diff options
author | Nick Kralevich <nnk@google.com> | 2019-02-25 17:29:04 -0800 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2019-02-25 17:29:04 -0800 |
commit | f56b22ae19329dbe362ed41fe3d5ca3b1d468c8d (patch) | |
tree | a69077225ab87d346497741aa8f21ffd2e6f6d92 | |
parent | 66ed2dd4670df38c21b712c909b4c319506cb7bf (diff) | |
parent | 5631bbb21e81860c6e1edc3cba349a0fb1a22188 (diff) | |
download | android_external_selinux-f56b22ae19329dbe362ed41fe3d5ca3b1d468c8d.tar.gz android_external_selinux-f56b22ae19329dbe362ed41fe3d5ca3b1d468c8d.tar.bz2 android_external_selinux-f56b22ae19329dbe362ed41fe3d5ca3b1d468c8d.zip |
perfcrastination: Merge remote-tracking branch 'aosp/upstream-master' into mymerge am: 28cf7ea80d
am: 5631bbb21e
Change-Id: I229b13afb10a80d6ed362650279f66a446077722
-rw-r--r-- | gui/polgengui.py | 2 | ||||
-rw-r--r-- | gui/system-config-selinux.py | 2 | ||||
-rw-r--r-- | libselinux/src/selinux_restorecon.c | 2 | ||||
-rw-r--r-- | libsemanage/src/genhomedircon.c | 20 | ||||
-rwxr-xr-x | python/audit2allow/audit2allow | 2 | ||||
-rw-r--r-- | python/audit2allow/sepolgen-ifgen | 2 | ||||
-rwxr-xr-x | python/chcat/chcat | 2 | ||||
-rw-r--r-- | python/semanage/Makefile | 2 | ||||
-rw-r--r-- | python/semanage/semanage | 27 | ||||
-rw-r--r-- | python/semanage/seobject.py | 1 | ||||
-rwxr-xr-x | python/sepolicy/sepolicy.py | 2 | ||||
-rw-r--r-- | python/sepolicy/sepolicy/__init__.py | 2 | ||||
-rw-r--r-- | python/sepolicy/sepolicy/booleans.py | 1 | ||||
-rwxr-xr-x | python/sepolicy/sepolicy/communicate.py | 1 | ||||
-rw-r--r-- | python/sepolicy/sepolicy/generate.py | 2 | ||||
-rw-r--r-- | python/sepolicy/sepolicy/gui.py | 2 | ||||
-rw-r--r-- | python/sepolicy/sepolicy/interface.py | 2 | ||||
-rwxr-xr-x | python/sepolicy/sepolicy/manpage.py | 1 | ||||
-rwxr-xr-x | python/sepolicy/sepolicy/network.py | 1 | ||||
-rwxr-xr-x | python/sepolicy/sepolicy/transition.py | 1 | ||||
-rw-r--r-- | sandbox/sandbox | 2 |
21 files changed, 40 insertions, 39 deletions
diff --git a/gui/polgengui.py b/gui/polgengui.py index 1601dbef..b1cc9937 100644 --- a/gui/polgengui.py +++ b/gui/polgengui.py @@ -1,4 +1,4 @@ -#!/usr/bin/python -Es +#!/usr/bin/python3 -Es # # polgengui.py - GUI for SELinux Config tool in system-config-selinux # diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py index ce7c74b1..c42301b6 100644 --- a/gui/system-config-selinux.py +++ b/gui/system-config-selinux.py @@ -1,4 +1,4 @@ -#!/usr/bin/python -Es +#!/usr/bin/python3 -Es # # system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux # diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index 924d9538..5f189235 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -242,6 +242,8 @@ static int exclude_non_seclabel_mounts(void) /* Check to see if the kernel supports seclabel */ if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) return 0; + if (is_selinux_enabled() <= 0) + return 0; fp = fopen("/proc/mounts", "re"); if (!fp) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 591941fb..e5f8d371 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1077,10 +1077,24 @@ static int get_group_users(genhomedircon_settings_t * s, const char *grname = selogin + 1; - if (getgrnam_r(grname, &grstorage, grbuf, - (size_t) grbuflen, &group) != 0) { - goto cleanup; + errno = 0; + while ( + (retval = getgrnam_r(grname, &grstorage, grbuf, (size_t) grbuflen, &group)) != 0 && + errno == ERANGE + ) { + char *new_grbuf; + grbuflen *= 2; + if (grbuflen < 0) + /* the member list could exceed 2Gb on a system with a 32-bit CPU (where + * sizeof(long) = 4) - if this ever happened, the loop would become infinite. */ + goto cleanup; + new_grbuf = realloc(grbuf, grbuflen); + if (new_grbuf == NULL) + goto cleanup; + grbuf = new_grbuf; } + if (retval != 0) + goto cleanup; if (group == NULL) { ERR(s->h_semanage, "Can't find group named %s\n", grname); diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow index 18fe0a53..09b06f66 100755 --- a/python/audit2allow/audit2allow +++ b/python/audit2allow/audit2allow @@ -1,4 +1,4 @@ -#! /usr/bin/python -Es +#!/usr/bin/python3 -Es # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> # Authors: Dan Walsh <dwalsh@redhat.com> # diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen index c482f227..be2d093b 100644 --- a/python/audit2allow/sepolgen-ifgen +++ b/python/audit2allow/sepolgen-ifgen @@ -1,4 +1,4 @@ -#! /usr/bin/python -Es +#!/usr/bin/python3 -Es # # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> # diff --git a/python/chcat/chcat b/python/chcat/chcat index 5bef0073..ba398684 100755 --- a/python/chcat/chcat +++ b/python/chcat/chcat @@ -1,4 +1,4 @@ -#! /usr/bin/python -Es +#!/usr/bin/python3 -Es # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/semanage/Makefile b/python/semanage/Makefile index 2e262ef8..37065268 100644 --- a/python/semanage/Makefile +++ b/python/semanage/Makefile @@ -27,7 +27,7 @@ install: all fi ; \ done test -d $(DESTDIR)/$(PACKAGEDIR) || install -m 755 -d $(DESTDIR)/$(PACKAGEDIR) - install -m 755 seobject.py $(DESTDIR)/$(PACKAGEDIR) + install -m 644 seobject.py $(DESTDIR)/$(PACKAGEDIR) -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage diff --git a/python/semanage/semanage b/python/semanage/semanage index 4b544bfc..d6d68248 100644 --- a/python/semanage/semanage +++ b/python/semanage/semanage @@ -1,4 +1,4 @@ -#! /usr/bin/python -Es +#! /usr/bin/python3 -Es # Copyright (C) 2012-2013 Red Hat # AUTHOR: Miroslav Grepl <mgrepl@redhat.com> # AUTHOR: David Quigley <selinux@davequigley.com> @@ -609,14 +609,14 @@ def setupInterfaceParser(subparsers): def handleModule(args): OBJECT = seobject.moduleRecords(args) - if args.action == "add": - OBJECT.add(args.module_name, args.priority) - if args.action == "enable": - OBJECT.set_enabled(args.module_name, True) - if args.action == "disable": - OBJECT.set_enabled(args.module_name, False) - if args.action == "remove": - OBJECT.delete(args.module_name, args.priority) + if args.action_add: + OBJECT.add(args.action_add[0], args.priority) + if args.action_enable: + OBJECT.set_enabled(" ".join(args.action_enable), True) + if args.action_disable: + OBJECT.set_enabled(" ".join(args.action_disable), False) + if args.action_remove: + OBJECT.delete(" ".join(args.action_remove), args.priority) if args.action == "deleteall": OBJECT.deleteall() if args.action == "list": @@ -635,14 +635,13 @@ def setupModuleParser(subparsers): parser_add_priority(moduleParser, "module") mgroup = moduleParser.add_mutually_exclusive_group(required=True) - parser_add_add(mgroup, "module") parser_add_list(mgroup, "module") parser_add_extract(mgroup, "module") parser_add_deleteall(mgroup, "module") - mgroup.add_argument('-r', '--remove', dest='action', action='store_const', const='remove', help=_("Remove a module")) - mgroup.add_argument('-d', '--disable', dest='action', action='store_const', const='disable', help=_("Disable a module")) - mgroup.add_argument('-e', '--enable', dest='action', action='store_const', const='enable', help=_("Enable a module")) - moduleParser.add_argument('module_name', nargs='?', default=None, help=_('Name of the module to act on')) + mgroup.add_argument('-a', '--add', dest='action_add', action='store', nargs=1, metavar='module_name', help=_("Add a module")) + mgroup.add_argument('-r', '--remove', dest='action_remove', action='store', nargs='+', metavar='module_name', help=_("Remove a module")) + mgroup.add_argument('-d', '--disable', dest='action_disable', action='store', nargs='+', metavar='module_name', help=_("Disable a module")) + mgroup.add_argument('-e', '--enable', dest='action_enable', action='store', nargs='+', metavar='module_name', help=_("Enable a module")) moduleParser.set_defaults(func=handleModule) diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index b31a90c1..13fdf531 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -1,4 +1,3 @@ -#! /usr/bin/python -Es # Copyright (C) 2005-2013 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py index 8cc7e8cc..1934cd86 100755 --- a/python/sepolicy/sepolicy.py +++ b/python/sepolicy/sepolicy.py @@ -1,4 +1,4 @@ -#! /usr/bin/python -Es +#!/usr/bin/python3 -Es # Copyright (C) 2012 Red Hat # AUTHOR: Dan Walsh <dwalsh@redhat.com> # see file 'COPYING' for use and warranty information diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index 6f729472..6aed31bd 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -1,5 +1,3 @@ -#!/usr/bin/python - # Author: Dan Walsh <dwalsh@redhat.com> # Author: Ryan Hallisey <rhallise@redhat.com> # Author: Jason Zaman <perfinion@gentoo.org> diff --git a/python/sepolicy/sepolicy/booleans.py b/python/sepolicy/sepolicy/booleans.py index cf5f1ffc..ad07ab04 100644 --- a/python/sepolicy/sepolicy/booleans.py +++ b/python/sepolicy/sepolicy/booleans.py @@ -1,4 +1,3 @@ -#! /usr/bin/python -Es # Copyright (C) 2012 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy/communicate.py b/python/sepolicy/sepolicy/communicate.py index 299316e0..37400220 100755 --- a/python/sepolicy/sepolicy/communicate.py +++ b/python/sepolicy/sepolicy/communicate.py @@ -1,4 +1,3 @@ -#! /usr/bin/python -Es # Copyright (C) 2012 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py index 5a2195b8..019e7836 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py @@ -1,5 +1,3 @@ -#!/usr/bin/python -Es -# # Copyright (C) 2007-2012 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py index d4bf3b48..00fd7a11 100644 --- a/python/sepolicy/sepolicy/gui.py +++ b/python/sepolicy/sepolicy/gui.py @@ -1,5 +1,3 @@ -#!/usr/bin/python -Es -# # Copyright (C) 2013 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py index 27c37bb8..583091ae 100644 --- a/python/sepolicy/sepolicy/interface.py +++ b/python/sepolicy/sepolicy/interface.py @@ -1,5 +1,3 @@ -#!/usr/bin/python -Es -# # Copyright (C) 2012 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index af18b6ff..1d367962 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -1,4 +1,3 @@ -#! /usr/bin/python -Es # Copyright (C) 2012-2013 Red Hat # AUTHOR: Dan Walsh <dwalsh@redhat.com> # AUTHOR: Miroslav Grepl <mgrepl@redhat.com> diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py index 115f6b87..34267d92 100755 --- a/python/sepolicy/sepolicy/network.py +++ b/python/sepolicy/sepolicy/network.py @@ -1,4 +1,3 @@ -#! /usr/bin/python -Es # Copyright (C) 2012 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/python/sepolicy/sepolicy/transition.py b/python/sepolicy/sepolicy/transition.py index 7dea8059..6414a765 100755 --- a/python/sepolicy/sepolicy/transition.py +++ b/python/sepolicy/sepolicy/transition.py @@ -1,4 +1,3 @@ -#! /usr/bin/python -Es # Copyright (C) 2011 Red Hat # see file 'COPYING' for use and warranty information # diff --git a/sandbox/sandbox b/sandbox/sandbox index c07a1d81..1dec07ac 100644 --- a/sandbox/sandbox +++ b/sandbox/sandbox @@ -1,4 +1,4 @@ -#! /usr/bin/python -Es +#!/usr/bin/python3 -Es # Authors: Dan Walsh <dwalsh@redhat.com> # Authors: Thomas Liu <tliu@fedoraproject.org> # Authors: Josh Cogliati |