From patchwork Fri Sep 23 09:23:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Lautrbach X-Patchwork-Id: 9347847 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7233E607F2 for ; Fri, 23 Sep 2016 09:25:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 600AC2A950 for ; Fri, 23 Sep 2016 09:25:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5382F2A95F; Fri, 23 Sep 2016 09:25:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1DB892A950 for ; Fri, 23 Sep 2016 09:25:24 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,381,1470700800"; d="scan'208";a="17893312" IronPort-PHdr: =?us-ascii?q?9a23=3A8G+cOBWoa3xPfSnsDM+bHPGzZKbV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhGHt8tkgFKBZ4jH8fUM07OQ6PG6HzRfqs/b+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?= =?us-ascii?q?K/jvHcaK1oLshrr0o8KYOl8ArQH+SIs6FA+xowTVu5teqqpZAYF19CH0pGBVcf?= =?us-ascii?q?9d32JiKAHbtR/94sCt4MwrqHwI6Loc7coIbYHWN+R9FOQZX3waNDUu6cnqswTT?= =?us-ascii?q?ZRee7XsbFGMNm1xHBBaWwgv9W8LJvzfg/s50xTWAN8T9TfhgQTCr8rtxQhbAki?= =?us-ascii?q?oLNzcltmrQj5oj3+pgvBu9qkknkMbva4aPOa87J/vQ?= X-IPAS-Result: =?us-ascii?q?A2EtBQAZ9ORX/wHyM5BdHgYMgzsBAQEBAR6BU7p2IIV7gWZ?= =?us-ascii?q?MAQEBAQEBAQECAQJbJ4IyBAMTBYIYAiQTFCAOAwkCFykICAMBLRUfCwUYBIgqv?= =?us-ascii?q?SIlhjeGIoJGAhEBhXoFjjSLQY9oAoFsiA8MhWACkGZUgxkcgVJwhEkPF2GBJwE?= =?us-ascii?q?BAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Sep 2016 09:25:22 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8N9Nd3d026983; Fri, 23 Sep 2016 05:23:51 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8N9Ncbb168326 for ; Fri, 23 Sep 2016 05:23:38 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8N9NcwH026981 for ; Fri, 23 Sep 2016 05:23:38 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BUAQCb8+RXhxy3hNFdHQEFAQsBgzsBAQEBAYFxpSiCBQGPPIQTFIYKgVxMAQIBAQEBAQITAQEBCgsJCRmFPlKBUYhLvUiGN4YigkaGDgWONItBj2gCgWyIG4VgApBmgx1QEQuBUjw0hEmCLgEBAQ X-IPAS-Result: A1BUAQCb8+RXhxy3hNFdHQEFAQsBgzsBAQEBAYFxpSiCBQGPPIQTFIYKgVxMAQIBAQEBAQITAQEBCgsJCRmFPlKBUYhLvUiGN4YigkaGDgWONItBj2gCgWyIG4VgApBmgx1QEQuBUjw0hEmCLgEBAQ X-IronPort-AV: E=Sophos;i="5.30,381,1470715200"; d="scan'208";a="5724439" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 23 Sep 2016 05:23:36 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AAJSANxB6qNCf52Wlg9lgUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP74osbcNUDSrc9gkEXOFd2CrakV0ayO7Ou5AyQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09?= =?us-ascii?q?fr2zQd+IyZzonLnos7ToICxwzAKnZr1zKBjk5S7wjeIxxbVYF6Aq1xHSqWFJce?= =?us-ascii?q?kFjUlhJFaUggqurpzopM0roGxsvKc6+spBV7jqV7gpRrxfSjI9OiY649O4mwPE?= =?us-ascii?q?SF6362cGGkEfjwZSCQHO7FmuRpP4rzfgvONVwiSWPcTqC7szXGLxvO9QVBb0hX?= =?us-ascii?q?JfZHYC+2bNh5kogQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EAAgAZ9ORXhxy3hNFdHQEFAQsBFwEBF?= =?us-ascii?q?gEBCwEBgn0BAQEBAYFxpSiCBQGPPIQTFIYKgVxMAQEBAQEBAQECAQIQAQEBCgs?= =?us-ascii?q?JCRkvgjIYgkVSgVGIS71HhjeGIoJGhg4FjjSLQY9oAoFsiBuFYAKQZoNtEQuBU?= =?us-ascii?q?jw0hEmCLgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0EAAgAZ9ORXhxy3hNFdHQEFAQsBFwEBFgEBCwEBgn0BAQE?= =?us-ascii?q?BAYFxpSiCBQGPPIQTFIYKgVxMAQEBAQEBAQECAQIQAQEBCgsJCRkvgjIYgkVSg?= =?us-ascii?q?VGIS71HhjeGIoJGhg4FjjSLQY9oAoFsiBuFYAKQZoNtEQuBUjw0hEmCLgEBAQ?= X-IronPort-AV: E=Sophos;i="5.30,381,1470700800"; d="scan'208";a="17893295" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Sep 2016 09:23:30 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C2E37C05490D for ; Fri, 23 Sep 2016 09:23:29 +0000 (UTC) Received: from rhel-at-redhat.localdomain.com ([10.40.2.167]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u8N9NSpp019156; Fri, 23 Sep 2016 05:23:28 -0400 From: Petr Lautrbach To: selinux@tycho.nsa.gov Subject: [PATCH] libsemanage: use pp module headers as a source for a module name Date: Fri, 23 Sep 2016 11:23:20 +0200 Message-Id: <1474622600-22721-1-git-send-email-plautrba@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 23 Sep 2016 09:23:29 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When a user installs a module, the filename is used as the module name. This change was introduced with CIL language where a module name is not stored in the module itself. It means that when a pp module has different filename and stored module name, the filename is used instead of the stored module name. It brings problems with compatibility for scripts and modules which were built and used on older system and were migrated to the new userspace. This patch changes the behavior of semanage_direct_install_file() which is used by 'semodule -i' so that when a module with pp language extension is installed, it tries to get and use a stored module name instead of a filename. Signed-off-by: Petr Lautrbach --- libsemanage/src/direct_api.c | 62 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 2187b65..f98d3d1 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -363,6 +363,48 @@ static int semanage_direct_begintrans(semanage_handle_t * sh) /********************* utility functions *********************/ +/* Takes a module stored in 'module_data' and parses its headers. + * Sets reference variables 'module_name' to module's name, and + * 'version' to module's version. The caller is responsible for + * free()ing 'module_name', and 'version'; they will be + * set to NULL upon entering this function. Returns 0 on success, -1 + * if out of memory, or -2 if data did not represent a module. + */ +static int parse_module_headers(semanage_handle_t * sh, char *module_data, + size_t data_len, char **module_name, + char **version) +{ + struct sepol_policy_file *pf; + int file_type; + *module_name = *version = NULL; + + if (sepol_policy_file_create(&pf)) { + ERR(sh, "Out of memory!"); + return -1; + } + sepol_policy_file_set_mem(pf, module_data, data_len); + sepol_policy_file_set_handle(pf, sh->sepolh); + if (module_data == NULL || + data_len == 0 || + sepol_module_package_info(pf, &file_type, module_name, + version) == -1) { + sepol_policy_file_free(pf); + ERR(sh, "Could not parse module data."); + return -2; + } + sepol_policy_file_free(pf); + if (file_type != SEPOL_POLICY_MOD) { + if (file_type == SEPOL_POLICY_BASE) + ERR(sh, + "Received a base module, expected a non-base module."); + else + ERR(sh, "Data did not represent a module."); + return -2; + } + + return 0; +} + #include #include #include @@ -1524,7 +1566,9 @@ static int semanage_direct_install_file(semanage_handle_t * sh, char *path = NULL; char *filename; char *lang_ext = NULL; + char *module_name = NULL; char *separator; + char *version = NULL; if ((data_len = map_file(sh, install_filename, &data, &compressed)) <= 0) { ERR(sh, "Unable to read file %s\n", install_filename); @@ -1564,10 +1608,26 @@ static int semanage_direct_install_file(semanage_handle_t * sh, lang_ext = separator + 1; } - retval = semanage_direct_install(sh, data, data_len, filename, lang_ext); + if (strcmp(lang_ext, "pp") != 0) + module_name = strdup(filename); + else { + if (parse_module_headers(sh, data, data_len, &module_name, &version) != 0) { + free(module_name); + module_name = strdup(filename); + } + free(version); + } + if (module_name == NULL) { + ERR(sh, "No memory available for module_name.\n"); + retval = -1; + goto cleanup; + } + + retval = semanage_direct_install(sh, data, data_len, module_name, lang_ext); cleanup: if (data_len > 0) munmap(data, data_len); + free(module_name); free(path); return retval;