From owner-trustedbsd-cvs@FreeBSD.ORG  Thu Jan 25 15:15:02 2007
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6DF5716A402
	for <trustedbsd-cvs@freebsd.org>; Thu, 25 Jan 2007 15:15:02 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.freebsd.org (Postfix) with ESMTP id B9A2413C469
	for <trustedbsd-cvs@freebsd.org>; Thu, 25 Jan 2007 15:14:56 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by cyrus.watson.org (Postfix) with ESMTP id BE0BB4D91C
	for <trustedbsd-cvs@trustedbsd.org>;
	Thu, 25 Jan 2007 10:14:53 -0500 (EST)
Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54])
	by mx2.freebsd.org (Postfix) with ESMTP id 2A8A958C0A;
	Thu, 25 Jan 2007 15:13:45 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 21D1616A402; Thu, 25 Jan 2007 15:13:45 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D804116A404
	for <perforce@freebsd.org>; Thu, 25 Jan 2007 15:13:44 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id BBCE513C459
	for <perforce@freebsd.org>; Thu, 25 Jan 2007 15:13:44 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0PFDiF3054654
	for <perforce@freebsd.org>; Thu, 25 Jan 2007 15:13:44 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0PFDii7054649
	for perforce@freebsd.org; Thu, 25 Jan 2007 15:13:44 GMT
	(envelope-from millert@freebsd.org)
Date: Thu, 25 Jan 2007 15:13:44 GMT
Message-Id: <200701251513.l0PFDii7054649@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 113510 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2007 15:15:02 -0000

http://perforce.freebsd.org/chv.cgi?CH=113510

Change 113510 by millert@millert_macbook on 2007/01/25 15:13:13

	Update to libsemanage-1.10.0 from the NSA web site.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-parse.y#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-scan.l#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/direct_api.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/parse_utils.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/semanage_conf.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/semanage_store.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/ChangeLog#5 (text+ko) ====

@@ -1,3 +1,17 @@
+1.10.0 2007-01-18
+	* Updated version for stable branch.
+
+1.9.2 2007-01-08
+	* Merged patch to optionally reduce disk usage by removing 
+	  the backup module store and linked policy from Karl MacMillan
+	* Merged patch to correctly propagate return values in libsemanage
+
+1.9.1 2006-11-27
+	* Merged patch to compile wit -fPIC instead of -fpic from
+	  Manoj Srivastava to prevent hitting the global offest table
+	  limit. Patch changed to include libselinux and libsemanage in
+	  addition to libsepol.
+
 1.8 2006-10-17
 	* Updated version for release.
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/VERSION#5 (text+ko) ====

@@ -1,1 +1,1 @@
-1.8
+1.10.0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/Makefile#6 (text+ko) ====

@@ -1,6 +1,6 @@
 include ../../../../Makeconfig
 
-CFLAGS += -Wall -I../include -I../../libselinux/include -I../../libsepol/include
+CFLAGS += -Wall -I../include -I../../libselinux/include -I../../libsepol/include -I../../libsecompat
 
 LFLAGS = -s
 YFLAGS = -d

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-parse.y#4 (text+ko) ====

@@ -55,7 +55,7 @@
         char *s;
 }
 
-%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE
+%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
 %token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START
 %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
 %token PROG_PATH PROG_ARGS
@@ -77,6 +77,8 @@
         |       version
         |       expand_check
         |       file_mode
+        |       save_previous
+        |       save_linked
         ;
 
 module_store:   MODULE_STORE '=' ARG {
@@ -111,6 +113,30 @@
                 }
         ;
 
+save_previous:    SAVE_PREVIOUS '=' ARG {
+	                if (strcasecmp($3, "true") == 0)
+		                current_conf->save_previous = 1;
+			else if (strcasecmp($3, "false") == 0)
+				current_conf->save_previous = 0;		
+			else {
+				yyerror("save-previous can only be 'true' or 'false'");
+			}
+                }
+        ;
+
+
+save_linked:    SAVE_LINKED '=' ARG {
+	                if (strcasecmp($3, "true") == 0)
+		                current_conf->save_linked = 1;
+			else if (strcasecmp($3, "false") == 0)
+				current_conf->save_linked = 0;		
+			else {
+				yyerror("save-linked can only be 'true' or 'false'");
+			}
+                }
+        ;
+
+
 command_block: 
                 command_start external_opts BLOCK_END  {
                         if (new_external->path == NULL) {
@@ -186,6 +212,9 @@
 	conf->expand_check = 1;
 	conf->file_mode = 0644;
 
+	conf->save_previous = 0;
+	conf->save_linked = 0;
+
 	if ((conf->load_policy =
 	     calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) {
 		return -1;
@@ -283,6 +312,7 @@
 
 int semanage_error(char *msg)
 {
+	fprintf(stderr, "error parsing semanage configuration file: %s\n", msg);
 	parse_errors++;
 	return 0;
 }

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-scan.l#4 (text+ko) ====

@@ -42,6 +42,8 @@
 policy-version    return VERSION;
 expand-check      return EXPAND_CHECK;
 file-mode         return FILE_MODE;
+save-previous     return SAVE_PREVIOUS;
+save-linked       return SAVE_LINKED;
 "[load_policy]"   return LOAD_POLICY_START;
 "[setfiles]"      return SETFILES_START;
 "[genhomedircon]" return GENHOMEDIRCON_START;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/direct_api.c#4 (text+ko) ====

@@ -465,9 +465,11 @@
 
 	/* Before we do anything else, flush the join to its component parts.
 	 * This *does not* flush to disk automatically */
-	if (users->dtable->is_modified(users->dbase) &&
-	    users->dtable->flush(sh, users->dbase) < 0)
-		goto cleanup;
+	if (users->dtable->is_modified(users->dbase)) {
+		retval = users->dtable->flush(sh, users->dbase);
+		if (retval < 0)
+			goto cleanup;
+	}
 
 	/* Decide if anything was modified */
 	fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase);
@@ -495,85 +497,117 @@
 		/* =================== Module expansion =============== */
 
 		/* link all modules in the sandbox to the base module */
-		if (semanage_get_modules_names
-		    (sh, &mod_filenames, &num_modfiles) != 0
-		    || semanage_verify_modules(sh, mod_filenames,
-					       num_modfiles) == -1
-		    || semanage_link_sandbox(sh, &base) < 0) {
+		retval = semanage_get_modules_names(sh, &mod_filenames, &num_modfiles);
+		if (retval < 0)
+			goto cleanup;
+		retval = semanage_verify_modules(sh, mod_filenames, num_modfiles);
+		if (retval < 0)
+			goto cleanup;
+		retval = semanage_link_sandbox(sh, &base);
+		if (retval < 0)
 			goto cleanup;
-		}
 
-		/* write the linked base */
-		if ((linked_filename =
-		     semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED)) == NULL
-		    || semanage_write_module(sh, linked_filename, base) == -1
-		    || semanage_verify_linked(sh) != 0) {
+		/* write the linked base if we want to save or we have a
+		 * verification program that wants it. */
+		linked_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED);
+		if (linked_filename == NULL) {
+			retval = -1;
 			goto cleanup;
 		}
+		if (sh->conf->save_linked || sh->conf->linked_prog) {
+			retval = semanage_write_module(sh, linked_filename, base);
+			if (retval < 0)
+				goto cleanup;
+			retval = semanage_verify_linked(sh);
+			if (retval < 0)
+				goto cleanup;
+			/* remove the linked policy if we only wrote it for the
+			 * verification program. */
+			if (!sh->conf->save_linked) {
+				retval = unlink(linked_filename);
+				if (retval < 0) {
+					ERR(sh, "could not remove linked base %s",
+					    linked_filename);
+					goto cleanup;
+				}
+			}
+		} else {
+			/* Try to delete the linked copy - this is needed if
+			 * the save_link option has changed to prevent the
+			 * old linked copy from being copied forever. No error
+			 * checking is done because this is likely to fail because
+			 * the file does not exist - which is not an error. */
+			unlink(linked_filename);
+		}
 
 		/* ==================== File-backed ================== */
 
 		/* File Contexts */
 		/* Sort the file contexts. */
-		if (semanage_fc_sort
-		    (sh, sepol_module_package_get_file_contexts(base),
-		     sepol_module_package_get_file_contexts_len(base),
-		     &sorted_fc_buffer, &sorted_fc_buffer_len) == -1) {
+		retval = semanage_fc_sort(sh, sepol_module_package_get_file_contexts(base),
+					  sepol_module_package_get_file_contexts_len(base),
+					  &sorted_fc_buffer, &sorted_fc_buffer_len);
+		if (retval < 0)
 			goto cleanup;
-		}
 
 		/* Write the contexts (including template contexts) to a single file.  
 		 * The buffer returned by the sort function has a trailing \0 character,
 		 * which we do NOT want to write out to disk, so we pass sorted_fc_buffer_len-1. */
-		if ((ofilename =
-		     semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)) == NULL
-		    || write_file(sh, ofilename, sorted_fc_buffer,
-				  sorted_fc_buffer_len - 1) == -1) {
+		ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL);
+		if (ofilename == NULL) {
+			retval = -1;
 			goto cleanup;
 		}
+		retval = write_file(sh, ofilename, sorted_fc_buffer,
+				    sorted_fc_buffer_len - 1);
+		if (retval < 0)
+			goto cleanup;
 
 		/* Split complete and template file contexts into their separate files. */
-		if (semanage_split_fc(sh))
+		retval = semanage_split_fc(sh);
+		if (retval < 0)
 			goto cleanup;
 
 		pfcontexts->dtable->drop_cache(pfcontexts->dbase);
 
 		/* Seusers */
 		if (sepol_module_package_get_seusers_len(base)) {
-			if ((ofilename =
-			     semanage_path(SEMANAGE_TMP,
-					   SEMANAGE_SEUSERS)) == NULL
-			    || write_file(sh, ofilename,
-					  sepol_module_package_get_seusers
-					  (base),
-					  sepol_module_package_get_seusers_len
-					  (base)) == -1) {
+			ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS);
+			if (ofilename == NULL) {
+				retval = -1;
 				goto cleanup;
 			}
+			retval = write_file(sh, ofilename,
+					    sepol_module_package_get_seusers(base),
+					    sepol_module_package_get_seusers_len(base));
+			if (retval < 0)
+				goto cleanup;
+
 			pseusers->dtable->drop_cache(pseusers->dbase);
 
 		} else {
-			if (pseusers->dtable->clear(sh, pseusers->dbase) < 0)
+			retval = pseusers->dtable->clear(sh, pseusers->dbase);
+			if (retval < 0)
 				goto cleanup;
 		}
 
 		/* Users_extra */
 		if (sepol_module_package_get_user_extra_len(base)) {
-			if ((ofilename =
-			     semanage_path(SEMANAGE_TMP,
-					   SEMANAGE_USERS_EXTRA)) == NULL
-			    || write_file(sh, ofilename,
-					  sepol_module_package_get_user_extra
-					  (base),
-					  sepol_module_package_get_user_extra_len
-					  (base)) == -1) {
+			ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA);
+			if (ofilename == NULL) {
+				retval = -1;
 				goto cleanup;
 			}
+			retval = write_file(sh, ofilename,
+					    sepol_module_package_get_user_extra(base),
+					    sepol_module_package_get_user_extra_len(base));
+			if (retval < 0)
+				goto cleanup;
 			pusers_extra->dtable->drop_cache(pusers_extra->dbase);
 
 		} else {
-			if (pusers_extra->dtable->
-			    clear(sh, pusers_extra->dbase) < 0)
+			retval = pusers_extra->dtable->clear(sh, pusers_extra->dbase);
+			if (retval < 0)
 				goto cleanup;
 		}
 
@@ -601,7 +635,8 @@
 
 		/* Create new policy object, then attach to policy databases
 		 * that work with a policydb */
-		if (semanage_expand_sandbox(sh, base, &out) < 0)
+		retval = semanage_expand_sandbox(sh, base, &out);
+		if (retval < 0)
 			goto cleanup;
 
 		dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
@@ -613,13 +648,16 @@
 
 		/* ============= Apply changes, and verify  =============== */
 
-		if (semanage_base_merge_components(sh) < 0)
+		retval = semanage_base_merge_components(sh);
+		if (retval < 0)
 			goto cleanup;
 
-		if (semanage_write_policydb(sh, out) < 0)
+		retval = semanage_write_policydb(sh, out);
+		if (retval < 0)
 			goto cleanup;
 
-		if (semanage_verify_kernel(sh) != 0)
+		retval = semanage_verify_kernel(sh);
+		if (retval < 0)
 			goto cleanup;
 	}
 
@@ -633,26 +671,30 @@
 	 * merged into the main file_contexts. We won't check the 
 	 * large file_contexts - checked at compile time */
 	if (sh->do_rebuild || modified || fcontexts_modified) {
-		if (semanage_fcontext_validate_local(sh, out) < 0)
+		retval = semanage_fcontext_validate_local(sh, out);
+		if (retval < 0)
 			goto cleanup;
 	}
 
 	/* Validate local seusers against policy */
 	if (sh->do_rebuild || modified || seusers_modified) {
-		if (semanage_seuser_validate_local(sh, out) < 0)
+		retval = semanage_seuser_validate_local(sh, out);
+		if (retval < 0)
 			goto cleanup;
 	}
 
 	/* Validate local ports for overlap */
 	if (sh->do_rebuild || ports_modified) {
-		if (semanage_port_validate_local(sh) < 0)
+		retval = semanage_port_validate_local(sh);
+		if (retval < 0)
 			goto cleanup;
 	}
 
 	/* ================== Write non-policydb components ========= */
 
 	/* Commit changes to components */
-	if (semanage_commit_components(sh) < 0)
+	retval = semanage_commit_components(sh);
+	if (retval < 0)
 		goto cleanup;
 
 	retval = semanage_install_sandbox(sh);

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/parse_utils.c#3 (text+ko) ====

@@ -6,6 +6,7 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <semanage/handle.h>
+#include <secompat.h>
 #include "parse_utils.h"
 #include "debug.h"
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/semanage_conf.h#3 (text+ko) ====

@@ -35,6 +35,8 @@
 	int server_port;
 	int policyvers;		/* version for server generated policies */
 	int expand_check;
+	int save_previous;
+	int save_linked;
 	mode_t file_mode;
 	struct external_prog *load_policy;
 	struct external_prog *setfiles;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/semanage_store.c#5 (text+ko) ====

@@ -53,6 +53,7 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <limits.h>
+#include <secompat.h>
 
 #include "debug.h"
 
@@ -1223,6 +1224,14 @@
 		goto cleanup;
 	}
 
+	if (!sh->conf->save_previous) {
+		retval = semanage_remove_directory(backup);
+		if (retval < 0) {
+			ERR(sh, "Could not delete previous directory %s.", backup);
+			goto cleanup;
+		}
+	}
+
       cleanup:
 	semanage_release_active_lock(sh);
 	return retval;