basebuilder_pel7ppc64bebuilder0
7 years ago
10 changed files with 969 additions and 0 deletions
@ -0,0 +1,35 @@ |
|||||||
|
From b00d11c941b689fbf3441e80b318c6a05c6657e4 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Vit Mojzis <vmojzis@redhat.com> |
||||||
|
Date: Thu, 19 Oct 2017 15:17:21 +0200 |
||||||
|
Subject: [PATCH] libqpol: Do not fail on neverallow rule query |
||||||
|
|
||||||
|
Drawing upon the conclusion from: |
||||||
|
|
||||||
|
77bd0f2103e8f02f02ba75dd5fd5ceb263d4f878 |
||||||
|
No need to take into account the policy capabilities in sesearch code, |
||||||
|
the lower levels in the library handle it correctly. (fixes Fedora |
||||||
|
bug #526460) |
||||||
|
--- |
||||||
|
libqpol/src/avrule_query.c | 6 ------ |
||||||
|
1 file changed, 6 deletions(-) |
||||||
|
|
||||||
|
diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c |
||||||
|
index 749565b..c2dd010 100644 |
||||||
|
--- a/libqpol/src/avrule_query.c |
||||||
|
+++ b/libqpol/src/avrule_query.c |
||||||
|
@@ -55,12 +55,6 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type |
||||||
|
} |
||||||
|
#endif |
||||||
|
|
||||||
|
- if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { |
||||||
|
- ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); |
||||||
|
- errno = ENOTSUP; |
||||||
|
- return STATUS_ERR; |
||||||
|
- } |
||||||
|
- |
||||||
|
db = &policy->p->p; |
||||||
|
|
||||||
|
state = calloc(1, sizeof(avtab_state_t)); |
||||||
|
-- |
||||||
|
2.9.4 |
||||||
|
|
@ -0,0 +1,34 @@ |
|||||||
|
From 0332c009bd0581ab9a75a4ea80af92bb2d6b8b1f Mon Sep 17 00:00:00 2001 |
||||||
|
From: Dan Walsh <dwalsh@redhat.com> |
||||||
|
Date: Tue, 20 Sep 2011 15:46:38 -0400 |
||||||
|
Subject: [PATCH 02/11] Fix sepol calls to work with latest libsepol |
||||||
|
|
||||||
|
--- |
||||||
|
configure.ac | 4 ++-- |
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac |
||||||
|
index 577ce48..2a5b55b 100644 |
||||||
|
--- a/configure.ac |
||||||
|
+++ b/configure.ac |
||||||
|
@@ -521,7 +521,7 @@ else |
||||||
|
[AC_LANG_SOURCE([ |
||||||
|
#include <sepol/policydb/expand.h> |
||||||
|
int main () { |
||||||
|
- return role_set_expand(NULL, NULL, NULL, NULL); |
||||||
|
+ return role_set_expand(NULL, NULL, NULL, NULL, NULL); |
||||||
|
}])], |
||||||
|
sepol_new_user_role_mapping="yes", |
||||||
|
sepol_new_user_role_mapping="no") |
||||||
|
@@ -578,7 +578,7 @@ if test ${sepol_check_boolmap} = "yes"; then |
||||||
|
[AC_LANG_SOURCE([ |
||||||
|
#include <sepol/policydb/expand.h> |
||||||
|
int main () { |
||||||
|
- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0); |
||||||
|
+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0); |
||||||
|
}])], |
||||||
|
AC_MSG_RESULT([yes]), |
||||||
|
AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,97 @@ |
|||||||
|
From 85a12d481d664120865b46cd1c4c325307179471 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 10:53:54 +0200 |
||||||
|
Subject: [PATCH 04/11] Apply selinux_current_policy_path patch |
||||||
|
|
||||||
|
--- |
||||||
|
libqpol/src/util.c | 73 ++++-------------------------------------------------- |
||||||
|
1 file changed, 5 insertions(+), 68 deletions(-) |
||||||
|
|
||||||
|
diff --git a/libqpol/src/util.c b/libqpol/src/util.c |
||||||
|
index 7c49876..8f74b2b 100644 |
||||||
|
--- a/libqpol/src/util.c |
||||||
|
+++ b/libqpol/src/util.c |
||||||
|
@@ -84,75 +84,12 @@ static int get_binpol_version(const char *policy_fname) |
||||||
|
|
||||||
|
static int search_policy_binary_file(char **path) |
||||||
|
{ |
||||||
|
- const char *binary_path; |
||||||
|
- if ((binary_path = selinux_binary_policy_path()) == NULL) { |
||||||
|
- return -1; |
||||||
|
- } |
||||||
|
- |
||||||
|
- int expected_version = -1, latest_version = -1; |
||||||
|
-#ifdef LIBSELINUX |
||||||
|
- /* if the system has SELinux enabled, prefer the policy whose |
||||||
|
- name matches the current policy version */ |
||||||
|
- if ((expected_version = security_policyvers()) < 0) { |
||||||
|
- return -1; |
||||||
|
- } |
||||||
|
-#endif |
||||||
|
- |
||||||
|
- glob_t glob_buf; |
||||||
|
- struct stat fs; |
||||||
|
- int rt, error = 0, retval = -1; |
||||||
|
- size_t i; |
||||||
|
- char *pattern = NULL; |
||||||
|
- if (asprintf(&pattern, "%s.*", binary_path) < 0) { |
||||||
|
- return -1; |
||||||
|
- } |
||||||
|
- glob_buf.gl_offs = 1; |
||||||
|
- glob_buf.gl_pathc = 0; |
||||||
|
- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf); |
||||||
|
- if (rt != 0 && rt != GLOB_NOMATCH) { |
||||||
|
- errno = EIO; |
||||||
|
- return -1; |
||||||
|
- } |
||||||
|
- |
||||||
|
- for (i = 0; i < glob_buf.gl_pathc; i++) { |
||||||
|
- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs]; |
||||||
|
- if (stat(p, &fs) != 0) { |
||||||
|
- error = errno; |
||||||
|
- goto cleanup; |
||||||
|
- } |
||||||
|
- if (S_ISDIR(fs.st_mode)) |
||||||
|
- continue; |
||||||
|
- |
||||||
|
- if ((rt = get_binpol_version(p)) < 0) { |
||||||
|
- error = errno; |
||||||
|
- goto cleanup; |
||||||
|
- } |
||||||
|
- |
||||||
|
- if (rt > latest_version || rt == expected_version) { |
||||||
|
- free(*path); |
||||||
|
- if ((*path = strdup(p)) == NULL) { |
||||||
|
- error = errno; |
||||||
|
- goto cleanup; |
||||||
|
- } |
||||||
|
- if (rt == expected_version) { |
||||||
|
- break; |
||||||
|
- } |
||||||
|
- latest_version = rt; |
||||||
|
- } |
||||||
|
- } |
||||||
|
- |
||||||
|
- if (*path == NULL) { |
||||||
|
- retval = 1; |
||||||
|
- } else { |
||||||
|
- retval = 0; |
||||||
|
- } |
||||||
|
- cleanup: |
||||||
|
- free(pattern); |
||||||
|
- globfree(&glob_buf); |
||||||
|
- if (retval == -1) { |
||||||
|
- errno = error; |
||||||
|
+ const char *binary_path = selinux_current_policy_path(); |
||||||
|
+ if (binary_path) { |
||||||
|
+ *path = strdup(binary_path); |
||||||
|
+ if (*path) return 0; |
||||||
|
} |
||||||
|
- return retval; |
||||||
|
+ return -1; |
||||||
|
} |
||||||
|
|
||||||
|
int qpol_default_policy_find(char **path) |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,24 @@ |
|||||||
|
From ba8e76cd514e8ce92a48931963e97fe79589a71a Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 11:12:37 +0200 |
||||||
|
Subject: [PATCH 05/11] Apply seaudit patch for progress.c |
||||||
|
|
||||||
|
--- |
||||||
|
libqpol/swig/java/Makefile.am | 1 - |
||||||
|
1 file changed, 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/libqpol/swig/java/Makefile.am b/libqpol/swig/java/Makefile.am |
||||||
|
index a25eacb..533b55a 100644 |
||||||
|
--- a/libqpol/swig/java/Makefile.am |
||||||
|
+++ b/libqpol/swig/java/Makefile.am |
||||||
|
@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \ |
||||||
|
qpol_type_t.java \ |
||||||
|
qpol_user_t.java \ |
||||||
|
qpol_validatetrans_t.java \ |
||||||
|
- SWIGTYPE_p_int.java \ |
||||||
|
SWIGTYPE_p_unsigned_int.java \ |
||||||
|
SWIGTYPE_p_void.java |
||||||
|
|
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,39 @@ |
|||||||
|
From 61d3d40e791a4ac392930f11785e4057f67a5b09 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 11:14:50 +0200 |
||||||
|
Subject: [PATCH 06/11] Add support for boolean subs |
||||||
|
|
||||||
|
--- |
||||||
|
secmds/seinfo.c | 2 +- |
||||||
|
secmds/sesearch.c | 2 +- |
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/secmds/seinfo.c b/secmds/seinfo.c |
||||||
|
index a970890..54b2a6a 100644 |
||||||
|
--- a/secmds/seinfo.c |
||||||
|
+++ b/secmds/seinfo.c |
||||||
|
@@ -1720,7 +1720,7 @@ int main(int argc, char **argv) |
||||||
|
case 'b': /* conditional booleans */ |
||||||
|
bools = 1; |
||||||
|
if (optarg != 0) |
||||||
|
- bool_name = optarg; |
||||||
|
+ bool_name = selinux_boolean_sub(optarg); |
||||||
|
break; |
||||||
|
case OPT_INITIALSID: |
||||||
|
isids = 1; |
||||||
|
diff --git a/secmds/sesearch.c b/secmds/sesearch.c |
||||||
|
index 387d526..e1436a7 100644 |
||||||
|
--- a/secmds/sesearch.c |
||||||
|
+++ b/secmds/sesearch.c |
||||||
|
@@ -1067,7 +1067,7 @@ int main(int argc, char **argv) |
||||||
|
printf("Missing boolean for -b (--bool)\n"); |
||||||
|
exit(1); |
||||||
|
} |
||||||
|
- cmd_opts.bool_name = strdup(optarg); |
||||||
|
+ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg)); |
||||||
|
if (!cmd_opts.bool_name) { |
||||||
|
fprintf(stderr, "%s\n", strerror(errno)); |
||||||
|
exit(1); |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,207 @@ |
|||||||
|
From a39d0831d654292fb2a1f7b9ee18ecc9239f610f Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 18:38:34 +0200 |
||||||
|
Subject: [PATCH 07/11] Setools noship |
||||||
|
|
||||||
|
--- |
||||||
|
Makefile.am | 26 +++----------------------- |
||||||
|
configure.ac | 2 +- |
||||||
|
man/Makefile.am | 15 +++------------ |
||||||
|
seaudit/Makefile.am | 31 +++---------------------------- |
||||||
|
secmds/Makefile.am | 14 +------------- |
||||||
|
sediff/Makefile.am | 32 ++------------------------------ |
||||||
|
6 files changed, 13 insertions(+), 107 deletions(-) |
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am |
||||||
|
index 176c8ea..4cac386 100644 |
||||||
|
--- a/Makefile.am |
||||||
|
+++ b/Makefile.am |
||||||
|
@@ -78,9 +70,9 @@ install-logwatch: |
||||||
|
$(MAKE) -C $(top_srcdir)/seaudit install-logwatch |
||||||
|
|
||||||
|
.PHONY: libqpol libapol libpoldiff libsefs libseaudit \ |
||||||
|
- apol secmds seaudit sediff sediffx sechecker \ |
||||||
|
+ apol secmds seaudit sediff sechecker\ |
||||||
|
install-logwatch help \ |
||||||
|
- seinfo sesearch indexcon findcon replcon searchcon \ |
||||||
|
+ seinfo sesearch findcon \ |
||||||
|
packages |
||||||
|
|
||||||
|
seinfo: libqpol libapol |
||||||
|
diff --git a/configure.ac b/configure.ac |
||||||
|
index 2a5b55b..5b1da5e 100644 |
||||||
|
--- a/configure.ac |
||||||
|
+++ b/configure.ac |
||||||
|
@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; then |
||||||
|
fi |
||||||
|
AC_PROG_CXX |
||||||
|
AC_LANG([C]) |
||||||
|
-AC_PROG_LIBTOOL |
||||||
|
+AC_PROG_RANLIB |
||||||
|
AC_PROG_LN_S |
||||||
|
AC_PROG_LEX |
||||||
|
AC_PROG_YACC |
||||||
|
diff --git a/man/Makefile.am b/man/Makefile.am |
||||||
|
index 0fafccb..f88e00a 100644 |
||||||
|
--- a/man/Makefile.am |
||||||
|
+++ b/man/Makefile.am |
||||||
|
@@ -1,19 +1,10 @@ |
||||||
|
if BUILD_GUI |
||||||
|
MAYBEMANS = apol.1 \ |
||||||
|
- seaudit.8 seaudit-report.8 \ |
||||||
|
- sediffx.1 |
||||||
|
+ seaudit.8 |
||||||
|
endif |
||||||
|
|
||||||
|
EXTRA_DIST=$(man_MANS) apol.1 \ |
||||||
|
- seaudit.8 seaudit-report.8.in \ |
||||||
|
- sediffx.1 |
||||||
|
+ seaudit.8 |
||||||
|
|
||||||
|
-man_MANS = findcon.1 indexcon.1 replcon.1 \ |
||||||
|
- sechecker.1 \ |
||||||
|
- sediff.1 \ |
||||||
|
+man_MANS = findcon.1 sediff.1 sechecker.1 \ |
||||||
|
seinfo.1 sesearch.1 $(MAYBEMANS) |
||||||
|
- |
||||||
|
-seaudit-report.8: seaudit-report.8.in Makefile |
||||||
|
- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ |
||||||
|
- |
||||||
|
-CLEANFILES = seaudit-report.8 |
||||||
|
diff --git a/seaudit/Makefile.am b/seaudit/Makefile.am |
||||||
|
index 1987c99..3fa4413 100644 |
||||||
|
--- a/seaudit/Makefile.am |
||||||
|
+++ b/seaudit/Makefile.am |
||||||
|
@@ -1,5 +1,4 @@ |
||||||
|
setoolsdir = @setoolsdir@ |
||||||
|
-bin_PROGRAMS = seaudit-report |
||||||
|
sbin_PROGRAMS = seaudit |
||||||
|
|
||||||
|
AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ |
||||||
|
@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ |
||||||
|
dist_setools_DATA = \ |
||||||
|
seaudit.glade \ |
||||||
|
seaudit_help.txt \ |
||||||
|
- seaudit-report.conf \ |
||||||
|
- seaudit-report.css \ |
||||||
|
seaudit.png seaudit-small.png |
||||||
|
|
||||||
|
nodist_setools_DATA = \ |
||||||
|
- dot_seaudit \ |
||||||
|
- seaudit-report-service |
||||||
|
+ dot_seaudit |
||||||
|
|
||||||
|
seaudit_SOURCES = \ |
||||||
|
filter_view.c filter_view.h \ |
||||||
|
@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ |
||||||
|
dot_seaudit: dot_seaudit.in Makefile |
||||||
|
sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ |
||||||
|
|
||||||
|
-seaudit_report_SOURCES = seaudit-report.c |
||||||
|
-seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ |
||||||
|
- $(top_builddir)/libapol/src/libapol.so \ |
||||||
|
- $(top_builddir)/libqpol/src/libqpol.so |
||||||
|
- |
||||||
|
logwatch = $(DESTDIR)/etc/logwatch |
||||||
|
LOGWATCH_GROUP = $(logwatch)/conf/logfiles |
||||||
|
LOGWATCH_SERVICE = $(logwatch)/conf/services |
||||||
|
LOGWATCH_FILTER = $(logwatch)/scripts/services |
||||||
|
|
||||||
|
-dist_noinst_DATA = dot_seaudit.in \ |
||||||
|
- seaudit-report-group.conf \ |
||||||
|
- seaudit-report-service.conf \ |
||||||
|
- seaudit-report-service.in |
||||||
|
- |
||||||
|
-seaudit-report-service: seaudit-report-service.in Makefile |
||||||
|
- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@ |
||||||
|
- |
||||||
|
-install-logwatch: $(dist_noinst_DATA) seaudit-report-service |
||||||
|
- mkdir -p -- $(LOGWATCH_GROUP) |
||||||
|
- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP) |
||||||
|
- mkdir -p -- $(LOGWATCH_SERVICE) |
||||||
|
- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE) |
||||||
|
- mkdir -p -- $(LOGWATCH_FILTER) |
||||||
|
- install -m 755 seaudit-report-service $(LOGWATCH_FILTER) |
||||||
|
+dist_noinst_DATA = dot_seaudit.in |
||||||
|
|
||||||
|
$(top_builddir)/libapol/src/libapol.so: |
||||||
|
$(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) |
||||||
|
@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so: |
||||||
|
$(top_builddir)/libsefs/src/libsefs.so: |
||||||
|
$(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@) |
||||||
|
|
||||||
|
-.PHONY: install-logwatch |
||||||
|
- |
||||||
|
-CLEANFILES = dot_seaudit seaudit-report-service |
||||||
|
+CLEANFILES = dot_seaudit |
||||||
|
diff --git a/secmds/Makefile.am b/secmds/Makefile.am |
||||||
|
index ddc88b1..7fa4364 100644 |
||||||
|
--- a/secmds/Makefile.am |
||||||
|
+++ b/secmds/Makefile.am |
||||||
|
@@ -1,6 +1,6 @@ |
||||||
|
# various setools command line tools |
||||||
|
|
||||||
|
-bin_PROGRAMS = seinfo sesearch findcon replcon indexcon |
||||||
|
+bin_PROGRAMS = seinfo sesearch findcon |
||||||
|
|
||||||
|
# These are for indexcon so that it is usable on machines without setools |
||||||
|
STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3 |
||||||
|
diff --git a/sediff/Makefile.am b/sediff/Makefile.am |
||||||
|
index 3f53cd3..2d9ce84 100644 |
||||||
|
--- a/sediff/Makefile.am |
||||||
|
+++ b/sediff/Makefile.am |
||||||
|
@@ -1,13 +1,6 @@ |
||||||
|
setoolsdir = @setoolsdir@ |
||||||
|
|
||||||
|
-dist_setools_DATA = sediff_help.txt sediffx.glade \ |
||||||
|
- sediffx.png sediffx-small.png |
||||||
|
- |
||||||
|
-if BUILD_GUI |
||||||
|
- MAYBE_SEDIFFX = sediffx |
||||||
|
-endif |
||||||
|
- |
||||||
|
-bin_PROGRAMS = sediff $(MAYBE_SEDIFFX) |
||||||
|
+bin_PROGRAMS = sediff |
||||||
|
|
||||||
|
AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ |
||||||
|
@QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@ |
||||||
|
@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ |
||||||
|
|
||||||
|
LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ |
||||||
|
|
||||||
|
-sediff_CFLAGS = $(AM_CFLAGS) |
||||||
|
-sediffx_CFLAGS = $(AM_CFLAGS) \ |
||||||
|
- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@ |
||||||
|
- |
||||||
|
-# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks |
||||||
|
-sediffx_LDFLAGS = $(AM_LDFLAGS) \ |
||||||
|
- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \ |
||||||
|
- -rdynamic |
||||||
|
+sediff_CFLAGS = $(AM_CFLAGS) |
||||||
|
|
||||||
|
DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ |
||||||
|
$(top_builddir)/libapol/src/libapol.so \ |
||||||
|
@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ |
||||||
|
|
||||||
|
sediff_SOURCES = sediff.c |
||||||
|
|
||||||
|
-sediffx_SOURCES = \ |
||||||
|
- find_dialog.c find_dialog.h \ |
||||||
|
- open_policies_dialog.c open_policies_dialog.h \ |
||||||
|
- policy_view.c policy_view.h \ |
||||||
|
- progress.c progress.h \ |
||||||
|
- remap_types_dialog.c remap_types_dialog.h \ |
||||||
|
- result_item.c result_item.h \ |
||||||
|
- result_item_render.c result_item_render.h \ |
||||||
|
- results.c results.h \ |
||||||
|
- select_diff_dialog.c select_diff_dialog.h \ |
||||||
|
- toplevel.c toplevel.h \ |
||||||
|
- utilgui.c utilgui.h \ |
||||||
|
- sediffx.c sediffx.h |
||||||
|
- |
||||||
|
$(top_builddir)/libpoldiff/src/libpoldiff.so: |
||||||
|
$(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@) |
||||||
|
|
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,92 @@ |
|||||||
|
From 1136e61a9839ad3b60eb2da4d624413c02545c7d Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 18:42:27 +0200 |
||||||
|
Subject: [PATCH 08/11] Add alias support to seinfo -t |
||||||
|
|
||||||
|
--- |
||||||
|
secmds/seinfo.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ |
||||||
|
1 file changed, 48 insertions(+) |
||||||
|
|
||||||
|
diff --git a/secmds/seinfo.c b/secmds/seinfo.c |
||||||
|
index 54b2a6a..1878c49 100644 |
||||||
|
--- a/secmds/seinfo.c |
||||||
|
+++ b/secmds/seinfo.c |
||||||
|
@@ -46,6 +46,7 @@ |
||||||
|
#include <string.h> |
||||||
|
#include <assert.h> |
||||||
|
#include <getopt.h> |
||||||
|
+#include <selinux/selinux.h> |
||||||
|
|
||||||
|
#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" |
||||||
|
|
||||||
|
@@ -54,6 +55,7 @@ |
||||||
|
|
||||||
|
static char *policy_file = NULL; |
||||||
|
|
||||||
|
+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb); |
||||||
|
static int print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); |
||||||
|
static int print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); |
||||||
|
static int print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand); |
||||||
|
@@ -514,6 +516,7 @@ static int print_types(FILE * fp, const char *name, int expand, const apol_polic |
||||||
|
goto cleanup; |
||||||
|
if (print_type_attrs(fp, type_datum, policydb, expand)) |
||||||
|
goto cleanup; |
||||||
|
+ print_type_aliases(fp, type_datum, policydb); |
||||||
|
} else { |
||||||
|
if (qpol_policy_get_type_iter(q, &iter)) |
||||||
|
goto cleanup; |
||||||
|
@@ -1912,6 +1915,51 @@ int main(int argc, char **argv) |
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
+ * Prints the alias of a type. |
||||||
|
+ * |
||||||
|
+ * @param fp Reference to a file to which to print type information |
||||||
|
+ * @param type_datum Reference to sepol type_datum |
||||||
|
+ * @param policydb Reference to a policy |
||||||
|
+ * attributes |
||||||
|
+ */ |
||||||
|
+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb) |
||||||
|
+{ |
||||||
|
+ qpol_iterator_t *iter = NULL; |
||||||
|
+ size_t alias_size; |
||||||
|
+ unsigned char isattr, isalias; |
||||||
|
+ const char *type_name = NULL; |
||||||
|
+ const char *alias_name; |
||||||
|
+ qpol_policy_t *q = apol_policy_get_qpol(policydb); |
||||||
|
+ |
||||||
|
+ if (qpol_type_get_name(q, type_datum, &type_name)) |
||||||
|
+ goto cleanup; |
||||||
|
+ if (qpol_type_get_isattr(q, type_datum, &isattr)) |
||||||
|
+ goto cleanup; |
||||||
|
+ if (qpol_type_get_isalias(q, type_datum, &isalias)) |
||||||
|
+ goto cleanup; |
||||||
|
+ |
||||||
|
+ if (isalias) { |
||||||
|
+ fprintf(fp, " TypeName %s\n", type_name); |
||||||
|
+ } |
||||||
|
+ if (qpol_type_get_alias_iter(q, type_datum, &iter)) |
||||||
|
+ goto cleanup; |
||||||
|
+ if (qpol_iterator_get_size(iter, &alias_size)) |
||||||
|
+ goto cleanup; |
||||||
|
+ if (alias_size > 0) { |
||||||
|
+ fprintf(fp, " Aliases\n"); |
||||||
|
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { |
||||||
|
+ if (qpol_iterator_get_item(iter, (void **)&alias_name)) |
||||||
|
+ goto cleanup; |
||||||
|
+ fprintf(fp, " %s\n", alias_name); |
||||||
|
+ } |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ cleanup: |
||||||
|
+ qpol_iterator_destroy(&iter); |
||||||
|
+ return; |
||||||
|
+} |
||||||
|
+ |
||||||
|
+/** |
||||||
|
* Prints a textual representation of a type, and possibly |
||||||
|
* all of that type's attributes. |
||||||
|
* |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,258 @@ |
|||||||
|
From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 18:46:24 +0200 |
||||||
|
Subject: [PATCH 09/11] Fix help message on sesearch -D |
||||||
|
|
||||||
|
--- |
||||||
|
man/sesearch.1 | 2 +- |
||||||
|
secmds/sesearch.c | 77 +++++++++++++++++-------------------------------------- |
||||||
|
2 files changed, 25 insertions(+), 54 deletions(-) |
||||||
|
|
||||||
|
diff --git a/man/sesearch.1 b/man/sesearch.1 |
||||||
|
index 573aedd..dc119eb 100644 |
||||||
|
--- a/man/sesearch.1 |
||||||
|
+++ b/man/sesearch.1 |
||||||
|
@@ -43,7 +43,7 @@ Search for allow rules. |
||||||
|
Search for neverallow rules. |
||||||
|
.IP "--auditallow" |
||||||
|
Search for auditallow rules. |
||||||
|
-.IP "--dontaudit" |
||||||
|
+.IP "-D, --dontaudit" |
||||||
|
Search for dontaudit rules. |
||||||
|
.IP "-T, --type" |
||||||
|
Search for type_transition, type_member, and type_change rules. |
||||||
|
diff --git a/secmds/sesearch.c b/secmds/sesearch.c |
||||||
|
index e1436a7..f53d670 100644 |
||||||
|
--- a/secmds/sesearch.c |
||||||
|
+++ b/secmds/sesearch.c |
||||||
|
@@ -24,6 +24,7 @@ |
||||||
|
*/ |
||||||
|
|
||||||
|
#include <config.h> |
||||||
|
+#include <selinux/selinux.h> |
||||||
|
|
||||||
|
/* libapol */ |
||||||
|
#include <apol/policy.h> |
||||||
|
@@ -61,9 +62,8 @@ enum opt_values |
||||||
|
static struct option const longopts[] = { |
||||||
|
{"allow", no_argument, NULL, 'A'}, |
||||||
|
{"neverallow", no_argument, NULL, RULE_NEVERALLOW}, |
||||||
|
- {"audit", no_argument, NULL, RULE_AUDIT}, |
||||||
|
{"auditallow", no_argument, NULL, RULE_AUDITALLOW}, |
||||||
|
- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT}, |
||||||
|
+ {"dontaudit", no_argument, NULL, 'D'}, |
||||||
|
{"type", no_argument, NULL, 'T'}, |
||||||
|
{"role_allow", no_argument, NULL, RULE_ROLE_ALLOW}, |
||||||
|
{"role_trans", no_argument, NULL, RULE_ROLE_TRANS}, |
||||||
|
@@ -72,7 +72,6 @@ static struct option const longopts[] = { |
||||||
|
|
||||||
|
{"source", required_argument, NULL, 's'}, |
||||||
|
{"target", required_argument, NULL, 't'}, |
||||||
|
- {"default", required_argument, NULL, 'D'}, |
||||||
|
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, |
||||||
|
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, |
||||||
|
{"class", required_argument, NULL, 'c'}, |
||||||
|
@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief) |
||||||
|
printf(" -A, --allow allow rules\n"); |
||||||
|
printf(" --neverallow neverallow rules\n"); |
||||||
|
printf(" --auditallow auditallow rules\n"); |
||||||
|
- printf(" --dontaudit dontaudit rules\n"); |
||||||
|
+ printf(" -D, --dontaudit dontaudit rules\n"); |
||||||
|
printf(" -T, --type type_trans, type_member, and type_change\n"); |
||||||
|
printf(" --role_allow role allow rules\n"); |
||||||
|
printf(" --role_trans role_transition rules\n"); |
||||||
|
@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief) |
||||||
|
printf("EXPRESSIONS:\n"); |
||||||
|
printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n"); |
||||||
|
printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n"); |
||||||
|
- printf(" -D NAME, --default=NAME rules with type NAME as default\n"); |
||||||
|
printf(" --role_source=NAME rules with role NAME as source\n"); |
||||||
|
printf(" --role_target=NAME rules with role NAME as target\n"); |
||||||
|
printf(" -c NAME, --class=NAME rules with class NAME as the object class\n"); |
||||||
|
@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * |
||||||
|
tmp = apol_cond_expr_render(policy, cond); |
||||||
|
enable_char = (enabled ? 'E' : 'D'); |
||||||
|
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); |
||||||
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
||||||
|
- expr = NULL; |
||||||
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
||||||
|
goto cleanup; |
||||||
|
- } |
||||||
|
free(tmp); |
||||||
|
tmp = NULL; |
||||||
|
if (!expr) |
||||||
|
@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt |
||||||
|
qpol_iterator_destroy(&iter); |
||||||
|
enable_char = (enabled ? 'E' : 'D'); |
||||||
|
branch_char = (list ? 'T' : 'F'); |
||||||
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
||||||
|
- expr = NULL; |
||||||
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
||||||
|
goto cleanup; |
||||||
|
- } |
||||||
|
free(tmp); |
||||||
|
tmp = NULL; |
||||||
|
if (!expr) |
||||||
|
@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt, |
||||||
|
apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); |
||||||
|
if (opt->bool_name) |
||||||
|
apol_terule_query_set_bool(policy, teq, opt->bool_name); |
||||||
|
- if (opt->default_name) |
||||||
|
- apol_terule_query_set_default(policy, teq, opt->default_name); |
||||||
|
if (opt->class_name) { |
||||||
|
if (opt->class_vector == NULL) { |
||||||
|
if (apol_terule_query_append_class(policy, teq, opt->class_name)) { |
||||||
|
@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * |
||||||
|
tmp = apol_cond_expr_render(policy, cond); |
||||||
|
enable_char = (enabled ? 'E' : 'D'); |
||||||
|
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); |
||||||
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
||||||
|
- expr = NULL; |
||||||
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
||||||
|
goto cleanup; |
||||||
|
- } |
||||||
|
free(tmp); |
||||||
|
tmp = NULL; |
||||||
|
if (!expr) |
||||||
|
- goto cleanup; |
||||||
|
+ break; |
||||||
|
} |
||||||
|
} |
||||||
|
if (!(rule_str = apol_syn_terule_render(policy, rule))) |
||||||
|
@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt |
||||||
|
qpol_iterator_destroy(&iter); |
||||||
|
enable_char = (enabled ? 'E' : 'D'); |
||||||
|
branch_char = (list ? 'T' : 'F'); |
||||||
|
- if (asprintf(&expr, "[ %s ]", tmp) < 0) { |
||||||
|
- expr = NULL; |
||||||
|
+ if (asprintf(&expr, "[ %s ]", tmp) < 0) |
||||||
|
goto cleanup; |
||||||
|
- } |
||||||
|
free(tmp); |
||||||
|
tmp = NULL; |
||||||
|
if (!expr) |
||||||
|
@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, |
||||||
|
goto err; |
||||||
|
} |
||||||
|
} |
||||||
|
- |
||||||
|
if (opt->default_name) { |
||||||
|
if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { |
||||||
|
error = errno; |
||||||
|
@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt |
||||||
|
{ |
||||||
|
size_t i, num_filename_trans = 0; |
||||||
|
const qpol_filename_trans_t *filename_trans = NULL; |
||||||
|
- char *filename_trans_str = NULL; |
||||||
|
- qpol_iterator_t *iter = NULL; |
||||||
|
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; |
||||||
|
|
||||||
|
if (!(num_filename_trans = apol_vector_get_size(v))) |
||||||
|
goto cleanup; |
||||||
|
|
||||||
|
- fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans); |
||||||
|
+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); |
||||||
|
|
||||||
|
for (i = 0; i < num_filename_trans; i++) { |
||||||
|
if (!(filename_trans = apol_vector_get_element(v, i))) |
||||||
|
@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt |
||||||
|
|
||||||
|
if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) |
||||||
|
goto cleanup; |
||||||
|
- fprintf(stdout, "%s\n", filename_trans_str); |
||||||
|
+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); |
||||||
|
free(filename_trans_str); |
||||||
|
filename_trans_str = NULL; |
||||||
|
+ free(expr); |
||||||
|
+ expr = NULL; |
||||||
|
} |
||||||
|
|
||||||
|
cleanup: |
||||||
|
+ free(tmp); |
||||||
|
free(filename_trans_str); |
||||||
|
+ free(expr); |
||||||
|
} |
||||||
|
|
||||||
|
static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) |
||||||
|
@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt, |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
- if (opt->default_name) { |
||||||
|
- if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) { |
||||||
|
- error = errno; |
||||||
|
- goto err; |
||||||
|
- } |
||||||
|
- } |
||||||
|
- |
||||||
|
if (apol_role_trans_get_by_query(policy, rtq, v)) { |
||||||
|
error = errno; |
||||||
|
goto err; |
||||||
|
@@ -973,7 +956,7 @@ int main(int argc, char **argv) |
||||||
|
|
||||||
|
memset(&cmd_opts, 0, sizeof(cmd_opts)); |
||||||
|
cmd_opts.indirect = true; |
||||||
|
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { |
||||||
|
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) { |
||||||
|
switch (optc) { |
||||||
|
case 0: |
||||||
|
break; |
||||||
|
@@ -1001,18 +984,6 @@ int main(int argc, char **argv) |
||||||
|
exit(1); |
||||||
|
} |
||||||
|
break; |
||||||
|
- case 'D': /* default */ |
||||||
|
- if (optarg == 0) { |
||||||
|
- usage(argv[0], 1); |
||||||
|
- printf("Missing default type for -D (--default)\n"); |
||||||
|
- exit(1); |
||||||
|
- } |
||||||
|
- cmd_opts.default_name = strdup(optarg); |
||||||
|
- if (!cmd_opts.default_name) { |
||||||
|
- |
||||||
|
- exit(1); |
||||||
|
- } |
||||||
|
- break; |
||||||
|
case EXPR_ROLE_SOURCE: |
||||||
|
if (optarg == 0) { |
||||||
|
usage(argv[0], 1); |
||||||
|
@@ -1093,7 +1064,7 @@ int main(int argc, char **argv) |
||||||
|
case RULE_AUDITALLOW: |
||||||
|
cmd_opts.auditallow = true; |
||||||
|
break; |
||||||
|
- case RULE_DONTAUDIT: |
||||||
|
+ case 'D': |
||||||
|
cmd_opts.dontaudit = true; |
||||||
|
break; |
||||||
|
case 'T': /* type */ |
||||||
|
@@ -1273,12 +1244,13 @@ int main(int argc, char **argv) |
||||||
|
fprintf(stdout, "\n"); |
||||||
|
} |
||||||
|
|
||||||
|
- apol_vector_destroy(&v); |
||||||
|
- if (perform_ft_query(policy, &cmd_opts, &v)) { |
||||||
|
- rt = 1; |
||||||
|
- goto cleanup; |
||||||
|
- } |
||||||
|
- if (v) { |
||||||
|
+ if (cmd_opts.all || cmd_opts.type) { |
||||||
|
+ apol_vector_destroy(&v); |
||||||
|
+ if (perform_ft_query(policy, &cmd_opts, &v)) { |
||||||
|
+ rt = 1; |
||||||
|
+ goto cleanup; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
print_ft_results(policy, &cmd_opts, v); |
||||||
|
fprintf(stdout, "\n"); |
||||||
|
} |
||||||
|
@@ -1317,7 +1289,6 @@ int main(int argc, char **argv) |
||||||
|
apol_policy_path_destroy(&pol_path); |
||||||
|
free(cmd_opts.src_name); |
||||||
|
free(cmd_opts.tgt_name); |
||||||
|
- free(cmd_opts.default_name); |
||||||
|
free(cmd_opts.class_name); |
||||||
|
free(cmd_opts.permlist); |
||||||
|
free(cmd_opts.bool_name); |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,154 @@ |
|||||||
|
From 32ede3cc817ee4f6806877a34a6c84ed50c31df7 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Miroslav Grepl <mgrepl@redhat.com> |
||||||
|
Date: Fri, 11 Apr 2014 18:49:33 +0200 |
||||||
|
Subject: [PATCH 11/11] Fix -Wformat-security issues |
||||||
|
|
||||||
|
--- |
||||||
|
libseaudit/src/bool_message.c | 4 ++-- |
||||||
|
libseaudit/src/filter.c | 2 +- |
||||||
|
libseaudit/src/model.c | 2 +- |
||||||
|
seaudit/progress.c | 4 ++-- |
||||||
|
seaudit/toplevel.c | 2 +- |
||||||
|
seaudit/utilgui.c | 2 +- |
||||||
|
sediff/progress.c | 4 ++-- |
||||||
|
sediff/toplevel.c | 2 +- |
||||||
|
sediff/utilgui.c | 2 +- |
||||||
|
9 files changed, 12 insertions(+), 12 deletions(-) |
||||||
|
|
||||||
|
diff --git a/libseaudit/src/bool_message.c b/libseaudit/src/bool_message.c |
||||||
|
index f105cf0..d5b1e33 100644 |
||||||
|
--- a/libseaudit/src/bool_message.c |
||||||
|
+++ b/libseaudit/src/bool_message.c |
||||||
|
@@ -101,7 +101,7 @@ char *bool_message_to_string(const seaudit_message_t * msg, const char *date) |
||||||
|
return NULL; |
||||||
|
} |
||||||
|
if ((misc_string = bool_message_to_misc_string(boolm)) == NULL || |
||||||
|
- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) { |
||||||
|
+ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) { |
||||||
|
free(misc_string); |
||||||
|
return NULL; |
||||||
|
} |
||||||
|
@@ -128,7 +128,7 @@ char *bool_message_to_string_html(const seaudit_message_t * msg, const char *dat |
||||||
|
return NULL; |
||||||
|
} |
||||||
|
if ((misc_string = bool_message_to_misc_string(boolm)) == NULL || |
||||||
|
- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) { |
||||||
|
+ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) { |
||||||
|
free(misc_string); |
||||||
|
return NULL; |
||||||
|
} |
||||||
|
diff --git a/libseaudit/src/filter.c b/libseaudit/src/filter.c |
||||||
|
index 298a309..c710ce4 100644 |
||||||
|
--- a/libseaudit/src/filter.c |
||||||
|
+++ b/libseaudit/src/filter.c |
||||||
|
@@ -1108,7 +1108,7 @@ int seaudit_filter_save_to_file(const seaudit_filter_t * filter, const char *fil |
||||||
|
if ((file = fopen(filename, "w")) == NULL) { |
||||||
|
return -1; |
||||||
|
} |
||||||
|
- fprintf(file, XML_VER); |
||||||
|
+ fprintf(file, "%s", XML_VER); |
||||||
|
fprintf(file, "<view xmlns=\"http://oss.tresys.com/projects/setools/seaudit-%s/\">\n", FILTER_FILE_FORMAT_VERSION); |
||||||
|
filter_append_to_file(filter, file, 1); |
||||||
|
fprintf(file, "</view>\n"); |
||||||
|
diff --git a/libseaudit/src/model.c b/libseaudit/src/model.c |
||||||
|
index 1bc4a23..4a130cb 100644 |
||||||
|
--- a/libseaudit/src/model.c |
||||||
|
+++ b/libseaudit/src/model.c |
||||||
|
@@ -514,7 +514,7 @@ int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filena |
||||||
|
if ((file = fopen(filename, "w")) == NULL) { |
||||||
|
return -1; |
||||||
|
} |
||||||
|
- fprintf(file, XML_VER); |
||||||
|
+ fprintf(file, "%s", XML_VER); |
||||||
|
fprintf(file, "<view xmlns=\"http://oss.tresys.com/projects/setools/seaudit-%s/\" name=\"%s\" match=\"%s\" show=\"%s\">\n", |
||||||
|
FILTER_FILE_FORMAT_VERSION, model->name, |
||||||
|
model->match == SEAUDIT_FILTER_MATCH_ALL ? "all" : "any", |
||||||
|
diff --git a/seaudit/progress.c b/seaudit/progress.c |
||||||
|
index 2e0abeb..f092858 100644 |
||||||
|
--- a/seaudit/progress.c |
||||||
|
+++ b/seaudit/progress.c |
||||||
|
@@ -114,10 +114,10 @@ int progress_wait(progress_t * progress) |
||||||
|
} |
||||||
|
g_mutex_unlock(progress->mutex); |
||||||
|
if (progress->done < 0) { |
||||||
|
- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label); |
||||||
|
+ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label); |
||||||
|
return progress->done; |
||||||
|
} else if (progress->done > 1) { |
||||||
|
- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label); |
||||||
|
+ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label); |
||||||
|
return progress->done - 1; |
||||||
|
} else { |
||||||
|
progress->done = 0; |
||||||
|
diff --git a/seaudit/toplevel.c b/seaudit/toplevel.c |
||||||
|
index d901a99..27938d5 100644 |
||||||
|
--- a/seaudit/toplevel.c |
||||||
|
+++ b/seaudit/toplevel.c |
||||||
|
@@ -902,7 +902,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch |
||||||
|
ERR(NULL, "%s", strerror(errno)); |
||||||
|
return; |
||||||
|
} |
||||||
|
- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); |
||||||
|
+ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); |
||||||
|
free(msg); |
||||||
|
gtk_dialog_run(GTK_DIALOG(dialog)); |
||||||
|
gtk_widget_destroy(dialog); |
||||||
|
diff --git a/seaudit/utilgui.c b/seaudit/utilgui.c |
||||||
|
index 22028e1..78a1a08 100644 |
||||||
|
--- a/seaudit/utilgui.c |
||||||
|
+++ b/seaudit/utilgui.c |
||||||
|
@@ -30,7 +30,7 @@ |
||||||
|
void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg) |
||||||
|
{ |
||||||
|
GtkWidget *dialog; |
||||||
|
- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); |
||||||
|
+ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); |
||||||
|
gtk_dialog_run(GTK_DIALOG(dialog)); |
||||||
|
gtk_widget_destroy(dialog); |
||||||
|
} |
||||||
|
diff --git a/sediff/progress.c b/sediff/progress.c |
||||||
|
index efaa120..312789e 100644 |
||||||
|
--- a/sediff/progress.c |
||||||
|
+++ b/sediff/progress.c |
||||||
|
@@ -115,10 +115,10 @@ int progress_wait(progress_t * progress) |
||||||
|
} |
||||||
|
g_mutex_unlock(progress->mutex); |
||||||
|
if (progress->done < 0) { |
||||||
|
- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label); |
||||||
|
+ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label); |
||||||
|
return progress->done; |
||||||
|
} else if (progress->done > 1) { |
||||||
|
- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label); |
||||||
|
+ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label); |
||||||
|
return progress->done - 1; |
||||||
|
} else { |
||||||
|
progress->done = 0; |
||||||
|
diff --git a/sediff/toplevel.c b/sediff/toplevel.c |
||||||
|
index db6d1f5..aabd039 100644 |
||||||
|
--- a/sediff/toplevel.c |
||||||
|
+++ b/sediff/toplevel.c |
||||||
|
@@ -453,7 +453,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch |
||||||
|
ERR(NULL, "%s", strerror(errno)); |
||||||
|
return; |
||||||
|
} |
||||||
|
- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); |
||||||
|
+ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); |
||||||
|
free(msg); |
||||||
|
gtk_dialog_run(GTK_DIALOG(dialog)); |
||||||
|
gtk_widget_destroy(dialog); |
||||||
|
diff --git a/sediff/utilgui.c b/sediff/utilgui.c |
||||||
|
index 04e1e05..9e183ba 100644 |
||||||
|
--- a/sediff/utilgui.c |
||||||
|
+++ b/sediff/utilgui.c |
||||||
|
@@ -31,7 +31,7 @@ |
||||||
|
void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg) |
||||||
|
{ |
||||||
|
GtkWidget *dialog; |
||||||
|
- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); |
||||||
|
+ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); |
||||||
|
gtk_dialog_run(GTK_DIALOG(dialog)); |
||||||
|
gtk_widget_destroy(dialog); |
||||||
|
} |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,29 @@ |
|||||||
|
From f7b31b7e28a4f89bcfcd0d139cfca78777a4333e Mon Sep 17 00:00:00 2001 |
||||||
|
From: Chris PeBenito <cpebenito@tresys.com> |
||||||
|
Date: Thu, 4 Feb 2016 14:06:49 -0500 |
||||||
|
Subject: [PATCH] libqpol: Skip types when building type attribute map. |
||||||
|
|
||||||
|
Fix originally from Richard Haines. |
||||||
|
|
||||||
|
Closes #94. |
||||||
|
--- |
||||||
|
libqpol/src/policy_extend.c | 3 +++ |
||||||
|
1 file changed, 3 insertions(+) |
||||||
|
|
||||||
|
diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c |
||||||
|
index 1417271..416bddb 100644 |
||||||
|
--- a/libqpol/src/policy_extend.c |
||||||
|
+++ b/libqpol/src/policy_extend.c |
||||||
|
@@ -201,6 +201,9 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) |
||||||
|
memset(&buff, 0, 10 * sizeof(char)); |
||||||
|
|
||||||
|
for (i = 0; i < db->p_types.nprim; i++) { |
||||||
|
+ /* skip types */ |
||||||
|
+ if (db->type_val_to_struct[i]->flavor == TYPE_TYPE) |
||||||
|
+ continue; |
||||||
|
count = 0; |
||||||
|
ebitmap_for_each_bit(&db->attr_type_map[i], node, bit) { |
||||||
|
if (ebitmap_node_get_bit(node, bit)) |
||||||
|
-- |
||||||
|
2.5.0 |
||||||
|
|
Loading…
Reference in new issue