diff --git a/.checkpolicy.metadata b/.checkpolicy.metadata new file mode 100644 index 0000000..95c5a8a --- /dev/null +++ b/.checkpolicy.metadata @@ -0,0 +1 @@ +71262b34fd4147bbe34ba00433cfd74850c645b0 SOURCES/checkpolicy-3.2.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..689e883 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/checkpolicy-3.2.tar.gz diff --git a/SOURCES/0001-libsepol-checkpolicy-Set-user-roles-using-role-value.patch b/SOURCES/0001-libsepol-checkpolicy-Set-user-roles-using-role-value.patch new file mode 100644 index 0000000..2ea91bf --- /dev/null +++ b/SOURCES/0001-libsepol-checkpolicy-Set-user-roles-using-role-value.patch @@ -0,0 +1,78 @@ +From dcd07fdcbf3ba9fc47aef924b9b9f81bdefcb18b Mon Sep 17 00:00:00 2001 +From: James Carter +Date: Mon, 8 Mar 2021 15:49:23 -0500 +Subject: [PATCH] libsepol/checkpolicy: Set user roles using role value instead + of dominance + +Roles in an optional block have two datums, one in the global block +and one in the avrule_decl where it is declared. The datum in the +global block does not have its dominace set. This is a problem because +the function set_user_role() sets the user's roles based on the global +datum's dominance ebitmap. If a user is declared with an associated role +that was declared in an optional block, then it will not have any roles +set for it because the dominance ebitmap is empty. + +Example/ + # handle_unknown deny + class CLASS1 + sid kernel + class CLASS1 { PERM1 } + type TYPE1; + allow TYPE1 self:CLASS1 PERM1; + role ROLE1; + role ROLE1 types { TYPE1 }; + optional { + require { + class CLASS1 { PERM1 }; + } + role ROLE1A; + user USER1A roles ROLE1A; + } + user USER1 roles ROLE1; + sid kernel USER1:ROLE1:TYPE1 + +In this example, USER1A would not have ROLE1A associated with it. + +Instead of using dominance, which has been deprecated anyway, just +set the bit corresponding to the role's value in the user's roles +ebitmap in set_user_role(). + +Signed-off-by: James Carter +Acked-by: Nicolas Iooss + +[N.I: added spaces around "-" operator] +--- + checkpolicy/policy_define.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index c9286f7733c5..16234f31bbc3 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -4088,8 +4088,6 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2) + static int set_user_roles(role_set_t * set, char *id) + { + role_datum_t *r; +- unsigned int i; +- ebitmap_node_t *node; + + if (strcmp(id, "*") == 0) { + free(id); +@@ -4115,12 +4113,9 @@ static int set_user_roles(role_set_t * set, char *id) + return -1; + } + +- /* set the role and every role it dominates */ +- ebitmap_for_each_positive_bit(&r->dominates, node, i) { +- if (ebitmap_set_bit(&set->roles, i, TRUE)) +- goto oom; +- } + free(id); ++ if (ebitmap_set_bit(&set->roles, r->s.value - 1, TRUE)) ++ goto oom; + return 0; + oom: + yyerror("out of memory"); +-- +2.32.0 + diff --git a/SOURCES/0002-checkpolicy-Do-not-automatically-upgrade-when-using-.patch b/SOURCES/0002-checkpolicy-Do-not-automatically-upgrade-when-using-.patch new file mode 100644 index 0000000..5b1f477 --- /dev/null +++ b/SOURCES/0002-checkpolicy-Do-not-automatically-upgrade-when-using-.patch @@ -0,0 +1,97 @@ +From 750cc1136d054b77e84cd55be5fbe0e8ad0174e8 Mon Sep 17 00:00:00 2001 +From: James Carter +Date: Mon, 15 Mar 2021 11:09:37 -0400 +Subject: [PATCH] checkpolicy: Do not automatically upgrade when using "-b" + flag + +When reading a binary policy, do not automatically change the version +to the max policy version supported by libsepol or, if specified, the +value given using the "-c" flag. + +If the binary policy version is less than or equal to version 23 +(POLICYDB_VERSION_PERMISSIVE) than do not automatically upgrade the +policy and if a policy version is specified by the "-c" flag, only set +the binary policy to the specified version if it is lower than the +current version. + +If the binary policy version is greater than version 23 than it should +be set to the maximum version supported by libsepol or, if specified, +the value given by the "-c" flag. + +The reason for this change is that policy versions 20 +(POLICYDB_VERSION_AVTAB) to 23 have a more primitive support for type +attributes where the datums are not written out, but they exist in the +type_attr_map. This means that when the binary policy is read by +libsepol, there will be gaps in the type_val_to_struct and +p_type_val_to_name arrays and policy rules can refer to those gaps. +Certain libsepol functions like sepol_kernel_policydb_to_conf() and +sepol_kernel_policydb_to_cil() do not support this behavior and need +to be able to identify these policies. Policies before version 20 do not +support attributes at all and can be handled by all libsepol functions. + +Signed-off-by: James Carter +--- + checkpolicy/checkpolicy.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c +index 5841c5c4c196..acf1eac41559 100644 +--- a/checkpolicy/checkpolicy.c ++++ b/checkpolicy/checkpolicy.c +@@ -106,7 +106,7 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN; + static const char *txtfile = "policy.conf"; + static const char *binfile = "policy"; + +-unsigned int policyvers = POLICYDB_VERSION_MAX; ++unsigned int policyvers = 0; + + static __attribute__((__noreturn__)) void usage(const char *progname) + { +@@ -515,7 +515,8 @@ int main(int argc, char **argv) + } + + if (show_version) { +- printf("%d (compatibility range %d-%d)\n", policyvers, ++ printf("%d (compatibility range %d-%d)\n", ++ policyvers ? policyvers : POLICYDB_VERSION_MAX , + POLICYDB_VERSION_MAX, POLICYDB_VERSION_MIN); + exit(0); + } +@@ -588,6 +589,16 @@ int main(int argc, char **argv) + exit(1); + } + } ++ ++ if (policydbp->policyvers <= POLICYDB_VERSION_PERMISSIVE) { ++ if (policyvers > policydbp->policyvers) { ++ fprintf(stderr, "Binary policies with version <= %u cannot be upgraded\n", POLICYDB_VERSION_PERMISSIVE); ++ } else if (policyvers) { ++ policydbp->policyvers = policyvers; ++ } ++ } else { ++ policydbp->policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX; ++ } + } else { + if (conf) { + fprintf(stderr, "Can only generate policy.conf from binary policy\n"); +@@ -629,6 +640,8 @@ int main(int argc, char **argv) + policydb_destroy(policydbp); + policydbp = &policydb; + } ++ ++ policydbp->policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX; + } + + if (policydb_load_isids(&policydb, &sidtab)) +@@ -654,8 +667,6 @@ int main(int argc, char **argv) + } + } + +- policydb.policyvers = policyvers; +- + if (!cil) { + if (!conf) { + policydb.policy_type = POLICY_KERN; +-- +2.32.0 + diff --git a/SOURCES/0003-checkpolicy-silence-Wextra-semi-stmt-warning.patch b/SOURCES/0003-checkpolicy-silence-Wextra-semi-stmt-warning.patch new file mode 100644 index 0000000..bbce173 --- /dev/null +++ b/SOURCES/0003-checkpolicy-silence-Wextra-semi-stmt-warning.patch @@ -0,0 +1,48 @@ +From ed7e3348d18bb00bcfcb3da6d4265307425bb882 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Sat, 3 Jul 2021 16:31:20 +0200 +Subject: [PATCH] checkpolicy: silence -Wextra-semi-stmt warning + +On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt +(which is not the default build configuration), the compiler reports: + + checkpolicy.c:740:33: error: empty expression statement has no + effect; remove unnecessary ';' to silence this warning + [-Werror,-Wextra-semi-stmt] + FGETS(ans, sizeof(ans), stdin); + ^ + +Introduce "do { } while (0)" blocks to silence such warnings. + +Signed-off-by: Nicolas Iooss +--- + checkpolicy/checkpolicy.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c +index acf1eac41559..8af31db5c6b7 100644 +--- a/checkpolicy/checkpolicy.c ++++ b/checkpolicy/checkpolicy.c +@@ -119,11 +119,14 @@ static __attribute__((__noreturn__)) void usage(const char *progname) + } + + #define FGETS(out, size, in) \ +-if (fgets(out,size,in)==NULL) { \ +- fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,\ +- strerror(errno)); \ +- exit(1);\ +-} ++do { \ ++ if (fgets(out,size,in)==NULL) { \ ++ fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__, \ ++ strerror(errno)); \ ++ exit(1);\ ++ } \ ++} while (0) ++ + static int print_sid(sepol_security_id_t sid, + context_struct_t * context + __attribute__ ((unused)), void *data +-- +2.32.0 + diff --git a/SOURCES/0004-checkpolicy-pass-CFLAGS-at-link-stage.patch b/SOURCES/0004-checkpolicy-pass-CFLAGS-at-link-stage.patch new file mode 100644 index 0000000..d0ed351 --- /dev/null +++ b/SOURCES/0004-checkpolicy-pass-CFLAGS-at-link-stage.patch @@ -0,0 +1,54 @@ +From 40e2f98519ba3fc6a4a0f2b4a2b8b0e1d864fd9e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:21 +0200 +Subject: [PATCH] checkpolicy: pass CFLAGS at link stage +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Pass CFLAGS when invoking CC at link time, it might contain optimization +or sanitizer flags required for linking. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/Makefile | 4 ++-- + checkpolicy/test/Makefile | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile +index 0d282ef93d14..be63c0182682 100644 +--- a/checkpolicy/Makefile ++++ b/checkpolicy/Makefile +@@ -30,10 +30,10 @@ all: $(TARGETS) + $(MAKE) -C test + + checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) +- $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) ++ $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) + + checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) +- $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) ++ $(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) + + %.o: %.c + $(CC) $(CFLAGS) -o $@ -c $< +diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile +index 89e7557c7aa6..e2a332b5a079 100644 +--- a/checkpolicy/test/Makefile ++++ b/checkpolicy/test/Makefile +@@ -13,10 +13,10 @@ endif + all: dispol dismod + + dispol: dispol.o $(LIBSEPOLA) +- $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) + + dismod: dismod.o $(LIBSEPOLA) +- $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) + + clean: + -rm -f dispol dismod *.o +-- +2.32.0 + diff --git a/SOURCES/0005-checkpolicy-drop-pipe-compile-option.patch b/SOURCES/0005-checkpolicy-drop-pipe-compile-option.patch new file mode 100644 index 0000000..debb48e --- /dev/null +++ b/SOURCES/0005-checkpolicy-drop-pipe-compile-option.patch @@ -0,0 +1,49 @@ +From 02678b9d40f7de5cae1840f3d7ceedf1499c84a8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:22 +0200 +Subject: [PATCH] checkpolicy: drop -pipe compile option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The compiler option -pipe does not affect the generated code; it affects +whether the compiler uses temporary files or pipes. As the benefit might +vary from system to system usually its up to the packager or build +framework to set it. +Also these are the only places where the flag is used. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/Makefile | 2 +- + checkpolicy/test/Makefile | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile +index be63c0182682..f9e1fc7cecd4 100644 +--- a/checkpolicy/Makefile ++++ b/checkpolicy/Makefile +@@ -10,7 +10,7 @@ TARGETS = checkpolicy checkmodule + LEX = flex + YACC = bison -y + +-CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing ++CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -fno-strict-aliasing + + # If no specific libsepol.a is specified, fall back on LDFLAGS search path + # Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there +diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile +index e2a332b5a079..8e5d16b3c5f0 100644 +--- a/checkpolicy/test/Makefile ++++ b/checkpolicy/test/Makefile +@@ -1,7 +1,7 @@ + # + # Makefile for building the dispol program + # +-CFLAGS ?= -g -Wall -W -Werror -O2 -pipe ++CFLAGS ?= -g -Wall -W -Werror -O2 + + # If no specific libsepol.a is specified, fall back on LDFLAGS search path + # Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there +-- +2.32.0 + diff --git a/SOURCES/0006-checkpolicy-simplify-assignment.patch b/SOURCES/0006-checkpolicy-simplify-assignment.patch new file mode 100644 index 0000000..1cf5656 --- /dev/null +++ b/SOURCES/0006-checkpolicy-simplify-assignment.patch @@ -0,0 +1,42 @@ +From 7cdb2a8fd2af0a063d6e505fd1250ca10ebbea11 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:23 +0200 +Subject: [PATCH] checkpolicy: simplify assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +checkpolicy.c:504:20: style: The statement 'if (policyvers!=n) policyvers=n' is logically equivalent to 'policyvers=n'. [duplicateConditionalAssign] + if (policyvers != n) + ^ +checkpolicy.c:505:17: note: Assignment 'policyvers=n' + policyvers = n; + ^ +checkpolicy.c:504:20: note: Condition 'policyvers!=n' is redundant + if (policyvers != n) + ^ + +Found by Cppcheck + +Signed-off-by: Christian Göttsche +--- + checkpolicy/checkpolicy.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c +index 8af31db5c6b7..b52595a87b29 100644 +--- a/checkpolicy/checkpolicy.c ++++ b/checkpolicy/checkpolicy.c +@@ -504,8 +504,7 @@ int main(int argc, char **argv) + usage(argv[0]); + exit(1); + } +- if (policyvers != n) +- policyvers = n; ++ policyvers = n; + break; + } + case 'E': +-- +2.32.0 + diff --git a/SOURCES/0007-checkpolicy-drop-dead-condition.patch b/SOURCES/0007-checkpolicy-drop-dead-condition.patch new file mode 100644 index 0000000..1317c8e --- /dev/null +++ b/SOURCES/0007-checkpolicy-drop-dead-condition.patch @@ -0,0 +1,47 @@ +From db674bf2186b34a3712e2069c769131503dcb9ff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:24 +0200 +Subject: [PATCH] checkpolicy: drop dead condition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `id` is guaranteed to be non-NULL due to the preceding +while condition. + + policy_define.c:1171:7: style: Condition '!id' is always false [knownConditionTrueFalse] + if (!id) { + ^ + policy_define.c:1170:13: note: Assuming that condition 'id=queue_remove(id_queue)' is not redundant + while ((id = queue_remove(id_queue))) { + ^ + policy_define.c:1171:7: note: Condition '!id' is always false + if (!id) { + ^ + +Found by Cppcheck. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/policy_define.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index 16234f31bbc3..7eff747adacf 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -1168,11 +1168,6 @@ int expand_attrib(void) + + ebitmap_init(&attrs); + while ((id = queue_remove(id_queue))) { +- if (!id) { +- yyerror("No attribute name for expandattribute statement?"); +- goto exit; +- } +- + if (!is_id_in_scope(SYM_TYPES, id)) { + yyerror2("attribute %s is not within scope", id); + goto exit; +-- +2.32.0 + diff --git a/SOURCES/0008-checkpolicy-use-correct-format-specifier-for-unsigne.patch b/SOURCES/0008-checkpolicy-use-correct-format-specifier-for-unsigne.patch new file mode 100644 index 0000000..31bf65f --- /dev/null +++ b/SOURCES/0008-checkpolicy-use-correct-format-specifier-for-unsigne.patch @@ -0,0 +1,52 @@ +From babc3d53518b7f9f01b83b9c997f9233a58af92b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:25 +0200 +Subject: [PATCH] checkpolicy: use correct format specifier for unsigned +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + test/dispol.c:288:4: warning: %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'. [invalidPrintfArgType_sint] + snprintf(buf, sizeof(buf), "unknown (%d)", i); + ^ + test/dismod.c:830:4: warning: %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'. [invalidPrintfArgType_sint] + snprintf(buf, sizeof(buf), "unknown (%d)", i); + ^ + +Found by Cppcheck. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/test/dismod.c | 2 +- + checkpolicy/test/dispol.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c +index 3408e9b6b767..fadbc8d16695 100644 +--- a/checkpolicy/test/dismod.c ++++ b/checkpolicy/test/dismod.c +@@ -827,7 +827,7 @@ static void display_policycaps(policydb_t * p, FILE * fp) + ebitmap_for_each_positive_bit(&p->policycaps, node, i) { + capname = sepol_polcap_getname(i); + if (capname == NULL) { +- snprintf(buf, sizeof(buf), "unknown (%d)", i); ++ snprintf(buf, sizeof(buf), "unknown (%u)", i); + capname = buf; + } + fprintf(fp, "\t%s\n", capname); +diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c +index 8785b7252824..37f71842c9e6 100644 +--- a/checkpolicy/test/dispol.c ++++ b/checkpolicy/test/dispol.c +@@ -285,7 +285,7 @@ static void display_policycaps(policydb_t * p, FILE * fp) + ebitmap_for_each_positive_bit(&p->policycaps, node, i) { + capname = sepol_polcap_getname(i); + if (capname == NULL) { +- snprintf(buf, sizeof(buf), "unknown (%d)", i); ++ snprintf(buf, sizeof(buf), "unknown (%u)", i); + capname = buf; + } + fprintf(fp, "\t%s\n", capname); +-- +2.32.0 + diff --git a/SOURCES/0009-checkpolicy-follow-declaration-after-statement.patch b/SOURCES/0009-checkpolicy-follow-declaration-after-statement.patch new file mode 100644 index 0000000..86e9d88 --- /dev/null +++ b/SOURCES/0009-checkpolicy-follow-declaration-after-statement.patch @@ -0,0 +1,75 @@ +From 79e7724930d49cc8cdac4c7d4e80b1fafd22d1d7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:26 +0200 +Subject: [PATCH] checkpolicy: follow declaration-after-statement +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Follow the project style of no declaration after statement. + +Found by the GCC warning -Wdeclaration-after-statement. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/checkmodule.c | 6 ++++-- + checkpolicy/policy_define.c | 3 ++- + checkpolicy/test/dismod.c | 2 +- + 3 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c +index 40d0ec9924e9..316b289865e1 100644 +--- a/checkpolicy/checkmodule.c ++++ b/checkpolicy/checkmodule.c +@@ -288,14 +288,16 @@ int main(int argc, char **argv) + } + + if (policy_type != POLICY_BASE && outfile) { ++ char *out_name; ++ char *separator; + char *mod_name = modpolicydb.name; + char *out_path = strdup(outfile); + if (out_path == NULL) { + fprintf(stderr, "%s: out of memory\n", argv[0]); + exit(1); + } +- char *out_name = basename(out_path); +- char *separator = strrchr(out_name, '.'); ++ out_name = basename(out_path); ++ separator = strrchr(out_name, '.'); + if (separator) { + *separator = '\0'; + } +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index 7eff747adacf..049df55f8468 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -1904,9 +1904,10 @@ int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) + { + char *id; + struct av_ioctl_range_list *rnew, *r = NULL; +- *rangehead = NULL; + uint8_t omit = 0; + ++ *rangehead = NULL; ++ + /* read in all the ioctl commands */ + while ((id = queue_remove(id_queue))) { + if (strcmp(id,"~") == 0) { +diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c +index fadbc8d16695..b1b96115e79e 100644 +--- a/checkpolicy/test/dismod.c ++++ b/checkpolicy/test/dismod.c +@@ -697,8 +697,8 @@ int display_avblock(int field, policydb_t * policy, + { + avrule_block_t *block = policydb.global; + while (block != NULL) { +- fprintf(out_fp, "--- begin avrule block ---\n"); + avrule_decl_t *decl = block->branch_list; ++ fprintf(out_fp, "--- begin avrule block ---\n"); + while (decl != NULL) { + if (display_avdecl(decl, field, policy, out_fp)) { + return -1; +-- +2.32.0 + diff --git a/SOURCES/0010-checkpolicy-remove-dead-assignments.patch b/SOURCES/0010-checkpolicy-remove-dead-assignments.patch new file mode 100644 index 0000000..3c0c137 --- /dev/null +++ b/SOURCES/0010-checkpolicy-remove-dead-assignments.patch @@ -0,0 +1,43 @@ +From 7723180fa09b0c483c07a76a4678f2c2cd51bff6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:27 +0200 +Subject: [PATCH] checkpolicy: remove dead assignments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `cladatum` is otherwise always assigned before used, so +these two assignments without a follow up usages are not needed. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/checkpolicy.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c +index b52595a87b29..58edcc34e8cc 100644 +--- a/checkpolicy/checkpolicy.c ++++ b/checkpolicy/checkpolicy.c +@@ -1179,8 +1179,6 @@ int main(int argc, char **argv) + printf("\nNo such class.\n"); + break; + } +- cladatum = +- policydb.class_val_to_struct[tclass - 1]; + } else { + ans[strlen(ans) - 1] = 0; + cladatum = +@@ -1232,8 +1230,6 @@ int main(int argc, char **argv) + printf("\nNo such class.\n"); + break; + } +- cladatum = +- policydb.class_val_to_struct[tclass - 1]; + } else { + ans[strlen(ans) - 1] = 0; + cladatum = +-- +2.32.0 + diff --git a/SOURCES/0011-checkpolicy-check-before-potential-NULL-dereference.patch b/SOURCES/0011-checkpolicy-check-before-potential-NULL-dereference.patch new file mode 100644 index 0000000..9d90846 --- /dev/null +++ b/SOURCES/0011-checkpolicy-check-before-potential-NULL-dereference.patch @@ -0,0 +1,43 @@ +From 5a10f05f53ef78c48ebce3d512960c71100073d0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:28 +0200 +Subject: [PATCH] checkpolicy: check before potential NULL dereference +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + policy_define.c: In function ‘define_te_avtab_extended_perms’: + policy_define.c:1946:17: error: potential null pointer dereference [-Werror=null-dereference] + 1946 | r->omit = omit; + | ^ + +In the case of `r` being NULL, avrule_read_ioctls() would return +with its parameter `rangehead` being a pointer to NULL, which is +considered a failure in its caller `avrule_ioctl_ranges`. +So it is not necessary to alter the return value. + +Found by GCC 11 with LTO enabled. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/policy_define.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index 049df55f8468..887857851504 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -1943,7 +1943,9 @@ int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) + } + } + r = *rangehead; +- r->omit = omit; ++ if (r) { ++ r->omit = omit; ++ } + return 0; + error: + yyerror("out of memory"); +-- +2.32.0 + diff --git a/SOURCES/0012-checkpolicy-avoid-potential-use-of-uninitialized-var.patch b/SOURCES/0012-checkpolicy-avoid-potential-use-of-uninitialized-var.patch new file mode 100644 index 0000000..e91e78a --- /dev/null +++ b/SOURCES/0012-checkpolicy-avoid-potential-use-of-uninitialized-var.patch @@ -0,0 +1,62 @@ +From 5218bf4b262ae6c3aa0ec72c5116a73bbdb7806f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:29 +0200 +Subject: [PATCH] checkpolicy: avoid potential use of uninitialized variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + checkpolicy.c: In function ‘main’: + checkpolicy.c:1000:25: error: ‘tsid’ may be used uninitialized in this function [-Werror=maybe-uninitialized] + 1000 | printf("if_sid %d default_msg_sid %d\n", ssid, tsid); + | ^ + + checkpolicy.c: In function ‘main’: + checkpolicy.c:971:25: error: ‘tsid’ may be used uninitialized in this function [-Werror=maybe-uninitialized] + 971 | printf("fs_sid %d default_file_sid %d\n", ssid, tsid); + | ^ + +Found by GCC 11 with LTO enabled. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/checkpolicy.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c +index 58edcc34e8cc..e6cfd3372022 100644 +--- a/checkpolicy/checkpolicy.c ++++ b/checkpolicy/checkpolicy.c +@@ -970,8 +970,12 @@ int main(int argc, char **argv) + printf("fs kdevname? "); + FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; +- sepol_fs_sid(ans, &ssid, &tsid); +- printf("fs_sid %d default_file_sid %d\n", ssid, tsid); ++ ret = sepol_fs_sid(ans, &ssid, &tsid); ++ if (ret) { ++ printf("unknown fs kdevname\n"); ++ } else { ++ printf("fs_sid %d default_file_sid %d\n", ssid, tsid); ++ } + break; + case '9': + printf("protocol? "); +@@ -999,8 +1003,12 @@ int main(int argc, char **argv) + printf("netif name? "); + FGETS(ans, sizeof(ans), stdin); + ans[strlen(ans) - 1] = 0; +- sepol_netif_sid(ans, &ssid, &tsid); +- printf("if_sid %d default_msg_sid %d\n", ssid, tsid); ++ ret = sepol_netif_sid(ans, &ssid, &tsid); ++ if (ret) { ++ printf("unknown name\n"); ++ } else { ++ printf("if_sid %d default_msg_sid %d\n", ssid, tsid); ++ } + break; + case 'b':{ + char *p; +-- +2.32.0 + diff --git a/SOURCES/0013-checkpolicy-drop-redundant-cast-to-the-same-type.patch b/SOURCES/0013-checkpolicy-drop-redundant-cast-to-the-same-type.patch new file mode 100644 index 0000000..86056eb --- /dev/null +++ b/SOURCES/0013-checkpolicy-drop-redundant-cast-to-the-same-type.patch @@ -0,0 +1,31 @@ +From 4e3d0990c6be73419df3c32b7de98c992797e3ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:30 +0200 +Subject: [PATCH] checkpolicy: drop redundant cast to the same type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/policy_define.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index 887857851504..efe3a1a26315 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -1796,7 +1796,7 @@ int define_bool_tunable(int is_tunable) + return -1; + } + +- datum->state = (int)(bool_value[0] == 'T') ? 1 : 0; ++ datum->state = (bool_value[0] == 'T') ? 1 : 0; + free(bool_value); + return 0; + cleanup: +-- +2.32.0 + diff --git a/SOURCES/0014-checkpolicy-parse_util-drop-unused-declaration.patch b/SOURCES/0014-checkpolicy-parse_util-drop-unused-declaration.patch new file mode 100644 index 0000000..3324e3d --- /dev/null +++ b/SOURCES/0014-checkpolicy-parse_util-drop-unused-declaration.patch @@ -0,0 +1,28 @@ +From 47f4cbd357fa0b0dc46e2e95ce10fc2d9a586061 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:31 +0200 +Subject: [PATCH] checkpolicy: parse_util drop unused declaration +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +--- + checkpolicy/parse_util.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/checkpolicy/parse_util.c b/checkpolicy/parse_util.c +index f2809b483be3..1795e93c31e4 100644 +--- a/checkpolicy/parse_util.c ++++ b/checkpolicy/parse_util.c +@@ -28,7 +28,6 @@ extern int yyparse(void); + extern void yyrestart(FILE *); + extern queue_t id_queue; + extern unsigned int policydb_errors; +-extern unsigned long policydb_lineno; + extern policydb_t *policydbp; + extern int mlspol; + extern void set_source_file(const char *name); +-- +2.32.0 + diff --git a/SOURCES/0015-checkpolicy-test-mark-file-local-functions-static.patch b/SOURCES/0015-checkpolicy-test-mark-file-local-functions-static.patch new file mode 100644 index 0000000..1f6668f --- /dev/null +++ b/SOURCES/0015-checkpolicy-test-mark-file-local-functions-static.patch @@ -0,0 +1,282 @@ +From b306cd5b90979a4d6e1a85b842835deb77272873 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:32 +0200 +Subject: [PATCH] checkpolicy/test: mark file local functions static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +--- + checkpolicy/test/dismod.c | 36 ++++++++++++++++++------------------ + checkpolicy/test/dispol.c | 22 +++++++++++----------- + 2 files changed, 29 insertions(+), 29 deletions(-) + +diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c +index b1b96115e79e..90c293186afd 100644 +--- a/checkpolicy/test/dismod.c ++++ b/checkpolicy/test/dismod.c +@@ -111,7 +111,7 @@ static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type, + } + } + +-int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, ++static int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, + FILE * fp) + { + unsigned int i, num_types; +@@ -175,7 +175,7 @@ int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, + return 0; + } + +-int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) ++static int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) + { + unsigned int i, num = 0; + +@@ -210,7 +210,7 @@ int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) + + } + +-int display_avrule(avrule_t * avrule, policydb_t * policy, ++static int display_avrule(avrule_t * avrule, policydb_t * policy, + FILE * fp) + { + class_perm_node_t *cur; +@@ -313,7 +313,7 @@ int display_avrule(avrule_t * avrule, policydb_t * policy, + return 0; + } + +-int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) ++static int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) + { + type_datum_t *type; + FILE *fp; +@@ -355,14 +355,14 @@ int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) + return 0; + } + +-int display_types(policydb_t * p, FILE * fp) ++static int display_types(policydb_t * p, FILE * fp) + { + if (hashtab_map(p->p_types.table, display_type_callback, fp)) + return -1; + return 0; + } + +-int display_users(policydb_t * p, FILE * fp) ++static int display_users(policydb_t * p, FILE * fp) + { + unsigned int i, j; + ebitmap_t *bitmap; +@@ -381,7 +381,7 @@ int display_users(policydb_t * p, FILE * fp) + return 0; + } + +-int display_bools(policydb_t * p, FILE * fp) ++static int display_bools(policydb_t * p, FILE * fp) + { + unsigned int i; + +@@ -392,7 +392,7 @@ int display_bools(policydb_t * p, FILE * fp) + return 0; + } + +-void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) ++static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) + { + + cond_expr_t *cur; +@@ -427,14 +427,14 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) + } + } + +-void display_policycon(FILE * fp) ++static void display_policycon(FILE * fp) + { + /* There was an attempt to implement this at one time. Look through + * git history to find it. */ + fprintf(fp, "Sorry, not implemented\n"); + } + +-void display_initial_sids(policydb_t * p, FILE * fp) ++static void display_initial_sids(policydb_t * p, FILE * fp) + { + ocontext_t *cur; + char *user, *role, *type; +@@ -459,7 +459,7 @@ void display_initial_sids(policydb_t * p, FILE * fp) + #endif + } + +-void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp) ++static void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp) + { + unsigned int i, num = 0; + +@@ -482,7 +482,7 @@ void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp) + fprintf(fp, " }"); + } + +-void display_role_trans(role_trans_rule_t * tr, policydb_t * p, FILE * fp) ++static void display_role_trans(role_trans_rule_t * tr, policydb_t * p, FILE * fp) + { + for (; tr; tr = tr->next) { + fprintf(fp, "role transition "); +@@ -495,7 +495,7 @@ void display_role_trans(role_trans_rule_t * tr, policydb_t * p, FILE * fp) + } + } + +-void display_role_allow(role_allow_rule_t * ra, policydb_t * p, FILE * fp) ++static void display_role_allow(role_allow_rule_t * ra, policydb_t * p, FILE * fp) + { + for (; ra; ra = ra->next) { + fprintf(fp, "role allow "); +@@ -517,7 +517,7 @@ static void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, F + } + } + +-int role_display_callback(hashtab_key_t key __attribute__((unused)), ++static int role_display_callback(hashtab_key_t key __attribute__((unused)), + hashtab_datum_t datum, void *data) + { + role_datum_t *role; +@@ -611,7 +611,7 @@ int change_bool(char *name, int state, policydb_t * p, FILE * fp) + } + #endif + +-int display_avdecl(avrule_decl_t * decl, int field, ++static int display_avdecl(avrule_decl_t * decl, int field, + policydb_t * policy, FILE * out_fp) + { + fprintf(out_fp, "decl %u:%s\n", decl->decl_id, +@@ -692,7 +692,7 @@ int display_avdecl(avrule_decl_t * decl, int field, + return 0; /* should never get here */ + } + +-int display_avblock(int field, policydb_t * policy, ++static int display_avblock(int field, policydb_t * policy, + FILE * out_fp) + { + avrule_block_t *block = policydb.global; +@@ -710,7 +710,7 @@ int display_avblock(int field, policydb_t * policy, + return 0; + } + +-int display_handle_unknown(policydb_t * p, FILE * out_fp) ++static int display_handle_unknown(policydb_t * p, FILE * out_fp) + { + if (p->handle_unknown == ALLOW_UNKNOWN) + fprintf(out_fp, "Allow unknown classes and perms\n"); +@@ -834,7 +834,7 @@ static void display_policycaps(policydb_t * p, FILE * fp) + } + } + +-int menu(void) ++static int menu(void) + { + printf("\nSelect a command:\n"); + printf("1) display unconditional AVTAB\n"); +diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c +index 37f71842c9e6..8ddefb04ac89 100644 +--- a/checkpolicy/test/dispol.c ++++ b/checkpolicy/test/dispol.c +@@ -42,7 +42,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) + exit(1); + } + +-int render_access_mask(uint32_t mask, avtab_key_t * key, policydb_t * p, ++static int render_access_mask(uint32_t mask, avtab_key_t * key, policydb_t * p, + FILE * fp) + { + char *perm; +@@ -54,13 +54,13 @@ int render_access_mask(uint32_t mask, avtab_key_t * key, policydb_t * p, + return 0; + } + +-int render_type(uint32_t type, policydb_t * p, FILE * fp) ++static int render_type(uint32_t type, policydb_t * p, FILE * fp) + { + fprintf(fp, "%s", p->p_type_val_to_name[type - 1]); + return 0; + } + +-int render_key(avtab_key_t * key, policydb_t * p, FILE * fp) ++static int render_key(avtab_key_t * key, policydb_t * p, FILE * fp) + { + char *stype, *ttype, *tclass; + stype = p->p_type_val_to_name[key->source_type - 1]; +@@ -84,7 +84,7 @@ int render_key(avtab_key_t * key, policydb_t * p, FILE * fp) + #define RENDER_DISABLED 0x0004 + #define RENDER_CONDITIONAL (RENDER_ENABLED|RENDER_DISABLED) + +-int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what, ++static int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what, + policydb_t * p, FILE * fp) + { + if (!(what & RENDER_UNCONDITIONAL)) { +@@ -163,7 +163,7 @@ int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what, + return 0; + } + +-int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp) ++static int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp) + { + unsigned int i; + avtab_ptr_t cur; +@@ -178,7 +178,7 @@ int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp) + return 0; + } + +-int display_bools(policydb_t * p, FILE * fp) ++static int display_bools(policydb_t * p, FILE * fp) + { + unsigned int i; + +@@ -189,7 +189,7 @@ int display_bools(policydb_t * p, FILE * fp) + return 0; + } + +-void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) ++static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) + { + + cond_expr_t *cur; +@@ -224,7 +224,7 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) + } + } + +-int display_cond_expressions(policydb_t * p, FILE * fp) ++static int display_cond_expressions(policydb_t * p, FILE * fp) + { + cond_node_t *cur; + cond_av_list_t *av_cur; +@@ -249,7 +249,7 @@ int display_cond_expressions(policydb_t * p, FILE * fp) + return 0; + } + +-int display_handle_unknown(policydb_t * p, FILE * out_fp) ++static int display_handle_unknown(policydb_t * p, FILE * out_fp) + { + if (p->handle_unknown == ALLOW_UNKNOWN) + fprintf(out_fp, "Allow unknown classes and permissions\n"); +@@ -260,7 +260,7 @@ int display_handle_unknown(policydb_t * p, FILE * out_fp) + return 0; + } + +-int change_bool(char *name, int state, policydb_t * p, FILE * fp) ++static int change_bool(char *name, int state, policydb_t * p, FILE * fp) + { + cond_bool_datum_t *bool; + +@@ -368,7 +368,7 @@ static void display_filename_trans(policydb_t *p, FILE *fp) + hashtab_map(p->filename_trans, filenametr_display, &args); + } + +-int menu(void) ++static int menu(void) + { + printf("\nSelect a command:\n"); + printf("1) display unconditional AVTAB\n"); +-- +2.32.0 + diff --git a/SOURCES/0016-checkpolicy-mark-read-only-parameters-in-policy-defi.patch b/SOURCES/0016-checkpolicy-mark-read-only-parameters-in-policy-defi.patch new file mode 100644 index 0000000..c44405b --- /dev/null +++ b/SOURCES/0016-checkpolicy-mark-read-only-parameters-in-policy-defi.patch @@ -0,0 +1,81 @@ +From 1711757378d1ff1e7437fd7d5ddf263272284641 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 6 Jul 2021 19:54:33 +0200 +Subject: [PATCH] checkpolicy: mark read-only parameters in policy define const +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Make it more obvious which parameters are read-only and not being +modified and allow callers to pass const pointers. + +Signed-off-by: Christian Göttsche +--- + checkpolicy/policy_define.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index efe3a1a26315..75a67d5c8a7c 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -77,7 +77,7 @@ extern int yyerror(const char *msg); + #define ERRORMSG_LEN 255 + static char errormsg[ERRORMSG_LEN + 1] = {0}; + +-static int id_has_dot(char *id); ++static int id_has_dot(const char *id); + static int parse_security_context(context_struct_t *c); + + /* initialize all of the state variables for the scanner/parser */ +@@ -141,7 +141,7 @@ int insert_id(const char *id, int push) + + /* If the identifier has a dot within it and that its first character + is not a dot then return 1, else return 0. */ +-static int id_has_dot(char *id) ++static int id_has_dot(const char *id) + { + if (strchr(id, '.') >= id + 1) { + return 1; +@@ -2172,7 +2172,7 @@ void avrule_xperm_setrangebits(uint16_t low, uint16_t high, + } + } + +-int avrule_xperms_used(av_extended_perms_t *xperms) ++int avrule_xperms_used(const av_extended_perms_t *xperms) + { + unsigned int i; + +@@ -2347,7 +2347,7 @@ unsigned int xperms_for_each_bit(unsigned int *bit, av_extended_perms_t *xperms) + return 0; + } + +-int avrule_cpy(avrule_t *dest, avrule_t *src) ++int avrule_cpy(avrule_t *dest, const avrule_t *src) + { + class_perm_node_t *src_perms; + class_perm_node_t *dest_perms, *dest_tail; +@@ -2395,7 +2395,7 @@ int avrule_cpy(avrule_t *dest, avrule_t *src) + return 0; + } + +-int define_te_avtab_ioctl(avrule_t *avrule_template) ++int define_te_avtab_ioctl(const avrule_t *avrule_template) + { + avrule_t *avrule; + struct av_ioctl_range_list *rangelist; +@@ -3444,9 +3444,10 @@ bad: + return -1; + } + +-static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr) ++static constraint_expr_t *constraint_expr_clone(const constraint_expr_t * expr) + { +- constraint_expr_t *h = NULL, *l = NULL, *e, *newe; ++ constraint_expr_t *h = NULL, *l = NULL, *newe; ++ const constraint_expr_t *e; + for (e = expr; e; e = e->next) { + newe = malloc(sizeof(*newe)); + if (!newe) +-- +2.32.0 + diff --git a/SPECS/checkpolicy.spec b/SPECS/checkpolicy.spec new file mode 100644 index 0000000..b0d8457 --- /dev/null +++ b/SPECS/checkpolicy.spec @@ -0,0 +1,998 @@ +%define libselinuxver 3.2-5 +%define libsepolver 3.2-3 + +Summary: SELinux policy compiler +Name: checkpolicy +Version: 3.2 +Release: 4%{?dist} +License: GPLv2 +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/checkpolicy-3.2.tar.gz +# $ git clone https://github.com/fedora-selinux/selinux.git +# $ cd selinux +# $ git format-patch -N 3.2 -- checkpolicy +# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +# Patch list start +Patch0001: 0001-libsepol-checkpolicy-Set-user-roles-using-role-value.patch +Patch0002: 0002-checkpolicy-Do-not-automatically-upgrade-when-using-.patch +Patch0003: 0003-checkpolicy-silence-Wextra-semi-stmt-warning.patch +Patch0004: 0004-checkpolicy-pass-CFLAGS-at-link-stage.patch +Patch0005: 0005-checkpolicy-drop-pipe-compile-option.patch +Patch0006: 0006-checkpolicy-simplify-assignment.patch +Patch0007: 0007-checkpolicy-drop-dead-condition.patch +Patch0008: 0008-checkpolicy-use-correct-format-specifier-for-unsigne.patch +Patch0009: 0009-checkpolicy-follow-declaration-after-statement.patch +Patch0010: 0010-checkpolicy-remove-dead-assignments.patch +Patch0011: 0011-checkpolicy-check-before-potential-NULL-dereference.patch +Patch0012: 0012-checkpolicy-avoid-potential-use-of-uninitialized-var.patch +Patch0013: 0013-checkpolicy-drop-redundant-cast-to-the-same-type.patch +Patch0014: 0014-checkpolicy-parse_util-drop-unused-declaration.patch +Patch0015: 0015-checkpolicy-test-mark-file-local-functions-static.patch +Patch0016: 0016-checkpolicy-mark-read-only-parameters-in-policy-defi.patch +# Patch list end +BuildRequires: gcc +BuildRequires: make +BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver} + +%description +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These +architectural components provide general support for the enforcement +of many kinds of mandatory access control policies, including those +based on the concepts of Type Enforcement®, Role-based Access +Control, and Multi-level Security. + +This package contains checkpolicy, the SELinux policy compiler. +Only required for building policies. + +%prep +%autosetup -p 2 -n checkpolicy-%{version} + +%build + +%set_build_flags + +%make_build LIBDIR="%{_libdir}" +cd test +%make_build LIBDIR="%{_libdir}" + +%install +mkdir -p ${RPM_BUILD_ROOT}%{_bindir} +%make_install LIBDIR="%{_libdir}" +install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod +install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_bindir}/checkpolicy +%{_bindir}/checkmodule +%{_mandir}/man8/checkpolicy.8.gz +%{_mandir}/man8/checkmodule.8.gz +%{_mandir}/ru/man8/checkpolicy.8.gz +%{_mandir}/ru/man8/checkmodule.8.gz +%{_bindir}/sedismod +%{_bindir}/sedispol + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 3.2-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 28 2021 Petr Lautrbach - 3.2-3 +- Rebase on upstream commit 32611aea6543 + +* Thu Apr 15 2021 Mohan Boddu - 3.2-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 8 2021 Petr Lautrbach - 3.2-1 +- SELinux userspace 3.2 release + +* Fri Feb 5 2021 Petr Lautrbach - 3.2-0.rc2.1 +- SELinux userspace 3.2-rc2 release + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 21 2021 Petr Lautrbach - 3.2-0.rc1.1 +- SELinux userspace 3.2-rc1 release + +* Sun Nov 1 2020 Petr Lautrbach - 3.1-4 +- Fix signed overflow caused by using (1 << 31) - 1 +- Optimize storage of filename transitions +- Rebuild with libsepol.so.2 + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 3.1-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Fri Jul 10 2020 Petr Lautrbach - 3.1-1 +- SELinux userspace 3.1 release + +* Tue Jan 28 2020 Petr Lautrbach - 3.0-3 +- Fix -fno-common issues discovered by GCC 10 + +* Tue Jan 28 2020 Fedora Release Engineering - 3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Dec 6 2019 Petr Lautrbach - 3.0-1 +- SELinux userspace 3.0 release + +* Mon Nov 11 2019 Petr Lautrbach - 3.0-0.rc1.1 +- SELinux userspace 3.0-rc1 release candidate + +* Wed Jul 24 2019 Fedora Release Engineering - 2.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Mar 18 2019 Petr Lautrbach - 2.9-1 +- SELinux userspace 2.9 release + +* Mon Mar 11 2019 Petr Lautrbach - 2.9-0.rc2.1 +- SELinux userspace 2.9-rc2 release + +* Thu Jan 31 2019 Fedora Release Engineering - 2.9-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 Petr Lautrbach - 2.9-0.rc1.1 +- SELinux userspace 2.9-rc1 release + +* Mon Jan 21 2019 Petr Lautrbach - 2.8-3 +- Check the result value of hashtable_search +- Destroy the class datum if it fails to initialize + +* Thu Jul 12 2018 Fedora Release Engineering - 2.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri May 25 2018 Petr Lautrbach - 2.8-1 +- SELinux userspace 2.8 release + +* Tue May 15 2018 Petr Lautrbach - 2.8-0.rc3.1 +- SELinux userspace 2.8-rc3 release candidate + +* Mon Apr 23 2018 Petr Lautrbach - 2.8-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + +* Wed Mar 21 2018 Petr Lautrbach - 2.7-7 +- Add support for the SCTP portcon keyword + +* Tue Mar 13 2018 Petr Lautrbach - 2.7-6 +- build: follow standard semantics for DESTDIR and PREFIX + +* Thu Feb 22 2018 Florian Weimer - 2.7-5 +- Use LDFLAGS from redhat-rpm-config + +* Wed Feb 07 2018 Fedora Release Engineering - 2.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Nov 22 2017 Petr Lautrbach - 2.7-3 +- Rebuild with libsepol-2.7-3 and libselinux-2.7-6 + +* Fri Oct 20 2017 Petr Lautrbach - 2.7-2 +- Rebuilt with libsepol-2.7-2 + +* Mon Aug 07 2017 Petr Lautrbach - 2.7-1 +- Update to upstream release 2017-08-04 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Feb 15 2017 Petr Lautrbach - 2.6-1 +- Update to upstream release 2016-10-14 + +* Fri Feb 10 2017 Fedora Release Engineering - 2.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Oct 03 2016 Petr Lautrbach 2.5-8 +- Add types associated to a role in the current scope when parsing + +* Mon Aug 01 2016 Petr Lautrbach 2.5-7 +- Extend checkpolicy pathname matching +- Rebuilt with libsepol-2.5-9 + +* Mon Jun 27 2016 Petr Lautrbach - 2.5-6 +- Fix typos in sedispol + +* Thu Jun 23 2016 Petr Lautrbach - 2.5-5 +- Set flex as default lexer +- Fix checkmodule output message + +* Wed May 11 2016 Petr Lautrbach - 2.5-4 +- Rebuilt with libsepol-2.5-6 + +* Fri Apr 29 2016 Petr Lautrbach - 2.5-3 +- Build policy on systems not supporting DCCP protocol +- Fail if module name different than output base filename + +* Fri Apr 08 2016 Petr Lautrbach - 2.5-2 +- Add support for portcon dccp protocol + +* Tue Feb 23 2016 Petr Lautrbach 2.5-1 +- Update to upstream release 2016-02-23 + +* Sun Feb 21 2016 Petr Lautrbach 2.5-0.1.rc1 +- Update to upstream rc1 release 2016-01-07 + +* Wed Feb 03 2016 Fedora Release Engineering - 2.4-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jul 21 2015 Petr Lautrbach 2.4-1.1 +- Update to 2.4 release + +* Sat Aug 16 2014 Fedora Release Engineering - 2.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 11 2014 Tom Callaway - 2.3-3 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 6 2014 Dan Walsh - 2.3-1 +- Update to upstream + * Add Android support for building dispol. + * Report source file and line information for neverallow failures. + * Prevent incompatible option combinations for checkmodule. + * Drop -lselinux from LDLIBS for test programs; not used. + * Add debug feature to display constraints/validatetrans from Richard Haines. + +* Thu Oct 31 2013 Dan Walsh - 2.2-1 +- Update to upstream + * Fix hyphen usage in man pages from Laurent Bigonville. + * handle-unknown / -U required argument fix from Laurent Bigonville. + * Support overriding Makefile PATH and LIBDIR from Laurent Bigonville. + * Support space and : in filenames from Dan Walsh. + +* Sat Aug 03 2013 Fedora Release Engineering - 2.1.12-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 16 2013 Dan Walsh - 2.1.12-4 +- Fix a segmentation fault if the --handle-unknown option was set without +arguments. +- Thanks to Alexandre Rebert and his team at Carnegie Mellon University +for detecting this crash. + +* Tue Mar 19 2013 Dan Walsh - 2.1.12-3 +- ":" should be allowed for file trans names + +* Tue Mar 12 2013 Dan Walsh - 2.1.12-2 +- Space should be allowed for file trans names + +* Thu Feb 7 2013 Dan Walsh - 2.1.12-1 +- Update to upstream + * Fix errors found by coverity + * implement default type policy syntax + * Free allocated memory when clean up / exit. + +* Sat Jan 5 2013 Dan Walsh - 2.1.11-3 +- Update to latest patches from eparis/Upstream +- checkpolicy: libsepol: implement default type policy syntax +- +- We currently have a mechanism in which the default user, role, and range +- can be picked up from the source or the target object. This implements +- the same thing for types. The kernel will override this with type +- transition rules and similar. This is just the default if nothing +- specific is given. + + +* Wed Sep 19 2012 Dan Walsh - 2.1.11-2 +- Rebuild with fixed libsepol + +* Thu Sep 13 2012 Dan Walsh - 2.1.11-1 +- Update to upstream + * fd leak reading policy + * check return code on ebitmap_set_bit + +* Mon Jul 30 2012 Dan Walsh - 2.1.10-4 +- Rebuild to grab latest libsepol + +* Tue Jul 24 2012 Dan Walsh - 2.1.10-3 +- Rebuild to grab latest libsepol + +* Wed Jul 18 2012 Fedora Release Engineering - 2.1.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 4 2012 Dan Walsh - 2.1.10-1 +- Update to upstream + * sepolgen: We need to support files that have a + in them + * Android/MacOS X build support + +* Mon Apr 23 2012 Dan Walsh - 2.1.9-4 +- Rebuild to get latest libsepol which fixes the file_name transition problems + +* Tue Apr 17 2012 Dan Walsh - 2.1.9-3 +- Recompile with libsepol that has support for ptrace_child + +* Tue Apr 3 2012 Dan Walsh - 2.1.9-2 +- Allow checkpolicy to use + in a file name + +* Thu Mar 29 2012 Dan Walsh - 2.1.9-1 +- Update to upstream + * implement new default labeling behaviors for usr, role, range + * Fix dead links to www.nsa.gov/selinux + +* Mon Jan 16 2012 Dan Walsh - 2.1.8-3 +- Fix man page to link to www.nsa.giv/research/selinux + +* Thu Jan 12 2012 Fedora Release Engineering - 2.1.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Dan Walsh - 2.1.8-1 +-Update to upstream + * add ignoredirs config for genhomedircon + * Fallback_user_level can be NULL if you are not using MLS + +* Wed Dec 21 2011 Dan Walsh - 2.1.7-3 +- default_rules should be optional + +* Thu Dec 15 2011 Dan Walsh - 2.1.7-2 +- Rebuild with latest libsepol + +* Tue Dec 6 2011 Dan Walsh - 2.1.7-1 +- Upgrade to upstream + * dis* fixed signed vs unsigned errors + * dismod: fix unused parameter errors + * test: Makefile: include -W and -Werror + * allow ~ in filename transition rules +- Allow policy to specify the source of target for generating the default user,role +- or mls label for a new target. + +* Mon Nov 14 2011 Dan Walsh - 2.1.6-2 +- Allow ~ in a filename + +* Fri Nov 4 2011 Dan Walsh - 2.1.6-1 +- Upgrade to upstream + * Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" + * drop libsepol dynamic link in checkpolicy + +* Tue Sep 20 2011 Dan Walsh - 2.1.5-2 +- Fix checkpolicy to ignore '"' in filename trans rules + +* Mon Sep 19 2011 Dan Walsh - 2.1.5-1 +-Update to upstream + * Separate tunable from boolean during compile. + +* Tue Aug 30 2011 Dan Walsh - 2.1.4-0 +-Update to upstream + * checkpolicy: fix spacing in output message + +* Thu Aug 18 2011 Dan Walsh - 2.1.3-0 + * add missing ; to attribute_role_def + *Redo filename/filesystem syntax to support filename trans + +* Wed Aug 3 2011 Dan Walsh - 2.1.2-0 +-Update to upstream + * .gitignore changes + * dispol output of role trans + * man page update: build a module with an older policy version + +* Thu Jul 28 2011 Dan Walsh - 2.1.1-0 +-Update to upstream + * Minor updates to filename trans rule output in dis{mod,pol} + +* Thu Jul 28 2011 Dan Walsh - 2.1.0-1 +-Update to upstream + +* Mon May 23 2011 Dan Walsh - 2.0.26-1 +-Update to upstream + * Wrap file names in filename transitions with quotes by Steve Lawrence. + * Allow filesystem names to start with a digit by James Carter. + * Add support for using the last path compnent in type transitions by Eric + +* Thu Apr 21 2011 Dan Walsh - 2.0.24-2 +* Fixes for new role_transition class field by Eric Paris. + +* Fri Apr 15 2011 Dan Walsh - 2.0.24-2 +- Add "-" as a file type + +* Tue Apr 12 2011 Dan Walsh - 2.0.24-1 +-Update to upstream + * Add new class field in role_transition by Harry Ciao. + +* Mon Apr 11 2011 Dan Walsh - 2.0.23-5 +- Fix type_transition to allow all files + +* Tue Mar 29 2011 Dan Walsh - 2.0.23-4 +- Patches from Eric Paris +We just use random numbers to make menu selections. Use #defines and +names that make some sense instead. + +This patch adds support for using the last path component as part of the +information in making labeling decisions for new objects. A example +rule looks like so: + +type_transition unconfined_t etc_t:file system_conf_t eric; + +This rule says if unconfined_t creates a file in a directory labeled +etc_t and the last path component is "eric" (no globbing, no matching +magic, just exact strcmp) it should be labeled system_conf_t. + +The kernel and policy representation does not have support for such +rules in conditionals, and thus policy explicitly notes that fact if +such a rule is added to a conditional. + + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Dan Walsh - 2.0.23-2 +- Add James Carters Patch + *This patch is needed because some filesystem names (such as 9p) start + with a digit. + +* Tue Dec 21 2010 Dan Walsh - 2.0.23-1 +- Latest update from NSA + * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock + +* Wed Dec 8 2010 Dan Walsh - 2.0.22-2 +- Rebuild to make sure it will build in Fedora + +* Wed Jun 16 2010 Dan Walsh - 2.0.22-1 +- Latest update from NSA + * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence +- Allow policy version to be one number + +* Mon May 3 2010 Dan Walsh - 2.0.21-2 +- Fix checkmodule man page and usage statements + +* Sun Nov 1 2009 Dan Walsh - 2.0.21-1 +- Latest update from NSA + * Add support for building Xen policies from Paul Nuzzi. + * Add long options to checkpolicy and checkmodule by Guido + Trentalancia + +* Fri Jul 24 2009 Fedora Release Engineering - 2.0.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Feb 23 2009 Fedora Release Engineering - 2.0.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 18 2009 Dan Walsh - 2.0.19-1 +- Latest update from NSA + * Fix alias field in module format, caused by boundary format change + from Caleb Case. + +* Fri Jan 30 2009 Dan Walsh - 2.0.18-1 +- Latest update from NSA + * Properly escape regex symbols in the lexer from Stephen Smalley. + * Add bounds support from KaiGai Kohei. + +* Tue Oct 28 2008 Dan Walsh - 2.0.16-4 + +* Mon Jul 7 2008 Dan Walsh - 2.0.16-3 +- Rebuild with new libsepol + +* Wed May 28 2008 Tom "spot" Callaway 2.0.16-2 +- fix license tag + +* Wed May 28 2008 Dan Walsh - 2.0.16-1 +- Latest update from NSA + * Update checkpolicy for user and role mapping support from Joshua Brindle. + +* Fri May 2 2008 Dan Walsh - 2.0.15-1 +- Latest update from NSA + * Fix for policy module versions that look like IPv4 addresses from Jim Carter. + Resolves bug 444451. + +* Fri May 2 2008 Dan Walsh - 2.0.14-2 +- Allow modules with 4 sections or more + +* Thu Mar 27 2008 Dan Walsh - 2.0.14-1 +- Latest update from NSA + * Add permissive domain support from Eric Paris. + +* Thu Mar 13 2008 Dan Walsh - 2.0.13-1 +- Latest update from NSA + * Split out non-grammar parts of policy_parse.yacc into + policy_define.c and policy_define.h from Todd C. Miller. + * Initialize struct policy_file before using it, from Todd C. Miller. + * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. + +* Thu Feb 28 2008 Dan Walsh - 2.0.10-1 +- Latest update from NSA + * Use yyerror2() where appropriate from Todd C. Miller. +- Build against latest libsepol + +* Fri Feb 22 2008 Dan Walsh - 2.0.9-2 +- Start shipping sedismod and sedispol + +* Mon Feb 4 2008 Dan Walsh - 2.0.9-1 +- Latest update from NSA + * Update dispol for libsepol avtab changes from Stephen Smalley. + +* Fri Jan 25 2008 Dan Walsh - 2.0.8-1 +- Latest update from NSA + * Deprecate role dominance in parser. + +* Mon Jan 21 2008 Dan Walsh - 2.0.7-2 +- Update to use libsepol-static library + +* Fri Jan 11 2008 Dan Walsh - 2.0.7-1 +- Latest update from NSA + * Added support for policy capabilities from Todd Miller. + +* Thu Nov 15 2007 Dan Walsh - 2.0.6-1 +- Latest update from NSA + * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". + * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. + +* Tue Sep 18 2007 Dan Walsh - 2.0.4-1 + * Merged handle unknown policydb flag support from Eric Paris. + Adds new command line options -U {allow, reject, deny} for selecting + the flag when a base module or kernel policy is built. + +* Tue Aug 28 2007 Fedora Release Engineering - 2.0.3-3 +- Rebuild for selinux ppc32 issue. + +* Mon Jun 18 2007 Dan Walsh - 2.0.3-2 +- Rebuild with the latest libsepol + +* Sun Jun 17 2007 Dan Walsh - 2.0.3-1 +- Latest update from NSA + * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. + * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. + +* Thu Apr 12 2007 Dan Walsh - 2.0.2-1 +- Latest update from NSA + * Merged checkmodule man page fix from Dan Walsh. + +* Fri Mar 30 2007 Dan Walsh - 2.0.1-3 +- Rebuild with new libsepol + +* Wed Mar 28 2007 Dan Walsh - 2.0.1-2 +- Rebuild with new libsepol + +* Mon Nov 20 2006 Dan Walsh - 2.0.1-1 +- Latest update from NSA + * Merged patch to allow dots in class identifiers from Caleb Case. + +* Tue Nov 14 2006 Dan Walsh - 2.0.0-1 +- Latest update from NSA + * Merged patch to use new libsepol error codes by Karl MacMillan. + * Updated version for stable branch. + +* Tue Nov 14 2006 Dan Walsh - 1.33.1-2 +- Rebuild for new libraries + +* Tue Nov 14 2006 Dan Walsh - 1.33.1-1 +- Latest update from NSA + * Collapse user identifiers and identifiers together. + +* Tue Oct 17 2006 Dan Walsh - 1.32-1 +- Latest update from NSA + * Updated version for release. + +* Thu Sep 28 2006 Dan Walsh - 1.30.12-1 +- Latest update from NSA + * Merged user and range_transition support for modules from + Darrel Goeddel + +* Wed Sep 6 2006 Dan Walsh - 1.30.11-1 +- Latest update from NSA + * merged range_transition enhancements and user module format + changes from Darrel Goeddel + * Merged symtab datum patch from Karl MacMillan. + +* Wed Jul 12 2006 Jesse Keating - 1.30.9-1.1 +- rebuild + +* Tue Jul 4 2006 Dan Walsh - 1.30.8-1 +- Latest upgrade from NSA + * Lindent. + * Merged patch to remove TE rule conflict checking from the parser + from Joshua Brindle. This can only be done properly by the + expander. + * Merged patch to make checkpolicy/checkmodule handling of + duplicate/conflicting TE rules the same as the expander + from Joshua Brindle. + * Merged optionals in base take 2 patch set from Joshua Brindle. + +* Tue May 23 2006 Dan Walsh - 1.30.5-1 +- Latest upgrade from NSA + * Merged compiler cleanup patch from Karl MacMillan. + * Merged fix warnings patch from Karl MacMillan. + +* Wed Apr 5 2006 Dan Walsh - 1.30.4-1 +- Latest upgrade from NSA + * Changed require_class to reject permissions that have not been + declared if building a base module. + +* Tue Mar 28 2006 Dan Walsh - 1.30.3-1 +- Latest upgrade from NSA + * Fixed checkmodule to call link_modules prior to expand_module + to handle optionals. + * Fixed require_class to avoid shadowing permissions already defined + in an inherited common definition. + +* Mon Mar 27 2006 Dan Walsh - 1.30.1-2 +- Rebuild with new libsepol + +* Thu Mar 23 2006 Dan Walsh - 1.30.1-1 +- Latest upgrade from NSA + * Moved processing of role and user require statements to 2nd pass. + +* Fri Mar 17 2006 Dan Walsh - 1.30-1 +- Latest upgrade from NSA + * Updated version for release. + * Fixed bug in role dominance (define_role_dom). + +* Fri Feb 17 2006 Dan Walsh - 1.29.4-1 +- Latest upgrade from NSA + * Added a check for failure to declare each sensitivity in + a level definition. + * Changed to clone level data for aliased sensitivities to + avoid double free upon sens_destroy. Bug reported by Kevin + Carr of Tresys Technology. + +* Mon Feb 13 2006 Dan Walsh - 1.29.2-1 +- Latest upgrade from NSA + * Merged optionals in base patch from Joshua Brindle. + +* Mon Feb 13 2006 Dan Walsh - 1.29.1-1.2 +- Need to build againi + +* Fri Feb 10 2006 Jesse Keating - 1.29.1-1.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Dan Walsh 1.29.1-1 +- Latest upgrade from NSA + * Merged sepol_av_to_string patch from Joshua Brindle. + +* Tue Feb 07 2006 Jesse Keating - 1.28-5.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Jan 13 2006 Dan Walsh 1.28-5 +- Rebuild to get latest libsepol + +* Fri Jan 13 2006 Dan Walsh 1.28-5 +- Rebuild to get latest libsepol + +* Thu Jan 5 2006 Dan Walsh 1.28-4 +- Rebuild to get latest libsepol + +* Wed Jan 4 2006 Dan Walsh 1.28-3 +- Rebuild to get latest libsepol + +* Fri Dec 16 2005 Dan Walsh 1.28-2 +- Rebuild to get latest libsepol + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Dec 9 2005 Dan Walsh 1.28-1 +- Latest upgrade from NSA + +* Sun Dec 4 2005 Dan Walsh 1.27.20-1 +- Latest upgrade from NSA + * Merged checkmodule man page from Dan Walsh, and edited it. + +* Thu Dec 1 2005 Dan Walsh 1.27.19-1 +- Latest upgrade from NSA + * Added error checking of all ebitmap_set_bit calls for out of + memory conditions. + * Merged removal of compatibility handling of netlink classes + (requirement that policies with newer versions include the + netlink class definitions, remapping of fine-grained netlink + classes in newer source policies to single netlink class when + generating older policies) from George Coker. + +* Tue Nov 8 2005 Dan Walsh 1.27.17-7 +- Rebuild to get latest libsepol + +* Tue Oct 25 2005 Dan Walsh 1.27.17-1 +- Latest upgrade from NSA + * Merged dismod fix from Joshua Brindle. + +* Thu Oct 20 2005 Dan Walsh 1.27.16-1 +- Latest upgrade from NSA + * Removed obsolete cond_check_type_rules() function and call and + cond_optimize_lists() call from checkpolicy.c; these are handled + during parsing and expansion now. + * Updated calls to expand_module for interface change. + * Changed checkmodule to verify that expand_module succeeds + when building base modules. + * Merged module compiler fixes from Joshua Brindle. + * Removed direct calls to hierarchy_check_constraints() and + check_assertions() from checkpolicy since they are now called + internally by expand_module(). + +* Tue Oct 18 2005 Dan Walsh 1.27.11-1 +- Latest upgrade from NSA + * Updated for changes to sepol policydb_index_others interface. + +* Tue Oct 18 2005 Dan Walsh 1.27.10-1 +- Latest upgrade from NSA + * Updated for changes to sepol expand_module and link_modules interfaces. +* Sat Oct 15 2005 Dan Walsh 1.27.9-2 +- Rebuild to get latest libsepol + +* Fri Oct 14 2005 Dan Walsh 1.27.9-1 +- Latest upgrade from NSA + * Merged support for require blocks inside conditionals from + Joshua Brindle (Tresys). + +* Wed Oct 12 2005 Karsten Hopp 1.27.8-2 +- add buildrequirement for libselinux-devel for dispol + +* Mon Oct 10 2005 Dan Walsh 1.27.8-1 +- Latest upgrade from NSA + * Updated for changes to libsepol. + +* Fri Oct 7 2005 Dan Walsh 1.27.7-2 +- Rebuild to get latest libsepol + +* Thu Oct 6 2005 Dan Walsh 1.27.7-1 +- Latest upgrade from NSA + * Merged several bug fixes from Joshua Brindle (Tresys). + +* Tue Oct 4 2005 Dan Walsh 1.27.6-1 +- Latest upgrade from NSA + * Merged MLS in modules patch from Joshua Brindle (Tresys). + +* Mon Oct 3 2005 Dan Walsh 1.27.5-2 +- Rebuild to get latest libsepol + +* Wed Sep 28 2005 Dan Walsh 1.27.5-1 +- Latest upgrade from NSA + * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). + +* Tue Sep 27 2005 Dan Walsh 1.27.4-1 +- Latest upgrade from NSA + * Merged bugfix for dup role transition error messages from + Karl MacMillan (Tresys). + +* Fri Sep 23 2005 Dan Walsh 1.27.3-1 +- Latest upgrade from NSA + * Merged policyver/modulever patches from Joshua Brindle (Tresys). + +* Wed Sep 21 2005 Dan Walsh 1.27.2-2 +- Rebuild to get latest libsepol + +* Wed Sep 21 2005 Dan Walsh 1.27.2-1 +- Latest upgrade from NSA + * Fixed parse_categories handling of undefined category. + +* Tue Sep 20 2005 Dan Walsh 1.27.1-2 +- Rebuild to get latest libsepol + +* Sat Sep 17 2005 Dan Walsh 1.27.1-1 +- Latest upgrade from NSA + * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). +* Wed Sep 14 2005 Dan Walsh 1.26-2 +- Rebuild to get latest libsepol + +* Mon Sep 12 2005 Dan Walsh 1.26-1 +- Latest upgrade from NSA + * Updated version for release. +- Rebuild to get latest libsepol + +* Thu Sep 1 2005 Dan Walsh 1.25.12-3 +- Rebuild to get latest libsepol + +* Mon Aug 29 2005 Dan Walsh 1.25.12-2 +- Rebuild to get latest libsepol + +* Mon Aug 22 2005 Dan Walsh 1.25.12-1 +- Update to NSA Release + * Fixed handling of validatetrans constraint expressions. + Bug reported by Dan Walsh for checkpolicy -M. + +* Mon Aug 22 2005 Dan Walsh 1.25.11-2 +- Fix mls crash + +* Fri Aug 19 2005 Dan Walsh 1.25.11-1 +- Update to NSA Release + * Merged use-after-free fix from Serge Hallyn (IBM). + Bug found by Coverity. + +* Sun Aug 14 2005 Dan Walsh 1.25.10-1 +- Update to NSA Release + * Fixed further memory leaks found by valgrind. + * Changed checkpolicy to destroy the policydbs prior to exit + to allow leak detection. + * Fixed several memory leaks found by valgrind. + +* Sun Aug 14 2005 Dan Walsh 1.25.8-3 +- Rebuild to get latest libsepol changes + +* Sat Aug 13 2005 Dan Walsh 1.25.8-2 +- Rebuild to get latest libsepol changes + +* Thu Aug 11 2005 Dan Walsh 1.25.8-1 +- Update to NSA Release + * Updated checkpolicy and dispol for the new avtab format. + Converted users of ebitmaps to new inline operators. + Note: The binary policy format version has been incremented to + version 20 as a result of these changes. To build a policy + for a kernel that does not yet include these changes, use + the -c 19 option to checkpolicy. + * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). + * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). + +* Wed Aug 10 2005 Dan Walsh 1.25.5-1 +- Update to NSA Release + * Fixed call to hierarchy checking code to pass the right policydb. + * Merged patch to update dismod for the relocation of the + module read/write code from libsemanage to libsepol, and + to enable build of test subdirectory from Jason Tang (Tresys). + +* Thu Jul 28 2005 Dan Walsh 1.25.3-1 +- Update to NSA Release + * Merged hierarchy check fix from Joshua Brindle (Tresys). + +* Thu Jul 7 2005 Dan Walsh 1.25.2-1 +- Update to NSA Release + * Merged loadable module support from Tresys Technology. + * Merged patch to prohibit the use of * and ~ in type sets + (other than in neverallow statements) and in role sets + from Joshua Brindle (Tresys). + * Updated version for release. + +* Fri May 20 2005 Dan Walsh 1.23-4-1 +- Update to NSA Release + * Merged cleanup patch from Dan Walsh. + +* Thu May 19 2005 Dan Walsh 1.23-3-1 +- Update to NSA Release + * Added sepol_ prefix to Flask types to avoid namespace + collision with libselinux. + +* Sat May 7 2005 Dan Walsh 1.23-2-1 +- Update to NSA Release + * Merged identifier fix from Joshua Brindle (Tresys). + +* Thu Apr 14 2005 Dan Walsh 1.23,1-1 + * Merged hierarchical type/role patch from Tresys Technology. + * Merged MLS fixes from Darrel Goeddel of TCS. + +* Thu Mar 10 2005 Dan Walsh 1.22-1 +- Update to NSA Release + +* Tue Mar 1 2005 Dan Walsh 1.21.4-2 +- Rebuild for FC4 + +* Thu Feb 17 2005 Dan Walsh 1.21.4-1 + * Merged define_user() cleanup patch from Darrel Goeddel (TCS). + * Moved genpolusers utility to libsepol. + * Merged range_transition support from Darrel Goeddel (TCS). + +* Thu Feb 10 2005 Dan Walsh 1.21.2-1 +- Latest from NSA + * Changed relabel Makefile target to use restorecon. + +* Mon Feb 7 2005 Dan Walsh 1.21.1-1 +- Latest from NSA + * Merged enhanced MLS support from Darrel Goeddel (TCS). + +* Fri Jan 7 2005 Dan Walsh 1.20.1-1 +- Update for version increase at NSA + +* Mon Dec 20 2004 Dan Walsh 1.19.2-1 +- Latest from NSA + * Merged typeattribute statement patch from Darrel Goeddel of TCS. + * Changed genpolusers to handle multiple user config files. + * Merged nodecon ordering patch from Chad Hanson of TCS. + +* Thu Nov 11 2004 Dan Walsh 1.19.1-1 +- Latest from NSA + * Merged nodecon ordering patch from Chad Hanson of TCS. + +* Thu Nov 4 2004 Dan Walsh 1.18.1-1 +- Latest from NSA + * MLS build fix. + +* Sat Sep 4 2004 Dan Walsh 1.17.5-1 +- Latest from NSA + * Fixed Makefile dependencies (Chris PeBenito). + +* Sat Sep 4 2004 Dan Walsh 1.17.4-1 +- Latest from NSA + * Fixed Makefile dependencies (Chris PeBenito). + +* Sat Sep 4 2004 Dan Walsh 1.17.3-1 +- Latest from NSA + * Merged fix for role dominance ordering issue from Chad Hanson of TCS. + +* Mon Aug 30 2004 Dan Walsh 1.17.2-1 +- Latest from NSA + +* Thu Aug 26 2004 Dan Walsh 1.16.3-1 +- Fix NSA package to not include y.tab files. + +* Tue Aug 24 2004 Dan Walsh 1.16.2-1 +- Latest from NSA +- Allow port ranges to overlap + +* Sun Aug 22 2004 Dan Walsh 1.16.1-1 +- Latest from NSA + +* Mon Aug 16 2004 Dan Walsh 1.15.6-1 +- Latest from NSA + +* Fri Aug 13 2004 Dan Walsh 1.15.5-1 +- Latest from NSA + +* Wed Aug 11 2004 Dan Walsh 1.15.4-1 +- Latest from NSA + +* Sat Aug 7 2004 Dan Walsh 1.15.3-1 +- Latest from NSA + +* Wed Aug 4 2004 Dan Walsh 1.15.2-1 +- Latest from NSA + +* Sat Jul 31 2004 Dan Walsh 1.15.1-1 +- Latest from NSA + +* Tue Jul 27 2004 Dan Walsh 1.14.2-1 +- Latest from NSA + +* Wed Jun 30 2004 Dan Walsh 1.14.1-1 +- Latest from NSA + +* Fri Jun 18 2004 Dan Walsh 1.12.2-1 +- Latest from NSA + +* Thu Jun 17 2004 Dan Walsh 1.12.1-1 +- Update to latest from NSA + +* Wed Jun 16 2004 Dan Walsh 1.12-1 +- Update to latest from NSA + +* Wed Jun 16 2004 Dan Walsh 1.10-5 +- Add nlclass patch + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Jun 4 2004 Dan Walsh 1.10-3 +- Add BuildRequires flex + +* Thu Apr 8 2004 Dan Walsh 1.10-2 +- Add BuildRequires byacc + +* Thu Apr 8 2004 Dan Walsh 1.10-1 +- Upgrade to the latest from NSA + +* Mon Mar 15 2004 Dan Walsh 1.8-1 +- Upgrade to the latest from NSA + +* Tue Feb 24 2004 Dan Walsh 1.6-1 +- Upgrade to the latest from NSA + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Jan 20 2004 Dan Walsh 1.4-6 +- Add typealias patch + +* Tue Jan 20 2004 Dan Walsh 1.4-5 +- Update excludetypes with negset-final patch + +* Wed Jan 14 2004 Dan Walsh 1.4-4 +- Add excludetypes patch + +* Wed Jan 14 2004 Dan Walsh 1.4-3 +- Add Colin Walter's lineno patch + +* Wed Jan 7 2004 Dan Walsh 1.4-2 +- Remove check for roles transition + +* Sat Dec 6 2003 Dan Walsh 1.4-1 +- upgrade to 1.4 + +* Wed Oct 1 2003 Dan Walsh 1.2-1 +- upgrade to 1.2 + +* Thu Aug 28 2003 Dan Walsh 1.1-2 +- upgrade to 1.1 + +* Mon Jun 2 2003 Dan Walsh 1.0-1 +- Initial version