2 files changed, 1 insertions, 83 deletions
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch
deleted file mode 100644
index 47c1806..0000000
--- a/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 4831f73dd356fd72916f594dbeae44d26c93bb6b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Tue, 7 Jun 2022 17:01:45 +0200
-Subject: [PATCH] libsepol: fix validation of user declarations in modules
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Users are allowed to be declared in modules. Modules do not get expanded
-leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
-empty.
-Do no validate the expanded range and level for modular polices.
-Reported-by: bauen1 <j2468h@gmail.com>
-Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
-Acked-by: James Carter <jwcart2@gmail.com>
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/88a703399f3f44be2502fd4ecd22ac3d3c560694]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- src/policydb_validate.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-diff --git a/src/policydb_validate.c b/src/policydb_validate.c
-index da18282..99d4eb7 100644
--- a/src/policydb_validate.c
-+++ b/src/policydb_validate.c
-@@ -18,7 +18,7 @@ typedef struct validate {
- typedef struct map_arg {
-        validate_t *flavors;
-        sepol_handle_t *handle;
-       int mls;
-+       policydb_t *policy;
- } map_arg_t;
- 
- static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
-@@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *
-        return -1;
- }
- 
-static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
-+static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p)
- {
-        if (validate_value(user->s.value, &flavors[SYM_USERS]))
-                goto bad;
-@@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
-                goto bad;
-        if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
-                goto bad;
-       if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
-+       if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
-                goto bad;
-       if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
-+       if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
-                goto bad;
-        if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
-                goto bad;
-@@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
- {
-        map_arg_t *margs = args;
- 
-       return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
-+       return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
- }
- 
- static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
-@@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
- 
- static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
- {
-       map_arg_t margs = { flavors, handle, p->mls };
-+       map_arg_t margs = { flavors, handle, p };
- 
-        if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
-                goto bad;
-- 
-2.25.1
diff --git a/recipes-security/selinux/libsepol_3.4.bb b/recipes-security/selinux/libsepol_3.5.bb
index e756557..0c28e9b 100644
--- a/recipes-security/selinux/libsepol_3.4.bb
+++ b/recipes-security/selinux/libsepol_3.5.bb
@@ -5,14 +5,12 @@ as by programs like load_policy that need to perform specific transformations \
 on binary policies such as customizing policy boolean settings."
 SECTION = "base"
 LICENSE = "LGPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343"
 require selinux_common.inc
 inherit lib_package
-SRC_URI += "file://0001-libsepol-fix-validation-of-user-declarations-in-modu.patch"
 S = "${WORKDIR}/git/libsepol"
 DEPENDS = "flex-native"

diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch deleted file mode 100644 index 47c1806..0000000 --- a/recipes-security/selinux/libsepol/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch +++ /dev/null
@@ -1,80 +0,0 @@
1	From 4831f73dd356fd72916f594dbeae44d26c93bb6b Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
3	Date: Tue, 7 Jun 2022 17:01:45 +0200
4	Subject: [PATCH] libsepol: fix validation of user declarations in modules
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	Users are allowed to be declared in modules. Modules do not get expanded
10	leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
11	empty.
12	Do no validate the expanded range and level for modular polices.
13
14	Reported-by: bauen1 <j2468h@gmail.com>
15	Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
16	Acked-by: James Carter <jwcart2@gmail.com>
17
18	Upstream-Status: Backport
19	[https://github.com/SELinuxProject/selinux/commit/88a703399f3f44be2502fd4ecd22ac3d3c560694]
20
21	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
22	---
23	src/policydb_validate.c \| 12 ++++++------
24	1 file changed, 6 insertions(+), 6 deletions(-)
25
26	diff --git a/src/policydb_validate.c b/src/policydb_validate.c
27	index da18282..99d4eb7 100644
28	--- a/src/policydb_validate.c
29	+++ b/src/policydb_validate.c
30	@@ -18,7 +18,7 @@ typedef struct validate {
31	typedef struct map_arg {
32	validate_t *flavors;
33	sepol_handle_t *handle;
34	- int mls;
35	+ policydb_t *policy;
36	} map_arg_t;
37
38	static int create_gap_ebitmap(char *val_to_name, uint32_t nprim, ebitmap_t gaps)
39	@@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t range, validate_t sens, validate_t *
40	return -1;
41	}
42
43	-static int validate_user_datum(sepol_handle_t handle, user_datum_t user, validate_t flavors[], int mls)
44	+static int validate_user_datum(sepol_handle_t handle, user_datum_t user, validate_t flavors[], policydb_t *p)
45	{
46	if (validate_value(user->s.value, &flavors[SYM_USERS]))
47	goto bad;
48	@@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t handle, user_datum_t user, valid
49	goto bad;
50	if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
51	goto bad;
52	- if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
53	+ if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
54	goto bad;
55	- if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
56	+ if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
57	goto bad;
58	if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
59	goto bad;
60	@@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
61	{
62	map_arg_t *margs = args;
63
64	- return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
65	+ return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
66	}
67
68	static int validate_bool_datum(sepol_handle_t handle, cond_bool_datum_t boolean, validate_t flavors[])
69	@@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
70
71	static int validate_datum_array_entries(sepol_handle_t handle, policydb_t p, validate_t flavors[])
72	{
73	- map_arg_t margs = { flavors, handle, p->mls };
74	+ map_arg_t margs = { flavors, handle, p };
75
76	if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
77	goto bad;
78	--
79	2.25.1
80


diff --git a/recipes-security/selinux/libsepol_3.4.bb b/recipes-security/selinux/libsepol_3.5.bb index e756557..0c28e9b 100644 --- a/recipes-security/selinux/libsepol_3.4.bb +++ b/recipes-security/selinux/libsepol_3.5.bb
@@ -5,14 +5,12 @@ as by programs like load_policy that need to perform specific transformations \
5	on binary policies such as customizing policy boolean settings."	5	on binary policies such as customizing policy boolean settings."
6	SECTION = "base"	6	SECTION = "base"
7	LICENSE = "LGPL-2.0-or-later"	7	LICENSE = "LGPL-2.0-or-later"
8	LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"	8	LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343"
9		9
10	require selinux_common.inc	10	require selinux_common.inc
11		11
12	inherit lib_package	12	inherit lib_package
13		13
14	SRC_URI += "file://0001-libsepol-fix-validation-of-user-declarations-in-modu.patch"
15
16	S = "${WORKDIR}/git/libsepol"	14	S = "${WORKDIR}/git/libsepol"
17		15
18	DEPENDS = "flex-native"	16	DEPENDS = "flex-native"