Hello community,
here is the log from the commit of package checkpolicy for openSUSE:Factory
checked in at 2014-05-21 16:18:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/checkpolicy (Old)
and /work/SRC/openSUSE:Factory/.checkpolicy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "checkpolicy"
Changes:
--------
--- /work/SRC/openSUSE:Factory/checkpolicy/checkpolicy.changes 2013-11-07
14:42:14.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.checkpolicy.new/checkpolicy.changes
2014-05-21 16:18:58.000000000 +0200
@@ -1,0 +2,9 @@
+Sun May 18 00:18:53 UTC 2014 - crrodrig...@opensuse.org
+
+- version 2.3
+* Report source file and line information for neverallow failures.
+* Prevent incompatible option combinations for checkmodule.
+* Drop -lselinux from LDLIBS for test programs; not used.
+* Add debug feature to display constraints/validatetrans from Richard Haines.
+
+-------------------------------------------------------------------
Old:
----
checkpolicy-2.2.tar.gz
New:
----
checkpolicy-2.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ checkpolicy.spec ++++++
--- /var/tmp/diff_new_pack.whZyq3/_old 2014-05-21 16:19:00.000000000 +0200
+++ /var/tmp/diff_new_pack.whZyq3/_new 2014-05-21 16:19:00.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package checkpolicy
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,20 @@
#
-%define libsepol_ver 2.2
+%define libsepol_ver 2.3
BuildRequires: bison
BuildRequires: flex-old
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
Name: checkpolicy
-Version: 2.2
+Version: 2.3
Release: 0
Url: http://userspace.selinuxproject.org/
Summary: SELinux policy compiler
License: GPL-2.0+
Group: Productivity/Security
-Source:
http://userspace.selinuxproject.org/releases/20131030/%{name}-%{version}.tar.gz
+Source:
http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
++++++ checkpolicy-2.2.tar.gz -> checkpolicy-2.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/Android.mk
new/checkpolicy-2.3/Android.mk
--- old/checkpolicy-2.2/Android.mk 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/Android.mk 2014-05-06 19:30:27.000000000 +0200
@@ -60,3 +60,18 @@
LOCAL_MODULE_CLASS := EXECUTABLES
include $(BUILD_HOST_EXECUTABLE)
+
+##
+# dispol
+#
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := dispol
+LOCAL_MODULE_TAGS := optional
+LOCAL_C_INCLUDES := $(common_includes)
+LOCAL_CFLAGS := $(common_cflags)
+LOCAL_SRC_FILES := test/dispol.c
+LOCAL_STATIC_LIBRARIES := libsepol
+LOCAL_MODULE_CLASS := EXECUTABLES
+
+include $(BUILD_HOST_EXECUTABLE)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/ChangeLog
new/checkpolicy-2.3/ChangeLog
--- old/checkpolicy-2.2/ChangeLog 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/ChangeLog 2014-05-06 19:30:27.000000000 +0200
@@ -1,3 +1,10 @@
+2.3 2014-05-06
+ * Add Android support for building dispol.
+ * Report source file and line information for neverallow failures.
+ * Prevent incompatible option combinations for checkmodule.
+ * Drop -lselinux from LDLIBS for test programs; not used.
+ * Add debug feature to display constraints/validatetrans from Richard
Haines.
+
2.2 2013-10-30
* Fix hyphen usage in man pages from Laurent Bigonville.
* handle-unknown / -U required argument fix from Laurent Bigonville.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/VERSION new/checkpolicy-2.3/VERSION
--- old/checkpolicy-2.2/VERSION 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/VERSION 2014-05-06 19:30:27.000000000 +0200
@@ -1 +1 @@
-2.2
+2.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/checkmodule.c
new/checkpolicy-2.3/checkmodule.c
--- old/checkpolicy-2.2/checkmodule.c 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/checkmodule.c 2014-05-06 19:30:27.000000000 +0200
@@ -224,8 +224,12 @@
}
if (handle_unknown && (policy_type != POLICY_BASE)) {
- printf("Handling of unknown classes and permissions is only ");
- printf("valid in the base module\n");
+ fprintf(stderr, "%s: Handling of unknown classes and
permissions is only valid in the base module.\n", argv[0]);
+ exit(1);
+ }
+
+ if (binary && (policy_type != POLICY_BASE)) {
+ fprintf(stderr, "%s: -b and -m are incompatible with each
other.\n", argv[0]);
exit(1);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/checkpolicy.c
new/checkpolicy-2.3/checkpolicy.c
--- old/checkpolicy-2.2/checkpolicy.c 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/checkpolicy.c 2014-05-06 19:30:27.000000000 +0200
@@ -377,7 +377,7 @@
int main(int argc, char **argv)
{
sepol_security_class_t tclass;
- sepol_security_id_t ssid, tsid, *sids;
+ sepol_security_id_t ssid, tsid, *sids, oldsid, newsid, tasksid;
sepol_security_context_t scontext;
struct sepol_av_decision avd;
class_datum_t *cladatum;
@@ -395,6 +395,9 @@
char *name;
int state;
int show_version = 0;
+ char *reason_buf = NULL;
+ unsigned int reason;
+ int flags;
struct policy_file pf;
struct option long_options[] = {
{"output", required_argument, NULL, 'o'},
@@ -644,6 +647,8 @@
printf("f) display conditional bools\n");
printf("g) display conditional expressions\n");
printf("h) change a boolean value\n");
+ printf("i) display constraint expressions\n");
+ printf("j) display validatetrans expressions\n");
#ifdef EQUIVTYPES
printf("z) Show equivalent types\n");
#endif
@@ -1060,6 +1065,109 @@
change_bool(name, state);
free(name);
break;
+ case 'i':
+ printf("source sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ssid = atoi(ans);
+
+ printf("target sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ tsid = atoi(ans);
+
+ printf("target class? ");
+ FGETS(ans, sizeof(ans), stdin);
+ if (isdigit(ans[0])) {
+ tclass = atoi(ans);
+ if (!tclass
+ || tclass > policydb.p_classes.nprim) {
+ printf("\nNo such class.\n");
+ break;
+ }
+ cladatum =
+ policydb.class_val_to_struct[tclass - 1];
+ } else {
+ ans[strlen(ans) - 1] = 0;
+ cladatum =
+ (class_datum_t *) hashtab_search(policydb.
+ p_classes.
+ table,
+ ans);
+ if (!cladatum) {
+ printf("\nNo such class\n");
+ break;
+ }
+ tclass = cladatum->s.value;
+ }
+
+ flags = SHOW_GRANTED;
+ if (sepol_compute_av_reason_buffer(ssid, tsid,
+ tclass, 0, &avd, &reason,
+ &reason_buf, flags)) {
+ printf("\nconstraint error\n");
+ break;
+ }
+ if (reason_buf) {
+ printf("\nConstraint expressions:\n%s",
+ reason_buf);
+ free(reason_buf);
+ } else {
+ printf("\nNo constraints found.\n");
+ }
+ break;
+ case 'j':
+ printf("old sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ oldsid = atoi(ans);
+
+ printf("new sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ newsid = atoi(ans);
+
+ printf("task sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ tasksid = atoi(ans);
+
+ printf("target class? ");
+ FGETS(ans, sizeof(ans), stdin);
+ if (isdigit(ans[0])) {
+ tclass = atoi(ans);
+ if (!tclass
+ || tclass > policydb.p_classes.nprim) {
+ printf("\nNo such class.\n");
+ break;
+ }
+ cladatum =
+ policydb.class_val_to_struct[tclass - 1];
+ } else {
+ ans[strlen(ans) - 1] = 0;
+ cladatum =
+ (class_datum_t *) hashtab_search(policydb.
+ p_classes.
+ table,
+ ans);
+ if (!cladatum) {
+ printf("\nNo such class\n");
+ break;
+ }
+ tclass = cladatum->s.value;
+ }
+
+ flags = SHOW_GRANTED;
+ if (sepol_validate_transition_reason_buffer(oldsid,
+ newsid, tasksid, tclass,
+ &reason_buf, flags)) {
+ printf("\nvalidatetrans error\n");
+ break;
+ }
+ if (reason_buf) {
+ printf("\nValidatetrans expressions:\n%s",
+ reason_buf);
+ free(reason_buf);
+ } else {
+ printf(
+ "\nNo validatetrans expressions found.\n");
+ }
+ break;
#ifdef EQUIVTYPES
case 'z':
identify_equiv_types();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/policy_define.c
new/checkpolicy-2.3/policy_define.c
--- old/checkpolicy-2.2/policy_define.c 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/policy_define.c 2014-05-06 19:30:27.000000000 +0200
@@ -38,6 +38,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdlib.h>
+#include <limits.h>
#include <sepol/policydb/expand.h>
#include <sepol/policydb/policydb.h>
@@ -60,6 +61,7 @@
extern unsigned long policydb_lineno;
extern unsigned long source_lineno;
extern unsigned int policydb_errors;
+extern char source_file[PATH_MAX];
extern int yywarn(char *msg);
extern int yyerror(char *msg);
@@ -1526,6 +1528,12 @@
avrule_init(avrule);
avrule->specified = which;
avrule->line = policydb_lineno;
+ avrule->source_line = source_lineno;
+ avrule->source_filename = strdup(source_file);
+ if (!avrule->source_filename) {
+ yyerror("out of memory");
+ return -1;
+ }
while ((id = queue_remove(id_queue))) {
if (set_types(&avrule->stypes, id, &add, 0))
@@ -1739,6 +1747,13 @@
avrule_init(avrule);
avrule->specified = which;
avrule->line = policydb_lineno;
+ avrule->source_line = source_lineno;
+ avrule->source_filename = strdup(source_file);
+ if (!avrule->source_filename) {
+ yyerror("out of memory");
+ return -1;
+ }
+
while ((id = queue_remove(id_queue))) {
if (set_types
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/policy_scan.l
new/checkpolicy-2.3/policy_scan.l
--- old/checkpolicy-2.2/policy_scan.l 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/policy_scan.l 2014-05-06 19:30:27.000000000 +0200
@@ -308,4 +308,6 @@
source_lineno = 1;
strncpy(source_file, name, sizeof(source_file)-1);
source_file[sizeof(source_file)-1] = '\0';
+ if (strlen(source_file) && source_file[strlen(source_file)-1] == '"')
+ source_file[strlen(source_file)-1] = '\0';
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/checkpolicy-2.2/test/Makefile
new/checkpolicy-2.3/test/Makefile
--- old/checkpolicy-2.2/test/Makefile 2013-10-30 17:51:19.000000000 +0100
+++ new/checkpolicy-2.3/test/Makefile 2014-05-06 19:30:27.000000000 +0200
@@ -9,7 +9,7 @@
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lfl $(LIBDIR)/libsepol.a -L$(LIBDIR)
all: dispol dismod
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
