diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2023-03-11 21:12:55 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2023-03-27 09:34:02 -0400 |
commit | a99bb21b0f824f1209c2326a8e67dce05318094c (patch) | |
tree | 7fd2526480acf12ab45ac196b8c5e38723977063 | |
parent | 2c45147cb822d73de03bc1ea9ddffd6ffccf2fc4 (diff) | |
download | meta-selinux-a99bb21b0f824f1209c2326a8e67dce05318094c.tar.gz |
libsepol: upgrade 3.4 -> 3.5
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
-rw-r--r-- | recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch | 80 | ||||
-rw-r--r-- | recipes-security/selinux/libsepol_3.5.bb (renamed from recipes-security/selinux/libsepol_3.4.bb) | 4 |
2 files changed, 1 insertions, 83 deletions
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch deleted file mode 100644 index 47c1806..0000000 --- a/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch +++ /dev/null | |||
@@ -1,80 +0,0 @@ | |||
1 | From 4831f73dd356fd72916f594dbeae44d26c93bb6b Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> | ||
3 | Date: Tue, 7 Jun 2022 17:01:45 +0200 | ||
4 | Subject: [PATCH] libsepol: fix validation of user declarations in modules | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Users are allowed to be declared in modules. Modules do not get expanded | ||
10 | leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel` | ||
11 | empty. | ||
12 | Do no validate the expanded range and level for modular polices. | ||
13 | |||
14 | Reported-by: bauen1 <j2468h@gmail.com> | ||
15 | Signed-off-by: Christian Göttsche <cgzones@googlemail.com> | ||
16 | Acked-by: James Carter <jwcart2@gmail.com> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | [https://github.com/SELinuxProject/selinux/commit/88a703399f3f44be2502fd4ecd22ac3d3c560694] | ||
20 | |||
21 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
22 | --- | ||
23 | src/policydb_validate.c | 12 ++++++------ | ||
24 | 1 file changed, 6 insertions(+), 6 deletions(-) | ||
25 | |||
26 | diff --git a/src/policydb_validate.c b/src/policydb_validate.c | ||
27 | index da18282..99d4eb7 100644 | ||
28 | --- a/src/policydb_validate.c | ||
29 | +++ b/src/policydb_validate.c | ||
30 | @@ -18,7 +18,7 @@ typedef struct validate { | ||
31 | typedef struct map_arg { | ||
32 | validate_t *flavors; | ||
33 | sepol_handle_t *handle; | ||
34 | - int mls; | ||
35 | + policydb_t *policy; | ||
36 | } map_arg_t; | ||
37 | |||
38 | static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps) | ||
39 | @@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t * | ||
40 | return -1; | ||
41 | } | ||
42 | |||
43 | -static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls) | ||
44 | +static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p) | ||
45 | { | ||
46 | if (validate_value(user->s.value, &flavors[SYM_USERS])) | ||
47 | goto bad; | ||
48 | @@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid | ||
49 | goto bad; | ||
50 | if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) | ||
51 | goto bad; | ||
52 | - if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) | ||
53 | + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) | ||
54 | goto bad; | ||
55 | - if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) | ||
56 | + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) | ||
57 | goto bad; | ||
58 | if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS])) | ||
59 | goto bad; | ||
60 | @@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k, | ||
61 | { | ||
62 | map_arg_t *margs = args; | ||
63 | |||
64 | - return validate_user_datum(margs->handle, d, margs->flavors, margs->mls); | ||
65 | + return validate_user_datum(margs->handle, d, margs->flavors, margs->policy); | ||
66 | } | ||
67 | |||
68 | static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[]) | ||
69 | @@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum | ||
70 | |||
71 | static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) | ||
72 | { | ||
73 | - map_arg_t margs = { flavors, handle, p->mls }; | ||
74 | + map_arg_t margs = { flavors, handle, p }; | ||
75 | |||
76 | if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs)) | ||
77 | goto bad; | ||
78 | -- | ||
79 | 2.25.1 | ||
80 | |||
diff --git a/recipes-security/selinux/libsepol_3.4.bb b/recipes-security/selinux/libsepol_3.5.bb index e756557..0c28e9b 100644 --- a/recipes-security/selinux/libsepol_3.4.bb +++ b/recipes-security/selinux/libsepol_3.5.bb | |||
@@ -5,14 +5,12 @@ as by programs like load_policy that need to perform specific transformations \ | |||
5 | on binary policies such as customizing policy boolean settings." | 5 | on binary policies such as customizing policy boolean settings." |
6 | SECTION = "base" | 6 | SECTION = "base" |
7 | LICENSE = "LGPL-2.0-or-later" | 7 | LICENSE = "LGPL-2.0-or-later" |
8 | LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" | 8 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343" |
9 | 9 | ||
10 | require selinux_common.inc | 10 | require selinux_common.inc |
11 | 11 | ||
12 | inherit lib_package | 12 | inherit lib_package |
13 | 13 | ||
14 | SRC_URI += "file://0001-libsepol-fix-validation-of-user-declarations-in-modu.patch" | ||
15 | |||
16 | S = "${WORKDIR}/git/libsepol" | 14 | S = "${WORKDIR}/git/libsepol" |
17 | 15 | ||
18 | DEPENDS = "flex-native" | 16 | DEPENDS = "flex-native" |