diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b03c195 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libsemanage-3.3.tar.gz diff --git a/.libsemanage.metadata b/.libsemanage.metadata new file mode 100644 index 0000000..4b3389b --- /dev/null +++ b/.libsemanage.metadata @@ -0,0 +1 @@ +11f64c0651cde5d85b1dbbbc05491e95943643bb SOURCES/libsemanage-3.3.tar.gz diff --git a/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch b/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch new file mode 100644 index 0000000..4dc4ca8 --- /dev/null +++ b/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch @@ -0,0 +1,66 @@ +From 05bc0fe72b53476a9d4da3957c6d6cba00c76eea Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Wed, 7 Nov 2018 18:17:34 +0100 +Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity + scan defects + +--- + libsemanage/src/direct_api.c | 21 ++++++++------------- + 1 file changed, 8 insertions(+), 13 deletions(-) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index f0e2300a2f58..b7a3e0f17cc1 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -1029,7 +1029,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, + + fp = NULL; + +- ret = 0; ++ return 0; + + cleanup: + if (fp != NULL) fclose(fp); +@@ -2186,7 +2186,6 @@ cleanup: + semanage_module_info_destroy(sh, modinfo); + free(modinfo); + +- if (fp != NULL) fclose(fp); + return status; + } + +@@ -2351,16 +2350,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, + free(tmp); + tmp = NULL; + +- if (fclose(fp) != 0) { +- ERR(sh, +- "Unable to close %s module lang ext file.", +- (*modinfo)->name); +- status = -1; +- goto cleanup; +- } +- +- fp = NULL; +- + /* lookup enabled/disabled status */ + ret = semanage_module_get_path(sh, + *modinfo, +@@ -2404,7 +2393,13 @@ cleanup: + free(modinfos); + } + +- if (fp != NULL) fclose(fp); ++ if (fp != NULL && fclose(fp) != 0) { ++ ERR(sh, ++ "Unable to close %s module lang ext file.", ++ (*modinfo)->name); ++ status = -1; ++ } ++ + return status; + } + +-- +2.32.0 + diff --git a/SOURCES/0002-libsemanage-add-missing-include-to-boolean_record.c.patch b/SOURCES/0002-libsemanage-add-missing-include-to-boolean_record.c.patch new file mode 100644 index 0000000..ec8fa2c --- /dev/null +++ b/SOURCES/0002-libsemanage-add-missing-include-to-boolean_record.c.patch @@ -0,0 +1,38 @@ +From 5bf29afd8591d93aa6052254855b2ff5c9b38ec6 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:22 +0100 +Subject: [PATCH] libsemanage: add missing include to boolean_record.c + +It uses asprintf(3), but doesn't directly include - fix it. + +Signed-off-by: Ondrej Mosnacek +Acked-by: James Carter +--- + libsemanage/src/boolean_record.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libsemanage/src/boolean_record.c b/libsemanage/src/boolean_record.c +index 95f3a8620ead..40dc6545fbdb 100644 +--- a/libsemanage/src/boolean_record.c ++++ b/libsemanage/src/boolean_record.c +@@ -7,6 +7,9 @@ + */ + + #include ++#include ++#include ++ + #include + + typedef sepol_bool_t semanage_bool_t; +@@ -20,7 +23,6 @@ typedef semanage_bool_key_t record_key_t; + #include "boolean_internal.h" + #include "handle.h" + #include "database.h" +-#include + #include + + /* Key */ +-- +2.34.1 + diff --git a/SOURCES/0003-semodule-libsemanage-move-module-hashing-into-libsem.patch b/SOURCES/0003-semodule-libsemanage-move-module-hashing-into-libsem.patch new file mode 100644 index 0000000..d17439e --- /dev/null +++ b/SOURCES/0003-semodule-libsemanage-move-module-hashing-into-libsem.patch @@ -0,0 +1,575 @@ +From f77f2b70930c628b362320cbfe07833032ae9b0f Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:23 +0100 +Subject: [PATCH] semodule,libsemanage: move module hashing into libsemanage + +The main goal of this move is to have the SHA-256 implementation under +libsemanage, since upcoming patches will make use of SHA-256 for a +different (but similar) purpose in libsemanage. Having the hashing code +in libsemanage will reduce code duplication and allow for easier hash +algorithm upgrade in the future. + +Note that libselinux currently also contains a hash function +implementation (for yet another different purpose). This patch doesn't +make any effort to address that duplicity yet. + +This patch also changes the format of the hash string printed by +semodule to include the name of the hash. The intent is to avoid +ambiguity and potential collisions when the algorithm is potentially +changed in the future. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/include/semanage/modules.h | 26 ++ + libsemanage/src/libsemanage.map | 4 + + libsemanage/src/modules.c | 59 ++++ + .../src/semanageswig_python_exception.i | 8 + + libsemanage/src/sha256.c | 294 ++++++++++++++++++ + libsemanage/src/sha256.h | 89 ++++++ + 6 files changed, 480 insertions(+) + create mode 100644 libsemanage/src/sha256.c + create mode 100644 libsemanage/src/sha256.h + +diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h +index b51f61f033d5..14666f6dbe00 100644 +--- a/libsemanage/include/semanage/modules.h ++++ b/libsemanage/include/semanage/modules.h +@@ -282,4 +282,30 @@ extern int semanage_module_get_enabled(semanage_handle_t *sh, + const semanage_module_key_t *modkey, + int *enabled); + ++/* Compute checksum for @modkey module contents. ++ * ++ * If @checksum is NULL, the function will just return the length of the ++ * checksum string in @checksum_len (checksum strings are guaranteed to ++ * have a fixed length for a given libsemanage binary). @modkey and @cil ++ * are ignored in this case and should be set to NULL and 0 (respectively). ++ * ++ * If @checksum is non-NULL, on success, @checksum will point to a buffer ++ * containing the checksum string and @checksum_len will point to the ++ * length of the string (without the null terminator). The semantics of ++ * @cil are the same as for @extract_cil in semanage_module_extract(). ++ * ++ * The caller is responsible to free the buffer returned in @checksum (using ++ * free(3)). ++ * ++ * Callers may assume that if the checksum strings for two modules match, ++ * the module content is the same (collisions are theoretically possible, ++ * yet extremely unlikely). ++ * ++ * Returns 0 on success and -1 on error. ++ */ ++extern int semanage_module_compute_checksum(semanage_handle_t *sh, ++ semanage_module_key_t *modkey, ++ int cil, char **checksum, ++ size_t *checksum_len); ++ + #endif +diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map +index 3ea7b60f97bb..00259fc817f5 100644 +--- a/libsemanage/src/libsemanage.map ++++ b/libsemanage/src/libsemanage.map +@@ -345,3 +345,7 @@ LIBSEMANAGE_1.1 { + semanage_module_remove_key; + semanage_set_store_root; + } LIBSEMANAGE_1.0; ++ ++LIBSEMANAGE_3.4 { ++ semanage_module_compute_checksum; ++} LIBSEMANAGE_1.1; +diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c +index b6dd456cac32..5dbb28fdbaa5 100644 +--- a/libsemanage/src/modules.c ++++ b/libsemanage/src/modules.c +@@ -35,11 +35,13 @@ + #include + #include + #include ++#include + #include + #include + + #include "handle.h" + #include "modules.h" ++#include "sha256.h" + #include "debug.h" + + int semanage_module_install(semanage_handle_t * sh, +@@ -975,3 +977,60 @@ int semanage_module_remove_key(semanage_handle_t *sh, + return sh->funcs->remove_key(sh, modkey); + } + ++static const char CHECKSUM_TYPE[] = "sha256"; ++static const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; ++ ++static void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) ++{ ++ size_t i; ++ ++ checksum += sprintf(checksum, "%s:", CHECKSUM_TYPE); ++ for (i = 0; i < SHA256_HASH_SIZE; i++) { ++ checksum += sprintf(checksum, "%02x", (unsigned)hash[i]); ++ } ++} ++ ++int semanage_module_compute_checksum(semanage_handle_t *sh, ++ semanage_module_key_t *modkey, ++ int cil, char **checksum, ++ size_t *checksum_len) ++{ ++ semanage_module_info_t *extract_info = NULL; ++ Sha256Context context; ++ SHA256_HASH sha256_hash; ++ char *checksum_str; ++ void *data; ++ size_t data_len = 0; ++ int result; ++ ++ if (!checksum_len) ++ return -1; ++ ++ if (!checksum) { ++ *checksum_len = CHECKSUM_CONTENT_SIZE; ++ return 0; ++ } ++ ++ result = semanage_module_extract(sh, modkey, cil, &data, &data_len, &extract_info); ++ if (result != 0) ++ return -1; ++ ++ semanage_module_info_destroy(sh, extract_info); ++ free(extract_info); ++ ++ Sha256Initialise(&context); ++ Sha256Update(&context, data, data_len); ++ Sha256Finalise(&context, &sha256_hash); ++ ++ munmap(data, data_len); ++ ++ checksum_str = malloc(CHECKSUM_CONTENT_SIZE + 1 /* '\0' */); ++ if (!checksum_str) ++ return -1; ++ ++ semanage_hash_to_checksum_string(sha256_hash.bytes, checksum_str); ++ ++ *checksum = checksum_str; ++ *checksum_len = CHECKSUM_CONTENT_SIZE; ++ return 0; ++} +diff --git a/libsemanage/src/semanageswig_python_exception.i b/libsemanage/src/semanageswig_python_exception.i +index 372ec948866a..0df8bbc350e2 100644 +--- a/libsemanage/src/semanageswig_python_exception.i ++++ b/libsemanage/src/semanageswig_python_exception.i +@@ -351,6 +351,14 @@ + } + } + ++%exception semanage_module_compute_checksum { ++ $action ++ if (result < 0) { ++ PyErr_SetFromErrno(PyExc_OSError); ++ SWIG_fail; ++ } ++} ++ + %exception semanage_msg_get_level { + $action + if (result < 0) { +diff --git a/libsemanage/src/sha256.c b/libsemanage/src/sha256.c +new file mode 100644 +index 000000000000..fe2aeef07f53 +--- /dev/null ++++ b/libsemanage/src/sha256.c +@@ -0,0 +1,294 @@ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// WjCryptLib_Sha256 ++// ++// Implementation of SHA256 hash function. ++// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org ++// Modified by WaterJuice retaining Public Domain license. ++// ++// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// IMPORTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#include "sha256.h" ++#include ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// MACROS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) ++ ++#define MIN(x, y) ( ((x)<(y))?(x):(y) ) ++ ++#define STORE32H(x, y) \ ++ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ ++ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } ++ ++#define LOAD32H(x, y) \ ++ { x = ((uint32_t)((y)[0] & 255)<<24) | \ ++ ((uint32_t)((y)[1] & 255)<<16) | \ ++ ((uint32_t)((y)[2] & 255)<<8) | \ ++ ((uint32_t)((y)[3] & 255)); } ++ ++#define STORE64H(x, y) \ ++ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ ++ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ ++ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ ++ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// CONSTANTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++// The K array ++static const uint32_t K[64] = { ++ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, ++ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, ++ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, ++ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, ++ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, ++ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, ++ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, ++ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, ++ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, ++ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, ++ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, ++ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, ++ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL ++}; ++ ++#define BLOCK_SIZE 64 ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// INTERNAL FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++// Various logical functions ++#define Ch( x, y, z ) (z ^ (x & (y ^ z))) ++#define Maj( x, y, z ) (((x | y) & z) | (x & y)) ++#define S( x, n ) ror((x),(n)) ++#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) ++#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) ++#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) ++#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) ++#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) ++ ++#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ ++ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ ++ t1 = Sigma0(a) + Maj(a, b, c); \ ++ d += t0; \ ++ h = t0 + t1; ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// TransformFunction ++// ++// Compress 512-bits ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++static ++void ++ TransformFunction ++ ( ++ Sha256Context* Context, ++ uint8_t const* Buffer ++ ) ++{ ++ uint32_t S[8]; ++ uint32_t W[64]; ++ uint32_t t0; ++ uint32_t t1; ++ uint32_t t; ++ int i; ++ ++ // Copy state into S ++ for( i=0; i<8; i++ ) ++ { ++ S[i] = Context->state[i]; ++ } ++ ++ // Copy the state into 512-bits into W[0..15] ++ for( i=0; i<16; i++ ) ++ { ++ LOAD32H( W[i], Buffer + (4*i) ); ++ } ++ ++ // Fill W[16..63] ++ for( i=16; i<64; i++ ) ++ { ++ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; ++ } ++ ++ // Compress ++ for( i=0; i<64; i++ ) ++ { ++ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); ++ t = S[7]; ++ S[7] = S[6]; ++ S[6] = S[5]; ++ S[5] = S[4]; ++ S[4] = S[3]; ++ S[3] = S[2]; ++ S[2] = S[1]; ++ S[1] = S[0]; ++ S[0] = t; ++ } ++ ++ // Feedback ++ for( i=0; i<8; i++ ) ++ { ++ Context->state[i] = Context->state[i] + S[i]; ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// PUBLIC FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Initialise ++// ++// Initialises a SHA256 Context. Use this to initialise/reset a context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Initialise ++ ( ++ Sha256Context* Context // [out] ++ ) ++{ ++ Context->curlen = 0; ++ Context->length = 0; ++ Context->state[0] = 0x6A09E667UL; ++ Context->state[1] = 0xBB67AE85UL; ++ Context->state[2] = 0x3C6EF372UL; ++ Context->state[3] = 0xA54FF53AUL; ++ Context->state[4] = 0x510E527FUL; ++ Context->state[5] = 0x9B05688CUL; ++ Context->state[6] = 0x1F83D9ABUL; ++ Context->state[7] = 0x5BE0CD19UL; ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Update ++// ++// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on ++// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Update ++ ( ++ Sha256Context* Context, // [in out] ++ void const* Buffer, // [in] ++ uint32_t BufferSize // [in] ++ ) ++{ ++ uint32_t n; ++ ++ if( Context->curlen > sizeof(Context->buf) ) ++ { ++ return; ++ } ++ ++ while( BufferSize > 0 ) ++ { ++ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) ++ { ++ TransformFunction( Context, (uint8_t*)Buffer ); ++ Context->length += BLOCK_SIZE * 8; ++ Buffer = (uint8_t*)Buffer + BLOCK_SIZE; ++ BufferSize -= BLOCK_SIZE; ++ } ++ else ++ { ++ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); ++ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); ++ Context->curlen += n; ++ Buffer = (uint8_t*)Buffer + n; ++ BufferSize -= n; ++ if( Context->curlen == BLOCK_SIZE ) ++ { ++ TransformFunction( Context, Context->buf ); ++ Context->length += 8*BLOCK_SIZE; ++ Context->curlen = 0; ++ } ++ } ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Finalise ++// ++// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After ++// calling this, Sha256Initialised must be used to reuse the context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Finalise ++ ( ++ Sha256Context* Context, // [in out] ++ SHA256_HASH* Digest // [out] ++ ) ++{ ++ int i; ++ ++ if( Context->curlen >= sizeof(Context->buf) ) ++ { ++ return; ++ } ++ ++ // Increase the length of the message ++ Context->length += Context->curlen * 8; ++ ++ // Append the '1' bit ++ Context->buf[Context->curlen++] = (uint8_t)0x80; ++ ++ // if the length is currently above 56 bytes we append zeros ++ // then compress. Then we can fall back to padding zeros and length ++ // encoding like normal. ++ if( Context->curlen > 56 ) ++ { ++ while( Context->curlen < 64 ) ++ { ++ Context->buf[Context->curlen++] = (uint8_t)0; ++ } ++ TransformFunction(Context, Context->buf); ++ Context->curlen = 0; ++ } ++ ++ // Pad up to 56 bytes of zeroes ++ while( Context->curlen < 56 ) ++ { ++ Context->buf[Context->curlen++] = (uint8_t)0; ++ } ++ ++ // Store length ++ STORE64H( Context->length, Context->buf+56 ); ++ TransformFunction( Context, Context->buf ); ++ ++ // Copy output ++ for( i=0; i<8; i++ ) ++ { ++ STORE32H( Context->state[i], Digest->bytes+(4*i) ); ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Calculate ++// ++// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the ++// buffer. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Calculate ++ ( ++ void const* Buffer, // [in] ++ uint32_t BufferSize, // [in] ++ SHA256_HASH* Digest // [in] ++ ) ++{ ++ Sha256Context context; ++ ++ Sha256Initialise( &context ); ++ Sha256Update( &context, Buffer, BufferSize ); ++ Sha256Finalise( &context, Digest ); ++} +diff --git a/libsemanage/src/sha256.h b/libsemanage/src/sha256.h +new file mode 100644 +index 000000000000..406ed869cd82 +--- /dev/null ++++ b/libsemanage/src/sha256.h +@@ -0,0 +1,89 @@ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// WjCryptLib_Sha256 ++// ++// Implementation of SHA256 hash function. ++// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org ++// Modified by WaterJuice retaining Public Domain license. ++// ++// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#pragma once ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// IMPORTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#include ++#include ++ ++typedef struct ++{ ++ uint64_t length; ++ uint32_t state[8]; ++ uint32_t curlen; ++ uint8_t buf[64]; ++} Sha256Context; ++ ++#define SHA256_HASH_SIZE ( 256 / 8 ) ++ ++typedef struct ++{ ++ uint8_t bytes [SHA256_HASH_SIZE]; ++} SHA256_HASH; ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// PUBLIC FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Initialise ++// ++// Initialises a SHA256 Context. Use this to initialise/reset a context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Initialise ++ ( ++ Sha256Context* Context // [out] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Update ++// ++// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on ++// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Update ++ ( ++ Sha256Context* Context, // [in out] ++ void const* Buffer, // [in] ++ uint32_t BufferSize // [in] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Finalise ++// ++// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After ++// calling this, Sha256Initialised must be used to reuse the context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Finalise ++ ( ++ Sha256Context* Context, // [in out] ++ SHA256_HASH* Digest // [out] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Calculate ++// ++// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the ++// buffer. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Calculate ++ ( ++ void const* Buffer, // [in] ++ uint32_t BufferSize, // [in] ++ SHA256_HASH* Digest // [in] ++ ); +-- +2.34.1 + diff --git a/SOURCES/0004-libsemanage-move-compressed-file-handling-into-a-sep.patch b/SOURCES/0004-libsemanage-move-compressed-file-handling-into-a-sep.patch new file mode 100644 index 0000000..0714895 --- /dev/null +++ b/SOURCES/0004-libsemanage-move-compressed-file-handling-into-a-sep.patch @@ -0,0 +1,824 @@ +From 7b059d3ca56dbe7003cec921c13be70f9fa1a0f7 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:24 +0100 +Subject: [PATCH] libsemanage: move compressed file handling into a separate + object + +In order to reduce exisiting and future code duplication and to avoid +some unnecessary allocations and copying, factor the compressed file +utility functions out into a separate C/header file and refactor their +interface. + +Note that this change effectively removes the __fsetlocking(3) call from +semanage_load_files() - I haven't been able to figure out what purpose +it serves, but it seems pointless... + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/src/compressed_file.c | 224 +++++++++++++++++++++++++ + libsemanage/src/compressed_file.h | 78 +++++++++ + libsemanage/src/direct_api.c | 263 +++++------------------------- + libsemanage/src/direct_api.h | 4 - + libsemanage/src/semanage_store.c | 52 ++---- + 5 files changed, 354 insertions(+), 267 deletions(-) + create mode 100644 libsemanage/src/compressed_file.c + create mode 100644 libsemanage/src/compressed_file.h + +diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c +new file mode 100644 +index 000000000000..5546b83074d5 +--- /dev/null ++++ b/libsemanage/src/compressed_file.c +@@ -0,0 +1,224 @@ ++/* Author: Jason Tang ++ * Christopher Ashworth ++ * Ondrej Mosnacek ++ * ++ * Copyright (C) 2004-2006 Tresys Technology, LLC ++ * Copyright (C) 2005-2021 Red Hat, Inc. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#include ++#include ++#include ++ ++#include ++#include ++ ++#include ++ ++#include "compressed_file.h" ++ ++#include "debug.h" ++ ++#define BZ2_MAGICSTR "BZh" ++#define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) ++ ++/* bzip() a data to a file, returning the total number of compressed bytes ++ * in the file. Returns -1 if file could not be compressed. */ ++static int bzip(semanage_handle_t *sh, const char *filename, void *data, ++ size_t num_bytes) ++{ ++ BZFILE* b; ++ size_t size = 1<<16; ++ int bzerror; ++ size_t total = 0; ++ size_t len = 0; ++ FILE *f; ++ ++ if ((f = fopen(filename, "wb")) == NULL) { ++ return -1; ++ } ++ ++ if (!sh->conf->bzip_blocksize) { ++ if (fwrite(data, 1, num_bytes, f) < num_bytes) { ++ fclose(f); ++ return -1; ++ } ++ fclose(f); ++ return 0; ++ } ++ ++ b = BZ2_bzWriteOpen( &bzerror, f, sh->conf->bzip_blocksize, 0, 0); ++ if (bzerror != BZ_OK) { ++ BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); ++ fclose(f); ++ return -1; ++ } ++ ++ while ( num_bytes > total ) { ++ if (num_bytes - total > size) { ++ len = size; ++ } else { ++ len = num_bytes - total; ++ } ++ BZ2_bzWrite ( &bzerror, b, (uint8_t *)data + total, len ); ++ if (bzerror == BZ_IO_ERROR) { ++ BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); ++ fclose(f); ++ return -1; ++ } ++ total += len; ++ } ++ ++ BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); ++ fclose(f); ++ if (bzerror == BZ_IO_ERROR) { ++ return -1; ++ } ++ return 0; ++} ++ ++/* bunzip() a file to '*data', returning the total number of uncompressed bytes ++ * in the file. Returns -1 if file could not be decompressed. */ ++static ssize_t bunzip(semanage_handle_t *sh, FILE *f, void **data) ++{ ++ BZFILE* b = NULL; ++ size_t nBuf; ++ uint8_t* buf = NULL; ++ size_t size = 1<<18; ++ size_t bufsize = size; ++ int bzerror; ++ size_t total = 0; ++ uint8_t* uncompress = NULL; ++ uint8_t* tmpalloc = NULL; ++ int ret = -1; ++ ++ buf = malloc(bufsize); ++ if (buf == NULL) { ++ ERR(sh, "Failure allocating memory."); ++ goto exit; ++ } ++ ++ /* Check if the file is bzipped */ ++ bzerror = fread(buf, 1, BZ2_MAGICLEN, f); ++ rewind(f); ++ if ((bzerror != BZ2_MAGICLEN) || memcmp(buf, BZ2_MAGICSTR, BZ2_MAGICLEN)) { ++ goto exit; ++ } ++ ++ b = BZ2_bzReadOpen ( &bzerror, f, 0, sh->conf->bzip_small, NULL, 0 ); ++ if ( bzerror != BZ_OK ) { ++ ERR(sh, "Failure opening bz2 archive."); ++ goto exit; ++ } ++ ++ uncompress = malloc(size); ++ if (uncompress == NULL) { ++ ERR(sh, "Failure allocating memory."); ++ goto exit; ++ } ++ ++ while ( bzerror == BZ_OK) { ++ nBuf = BZ2_bzRead ( &bzerror, b, buf, bufsize); ++ if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { ++ if (total + nBuf > size) { ++ size *= 2; ++ tmpalloc = realloc(uncompress, size); ++ if (tmpalloc == NULL) { ++ ERR(sh, "Failure allocating memory."); ++ goto exit; ++ } ++ uncompress = tmpalloc; ++ } ++ memcpy(&uncompress[total], buf, nBuf); ++ total += nBuf; ++ } ++ } ++ if ( bzerror != BZ_STREAM_END ) { ++ ERR(sh, "Failure reading bz2 archive."); ++ goto exit; ++ } ++ ++ ret = total; ++ *data = uncompress; ++ ++exit: ++ BZ2_bzReadClose ( &bzerror, b ); ++ free(buf); ++ if ( ret < 0 ) { ++ free(uncompress); ++ } ++ return ret; ++} ++ ++int map_compressed_file(semanage_handle_t *sh, const char *path, ++ struct file_contents *contents) ++{ ++ ssize_t size = -1; ++ void *uncompress; ++ int ret = 0, fd = -1; ++ FILE *file = NULL; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) { ++ ERR(sh, "Unable to open %s\n", path); ++ return -1; ++ } ++ ++ file = fdopen(fd, "r"); ++ if (file == NULL) { ++ ERR(sh, "Unable to open %s\n", path); ++ close(fd); ++ return -1; ++ } ++ ++ if ((size = bunzip(sh, file, &uncompress)) >= 0) { ++ contents->data = uncompress; ++ contents->len = size; ++ contents->compressed = 1; ++ } else { ++ struct stat sb; ++ if (fstat(fd, &sb) == -1 || ++ (uncompress = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == ++ MAP_FAILED) { ++ ret = -1; ++ } else { ++ contents->data = uncompress; ++ contents->len = sb.st_size; ++ contents->compressed = 0; ++ } ++ } ++ fclose(file); ++ return ret; ++} ++ ++void unmap_compressed_file(struct file_contents *contents) ++{ ++ if (!contents->data) ++ return; ++ ++ if (contents->compressed) { ++ free(contents->data); ++ } else { ++ munmap(contents->data, contents->len); ++ } ++} ++ ++int write_compressed_file(semanage_handle_t *sh, const char *path, ++ void *data, size_t len) ++{ ++ return bzip(sh, path, data, len); ++} +diff --git a/libsemanage/src/compressed_file.h b/libsemanage/src/compressed_file.h +new file mode 100644 +index 000000000000..96cfb4b6304a +--- /dev/null ++++ b/libsemanage/src/compressed_file.h +@@ -0,0 +1,78 @@ ++/* Author: Jason Tang ++ * Christopher Ashworth ++ * Ondrej Mosnacek ++ * ++ * Copyright (C) 2004-2006 Tresys Technology, LLC ++ * Copyright (C) 2005-2021 Red Hat, Inc. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#ifndef _SEMANAGE_CIL_FILE_H_ ++#define _SEMANAGE_CIL_FILE_H_ ++ ++#include ++#include ++ ++#include "handle.h" ++ ++struct file_contents { ++ void *data; /** file contents (uncompressed) */ ++ size_t len; /** length of contents */ ++ int compressed; /** whether file was compressed */ ++}; ++ ++/** ++ * Map/read a possibly-compressed file into memory. ++ * ++ * If the file is bzip compressed map_file will uncompress the file into ++ * @p contents. The caller is responsible for calling ++ * @ref unmap_compressed_file on @p contents on success. ++ * ++ * @param sh semanage handle ++ * @param path path to the file ++ * @param contents pointer to struct file_contents, which will be ++ * populated with data pointer, size, and an indication whether ++ * the file was compressed or not ++ * ++ * @return 0 on success, -1 otherwise. ++ */ ++int map_compressed_file(semanage_handle_t *sh, const char *path, ++ struct file_contents *contents); ++ ++/** ++ * Destroy a previously mapped possibly-compressed file. ++ * ++ * If all fields of @p contents are zero/NULL, the function is ++ * guaranteed to do nothing. ++ * ++ * @param contents pointer to struct file_contents to destroy ++ */ ++void unmap_compressed_file(struct file_contents *contents); ++ ++/** ++ * Write bytes into a file, using compression if configured. ++ * ++ * @param sh semanage handle ++ * @param path path to the file ++ * @param data pointer to the data ++ * @param len length of the data ++ * ++ * @return 0 on success, -1 otherwise. ++ */ ++int write_compressed_file(semanage_handle_t *sh, const char *path, ++ void *data, size_t len); ++ ++#endif +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index b7a3e0f17cc1..aa2bfcf35016 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -50,6 +50,7 @@ + + #include "debug.h" + #include "handle.h" ++#include "compressed_file.h" + #include "modules.h" + #include "direct_api.h" + #include "semanage_store.h" +@@ -446,194 +447,6 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, + return 0; + } + +-#include +-#include +-#include +-#include +- +-/* bzip() a data to a file, returning the total number of compressed bytes +- * in the file. Returns -1 if file could not be compressed. */ +-static ssize_t bzip(semanage_handle_t *sh, const char *filename, char *data, +- size_t num_bytes) +-{ +- BZFILE* b; +- size_t size = 1<<16; +- int bzerror; +- size_t total = 0; +- size_t len = 0; +- FILE *f; +- +- if ((f = fopen(filename, "wb")) == NULL) { +- return -1; +- } +- +- if (!sh->conf->bzip_blocksize) { +- if (fwrite(data, 1, num_bytes, f) < num_bytes) { +- fclose(f); +- return -1; +- } +- fclose(f); +- return num_bytes; +- } +- +- b = BZ2_bzWriteOpen( &bzerror, f, sh->conf->bzip_blocksize, 0, 0); +- if (bzerror != BZ_OK) { +- BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); +- return -1; +- } +- +- while ( num_bytes > total ) { +- if (num_bytes - total > size) { +- len = size; +- } else { +- len = num_bytes - total; +- } +- BZ2_bzWrite ( &bzerror, b, &data[total], len ); +- if (bzerror == BZ_IO_ERROR) { +- BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); +- return -1; +- } +- total += len; +- } +- +- BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); +- fclose(f); +- if (bzerror == BZ_IO_ERROR) { +- return -1; +- } +- return total; +-} +- +-#define BZ2_MAGICSTR "BZh" +-#define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) +- +-/* bunzip() a file to '*data', returning the total number of uncompressed bytes +- * in the file. Returns -1 if file could not be decompressed. */ +-ssize_t bunzip(semanage_handle_t *sh, FILE *f, char **data) +-{ +- BZFILE* b = NULL; +- size_t nBuf; +- char* buf = NULL; +- size_t size = 1<<18; +- size_t bufsize = size; +- int bzerror; +- size_t total = 0; +- char* uncompress = NULL; +- char* tmpalloc = NULL; +- int ret = -1; +- +- buf = malloc(bufsize); +- if (buf == NULL) { +- ERR(sh, "Failure allocating memory."); +- goto exit; +- } +- +- /* Check if the file is bzipped */ +- bzerror = fread(buf, 1, BZ2_MAGICLEN, f); +- rewind(f); +- if ((bzerror != BZ2_MAGICLEN) || memcmp(buf, BZ2_MAGICSTR, BZ2_MAGICLEN)) { +- goto exit; +- } +- +- b = BZ2_bzReadOpen ( &bzerror, f, 0, sh->conf->bzip_small, NULL, 0 ); +- if ( bzerror != BZ_OK ) { +- ERR(sh, "Failure opening bz2 archive."); +- goto exit; +- } +- +- uncompress = malloc(size); +- if (uncompress == NULL) { +- ERR(sh, "Failure allocating memory."); +- goto exit; +- } +- +- while ( bzerror == BZ_OK) { +- nBuf = BZ2_bzRead ( &bzerror, b, buf, bufsize); +- if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { +- if (total + nBuf > size) { +- size *= 2; +- tmpalloc = realloc(uncompress, size); +- if (tmpalloc == NULL) { +- ERR(sh, "Failure allocating memory."); +- goto exit; +- } +- uncompress = tmpalloc; +- } +- memcpy(&uncompress[total], buf, nBuf); +- total += nBuf; +- } +- } +- if ( bzerror != BZ_STREAM_END ) { +- ERR(sh, "Failure reading bz2 archive."); +- goto exit; +- } +- +- ret = total; +- *data = uncompress; +- +-exit: +- BZ2_bzReadClose ( &bzerror, b ); +- free(buf); +- if ( ret < 0 ) { +- free(uncompress); +- } +- return ret; +-} +- +-/* mmap() a file to '*data', +- * If the file is bzip compressed map_file will uncompress +- * the file into '*data'. +- * Returns the total number of bytes in memory . +- * Returns -1 if file could not be opened or mapped. */ +-static ssize_t map_file(semanage_handle_t *sh, const char *path, char **data, +- int *compressed) +-{ +- ssize_t size = -1; +- char *uncompress; +- int fd = -1; +- FILE *file = NULL; +- +- fd = open(path, O_RDONLY); +- if (fd == -1) { +- ERR(sh, "Unable to open %s\n", path); +- return -1; +- } +- +- file = fdopen(fd, "r"); +- if (file == NULL) { +- ERR(sh, "Unable to open %s\n", path); +- close(fd); +- return -1; +- } +- +- if ((size = bunzip(sh, file, &uncompress)) > 0) { +- *data = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); +- if (*data == MAP_FAILED) { +- free(uncompress); +- fclose(file); +- return -1; +- } else { +- memcpy(*data, uncompress, size); +- } +- free(uncompress); +- *compressed = 1; +- } else { +- struct stat sb; +- if (fstat(fd, &sb) == -1 || +- (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == +- MAP_FAILED) { +- size = -1; +- } else { +- size = sb.st_size; +- } +- *compressed = 0; +- } +- +- fclose(file); +- +- return size; +-} +- + /* Writes a block of data to a file. Returns 0 on success, -1 on + * error. */ + static int write_file(semanage_handle_t * sh, +@@ -1045,15 +858,12 @@ static int semanage_compile_module(semanage_handle_t *sh, + char *compiler_path = NULL; + char *cil_data = NULL; + char *err_data = NULL; +- char *hll_data = NULL; + char *start = NULL; + char *end = NULL; +- ssize_t hll_data_len = 0; +- ssize_t bzip_status; + int status = 0; +- int compressed; + size_t cil_data_len = 0; + size_t err_data_len = 0; ++ struct file_contents hll_contents = {}; + + if (!strcasecmp(modinfo->lang_ext, "cil")) { + goto cleanup; +@@ -1084,13 +894,15 @@ static int semanage_compile_module(semanage_handle_t *sh, + goto cleanup; + } + +- if ((hll_data_len = map_file(sh, hll_path, &hll_data, &compressed)) <= 0) { ++ status = map_compressed_file(sh, hll_path, &hll_contents); ++ if (status < 0) { + ERR(sh, "Unable to read file %s\n", hll_path); +- status = -1; + goto cleanup; + } + +- status = semanage_pipe_data(sh, compiler_path, hll_data, (size_t)hll_data_len, &cil_data, &cil_data_len, &err_data, &err_data_len); ++ status = semanage_pipe_data(sh, compiler_path, hll_contents.data, ++ hll_contents.len, &cil_data, &cil_data_len, ++ &err_data, &err_data_len); + if (err_data_len > 0) { + for (start = end = err_data; end < err_data + err_data_len; end++) { + if (*end == '\n') { +@@ -1110,10 +922,9 @@ static int semanage_compile_module(semanage_handle_t *sh, + goto cleanup; + } + +- bzip_status = bzip(sh, cil_path, cil_data, cil_data_len); +- if (bzip_status == -1) { +- ERR(sh, "Failed to bzip %s\n", cil_path); +- status = -1; ++ status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); ++ if (status == -1) { ++ ERR(sh, "Failed to write %s\n", cil_path); + goto cleanup; + } + +@@ -1131,9 +942,7 @@ static int semanage_compile_module(semanage_handle_t *sh, + } + + cleanup: +- if (hll_data_len > 0) { +- munmap(hll_data, hll_data_len); +- } ++ unmap_compressed_file(&hll_contents); + free(cil_data); + free(err_data); + free(compiler_path); +@@ -1756,19 +1565,17 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + { + + int retval = -1; +- char *data = NULL; +- ssize_t data_len = 0; +- int compressed = 0; + char *path = NULL; + char *filename; + char *lang_ext = NULL; + char *module_name = NULL; + char *separator; + char *version = NULL; ++ struct file_contents contents = {}; + +- if ((data_len = map_file(sh, install_filename, &data, &compressed)) <= 0) { ++ retval = map_compressed_file(sh, install_filename, &contents); ++ if (retval < 0) { + ERR(sh, "Unable to read file %s\n", install_filename); +- retval = -1; + goto cleanup; + } + +@@ -1781,7 +1588,7 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + + filename = basename(path); + +- if (compressed) { ++ if (contents.compressed) { + separator = strrchr(filename, '.'); + if (separator == NULL) { + ERR(sh, "Compressed module does not have a valid extension."); +@@ -1805,7 +1612,8 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + } + + if (strcmp(lang_ext, "pp") == 0) { +- retval = parse_module_headers(sh, data, data_len, &module_name, &version); ++ retval = parse_module_headers(sh, contents.data, contents.len, ++ &module_name, &version); + free(version); + if (retval != 0) + goto cleanup; +@@ -1822,10 +1630,11 @@ static int semanage_direct_install_file(semanage_handle_t * sh, + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); + } + +- retval = semanage_direct_install(sh, data, data_len, module_name, lang_ext); ++ retval = semanage_direct_install(sh, contents.data, contents.len, ++ module_name, lang_ext); + + cleanup: +- if (data_len > 0) munmap(data, data_len); ++ unmap_compressed_file(&contents); + free(module_name); + free(path); + +@@ -1844,10 +1653,8 @@ static int semanage_direct_extract(semanage_handle_t * sh, + enum semanage_module_path_type file_type; + int rc = -1; + semanage_module_info_t *_modinfo = NULL; +- ssize_t _data_len; +- char *_data; +- int compressed; + struct stat sb; ++ struct file_contents contents = {}; + + /* get path of module */ + rc = semanage_module_get_path( +@@ -1903,19 +1710,33 @@ static int semanage_direct_extract(semanage_handle_t * sh, + } + } + +- _data_len = map_file(sh, input_file, &_data, &compressed); +- if (_data_len <= 0) { ++ rc = map_compressed_file(sh, input_file, &contents); ++ if (rc < 0) { + ERR(sh, "Error mapping file: %s", input_file); +- rc = -1; + goto cleanup; + } + ++ /* The API promises an mmap'ed pointer */ ++ if (contents.compressed) { ++ *mapped_data = mmap(NULL, contents.len, PROT_READ|PROT_WRITE, ++ MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); ++ if (*mapped_data == MAP_FAILED) { ++ ERR(sh, "Unable to map memory"); ++ rc = -1; ++ goto cleanup; ++ } ++ memcpy(*mapped_data, contents.data, contents.len); ++ free(contents.data); ++ } else { ++ *mapped_data = contents.data; ++ } ++ + *modinfo = _modinfo; +- *data_len = (size_t)_data_len; +- *mapped_data = _data; ++ *data_len = contents.len; + + cleanup: + if (rc != 0) { ++ unmap_compressed_file(&contents); + semanage_module_info_destroy(sh, _modinfo); + free(_modinfo); + } +@@ -2864,8 +2685,8 @@ static int semanage_direct_install_info(semanage_handle_t *sh, + goto cleanup; + } + +- ret = bzip(sh, path, data, data_len); +- if (ret <= 0) { ++ ret = write_compressed_file(sh, path, data, data_len); ++ if (ret < 0) { + ERR(sh, "Error while writing to %s.", path); + status = -3; + goto cleanup; +diff --git a/libsemanage/src/direct_api.h b/libsemanage/src/direct_api.h +index e56107b27573..ffd428eb82ba 100644 +--- a/libsemanage/src/direct_api.h ++++ b/libsemanage/src/direct_api.h +@@ -39,8 +39,4 @@ int semanage_direct_access_check(struct semanage_handle *sh); + + int semanage_direct_mls_enabled(struct semanage_handle *sh); + +-#include +-#include +-ssize_t bunzip(struct semanage_handle *sh, FILE *f, char **data); +- + #endif +diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c +index c6a736fe2d26..633ee73165fb 100644 +--- a/libsemanage/src/semanage_store.c ++++ b/libsemanage/src/semanage_store.c +@@ -59,6 +59,7 @@ typedef struct dbase_policydb dbase_t; + + #include "debug.h" + #include "utilities.h" ++#include "compressed_file.h" + + #define SEMANAGE_CONF_FILE "semanage.conf" + /* relative path names to enum semanage_paths to special files and +@@ -2054,60 +2055,27 @@ int semanage_direct_get_serial(semanage_handle_t * sh) + + int semanage_load_files(semanage_handle_t * sh, cil_db_t *cildb, char **filenames, int numfiles) + { +- int retval = 0; +- FILE *fp; +- ssize_t size; +- char *data = NULL; ++ int i, retval = 0; + char *filename; +- int i; ++ struct file_contents contents = {}; + + for (i = 0; i < numfiles; i++) { + filename = filenames[i]; + +- if ((fp = fopen(filename, "rb")) == NULL) { +- ERR(sh, "Could not open module file %s for reading.", filename); +- goto cleanup; +- } +- +- if ((size = bunzip(sh, fp, &data)) <= 0) { +- rewind(fp); +- __fsetlocking(fp, FSETLOCKING_BYCALLER); +- +- if (fseek(fp, 0, SEEK_END) != 0) { +- ERR(sh, "Failed to determine size of file %s.", filename); +- goto cleanup; +- } +- size = ftell(fp); +- rewind(fp); +- +- data = malloc(size); +- if (fread(data, size, 1, fp) != 1) { +- ERR(sh, "Failed to read file %s.", filename); +- goto cleanup; +- } +- } ++ retval = map_compressed_file(sh, filename, &contents); ++ if (retval < 0) ++ return -1; + +- fclose(fp); +- fp = NULL; ++ retval = cil_add_file(cildb, filename, contents.data, contents.len); ++ unmap_compressed_file(&contents); + +- retval = cil_add_file(cildb, filename, data, size); + if (retval != SEPOL_OK) { + ERR(sh, "Error while reading from file %s.", filename); +- goto cleanup; ++ return -1; + } +- +- free(data); +- data = NULL; + } + +- return retval; +- +- cleanup: +- if (fp != NULL) { +- fclose(fp); +- } +- free(data); +- return -1; ++ return 0; + } + + /* +-- +2.34.1 + diff --git a/SOURCES/0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch b/SOURCES/0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch new file mode 100644 index 0000000..8a05532 --- /dev/null +++ b/SOURCES/0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch @@ -0,0 +1,150 @@ +From b3c63ad0f9c5c35d80fabeb0ca7abd86f34aad0e Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:25 +0100 +Subject: [PATCH] libsemanage: clean up semanage_direct_commit() a bit + +Do some minor cosmetic cleanup, mainly to eliminate the 'rebuilt' goto +label. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/src/direct_api.c | 91 ++++++++++++++++++------------------ + 1 file changed, 45 insertions(+), 46 deletions(-) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index aa2bfcf35016..bed1e1eda78f 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -994,6 +994,16 @@ cleanup: + return status; + } + ++/* Files that must exist in order to skip policy rebuild. */ ++static const int semanage_computed_files[] = { ++ SEMANAGE_STORE_KERNEL, ++ SEMANAGE_STORE_FC, ++ SEMANAGE_STORE_SEUSERS, ++ SEMANAGE_LINKED, ++ SEMANAGE_SEUSERS_LINKED, ++ SEMANAGE_USERS_EXTRA_LINKED ++}; ++ + /* Copies a file from src to dst. If dst already exists then + * overwrite it. If source doesn't exist then return success. + * Returns 0 on success, -1 on error. */ +@@ -1053,6 +1063,14 @@ static int semanage_direct_commit(semanage_handle_t * sh) + seusers_modified = seusers->dtable->is_modified(seusers->dbase); + fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase); + ++ /* Before we do anything else, flush the join to its component parts. ++ * This *does not* flush to disk automatically */ ++ if (users->dtable->is_modified(users->dbase)) { ++ retval = users->dtable->flush(sh, users->dbase); ++ if (retval < 0) ++ goto cleanup; ++ } ++ + /* Rebuild if explicitly requested or any module changes occurred. */ + do_rebuild = sh->do_rebuild | sh->modules_modified; + +@@ -1119,14 +1137,6 @@ static int semanage_direct_commit(semanage_handle_t * sh) + } + } + +- /* Before we do anything else, flush the join to its component parts. +- * This *does not* flush to disk automatically */ +- if (users->dtable->is_modified(users->dbase)) { +- retval = users->dtable->flush(sh, users->dbase); +- if (retval < 0) +- goto cleanup; +- } +- + /* + * This is for systems that have already migrated with an older version + * of semanage_migrate_store. The older version did not copy +@@ -1135,48 +1145,20 @@ static int semanage_direct_commit(semanage_handle_t * sh) + * in order to skip re-linking are present; otherwise, we force + * a rebuild. + */ +- if (!do_rebuild) { +- int files[] = {SEMANAGE_STORE_KERNEL, +- SEMANAGE_STORE_FC, +- SEMANAGE_STORE_SEUSERS, +- SEMANAGE_LINKED, +- SEMANAGE_SEUSERS_LINKED, +- SEMANAGE_USERS_EXTRA_LINKED}; +- +- for (i = 0; i < (int) ARRAY_SIZE(files); i++) { +- path = semanage_path(SEMANAGE_TMP, files[i]); +- if (stat(path, &sb) != 0) { +- if (errno != ENOENT) { +- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); +- retval = -1; +- goto cleanup; +- } +- +- do_rebuild = 1; +- goto rebuild; ++ for (i = 0; !do_rebuild && i < (int)ARRAY_SIZE(semanage_computed_files); i++) { ++ path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]); ++ if (stat(path, &sb) != 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; + } ++ ++ do_rebuild = 1; ++ break; + } + } + +-rebuild: +- /* +- * Now that we know whether or not a rebuild is required, +- * we can determine what else needs to be done. +- * We need to write the kernel policy if we are rebuilding +- * or if any other policy component that lives in the kernel +- * policy has been modified. +- * We need to install the policy files if any of the managed files +- * that live under /etc/selinux (kernel policy, seusers, file contexts) +- * will be modified. +- */ +- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | +- ibendports_modified | +- bools->dtable->is_modified(bools->dbase) | +- ifaces->dtable->is_modified(ifaces->dbase) | +- nodes->dtable->is_modified(nodes->dbase) | +- users->dtable->is_modified(users_base->dbase); +- do_install = do_write_kernel | seusers_modified | fcontexts_modified; +- + /* + * If there were policy changes, or explicitly requested, or + * any required files are missing, rebuild the policy. +@@ -1330,6 +1312,23 @@ rebuild: + } + } + ++ /* ++ * Determine what else needs to be done. ++ * We need to write the kernel policy if we are rebuilding ++ * or if any other policy component that lives in the kernel ++ * policy has been modified. ++ * We need to install the policy files if any of the managed files ++ * that live under /etc/selinux (kernel policy, seusers, file contexts) ++ * will be modified. ++ */ ++ do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | ++ ibendports_modified | ++ bools->dtable->is_modified(bools->dbase) | ++ ifaces->dtable->is_modified(ifaces->dbase) | ++ nodes->dtable->is_modified(nodes->dbase) | ++ users->dtable->is_modified(users_base->dbase); ++ do_install = do_write_kernel | seusers_modified | fcontexts_modified; ++ + /* Attach our databases to the policydb we just created or loaded. */ + dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out); + dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); +-- +2.34.1 + diff --git a/SOURCES/0006-libsemanage-optionally-rebuild-policy-when-modules-a.patch b/SOURCES/0006-libsemanage-optionally-rebuild-policy-when-modules-a.patch new file mode 100644 index 0000000..6cada7b --- /dev/null +++ b/SOURCES/0006-libsemanage-optionally-rebuild-policy-when-modules-a.patch @@ -0,0 +1,492 @@ +From e8251a69e9f8386a232c999c068ed2daf02a8370 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Thu, 3 Feb 2022 17:53:26 +0100 +Subject: [PATCH] libsemanage: optionally rebuild policy when modules are + changed externally + +In Fedora/RHEL's selinux-policy package we ship a pre-built SELinux +policy store in the RPMs. When updating the main policy RPM, care must +be taken to rebuild the policy using `semodule -B` if there are any +other SELinux modules installed (whether shipped via another RPM or +manually installed locally). + +However, this way of shipping/managing the policy creates complications +on systems, where system files are managed by rpm-ostree (such as Fedora +CoreOS or Red Hat CoreOS), where the "package update" process is more +sophisticated. + +(Disclaimer: The following is written according to my current limited +understanding of rpm-ostree and may not be entirely accurate, but the +gist of it should match the reality.) + +Basically, one can think of rpm-ostree as a kind of Git for system +files. The package content is provided on a "branch", where each +"commit" represents a set of package updates layered on top of the +previous commit (i.e. it is a rolling release with some defined +package content snapshots). The user can then maintain their own branch +with additional package updates/installations/... and "rebase" it on top +of the main branch as needed. On top of that, the user can also have +additional configuration files (or modifications to existing files) in +/etc, which represent an additional layer on top of the package content. + +When updating the system (i.e. rebasing on a new "commit" of the "main +branch"), the files on the running system are not touched and the new +system state is prepared under a new root directory, which is chrooted +into on the next reboot. + +When an rpm-ostree system is updated, there are three moments when the +SELinux module store needs to be rebuilt to ensure that all modules are +included in the binary policy: +1. When the local RPM installations are applied on top of the base + system snapshot. +2. When local user configuartion is applied on top of that. +3. On system shutdown, to ensure that any changes in local configuration + performed since (2.) are reflected in the final new system image. + +Forcing a full rebuild at each step is not optimal and in many cases is +not necessary, as the user may not have any custom modules installed. + +Thus, this patch extends libsemanage to compute a checksum of the +content of all enabled modules, which is stored in the store, and adds a +flag to the libsemanage handle that instructs it to check the module +content checksum against the one from the last successful transaction +and force a full policy rebuild if they don't match. + +This will allow rpm-ostree systems to potentially reduce delays when +reconciling the module store when applying updates. + +I wasn't able to measure any noticeable overhead of the hash +computation, which is now added for every transaction (both before and +after this change a full policy rebuild took about 7 seconds on my test +x86 VM). With the new option check_ext_changes enabled, rebuilding a +policy store with unchanged modules took only about 0.96 seconds. + +Signed-off-by: Ondrej Mosnacek +--- + libsemanage/include/semanage/handle.h | 5 + + libsemanage/src/direct_api.c | 187 +++++++++++++++++++++----- + libsemanage/src/handle.c | 11 +- + libsemanage/src/handle.h | 1 + + libsemanage/src/libsemanage.map | 1 + + libsemanage/src/modules.c | 4 +- + libsemanage/src/modules.h | 3 + + libsemanage/src/semanage_store.c | 1 + + libsemanage/src/semanage_store.h | 1 + + 9 files changed, 175 insertions(+), 39 deletions(-) + +diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h +index 946d69bc91fe..0157be4fbc46 100644 +--- a/libsemanage/include/semanage/handle.h ++++ b/libsemanage/include/semanage/handle.h +@@ -66,6 +66,11 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); + * 1 for yes, 0 for no (default) */ + extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); + ++/* set whether to rebuild the policy on commit when potential changes ++ * to module files since last rebuild are detected, ++ * 1 for yes (default), 0 for no */ ++extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); ++ + /* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path + * corresponding to lang_ext. + * Upon success returns 0, -1 on error. */ +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index bed1e1eda78f..e0255310395b 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -33,6 +33,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -56,8 +58,7 @@ + #include "semanage_store.h" + #include "database_policydb.h" + #include "policy.h" +-#include +-#include ++#include "sha256.h" + + #define PIPE_READ 0 + #define PIPE_WRITE 1 +@@ -450,7 +451,7 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, + /* Writes a block of data to a file. Returns 0 on success, -1 on + * error. */ + static int write_file(semanage_handle_t * sh, +- const char *filename, char *data, size_t num_bytes) ++ const char *filename, const char *data, size_t num_bytes) + { + int out; + +@@ -850,8 +851,21 @@ cleanup: + return ret; + } + ++static void update_checksum_with_len(Sha256Context *context, size_t s) ++{ ++ int i; ++ uint8_t buffer[8]; ++ ++ for (i = 0; i < 8; i++) { ++ buffer[i] = s & 0xff; ++ s >>= 8; ++ } ++ Sha256Update(context, buffer, 8); ++} ++ + static int semanage_compile_module(semanage_handle_t *sh, +- semanage_module_info_t *modinfo) ++ semanage_module_info_t *modinfo, ++ Sha256Context *context) + { + char cil_path[PATH_MAX]; + char hll_path[PATH_MAX]; +@@ -922,6 +936,11 @@ static int semanage_compile_module(semanage_handle_t *sh, + goto cleanup; + } + ++ if (context) { ++ update_checksum_with_len(context, cil_data_len); ++ Sha256Update(context, cil_data, cil_data_len); ++ } ++ + status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); + if (status == -1) { + ERR(sh, "Failed to write %s\n", cil_path); +@@ -950,18 +969,40 @@ cleanup: + return status; + } + ++static int modinfo_cmp(const void *a, const void *b) ++{ ++ const semanage_module_info_t *ma = a; ++ const semanage_module_info_t *mb = b; ++ ++ return strcmp(ma->name, mb->name); ++} ++ + static int semanage_compile_hll_modules(semanage_handle_t *sh, +- semanage_module_info_t *modinfos, +- int num_modinfos) ++ semanage_module_info_t *modinfos, ++ int num_modinfos, ++ char *cil_checksum) + { +- int status = 0; +- int i; ++ /* to be incremented when checksum input data format changes */ ++ static const size_t CHECKSUM_EPOCH = 1; ++ ++ int i, status = 0; + char cil_path[PATH_MAX]; + struct stat sb; ++ Sha256Context context; ++ SHA256_HASH hash; ++ struct file_contents contents = {}; + + assert(sh); + assert(modinfos); + ++ /* Sort modules by name to get consistent ordering. */ ++ qsort(modinfos, num_modinfos, sizeof(*modinfos), &modinfo_cmp); ++ ++ Sha256Initialise(&context); ++ update_checksum_with_len(&context, CHECKSUM_EPOCH); ++ ++ /* prefix with module count to avoid collisions */ ++ update_checksum_with_len(&context, num_modinfos); + for (i = 0; i < num_modinfos; i++) { + status = semanage_module_get_path( + sh, +@@ -969,29 +1010,91 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, + SEMANAGE_MODULE_PATH_CIL, + cil_path, + sizeof(cil_path)); +- if (status != 0) { +- goto cleanup; +- } ++ if (status != 0) ++ return -1; + +- if (semanage_get_ignore_module_cache(sh) == 0 && +- (status = stat(cil_path, &sb)) == 0) { +- continue; +- } +- if (status != 0 && errno != ENOENT) { +- ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno)); +- goto cleanup; //an error in the "stat" call ++ if (!semanage_get_ignore_module_cache(sh)) { ++ status = stat(cil_path, &sb); ++ if (status == 0) { ++ status = map_compressed_file(sh, cil_path, &contents); ++ if (status < 0) { ++ ERR(sh, "Error mapping file: %s", cil_path); ++ return -1; ++ } ++ ++ /* prefix with length to avoid collisions */ ++ update_checksum_with_len(&context, contents.len); ++ Sha256Update(&context, contents.data, contents.len); ++ ++ unmap_compressed_file(&contents); ++ continue; ++ } else if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", cil_path, ++ strerror(errno)); ++ return -1; //an error in the "stat" call ++ } + } + +- status = semanage_compile_module(sh, &modinfos[i]); +- if (status < 0) { +- goto cleanup; ++ status = semanage_compile_module(sh, &modinfos[i], &context); ++ if (status < 0) ++ return -1; ++ } ++ Sha256Finalise(&context, &hash); ++ ++ semanage_hash_to_checksum_string(hash.bytes, cil_checksum); ++ return 0; ++} ++ ++static int semanage_compare_checksum(semanage_handle_t *sh, const char *reference) ++{ ++ const char *path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES_CHECKSUM); ++ struct stat sb; ++ int fd, retval; ++ char *data; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); ++ return -1; + } ++ /* Checksum file not present - force a rebuild. */ ++ return 1; ++ } ++ ++ if (fstat(fd, &sb) == -1) { ++ ERR(sh, "Unable to stat %s\n", path); ++ retval = -1; ++ goto out_close; + } + +- status = 0; ++ if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) { ++ /* Incompatible/invalid hash type - just force a rebuild. */ ++ WARN(sh, "Module checksum invalid - forcing a rebuild\n"); ++ retval = 1; ++ goto out_close; ++ } + +-cleanup: +- return status; ++ data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); ++ if (data == MAP_FAILED) { ++ ERR(sh, "Unable to mmap %s\n", path); ++ retval = -1; ++ goto out_close; ++ } ++ ++ retval = memcmp(data, reference, CHECKSUM_CONTENT_SIZE) != 0; ++ munmap(data, sb.st_size); ++out_close: ++ close(fd); ++ return retval; ++} ++ ++static int semanage_write_modules_checksum(semanage_handle_t *sh, ++ const char *checksum) ++{ ++ const char *path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES_CHECKSUM); ++ ++ return write_file(sh, path, checksum, CHECKSUM_CONTENT_SIZE); + } + + /* Files that must exist in order to skip policy rebuild. */ +@@ -1030,6 +1133,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + semanage_module_info_t *modinfos = NULL; + mode_t mask = umask(0077); + struct stat sb; ++ char modules_checksum[CHECKSUM_CONTENT_SIZE + 1 /* '\0' */]; + + int do_rebuild, do_write_kernel, do_install; + int fcontexts_modified, ports_modified, seusers_modified, +@@ -1159,28 +1263,45 @@ static int semanage_direct_commit(semanage_handle_t * sh) + } + } + +- /* +- * If there were policy changes, or explicitly requested, or +- * any required files are missing, rebuild the policy. +- */ +- if (do_rebuild) { +- /* =================== Module expansion =============== */ +- ++ if (do_rebuild || sh->check_ext_changes) { + retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos); + if (retval < 0) { + goto cleanup; + } + ++ /* No modules - nothing to rebuild. */ + if (num_modinfos == 0) { + goto cleanup; + } + +- retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos); ++ retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, ++ modules_checksum); + if (retval < 0) { + ERR(sh, "Failed to compile hll files into cil files.\n"); + goto cleanup; + } + ++ if (!do_rebuild && sh->check_ext_changes) { ++ retval = semanage_compare_checksum(sh, modules_checksum); ++ if (retval < 0) ++ goto cleanup; ++ do_rebuild = retval; ++ } ++ ++ retval = semanage_write_modules_checksum(sh, modules_checksum); ++ if (retval < 0) { ++ ERR(sh, "Failed to write module checksum file.\n"); ++ goto cleanup; ++ } ++ } ++ ++ /* ++ * If there were policy changes, or explicitly requested, or ++ * any required files are missing, rebuild the policy. ++ */ ++ if (do_rebuild) { ++ /* =================== Module expansion =============== */ ++ + retval = semanage_get_cil_paths(sh, modinfos, num_modinfos, &mod_filenames); + if (retval < 0) + goto cleanup; +@@ -1703,7 +1824,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, + goto cleanup; + } + +- rc = semanage_compile_module(sh, _modinfo); ++ rc = semanage_compile_module(sh, _modinfo, NULL); + if (rc < 0) { + goto cleanup; + } +diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c +index bb1e61400760..b2201ee346dc 100644 +--- a/libsemanage/src/handle.c ++++ b/libsemanage/src/handle.c +@@ -116,20 +116,23 @@ semanage_handle_t *semanage_handle_create(void) + + void semanage_set_rebuild(semanage_handle_t * sh, int do_rebuild) + { +- + assert(sh != NULL); + + sh->do_rebuild = do_rebuild; +- return; + } + + void semanage_set_reload(semanage_handle_t * sh, int do_reload) + { +- + assert(sh != NULL); + + sh->do_reload = do_reload; +- return; ++} ++ ++void semanage_set_check_ext_changes(semanage_handle_t * sh, int do_check) ++{ ++ assert(sh != NULL); ++ ++ sh->check_ext_changes = do_check; + } + + int semanage_get_hll_compiler_path(semanage_handle_t *sh, +diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h +index e1ce83ba2d08..4d2aae8f69cc 100644 +--- a/libsemanage/src/handle.h ++++ b/libsemanage/src/handle.h +@@ -61,6 +61,7 @@ struct semanage_handle { + int is_in_transaction; + int do_reload; /* whether to reload policy after commit */ + int do_rebuild; /* whether to rebuild policy if there were no changes */ ++ int check_ext_changes; /* whether to rebuild if external changes are detected via checksum */ + int commit_err; /* set by semanage_direct_commit() if there are + * any errors when building or committing the + * sandbox to kernel policy at /etc/selinux +diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map +index 00259fc817f5..c8214b26fc03 100644 +--- a/libsemanage/src/libsemanage.map ++++ b/libsemanage/src/libsemanage.map +@@ -348,4 +348,5 @@ LIBSEMANAGE_1.1 { + + LIBSEMANAGE_3.4 { + semanage_module_compute_checksum; ++ semanage_set_check_ext_changes; + } LIBSEMANAGE_1.1; +diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c +index 5dbb28fdbaa5..94bf884bf45d 100644 +--- a/libsemanage/src/modules.c ++++ b/libsemanage/src/modules.c +@@ -978,9 +978,9 @@ int semanage_module_remove_key(semanage_handle_t *sh, + } + + static const char CHECKSUM_TYPE[] = "sha256"; +-static const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; ++const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; + +-static void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) ++void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) + { + size_t i; + +diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h +index 64d4a157f5ca..cf2432c5b64d 100644 +--- a/libsemanage/src/modules.h ++++ b/libsemanage/src/modules.h +@@ -102,4 +102,7 @@ int semanage_module_get_path(semanage_handle_t *sh, + char *path, + size_t len); + ++extern const size_t CHECKSUM_CONTENT_SIZE; ++void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum); ++ + #endif +diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c +index 633ee73165fb..767f05cb2853 100644 +--- a/libsemanage/src/semanage_store.c ++++ b/libsemanage/src/semanage_store.c +@@ -115,6 +115,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { + "/disable_dontaudit", + "/preserve_tunables", + "/modules/disabled", ++ "/modules_checksum", + "/policy.kern", + "/file_contexts.local", + "/file_contexts.homedirs", +diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h +index b9ec566427a4..1fc77da83df0 100644 +--- a/libsemanage/src/semanage_store.h ++++ b/libsemanage/src/semanage_store.h +@@ -60,6 +60,7 @@ enum semanage_sandbox_defs { + SEMANAGE_DISABLE_DONTAUDIT, + SEMANAGE_PRESERVE_TUNABLES, + SEMANAGE_MODULES_DISABLED, ++ SEMANAGE_MODULES_CHECKSUM, + SEMANAGE_STORE_KERNEL, + SEMANAGE_STORE_FC_LOCAL, + SEMANAGE_STORE_FC_HOMEDIRS, +-- +2.34.1 + diff --git a/SOURCES/semanage.conf b/SOURCES/semanage.conf new file mode 100644 index 0000000..406f16f --- /dev/null +++ b/SOURCES/semanage.conf @@ -0,0 +1,60 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage +# commands. There might be a penalty in execution time if this +# option is enabled. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label only /home +# and home directories of users with SELinux login mappings defined, see +# semanage login -l for the list of such users. +# If you want to use a different home directory, you will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var +optimize-policy=true + +[sefcontext_compile] +path = /usr/sbin/sefcontext_compile +args = -r $@ +[end] diff --git a/SPECS/libsemanage.spec b/SPECS/libsemanage.spec new file mode 100644 index 0000000..d255dc0 --- /dev/null +++ b/SPECS/libsemanage.spec @@ -0,0 +1,1584 @@ +%define libsepolver 3.3-1 +%define libselinuxver 3.3-1 + +Summary: SELinux binary policy manipulation library +Name: libsemanage +Version: 3.3 +Release: 2%{?dist} +License: LGPLv2+ +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libsemanage-3.3.tar.gz +# fedora-selinux/selinux: git format-patch -N 3.3 -- libsemanage +# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +# Patch list start +Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch +Patch0002: 0002-libsemanage-add-missing-include-to-boolean_record.c.patch +Patch0003: 0003-semodule-libsemanage-move-module-hashing-into-libsem.patch +Patch0004: 0004-libsemanage-move-compressed-file-handling-into-a-sep.patch +Patch0005: 0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch +Patch0006: 0006-libsemanage-optionally-rebuild-policy-when-modules-a.patch +# Patch list end +URL: https://github.com/SELinuxProject/selinux/wiki +Source1: semanage.conf + +BuildRequires: gcc make +BuildRequires: libselinux-devel >= %{libselinuxver} swig +BuildRequires: libsepol-devel >= %{libsepolver} +BuildRequires: audit-libs-devel +BuildRequires: bison flex bzip2-devel + +BuildRequires: python3 +BuildRequires: python3-devel + +Requires: bzip2-libs audit-libs +Requires: libselinux%{?_isa} >= %{libselinuxver} +Obsoletes: libsemanage-compat = 3.1-4 + +%description +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These +architectural components provide general support for the enforcement +of many kinds of mandatory access control policies, including those +based on the concepts of Type Enforcement®, Role-based Access +Control, and Multi-level Security. + +libsemanage provides an API for the manipulation of SELinux binary policies. +It is used by checkpolicy (the policy compiler) and similar tools, as well +as by programs like load_policy that need to perform specific transformations +on binary policies such as customizing policy boolean settings. + +%package static +Summary: Static library used to build policy manipulation tools +Requires: libsemanage-devel%{_isa} = %{version}-%{release} + +%description static +The semanage-static package contains the static libraries +needed for developing applications that manipulate binary policies. + +%package devel +Summary: Header files and libraries used to build policy manipulation tools +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The semanage-devel package contains the libraries and header files +needed for developing applications that manipulate binary policies. + +%package -n python3-libsemanage +Summary: semanage python 3 bindings for libsemanage +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libselinux-python3 +%{?python_provide:%python_provide python3-libsemanage} +# Remove before F30 +Provides: %{name}-python3 = %{version}-%{release} +Provides: %{name}-python3%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} + +%description -n python3-libsemanage +The libsemanage-python3 package contains the python 3 bindings for developing +SELinux management applications. + +%prep +%autosetup -n libsemanage-%{version} -p 2 + + +%build +%set_build_flags +CFLAGS="$CFLAGS -fno-semantic-interposition" + +# To support building the Python wrapper against multiple Python runtimes +# Define a function, for how to perform a "build" of the python wrapper against +# a specific runtime: +BuildPythonWrapper() { + BinaryName=$1 + + # Perform the build from the upstream Makefile: + make \ + PYTHON=$BinaryName \ + LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \ + pywrap +} + +make clean +make swigify +%make_build LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all + +BuildPythonWrapper \ + %{__python3} + +%install +InstallPythonWrapper() { + BinaryName=$1 + + make \ + PYTHON=$BinaryName \ + DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" \ + install-pywrap +} + +mkdir -p ${RPM_BUILD_ROOT}%{_libdir} +mkdir -p ${RPM_BUILD_ROOT}%{_includedir} +mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux +mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp +%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" + +InstallPythonWrapper \ + %{__python3} \ + $(python3-config --extension-suffix) + +cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf + +%files +%license COPYING +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf +%{_libdir}/libsemanage.so.2 +%{_mandir}/man5/* +%{_mandir}/ru/man5/* +%dir %{_libexecdir}/selinux +%dir %{_sharedstatedir}/selinux +%dir %{_sharedstatedir}/selinux/tmp + +%ldconfig_scriptlets + +%files static +%{_libdir}/libsemanage.a + +%files devel +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%dir %{_includedir}/semanage +%{_includedir}/semanage/*.h +%{_mandir}/man3/* + +%files -n python3-libsemanage +%{python3_sitearch}/*.so +%{python3_sitearch}/semanage.py* +%{python3_sitearch}/__pycache__/semanage* +%{_libexecdir}/selinux/semanage_migrate_store + +%changelog +* Tue Feb 15 2022 Petr Lautrbach - 3.3-2 +- optionally rebuild policy when modules are changed externally + +* Fri Oct 22 2021 Petr Lautrbach - 3.3-1 +- SELinux userspace 3.3 release + +* Sun Oct 10 2021 Petr Lautrbach - 3.3-0.rc3.1 +- SELinux userspace 3.3-rc3 release + +* Wed Sep 29 2021 Petr Lautrbach - 3.3-0.rc2.1 +- SELinux userspace 3.3-rc2 release + +* Mon Aug 09 2021 Mohan Boddu - 3.2-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 28 2021 Petr Lautrbach - 3.2-4 +- Rebase on upstream commit 32611aea6543 + +* Fri Apr 16 2021 Mohan Boddu - 3.2-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 8 2021 Petr Lautrbach - 3.2-1 +- SELinux userspace 3.2 release + +* Fri Feb 5 2021 Petr Lautrbach - 3.2-0.rc2.1 +- SELinux userspace 3.2-rc2 release + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 Petr Lautrbach - 3.2-0.rc1.1 +- SELinux userspace 3.2-rc1 release + +* Fri Dec 18 2020 Petr Lautrbach - 3.1-6 +- Drop "genhomedircon: check usepasswd" patch +- genhomedircon to ignore + /root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var by default +- Fix usepasswd=False explanation in semanage.conf + +* Fri Nov 20 2020 Petr Lautrbach - 3.1-5 +- Drop and obsolete libsemanage-compat +- genhomedircon: check usepasswd + +* Fri Oct 30 2020 Petr Lautrbach - 3.1-4 +- Drop deprecated functions and duplicated symbols +- Change library version to libsemanage.so.2 +- Temporary ship -compat with libsemanage.so.1 +- Based on upstream db0f2f382e31 +- Re-enable lto flags + +* Mon Jul 13 2020 Tom Stellard - 3.1-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro +- Use -fno-semantic-interposition and more make macros + +* Fri Jul 10 2020 Petr Lautrbach - 3.1-1 +- SELinux userspace 3.1 release + +* Tue May 26 2020 Miro Hrončok - 3.0-4 +- Rebuilt for Python 3.9 + +* Wed Jan 29 2020 Fedora Release Engineering - 3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jan 22 2020 Ondrej Mosnacek - 3.0-2 +- Enable policy optimization + +* Fri Dec 6 2019 Petr Lautrbach - 3.0-1 +- SELinux userspace 3.0 release + +* Mon Nov 11 2019 Petr Lautrbach - 3.0-0.rc1.1 +- SELinux userspace 3.0-rc1 release candidate + +* Thu Oct 03 2019 Miro Hrončok - 2.9-5 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Sun Aug 18 2019 Zbigniew Jędrzejewski-Szmek - 2.9-4 +- Rebuilt for Python 3.8 + +* Tue Aug 13 2019 Petr Lautrbach - 2.9-3 +- Drop python2-libsemanage (#1738466) + +* Thu Jul 25 2019 Fedora Release Engineering - 2.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Mar 18 2019 Petr Lautrbach - 2.9-1 +- SELinux userspace 2.9 release + +* Mon Mar 11 2019 Petr Lautrbach - 2.9-0.rc2.1 +- SELinux userspace 2.9-rc2 release + +* Fri Feb 01 2019 Fedora Release Engineering - 2.9-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 Petr Lautrbach - 2.9-0.rc1.1 +- SELinux userspace 2.9-rc1 release + +* Mon Jan 21 2019 Petr Lautrbach - 2.8-8 +- Always set errno to 0 before calling getpwent() +- Set selinux policy root around calls to selinux_boolean_sub + +* Mon Dec 10 2018 Petr Lautrbach - 2.8-7 +- genhomedircon - improve handling large groups + +* Tue Nov 13 2018 Petr Lautrbach - 2.8-6 +- Fix RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects + +* Mon Sep 17 2018 Petr Lautrbach - 2.8-5 +- Include user name in ROLE_REMOVE audit events + +* Tue Sep 4 2018 Petr Lautrbach - 2.8-4 +- Reset umask before creating directories (#1186422) + +* Fri Jul 13 2018 Fedora Release Engineering - 2.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 2.8-2 +- Rebuilt for Python 3.7 + +* Fri May 25 2018 Petr Lautrbach - 2.8-1 +- SELinux userspace 2.8 release + +* Mon May 14 2018 Petr Lautrbach - 2.8-0.rc3.1 +- SELinux userspace 2.8-rc3 release candidate + +* Fri May 4 2018 Petr Lautrbach - 2.8-0.rc2.1 +- SELinux userspace 2.8-rc2 release candidate + +* Mon Apr 23 2018 Petr Lautrbach - 2.8-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + +* Wed Mar 21 2018 Petr Lautrbach - 2.7-12 +- build: Replace PYSITEDIR with PYTHONLIBDIR +- direct_api.c: Fix iterating over array (#1557468) + +* Fri Mar 16 2018 Petr Lautrbach - 2.7-11 +- Revert "remove access() check to make setuid programs work" (#1557468) + +* Tue Mar 13 2018 Petr Lautrbach - 2.7-10 +- properly check return value of iterate function +- Use umask(0077) for fopen() write operations +- Return commit number if save-previous false +- Allow tmp files to be kept if a compile fails +- build: follow standard semantics for DESTDIR and PREFIX +- Improve warning for installing disabled module +- silence clang static analyzer report +- remove access() check to make setuid programs work + +* Fri Feb 09 2018 Igor Gnatenko - 2.7-9 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.7-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 2.7-7 +- Switch to %%ldconfig_scriptlets + +* Tue Jan 09 2018 Iryna Shcherbina - 2.7-6 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Wed Nov 22 2017 Petr Lautrbach - 2.7-5 +- free genhomedircon fallback user +- Rebuild with libsepol-2.7-3 and libselinux-2.7-6 + +* Fri Oct 20 2017 Petr Lautrbach - 2.7-4 +- Add support for listing fcontext.homedirs file (#1409813) + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 2.7-3 +- Add Provides for the old names without %%_isa + +* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek - 2.7-2 +- Python 2 binary package renamed to python2-libsemanage + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 +- Python 3 binary package renamed to python3-libsemanage + +* Mon Aug 07 2017 Petr Lautrbach - 2.7-1 +- Update to upstream release 2017-08-04 +- Use 'sefcontext_compile -r' when it's run during SELinux policy build + +* Thu Aug 03 2017 Fedora Release Engineering - 2.6-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Apr 28 2017 Petr Lautrbach - 2.6-4 +- Follow upstream and rename _semanage.so to _semanage.cpython-36m-x86_64-linux-gnu.so + +* Tue Apr 18 2017 Petr Lautrbach - 2.6-3 +- Do not list duplicate port entries after setting a boolean (#1439875) + +* Thu Mar 02 2017 Petr Lautrbach - 2.6-2 +- Fix FTBFS - fatal error (#1427903) + +* Mon Feb 20 2017 Petr Lautrbach - 2.6-1.1 +- Update to upstream release 2016-10-14 + +* Fri Feb 10 2017 Fedora Release Engineering - 2.5-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Dec 09 2016 Charalampos Stratakis - 2.5-9 +- Rebuild for Python 3.6 + +* Mon Oct 03 2016 Petr Lautrbach 2.5-8 +- Fixes bug preventing the installation of base modules +- make distclean target work +- Do not always print a module name warning +- Use pp module name instead of filename when installing module +- tests: Do not force using gcc +- genhomedircon: remove hardcoded refpolicy strings +- genhomedircon: add support for %%group syntax +- genhomedircon: generate contexts for logins mapped to the default user +- Validate and compile file contexts before installing +- Swap tcp and udp protocol numbers + +* Mon Aug 01 2016 Petr Lautrbach 2.5-7 +- Rebuilt with libsepol-2.5-9 and libselinux-2.5-11 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.5-6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Jun 23 2016 Petr Lautrbach - 2.5-5 +- Sort object files for deterministic linking order +- Support overriding Makefile RANLIB +- Respect CC and PKG_CONFIG environment variable + +* Fri May 06 2016 Petr Lautrbach - 2.5-4 +- Fix multiple spelling errors +- genhomedircon: %%{USERID} and %%{USERNAME} support and code cleanup + +* Mon Mar 21 2016 Petr Lautrbach - 2.5-3 +- Enable expand-check by default (#1319652) + +* Sun Feb 28 2016 Petr Lautrbach 2.5-2 +- Use fully versioned arch-specific requires + +* Tue Feb 23 2016 Petr Lautrbach 2.5-1 +- Update to upstream release 2016-02-23 + +* Sun Feb 21 2016 Petr Lautrbach 2.5-0.1.rc1 +- Update to upstream rc1 release 2016-01-07 + +* Thu Feb 04 2016 Fedora Release Engineering - 2.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Nov 04 2015 Robert Kuska - 2.4-5 +- Rebuilt for Python3.5 rebuild + +* Fri Sep 04 2015 Petr Lautrbach 2.4-4 +- Save homedir_template in the policy store for genhomedircon + https://bugs.gentoo.org/558686 + +* Fri Aug 14 2015 Adam Jackson 2.4-3 +- Pass ldflags into the build so hardening works + +* Thu Jul 30 2015 Petr Lautrbach 2.4-2 +- semanage_migrate_store: use /usr/bin/python3 +- move semanage_migrate_store script to libsemanage-python3 + +* Wed Jun 24 2015 Petr Lautrbach 2.4-0.6 +- Allow to use compressed modules without a compression extension + +* Wed Jun 17 2015 Fedora Release Engineering - 2.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 16 2015 Petr Lautrbach 2.4-0.5 +- add /var/lib/selinux/tmp directory + +* Tue May 12 2015 Petr Lautrbach 2.4-0.4 +- semanage_migrate_store: add -r option for migrating inside chroots + +* Mon Apr 13 2015 Petr Lautrbach 2.4-0.3 +- Update to upstream release 2.4 + +* Sun Aug 17 2014 Fedora Release Engineering - 2.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 30 2014 Miroslav Grepl - 2.3-5 +- Skip policy module re-link when only setting booleans. + * patch from Stephen Smalley + +* Fri Jul 18 2014 Tom Callaway - 2.3-4 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kalev Lember - 2.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Tue May 6 2014 Dan Walsh - 2.3-1 +- Update to upstream + * Fix memory leak in semanage_genhomedircon from Thomas Hurd. + +* Sun Mar 30 2014 Dan Walsh - 2.2-3 +- libsemanage: fix memory leak in semanage_genhomedircon +- Patch from THomas Hurd + +* Tue Feb 11 2014 Dan Walsh - 2.2-2 +- Move semanage.conf man page from devel package to main package + +* Thu Oct 31 2013 Dan Walsh - 2.2-1 +- Update to upstream + * Avoid duplicate list entries from Dan Walsh. + * Add audit support to libsemanage from Dan Walsh. + * Remove policy.kern and replace with symlink from Dan Walsh. + * Apply a MAX_UID check for genhomedircon from Laurent Bigonville. + * Fix man pages from Laurent Bigonville. + +* Wed Oct 16 2013 Dan Walsh - 2.1.10-14 +- Cleanup handling of missing mls_range to fix problems with useradd -Z +- Fix auditing of login record changes, roles were not working correctly. +Resolves: #952237 + +* Fri Oct 4 2013 Dan Walsh - 2.1.10-13 +- Fix errors found by coverity +Resolves: #952237 + +* Wed Sep 25 2013 Dan Walsh - 2.1.10-12 +- Do not fail on missing SELinux User Record when adding login record + +* Mon Sep 23 2013 Dan Walsh - 2.1.10-11 +- Add msg to audit records + +* Thu Sep 19 2013 Dan Walsh - 2.1.10-10 +- Do not write error message to screen when looking for previous record for auditing. +- Add mls_range from user record if the MLS range is not specified by the seuser add record. +- Error out if seuser or mls range is not specified when adding user records + +* Mon Sep 9 2013 Dan Walsh - 2.1.10-9 +- Create symlink from policy.kern to active kernel. + +* Fri Sep 6 2013 Dan Walsh - 2.1.10-8 +- Unlink policy.kern when done to save space. + +* Fri Jul 26 2013 Dan Walsh - 2.1.10-7 +- Move handling of role audit records into the library +- Patch stops semanage from removing user record while in use + +* Tue Jul 9 2013 Dan Walsh - 2.1.10-6 +- Remove dependance on selinux-policy, /etc/selinux should be owned by libsemanage, and selinux-policy can require it. + +* Fri Jun 28 2013 Dan Walsh - 2.1.10-5 +- Allways build python3 version + +* Mon Apr 22 2013 Dan Walsh - 2.1.10-4 +- + +* Thu Apr 11 2013 Dan Walsh - 2.1.10-3 +- Fix test suite to build + +* Thu Feb 14 2013 Dan Walsh - 2.1.10-2 +- Revert some changes which are causing the wrong policy version file to be created + +* Thu Feb 7 2013 Dan Walsh - 2.1.10-1 +- Update to upstream + * Add sefcontext_compile to compile regex everytime policy is rebuilt + * Cleanup/fix enable/disable/remove module. + * redo genhomedircon minuid + * fixes from coverity + * semanage_store: do not leak memory in semanage_exec_prog + * genhomedircon: remove useless conditional in get_home_dirs + * genhomedircon: double free in get_home_dirs + * fcontext_record: do not leak on error in semanage_fcontext_key_create + * genhomedircon: do not leak on failure in write_gen_home_dir_context + * semanage_store: do not leak fd + * genhomedircon: do not leak shells list + * semanage_store: do not leak on strdup failure + * semanage_store: rewrite for readability + +* Wed Jan 16 2013 Dan Walsh 2.1.9-4 +- Add selinux-policy as a requires to get /etc/selinux owned + +* Sat Jan 5 2013 Dan Walsh 2.1.9-3 +- Update to latest patches from eparis/Upstream +- libsemanage: fixes from coverity +- libsemange: redo genhomedircon minuid + +* Wed Nov 21 2012 Dan Walsh - 2.1.9-2 +- Fix handling of missing semanage permissive -d foo, not failing correctly +- Previous to this fix the first module beginning with foo would get deleted. + +* Thu Sep 13 2012 Dan Walsh - 2.1.9-1 +- Update to upstream + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + +* Fri Aug 03 2012 David Malcolm - 2.1.8-6 +- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 + +* Wed Aug 1 2012 David Malcolm - 2.1.8-5 +- remove rhel logic from with_python3 conditional + +* Thu Jul 19 2012 Fedora Release Engineering - 2.1.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jul 13 2012 Dan Walsh - 2.1.8-3 +- Attempt to allocate memory for selinux_binary_policy_path and free memory +- allocated by asprintf. + +* Thu Jul 12 2012 Dan Walsh - 2.1.8-2 +- Fix asprintf within an asprintf call + +* Wed Jul 4 2012 Dan Walsh - 2.1.8-1 +- Update to upstream + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + +* Tue May 29 2012 Dan Walsh - 2.1.7-2 +- Apply patch from Sven Vermeulen to fix problem with python3 bindings. + +* Thu Mar 29 2012 Dan Walsh - 2.1.7-1 +- Update to upstream + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +* Wed Feb 15 2012 Dan Walsh - 2.1.6-3 +- Check in correct patch. + +* Fri Jan 13 2012 Fedora Release Engineering - 2.1.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Jan 6 2012 Dan Walsh - 2.1.6-2 +- Add patch form Xin Ouyang to make library use private semanage.conf + +* Wed Dec 21 2011 Dan Walsh - 2.1.6-1 +-Update to upstream + * add ignoredirs config for genhomedircon + * Fallback_user_level can be NULL if you are not using MLS + +* Thu Dec 15 2011 Dan Walsh - 2.1.5-4 +- Rebuild with latest libsepol + +* Thu Dec 15 2011 Dan Walsh - 2.1.5-3 +- Rebuild with latest libsepol + +* Thu Dec 15 2011 Dan Walsh - 2.1.5-2 +- Add support for ignoredirs param in /etc/selinux/semanage.conf + +* Fri Nov 4 2011 Dan Walsh - 2.1.5-1 +- Upgrade to upstream + * regenerate .pc on VERSION change + * maintain mode even if umask is tighter + * semanage.conf man page + * create man5dir if not exist + +* Wed Oct 19 2011 Dan Walsh - 2.1.4-2 +- Fix handling of umask, so files get created with the correct label. + +* Mon Sep 19 2011 Dan Walsh - 2.1.4-2 +- Add Guido Trentalancia semanage.conf man page + +* Mon Sep 19 2011 Dan Walsh - 2.1.4-1 +-Update to upstream + * Create a new preserve_tunables flag + * tree: default make target to all not + * fix semanage_store_access_check calling arguments + +* Wed Sep 14 2011 Dan Walsh - 2.1.3-2 +- Add support for preserving tunables + +* Tue Aug 30 2011 Dan Walsh - 2.1.3-1 +-Update to upstream + * python wrapper makefile changes + +* Thu Aug 18 2011 Dan Walsh - 2.1.2-1 +-Update to upstream +2.1.2 2011-08-17 + * print error debug info for buggy fc + * introduce semanage_set_root and friends + * throw exceptions in python rather than return + * python3 support. + * patch for MCS/MLS in user files + +2.1.1 2011-08-01 + * Remove generated files, expand .gitignore + * Use -Werror and change a few prototypes to support it + +* Thu Jul 28 2011 Dan Walsh - 2.1.0-1 +- Update to upstream + * Release, minor version bump + +* Wed Jun 8 2011 Dan Walsh - 2.0.46-6 +- More fixes for disabled modules + +* Tue Jun 7 2011 Dan Walsh - 2.0.46-5 +- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module +indicating the module is disabled. MODULE.pp.disabled, it will no longer rename the module. This way we can +ship active modules in rpm. + +* Wed Jun 1 2011 Dan Walsh - 2.0.46-4 +- Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.46-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 30 2010 David Malcolm - 2.0.46-2 +- big reworking of the support-multiple-python-builds patch to deal with +PEP 3149: the latest Python 3.2 onwards uses include paths and library names +that don't fit prior naming patterns, and so we must query python3-config for +this information. To complicate things further, python 2's python-config +doesn't understand all of the options needed ("--extension-suffix"). I've +thus added new Makefile variables as needed, to be supplied by the specfile by +invoking the appropriate config tool (or by hardcoding the old value for +"--extension-suffix" i.e. ".so") +- rework python3 manifest for PEP 3149, and rebuild for newer python3 + +* Tue Dec 21 2010 Dan Walsh - 2.0.46-1 +- Update to upstream + * Fix compliation under GCC 4.6 by Justin Mattock + +* Wed Aug 25 2010 Thomas Spura - 2.0.45-6 +- rebuild with python3.2 + http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html + +* Wed Jul 21 2010 David Malcolm - 2.0.45-5 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Apr 27 2010 David Malcolm - 2.0.45-4 +- add python3 subpackage + +* Wed Apr 7 2010 Dan Walsh - 2.0.45-3 +- Fix -devel package to point at the correct shared library + +* Fri Mar 26 2010 Dan Walsh - 2.0.45-2 +- Move shared library to /usr/lib + +* Mon Mar 8 2010 Dan Walsh - 2.0.45-1 +- Update to upstream + * Add enable/disable patch support from Dan Walsh. + * Add usepasswd flag to semanage.conf to disable genhomedircon using + passwd from Dan Walsh. + * regenerate swig wrappers + +* Thu Feb 25 2010 Dan Walsh - 2.0.44-2 +- Allow disable of usepasswd + +* Wed Feb 17 2010 Dan Walsh - 2.0.44-1 +- Update to upstream + * Replace usage of fmemopen() with sepol_policy_file_set_mem() since + glibc < 2.9 does not support binary mode ('b') for fmemopen'd + streams. + +* Thu Jan 28 2010 Dan Walsh - 2.0.43-4 +- Cleanup spec file + +* Mon Jan 18 2010 Dan Walsh - 2.0.43-3 +- Splect libsemanage.a into a static subpackage to keep fedora packaging guidelines happy + +* Wed Dec 16 2009 Dan Walsh - 2.0.43-2 +- Rebuild all c programs with -fPIC + +* Tue Dec 1 2009 Dan Walsh - 2.0.43-1 +- Update to upstream + * Move libsemanage.so to /usr/lib + * Add NAME lines to man pages from Manoj Srivastava + +* Wed Nov 18 2009 Dan Walsh - 2.0.42-1 +- Update to upstream + * Move load_policy from /usr/sbin to /sbin from Dan Walsh. + +* Mon Nov 2 2009 Dan Walsh - 2.0.41-1 +- Update to upstream + * Add pkgconfig file from Eamon Walsh. + * Add semanage_set_check_contexts() function to disable calling + setfiles + +* Mon Sep 28 2009 Dan Walsh - 2.0.39-1 +- Update to upstream + * make swigify + +* Sun Sep 20 2009 Dan Walsh - 2.0.38-2 +- Dont relabel /root with genhomedircon + +* Thu Sep 17 2009 Dan Walsh - 2.0.38-1 +- Update to upstream + * Change semodule upgrade behavior to install even if the module + is not present from Dan Walsh. + * Make genhomedircon trim excess '/' from homedirs from Dan Walsh. + +* Wed Sep 9 2009 Dan Walsh - 2.0.37-1 +- Update to upstream + * Fix persistent dontaudit support to rebuild policy if the + dontaudit state is changed from Chad Sellers. +- Move load_policy to /sbin + +* Fri Aug 28 2009 Dan Walsh - 2.0.36-2 +- Add enable/disable modules + +* Wed Aug 26 2009 Dan Walsh - 2.0.36-1 +- Update to upstream + * Changed bzip-blocksize=0 handling to support existing compressed + modules in the store. + +* Wed Aug 26 2009 Dan Walsh - 2.0.35-2 +- Make sure /root is not used in genhomedircon + +* Wed Aug 5 2009 Dan Walsh - 2.0.35-1 +- Revert hard linking of files between tmp/active/previous. +- Enable configuration of bzip behavior from Stephen Smalley. +- bzip-blocksize=0 to disable compression and decompression support. +- bzip-blocksize=1..9 to set the blocksize for compression. +- bzip-small=true to reduce memory usage for decompression. + +* Sat Jul 25 2009 Fedora Release Engineering - 2.0.33-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 10 2009 Dan Walsh - 2.0.33-2 +- Put check for /root back into genhomedircon + +* Tue Jul 7 2009 Dan Walsh - 2.0.33-1 +- Update to upstream + +* Mon Jun 8 2009 Dan Walsh - 2.0.32-1 +- Update to upstream + * Ruby bindings from David Quigley. + +* Thu Apr 9 2009 Dan Walsh - 2.0.31-5 +- Return error on invalid file + +* Wed Mar 11 2009 Dan Walsh - 2.0.31-4 +- Fix typo + +* Wed Feb 25 2009 Fedora Release Engineering - 2.0.31-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Jan 15 2009 Dan Walsh - 2.0.31-2 +- Fix link to only link on sandbox + +* Mon Jan 12 2009 Dan Walsh - 2.0.31-1 +- Update to upstream + * Policy module compression (bzip) support from Dan Walsh. + * Hard link files between tmp/active/previous from Dan Walsh. + +* Mon Jan 12 2009 Dan Walsh - 2.0.30-3 +- Fix up patch to get it upstreamed + +* Thu Dec 04 2008 Ignacio Vazquez-Abrams - 2.0.30-2 +- Rebuild for Python 2.6 + +* Thu Dec 4 2008 Dan Walsh - 2.0.30-1 +- Add semanage_mls_enabled() interface from Stephen Smalley. + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 2.0.29-2 +- Rebuild for Python 2.6 + +* Mon Sep 15 2008 Dan Walsh - 2.0.28-1 +- Update to upstream + * Add USER to lines to homedir_template context file from Chris PeBenito. + +* Mon Sep 15 2008 Dan Walsh - 2.0.28-2 +- Add compression support + +* Mon Sep 15 2008 Dan Walsh - 2.0.28-1 +- Update to upstream + * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh + +* Wed Sep 10 2008 Dan Walsh - 2.0.27-3 +- Additional fixes for Don't rebuild on fcontext or seuser modifications + +* Tue Sep 2 2008 Dan Walsh - 2.0.27-2 +- Don't rebuild on fcontext or seuser modifications + +* Tue Aug 5 2008 Dan Walsh - 2.0.27-1 +- Update to upstream + * Modify genhomedircon to skip groupname entries. + Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax. + +* Tue Jul 29 2008 Dan Walsh - 2.0.26-1 +- Update to upstream + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +* Tue Jun 17 2008 Dan Walsh - 2.0.25-3 +- Another fix for genhomedircon + +* Wed May 28 2008 Tom "spot" Callaway - 2.0.25-2 +- fix license tag + +* Tue Feb 5 2008 Dan Walsh - 2.0.25-1 +- Update to upstream + * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley. + Fixes semanage boolean -D seg fault (bug 441379). + +* Tue Feb 5 2008 Dan Walsh - 2.0.24-1 +- Update to upstream + * make swigify + +* Tue Feb 5 2008 Dan Walsh - 2.0.23-1 +- Update to upstream + * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. + +* Mon Feb 4 2008 Dan Walsh - 2.0.22-1 +- Update to upstream + * Free policydb before fork from Joshua Brindle. + * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. + +* Sat Feb 2 2008 Dan Walsh - 2.0.20-1 +- Update to upstream + * Use sepol_set_expand_consume_base to reduce peak memory usage when + using semodule + +* Fri Feb 1 2008 Dan Walsh - 2.0.19-1 +- Update to upstream + * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. + +* Tue Jan 29 2008 Dan Walsh - 2.0.18-1 +- Update to upstream + * Fix spurious out of memory error reports. + * Merged second version of fix for genhomedircon handling from Caleb Case. + +* Tue Jan 22 2008 Dan Walsh - 2.0.16-1 +- Update to upstream + * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. + +* Tue Jan 22 2008 Dan Walsh - 2.0.15-2 +- Stop differentiating on user for homedir labeling + +* Thu Dec 6 2007 Dan Walsh - 2.0.15-1 +- Update to upstream + * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. + * Copy the store path in semanage_select_store from Dan Walsh. +- Add expand-check=0 to semanage.conf + +* Mon Dec 3 2007 Dan Walsh - 2.0.14-5 +- Fix handling of /etc/shells so genhomedircon will work + +* Thu Nov 29 2007 Dan Walsh - 2.0.14-3 +- Allow semanage_genhomedircon to work with out a USER int homedir.template + +* Sat Nov 10 2007 Dan Walsh - 2.0.14-2 +- Fix semanage_select_store to allocate memory, fixes crash on invalid store + +* Tue Nov 6 2007 Dan Walsh - 2.0.14-1 +- Upgrade to latest from NSA + * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. + * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. + +* Fri Oct 5 2007 Dan Walsh - 2.0.12-1 +- Upgrade to latest from NSA + * ustr cleanups from James Antill. + * Ensure that /root gets labeled even if using the default context from Dan Walsh. + +* Fri Sep 28 2007 Dan Walsh - 2.0.11-1 +- Upgrade to latest from NSA + * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. + +* Fri Sep 28 2007 Dan Walsh - 2.0.10-2 +- Fix sort order on generated homedir context + +* Fri Sep 28 2007 Dan Walsh - 2.0.10-1 +- Upgrade to latest from NSA + * Fix error checking on getpw*_r functions from Todd Miller. + * Make genhomedircon skip invalid homedir contexts from Todd Miller. + * Set default user and prefix from seusers from Dan Walsh. + * Add swigify Makefile target from Dan Walsh. + +* Wed Sep 26 2007 Dan Walsh - 2.0.9-1 +- Upgrade to latest from NSA + * Pass CFLAGS to CC even on link command, per Dennis Gilmore. + * Clear errno on non-fatal errors to avoid reporting them upon a + later error that does not set errno. + * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. + +- Fix segfault in genhomedircon when using bad user names + +* Wed Sep 26 2007 Dan Walsh - 2.0.6-2 +- Fix genhomedircon code to only generate valid context +- Fixes autorelabel problem + +* Thu Sep 13 2007 Dan Walsh - 2.0.6-1 +- Upgrade to latest from NSA + * Change to use getpw* function calls to the _r versions from Todd Miller. + +* Thu Aug 23 2007 Dan Walsh - 2.0.5-1 +- Upgrade to latest from NSA + +* Mon Aug 20 2007 Dan Walsh - 2.0.4-1 +- Upgrade to latest from NSA + * Allow dontaudits to be turned off via semanage interface when + updating policy + +* Sat Aug 11 2007 Dan Walsh - 2.0.3-5 +- Add ability to load a policy without dontaudit rules +- + +* Tue Jun 26 2007 Dan Walsh - 2.0.3-4 +- Rebuild to fix segfault on x86 platforms, swigify on each build + +* Fri Jun 1 2007 Dan Walsh - 2.0.3-3 +- Rebuild for rawhide + +* Thu May 3 2007 Dan Walsh - 2.0.3-2 +- Apply patch to fix dependencies in spec file from Robert Scheck + +* Wed Apr 25 2007 Dan Walsh - 2.0.3-1 +- Upgrade to latest from NSA + * Fix to libsemanage man patches so whatis will work better from Dan Walsh + +* Wed Apr 25 2007 Dan Walsh - 2.0.2-1 +- Upgrade to latest from NSA +- Merged optimizations from Stephen Smalley. +- do not set all booleans upon commit, only those whose values have changed +- only install the sandbox upon commit if something was rebuilt + +* Sat Mar 17 2007 Dan Walsh - 2.0.1-2 +- Add SELinux to Man page Names so man -k will work + +* Mon Mar 12 2007 Dan Walsh - 2.0.1-1 +- Merged dbase_file_flush patch from Dan Walsh. +- This removes any mention of specific tools (e.g. semanage) +- from the comment header of the auto-generated files, +- since there are multiple front-end tools. + +* Tue Feb 20 2007 Dan Walsh - 2.0.0-1 +- Upgrade to latest from NSA + * Merged Makefile test target patch from Caleb Case. + * Merged get_commit_number function rename patch from Caleb Case. + * Merged strnlen -> strlen patch from Todd Miller. + +* Wed Feb 7 2007 Dan Walsh - 1.10.1-1 +- Upgrade to latest from NSA + * Merged python binding fix from Dan Walsh. + * Updated version for stable branch. + +* Fri Dec 22 2006 Dan Walsh - 1.9.2-1 +- Upgrade to latest from NSA + * Merged patch to optionally reduce disk usage by removing + the backup module store and linked policy from Karl MacMillan + * Merged patch to correctly propagate return values in libsemanage + +* Fri Dec 22 2006 Dan Walsh - 1.9.1-3 +- Apply Karl MacMillan patch to get proper error codes. + +* Thu Dec 7 2006 Jeremy Katz - 1.9.1-2 +- rebuild against python 2.5 + +* Tue Nov 28 2006 Dan Walsh - 1.9.1-1 +- Upgrade to latest from NSA + * Merged patch to compile wit -fPIC instead of -fpic from + Manoj Srivastava to prevent hitting the global offest table + limit. Patch changed to include libselinux and libsemanage in + addition to libsepol. + +* Tue Oct 17 2006 Dan Walsh - 1.8-1 +- Upgrade to latest from NSA + * Updated version for release. + +* Thu Aug 31 2006 Dan Walsh - 1.6.17-1 +- Upgrade to latest from NSA + * Merged patch to skip reload if no active store exists and + the store path doesn't match the active store path from Dan Walsh. + * Merged patch to not destroy sepol handle on error path of + connect from James Athey. + * Merged patch to add genhomedircon path to semanage.conf from + James Athey. + +* Thu Aug 31 2006 Dan Walsh - 1.6.16-3 +- Fix semanage to not load if is not the correct policy type and it is installing + +* Thu Aug 31 2006 Dan Walsh - 1.6.16-2 +- Fix requires lines + +* Wed Aug 23 2006 Dan Walsh - 1.6.16-1 +- Upgrade to latest from NSA + * Make most copy errors fatal, but allow exceptions for + file_contexts.local, seusers, and netfilter_contexts if + the source file does not exist in the store. + +* Sat Aug 12 2006 Dan Walsh - 1.6.15-1 +- Upgrade to latest from NSA + * Merged separate local file contexts patch from Chris PeBenito. + * Merged patch to make most copy errors non-fatal from Dan Walsh. + +* Thu Aug 10 2006 Dan Walsh - 1.6.13-3 +- Change other updates to be non-fatal + +* Wed Aug 9 2006 Dan Walsh - 1.6.13-2 +- Change netfilter stuff to be non-fatal so update can proceed. + +* Thu Aug 3 2006 Dan Walsh - 1.6.13-1 +- Upgrade to latest from NSA + * Merged netfilter contexts support from Chris PeBenito. + +* Mon Jul 17 2006 Dan Walsh - 1.6.12-2 +- Rebuild for new gcc + +* Tue Jul 11 2006 Dan Walsh - 1.6.12-1 +- Upgrade to latest from NSA + * Merged support for read operations on read-only fs from + Caleb Case (Tresys Technology). + +* Tue Jul 4 2006 Dan Walsh - 1.6.11-1 +- Upgrade to latest from NSA + * Lindent. + * Merged setfiles location check patch from Dan Walsh. + +* Fri Jun 16 2006 Dan Walsh - 1.6.9-1 +- Upgrade to latest from NSA + * Merged several fixes from Serge Hallyn: + dbase_file_cache: deref of uninit data on error path. + dbase_policydb_cache: clear fp to avoid double fclose + semanage_fc_sort: destroy temp on error paths + +* Fri Jun 16 2006 Dan Walsh - 1.6.8-2 +- Handle setfiles being in /sbin or /usr/sbin + +* Mon May 15 2006 Dan Walsh - 1.6.8-1 +- Upgrade to latest from NSA + * Updated default location for setfiles to /sbin to + match policycoreutils. This can also be adjusted via + semanage.conf using the syntax: + [setfiles] + path = /path/to/setfiles + args = -q -c $@ $< + [end] + +* Mon May 15 2006 Dan Walsh - 1.6.7-3 +- Spec file cleanup from n0dalus+redhat@gmail.com + +* Mon May 15 2006 Dan Walsh - 1.6.7-2 +- Add /usr/include/semanage to spec file + +* Mon May 8 2006 Dan Walsh - 1.6.7-1 +- Upgrade to latest from NSA + * Merged fix warnings patch from Karl MacMillan. + +* Fri Apr 14 2006 Dan Walsh - 1.6.6-1 +- Upgrade to latest from NSA + * Merged updated file context sorting patch from Christopher + Ashworth, with bug fix for escaped character flag. + * Merged file context sorting code from Christopher Ashworth + (Tresys Technology), based on fc_sort.c code in refpolicy. + * Merged python binding t_output_helper removal patch from Dan Walsh. + * Regenerated swig files. + +* Wed Mar 29 2006 Dan Walsh - 1.6.3-1 +- Fix to work with new version of swig +- Upgrade to latest from NSA + * Merged corrected fix for descriptor leak from Dan Walsh. + +* Wed Mar 29 2006 Dan Walsh - 1.6.2-2 +- Fix leaky descriptor + +* Tue Mar 21 2006 Dan Walsh - 1.6.2-1 +- Upgrade to latest from NSA + * Merged Makefile PYLIBVER definition patch from Dan Walsh. + * Merged man page reorganization from Ivan Gyurdiev. + +* Fri Mar 17 2006 Dan Walsh - 1.6-1 +- Make work on RHEL4 +- Upgrade to latest from NSA + * Merged abort early on merge errors patch from Ivan Gyurdiev. + * Cleaned up error handling in semanage_split_fc based on a patch + by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. + * Merged MLS handling fixes from Ivan Gyurdiev. + +* Fri Feb 17 2006 Dan Walsh - 1.5.28-1 +- Upgrade to latest from NSA + * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. + * Merged base_merge_components changes from Ivan Gyurdiev. + +* Thu Feb 16 2006 Dan Walsh - 1.5.26-1 +- Upgrade to latest from NSA + * Merged paths array patch from Ivan Gyurdiev. + * Merged bug fix patch from Ivan Gyurdiev. + * Merged improve bindings patch from Ivan Gyurdiev. + * Merged use PyList patch from Ivan Gyurdiev. + * Merged memory leak fix patch from Ivan Gyurdiev. + * Merged nodecon support patch from Ivan Gyurdiev. + * Merged cleanups patch from Ivan Gyurdiev. + * Merged split swig patch from Ivan Gyurdiev. + +* Mon Feb 13 2006 Dan Walsh - 1.5.23-1 +- Upgrade to latest from NSA + * Merged optionals in base patch from Joshua Brindle. + * Merged treat seusers/users_extra as optional sections patch from + Ivan Gyurdiev. + * Merged parse_optional fixes from Ivan Gyurdiev. + +* Fri Feb 10 2006 Jesse Keating - 1.5.21-2.1 +- bump again for double-long bug on ppc(64) + +* Fri Feb 10 2006 Dan Walsh - 1.5.21-2 +- Fix handling of seusers and users_map file + +* Tue Feb 07 2006 Dan Walsh - 1.5.21-1 +- Upgrade to latest from NSA + * Merged seuser/user_extra support patch from Joshua Brindle. + * Merged remote system dbase patch from Ivan Gyurdiev. + +* Tue Feb 07 2006 Jesse Keating - 1.5.20-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Thu Feb 2 2006 Dan Walsh 1.5.20-1 +- Upgrade to latest from NSA + * Merged clone record on set_con patch from Ivan Gyurdiev. + +* Mon Jan 30 2006 Dan Walsh 1.5.19-1 +- Upgrade to latest from NSA + * Merged fname parameter patch from Ivan Gyurdiev. + * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. + * Merged seusers.system patch from Ivan Gyurdiev. + * Merged improve port/fcontext API patch from Ivan Gyurdiev. + +* Fri Jan 27 2006 Dan Walsh 1.5.18-1 +- Upgrade to latest from NSA + * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. + * Merged set_create_store, access_check, and is_connected interfaces + from Joshua Brindle. + +* Fri Jan 13 2006 Dan Walsh 1.5.16-1 +- Upgrade to latest from NSA + * Regenerate python wrappers. + +* Fri Jan 13 2006 Dan Walsh 1.5.15-1 +- Upgrade to latest from NSA + * Merged pywrap Makefile diff from Dan Walsh. + * Merged cache management patch from Ivan Gyurdiev. + * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. + * Merged remove apply_local function patch from Ivan Gyurdiev. + * Merged only do read locking in direct case patch from Ivan Gyurdiev. + * Merged cache error path memory leak fix from Ivan Gyurdiev. + * Merged auto-generated file header patch from Ivan Gyurdiev. + * Merged pywrap test update from Ivan Gyurdiev. + * Merged hidden defs update from Ivan Gyurdiev. + +* Fri Jan 13 2006 Dan Walsh 1.5.14-2 +- Break out python out of regular Makefile + +* Fri Jan 13 2006 Dan Walsh 1.5.14-1 +- Upgrade to latest from NSA + * Merged disallow port overlap patch from Ivan Gyurdiev. + * Merged join prereq and implementation patches from Ivan Gyurdiev. + * Merged join user extra data part 2 patch from Ivan Gyurdiev. + * Merged bugfix patch from Ivan Gyurdiev. + * Merged remove add_local/set_local patch from Ivan Gyurdiev. + * Merged user extra data part 1 patch from Ivan Gyurdiev. + * Merged size_t -> unsigned int patch from Ivan Gyurdiev. + * Merged calloc check in semanage_store patch from Ivan Gyurdiev, + bug noticed by Steve Grubb. + * Merged cleanups after add/set removal patch from Ivan Gyurdiev. + +* Sat Jan 7 2006 Dan Walsh 1.5.9-1 +- Upgrade to latest from NSA + * Merged const in APIs patch from Ivan Gyurdiev. + * Merged validation of local file contexts patch from Ivan Gyurdiev. + * Merged compare2 function patch from Ivan Gyurdiev. + * Merged hidden def/proto update patch from Ivan Gyurdiev. + +* Fri Jan 6 2006 Dan Walsh 1.5.8-1 +- Upgrade to latest from NSA + * Re-applied string and file optimization patch from Russell Coker, + with bug fix. + * Reverted string and file optimization patch from Russell Coker. + * Clarified error messages from parse_module_headers and + parse_base_headers for base/module mismatches. + +* Fri Jan 6 2006 Dan Walsh 1.5.6-1 +- Upgrade to latest from NSA + * Clarified error messages from parse_module_headers and + parse_base_headers for base/module mismatches. + * Merged string and file optimization patch from Russell Coker. + * Merged swig header reordering patch from Ivan Gyurdiev. + * Merged toggle modify on add patch from Ivan Gyurdiev. + * Merged ports parser bugfix patch from Ivan Gyurdiev. + * Merged fcontext swig patch from Ivan Gyurdiev. + * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. + * Merged man pages for dbase functions patch from Ivan Gyurdiev. + * Merged pywrap tests patch from Ivan Gyurdiev. + +* Thu Jan 5 2006 Dan Walsh 1.5.4-2 +- Patch to fix add + +* Thu Jan 5 2006 Dan Walsh 1.5.4-1 +- Upgrade to latest from NSA + * Merged patch series from Ivan Gyurdiev. + This includes patches to: + - separate file rw code from linked list + - annotate objects + - fold together internal headers + - support ordering of records in compare function + - add active dbase backend, active booleans + - return commit numbers for ro database calls + - use modified flags to skip rebuild whenever possible + - enable port interfaces + - update swig interfaces and typemaps + - add an API for file_contexts.local and file_contexts + - flip the traversal order in iterate/list + - reorganize sandbox_expand + - add seusers MLS validation + - improve dbase spec/documentation + - clone record on set/add/modify + +* Tue Dec 27 2005 Dan Walsh 1.5.3-3 +- Add Ivans patch to turn on ports + +* Wed Dec 14 2005 Dan Walsh 1.5.3-2 +- Remove patch since upstream does the right thing + +* Wed Dec 14 2005 Dan Walsh 1.5.3-1 +- Upgrade to latest from NSA + * Merged further header cleanups from Ivan Gyurdiev. + * Merged toggle modified flag in policydb_modify, fix memory leak + in clear_obsolete, polymorphism vs headers fix, and include guards + for internal headers patches from Ivan Gyurdiev. + +* Tue Dec 13 2005 Dan Walsh 1.5.1-2 +- Upgrade to latest from NSA + * Merged toggle modified flag in policydb_modify, fix memory leak + in clear_obsolete, polymorphism vs headers fix, and include guards + for internal headers patches from Ivan Gyurdiev. + +* Mon Dec 12 2005 Dan Walsh 1.5.1-1 +- Upgrade to latest from NSA + * Added file-mode= setting to semanage.conf, default to 0644. + Changed semanage_copy_file and callers to use this mode when + installing policy files to runtime locations. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Dec 7 2005 Dan Walsh 1.4-1 +- Fix mode of output seusers file + +* Tue Dec 6 2005 Dan Walsh 1.3.64-1 +- Upgrade to latest from NSA + * Changed semanage_handle_create() to set do_reload based on + is_selinux_enabled(). This prevents improper attempts to + load policy on a non-SELinux system. + +* Mon Dec 5 2005 Dan Walsh 1.3.63-1 +- Upgrade to latest from NSA + * Dropped handle from user_del_role interface. + * Removed defrole interfaces. + +* Tue Nov 29 2005 Dan Walsh 1.3.61-1 +- Upgrade to latest from NSA + * Merged Makefile python definitions patch from Dan Walsh. + * Removed is_selinux_mls_enabled() conditionals in seusers and users + file parsers. + +* Wed Nov 23 2005 Dan Walsh 1.3.59-1 +- Add additional swig objects + * Merged wrap char*** for user_get_roles patch from Joshua Brindle. + * Merged remove defrole from sepol patch from Ivan Gyurdiev. + * Merged swig wrappers for modifying users and seusers from Joshua Brindle. + +* Wed Nov 23 2005 Dan Walsh 1.3.56-2 +- Add additional swig objects + +* Wed Nov 16 2005 Dan Walsh 1.3.56-1 +- Upgrade to latest from NSA + * Fixed free->key_free bug. + * Merged clear obsolete patch from Ivan Gyurdiev. + * Merged modified swigify patch from Dan Walsh + (original patch from Joshua Brindle). + * Merged move genhomedircon call patch from Chad Sellers. + +* Mon Nov 14 2005 Dan Walsh 1.3.53-3 +- Add genhomedircon patch from Joshua Brindle + +* Fri Nov 11 2005 Dan Walsh 1.3.53-2 +- Add swigify patch from Joshua Brindle + +* Fri Nov 11 2005 Dan Walsh 1.3.53-1 +- Upgrade to latest from NSA + * Merged move seuser validation patch from Ivan Gyurdiev. + * Merged hidden declaration fixes from Ivan Gyurdiev, + with minor corrections. + +* Wed Nov 9 2005 Dan Walsh 1.3.52-1 +- Upgrade to latest from NSA + * Merged cleanup patch from Ivan Gyurdiev. + This renames semanage_module_conn to semanage_direct_handle, + and moves sepol handle create/destroy into semanage handle + create/destroy to allow use even when disconnected (for the + record interfaces). + +* Tue Nov 8 2005 Dan Walsh 1.3.51-1 +- Upgrade to latest from NSA + * Clear modules modified flag upon disconnect and commit. + * Added tracking of module modifications and use it to + determine whether expand-time checks should be applied + on commit. + * Reverted semanage_set_reload_bools() interface. + +* Tue Nov 8 2005 Dan Walsh 1.3.48-1 +- Upgrade to latest from NSA + * Disabled calls to port dbase for merge and commit and stubbed + out calls to sepol_port interfaces since they are not exported. + * Merged rename instead of copy patch from Joshua Brindle (Tresys). + * Added hidden_def/hidden_proto for exported symbols used within + libsemanage to eliminate relocations. Wrapped type definitions + in exported headers as needed to avoid conflicts. Added + src/context_internal.h and src/iface_internal.h. + * Added semanage_is_managed() interface to allow detection of whether + the policy is managed via libsemanage. This enables proper handling + in setsebool for non-managed systems. + * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, + to enable runtime control over preserving active boolean values + versus reloading their saved settings upon commit. + +* Mon Nov 7 2005 Dan Walsh 1.3.43-1 +- Upgrade to latest from NSA + * Merged seuser parser resync, dbase tracking and cleanup, strtol + bug, copyright, and assert space patches from Ivan Gyurdiev. + * Added src/*_internal.h in preparation for other changes. + * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and + src/seusers.[hc]. + + +* Thu Nov 3 2005 Dan Walsh 1.3.41-1 +- Upgrade to latest from NSA + * Merged interface parse/print, context_to_string interface change, + move assert_noeof, and order preserving patches from Ivan Gyurdiev. + * Added src/dso.h in preparation for other changes. + * Merged install seusers, handle/error messages, MLS parsing, + and seusers validation patches from Ivan Gyurdiev. + +* Mon Oct 31 2005 Dan Walsh 1.3.39-1 +- Upgrade to latest from NSA + * Merged record interface, dbase flush, common database code, + and record bugfix patches from Ivan Gyurdiev. + +* Fri Oct 28 2005 Dan Walsh 1.3.38-1 +- Upgrade to latest from NSA + * Merged dbase policydb list and count change from Ivan Gyurdiev. + * Merged enable dbase and set relay patches from Ivan Gyurdiev. + +* Thu Oct 27 2005 Dan Walsh 1.3.36-1 +- Update from NSA + * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. + +* Wed Oct 26 2005 Dan Walsh 1.3.35-1 +- Update from NSA + * Merged sepol handle passing, seusers support, and policydb cache + patches from Ivan Gyurdiev. + +* Tue Oct 25 2005 Dan Walsh 1.3.34-1 +- Update from NSA + * Merged resync to sepol changes and booleans fixes/improvements + patches from Ivan Gyurdiev. + * Merged support for genhomedircon/homedir template, store selection, + explicit policy reload, and semanage.conf relocation from Joshua + Brindle. + +* Mon Oct 24 2005 Dan Walsh 1.3.32-1 +- Update from NSA + * Merged resync to sepol changes and transaction fix patches from + Ivan Gyurdiev. + * Merged reorganize users patch from Ivan Gyurdiev. + * Merged remove unused relay functions patch from Ivan Gyurdiev. + +* Fri Oct 21 2005 Dan Walsh 1.3.30-1 +- Update from NSA + * Fixed policy file leaks in semanage_load_module and + semanage_write_module. + * Merged further database work from Ivan Gyurdiev. + * Fixed bug in semanage_direct_disconnect. + +* Thu Oct 20 2005 Dan Walsh 1.3.28-1 +- Update from NSA + * Merged interface renaming patch from Ivan Gyurdiev. + * Merged policy component patch from Ivan Gyurdiev. + * Renamed 'check=' configuration value to 'expand-check=' for + clarity. + * Changed semanage_commit_sandbox to check for and report errors + on rename(2) calls performed during rollback. + * Added optional check= configuration value to semanage.conf + and updated call to sepol_expand_module to pass its value + to control assertion and hierarchy checking on module expansion. + * Merged fixes for make DESTDIR= builds from Joshua Brindle. + +* Tue Oct 18 2005 Dan Walsh 1.3.24-1 +- Update from NSA + * Merged default database from Ivan Gyurdiev. + * Merged removal of connect requirement in policydb backend from + Ivan Gyurdiev. + * Merged commit locking fix and lock rename from Joshua Brindle. + * Merged transaction rollback in lock patch from Joshua Brindle. + * Changed default args for load_policy to be null, as it no longer + takes a pathname argument and we want to preserve booleans. + * Merged move local dbase initialization patch from Ivan Gyurdiev. + * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. + * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. + * Added calls to sepol_policy_file_set_handle interface prior + to invoking sepol operations on policy files. + * Updated call to sepol_policydb_from_image to pass the handle. + + +* Tue Oct 18 2005 Dan Walsh 1.3.20-1 +- Update from NSA + * Changed default args for load_policy to be null, as it no longer + takes a pathname argument and we want to preserve booleans. + * Merged move local dbase initialization patch from Ivan Gyurdiev. + * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. + * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. + * Added calls to sepol_policy_file_set_handle interface prior + to invoking sepol operations on policy files. + * Updated call to sepol_policydb_from_image to pass the handle. + +* Tue Oct 18 2005 Dan Walsh 1.3.20-1 +- Update from NSA + * Merged user and port APIs - policy database patch from Ivan + Gyurdiev. + * Converted calls to sepol link_packages and expand_module interfaces + from using buffers to using sepol handles for error reporting, and + changed direct_connect/disconnect to create/destroy sepol handles. + +* Sat Oct 15 2005 Dan Walsh 1.3.18-1 +- Update from NSA + * Merged bugfix patch from Ivan Gyurdiev. + * Merged seuser database patch from Ivan Gyurdiev. + Merged direct user/port databases to the handle from Ivan Gyurdiev. + * Removed obsolete include/semanage/commit_api.h (leftover). + Merged seuser record patch from Ivan Gyurdiev. + * Merged boolean and interface databases from Ivan Gyurdiev. + +* Fri Oct 14 2005 Dan Walsh 1.3.14-1 +- Update from NSA + * Updated to use get interfaces for hidden sepol_module_package type. + * Changed semanage_expand_sandbox and semanage_install_active + to generate/install the latest policy version supported by libsepol + by default (unless overridden by semanage.conf), since libselinux + will now downgrade automatically for load_policy. + * Merged new callback-based error reporting system and ongoing + database work from Ivan Gyurdiev. + +* Wed Oct 12 2005 Dan Walsh 1.3.11-1 +- Update from NSA + * Fixed semanage_install_active() to use the same logic for + selecting a policy version as semanage_expand_sandbox(). Dropped + dead code from semanage_install_sandbox(). + +* Mon Oct 10 2005 Dan Walsh 1.3.10-1 +- Update from NSA + * Updated for changes to libsepol, and to only use types and interfaces + provided by the shared libsepol. + +* Fri Oct 7 2005 Dan Walsh 1.3.9-1 +- Update from NSA + * Merged further database work from Ivan Gyurdiev. + +* Tue Oct 4 2005 Dan Walsh 1.3.8-1 +- Update from NSA + * Merged iterate, redistribute, and dbase split patches from + Ivan Gyurdiev. + +* Mon Oct 3 2005 Dan Walsh 1.3.7-1 +- Update from NSA + * Merged patch series from Ivan Gyurdiev. + (pointer typedef elimination, file renames, dbase work, backend + separation) + * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. + * Separated handle create from connect interface. + * Added a constructor for initialization. + * Moved up src/include/*.h to src. + * Created a symbol map file; dropped dso.h and hidden markings. + +* Wed Sep 28 2005 Dan Walsh 1.3.5-1 +- Update from NSA + * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. + * Separated handle create from connect interface. + * Added a constructor for initialization. + * Moved up src/include/*.h to src. + * Created a symbol map file; dropped dso.h and hidden markings. + +* Fri Sep 23 2005 Dan Walsh 1.3.4-1 +- Update from NSA + * Merged dbase redesign patch from Ivan Gyurdiev. + +* Wed Sep 21 2005 Dan Walsh 1.3.3-1 +- Update from NSA + * Merged boolean record, stub record handler, and status codes + patches from Ivan Gyurdiev. + +* Tue Sep 20 2005 Dan Walsh 1.3.2-1 +- Update from NSA + * Merged stub iterator functionality from Ivan Gyurdiev. + * Merged interface record patch from Ivan Gyurdiev. + +* Wed Sep 14 2005 Dan Walsh 1.3.1-1 +- Update from NSA + * Merged stub functionality for managing user and port records, + and record table code from Ivan Gyurdiev. + * Updated version for release. + +* Thu Sep 1 2005 Dan Walsh 1.1.6-1 +- Update from NSA + * Merged semod.conf template patch from Dan Walsh (Red Hat), + but restored location to /usr/share/semod/semod.conf. + * Fixed several bugs found by valgrind. + * Fixed bug in prior patch for the semod_build_module_list leak. + * Merged errno fix from Joshua Brindle (Tresys). + * Merged fix for semod_build_modules_list leak on error path + from Serge Hallyn (IBM). Bug found by Coverity. + +* Thu Aug 25 2005 Dan Walsh 1.1.3-1 +- Update from NSA + * Merged errno fix from Joshua Brindle (Tresys). + * Merged fix for semod_build_modules_list leak on error path + from Serge Hallyn (IBM). Bug found by Coverity. + * Merged several fixes from Serge Hallyn (IBM). Bugs found by + Coverity. + * Fixed several other bugs and warnings. + * Merged patch to move module read/write code from libsemanage + to libsepol from Jason Tang (Tresys). + * Merged relay records patch from Ivan Gyurdiev. + * Merged key extract patch from Ivan Gyurdiev. + +- Initial version +- Created by Stephen Smalley