Skip to content

GitLab

Switch branch/tag
  1. 29 Oct, 2015 1 commit
  3. 27 Oct, 2015 1 commit
    • William Roberts's avatar
      fix memory leaks and uninitialized jump · 0f520fac
      William Roberts authored 
      
Some error's were reported by valgrind (below) fix them. The test
cases on which these leaks were detected:

1. properly formed file_contexts file.
2. malformed file_contexts file, unknown type.
3. malformed file_contexts file, type that fails on validate callback.
4. malformed file_contexts file, invalid regex.
5. malformed file_contexts file, invalid mode.

==3819== Conditional jump or move depends on uninitialised value(s)
==3819==    at 0x12A682: closef (label_file.c:577)
==3819==    by 0x12A196: selabel_close (label.c:163)
==3819==    by 0x10A2FD: cleanup (checkfc.c:218)
==3819==    by 0x5089258: __run_exit_handlers (exit.c:82)
==3819==    by 0x50892A4: exit (exit.c:104)
==3819==    by 0x10A231: main (checkfc.c:361)
==3819==  Uninitialised value was created by a heap allocation
==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x12BB31: process_file (label_file.h:273)
==3819==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==3819==    by 0x12A0BB: selabel_open (label.c:88)
==3819==    by 0x10A038: main (checkfc.c:292)
==3819==
==3819==
==3819== HEAP SUMMARY:
==3819==     in use at exit: 729 bytes in 19 blocks
==3819==   total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated
==3819==
==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2
==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x50D5839: strdup (strdup.c:42)
==3819==    by 0x12A2A6: selabel_file_init (label_file.c:517)
==3819==    by 0x12A0BB: selabel_open (label.c:88)
==3819==    by 0x10A038: main (checkfc.c:292)
==3819==

==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x12A1D2: selabel_file_init (label_file.c:886)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x50D5839: strdup (strdup.c:42)
==4238==    by 0x12A2A6: selabel_file_init (label_file.c:517)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x50D5889: strndup (strndup.c:45)
==4238==    by 0x12CDDF: read_spec_entries (label_support.c:37)
==4238==    by 0x12B72D: process_file (label_file.h:392)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6
==4238==    at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x117C9B: avtab_insert_node (avtab.c:105)
==4238==    by 0x117C10: avtab_insert (avtab.c:163)
==4238==    by 0x11880A: avtab_read_item (avtab.c:566)
==4238==    by 0x118BD3: avtab_read (avtab.c:600)
==4238==    by 0x125BDD: policydb_read (policydb.c:3854)
==4238==    by 0x109F87: main (checkfc.c:273)
==4238==
==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217)
==4238==    by 0x12B239: compile_regex (label_file.h:357)
==4238==    by 0x12B9C7: process_file (label_file.h:429)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x13EBE5: pcre_study (pcre_study.c:1565)
==4238==    by 0x12B25D: compile_regex (label_file.h:366)
==4238==    by 0x12B9C7: process_file (label_file.h:429)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)

Change-Id: I2f7ed4ffbdcc3d0646f7caf66187d87347220c60
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      0f520fac
  5. 22 Oct, 2015 1 commit
  7. 14 Oct, 2015 3 commits
    • William Roberts's avatar
      Use libpackageparser · 6d5e6edc
      William Roberts authored 
      
Switch from the internal packages.list parser implementation
to a common parser library.

Change-Id: I7aee10c9395310919779ed2463aab6b2f8b380cc
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      6d5e6edc
    • Jeff Vander Stoep's avatar
      am 2857a7ec: Add privapp flag to libselinux · 04badd25
      Jeff Vander Stoep authored 
      * commit '2857a7ec':
  Add privapp flag to libselinux
      04badd25
    • Jeff Vander Stoep's avatar
      Add privapp flag to libselinux · 2857a7ec
      Jeff Vander Stoep authored 
      Run privileged apps in their own domain. Search seinfo string for
":privapp" specifier.

Motivation:
Untrusted_app is overprivileged due to the inclusion of privileged
apps like gmscore, play store and finsky. Moving these and other
privileged apps to their own domain reduces the permissions required
by untrusted_app.

A separate priv_app domain also protects priv-apps by further
isolating them from third party apps.

Bug: 22033466
Change-Id: I6e85ae13cbd130415600ecc25ef8ac053a19d0d8
      2857a7ec
  9. 10 Oct, 2015 2 commits
  11. 06 Oct, 2015 1 commit
    • William Roberts's avatar
      audit: log permissive from access decision · c49a2755
      William Roberts authored 
      
The userspace object managers were missing the permissive=0|1 as found in the
kernel logs. This is important when debugging potential policy issues.

To remedy this, add the permissive result from the access decision at the
end of the audit logs. A shortened log sample from Android:

avc:  denied  { find } <snip> tclass=service_manager permissive=1

Change-Id: Ic92852f3bad258982d8f68dc93d978612a52db04
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      c49a2755
  13. 22 Sep, 2015 2 commits
  15. 21 Sep, 2015 1 commit
    • Dan Cashman's avatar
      Enable restorecon to properly label symlinks. · 87ceb1e2
      Dan Cashman authored 
      commit: 06d45512 changed restorecon to only
operate on paths which had undergone a realpath transformation.  Unfortunately,
this made it impossible to directly restorecon a symlink, since the symlink
would be followed.  Change restorecon to only perform realpath on the directory
prefix, so that symlinks can be labeled.

Bug: 21732016
Change-Id: Iebb5d5e9c637c2ef3da5d5674f73babf094af131
      87ceb1e2
  17. 20 Sep, 2015 4 commits
  19. 19 Sep, 2015 2 commits
  21. 18 Sep, 2015 1 commit
    • dcashman's avatar
      Revert "Enable restorecon to properly label symlinks." · 02797a0e
      dcashman authored 
      This change resulted in //data being used for restorecon, rather than
/data, causing the check to fail when deciding whether or not init
should label app data files.

This reverts commit 249094fc.

Bug: 24190361
Change-Id: I803b9a644e02983c30f47b00806b52a4493801ed
      02797a0e
  23. 17 Sep, 2015 3 commits
  25. 27 Aug, 2015 6 commits
  27. 24 Aug, 2015 3 commits
  29. 13 Aug, 2015 2 commits
    • Nick Kralevich's avatar
      am 95736e8c: Merge changes from topic \'file_contexts.bin\' · 2cef6676
      Nick Kralevich authored 
      * commit '95736e8c':
  libselinux: support context validation on file_contexts.bin
  libselinux: test for file_contexts.bin format
  libselinux: add selabel_cmp interface and label_file backend
  libselinux: switch to file_contexts.bin
  libselinux: support specifying file_contexts.bin file path
  libselinux: support file_contexts.bin without file_contexts
      2cef6676
    • Nick Kralevich's avatar
      am 95736e8c: Merge changes from topic \'file_contexts.bin\' · 5f83d69a
      Nick Kralevich authored 
      * commit '95736e8c':
  libselinux: support context validation on file_contexts.bin
  libselinux: test for file_contexts.bin format
  libselinux: add selabel_cmp interface and label_file backend
  libselinux: switch to file_contexts.bin
  libselinux: support specifying file_contexts.bin file path
  libselinux: support file_contexts.bin without file_contexts
      5f83d69a
  31. 12 Aug, 2015 1 commit
    • Nick Kralevich's avatar
      Merge changes from topic 'file_contexts.bin' · 95736e8c
      Nick Kralevich authored 
      * changes:
  libselinux: support context validation on file_contexts.bin
  libselinux: test for file_contexts.bin format
  libselinux: add selabel_cmp interface and label_file backend
  libselinux: switch to file_contexts.bin
  libselinux: support specifying file_contexts.bin file path
  libselinux: support file_contexts.bin without file_contexts
      95736e8c
  33. 08 Aug, 2015 5 commits
  35. 06 Aug, 2015 1 commit
    • Stephen Smalley's avatar
      libselinux: fail hard on invalid property_contexts entries · 82216295
      Stephen Smalley authored 
      
Fail hard on any error during property_contexts (or service_contexts)
processing.  We want to catch any such errors early and not proceed
with a potentially mislabeled system.

Also remove some obsoleted tests for NULL; they were necessary
in earlier versions of the code where we were copying the strings
at this point, but no longer.

Change-Id: I98b8f88996d2ad385ad9ea13682eb11611d665ff
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      82216295