From 9f851c801719b45c79cd911d67ceb7e8f4cf63ab Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Wed, 31 Mar 2021 23:32:37 +0200 Subject: [PATCH] Workaround device/phh/treble conflict with SELinux policy device/phh/treble defines the following three types (hostapd, sysfs_usb_supply, rpmb_device) However, Qualcomm Samsung Android 11 devices export those symbols as typealias. Type and typealias are fundamentally not mergeable. Luckily, Samsung doesn't do anything with those typealias, so we can simply ignore them. Change-Id: I98db7e6eb55854887f90d0fd0f313fb0a19a488f --- libsepol/cil/src/cil_binary.c | 8 ++++++-- libsepol/cil/src/cil_build_ast.c | 31 ++++++++++++++++++------------ libsepol/cil/src/cil_resolve_ast.c | 15 +++++++++++++-- 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 03d53e1f..160fd0e0 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -515,13 +515,17 @@ int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias) type_datum_init(sepol_alias); rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_alias->actual), &sepol_type); - if (rc != SEPOL_OK) goto exit; + if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Failed at %s:%s:%d\n", __FILE__, __FUNCTION__, __LINE__); + goto exit; + } sepol_alias->flavor = TYPE_TYPE; key = cil_strdup(cil_alias->datum.fqn); rc = symtab_insert(pdb, SYM_TYPES, key, sepol_alias, SCOPE_DECL, 0, NULL); if (rc != SEPOL_OK) { + cil_log(CIL_ERR, "Failed at %s:%s:%d:%d\n", __FILE__, __FUNCTION__, __LINE__, rc); goto exit; } sepol_alias->s.value = sepol_type->s.value; @@ -3776,7 +3780,7 @@ int __cil_node_to_policydb(struct cil_tree_node *node, void *extra_args) exit: if (rc != SEPOL_OK) { - cil_tree_log(node, CIL_ERR, "Binary policy creation failed"); + cil_tree_log(node, CIL_ERR, "Binary policy creation failed, for pass = %d, flavor = %d", pass, node->flavor); } return rc; } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 02cdcc65..2ba08bc6 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -1,16 +1,16 @@ /* * Copyright 2011 Tresys Technology, LLC. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO @@ -21,7 +21,7 @@ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * + * * The views and conclusions contained in the software and documentation are those * of the authors and should not be interpreted as representing official policies, * either expressed or implied, of Tresys Technology, LLC. @@ -64,7 +64,7 @@ int cil_fill_list(struct cil_tree_node *current, enum cil_flavor flavor, struct CIL_SYN_END }; int syntax_len = sizeof(syntax)/sizeof(*syntax); - + rc = __cil_verify_syntax(current, syntax, syntax_len); if (rc != SEPOL_OK) { goto exit; @@ -108,7 +108,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s { int rc = SEPOL_ERR; symtab_t *symtab = NULL; - struct cil_symtab_datum *prev; + struct cil_symtab_datum *prev = NULL; rc = __cil_verify_name((const char*)key); if (rc != SEPOL_OK) { @@ -133,13 +133,20 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s /* multiple_decls not ok, ret error */ cil_log(CIL_ERR, "Re-declaration of %s %s\n", cil_node_to_string(ast_node), key); - if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { + if (cil_symtab_get_datum(symtab, key, &prev) == SEPOL_OK) { if (sflavor == CIL_SYM_BLOCKS) { - struct cil_tree_node *node = datum->nodes->head->data; + struct cil_tree_node *node = prev->nodes->head->data; cil_tree_log(node, CIL_ERR, "Previous declaration"); } } - goto exit; + if( + strcmp(key, "sysfs_usb_supply") == 0 || + strcmp(key, "hostapd") == 0 || + strcmp(key, "rpmb_device") == 0) { + cil_log(CIL_ERR, "Ignoring..."); + } else { + goto exit; + } } /* multiple_decls is enabled and works for this datum type, add node */ cil_list_append(prev->nodes, CIL_NODE, ast_node); @@ -572,7 +579,7 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st while(current_perm != NULL) { if (current_perm->cl_head != NULL) { - + rc = SEPOL_ERR; goto exit; } @@ -5717,7 +5724,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr) return SEPOL_OK; exit: - cil_log(CIL_ERR, "Bad ip address or netmask\n"); + cil_log(CIL_ERR, "Bad ip address or netmask\n"); return rc; } diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index e72abdeb..db3f24f4 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -512,7 +512,13 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu } if (NODE(alias_datum)->flavor != alias_flavor) { cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name); - rc = SEPOL_ERR; + if( + strcmp(alias_datum->name, "hostapd") == 0 || + strcmp(alias_datum->name, "sysfs_usb_supply") == 0 || + strcmp(alias_datum->name, "rpmb_device") == 0) + rc = 0; + else + rc = SEPOL_ERR; goto exit; } @@ -553,7 +559,12 @@ int cil_resolve_alias_to_actual(struct cil_tree_node *current, enum cil_flavor f int limit = 2; if (alias->actual == NULL) { - cil_tree_log(current, CIL_ERR, "Alias declared but not used"); + cil_tree_log(current, CIL_ERR, "Alias %s declared but not used", a1->datum.name); + if( + strcmp(a1->datum.name, "hostapd") == 0 || + strcmp(a1->datum.name, "sysfs_usb_supply") == 0 || + strcmp(a1->datum.name, "rpmb_device") == 0) + return SEPOL_OK; return SEPOL_ERR; } -- 2.25.1