Sync up to v304
This commit is contained in:
Andy CrossGate Yan
@@ -0,0 +1,182 @@
|
||||
From 9f851c801719b45c79cd911d67ceb7e8f4cf63ab Mon Sep 17 00:00:00 2001
|
||||
From: Pierre-Hugues Husson <phh@phh.me>
|
||||
Date: Wed, 31 Mar 2021 23:32:37 +0200
|
||||
Subject: [PATCH] Workaround device/phh/treble conflict with SELinux policy
|
||||
|
||||
device/phh/treble defines the following three types (hostapd,
|
||||
sysfs_usb_supply, rpmb_device)
|
||||
However, Qualcomm Samsung Android 11 devices export those symbols as
|
||||
typealias.
|
||||
Type and typealias are fundamentally not mergeable.
|
||||
Luckily, Samsung doesn't do anything with those typealias, so we can
|
||||
simply ignore them.
|
||||
|
||||
Change-Id: I98db7e6eb55854887f90d0fd0f313fb0a19a488f
|
||||
---
|
||||
libsepol/cil/src/cil_binary.c | 8 ++++++--
|
||||
libsepol/cil/src/cil_build_ast.c | 31 ++++++++++++++++++------------
|
||||
libsepol/cil/src/cil_resolve_ast.c | 15 +++++++++++++--
|
||||
3 files changed, 38 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
|
||||
index 03d53e1f..160fd0e0 100644
|
||||
--- a/libsepol/cil/src/cil_binary.c
|
||||
+++ b/libsepol/cil/src/cil_binary.c
|
||||
@@ -515,13 +515,17 @@ int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias)
|
||||
type_datum_init(sepol_alias);
|
||||
|
||||
rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_alias->actual), &sepol_type);
|
||||
- if (rc != SEPOL_OK) goto exit;
|
||||
+ if (rc != SEPOL_OK) {
|
||||
+ cil_log(CIL_ERR, "Failed at %s:%s:%d\n", __FILE__, __FUNCTION__, __LINE__);
|
||||
+ goto exit;
|
||||
+ }
|
||||
|
||||
sepol_alias->flavor = TYPE_TYPE;
|
||||
|
||||
key = cil_strdup(cil_alias->datum.fqn);
|
||||
rc = symtab_insert(pdb, SYM_TYPES, key, sepol_alias, SCOPE_DECL, 0, NULL);
|
||||
if (rc != SEPOL_OK) {
|
||||
+ cil_log(CIL_ERR, "Failed at %s:%s:%d:%d\n", __FILE__, __FUNCTION__, __LINE__, rc);
|
||||
goto exit;
|
||||
}
|
||||
sepol_alias->s.value = sepol_type->s.value;
|
||||
@@ -3776,7 +3780,7 @@ int __cil_node_to_policydb(struct cil_tree_node *node, void *extra_args)
|
||||
|
||||
exit:
|
||||
if (rc != SEPOL_OK) {
|
||||
- cil_tree_log(node, CIL_ERR, "Binary policy creation failed");
|
||||
+ cil_tree_log(node, CIL_ERR, "Binary policy creation failed, for pass = %d, flavor = %d", pass, node->flavor);
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
|
||||
index 02cdcc65..2ba08bc6 100644
|
||||
--- a/libsepol/cil/src/cil_build_ast.c
|
||||
+++ b/libsepol/cil/src/cil_build_ast.c
|
||||
@@ -1,16 +1,16 @@
|
||||
/*
|
||||
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
|
||||
- *
|
||||
+ *
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
- *
|
||||
+ *
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
- *
|
||||
+ *
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
- *
|
||||
+ *
|
||||
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
|
||||
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
@@ -21,7 +21,7 @@
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
- *
|
||||
+ *
|
||||
* The views and conclusions contained in the software and documentation are those
|
||||
* of the authors and should not be interpreted as representing official policies,
|
||||
* either expressed or implied, of Tresys Technology, LLC.
|
||||
@@ -64,7 +64,7 @@ int cil_fill_list(struct cil_tree_node *current, enum cil_flavor flavor, struct
|
||||
CIL_SYN_END
|
||||
};
|
||||
int syntax_len = sizeof(syntax)/sizeof(*syntax);
|
||||
-
|
||||
+
|
||||
rc = __cil_verify_syntax(current, syntax, syntax_len);
|
||||
if (rc != SEPOL_OK) {
|
||||
goto exit;
|
||||
@@ -108,7 +108,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
|
||||
{
|
||||
int rc = SEPOL_ERR;
|
||||
symtab_t *symtab = NULL;
|
||||
- struct cil_symtab_datum *prev;
|
||||
+ struct cil_symtab_datum *prev = NULL;
|
||||
|
||||
rc = __cil_verify_name((const char*)key);
|
||||
if (rc != SEPOL_OK) {
|
||||
@@ -133,13 +133,20 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
|
||||
/* multiple_decls not ok, ret error */
|
||||
cil_log(CIL_ERR, "Re-declaration of %s %s\n",
|
||||
cil_node_to_string(ast_node), key);
|
||||
- if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) {
|
||||
+ if (cil_symtab_get_datum(symtab, key, &prev) == SEPOL_OK) {
|
||||
if (sflavor == CIL_SYM_BLOCKS) {
|
||||
- struct cil_tree_node *node = datum->nodes->head->data;
|
||||
+ struct cil_tree_node *node = prev->nodes->head->data;
|
||||
cil_tree_log(node, CIL_ERR, "Previous declaration");
|
||||
}
|
||||
}
|
||||
- goto exit;
|
||||
+ if(
|
||||
+ strcmp(key, "sysfs_usb_supply") == 0 ||
|
||||
+ strcmp(key, "hostapd") == 0 ||
|
||||
+ strcmp(key, "rpmb_device") == 0) {
|
||||
+ cil_log(CIL_ERR, "Ignoring...");
|
||||
+ } else {
|
||||
+ goto exit;
|
||||
+ }
|
||||
}
|
||||
/* multiple_decls is enabled and works for this datum type, add node */
|
||||
cil_list_append(prev->nodes, CIL_NODE, ast_node);
|
||||
@@ -572,7 +579,7 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st
|
||||
|
||||
while(current_perm != NULL) {
|
||||
if (current_perm->cl_head != NULL) {
|
||||
-
|
||||
+
|
||||
rc = SEPOL_ERR;
|
||||
goto exit;
|
||||
}
|
||||
@@ -5717,7 +5724,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
|
||||
return SEPOL_OK;
|
||||
|
||||
exit:
|
||||
- cil_log(CIL_ERR, "Bad ip address or netmask\n");
|
||||
+ cil_log(CIL_ERR, "Bad ip address or netmask\n");
|
||||
return rc;
|
||||
}
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
|
||||
index e72abdeb..db3f24f4 100644
|
||||
--- a/libsepol/cil/src/cil_resolve_ast.c
|
||||
+++ b/libsepol/cil/src/cil_resolve_ast.c
|
||||
@@ -512,7 +512,13 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
|
||||
}
|
||||
if (NODE(alias_datum)->flavor != alias_flavor) {
|
||||
cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name);
|
||||
- rc = SEPOL_ERR;
|
||||
+ if(
|
||||
+ strcmp(alias_datum->name, "hostapd") == 0 ||
|
||||
+ strcmp(alias_datum->name, "sysfs_usb_supply") == 0 ||
|
||||
+ strcmp(alias_datum->name, "rpmb_device") == 0)
|
||||
+ rc = 0;
|
||||
+ else
|
||||
+ rc = SEPOL_ERR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@@ -553,7 +559,12 @@ int cil_resolve_alias_to_actual(struct cil_tree_node *current, enum cil_flavor f
|
||||
int limit = 2;
|
||||
|
||||
if (alias->actual == NULL) {
|
||||
- cil_tree_log(current, CIL_ERR, "Alias declared but not used");
|
||||
+ cil_tree_log(current, CIL_ERR, "Alias %s declared but not used", a1->datum.name);
|
||||
+ if(
|
||||
+ strcmp(a1->datum.name, "hostapd") == 0 ||
|
||||
+ strcmp(a1->datum.name, "sysfs_usb_supply") == 0 ||
|
||||
+ strcmp(a1->datum.name, "rpmb_device") == 0)
|
||||
+ return SEPOL_OK;
|
||||
return SEPOL_ERR;
|
||||
}
|
||||
|
||||
--
|
||||
2.25.1
|
||||
|
||||
Reference in New Issue
Block a user