packages/libselinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport upstream patches

Browse Source 
(cherry picked from commit 2d65b8edc7d1afcb021fbac7cc381fbfa33df3c2)
This commit is contained in:
fly_fzc 2024-03-25 19:11:30 +08:00 committed by openeuler-sync-bot
parent fd647a0aef
commit a0ce0a7214
6 changed files with 589 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-libselinux-Fix-ordering-of-arguments-to-calloc.patch Normal file
View File

@ -0,0 +1,42 @@
From dfe30d9d0190ede292078d22ed45a160f331e1b6 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Fri, 5 Jan 2024 15:16:26 -0500
Subject: [PATCH] libselinux: Fix ordering of arguments to calloc
The number of elements should be first and the size of the elements
second.
Signed-off-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/dfe30d9d0190ede292078d22ed45a160f331e1b6
Conflict:path adapt
---
src/audit2why.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/audit2why.c b/src/audit2why.c
index 8c4c07d5..ad846cc3 100644
--- a/src/audit2why.c
+++ b/src/audit2why.c
@@ -148,7 +148,7 @@ static int check_booleans(struct boolean_t **bools)
sepol_bool_free(boolean);
if (fcnt > 0) {
- *bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ *bools = calloc(fcnt + 1, sizeof(struct boolean_t));
if (!*bools) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
free(foundlist);
@@ -226,7 +226,7 @@ static int __policy_init(const char *init_path)
return 1;
}
- avc = calloc(sizeof(struct avc_t), 1);
+ avc = calloc(1, sizeof(struct avc_t));
if (!avc) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
fclose(fp);
--
2.33.0

282
backport-libselinux-enable-usage-with-pedantic-UB-sanitizers.patch Normal file
View File

@ -0,0 +1,282 @@
From 454a9f248ba8f0959a85bf917a7b5b87ab71d1e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:32 +0100
Subject: [PATCH] libselinux: enable usage with pedantic UB sanitizers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Clang's undefined behavior sanitizer supports checking for unsigned
integer overflow and underflow, and implicit conversions. While those
operations are well-defined by the C language they can signal logic
mistakes or processing of unchecked user input.
Annotate functions deliberately making use of integer overflow and adopt
the remaining code sites.
Example reports:
stringrep.c:348:7: runtime error: left shift of 2147483648 by 1 places cannot be represented in type 'access_vector_t' (aka 'unsigned int')
seusers.c:98:14: runtime error: implicit conversion from type 'int' of value -1 (32-bit, signed) to type 'gid_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/454a9f248ba8f0959a85bf917a7b5b87ab71d1e7
Conflict:path and context adapt, label_file.c: del symhash modification
---
src/avc.c | 4 +++-
src/avc_sidtab.c | 1 +
src/label.c | 7 +++++--
src/label_backends_android.c | 4 +++-
src/label_db.c | 3 ++-
src/label_file.c | 6 ++++--
src/label_media.c | 4 +++-
src/label_x.c | 4 +++-
src/selinux_internal.h | 11 +++++++++++
src/seusers.c | 2 +-
src/sha1.c | 3 +++
src/stringrep.c | 4 +++-
12 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/src/avc.c b/src/avc.c
index 5e1c036e..ce87ac16 100644
--- a/src/avc.c
+++ b/src/avc.c
@@ -229,13 +229,15 @@ int avc_open(struct selinux_opt *opts, unsigned nopts)
{
avc_setenforce = 0;
- while (nopts--)
+ while (nopts) {
+ nopts--;
switch(opts[nopts].type) {
case AVC_OPT_SETENFORCE:
avc_setenforce = 1;
avc_enforcing = !!opts[nopts].value;
break;
}
+ }
return avc_init_internal("avc", NULL, NULL, NULL, NULL);
}
diff --git a/src/avc_sidtab.c b/src/avc_sidtab.c
index e396a938..3303537b 100644
--- a/src/avc_sidtab.c
+++ b/src/avc_sidtab.c
@@ -13,6 +13,7 @@
#include "avc_sidtab.h"
#include "avc_internal.h"
+ignore_unsigned_overflow_
static inline unsigned sidtab_hash(const char * key)
{
const char *p;
diff --git a/src/label.c b/src/label.c
index 4a7c6e6d..d2e703ef 100644
--- a/src/label.c
+++ b/src/label.c
@@ -60,7 +60,8 @@ static inline struct selabel_digest *selabel_is_digest_set
{
struct selabel_digest *digest = NULL;
- while (n--) {
+ while (n) {
+ n--;
if (opts[n].type == SELABEL_OPT_DIGEST &&
opts[n].value == (char *)1) {
digest = calloc(1, sizeof(*digest));
@@ -112,9 +113,11 @@ static void selabel_digest_fini(struct selabel_digest *ptr)
static inline int selabel_is_validate_set(const struct selinux_opt *opts,
unsigned n)
{
- while (n--)
+ while (n) {
+ n--;
if (opts[n].type == SELABEL_OPT_VALIDATE)
return !!opts[n].value;
+ }
return 0;
}
diff --git a/src/label_backends_android.c b/src/label_backends_android.c
index 7ddacdbe..33a17236 100644
--- a/src/label_backends_android.c
+++ b/src/label_backends_android.c
@@ -152,7 +152,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
struct stat sb;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch (opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -165,6 +166,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
}
+ }
if (!path)
return -1;
diff --git a/src/label_db.c b/src/label_db.c
index 2daf1770..2ff10b2f 100644
--- a/src/label_db.c
+++ b/src/label_db.c
@@ -263,7 +263,8 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
* the default one. If RDBMS is not SE-PostgreSQL, it may need to
* specify an explicit specfile for database objects.
*/
- while (nopts--) {
+ while (nopts) {
+ nopts--;
switch (opts[nopts].type) {
case SELABEL_OPT_PATH:
path = opts[nopts].value;
diff --git a/src/label_file.c b/src/label_file.c
index 315298b3..3b2bda97 100644
--- a/src/label_file.c
+++ b/src/label_file.c
@@ -801,7 +801,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
int status = -1, baseonly = 0;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch(opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -820,6 +821,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
baseonly = !!opts[n].value;
break;
}
+ }
#if !defined(BUILD_HOST) && !defined(ANDROID)
char subs_file[PATH_MAX + 1];
diff --git a/src/label_media.c b/src/label_media.c
index 4c987988..fad5ea6d 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -80,7 +80,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
struct stat sb;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch(opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -93,6 +94,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
}
+}
/* Open the specification file. */
if (!path)
diff --git a/src/label_x.c b/src/label_x.c
index f332dcb6..bf569ca5 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -107,7 +107,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
struct stat sb;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch(opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -120,6 +121,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
}
+ }
/* Open the specification file. */
if (!path)
diff --git a/src/selinux_internal.h b/src/selinux_internal.h
index af69ff04..b134808e 100644
--- a/src/selinux_internal.h
+++ b/src/selinux_internal.h
@@ -102,4 +102,15 @@ size_t strlcpy(char *dest, const char *src, size_t size);
size_t strlcpy(char *dest, const char *src, size_t size);
#endif
+/* Use to ignore intentional unsigned under- and overflows while running under UBSAN. */
+#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
+#if (__clang_major__ >= 12)
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow", "unsigned-shift-base")))
+#else
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#else
+#define ignore_unsigned_overflow_
+#endif
+
#endif /* SELINUX_INTERNAL_H_ */
diff --git a/src/seusers.c b/src/seusers.c
index 16d69347..5a521f81 100644
--- a/src/seusers.c
+++ b/src/seusers.c
@@ -99,7 +99,7 @@ int require_seusers = 0;
static gid_t get_default_gid(const char *name) {
struct passwd pwstorage, *pwent = NULL;
- gid_t gid = -1;
+ gid_t gid = (gid_t)-1;
/* Allocate space for the getpwnam_r buffer */
long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
if (rbuflen <= 0) return -1;
diff --git a/src/sha1.c b/src/sha1.c
index 9d51e04a..452b0cc2 100644
--- a/src/sha1.c
+++ b/src/sha1.c
@@ -26,6 +26,8 @@
#include "sha1.h"
#include <memory.h>
+#include "selinux_internal.h"
+
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// TYPES
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -62,6 +64,7 @@ typedef union
//
// Hash a single 512-bit block. This is the core of the algorithm
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ignore_unsigned_overflow_
static
void
TransformFunction
diff --git a/src/stringrep.c b/src/stringrep.c
index d2237d1c..1b460224 100644
--- a/src/stringrep.c
+++ b/src/stringrep.c
@@ -337,13 +337,15 @@ void print_access_vector(security_class_t tclass, access_vector_t av)
printf(" {");
- while (av) {
+ for (;;) {
if (av & bit) {
permstr = security_av_perm_to_string(tclass, bit);
if (!permstr)
break;
printf(" %s", permstr);
av &= ~bit;
+ if (!av)
+ break;
}
bit <<= 1;
}
--
2.33.0

43
backport-libselinux-reorder-calloc-3-arguments.patch Normal file
View File

@ -0,0 +1,43 @@
From b18fddef2e0aecb1cfba4cc3e495ea9ba09b49bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 5 Jan 2024 19:35:32 +0100
Subject: [PATCH] libselinux: reorder calloc(3) arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The canonical order of calloc(3) parameters is the number of elements
first and the size of each element second.
Reported by GCC 14:
is_customizable_type.c:43:45: warning: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/b18fddef2e0aecb1cfba4cc3e495ea9ba09b49bd
Conflict:path adapt
---
src/is_customizable_type.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/is_customizable_type.c b/src/is_customizable_type.c
index da301c60..0ae92c8d 100644
--- a/src/is_customizable_type.c
+++ b/src/is_customizable_type.c
@@ -39,9 +39,7 @@ static int get_customizable_type_list(char *** retlist)
}
rewind(fp);
if (ctr) {
- list =
- (char **) calloc(sizeof(char *),
- ctr + 1);
+ list = calloc(ctr + 1, sizeof(char *));
if (list) {
i = 0;
while (fgets_unlocked(buf, selinux_page_size, fp)
--
2.33.0

72
backport-libselinux-use-reentrant-strtok_r-3.patch Normal file
View File

@ -0,0 +1,72 @@
From 82195e77e317d322dd9b5fc31d402462d6845357 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 15 Jan 2024 14:36:01 +0100
Subject: [PATCH] libselinux: use reentrant strtok_r(3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use the reentrant version strtok_r(3) instead of strtok(3) to avoid
potential data races with concurrent threads.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/82195e77e317d322dd9b5fc31d402462d6845357
Conflict:path adapt
---
src/selinux_restorecon.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index 38f10f1c..acb729c8 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
int index = 0, found = 0;
uint64_t nfile = 0;
char *mount_info[4];
- char *buf = NULL, *item;
+ char *buf = NULL, *item, *saveptr;
/* Check to see if the kernel supports seclabel */
if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
@@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void)
while (getline(&buf, &len, fp) != -1) {
found = 0;
index = 0;
- item = strtok(buf, " ");
+ saveptr = NULL;
+ item = strtok_r(buf, " ", &saveptr);
while (item != NULL) {
mount_info[index] = item;
index++;
if (index == 4)
break;
- item = strtok(NULL, " ");
+ item = strtok_r(NULL, " ", &saveptr);
}
if (index < 4) {
selinux_log(SELINUX_ERROR,
@@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void)
/* Remove pre-existing entry */
remove_exclude(mount_info[1]);
- item = strtok(mount_info[3], ",");
+ saveptr = NULL;
+ item = strtok_r(mount_info[3], ",", &saveptr);
while (item != NULL) {
if (strcmp(item, "seclabel") == 0) {
found = 1;
nfile += file_system_count(mount_info[1]);
break;
}
- item = strtok(NULL, ",");
+ item = strtok_r(NULL, ",", &saveptr);
}
/* Exclude mount points without the seclabel option */
--
2.33.0

140
backport-libselinux-utils-free-allocated-resources.patch Normal file
View File

@ -0,0 +1,140 @@
From 1d5c3b7204b418710a257b80feaae04527585546 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:25 +0100
Subject: [PATCH] libselinux/utils: free allocated resources
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Remove noise while running with sanitizers or under valgrind.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/1d5c3b7204b418710a257b80feaae04527585546
Conflict:path and context adapt
---
utils/getconlist.c | 10 +++++++---
utils/getdefaultcon.c | 20 +++++++++++++++++---
utils/selinuxexeccon.c | 1 +
3 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/utils/getconlist.c b/utils/getconlist.c
index 92f6a793..1ff05209 100644
--- a/utils/getconlist.c
+++ b/utils/getconlist.c
@@ -19,8 +19,9 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
int main(int argc, char **argv)
{
- char **list, *cur_context = NULL;
- char *user = NULL, *level = NULL;
+ char **list;
+ const char *cur_context, *user;
+ char *cur_con = NULL, *level = NULL;
int ret, i, opt;
while ((opt = getopt(argc, argv, "l:")) > 0) {
@@ -54,11 +55,12 @@ int main(int argc, char **argv)
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
- if (getcon(&cur_context) < 0) {
+ if (getcon(&cur_con) < 0) {
fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
free(level);
return 2;
}
+ cur_context = cur_con;
} else {
cur_context = argv[optind + 1];
if (security_check_context(cur_context) != 0) {
@@ -82,10 +84,12 @@ int main(int argc, char **argv)
} else {
fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n",
level ? "_with_level" : "", errno, strerror(errno));
+ free(cur_con);
free(level);
return 4;
}
+ free(cur_con);
free(level);
return 0;
diff --git a/utils/getdefaultcon.c b/utils/getdefaultcon.c
index 50f1ea91..67c84f94 100644
--- a/utils/getdefaultcon.c
+++ b/utils/getdefaultcon.c
@@ -19,8 +19,9 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
int main(int argc, char **argv)
{
- char * usercon = NULL, *cur_context = NULL;
- char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ const char *cur_context, *user;
+ char *usercon = NULL, *cur_con = NULL;
+ char *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
char *service = NULL;
int ret, opt;
int verbose = 0;
@@ -54,6 +55,9 @@ int main(int argc, char **argv)
if (!is_selinux_enabled()) {
fprintf(stderr,
"%s may be used only on a SELinux kernel.\n", argv[0]);
+ free(level);
+ free(role);
+ free(service);
return 1;
}
@@ -61,15 +65,23 @@ int main(int argc, char **argv)
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
- if (getcon(&cur_context) < 0) {
+ if (getcon(&cur_con) < 0) {
fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
+ free(level);
+ free(role);
+ free(service);
return 2;
}
+ cur_context = cur_con;
} else
cur_context = argv[optind + 1];
if (security_check_context(cur_context)) {
fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
+ free(cur_con);
+ free(level);
+ free(role);
+ free(service);
return 3;
}
@@ -101,6 +113,8 @@ out:
if (level != dlevel) free(level);
free(dlevel);
free(usercon);
+ free(cur_con);
+ free(service);
return ret >= 0;
}
diff --git a/utils/selinuxexeccon.c b/utils/selinuxexeccon.c
index 66754b6a..463bf5aa 100644
--- a/utils/selinuxexeccon.c
+++ b/utils/selinuxexeccon.c
@@ -45,6 +45,7 @@ int main(int argc, char **argv)
con = strdup(argv[2]);
if (security_check_context(con)) {
fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
+ free(con);
return -1;
}
}
--
2.33.0

11
libselinux.spec
View File

@ -3,13 +3,19 @@
Name: libselinux
Version: 3.5
Release: 2
Release: 3
License: Public Domain
Summary: SELinux library and simple utilities
Url: https://github.com/SELinuxProject/selinux/wiki
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz
Patch0001: backport-libselinux-add-check-for-calloc-in-check_booleans.patch
Patch0002: backport-libselinux-utils-free-allocated-resources.patch
Patch0003: backport-libselinux-enable-usage-with-pedantic-UB-sanitizers.patch
Patch0004: backport-libselinux-reorder-calloc-3-arguments.patch
Patch0005: backport-libselinux-Fix-ordering-of-arguments-to-calloc.patch
Patch0006: backport-libselinux-use-reentrant-strtok_r-3.patch
Patch9000: do-malloc-trim-after-load-policy.patch
BuildRequires: gcc python3-devel systemd swig pcre2-devel xz-devel
@ -129,6 +135,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%{_mandir}/ru/man8/*
%changelog
* Mon Mar 25 2024 fuanan <fuanan3@h-partners.com> - 3.5-3
- backport upstream patches
* Tue Jul 25 2023 luhuaxin <luhuaxin1@huawei.com> - 3.5-2
- add check for calloc in check_booleans
- fix python build issue