From patchwork Fri Feb 28 15:48:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11412667 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1CA7F930 for ; Fri, 28 Feb 2020 15:49:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D213D2469D for ; Fri, 28 Feb 2020 15:49:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="pdzOU+h0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727061AbgB1PtM (ORCPT ); Fri, 28 Feb 2020 10:49:12 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:39611 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726971AbgB1PtM (ORCPT ); Fri, 28 Feb 2020 10:49:12 -0500 Received: by mail-pl1-f195.google.com with SMTP id g6so1395584plp.6 for ; Fri, 28 Feb 2020 07:49:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=baf+vqMKorNyJjSyiAU08gSE2Z3ulLrcORZbh2mLQ1U=; b=pdzOU+h0aejrG7EsIHQxNaESlXEQdzd8OOZM1pFg3IWUrv5mnRu4tcS2nsNQwotB+T 4J7BZM9ygBhoHXX+SwNlmqHWvT6NxzjMy9hmDGu8PneZEOO4tBbqhVt78xJgWiuMpxzc Pr1VmUEqdPkUrmGi1g3at22kMwyf8st8rxNoNbODCBoyMWZDtRmoahEwJ2o4axIxkvS6 iEjmPAiB0FlNQesALisTY1C7loB8i0A9h2++xKhNro1RA/XyE31Z5oerWfTBJUKlBa7t sWL3aBS7HtlsgzXeH3Yq7WTvlsgu3rmLMqcuhy+g5lfdJSDw2wPmmQAuTuRG/tTmBVaW RUPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=baf+vqMKorNyJjSyiAU08gSE2Z3ulLrcORZbh2mLQ1U=; b=CjAMJPG4RUdLlyVPUMlTmQbt+BXyn1mSJZna+Rb1814kkEsot8bNH5Tb+t1PE53/r3 EIG4LXeC1JIqsdVlHhfj9TfLIFHiniy2mFDMuOeRysA3aYWBh16R1ZFTErI+XeOu8Dgl gQ02v6Q0XbOnFsS1JRyUs1+XFMfRbcNbrBlwpH8qZXDks9puAkCugK35myrU+AjaLV8/ 3seS5IujZvDyxJsi1rz7zGgkpL5DkcntkctSS18hbhdUlnztYyawK+2IAXMC4aCFci1n 0/NV0Ko87BkZLSSqFmpuR6vjuLkxutdzuK6EkWco9o+hZNspKRAgkIoDc1BgWRNNQwEB J2fw== X-Gm-Message-State: APjAAAWIWi3js63digf57YyAMDQ3j9N2pe/5+Pmd/fQ1bdAZfIon86FP bSMXjdNT0VO+7bG9ZQ+2u8R5eQmB X-Google-Smtp-Source: APXvYqzTN2VtTncMUnrIlWzQ/lKNI5NPfUaRZaovE1Qgj4pfPLDofd1lSO3hW5WGK+MN5UxqRkDaWQ== X-Received: by 2002:a17:902:8609:: with SMTP id f9mr4418208plo.203.1582904948305; Fri, 28 Feb 2020 07:49:08 -0800 (PST) Received: from localhost.localdomain ([134.134.137.79]) by smtp.gmail.com with ESMTPSA id w18sm12091796pfq.167.2020.02.28.07.49.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2020 07:49:07 -0800 (PST) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: selinux@vger.kernel.org, drepper@redhat.com, omosnace@redhat.com, stephen.smalley.work@gmail.com, plautrba@redhat.com Cc: William Roberts Subject: [PATCH v3 1/4] dso: drop hidden_proto and hidden_def Date: Fri, 28 Feb 2020 09:48:54 -0600 Message-Id: <20200228154857.587-2-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228154857.587-1-william.c.roberts@intel.com> References: <20200227230129.31166-1-william.c.roberts@intel.com> <20200228154857.587-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts Signed-off-by: William Roberts --- libselinux/src/avc.c | 5 - libselinux/src/avc_internal.h | 52 ++++---- libselinux/src/avc_sidtab.h | 11 +- libselinux/src/booleans.c | 5 - libselinux/src/callbacks.h | 11 +- libselinux/src/canonicalize_context.c | 2 - libselinux/src/checkAccess.c | 1 - libselinux/src/check_context.c | 2 - libselinux/src/checkreqprot.c | 1 - libselinux/src/compute_av.c | 4 - libselinux/src/compute_create.c | 4 - libselinux/src/compute_member.c | 1 - libselinux/src/compute_relabel.c | 1 - libselinux/src/compute_user.c | 2 - libselinux/src/context.c | 9 +- libselinux/src/context_internal.h | 12 -- libselinux/src/deny_unknown.c | 1 - libselinux/src/disable.c | 1 - libselinux/src/dso.h | 23 ---- libselinux/src/enabled.c | 2 - libselinux/src/fgetfilecon.c | 1 - libselinux/src/freecon.c | 1 - libselinux/src/freeconary.c | 1 - libselinux/src/fsetfilecon.c | 1 - libselinux/src/get_context_list.c | 3 - libselinux/src/get_context_list_internal.h | 4 - libselinux/src/get_default_type_internal.h | 2 - libselinux/src/get_initial_context.c | 2 - libselinux/src/getenforce.c | 1 - libselinux/src/getfilecon.c | 2 - libselinux/src/getpeercon.c | 1 - libselinux/src/init.c | 4 - libselinux/src/label_internal.h | 19 ++- libselinux/src/label_support.c | 6 +- libselinux/src/lgetfilecon.c | 1 - libselinux/src/load_policy.c | 2 - libselinux/src/lsetfilecon.c | 1 - libselinux/src/matchpathcon.c | 3 +- libselinux/src/policyvers.c | 2 - libselinux/src/procattr.c | 21 +--- libselinux/src/regex.h | 21 ++-- libselinux/src/reject_unknown.c | 1 - .../src/selinux_check_securetty_context.c | 1 - libselinux/src/selinux_config.c | 36 ------ libselinux/src/selinux_internal.h | 117 +----------------- libselinux/src/setenforce.c | 1 - libselinux/src/setfilecon.c | 1 - libselinux/src/setrans_client.c | 8 +- libselinux/src/seusers.c | 2 +- libselinux/src/sha1.c | 7 +- libselinux/src/stringrep.c | 1 - libselinux/src/validatetrans.c | 2 - 52 files changed, 69 insertions(+), 357 deletions(-) delete mode 100644 libselinux/src/dso.h diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index 5230efd2323a..ab10b0f9f1cb 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -294,7 +294,6 @@ void avc_av_stats(void) slots_used, AVC_CACHE_SLOTS, max_chain_len); } -hidden_def(avc_av_stats) static inline struct avc_node *avc_reclaim_node(void) { @@ -494,7 +493,6 @@ void avc_cleanup(void) { } -hidden_def(avc_cleanup) int avc_reset(void) { @@ -539,7 +537,6 @@ int avc_reset(void) return rc; } -hidden_def(avc_reset) void avc_destroy(void) { @@ -733,7 +730,6 @@ void avc_audit(security_id_t ssid, security_id_t tsid, avc_release_lock(avc_log_lock); } -hidden_def(avc_audit) static void avd_init(struct av_decision *avd) @@ -825,7 +821,6 @@ int avc_has_perm_noaudit(security_id_t ssid, return rc; } -hidden_def(avc_has_perm_noaudit) int avc_has_perm(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h index f8516590bd75..3f8a6bb1cf84 100644 --- a/libselinux/src/avc_internal.h +++ b/libselinux/src/avc_internal.h @@ -14,24 +14,23 @@ #include #include #include "callbacks.h" -#include "dso.h" /* callback pointers */ -extern void *(*avc_func_malloc) (size_t) hidden; -extern void (*avc_func_free) (void *)hidden; +extern void *(*avc_func_malloc) (size_t) ; +extern void (*avc_func_free) (void *); -extern void (*avc_func_log) (const char *, ...) __attribute__((__format__(printf,1,2))) hidden; -extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden; +extern void (*avc_func_log) (const char *, ...) __attribute__((__format__(printf,1,2))) ; +extern void (*avc_func_audit) (void *, security_class_t, char *, size_t); -extern int avc_using_threads hidden; -extern int avc_app_main_loop hidden; -extern void *(*avc_func_create_thread) (void (*)(void))hidden; -extern void (*avc_func_stop_thread) (void *)hidden; +extern int avc_using_threads ; +extern int avc_app_main_loop ; +extern void *(*avc_func_create_thread) (void (*)(void)); +extern void (*avc_func_stop_thread) (void *); -extern void *(*avc_func_alloc_lock) (void)hidden; -extern void (*avc_func_get_lock) (void *)hidden; -extern void (*avc_func_release_lock) (void *)hidden; -extern void (*avc_func_free_lock) (void *)hidden; +extern void *(*avc_func_alloc_lock) (void); +extern void (*avc_func_get_lock) (void *); +extern void (*avc_func_release_lock) (void *); +extern void (*avc_func_free_lock) (void *); static inline void set_callbacks(const struct avc_memory_callback *mem_cb, const struct avc_log_callback *log_cb, @@ -61,10 +60,10 @@ static inline void set_callbacks(const struct avc_memory_callback *mem_cb, /* message prefix and enforcing mode*/ #define AVC_PREFIX_SIZE 16 -extern char avc_prefix[AVC_PREFIX_SIZE] hidden; -extern int avc_running hidden; -extern int avc_enforcing hidden; -extern int avc_setenforce hidden; +extern char avc_prefix[AVC_PREFIX_SIZE] ; +extern int avc_running ; +extern int avc_enforcing ; +extern int avc_setenforce ; /* user-supplied callback interface for avc */ static inline void *avc_malloc(size_t size) @@ -155,28 +154,23 @@ static inline void avc_free_lock(void *lock) /* internal callbacks */ int avc_ss_grant(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, - uint32_t seqno) hidden; + uint32_t seqno) ; int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno, - access_vector_t * out_retained) hidden; + access_vector_t * out_retained) ; int avc_ss_revoke(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, - uint32_t seqno) hidden; -int avc_ss_reset(uint32_t seqno) hidden; + uint32_t seqno) ; +int avc_ss_reset(uint32_t seqno) ; int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, - uint32_t seqno, uint32_t enable) hidden; + uint32_t seqno, uint32_t enable) ; int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, - uint32_t seqno, uint32_t enable) hidden; + uint32_t seqno, uint32_t enable) ; /* netlink kernel message code */ -extern int avc_netlink_trouble hidden; +extern int avc_netlink_trouble ; -hidden_proto(avc_av_stats) - hidden_proto(avc_cleanup) - hidden_proto(avc_reset) - hidden_proto(avc_audit) - hidden_proto(avc_has_perm_noaudit) #endif /* _SELINUX_AVC_INTERNAL_H_ */ diff --git a/libselinux/src/avc_sidtab.h b/libselinux/src/avc_sidtab.h index bce9b877ae79..cc5abe354a01 100644 --- a/libselinux/src/avc_sidtab.h +++ b/libselinux/src/avc_sidtab.h @@ -7,7 +7,6 @@ #include #include -#include "dso.h" struct sidtab_node { struct security_id sid_s; @@ -24,13 +23,13 @@ struct sidtab { unsigned nel; }; -int sidtab_init(struct sidtab *s) hidden; -int sidtab_insert(struct sidtab *s, const char * ctx) hidden; +int sidtab_init(struct sidtab *s) ; +int sidtab_insert(struct sidtab *s, const char * ctx) ; int sidtab_context_to_sid(struct sidtab *s, - const char * ctx, security_id_t * sid) hidden; + const char * ctx, security_id_t * sid) ; -void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) hidden; -void sidtab_destroy(struct sidtab *s) hidden; +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; +void sidtab_destroy(struct sidtab *s) ; #endif /* _SELINUX_AVC_SIDTAB_H_ */ diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index ffa8d26b0f3a..ef1f64a05d84 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -414,8 +414,3 @@ char *selinux_boolean_sub(const char *name __attribute__((unused))) } #endif -hidden_def(security_get_boolean_names) -hidden_def(selinux_boolean_sub) -hidden_def(security_get_boolean_active) -hidden_def(security_set_boolean) -hidden_def(security_commit_booleans) diff --git a/libselinux/src/callbacks.h b/libselinux/src/callbacks.h index 2a572e08d534..03d87f0cbdfe 100644 --- a/libselinux/src/callbacks.h +++ b/libselinux/src/callbacks.h @@ -9,22 +9,21 @@ #include #include #include -#include "dso.h" /* callback pointers */ extern int __attribute__ ((format(printf, 2, 3))) -(*selinux_log) (int type, const char *, ...) hidden; +(*selinux_log) (int type, const char *, ...) ; extern int -(*selinux_audit) (void *, security_class_t, char *, size_t) hidden; +(*selinux_audit) (void *, security_class_t, char *, size_t) ; extern int -(*selinux_validate)(char **ctx) hidden; +(*selinux_validate)(char **ctx) ; extern int -(*selinux_netlink_setenforce) (int enforcing) hidden; +(*selinux_netlink_setenforce) (int enforcing) ; extern int -(*selinux_netlink_policyload) (int seqno) hidden; +(*selinux_netlink_policyload) (int seqno) ; #endif /* _SELINUX_CALLBACKS_H_ */ diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c index ba4c9a2c7d46..faab730592c2 100644 --- a/libselinux/src/canonicalize_context.c +++ b/libselinux/src/canonicalize_context.c @@ -60,7 +60,6 @@ int security_canonicalize_context_raw(const char * con, return ret; } -hidden_def(security_canonicalize_context_raw) int security_canonicalize_context(const char * con, char ** canoncon) @@ -83,4 +82,3 @@ int security_canonicalize_context(const char * con, return ret; } -hidden_def(security_canonicalize_context) diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c index 7227ffe51eac..677e2ecd7df4 100644 --- a/libselinux/src/checkAccess.c +++ b/libselinux/src/checkAccess.c @@ -99,7 +99,6 @@ int selinux_check_passwd_access(access_vector_t requested) return status; } -hidden_def(selinux_check_passwd_access) int checkPasswdAccess(access_vector_t requested) { diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c index 8a7997f03598..5096a2c40993 100644 --- a/libselinux/src/check_context.c +++ b/libselinux/src/check_context.c @@ -31,7 +31,6 @@ int security_check_context_raw(const char * con) return 0; } -hidden_def(security_check_context_raw) int security_check_context(const char * con) { @@ -48,4 +47,3 @@ int security_check_context(const char * con) return ret; } -hidden_def(security_check_context) diff --git a/libselinux/src/checkreqprot.c b/libselinux/src/checkreqprot.c index 9b4b12d75021..3dc79d9719c5 100644 --- a/libselinux/src/checkreqprot.c +++ b/libselinux/src/checkreqprot.c @@ -37,4 +37,3 @@ int security_get_checkreqprot(void) return checkreqprot; } -hidden_def(security_get_checkreqprot); diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c index a47cffe98662..9d17339d1a32 100644 --- a/libselinux/src/compute_av.c +++ b/libselinux/src/compute_av.c @@ -80,7 +80,6 @@ int security_compute_av_flags_raw(const char * scon, return ret; } -hidden_def(security_compute_av_flags_raw) int security_compute_av_raw(const char * scon, const char * tcon, @@ -107,7 +106,6 @@ int security_compute_av_raw(const char * scon, return ret; } -hidden_def(security_compute_av_raw) int security_compute_av_flags(const char * scon, const char * tcon, @@ -134,7 +132,6 @@ int security_compute_av_flags(const char * scon, return ret; } -hidden_def(security_compute_av_flags) int security_compute_av(const char * scon, const char * tcon, @@ -162,4 +159,3 @@ int security_compute_av(const char * scon, return ret; } -hidden_def(security_compute_av) diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c index 0975aeac2224..1d75714d852d 100644 --- a/libselinux/src/compute_create.c +++ b/libselinux/src/compute_create.c @@ -105,7 +105,6 @@ int security_compute_create_name_raw(const char * scon, close(fd); return ret; } -hidden_def(security_compute_create_name_raw) int security_compute_create_raw(const char * scon, const char * tcon, @@ -115,7 +114,6 @@ int security_compute_create_raw(const char * scon, return security_compute_create_name_raw(scon, tcon, tclass, NULL, newcon); } -hidden_def(security_compute_create_raw) int security_compute_create_name(const char * scon, const char * tcon, @@ -146,7 +144,6 @@ int security_compute_create_name(const char * scon, return ret; } -hidden_def(security_compute_create_name) int security_compute_create(const char * scon, const char * tcon, @@ -155,4 +152,3 @@ int security_compute_create(const char * scon, { return security_compute_create_name(scon, tcon, tclass, NULL, newcon); } -hidden_def(security_compute_create) diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c index 4e2d221ef9ea..16234b7908f2 100644 --- a/libselinux/src/compute_member.c +++ b/libselinux/src/compute_member.c @@ -60,7 +60,6 @@ int security_compute_member_raw(const char * scon, return ret; } -hidden_def(security_compute_member_raw) int security_compute_member(const char * scon, const char * tcon, diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c index 49f77ef3344c..dd20d6525993 100644 --- a/libselinux/src/compute_relabel.c +++ b/libselinux/src/compute_relabel.c @@ -60,7 +60,6 @@ int security_compute_relabel_raw(const char * scon, return ret; } -hidden_def(security_compute_relabel_raw) int security_compute_relabel(const char * scon, const char * tcon, diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c index e7da964ff46d..ae5e7b4a8f68 100644 --- a/libselinux/src/compute_user.c +++ b/libselinux/src/compute_user.c @@ -80,7 +80,6 @@ int security_compute_user_raw(const char * scon, return ret; } -hidden_def(security_compute_user_raw) int security_compute_user(const char * scon, const char *user, char *** con) @@ -110,4 +109,3 @@ int security_compute_user(const char * scon, return ret; } -hidden_def(security_compute_user) diff --git a/libselinux/src/context.c b/libselinux/src/context.c index b673733e1f48..090264a49eb1 100644 --- a/libselinux/src/context.c +++ b/libselinux/src/context.c @@ -82,7 +82,6 @@ context_t context_new(const char *str) return 0; } -hidden_def(context_new) static void conditional_free(char **v) { @@ -113,7 +112,6 @@ void context_free(context_t context) } } -hidden_def(context_free) /* * Return a pointer to the string value of the context. @@ -144,7 +142,6 @@ char *context_str(context_t context) return n->current_str; } -hidden_def(context_str) /* Returns nonzero iff failed */ static int set_comp(context_private_t * n, int idx, const char *str) @@ -176,8 +173,7 @@ const char * context_ ## name ## _get(context_t context) \ { \ context_private_t *n = context->ptr; \ return n->component[tag]; \ -} \ -hidden_def(context_ ## name ## _get) +} def_get(type, COMP_TYPE) def_get(user, COMP_USER) @@ -187,8 +183,7 @@ def_get(type, COMP_TYPE) int context_ ## name ## _set(context_t context, const char* str) \ { \ return set_comp(context->ptr,tag,str);\ -} \ -hidden_def(context_ ## name ## _set) +} def_set(type, COMP_TYPE) def_set(role, COMP_ROLE) def_set(user, COMP_USER) diff --git a/libselinux/src/context_internal.h b/libselinux/src/context_internal.h index 3c71e8027080..a7698106923e 100644 --- a/libselinux/src/context_internal.h +++ b/libselinux/src/context_internal.h @@ -1,14 +1,2 @@ #include -#include "dso.h" -hidden_proto(context_new) - hidden_proto(context_free) - hidden_proto(context_str) - hidden_proto(context_type_set) - hidden_proto(context_type_get) - hidden_proto(context_role_set) - hidden_proto(context_role_get) - hidden_proto(context_user_set) - hidden_proto(context_user_get) - hidden_proto(context_range_set) - hidden_proto(context_range_get) diff --git a/libselinux/src/deny_unknown.c b/libselinux/src/deny_unknown.c index 77d04e370f30..fdd32b50a246 100644 --- a/libselinux/src/deny_unknown.c +++ b/libselinux/src/deny_unknown.c @@ -37,4 +37,3 @@ int security_deny_unknown(void) return deny_unknown; } -hidden_def(security_deny_unknown); diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c index 8d66262aff03..1a5ae4172a8d 100644 --- a/libselinux/src/disable.c +++ b/libselinux/src/disable.c @@ -35,4 +35,3 @@ int security_disable(void) return 0; } -hidden_def(security_disable) diff --git a/libselinux/src/dso.h b/libselinux/src/dso.h deleted file mode 100644 index 12c3d1160fb0..000000000000 --- a/libselinux/src/dso.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef _SELINUX_DSO_H -#define _SELINUX_DSO_H 1 - -#ifdef SHARED -# define hidden __attribute__ ((visibility ("hidden"))) -# define hidden_proto(fct) __hidden_proto (fct, fct##_internal) -# define __hidden_proto(fct, internal) \ - extern __typeof (fct) internal; \ - extern __typeof (fct) fct __asm (#internal) hidden; -# if defined(__alpha__) || defined(__mips__) -# define hidden_def(fct) \ - asm (".globl " #fct "\n" #fct " = " #fct "_internal"); -# else -# define hidden_def(fct) \ - asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); -#endif -#else -# define hidden -# define hidden_proto(fct) -# define hidden_def(fct) -#endif - -#endif diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c index dd628fba86a8..fefb0bd9ae02 100644 --- a/libselinux/src/enabled.c +++ b/libselinux/src/enabled.c @@ -20,7 +20,6 @@ int is_selinux_enabled(void) #endif } -hidden_def(is_selinux_enabled) /* * Function: is_selinux_mls_enabled() @@ -55,4 +54,3 @@ int is_selinux_mls_enabled(void) return enabled; } -hidden_def(is_selinux_mls_enabled) diff --git a/libselinux/src/fgetfilecon.c b/libselinux/src/fgetfilecon.c index 5522ac16e385..8c748f8a2e64 100644 --- a/libselinux/src/fgetfilecon.c +++ b/libselinux/src/fgetfilecon.c @@ -49,7 +49,6 @@ int fgetfilecon_raw(int fd, char ** context) return ret; } -hidden_def(fgetfilecon_raw) int fgetfilecon(int fd, char ** context) { diff --git a/libselinux/src/freecon.c b/libselinux/src/freecon.c index 5290dfa13bc4..df2d7e2827ea 100644 --- a/libselinux/src/freecon.c +++ b/libselinux/src/freecon.c @@ -8,4 +8,3 @@ void freecon(char * con) free(con); } -hidden_def(freecon) diff --git a/libselinux/src/freeconary.c b/libselinux/src/freeconary.c index 8d07718ed5f9..fd2dbaabfbcf 100644 --- a/libselinux/src/freeconary.c +++ b/libselinux/src/freeconary.c @@ -16,4 +16,3 @@ void freeconary(char ** con) free(con); } -hidden_def(freeconary) diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c index 52707d05ddd4..5cf34e3fa5d0 100644 --- a/libselinux/src/fsetfilecon.c +++ b/libselinux/src/fsetfilecon.c @@ -25,7 +25,6 @@ int fsetfilecon_raw(int fd, const char * context) return rc; } -hidden_def(fsetfilecon_raw) int fsetfilecon(int fd, const char *context) { diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c index 26d7b3b98e75..b43652ffd28c 100644 --- a/libselinux/src/get_context_list.c +++ b/libselinux/src/get_context_list.c @@ -52,7 +52,6 @@ int get_default_context_with_role(const char *user, return rc; } -hidden_def(get_default_context_with_role) int get_default_context_with_rolelevel(const char *user, const char *role, @@ -385,7 +384,6 @@ int get_ordered_context_list_with_level(const char *user, return rc; } -hidden_def(get_ordered_context_list_with_level) int get_default_context_with_level(const char *user, const char *level, @@ -497,4 +495,3 @@ int get_ordered_context_list(const char *user, goto out; } -hidden_def(get_ordered_context_list) diff --git a/libselinux/src/get_context_list_internal.h b/libselinux/src/get_context_list_internal.h index c224834ebfb4..a7c1d41ba07f 100644 --- a/libselinux/src/get_context_list_internal.h +++ b/libselinux/src/get_context_list_internal.h @@ -1,6 +1,2 @@ #include -#include "dso.h" -hidden_proto(get_ordered_context_list) - hidden_proto(get_ordered_context_list_with_level) - hidden_proto(get_default_context_with_role) diff --git a/libselinux/src/get_default_type_internal.h b/libselinux/src/get_default_type_internal.h index 0da3c512d6fb..deb5d2963211 100644 --- a/libselinux/src/get_default_type_internal.h +++ b/libselinux/src/get_default_type_internal.h @@ -1,4 +1,2 @@ #include -#include "dso.h" -hidden_proto(selinux_default_type_path) diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c index 5e919f478b63..97ae3dcfb5a6 100644 --- a/libselinux/src/get_initial_context.c +++ b/libselinux/src/get_initial_context.c @@ -53,7 +53,6 @@ int security_get_initial_context_raw(const char * name, char ** con) return ret; } -hidden_def(security_get_initial_context_raw) int security_get_initial_context(const char * name, char ** con) { @@ -69,4 +68,3 @@ int security_get_initial_context(const char * name, char ** con) return ret; } -hidden_def(security_get_initial_context) diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c index d909dced73c6..3f1e20021a4e 100644 --- a/libselinux/src/getenforce.c +++ b/libselinux/src/getenforce.c @@ -37,4 +37,3 @@ int security_getenforce(void) return !!enforce; } -hidden_def(security_getenforce) diff --git a/libselinux/src/getfilecon.c b/libselinux/src/getfilecon.c index 20bee8abdbfc..4bee31372172 100644 --- a/libselinux/src/getfilecon.c +++ b/libselinux/src/getfilecon.c @@ -49,7 +49,6 @@ int getfilecon_raw(const char *path, char ** context) return ret; } -hidden_def(getfilecon_raw) int getfilecon(const char *path, char ** context) { @@ -70,4 +69,3 @@ int getfilecon(const char *path, char ** context) return ret; } -hidden_def(getfilecon) diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c index 3a77a2de2c95..a9dca73e438a 100644 --- a/libselinux/src/getpeercon.c +++ b/libselinux/src/getpeercon.c @@ -43,7 +43,6 @@ int getpeercon_raw(int fd, char ** context) return ret; } -hidden_def(getpeercon_raw) int getpeercon(int fd, char ** context) { diff --git a/libselinux/src/init.c b/libselinux/src/init.c index 083638c47fbf..542c979b9da6 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -12,7 +12,6 @@ #include #include -#include "dso.h" #include "policy.h" #include "selinux_internal.h" #include "setrans_internal.h" @@ -79,7 +78,6 @@ int selinuxfs_exists(void) fclose(fp); return exists; } -hidden_def(selinuxfs_exists) static void init_selinuxmnt(void) { @@ -138,14 +136,12 @@ void fini_selinuxmnt(void) selinux_mnt = NULL; } -hidden_def(fini_selinuxmnt) void set_selinuxmnt(const char *mnt) { selinux_mnt = strdup(mnt); } -hidden_def(set_selinuxmnt) static void init_lib(void) __attribute__ ((constructor)); static void init_lib(void) diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h index 7ed2a43770a7..361b443cb9c4 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -13,7 +13,6 @@ #include #include #include -#include "dso.h" #include "sha1.h" #if defined(ANDROID) || defined(__APPLE__) @@ -26,22 +25,22 @@ */ int selabel_file_init(struct selabel_handle *rec, const struct selinux_opt *opts, - unsigned nopts) hidden; + unsigned nopts) ; int selabel_media_init(struct selabel_handle *rec, const struct selinux_opt *opts, - unsigned nopts) hidden; + unsigned nopts) ; int selabel_x_init(struct selabel_handle *rec, const struct selinux_opt *opts, - unsigned nopts) hidden; + unsigned nopts) ; int selabel_db_init(struct selabel_handle *rec, const struct selinux_opt *opts, - unsigned nopts) hidden; + unsigned nopts) ; int selabel_property_init(struct selabel_handle *rec, const struct selinux_opt *opts, - unsigned nopts) hidden; + unsigned nopts) ; int selabel_service_init(struct selabel_handle *rec, const struct selinux_opt *opts, - unsigned nopts) hidden; + unsigned nopts) ; /* * Labeling internal structures @@ -120,14 +119,14 @@ struct selabel_handle { */ extern int selabel_validate(struct selabel_handle *rec, - struct selabel_lookup_rec *contexts) hidden; + struct selabel_lookup_rec *contexts) ; /* * Compatibility support */ extern int myprintf_compat; extern void __attribute__ ((format(printf, 1, 2))) -(*myprintf) (const char *fmt, ...) hidden; +(*myprintf) (const char *fmt, ...) ; #define COMPAT_LOG(type, fmt...) if (myprintf_compat) \ myprintf(fmt); \ @@ -137,7 +136,7 @@ extern void __attribute__ ((format(printf, 1, 2))) extern int compat_validate(struct selabel_handle *rec, struct selabel_lookup_rec *contexts, - const char *path, unsigned lineno) hidden; + const char *path, unsigned lineno) ; /* * The read_spec_entries function may be used to diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c index 26f9ef155dcf..94ed6e4273cb 100644 --- a/libselinux/src/label_support.c +++ b/libselinux/src/label_support.c @@ -63,7 +63,7 @@ static inline int read_spec_entry(char **entry, char **ptr, int *len, const char * This function calls read_spec_entry() to do the actual string processing. * As such, can return anything from that function as well. */ -int hidden read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) +int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) { char **spec_entry, *buf_p; int len, rc, items, entry_len = 0; @@ -113,7 +113,7 @@ int hidden read_spec_entries(char *line_buf, const char **errbuf, int num_args, } /* Once all the specfiles are in the hash_buf, generate the hash. */ -void hidden digest_gen_hash(struct selabel_digest *digest) +void digest_gen_hash(struct selabel_digest *digest) { Sha1Context context; @@ -141,7 +141,7 @@ void hidden digest_gen_hash(struct selabel_digest *digest) * * Return %0 on success, -%1 with @errno set on failure. */ -int hidden digest_add_specfile(struct selabel_digest *digest, FILE *fp, +int digest_add_specfile(struct selabel_digest *digest, FILE *fp, char *from_addr, size_t buf_len, const char *path) { diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c index db67bc60ffe6..d1fb821b23ef 100644 --- a/libselinux/src/lgetfilecon.c +++ b/libselinux/src/lgetfilecon.c @@ -49,7 +49,6 @@ int lgetfilecon_raw(const char *path, char ** context) return ret; } -hidden_def(lgetfilecon_raw) int lgetfilecon(const char *path, char ** context) { diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index 9e75292d2528..fa1a3bf1f441 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -45,7 +45,6 @@ int security_load_policy(void *data, size_t len) return 0; } -hidden_def(security_load_policy) #ifndef ANDROID #undef max @@ -213,7 +212,6 @@ int selinux_mkload_policy(int preservebools __attribute__((unused))) return rc; } -hidden_def(selinux_mkload_policy) /* * Mount point for selinuxfs. diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c index 1d3b28a1c5fc..213fb684fc66 100644 --- a/libselinux/src/lsetfilecon.c +++ b/libselinux/src/lsetfilecon.c @@ -25,7 +25,6 @@ int lsetfilecon_raw(const char *path, const char * context) return rc; } -hidden_def(lsetfilecon_raw) int lsetfilecon(const char *path, const char *context) { diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c index 05a5cfa4cfd5..bddf77a49ce1 100644 --- a/libselinux/src/matchpathcon.c +++ b/libselinux/src/matchpathcon.c @@ -322,7 +322,7 @@ static void matchpathcon_thread_destructor(void __attribute__((unused)) *ptr) void __attribute__((destructor)) matchpathcon_lib_destructor(void); -void hidden __attribute__((destructor)) matchpathcon_lib_destructor(void) +void __attribute__((destructor)) matchpathcon_lib_destructor(void) { if (destructor_key_initialized) __selinux_key_delete(destructor_key); @@ -351,7 +351,6 @@ int matchpathcon_init_prefix(const char *path, const char *subset) return hnd ? 0 : -1; } -hidden_def(matchpathcon_init_prefix) int matchpathcon_init(const char *path) { diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c index c97dd9df7a8a..e5aa2f3f2d55 100644 --- a/libselinux/src/policyvers.c +++ b/libselinux/src/policyvers.c @@ -7,7 +7,6 @@ #include "selinux_internal.h" #include #include "policy.h" -#include "dso.h" #include int security_policyvers(void) @@ -42,4 +41,3 @@ int security_policyvers(void) return vers; } -hidden_def(security_policyvers) diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c index c6799ef27533..1aa67ac53f39 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -57,7 +57,7 @@ static void procattr_thread_destructor(void __attribute__((unused)) *unused) void __attribute__((destructor)) procattr_destructor(void); -void hidden __attribute__((destructor)) procattr_destructor(void) +void __attribute__((destructor)) procattr_destructor(void) { if (destructor_key_initialized) __selinux_key_delete(destructor_key); @@ -345,22 +345,3 @@ all_selfattr_def(con, current) all_selfattr_def(sockcreatecon, sockcreate) all_selfattr_def(keycreatecon, keycreate) - hidden_def(getcon_raw) - hidden_def(getcon) - hidden_def(getexeccon_raw) - hidden_def(getfilecon_raw) - hidden_def(getfilecon) - hidden_def(getfscreatecon_raw) - hidden_def(getkeycreatecon_raw) - hidden_def(getpeercon_raw) - hidden_def(getpidcon_raw) - hidden_def(getprevcon_raw) - hidden_def(getprevcon) - hidden_def(getsockcreatecon_raw) - hidden_def(setcon_raw) - hidden_def(setexeccon_raw) - hidden_def(setexeccon) - hidden_def(setfilecon_raw) - hidden_def(setfscreatecon_raw) - hidden_def(setkeycreatecon_raw) - hidden_def(setsockcreatecon_raw) diff --git a/libselinux/src/regex.h b/libselinux/src/regex.h index 6732b349984c..10c3df7856e1 100644 --- a/libselinux/src/regex.h +++ b/libselinux/src/regex.h @@ -10,7 +10,6 @@ #include #endif -#include "dso.h" enum { REGEX_MATCH, REGEX_MATCH_PARTIAL, @@ -42,7 +41,7 @@ struct mmap_area; * expressions are not portable across architectures that do not have a * matching arch-string. */ -char const *regex_arch_string(void) hidden; +char const *regex_arch_string(void) ; /** * regex_verison returns the version string of the underlying regular @@ -55,12 +54,12 @@ char const *regex_arch_string(void) hidden; * * It may return NULL on error. */ -char const *regex_version(void) hidden; +char const *regex_version(void) ; /** * This constructor function allocates a buffer for a regex_data structure. * The buffer is being initialized with zeroes. */ -struct regex_data *regex_data_create(void) hidden; +struct regex_data *regex_data_create(void) ; /** * This complementary destructor function frees the a given regex_data buffer. * It also frees any non NULL member pointers with the appropriate pcreX_X_free @@ -68,7 +67,7 @@ struct regex_data *regex_data_create(void) hidden; * the pcre_extra data conditionally. Calling this function on a NULL pointer is * save. */ -void regex_data_free(struct regex_data *regex) hidden; +void regex_data_free(struct regex_data *regex) ; /** * This function compiles the regular expression. Additionally, it prepares * data structures required by the different underlying engines. For PCRE @@ -88,7 +87,7 @@ void regex_data_free(struct regex_data *regex) hidden; * @retval -1 on error */ int regex_prepare_data(struct regex_data **regex, char const *pattern_string, - struct regex_error_data *errordata) hidden; + struct regex_error_data *errordata) ; /** * This function loads a serialized precompiled pattern from a contiguous * data region given by map_area. @@ -109,7 +108,7 @@ int regex_prepare_data(struct regex_data **regex, char const *pattern_string, int regex_load_mmap(struct mmap_area *map_area, struct regex_data **regex, int do_load_precompregex, - bool *regex_compiled) hidden; + bool *regex_compiled) ; /** * This function stores a precompiled regular expression to a file. * In the case of PCRE, it just dumps the binary representation of the @@ -122,7 +121,7 @@ int regex_load_mmap(struct mmap_area *map_area, * the output file (ignored by PCRE1 back-end). */ int regex_writef(struct regex_data *regex, FILE *fp, - int do_write_precompregex) hidden; + int do_write_precompregex) ; /** * This function applies a precompiled pattern to a subject string and * returns whether or not a match was found. @@ -139,7 +138,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, * regular expression */ int regex_match(struct regex_data *regex, char const *subject, - int partial) hidden; + int partial) ; /** * This function compares two compiled regular expressions (regex1 and regex2). * It compares the binary representations of the compiled patterns. It is a very @@ -150,7 +149,7 @@ int regex_match(struct regex_data *regex, char const *subject, * the same * @retval SELABEL_INCOMPARABLE otherwise */ -int regex_cmp(struct regex_data *regex1, struct regex_data *regex2) hidden; +int regex_cmp(struct regex_data *regex1, struct regex_data *regex2) ; /** * This function takes the error data returned by regex_prepare_data and turns * it in to a human readable error message. @@ -163,5 +162,5 @@ int regex_cmp(struct regex_data *regex1, struct regex_data *regex2) hidden; * @arg buf_size Total size of the given buffer in bytes. */ void regex_format_error(struct regex_error_data const *error_data, char *buffer, - size_t buf_size) hidden; + size_t buf_size) ; #endif /* SRC_REGEX_H_ */ diff --git a/libselinux/src/reject_unknown.c b/libselinux/src/reject_unknown.c index 5c1d36053812..96e60be396ea 100644 --- a/libselinux/src/reject_unknown.c +++ b/libselinux/src/reject_unknown.c @@ -37,4 +37,3 @@ int security_reject_unknown(void) return reject_unknown; } -hidden_def(security_reject_unknown); diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c index 55d4e039ea41..c5c557fd3492 100644 --- a/libselinux/src/selinux_check_securetty_context.c +++ b/libselinux/src/selinux_check_securetty_context.c @@ -50,4 +50,3 @@ int selinux_check_securetty_context(const char * tty_context) return found; } -hidden_def(selinux_check_securetty_context) diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index b16a3851ad4a..6c5238953cb1 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -128,7 +128,6 @@ int selinux_getenforcemode(int *enforce) return ret; } -hidden_def(selinux_getenforcemode) static char *selinux_policytype; @@ -141,7 +140,6 @@ int selinux_getpolicytype(char **type) return *type ? 0 : -1; } -hidden_def(selinux_getpolicytype) static int setpolicytype(const char *type) { @@ -249,7 +247,6 @@ void selinux_reset_config(void) init_selinux_config(); } -hidden_def(selinux_reset_config) static const char *get_path(int idx) { @@ -262,7 +259,6 @@ const char *selinux_default_type_path(void) return get_path(DEFAULT_TYPE); } -hidden_def(selinux_default_type_path) const char *selinux_policy_root(void) { @@ -305,42 +301,36 @@ const char *selinux_path(void) return selinux_rootpath; } -hidden_def(selinux_path) const char *selinux_default_context_path(void) { return get_path(DEFAULT_CONTEXTS); } -hidden_def(selinux_default_context_path) const char *selinux_securetty_types_path(void) { return get_path(SECURETTY_TYPES); } -hidden_def(selinux_securetty_types_path) const char *selinux_failsafe_context_path(void) { return get_path(FAILSAFE_CONTEXT); } -hidden_def(selinux_failsafe_context_path) const char *selinux_removable_context_path(void) { return get_path(REMOVABLE_CONTEXT); } -hidden_def(selinux_removable_context_path) const char *selinux_binary_policy_path(void) { return get_path(BINPOLICY); } -hidden_def(selinux_binary_policy_path) const char *selinux_current_policy_path(void) { @@ -365,35 +355,30 @@ const char *selinux_current_policy_path(void) return policy_path; } -hidden_def(selinux_current_policy_path) const char *selinux_file_context_path(void) { return get_path(FILE_CONTEXTS); } -hidden_def(selinux_file_context_path) const char *selinux_homedir_context_path(void) { return get_path(HOMEDIR_CONTEXTS); } -hidden_def(selinux_homedir_context_path) const char *selinux_media_context_path(void) { return get_path(MEDIA_CONTEXTS); } -hidden_def(selinux_media_context_path) const char *selinux_customizable_types_path(void) { return get_path(CUSTOMIZABLE_TYPES); } -hidden_def(selinux_customizable_types_path) const char *selinux_contexts_path(void) { @@ -405,7 +390,6 @@ const char *selinux_user_contexts_path(void) return get_path(USER_CONTEXTS); } -hidden_def(selinux_user_contexts_path) /* Deprecated as local policy booleans no longer supported. */ const char *selinux_booleans_path(void) @@ -413,7 +397,6 @@ const char *selinux_booleans_path(void) return get_path(BOOLEANS); } -hidden_def(selinux_booleans_path) /* Deprecated as no longer supported. */ const char *selinux_users_path(void) @@ -421,127 +404,108 @@ const char *selinux_users_path(void) return get_path(USERS_DIR); } -hidden_def(selinux_users_path) const char *selinux_usersconf_path(void) { return get_path(SEUSERS); } -hidden_def(selinux_usersconf_path) const char *selinux_translations_path(void) { return get_path(TRANSLATIONS); } -hidden_def(selinux_translations_path) const char *selinux_colors_path(void) { return get_path(COLORS); } -hidden_def(selinux_colors_path) const char *selinux_netfilter_context_path(void) { return get_path(NETFILTER_CONTEXTS); } -hidden_def(selinux_netfilter_context_path) const char *selinux_file_context_homedir_path(void) { return get_path(FILE_CONTEXTS_HOMEDIR); } -hidden_def(selinux_file_context_homedir_path) const char *selinux_file_context_local_path(void) { return get_path(FILE_CONTEXTS_LOCAL); } -hidden_def(selinux_file_context_local_path) const char *selinux_x_context_path(void) { return get_path(X_CONTEXTS); } -hidden_def(selinux_x_context_path) const char *selinux_virtual_domain_context_path(void) { return get_path(VIRTUAL_DOMAIN); } -hidden_def(selinux_virtual_domain_context_path) const char *selinux_virtual_image_context_path(void) { return get_path(VIRTUAL_IMAGE); } -hidden_def(selinux_virtual_image_context_path) const char *selinux_lxc_contexts_path(void) { return get_path(LXC_CONTEXTS); } -hidden_def(selinux_lxc_contexts_path) const char *selinux_openrc_contexts_path(void) { return get_path(OPENRC_CONTEXTS); } -hidden_def(selinux_openrc_contexts_path) const char *selinux_openssh_contexts_path(void) { return get_path(OPENSSH_CONTEXTS); } -hidden_def(selinux_openssh_contexts_path) const char *selinux_snapperd_contexts_path(void) { return get_path(SNAPPERD_CONTEXTS); } -hidden_def(selinux_snapperd_contexts_path) const char *selinux_systemd_contexts_path(void) { return get_path(SYSTEMD_CONTEXTS); } -hidden_def(selinux_systemd_contexts_path) const char * selinux_booleans_subs_path(void) { return get_path(BOOLEAN_SUBS); } -hidden_def(selinux_booleans_subs_path) const char * selinux_file_context_subs_path(void) { return get_path(FILE_CONTEXT_SUBS); } -hidden_def(selinux_file_context_subs_path) const char * selinux_file_context_subs_dist_path(void) { return get_path(FILE_CONTEXT_SUBS_DIST); } -hidden_def(selinux_file_context_subs_dist_path) const char *selinux_sepgsql_context_path(void) { return get_path(SEPGSQL_CONTEXTS); } -hidden_def(selinux_sepgsql_context_path) diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h index 61b78aaa7c10..27e9ac532c3f 100644 --- a/libselinux/src/selinux_internal.h +++ b/libselinux/src/selinux_internal.h @@ -1,116 +1,9 @@ #include #include -#include "dso.h" - -hidden_proto(selinux_mkload_policy) - hidden_proto(fini_selinuxmnt) - hidden_proto(set_selinuxmnt) - hidden_proto(selinuxfs_exists) - hidden_proto(security_disable) - hidden_proto(security_policyvers) - hidden_proto(security_load_policy) - hidden_proto(security_get_boolean_active) - hidden_proto(security_get_boolean_names) - hidden_proto(security_set_boolean) - hidden_proto(security_commit_booleans) - hidden_proto(security_check_context) - hidden_proto(security_check_context_raw) - hidden_proto(security_canonicalize_context) - hidden_proto(security_canonicalize_context_raw) - hidden_proto(security_compute_av) - hidden_proto(security_compute_av_raw) - hidden_proto(security_compute_av_flags) - hidden_proto(security_compute_av_flags_raw) - hidden_proto(security_compute_user) - hidden_proto(security_compute_user_raw) - hidden_proto(security_compute_create) - hidden_proto(security_compute_create_raw) - hidden_proto(security_compute_create_name) - hidden_proto(security_compute_create_name_raw) - hidden_proto(security_compute_member_raw) - hidden_proto(security_compute_relabel_raw) - hidden_proto(security_validatetrans) - hidden_proto(security_validatetrans_raw) - hidden_proto(is_selinux_enabled) - hidden_proto(is_selinux_mls_enabled) - hidden_proto(freecon) - hidden_proto(freeconary) - hidden_proto(getprevcon) - hidden_proto(getprevcon_raw) - hidden_proto(getcon) - hidden_proto(getcon_raw) - hidden_proto(setcon_raw) - hidden_proto(getpeercon_raw) - hidden_proto(getpidcon_raw) - hidden_proto(getexeccon_raw) - hidden_proto(getfilecon) - hidden_proto(getfilecon_raw) - hidden_proto(lgetfilecon_raw) - hidden_proto(fgetfilecon_raw) - hidden_proto(setfilecon_raw) - hidden_proto(lsetfilecon_raw) - hidden_proto(fsetfilecon_raw) - hidden_proto(setexeccon) - hidden_proto(setexeccon_raw) - hidden_proto(getfscreatecon_raw) - hidden_proto(getkeycreatecon_raw) - hidden_proto(getsockcreatecon_raw) - hidden_proto(setfscreatecon_raw) - hidden_proto(setkeycreatecon_raw) - hidden_proto(setsockcreatecon_raw) - hidden_proto(security_getenforce) - hidden_proto(security_setenforce) - hidden_proto(security_deny_unknown) - hidden_proto(security_reject_unknown) - hidden_proto(security_get_checkreqprot) - hidden_proto(selinux_boolean_sub) - hidden_proto(selinux_current_policy_path) - hidden_proto(selinux_binary_policy_path) - hidden_proto(selinux_booleans_subs_path) - hidden_proto(selinux_default_context_path) - hidden_proto(selinux_securetty_types_path) - hidden_proto(selinux_failsafe_context_path) - hidden_proto(selinux_removable_context_path) - hidden_proto(selinux_virtual_domain_context_path) - hidden_proto(selinux_virtual_image_context_path) - hidden_proto(selinux_lxc_contexts_path) - hidden_proto(selinux_file_context_path) - hidden_proto(selinux_file_context_homedir_path) - hidden_proto(selinux_file_context_local_path) - hidden_proto(selinux_file_context_subs_dist_path) - hidden_proto(selinux_file_context_subs_path) - hidden_proto(selinux_netfilter_context_path) - hidden_proto(selinux_homedir_context_path) - hidden_proto(selinux_user_contexts_path) - hidden_proto(selinux_booleans_path) - hidden_proto(selinux_customizable_types_path) - hidden_proto(selinux_media_context_path) - hidden_proto(selinux_x_context_path) - hidden_proto(selinux_sepgsql_context_path) - hidden_proto(selinux_openrc_contexts_path) - hidden_proto(selinux_openssh_contexts_path) - hidden_proto(selinux_snapperd_contexts_path) - hidden_proto(selinux_systemd_contexts_path) - hidden_proto(selinux_path) - hidden_proto(selinux_check_passwd_access) - hidden_proto(selinux_check_securetty_context) - hidden_proto(matchpathcon_init_prefix) - hidden_proto(selinux_users_path) - hidden_proto(selinux_usersconf_path); -hidden_proto(selinux_translations_path); -hidden_proto(selinux_colors_path); -hidden_proto(selinux_getenforcemode); -hidden_proto(selinux_getpolicytype); -hidden_proto(selinux_raw_to_trans_context); -hidden_proto(selinux_trans_to_raw_context); - hidden_proto(selinux_raw_context_to_color); -hidden_proto(security_get_initial_context); -hidden_proto(security_get_initial_context_raw); -hidden_proto(selinux_reset_config); -hidden_proto(selinux_flush_class_cache); - -extern int require_seusers hidden; -extern int selinux_page_size hidden; + + +extern int require_seusers ; +extern int selinux_page_size ; /* Make pthread_once optional */ #pragma weak pthread_once @@ -180,4 +73,4 @@ extern int selinux_page_size hidden; #define SELINUXDIR "/etc/selinux/" #define SELINUXCONFIG SELINUXDIR "config" -extern int has_selinux_config hidden; +extern int has_selinux_config ; diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c index 09cad3ceaf9d..a87ff2d08e30 100644 --- a/libselinux/src/setenforce.c +++ b/libselinux/src/setenforce.c @@ -34,4 +34,3 @@ int security_setenforce(int value) return 0; } -hidden_def(security_setenforce) diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c index d05969c6c2f3..bd45f12cf707 100644 --- a/libselinux/src/setfilecon.c +++ b/libselinux/src/setfilecon.c @@ -25,7 +25,6 @@ int setfilecon_raw(const char *path, const char * context) return rc; } -hidden_def(setfilecon_raw) int setfilecon(const char *path, const char *context) { diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c index fa188a824f78..52a8ba78b2ad 100644 --- a/libselinux/src/setrans_client.c +++ b/libselinux/src/setrans_client.c @@ -19,7 +19,6 @@ #include #include #include -#include "dso.h" #include "selinux_internal.h" #include "setrans_internal.h" @@ -260,7 +259,7 @@ static void setrans_thread_destructor(void __attribute__((unused)) *unused) void __attribute__((destructor)) setrans_lib_destructor(void); -void hidden __attribute__((destructor)) setrans_lib_destructor(void) +void __attribute__((destructor)) setrans_lib_destructor(void) { if (!has_setrans) return; @@ -327,7 +326,6 @@ int selinux_trans_to_raw_context(const char * trans, return *rawp ? 0 : -1; } -hidden_def(selinux_trans_to_raw_context) int selinux_raw_to_trans_context(const char * raw, char ** transp) @@ -369,7 +367,6 @@ int selinux_raw_to_trans_context(const char * raw, return *transp ? 0 : -1; } -hidden_def(selinux_raw_to_trans_context) int selinux_raw_context_to_color(const char * raw, char **transp) { @@ -410,7 +407,6 @@ int selinux_raw_context_to_color(const char * raw, char **transp) return *transp ? 0 : -1; } -hidden_def(selinux_raw_context_to_color) #else /*DISABLE_SETRANS*/ int selinux_trans_to_raw_context(const char * trans, @@ -426,7 +422,6 @@ int selinux_trans_to_raw_context(const char * trans, return *rawp ? 0 : -1; } -hidden_def(selinux_trans_to_raw_context) int selinux_raw_to_trans_context(const char * raw, char ** transp) @@ -440,5 +435,4 @@ int selinux_raw_to_trans_context(const char * raw, return *transp ? 0 : -1; } -hidden_def(selinux_raw_to_trans_context) #endif /*DISABLE_SETRANS*/ diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c index 7ec7d12c4546..fff80c1ad47b 100644 --- a/libselinux/src/seusers.c +++ b/libselinux/src/seusers.c @@ -88,7 +88,7 @@ static int process_seusers(const char *buffer, return -2; /* error */ } -int require_seusers hidden = 0; +int require_seusers = 0; #include #include diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c index 004fcd3b28c0..9a8ce01dceda 100644 --- a/libselinux/src/sha1.c +++ b/libselinux/src/sha1.c @@ -23,7 +23,6 @@ /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// #include "sha1.h" -#include "dso.h" #include /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -126,7 +125,7 @@ void // // Initialises an SHA1 Context. Use this to initialise/reset a context. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -void hidden +void Sha1Initialise ( Sha1Context* Context @@ -148,7 +147,7 @@ void hidden // Adds data to the SHA1 context. This will process the data and update the internal state of the context. Keep on // calling this function until all the data has been added. Then call Sha1Finalise to calculate the hash. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -void hidden +void Sha1Update ( Sha1Context* Context, @@ -191,7 +190,7 @@ void hidden // Performs the final calculation of the hash and returns the digest (20 byte buffer containing 160bit hash). After // calling this, Sha1Initialised must be used to reuse the context. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -void hidden +void Sha1Finalise ( Sha1Context* Context, diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c index 29757b750878..012a740a622e 100644 --- a/libselinux/src/stringrep.c +++ b/libselinux/src/stringrep.c @@ -180,7 +180,6 @@ void selinux_flush_class_cache(void) discover_class_cache = NULL; } -hidden_def(selinux_flush_class_cache) security_class_t string_to_security_class(const char *s) { diff --git a/libselinux/src/validatetrans.c b/libselinux/src/validatetrans.c index 2aa300cfd90a..66ac7405baac 100644 --- a/libselinux/src/validatetrans.c +++ b/libselinux/src/validatetrans.c @@ -57,7 +57,6 @@ out: return ret; } -hidden_def(security_validatetrans_raw) int security_validatetrans(const char *scon, const char *tcon, @@ -91,4 +90,3 @@ out: return ret; } -hidden_def(security_validatetrans) From patchwork Fri Feb 28 15:48:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11412665 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AF55813A4 for ; Fri, 28 Feb 2020 15:49:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8E4952469F for ; Fri, 28 Feb 2020 15:49:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lKo8rUZJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727060AbgB1PtM (ORCPT ); Fri, 28 Feb 2020 10:49:12 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:33043 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727053AbgB1PtM (ORCPT ); Fri, 28 Feb 2020 10:49:12 -0500 Received: by mail-pl1-f196.google.com with SMTP id ay11so1406417plb.0 for ; Fri, 28 Feb 2020 07:49:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NLCy5wAvWVD2u0F8d+QCHPjwvw2Q4FFL8KdhB7Bv9MM=; b=lKo8rUZJvvBH4BK/jm/zq90coMXUHoN8I5EC3Pr7l29ybf8AJ0u8lVQ878q5nfI4og asYyYirSOVGCAq0fKSJDlrFNIGE9vDslAAaR+d6d3OkcXilkPJeonSNYFF7R00OWJh37 HuoNA9rYBRDfsOXupEFKCoMhb1xuHOqysDQtUf5MHBum7t5ztDks+4JIBmGaIGrelQdz tu/BK3JTPU9m+YMVJgRjlHE7dRhoy1ca2rp0wqpBrH6aatLYwyvydTFCsMjaSBcYIvAb ZEtMbRTu+lfeqle7+vz6yo/R/PGRxYk9Yur5C3/ksEVwAD34OhTB3COH9PFw8Rk/tdP+ /mQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NLCy5wAvWVD2u0F8d+QCHPjwvw2Q4FFL8KdhB7Bv9MM=; b=FXZTtN9k6U4sIqkjAGDc5saeW41gIstKx7nSo1rK1hNvnmFWaCYbjKsrhhHr9JxyV0 Q7oFzmV9Tyg++0uP1yDz/w1H/RXZn8PfwF6tIHxDiQ7k5YXTDGLXjLaxEtu4SWNU6pot JUtv9jR6W2PPJC7Cq9h7DSYndkykWY+M5njj9LxrROV518AJG2lsJlIuWF49fAnx2U07 RnCKTO7d7+10WX+lMLnMO0dcfLbLIQ8R3JAVA86Kl4KUBTIoazr9APXaEgb2sUO17iYE 033uuvWBzaTAehYA1rKZVhJHWDoIaGFY5BBLOfIVNDREA9EIzy+5vslXv8d7DhMW7s/5 KVbw== X-Gm-Message-State: APjAAAVIAtJ51TxsDSQawXLh3RRJmin9nrTuM2q6nomCsX9GRTT4UNC4 c4ESiGSxUDJNijAxLzYzC7HSzyE+ X-Google-Smtp-Source: APXvYqw44DiSLBRQWlRENgEqlV9R+HSRJeIgmsWVBWJYhxQqPR98aiLWRi4k7naoU6gd7EjG32LB6A== X-Received: by 2002:a17:902:9889:: with SMTP id s9mr4280453plp.252.1582904950604; Fri, 28 Feb 2020 07:49:10 -0800 (PST) Received: from localhost.localdomain ([134.134.137.79]) by smtp.gmail.com with ESMTPSA id w18sm12091796pfq.167.2020.02.28.07.49.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2020 07:49:10 -0800 (PST) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: selinux@vger.kernel.org, drepper@redhat.com, omosnace@redhat.com, stephen.smalley.work@gmail.com, plautrba@redhat.com Cc: William Roberts Subject: [PATCH v3 2/4] Makefile: add -fno-semantic-interposition Date: Fri, 28 Feb 2020 09:48:55 -0600 Message-Id: <20200228154857.587-3-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228154857.587-1-william.c.roberts@intel.com> References: <20200227230129.31166-1-william.c.roberts@intel.com> <20200228154857.587-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts Add -fno-semantic-interposition to CFLAGS. This will restore the DSO infrastructures protections to insure internal callers of exported symbols call into libselinux and not something laoding first in the library list. Clang has this enabled by default. Signed-off-by: William Roberts --- libselinux/src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 7f5a5d7418e9..c76110fbc650 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -65,7 +65,7 @@ EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nan -Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \ -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \ -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \ - -Wstrict-overflow=5 + -Wstrict-overflow=5 -fno-semantic-interposition else EXTRA_CFLAGS = -Wunused-command-line-argument endif From patchwork Fri Feb 28 15:48:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11412669 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 738D1930 for ; Fri, 28 Feb 2020 15:49:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 41B152469D for ; Fri, 28 Feb 2020 15:49:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="tdoV/oVL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727053AbgB1PtP (ORCPT ); Fri, 28 Feb 2020 10:49:15 -0500 Received: from mail-pl1-f193.google.com ([209.85.214.193]:44613 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726971AbgB1PtO (ORCPT ); Fri, 28 Feb 2020 10:49:14 -0500 Received: by mail-pl1-f193.google.com with SMTP id d9so1385447plo.11 for ; Fri, 28 Feb 2020 07:49:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SZ01Fnxq9sYsqmjA4p/IPkFnBloZno7WjAPGZcixsEA=; b=tdoV/oVLFDkrCPoBh5z8BYCn5yeBII4Ekgpa8Z3+E8BIXGEWtstlIPtdItxK/aIERP tsENRQt3f+IbRwQxO1TQKmPzDKhVCwcqmXBrDpsMFPLzwcACqRxr7tF+r2ZZyUXv/XOA YGe5dNLMM6V2oqWT5X6SBhdDRaYfyB2dhMBmWjSSDnZar7SsKwNSMg+LfBQ6FNZYxBa/ RCKBj00OU65HHE/o3ZQO2cg4J6QENA6WHIZOo5g7HSi2XXjXdFg8e3QWO3x6iM6tQzre V559ge2AWEDP6cgzRUV+OlLo4b9c0b75aUlFCfOgAjZt8ibH2BsSdtFyZymq9zLve9G1 lBeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SZ01Fnxq9sYsqmjA4p/IPkFnBloZno7WjAPGZcixsEA=; b=fyFiaNnLrHt/ijHKm+Lf2g2cYi+4JghchPY/dSUJ4V/e7Iw3XGFh6Oy76qZvdK9HHX eos2+Yg+jtTb8ZIteSjW028yxYD+i0+9CY4T50QEsNf160SAKvQHPC6dXJSBw4VheLvj 8doYWVPvcZpqgJmEYxd+xDXlM5K71cv6OgeJKggLxD5gxrDlcj4wvrBbP23rXDcOxI2w BUVvxreL9HSFWslYF4/3/NFUHJRAakQL0uuPfoiBIedTosKarDwg4Ym3fGewOl/u7Fxw c1Yx/1O1hx7VKOB6IpJGctDRP0Aq+bTg1jg1CxUuaeC/2klVN+CZNvf0vPLZoKHq/VQ0 QGeQ== X-Gm-Message-State: APjAAAXUIWEut8JNtmgoDFZNOJoE2z5Yszs+KMMXYkAnKWwYp9IEHKdO Cv+jL8TnOzuBmZxFVrtMB/SqIyuU X-Google-Smtp-Source: APXvYqzxbqZoMyAj8DpK67r/c4+xSOHWLr7BcWuAnHHMkfzvoqej2NuMcVVChLcBSIKsE9MlEHJW6g== X-Received: by 2002:a17:902:9342:: with SMTP id g2mr4460919plp.339.1582904953014; Fri, 28 Feb 2020 07:49:13 -0800 (PST) Received: from localhost.localdomain ([134.134.137.79]) by smtp.gmail.com with ESMTPSA id w18sm12091796pfq.167.2020.02.28.07.49.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2020 07:49:12 -0800 (PST) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: selinux@vger.kernel.org, drepper@redhat.com, omosnace@redhat.com, stephen.smalley.work@gmail.com, plautrba@redhat.com Cc: William Roberts Subject: [PATCH v3 3/4] Makefile: add linker script to minimize exports Date: Fri, 28 Feb 2020 09:48:56 -0600 Message-Id: <20200228154857.587-4-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228154857.587-1-william.c.roberts@intel.com> References: <20200227230129.31166-1-william.c.roberts@intel.com> <20200228154857.587-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts Add a linker script that exports only what was previosly exported by libselinux. This was checked by generating an old export map (from master): nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map Then creating a new one for this library after this patch is applied: nm --defined-only -g ./src/libselinux.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map And diffing them: diff old.map new.map Fixes: #179 Signed-off-by: William Roberts --- libselinux/src/Makefile | 2 +- libselinux/src/libselinux.map | 249 ++++++++++++++++++++++++++++++++++ 2 files changed, 250 insertions(+), 1 deletion(-) create mode 100644 libselinux/src/libselinux.map diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index c76110fbc650..f74dbeb983dd 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -90,7 +90,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi -Werror -Wno-aggregate-return -Wno-redundant-decls \ $(EXTRA_CFLAGS) -LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro +LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro-Wl,--version-script=libselinux.map ifeq ($(OS), Darwin) override CFLAGS += -I/opt/local/include diff --git a/libselinux/src/libselinux.map b/libselinux/src/libselinux.map new file mode 100644 index 000000000000..73f4c072af02 --- /dev/null +++ b/libselinux/src/libselinux.map @@ -0,0 +1,249 @@ +LIBSELINUX_1.0 { + global: + avc_add_callback; + avc_audit; + avc_av_stats; + avc_cache_stats; + avc_cleanup; + avc_compute_create; + avc_compute_member; + avc_context_to_sid; + avc_context_to_sid_raw; + avc_destroy; + avc_get_initial_sid; + avc_has_perm; + avc_has_perm_noaudit; + avc_init; + avc_netlink_acquire_fd; + avc_netlink_check_nb; + avc_netlink_close; + avc_netlink_loop; + avc_netlink_open; + avc_netlink_release_fd; + avc_open; + avc_reset; + avc_sid_stats; + avc_sid_to_context; + avc_sid_to_context_raw; + checkPasswdAccess; + context_free; + context_new; + context_range_get; + context_range_set; + context_role_get; + context_role_set; + context_str; + context_type_get; + context_type_set; + context_user_get; + context_user_set; + dir_xattr_list; + fgetfilecon; + fgetfilecon_raw; + fini_selinuxmnt; + freecon; + freeconary; + fsetfilecon; + fsetfilecon_raw; + getcon; + getcon_raw; + get_default_context; + get_default_context_with_level; + get_default_context_with_role; + get_default_context_with_rolelevel; + get_default_type; + getexeccon; + getexeccon_raw; + getfilecon; + getfilecon_raw; + getfscreatecon; + getfscreatecon_raw; + getkeycreatecon; + getkeycreatecon_raw; + get_ordered_context_list; + get_ordered_context_list_with_level; + getpeercon; + getpeercon_raw; + getpidcon; + getpidcon_raw; + getprevcon; + getprevcon_raw; + getseuser; + getseuserbyname; + getsockcreatecon; + getsockcreatecon_raw; + is_context_customizable; + is_selinux_enabled; + is_selinux_mls_enabled; + lgetfilecon; + lgetfilecon_raw; + lsetfilecon; + lsetfilecon_raw; + manual_user_enter_context; + map_class; + map_decision; + map_perm; + matchmediacon; + matchpathcon; + matchpathcon_checkmatches; + matchpathcon_filespec_add; + matchpathcon_filespec_destroy; + matchpathcon_filespec_eval; + matchpathcon_fini; + matchpathcon_index; + matchpathcon_init; + matchpathcon_init_prefix; + mode_to_security_class; + myprintf_compat; + print_access_vector; + query_user_context; + realpath_not_final; + rpm_execcon; + security_av_perm_to_string; + security_av_string; + security_canonicalize_context; + security_canonicalize_context_raw; + security_check_context; + security_check_context_raw; + security_class_to_string; + security_commit_booleans; + security_compute_av; + security_compute_av_flags; + security_compute_av_flags_raw; + security_compute_av_raw; + security_compute_create; + security_compute_create_name; + security_compute_create_name_raw; + security_compute_create_raw; + security_compute_member; + security_compute_member_raw; + security_compute_relabel; + security_compute_relabel_raw; + security_compute_user; + security_compute_user_raw; + security_deny_unknown; + security_disable; + security_get_boolean_active; + security_get_boolean_names; + security_get_boolean_pending; + security_get_checkreqprot; + security_getenforce; + security_get_initial_context; + security_get_initial_context_raw; + security_load_booleans; + security_load_policy; + security_policyvers; + security_reject_unknown; + security_set_boolean; + security_set_boolean_list; + security_setenforce; + security_validatetrans; + security_validatetrans_raw; + selabel_close; + selabel_cmp; + selabel_digest; + selabel_get_digests_all_partial_matches; + selabel_hash_all_partial_matches; + selabel_lookup; + selabel_lookup_best_match; + selabel_lookup_best_match_raw; + selabel_lookup_raw; + selabel_open; + selabel_partial_match; + selabel_stats; + selinux_binary_policy_path; + selinux_booleans_path; + selinux_booleans_subs_path; + selinux_boolean_sub; + selinux_check_access; + selinux_check_passwd_access; + selinux_check_securetty_context; + selinux_colors_path; + selinux_contexts_path; + selinux_current_policy_path; + selinux_customizable_types_path; + selinux_default_context_path; + selinux_default_type_path; + selinux_failsafe_context_path; + selinux_file_context_cmp; + selinux_file_context_homedir_path; + selinux_file_context_local_path; + selinux_file_context_path; + selinux_file_context_subs_dist_path; + selinux_file_context_subs_path; + selinux_file_context_verify; + selinux_flush_class_cache; + selinuxfs_exists; + selinux_get_callback; + selinux_getenforcemode; + selinux_getpolicytype; + selinux_homedir_context_path; + selinux_init_load_policy; + selinux_lsetfilecon_default; + selinux_lxc_contexts_path; + selinux_media_context_path; + selinux_mkload_policy; + selinux_mnt; + selinux_netfilter_context_path; + selinux_openrc_contexts_path; + selinux_openssh_contexts_path; + selinux_path; + selinux_policy_root; + selinux_raw_context_to_color; + selinux_raw_to_trans_context; + selinux_removable_context_path; + selinux_reset_config; + selinux_restorecon; + selinux_restorecon_default_handle; + selinux_restorecon_set_alt_rootpath; + selinux_restorecon_set_exclude_list; + selinux_restorecon_set_sehandle; + selinux_restorecon_xattr; + selinux_securetty_types_path; + selinux_sepgsql_context_path; + selinux_set_callback; + selinux_set_mapping; + selinux_set_policy_root; + selinux_snapperd_contexts_path; + selinux_status_close; + selinux_status_deny_unknown; + selinux_status_getenforce; + selinux_status_open; + selinux_status_policyload; + selinux_status_updated; + selinux_systemd_contexts_path; + selinux_translations_path; + selinux_trans_to_raw_context; + selinux_user_contexts_path; + selinux_usersconf_path; + selinux_users_path; + selinux_virtual_domain_context_path; + selinux_virtual_image_context_path; + selinux_x_context_path; + setcon; + setcon_raw; + setexeccon; + setexeccon_raw; + setexecfilecon; + setfilecon; + setfilecon_raw; + setfscreatecon; + setfscreatecon_raw; + setkeycreatecon; + setkeycreatecon_raw; + set_matchpathcon_canoncon; + set_matchpathcon_flags; + set_matchpathcon_invalidcon; + set_matchpathcon_printf; + set_selinuxmnt; + setsockcreatecon; + setsockcreatecon_raw; + sidget; + sidput; + string_to_av_perm; + string_to_security_class; + unmap_class; + unmap_perm; + local: + *; +}; From patchwork Fri Feb 28 15:48:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11412671 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1E42F930 for ; Fri, 28 Feb 2020 15:49:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id EE85D2469D for ; Fri, 28 Feb 2020 15:49:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JR1i+U5L" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726971AbgB1PtQ (ORCPT ); Fri, 28 Feb 2020 10:49:16 -0500 Received: from mail-pj1-f66.google.com ([209.85.216.66]:50251 "EHLO mail-pj1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727064AbgB1PtQ (ORCPT ); Fri, 28 Feb 2020 10:49:16 -0500 Received: by mail-pj1-f66.google.com with SMTP id r67so1459226pjb.0 for ; Fri, 28 Feb 2020 07:49:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ucs+UlypnPYhLbuEJdxhTDwfA15QUnhYt88v22w3Wk4=; b=JR1i+U5LWXm8ZlxVOu3hfs9rN8o/xowzDbfiayUv3H35TYF6vOXwvSEuetRsYVcqiF 2fK5rTPwQJMRfGYyEaU/SEJ76qGfdLWCxyXOZTKT/5sk6TWaciHUO6AJ/ulCtcii/jCz lC3y7bDcEgUeGALzATL9oz7EuivONaA6a4iGuozmzM09HA+6ETitRubypxD+7H4/Btci sVQ4dKrhN+VI+HAs2facxbUVyIrFWR74tqzYXbUh9K+Szw1763gvTZKHh3ZO//GbzgCr LLMXG7UO3b3tYhBHBKdOF3D8VrTHQTaN1u7V3BmnjQSev+/eBhG72TjVyxEs7KMmq3ub iANw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ucs+UlypnPYhLbuEJdxhTDwfA15QUnhYt88v22w3Wk4=; b=In3p2g9L3EbcV+cRXAwCRVe+PDoOLq3w4Iu8mapxTmwHAFnixni0Mw094B2iVG7BGj LKwzvNhhg7/Kj+se8aojN3SFUtVvnBpcKN4EK5gQMBxlUmX9rBdRCiz+9xZg0tSuMH1R N28R3mCov3CrABEHl3b7+5Z06fzTNXIHkSAkeNplTBn32/ajMFK9gDRPsj9CxFo0YRZ0 eRmWZglb+VCE5jFBmzqIVAwxjyX2YPank+BGa3ARazOS6mqnnM9xhKk0c1uqwokzh/aW J8q1vQGJ2TKc4OvBONIXcU7sa/lX4vc0XA+llTxtzRJjHpjonNG1v7+oLo7+WQlbTi2I 2wgg== X-Gm-Message-State: APjAAAVFJ2FZzd8FghptuRJiu1++io/y6gdM729f9BPYsajlpEP7KyJu VvKms/e11P8El0I1m4lDcRIvRZUz X-Google-Smtp-Source: APXvYqw9dJVPzmveF1lp1GuJ+vtQ4fE8Qg22zKoPPASrLGUm2Mn8Tjg4KxF1oLP/jkCQT8575SoIyw== X-Received: by 2002:a17:902:8546:: with SMTP id d6mr4677367plo.193.1582904955188; Fri, 28 Feb 2020 07:49:15 -0800 (PST) Received: from localhost.localdomain ([134.134.137.79]) by smtp.gmail.com with ESMTPSA id w18sm12091796pfq.167.2020.02.28.07.49.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2020 07:49:14 -0800 (PST) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: selinux@vger.kernel.org, drepper@redhat.com, omosnace@redhat.com, stephen.smalley.work@gmail.com, plautrba@redhat.com Cc: William Roberts Subject: [PATCH v3 4/4] libselinux: drop symbols from map Date: Fri, 28 Feb 2020 09:48:57 -0600 Message-Id: <20200228154857.587-5-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200228154857.587-1-william.c.roberts@intel.com> References: <20200227230129.31166-1-william.c.roberts@intel.com> <20200228154857.587-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts Previously, libselinux was exporting the following symbols: - dir_xattr_list; - map_class; - map_decision; - map_perm; - myprintf_compat; - unmap_class; - unmap_perm; However, these appear to be unused and can safely be dropped. This is done as a seperate commit to so it can easily be reverted seperately for any reasons. Signed-off-by: William Roberts --- libselinux/src/libselinux.map | 7 ------- 1 file changed, 7 deletions(-) diff --git a/libselinux/src/libselinux.map b/libselinux/src/libselinux.map index 73f4c072af02..2a368e93f9fd 100644 --- a/libselinux/src/libselinux.map +++ b/libselinux/src/libselinux.map @@ -37,7 +37,6 @@ LIBSELINUX_1.0 { context_type_set; context_user_get; context_user_set; - dir_xattr_list; fgetfilecon; fgetfilecon_raw; fini_selinuxmnt; @@ -80,9 +79,6 @@ LIBSELINUX_1.0 { lsetfilecon; lsetfilecon_raw; manual_user_enter_context; - map_class; - map_decision; - map_perm; matchmediacon; matchpathcon; matchpathcon_checkmatches; @@ -94,7 +90,6 @@ LIBSELINUX_1.0 { matchpathcon_init; matchpathcon_init_prefix; mode_to_security_class; - myprintf_compat; print_access_vector; query_user_context; realpath_not_final; @@ -242,8 +237,6 @@ LIBSELINUX_1.0 { sidput; string_to_av_perm; string_to_security_class; - unmap_class; - unmap_perm; local: *; };