diff options
| author | Nick Kralevich <nnk@google.com> | 2019-03-29 10:15:37 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2019-03-29 10:15:37 -0700 |
| commit | 781054cc2f2ac32f1f99bccb68b0d66aa8215ea0 (patch) | |
| tree | fcaeeb6cbe3cd8dd27a9ba5ca4034583ea975a74 | |
| parent | ffb4432b9ae6fd1988f3c2c1a19ad9d606606697 (diff) | |
| parent | 42f73af5076411de3c6a5b2bed21a4fd6ae44acd (diff) | |
| download | android_external_selinux-781054cc2f2ac32f1f99bccb68b0d66aa8215ea0.tar.gz android_external_selinux-781054cc2f2ac32f1f99bccb68b0d66aa8215ea0.tar.bz2 android_external_selinux-781054cc2f2ac32f1f99bccb68b0d66aa8215ea0.zip | |
Merge remote-tracking branch 'aosp/upstream-master' into mymerge
Followed the following steps:
# In repo client
cd external/selinux
repo sync .
repo start mymerge .
git merge aosp/upstream-master --no-ff # resolve any conflicts
lunch && make -j
repo upload .
Test: compiles and boots
Change-Id: I75ccf5307012a2517c0fdf13bea806e10b8b8595
| -rw-r--r-- | checkpolicy/VERSION | 2 | ||||
| -rw-r--r-- | dbus/VERSION | 2 | ||||
| -rw-r--r-- | gui/Makefile | 6 | ||||
| -rw-r--r-- | gui/VERSION | 2 | ||||
| -rw-r--r-- | gui/modulesPage.py | 2 | ||||
| -rw-r--r-- | libselinux/VERSION | 2 | ||||
| -rw-r--r-- | libselinux/man/man3/security_getenforce.3 | 20 | ||||
| -rw-r--r-- | libselinux/man/man3/security_reject_unknown.3 | 1 | ||||
| -rw-r--r-- | libselinux/src/procattr.c | 15 | ||||
| -rw-r--r-- | libsemanage/VERSION | 2 | ||||
| -rw-r--r-- | libsepol/VERSION | 2 | ||||
| -rw-r--r-- | mcstrans/VERSION | 2 | ||||
| -rw-r--r-- | policycoreutils/VERSION | 2 | ||||
| -rw-r--r-- | python/VERSION | 2 | ||||
| -rw-r--r-- | python/sepolgen/VERSION | 2 | ||||
| -rw-r--r-- | restorecond/Makefile | 12 | ||||
| -rw-r--r-- | restorecond/VERSION | 2 | ||||
| -rw-r--r-- | restorecond/restorecond.c | 4 | ||||
| -rw-r--r-- | restorecond/restorecond.conf | 2 | ||||
| -rw-r--r-- | restorecond/restorecond.init | 2 | ||||
| -rw-r--r-- | restorecond/restorecond.service | 2 | ||||
| -rw-r--r-- | restorecond/utmpwatcher.c | 2 | ||||
| -rw-r--r-- | sandbox/VERSION | 2 | ||||
| -rw-r--r-- | secilc/VERSION | 2 | ||||
| -rw-r--r-- | semodule-utils/VERSION | 2 |
25 files changed, 59 insertions, 37 deletions
diff --git a/checkpolicy/VERSION b/checkpolicy/VERSION index 46aaabd0..8c269150 100644 --- a/checkpolicy/VERSION +++ b/checkpolicy/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/dbus/VERSION b/dbus/VERSION index 46aaabd0..8c269150 100644 --- a/dbus/VERSION +++ b/dbus/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/gui/Makefile b/gui/Makefile index c2f982de..ca965c94 100644 --- a/gui/Makefile +++ b/gui/Makefile @@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin SHAREDIR ?= $(PREFIX)/share/system-config-selinux DATADIR ?= $(PREFIX)/share MANDIR ?= $(PREFIX)/share/man +DESKTOPDIR ?= $(PREFIX)/share/applications TARGETS= \ booleansPage.py \ @@ -29,9 +30,10 @@ install: all -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ + -mkdir -p $(DESTDIR)$(DESKTOPDIR) install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) - install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) + install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8 install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 @@ -44,7 +46,7 @@ install: all install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux - install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux + install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR) -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png for i in 16 22 32 48 256; do \ diff --git a/gui/VERSION b/gui/VERSION index 46aaabd0..8c269150 100644 --- a/gui/VERSION +++ b/gui/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/gui/modulesPage.py b/gui/modulesPage.py index 34c5d9e3..cb856b2d 100644 --- a/gui/modulesPage.py +++ b/gui/modulesPage.py @@ -118,7 +118,7 @@ class modulesPage(semanagePage): def new_module(self, args): try: - Popen(["/usr/share/system-config-selinux/polgengui.py"]) + Popen(["selinux-polgengui"]) except ValueError as e: self.error(e.args[0]) diff --git a/libselinux/VERSION b/libselinux/VERSION index 46aaabd0..8c269150 100644 --- a/libselinux/VERSION +++ b/libselinux/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/libselinux/man/man3/security_getenforce.3 b/libselinux/man/man3/security_getenforce.3 index 29cf3de7..f339b8b0 100644 --- a/libselinux/man/man3/security_getenforce.3 +++ b/libselinux/man/man3/security_getenforce.3 @@ -1,6 +1,7 @@ .TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" .SH "NAME" -security_getenforce, security_setenforce, security_deny_unknown, security_get_checkreqprot\- get or set the enforcing state of SELinux +security_getenforce, security_setenforce, security_deny_unknown, security_reject_unknown, +security_get_checkreqprot \- get or set the enforcing state of SELinux . .SH "SYNOPSIS" .B #include <selinux/selinux.h> @@ -11,6 +12,8 @@ security_getenforce, security_setenforce, security_deny_unknown, security_get_ch .sp .B int security_deny_unknown(void); .sp +.B int security_reject_unknown(void); +.sp .B int security_get_checkreqprot(void); . .SH "DESCRIPTION" @@ -27,6 +30,21 @@ returned. returns 0 if SELinux treats policy queries on undefined object classes or permissions as being allowed, 1 if such queries are denied, and \-1 on error. +.BR security_reject_unknown () +returns 1 if the current policy was built with handle-unknown=reject and SELinux +would reject loading it, if it did not define all kernel object classes and +permissions. In this state, when +.BR selinux_set_mapping() +and +.BR selinux_check_access() +are used with an undefined userspace class or permission, an error is returned +and errno is set to EINVAL. + +It returns 0 if the current policy was built with handle-unknown=allow or +handle-unknown=deny. In this state, policy queries are treated according to +.BR security_deny_unknown(). +\-1 is returned on error. + .BR security_get_checkreqprot () can be used to determine whether SELinux is configured to check the protection requested by the application or the actual protection that will diff --git a/libselinux/man/man3/security_reject_unknown.3 b/libselinux/man/man3/security_reject_unknown.3 new file mode 100644 index 00000000..d59e5c2c --- /dev/null +++ b/libselinux/man/man3/security_reject_unknown.3 @@ -0,0 +1 @@ +.so man3/security_getenforce.3 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c index 48dd8aff..c6799ef2 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -22,8 +22,19 @@ static pthread_key_t destructor_key; static int destructor_key_initialized = 0; static __thread char destructor_initialized; -#ifndef __BIONIC__ -/* Bionic declares this in unistd.h and has a definition for it */ +/* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and + * has a definition for it */ +#ifdef __BIONIC__ + #define OVERRIDE_GETTID 0 +#elif !defined(__GLIBC_PREREQ) + #define OVERRIDE_GETTID 1 +#elif !__GLIBC_PREREQ(2,30) + #define OVERRIDE_GETTID 1 +#else + #define OVERRIDE_GETTID 0 +#endif + +#if OVERRIDE_GETTID static pid_t gettid(void) { return syscall(__NR_gettid); diff --git a/libsemanage/VERSION b/libsemanage/VERSION index 46aaabd0..8c269150 100644 --- a/libsemanage/VERSION +++ b/libsemanage/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/libsepol/VERSION b/libsepol/VERSION index 46aaabd0..8c269150 100644 --- a/libsepol/VERSION +++ b/libsepol/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/mcstrans/VERSION b/mcstrans/VERSION index 46aaabd0..8c269150 100644 --- a/mcstrans/VERSION +++ b/mcstrans/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/policycoreutils/VERSION b/policycoreutils/VERSION index 46aaabd0..8c269150 100644 --- a/policycoreutils/VERSION +++ b/policycoreutils/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/python/VERSION b/python/VERSION index 46aaabd0..8c269150 100644 --- a/python/VERSION +++ b/python/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/python/sepolgen/VERSION b/python/sepolgen/VERSION index 5154b3f6..8c269150 100644 --- a/python/sepolgen/VERSION +++ b/python/sepolgen/VERSION @@ -1 +1 @@ -2.6 +2.9 diff --git a/restorecond/Makefile b/restorecond/Makefile index b81f8c82..12452cd2 100644 --- a/restorecond/Makefile +++ b/restorecond/Makefile @@ -19,17 +19,7 @@ DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1) CFLAGS ?= -g -Werror -Wall -W override CFLAGS += $(DBUSFLAGS) -USE_PCRE2 ?= n -ifeq ($(USE_PCRE2),y) - PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 $(shell $(PKG_CONFIG) --cflags libpcre2-8) - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre2-8) -else - PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags libpcre) - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre) -endif -export PCRE_CFLAGS PCRE_LDLIBS - -override LDLIBS += -lselinux $(PCRE_LDLIBS) $(DBUSLIB) +override LDLIBS += -lselinux $(DBUSLIB) all: restorecond diff --git a/restorecond/VERSION b/restorecond/VERSION index 46aaabd0..8c269150 100644 --- a/restorecond/VERSION +++ b/restorecond/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/restorecond/restorecond.c b/restorecond/restorecond.c index 7b984b29..d5f70fc2 100644 --- a/restorecond/restorecond.c +++ b/restorecond/restorecond.c @@ -84,7 +84,7 @@ static void done(void) { selabel_close(r_opts.hnd); } -static const char *pidfile = "/var/run/restorecond.pid"; +static const char *pidfile = "/run/restorecond.pid"; static int write_pid_file(void) { @@ -217,7 +217,7 @@ int main(int argc, char **argv) write_pid_file(); while (watch(master_fd, watch_file) == 0) { - }; + } watch_list_free(master_fd); close(master_fd); diff --git a/restorecond/restorecond.conf b/restorecond/restorecond.conf index c64e7475..1a61ece3 100644 --- a/restorecond/restorecond.conf +++ b/restorecond/restorecond.conf @@ -2,7 +2,7 @@ /etc/resolv.conf /etc/samba/secrets.tdb /etc/updatedb.conf -/var/run/utmp +/run/utmp /var/log/wtmp /root/* /root/.ssh/* diff --git a/restorecond/restorecond.init b/restorecond/restorecond.init index 775c52b0..c1cbb247 100644 --- a/restorecond/restorecond.init +++ b/restorecond/restorecond.init @@ -9,7 +9,7 @@ # # processname: /usr/sbin/restorecond # config: /etc/selinux/restorecond.conf -# pidfile: /var/run/restorecond.pid +# pidfile: /run/restorecond.pid # # Return values according to LSB for all commands but status: # 0 - success diff --git a/restorecond/restorecond.service b/restorecond/restorecond.service index 0511a1c7..6bce99d3 100644 --- a/restorecond/restorecond.service +++ b/restorecond/restorecond.service @@ -6,7 +6,7 @@ ConditionSecurity=selinux [Service] Type=forking ExecStart=/usr/sbin/restorecond -PIDFile=/var/run/restorecond.pid +PIDFile=/run/restorecond.pid [Install] WantedBy=multi-user.target diff --git a/restorecond/utmpwatcher.c b/restorecond/utmpwatcher.c index 62ad2e98..86605203 100644 --- a/restorecond/utmpwatcher.c +++ b/restorecond/utmpwatcher.c @@ -49,7 +49,7 @@ unsigned int utmpwatcher_handle(int inotify_fd, int wd) { int changed = 0; struct utmp u; - const char *utmp_path = "/var/run/utmp"; + const char *utmp_path = "/run/utmp"; struct stringsList *prev_utmp_ptr = utmp_ptr; if (wd != utmp_wd) return -1; diff --git a/sandbox/VERSION b/sandbox/VERSION index 46aaabd0..8c269150 100644 --- a/sandbox/VERSION +++ b/sandbox/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/secilc/VERSION b/secilc/VERSION index 46aaabd0..8c269150 100644 --- a/secilc/VERSION +++ b/secilc/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 diff --git a/semodule-utils/VERSION b/semodule-utils/VERSION index 46aaabd0..8c269150 100644 --- a/semodule-utils/VERSION +++ b/semodule-utils/VERSION @@ -1 +1 @@ -2.9-rc2 +2.9 |