From patchwork Mon Oct 3 18:41:12 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 9360799 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 251F6607D8 for ; Mon, 3 Oct 2016 18:41:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2210B287FF for ; Mon, 3 Oct 2016 18:41:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 160D828906; Mon, 3 Oct 2016 18:41:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EF2AD287FF for ; Mon, 3 Oct 2016 18:40:58 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,438,1473120000"; d="scan'208";a="19763410" IronPort-PHdr: =?us-ascii?q?9a23=3A8GRtMBEjBQvX0R3OFBcKK51GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75os6wAkXT6L1XgUPTWs2DsrQf2rCQ6f2rADVcqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZv?= =?us-ascii?q?IaytQ8iJ3p7xjb35osSPKyxzxxOFKYtoKxu3qQiD/uI3uqBFbpgL9x3Sv3FTcP?= =?us-ascii?q?5Xz247bXianhL7+9vitMU7q3cYhuglv/Jkfe26Ov5gDO8QMDNzKG0x5cv2pTHf?= =?us-ascii?q?XACP4T0aSWxQnR1WUCbf6xSvfJ70vzCyneNnxCSAdZn0Urs9Qyj4x7t6Qx/vzi?= =?us-ascii?q?EcPng293+B2Z84t75SvB/0/083+IXTeozAcaAmcw=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2HeBAD7pPJX/wHyM5BdHAEBBAEBCgEBFwEBBAEBCgEBgxI?= =?us-ascii?q?BAQEBAR6BRA+6VCCHcEwBAQEBAQEBAQIBAlsngjIEAxMFghgCJBMUIA4DCQIXK?= =?us-ascii?q?QgIAwEtFR8LBRgEiCy8A4xbgkgRAYV6BYg3hX+LQAKPcQKJfYVxApBsVIJaRhy?= =?us-ascii?q?BbFaFNXiBKAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 03 Oct 2016 18:40:55 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u93Ie663023119; Mon, 3 Oct 2016 14:40:17 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u93Ie4DX120209 for ; Mon, 3 Oct 2016 14:40:04 -0400 Received: from moss-lions.infosec.tycho.ncsc.mil (moss-lions [192.168.25.4]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u93Ie4ed023116 for ; Mon, 3 Oct 2016 14:40:04 -0400 From: James Carter To: selinux@tycho.nsa.gov Subject: [PATCH] libsemanage: Fixes bug preventing the installation of base modules Date: Mon, 3 Oct 2016 14:41:12 -0400 Message-Id: <1475520072-17880-1-git-send-email-jwcart2@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Commit 7a728e46 changed module installation so that a module pp would be installed using its module name instead of its filename and a warning would be printed if they were different. With this change, base modules could no longer be installed because of the way error handling was done. This change fixes the error handling, so that when a base module is installed it will be installed using its filename (since it does not have a module name). Based on bug report by Jason Zaman Signed-off-by: James Carter --- libsemanage/src/direct_api.c | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 3719cb1..e5c72cd 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -368,7 +368,7 @@ static int semanage_direct_begintrans(semanage_handle_t * sh) * 'version' to module's version. The caller is responsible for * free()ing 'module_name', and 'version'; they will be * set to NULL upon entering this function. Returns 0 on success, -1 - * if out of memory, or -2 if data did not represent a module. + * if out of memory. */ static int parse_module_headers(semanage_handle_t * sh, char *module_data, size_t data_len, char **module_name, @@ -384,23 +384,10 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, } sepol_policy_file_set_mem(pf, module_data, data_len); sepol_policy_file_set_handle(pf, sh->sepolh); - if (module_data == NULL || - data_len == 0 || + if (module_data != NULL && data_len > 0) sepol_module_package_info(pf, &file_type, module_name, - version) == -1) { - sepol_policy_file_free(pf); - ERR(sh, "Could not parse module data."); - return -2; - } + version); sepol_policy_file_free(pf); - if (file_type != SEPOL_POLICY_MOD) { - if (file_type == SEPOL_POLICY_BASE) - ERR(sh, - "Received a base module, expected a non-base module."); - else - ERR(sh, "Data did not represent a module."); - return -2; - } return 0; } @@ -1608,22 +1595,24 @@ static int semanage_direct_install_file(semanage_handle_t * sh, lang_ext = separator + 1; } - if (strcmp(lang_ext, "pp") != 0) { + if (strcmp(lang_ext, "pp") == 0) { + retval = parse_module_headers(sh, data, data_len, &module_name, &version); + free(version); + if (retval != 0) + goto cleanup; + } + + if (module_name == NULL) { module_name = strdup(filename); if (module_name == NULL) { ERR(sh, "No memory available for module_name.\n"); retval = -1; goto cleanup; } - } else { - if ((retval = parse_module_headers(sh, data, data_len, &module_name, &version)) != 0) - goto cleanup; - - if (strcmp(module_name, filename) != 0) - fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); - - free(version); + } else if (strcmp(module_name, filename) != 0) { + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); } + retval = semanage_direct_install(sh, data, data_len, module_name, lang_ext); cleanup: