // sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align] + // CHAR64LONG16* block = (CHAR64LONG16*) workspace; + // William Roberts ++// - Silence clang's -Wextra-semi-stmt warning - July 2021, Nicolas Iooss + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +@@ -49,11 +50,11 @@ typedef union + ^block->l[(i+2)&15]^block->l[i&15],1)) + + // (R0+R1), R2, R3, R4 are the different operations used in SHA1 +-#define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 + rol(v,5); w=rol(w,30); +-#define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk(i) + 0x5A827999 + rol(v,5); w=rol(w,30); +-#define R2(v,w,x,y,z,i) z += (w^x^y) + blk(i) + 0x6ED9EBA1 + rol(v,5); w=rol(w,30); +-#define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC + rol(v,5); w=rol(w,30); +-#define R4(v,w,x,y,z,i) z += (w^x^y) + blk(i) + 0xCA62C1D6 + rol(v,5); w=rol(w,30); ++#define R0(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 + rol(v,5); w=rol(w,30); } while (0) ++#define R1(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk(i) + 0x5A827999 + rol(v,5); w=rol(w,30); } while (0) ++#define R2(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0x6ED9EBA1 + rol(v,5); w=rol(w,30); } while (0) ++#define R3(v,w,x,y,z,i) do { z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC + rol(v,5); w=rol(w,30); } while (0) ++#define R4(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0xCA62C1D6 + rol(v,5); w=rol(w,30); } while (0) + + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c +index a07e160dee71..1d713c01f81c 100644 +--- a/libselinux/utils/matchpathcon.c ++++ b/libselinux/utils/matchpathcon.c +@@ -65,7 +65,7 @@ static mode_t string_to_mode(char *s) + return S_IFREG; + default: + return -1; +- }; ++ } + return -1; + } + +diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c +index 6a7174233667..2cddc6cde051 100644 +--- a/libselinux/utils/selabel_lookup_best_match.c ++++ b/libselinux/utils/selabel_lookup_best_match.c +@@ -47,7 +47,7 @@ static mode_t string_to_mode(char *s) + return S_IFSOCK; + case 'f': + return S_IFREG; +- }; ++ } + return 0; + } + +-- +2.32.0 + diff --git a/libselinux.spec b/libselinux.spec index 6520384..7cbf5ed 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,10 +1,10 @@ %define ruby_inc %(pkg-config --cflags ruby) -%define libsepolver 3.2-1 +%define libsepolver 3.2-3 Summary: SELinux library and simple utilities Name: libselinux Version: 3.2 -Release: 3%{?dist} +Release: 4%{?dist} License: Public Domain # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libselinux-3.2.tar.gz @@ -16,6 +16,43 @@ Url: https://github.com/SELinuxProject/selinux/wiki # $ git format-patch -N 3.2 -- libselinux # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start +Patch0001: 0001-libselinux-do-not-duplicate-make-target-when-going-i.patch +Patch0002: 0002-libselinux-selinux_check_passwd_access_internal-resp.patch +Patch0003: 0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch +Patch0004: 0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch +Patch0005: 0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch +Patch0006: 0006-libselinux-label_common-do-not-discard-const-qualifi.patch +Patch0007: 0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch +Patch0008: 0008-libselinux-sefcontext_compile-mark-local-variable-st.patch +Patch0009: 0009-libselinux-avcstat-use-standard-length-modifier-for-.patch +Patch0010: 0010-libselinux-selinux_restorecon-mark-local-variable-st.patch +Patch0011: 0011-libselinux-selabel_get_digests_all_partial_matches-f.patch +Patch0012: 0012-libselinux-getconlist-free-memory-on-multiple-level-.patch +Patch0013: 0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch +Patch0014: 0014-libselinux-context_new-drop-dead-assignment.patch +Patch0015: 0015-libselinux-label_x-init-drop-dead-assignment.patch +Patch0016: 0016-libselinux-label_media-init-drop-dead-assignment.patch +Patch0017: 0017-libselinux-setexecfilecon-drop-dead-assignment.patch +Patch0018: 0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch +Patch0019: 0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch +Patch0020: 0020-libselinux-matchmediacon-close-file-on-error.patch +Patch0021: 0021-libselinux-init_selinux_config-free-resources-on-err.patch +Patch0022: 0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch +Patch0023: 0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch +Patch0024: 0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch +Patch0025: 0025-libselinux-drop-redundant-casts-to-the-same-type.patch +Patch0026: 0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch +Patch0027: 0027-libselinux-regex-unify-parameter-names.patch +Patch0028: 0028-libselinux-label_file.c-fix-indent.patch +Patch0029: 0029-libselinux-avc_destroy-3-closes-status-page.patch +Patch0030: 0030-libselinux-make-selinux_status_open-3-reentrant.patch +Patch0031: 0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch +Patch0032: 0032-libselinux-selinux_status_open-return-1-in-fallback-.patch +Patch0033: 0033-libselinux-improve-getcon-3-man-page.patch +Patch0034: 0034-libselinux-fix-typo.patch +Patch0035: 0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch +Patch0036: 0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch +Patch0037: 0037-libselinux-silence-Wextra-semi-stmt-warning.patch # Patch list end BuildRequires: gcc make BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel @@ -212,6 +249,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %{ruby_vendorarchdir}/selinux.so %changelog +* Wed Jul 28 2021 Petr Lautrbach - 3.2-4 +- Rebase on upstream commit 32611aea6543 + * Thu Jul 22 2021 Fedora Release Engineering - 3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild