diff --git a/backport-libsepol-add-missing-oom-checks.patch b/backport-libsepol-add-missing-oom-checks.patch new file mode 100644 index 0000000000000000000000000000000000000000..67d7ed3661a2de44ff55a0f8f2abe379a737c4f6 --- /dev/null +++ b/backport-libsepol-add-missing-oom-checks.patch @@ -0,0 +1,112 @@ +From 0233e4f6d59a96b759e32661a20be4bbadb374a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Thu, 31 Mar 2022 16:44:52 +0200 +Subject: [PATCH] libsepol: add missing oom checks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check return values of memory allocation functions and propagate their +failure. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/src/kernel_to_cil.c | 9 +++++++++ + libsepol/src/kernel_to_conf.c | 4 ++++ + libsepol/src/module_to_cil.c | 11 +++++++++++ + libsepol/src/policydb.c | 3 ++- + 4 files changed, 26 insertions(+), 1 deletion(-) + +diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c +index 869f69407..9128ac553 100644 +--- a/libsepol/src/kernel_to_cil.c ++++ b/libsepol/src/kernel_to_cil.c +@@ -190,6 +190,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr + } + if (!names) { + names = strdup("NO_IDENTIFIER"); ++ if (!names) { ++ sepol_log_err("Out of memory"); ++ goto exit; ++ } + } + if (strchr(names, ' ')) { + new_val = create_str("(%s %s (%s))", 3, op, attr1, names); +@@ -568,6 +572,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str, + } else { + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); + sid = strdup(unknown); ++ if (!sid) { ++ sepol_log_err("Out of memory"); ++ rc = -1; ++ goto exit; ++ } + } + rc = strs_add_at_index(strs, sid, i); + if (rc != 0) { +diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c +index 3544f73d2..63dffd9b4 100644 +--- a/libsepol/src/kernel_to_conf.c ++++ b/libsepol/src/kernel_to_conf.c +@@ -187,6 +187,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr + } + if (!names) { + names = strdup("NO_IDENTIFIER"); ++ if (!names) { ++ sepol_log_err("Out of memory"); ++ goto exit; ++ } + } + if (strchr(names, ' ')) { + new_val = create_str("%s %s { %s }", 3, attr1, op, names); +diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c +index c9e88f1e0..f2e8aff03 100644 +--- a/libsepol/src/module_to_cil.c ++++ b/libsepol/src/module_to_cil.c +@@ -393,6 +393,8 @@ static int typealias_list_create(struct policydb *pdb) + } + + typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists)); ++ if (!typealias_lists) ++ goto exit; + typealias_lists_len = max_decl_id + 1; + + rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb); +@@ -1792,6 +1794,10 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp + } + if (num_names == 0) { + names = strdup("NO_IDENTIFIER"); ++ if (!names) { ++ rc = -1; ++ goto exit; ++ } + } else { + rc = name_list_to_string(name_list, num_names, &names); + if (rc != 0) { +@@ -2556,6 +2562,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_ + goto exit; + } + item->sid_key = strdup(sid); ++ if (!item->sid_key) { ++ log_err("Out of memory"); ++ rc = -1; ++ goto exit; ++ } + item->next = head; + head = item; + } +diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c +index fc71463e6..5c7e35e85 100644 +--- a/libsepol/src/policydb.c ++++ b/libsepol/src/policydb.c +@@ -1252,7 +1252,8 @@ int policydb_index_others(sepol_handle_t * handle, + if (!p->type_val_to_struct) + return -1; + +- cond_init_bool_indexes(p); ++ if (cond_init_bool_indexes(p)) ++ return -1; + + for (i = SYM_ROLES; i < SYM_NUM; i++) { + free(p->sym_val_to_name[i]); diff --git a/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch b/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch new file mode 100644 index 0000000000000000000000000000000000000000..2d7f0413a29e3a7217449965034c669c03fa9021 --- /dev/null +++ b/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch @@ -0,0 +1,32 @@ +From f505a73b06302ba5e84f8c56851121d4a410c1ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 10 Jun 2022 17:06:23 +0200 +Subject: [PATCH] libsepol: avoid potential NULL dereference on optional + parameter +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The parameter `reason` of `context_struct_compute_av()` is optional and +can be passed in as NULL, like from `type_attribute_bounds_av()`. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/src/services.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsepol/src/services.c b/libsepol/src/services.c +index d7510e9da..24412d837 100644 +--- a/libsepol/src/services.c ++++ b/libsepol/src/services.c +@@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext, + /* mask violated permissions */ + avd->allowed &= ~masked; + +- *reason |= SEPOL_COMPUTEAV_BOUNDS; ++ if (reason) ++ *reason |= SEPOL_COMPUTEAV_BOUNDS; + } + + /* diff --git a/backport-libsepol-check-correct-pointer-for-oom.patch b/backport-libsepol-check-correct-pointer-for-oom.patch new file mode 100644 index 0000000000000000000000000000000000000000..20f8e17c9ac11fa6194308ede4fddaf680ca02c2 --- /dev/null +++ b/backport-libsepol-check-correct-pointer-for-oom.patch @@ -0,0 +1,34 @@ +From 68a29c3aee60a6dd4e0d435fc10adb0f2cc1c0ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 8 Apr 2022 15:10:51 +0200 +Subject: [PATCH] libsepol: check correct pointer for oom +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check the actual pointer which memory was assigned to, not its parent +array pointer. + + services.c:810:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign] + **r_buf = **new_buf; + ^ ~~~~~~~~~ + +Acked-by: James Carter +Signed-off-by: Christian Göttsche +--- + libsepol/src/services.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsepol/src/services.c b/libsepol/src/services.c +index 47e564df4..d7510e9da 100644 +--- a/libsepol/src/services.c ++++ b/libsepol/src/services.c +@@ -803,7 +803,7 @@ static int constraint_expr_eval_reason(context_struct_t *scontext, + if (len < 0 || len >= reason_buf_len - reason_buf_used) { + new_buf_len = reason_buf_len + REASON_BUF_SIZE; + *new_buf = realloc(*r_buf, new_buf_len); +- if (!new_buf) { ++ if (!*new_buf) { + ERR(NULL, "failed to realloc reason buffer"); + goto out1; + } diff --git a/backport-libsepol-do-not-modify-policy-during-write.patch b/backport-libsepol-do-not-modify-policy-during-write.patch new file mode 100644 index 0000000000000000000000000000000000000000..c2f03664f59f1447de8ae4f36d31278bc381b30a --- /dev/null +++ b/backport-libsepol-do-not-modify-policy-during-write.patch @@ -0,0 +1,49 @@ +From 2651989d3b94dd15459fbef4384f114b24850665 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Thu, 30 Jun 2022 19:03:01 +0200 +Subject: [PATCH] libsepol: do not modify policy during write +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not modify the in memory default_range value of a class datum while +writing a policy. + +While on it fix indentation. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/src/write.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/libsepol/src/write.c b/libsepol/src/write.c +index 48ed21ea6..a9fdf93a8 100644 +--- a/libsepol/src/write.c ++++ b/libsepol/src/write.c +@@ -1097,16 +1097,18 @@ static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) + p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || + (p->policy_type == POLICY_BASE && + p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { ++ char default_range = cladatum->default_range; ++ + buf[0] = cpu_to_le32(cladatum->default_user); + buf[1] = cpu_to_le32(cladatum->default_role); +- if (!glblub_version && cladatum->default_range == DEFAULT_GLBLUB) { ++ if (!glblub_version && default_range == DEFAULT_GLBLUB) { + WARN(fp->handle, +- "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding", +- p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers, +- p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB); +- cladatum->default_range = 0; +- } +- buf[2] = cpu_to_le32(cladatum->default_range); ++ "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding", ++ p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers, ++ p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB); ++ default_range = 0; ++ } ++ buf[2] = cpu_to_le32(default_range); + items = put_entry(buf, sizeof(uint32_t), 3, fp); + if (items != 3) + return POLICYDB_ERROR; diff --git a/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch b/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch new file mode 100644 index 0000000000000000000000000000000000000000..139e2095ed6bbd6ef085398162882df1ceb88829 --- /dev/null +++ b/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch @@ -0,0 +1,113 @@ +From 65b3f695be306ad8f525d4db2befd55336bd0a09 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Wed, 13 Jul 2022 15:43:43 +0200 +Subject: [PATCH] libsepol: enclose macro parameters and replacement lists in + parentheses +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/include/sepol/errcodes.h | 13 ++++++------- + libsepol/include/sepol/policydb/policydb.h | 10 +++++----- + libsepol/src/kernel_to_cil.c | 2 +- + libsepol/src/module_to_cil.c | 2 +- + libsepol/src/util.c | 2 +- + 5 files changed, 14 insertions(+), 15 deletions(-) + +diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h +index 6e9ff3161..e5fe71e36 100644 +--- a/libsepol/include/sepol/errcodes.h ++++ b/libsepol/include/sepol/errcodes.h +@@ -16,15 +16,14 @@ extern "C" { + * codes that don't map to system error codes should be defined + * outside of the range of system error codes. + */ +-#define SEPOL_ERR -1 +-#define SEPOL_ENOTSUP -2 /* feature not supported in module language */ +-#define SEPOL_EREQ -3 /* requirements not met */ ++#define SEPOL_ERR (-1) ++#define SEPOL_ENOTSUP (-2) /* feature not supported in module language */ ++#define SEPOL_EREQ (-3) /* requirements not met */ + + /* Error codes that map to system error codes */ +-#define SEPOL_ENOMEM -ENOMEM +-#define SEPOL_ERANGE -ERANGE +-#define SEPOL_EEXIST -EEXIST +-#define SEPOL_ENOENT -ENOENT ++#define SEPOL_ENOMEM (-ENOMEM) ++#define SEPOL_EEXIST (-EEXIST) ++#define SEPOL_ENOENT (-ENOENT) + + #ifdef __cplusplus + } +diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h +index de0068a6c..ef1a014a5 100644 +--- a/libsepol/include/sepol/policydb/policydb.h ++++ b/libsepol/include/sepol/policydb/policydb.h +@@ -251,9 +251,9 @@ typedef struct class_perm_node { + struct class_perm_node *next; + } class_perm_node_t; + +-#define xperm_test(x, p) (UINT32_C(1) & (p[x >> 5] >> (x & 0x1f))) +-#define xperm_set(x, p) (p[x >> 5] |= (UINT32_C(1) << (x & 0x1f))) +-#define xperm_clear(x, p) (p[x >> 5] &= ~(UINT32_C(1) << (x & 0x1f))) ++#define xperm_test(x, p) (UINT32_C(1) & ((p)[(x) >> 5] >> ((x) & 0x1f))) ++#define xperm_set(x, p) ((p)[(x) >> 5] |= (UINT32_C(1) << ((x) & 0x1f))) ++#define xperm_clear(x, p) ((p)[(x) >> 5] &= ~(UINT32_C(1) << ((x) & 0x1f))) + #define EXTENDED_PERMS_LEN 8 + + typedef struct av_extended_perms { +@@ -795,9 +795,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform); + + #define policydb_has_boundary_feature(p) \ + (((p)->policy_type == POLICY_KERN \ +- && p->policyvers >= POLICYDB_VERSION_BOUNDARY) || \ ++ && (p)->policyvers >= POLICYDB_VERSION_BOUNDARY) || \ + ((p)->policy_type != POLICY_KERN \ +- && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY)) ++ && (p)->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY)) + + /* the config flags related to unknown classes/perms are bits 2 and 3 */ + #define DENY_UNKNOWN SEPOL_DENY_UNKNOWN +diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c +index 9128ac553..5a1336a33 100644 +--- a/libsepol/src/kernel_to_cil.c ++++ b/libsepol/src/kernel_to_cil.c +@@ -1626,7 +1626,7 @@ static int write_type_permissive_rules_to_cil(FILE *out, struct policydb *pdb) + return rc; + } + +-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p)) ++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p)) + + static char *xperms_to_str(avtab_extended_perms_t *xperms) + { +diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c +index b35bf055f..b900290a7 100644 +--- a/libsepol/src/module_to_cil.c ++++ b/libsepol/src/module_to_cil.c +@@ -624,7 +624,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const + return rc; + } + +-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p)) ++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p)) + + static int xperms_to_cil(const av_extended_perms_t *xperms) + { +diff --git a/libsepol/src/util.c b/libsepol/src/util.c +index 1cd1308d1..0a2edc852 100644 +--- a/libsepol/src/util.c ++++ b/libsepol/src/util.c +@@ -124,7 +124,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass, + return avbuf; + } + +-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p)) ++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p)) + + char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms) + { diff --git a/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch b/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch new file mode 100644 index 0000000000000000000000000000000000000000..d673654c5d46b2e54ed8007daf2fd82ed0f06c29 --- /dev/null +++ b/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch @@ -0,0 +1,30 @@ +From eca72d8e47ac8b962f87c46aa77fb893aa0df0f8 Mon Sep 17 00:00:00 2001 +From: Juraj Marcin +Date: Thu, 25 Aug 2022 15:27:18 +0200 +Subject: [PATCH] libsepol: fix missing double quotes in typetransition CIL + rule + +CIL Reference Guide defines typetransition rule with double quotes +around object name, but those are not present in the format string. + +This patch fixes this issue, so the CIL output produced by +sepol_kernel_policydb_to_cil() is in the correct format. + +Signed-off-by: Juraj Marcin +--- + libsepol/src/kernel_to_cil.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c +index 5a1336a330..ad4121d50a 100644 +--- a/libsepol/src/kernel_to_cil.c ++++ b/libsepol/src/kernel_to_cil.c +@@ -1894,7 +1894,7 @@ static int map_filename_trans_to_str(hashtab_key_t key, void *data, void *arg) + ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { + src = pdb->p_type_val_to_name[bit]; + rc = strs_create_and_add(strs, +- "(typetransition %s %s %s %s %s)", ++ "(typetransition %s %s %s \"%s\" %s)", + 5, src, tgt, class, filename, new); + if (rc) + return rc; diff --git a/backport-libsepol-rename-validate_policydb-to-policydb_validate.patch b/backport-libsepol-rename-validate_policydb-to-policydb_validate.patch new file mode 100644 index 0000000000000000000000000000000000000000..c35f55c31178698ba92716d42ce5232f6fff9c33 --- /dev/null +++ b/backport-libsepol-rename-validate_policydb-to-policydb_validate.patch @@ -0,0 +1,58 @@ +From 938530171bcfbd0175b819eaa05960e9f4568ac0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Thu, 21 Jul 2022 17:24:40 +0200 +Subject: [PATCH] libsepol: rename validate_policydb to policydb_validate +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Most global functions operating on a policy database use policydb as +prefix. + +Since this function is not exported there should not be any external +use. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/src/policydb.c | 2 +- + libsepol/src/policydb_validate.c | 2 +- + libsepol/src/policydb_validate.h | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c +index fc260eb66..8a65df053 100644 +--- a/libsepol/src/policydb.c ++++ b/libsepol/src/policydb.c +@@ -4570,7 +4570,7 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) + } + } + +- if (validate_policydb(fp->handle, p)) ++ if (policydb_validate(fp->handle, p)) + goto bad; + + return POLICYDB_SUCCESS; +diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c +index 99d4eb7f6..e1dad2362 100644 +--- a/libsepol/src/policydb_validate.c ++++ b/libsepol/src/policydb_validate.c +@@ -1330,7 +1330,7 @@ static void validate_array_destroy(validate_t flavors[]) + /* + * Validate policydb + */ +-int validate_policydb(sepol_handle_t *handle, policydb_t *p) ++int policydb_validate(sepol_handle_t *handle, policydb_t *p) + { + validate_t flavors[SYM_NUM] = {}; + +diff --git a/libsepol/src/policydb_validate.h b/libsepol/src/policydb_validate.h +index d9f7229bf..b7f9f1913 100644 +--- a/libsepol/src/policydb_validate.h ++++ b/libsepol/src/policydb_validate.h +@@ -4,4 +4,4 @@ + #include + + int value_isvalid(uint32_t value, uint32_t nprim); +-int validate_policydb(sepol_handle_t *handle, policydb_t *p); ++int policydb_validate(sepol_handle_t *handle, policydb_t *p); diff --git a/libsepol.spec b/libsepol.spec index fd7bc7c405cfec01931dff35b2ae9f89ff71b034..9706ff4589a755dc86f2ef658d810053d176eb6e 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,11 +1,19 @@ Name: libsepol Version: 3.3 -Release: 3 +Release: 4 Summary: SELinux binary policy manipulation library License: LGPLv2+ URL: https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Patch0001: backport-libsepol-add-missing-oom-checks.patch +Patch0002: backport-libsepol-check-correct-pointer-for-oom.patch +Patch0003: backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch +Patch0004: backport-libsepol-do-not-modify-policy-during-write.patch +Patch0005: backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch +Patch0006: backport-libsepol-rename-validate_policydb-to-policydb_validate.patch +Patch0007: backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch + BuildRequires: gcc flex %description @@ -64,6 +72,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install %{_mandir}/man3/* %changelog +* Mon Dec 5 2022 jinlun - 3.3-4 +- backport upstream patches + * Tue Oct 18 2022 jinlun - 3.3-3 - Rebuild for new release number