From patchwork Thu Feb 3 16:53:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12734349 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44BFCC433F5 for ; Thu, 3 Feb 2022 16:53:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352440AbiBCQxl (ORCPT ); Thu, 3 Feb 2022 11:53:41 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:31992 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229983AbiBCQxl (ORCPT ); Thu, 3 Feb 2022 11:53:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643907220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jhTfptieMVl3CFrY6zESlhyRzHzMdxp8Ej64SRLmy6Q=; b=hFyOi/9OYBaEpYhHVtj8oNnit5AtuSDuonPTH0aTlui+EGCvSGRSbM/bAOMReZ3zoHRp0+ npYq9offN9s+s7FFGqg37Iq0j5lLaYHYhvBNhncJZi+ztc57aHG9eoUWWjVza2j6PZogGd z8hYZT6OmDc07cVZ4XbRvtTo9tFzywE= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-627-pDhrdETJMuGH3XnU6i5FCg-1; Thu, 03 Feb 2022 11:53:39 -0500 X-MC-Unique: pDhrdETJMuGH3XnU6i5FCg-1 Received: by mail-ed1-f71.google.com with SMTP id w3-20020a50c443000000b0040696821132so1740466edf.22 for ; Thu, 03 Feb 2022 08:53:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jhTfptieMVl3CFrY6zESlhyRzHzMdxp8Ej64SRLmy6Q=; b=mtCTZ+Wl5CvO4VkXum4qnqJ1Wqyckgc5fvifhvBrthltCKOR87l8PLI9HSbGbmJ+VH OkL/s6WZQuXWm93zXV+13+DuX3vz/1mk6WAkUh+LT7Cx5mVNrgNKLAiE4YJBmIx0nKtX lhY9vd+duYS5zgzwwYstSavflf1z5JxnNohgNdyKL8jywi6r4gjI1xPkaNxxVCccTlAz gpMZb0IjhGvwQ6q9ou/AMf9ZkE3CQCFIcQ7kNVHG6I2TrJCS7jdAImXTBquy8I3zS62a qJQwxTxfNhxGCGjgEtvcXpdn+Q7kUOUCenayLnDfsKdHs+voMtk7v37dl1IuvaI7a4i/ ZOnQ== X-Gm-Message-State: AOAM533Zu6MOQeG1PKCDaN1nsnxYitTVtB/FYrkJIN3Xxms9Jlr+Slgu IvCUqt7OYw/rQV2c+STybqa/JSEXovfiW6VsBJHqBkhRPpR8lfnca/gaDf7hQFHIyexAfTcoac8 tDYP5okX/LtyBO+0TAKvcJ7XVWk94IuA3+zBXJQIg1IUY2F/qID6x3Zvq0FvfFvsSrtY9DQ== X-Received: by 2002:a17:907:2d1e:: with SMTP id gs30mr29788778ejc.14.1643907217756; Thu, 03 Feb 2022 08:53:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJzl1Jm/MxIhZ7gSTZHRCqMASIdRO+lw9yfR/Yir/0IkWYHam3jYPHngkxx6AxtiJ7ie7WebBQ== X-Received: by 2002:a17:907:2d1e:: with SMTP id gs30mr29788769ejc.14.1643907217568; Thu, 03 Feb 2022 08:53:37 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b106:e300:32b0:6ebb:8ca4:d4d3]) by smtp.gmail.com with ESMTPSA id bs4sm18141027edb.84.2022.02.03.08.53.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:53:37 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Subject: [PATCH userspace v2 1/6] libsemanage: add missing include to boolean_record.c Date: Thu, 3 Feb 2022 17:53:22 +0100 Message-Id: <20220203165327.213601-2-omosnace@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220203165327.213601-1-omosnace@redhat.com> References: <20220203165327.213601-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org It uses asprintf(3), but doesn't directly include - fix it. Signed-off-by: Ondrej Mosnacek Acked-by: James Carter --- libsemanage/src/boolean_record.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsemanage/src/boolean_record.c b/libsemanage/src/boolean_record.c index 95f3a862..40dc6545 100644 --- a/libsemanage/src/boolean_record.c +++ b/libsemanage/src/boolean_record.c @@ -7,6 +7,9 @@ */ #include +#include +#include + #include typedef sepol_bool_t semanage_bool_t; @@ -20,7 +23,6 @@ typedef semanage_bool_key_t record_key_t; #include "boolean_internal.h" #include "handle.h" #include "database.h" -#include #include /* Key */ From patchwork Thu Feb 3 16:53:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12734350 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1228BC433EF for ; Thu, 3 Feb 2022 16:53:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352442AbiBCQxm (ORCPT ); Thu, 3 Feb 2022 11:53:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:50658 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229983AbiBCQxm (ORCPT ); Thu, 3 Feb 2022 11:53:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643907221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kLj5rIYoxuXza2VTX/p5g3c8ZU52lxSdFwfIoLT8qV4=; b=iZCVjn1xQRveGI3RUShUDN8kM4VsQPTB899J31si1s9AHK6Y6MJXqQE/9Wcn0H3YSLbpF/ PpDyumn5TbnYCRGikJZwLnE7Lk5m9Iq1TgnqGDDbkNimW+Bnu72CfbN4jKaBc+wT1I/6ju GORVspdWlD2bjuFn70NHR0EvliN8eyI= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-620-n2VDwWbHPeeF9K8G_U922g-1; Thu, 03 Feb 2022 11:53:40 -0500 X-MC-Unique: n2VDwWbHPeeF9K8G_U922g-1 Received: by mail-ej1-f72.google.com with SMTP id k16-20020a17090632d000b006ae1cdb0f07so1425675ejk.16 for ; Thu, 03 Feb 2022 08:53:40 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kLj5rIYoxuXza2VTX/p5g3c8ZU52lxSdFwfIoLT8qV4=; b=U7IZxUeRDYHI0+dved55qal2PV1u0YAMqtOb9tvF3/EJ+6vVXEQEKakXTaRL9486qS o23xqM+ZfrsiER6N9uOwHRlshIH2Q1JNxihSjvjPqXLWUral6u6uOuELdGmAUHVF49ip QVDnbRu8I3bG0IbAF9cw5sCCPTfkywGIFzf2yTWz/new4cEp6P+Id94bjyuvLcTxzbQi f2c8HNK+yVEMosVDuyTUwAZPAh60Tfb0oFkfExi8rlqsxPB7VWCtxCbMDf8RURERHA3S JLF93j+FtV35ybda8/rIZRhPVJ0oJSlmEDYxd6sV7RK9p/9AuZnKFjhXJJDjFgECPqQP 6WrA== X-Gm-Message-State: AOAM5302mBdF7ZfeqRv9SJbeJCYH7T6zEWlnwdrR8c9VFMtpsSPiyhVl 5Jd+99zyOoyUSHyQaBXHfM0ALx9WXrZSMYn+qT5DxePwTSAD/1iz9MAwqjlrtdpbFQMYLVuNvN/ 5/V7j0UXrabRmreBjvk3GMpLc7XcNpvbQ1MZRpjo90v7idrljBj3ANn0w7ZBnqO+c7X9zng== X-Received: by 2002:a50:bf4f:: with SMTP id g15mr36575450edk.362.1643907218884; Thu, 03 Feb 2022 08:53:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJwsotniQu273Xa1wl/co0GSzKCqEDDKTGihdEWvSjOtpCUwh/EhjvmDlO7vNnUEsg7Yg5vRNQ== X-Received: by 2002:a50:bf4f:: with SMTP id g15mr36575425edk.362.1643907218556; Thu, 03 Feb 2022 08:53:38 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b106:e300:32b0:6ebb:8ca4:d4d3]) by smtp.gmail.com with ESMTPSA id bs4sm18141027edb.84.2022.02.03.08.53.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:53:37 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Subject: [PATCH userspace v2 2/6] semodule,libsemanage: move module hashing into libsemanage Date: Thu, 3 Feb 2022 17:53:23 +0100 Message-Id: <20220203165327.213601-3-omosnace@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220203165327.213601-1-omosnace@redhat.com> References: <20220203165327.213601-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The main goal of this move is to have the SHA-256 implementation under libsemanage, since upcoming patches will make use of SHA-256 for a different (but similar) purpose in libsemanage. Having the hashing code in libsemanage will reduce code duplication and allow for easier hash algorithm upgrade in the future. Note that libselinux currently also contains a hash function implementation (for yet another different purpose). This patch doesn't make any effort to address that duplicity yet. This patch also changes the format of the hash string printed by semodule to include the name of the hash. The intent is to avoid ambiguity and potential collisions when the algorithm is potentially changed in the future. Signed-off-by: Ondrej Mosnacek --- libsemanage/include/semanage/modules.h | 26 ++++++++ libsemanage/src/libsemanage.map | 4 ++ libsemanage/src/modules.c | 59 +++++++++++++++++++ .../src/semanageswig_python_exception.i | 8 +++ .../semodule => libsemanage/src}/sha256.c | 0 .../semodule => libsemanage/src}/sha256.h | 0 policycoreutils/semodule/Makefile | 2 +- policycoreutils/semodule/semodule.c | 53 +++++------------ 8 files changed, 114 insertions(+), 38 deletions(-) rename {policycoreutils/semodule => libsemanage/src}/sha256.c (100%) rename {policycoreutils/semodule => libsemanage/src}/sha256.h (100%) diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h index b51f61f0..14666f6d 100644 --- a/libsemanage/include/semanage/modules.h +++ b/libsemanage/include/semanage/modules.h @@ -282,4 +282,30 @@ extern int semanage_module_get_enabled(semanage_handle_t *sh, const semanage_module_key_t *modkey, int *enabled); +/* Compute checksum for @modkey module contents. + * + * If @checksum is NULL, the function will just return the length of the + * checksum string in @checksum_len (checksum strings are guaranteed to + * have a fixed length for a given libsemanage binary). @modkey and @cil + * are ignored in this case and should be set to NULL and 0 (respectively). + * + * If @checksum is non-NULL, on success, @checksum will point to a buffer + * containing the checksum string and @checksum_len will point to the + * length of the string (without the null terminator). The semantics of + * @cil are the same as for @extract_cil in semanage_module_extract(). + * + * The caller is responsible to free the buffer returned in @checksum (using + * free(3)). + * + * Callers may assume that if the checksum strings for two modules match, + * the module content is the same (collisions are theoretically possible, + * yet extremely unlikely). + * + * Returns 0 on success and -1 on error. + */ +extern int semanage_module_compute_checksum(semanage_handle_t *sh, + semanage_module_key_t *modkey, + int cil, char **checksum, + size_t *checksum_len); + #endif diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index 3ea7b60f..00259fc8 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -345,3 +345,7 @@ LIBSEMANAGE_1.1 { semanage_module_remove_key; semanage_set_store_root; } LIBSEMANAGE_1.0; + +LIBSEMANAGE_3.4 { + semanage_module_compute_checksum; +} LIBSEMANAGE_1.1; diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c index c98df4dd..fe937519 100644 --- a/libsemanage/src/modules.c +++ b/libsemanage/src/modules.c @@ -35,11 +35,13 @@ #include #include #include +#include #include #include #include "handle.h" #include "modules.h" +#include "sha256.h" #include "debug.h" int semanage_module_install(semanage_handle_t * sh, @@ -976,3 +978,60 @@ int semanage_module_remove_key(semanage_handle_t *sh, return sh->funcs->remove_key(sh, modkey); } +static const char CHECKSUM_TYPE[] = "sha256"; +static const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; + +static void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) +{ + size_t i; + + checksum += sprintf(checksum, "%s:", CHECKSUM_TYPE); + for (i = 0; i < SHA256_HASH_SIZE; i++) { + checksum += sprintf(checksum, "%02x", (unsigned)hash[i]); + } +} + +int semanage_module_compute_checksum(semanage_handle_t *sh, + semanage_module_key_t *modkey, + int cil, char **checksum, + size_t *checksum_len) +{ + semanage_module_info_t *extract_info = NULL; + Sha256Context context; + SHA256_HASH sha256_hash; + char *checksum_str; + void *data; + size_t data_len = 0; + int result; + + if (!checksum_len) + return -1; + + if (!checksum) { + *checksum_len = CHECKSUM_CONTENT_SIZE; + return 0; + } + + result = semanage_module_extract(sh, modkey, cil, &data, &data_len, &extract_info); + if (result != 0) + return -1; + + semanage_module_info_destroy(sh, extract_info); + free(extract_info); + + Sha256Initialise(&context); + Sha256Update(&context, data, data_len); + Sha256Finalise(&context, &sha256_hash); + + munmap(data, data_len); + + checksum_str = malloc(CHECKSUM_CONTENT_SIZE + 1 /* '\0' */); + if (!checksum_str) + return -1; + + semanage_hash_to_checksum_string(sha256_hash.bytes, checksum_str); + + *checksum = checksum_str; + *checksum_len = CHECKSUM_CONTENT_SIZE; + return 0; +} diff --git a/libsemanage/src/semanageswig_python_exception.i b/libsemanage/src/semanageswig_python_exception.i index 372ec948..0df8bbc3 100644 --- a/libsemanage/src/semanageswig_python_exception.i +++ b/libsemanage/src/semanageswig_python_exception.i @@ -351,6 +351,14 @@ } } +%exception semanage_module_compute_checksum { + $action + if (result < 0) { + PyErr_SetFromErrno(PyExc_OSError); + SWIG_fail; + } +} + %exception semanage_msg_get_level { $action if (result < 0) { diff --git a/policycoreutils/semodule/sha256.c b/libsemanage/src/sha256.c similarity index 100% rename from policycoreutils/semodule/sha256.c rename to libsemanage/src/sha256.c diff --git a/policycoreutils/semodule/sha256.h b/libsemanage/src/sha256.h similarity index 100% rename from policycoreutils/semodule/sha256.h rename to libsemanage/src/sha256.h diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile index 9875ac38..73801e48 100644 --- a/policycoreutils/semodule/Makefile +++ b/policycoreutils/semodule/Makefile @@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man CFLAGS ?= -Werror -Wall -W override LDLIBS += -lsepol -lselinux -lsemanage -SEMODULE_OBJS = semodule.o sha256.o +SEMODULE_OBJS = semodule.o all: semodule genhomedircon diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index 94a9d131..f4a76289 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -25,8 +25,6 @@ #include #include -#include "sha256.h" - enum client_modes { NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M, LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M @@ -348,60 +346,38 @@ static void parse_command_line(int argc, char **argv) /* Get module checksum */ static char *hash_module_data(const char *module_name, const int prio) { - semanage_module_info_t *extract_info = NULL; semanage_module_key_t *modkey = NULL; - Sha256Context context; - uint8_t sha256_hash[SHA256_HASH_SIZE]; - char *sha256_buf = NULL; - void *data; - size_t data_len = 0, i; + char *hash_str = NULL; + void *hash = NULL; + size_t hash_len = 0; int result; result = semanage_module_key_create(sh, &modkey); if (result != 0) { - goto cleanup_extract; + goto cleanup; } result = semanage_module_key_set_name(sh, modkey, module_name); if (result != 0) { - goto cleanup_extract; + goto cleanup; } result = semanage_module_key_set_priority(sh, modkey, prio); if (result != 0) { - goto cleanup_extract; + goto cleanup; } - result = semanage_module_extract(sh, modkey, 1, &data, &data_len, - &extract_info); + result = semanage_module_compute_checksum(sh, modkey, 1, &hash_str, + &hash_len); if (result != 0) { - goto cleanup_extract; - } - - Sha256Initialise(&context); - Sha256Update(&context, data, data_len); - - Sha256Finalise(&context, (SHA256_HASH *)sha256_hash); - - sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1); - - if (sha256_buf == NULL) - goto cleanup_extract; - - for (i = 0; i < SHA256_HASH_SIZE; i++) { - sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]); + goto cleanup; } - sha256_buf[i * 2] = 0; -cleanup_extract: - if (data_len > 0) { - munmap(data, data_len); - } - semanage_module_info_destroy(sh, extract_info); - free(extract_info); +cleanup: + free(hash); semanage_module_key_destroy(sh, modkey); free(modkey); - return sha256_buf; + return hash_str; } int main(int argc, char *argv[]) @@ -669,7 +645,10 @@ cleanup_extract: /* fixed width columns */ column[0] = sizeof("000") - 1; column[3] = sizeof("disabled") - 1; - column[4] = 64; /* SHA256_HASH_SIZE * 2 */ + + result = semanage_module_compute_checksum(sh, NULL, 0, NULL, + &column[4]); + if (result != 0) goto cleanup_list; /* variable width columns */ const char *tmp = NULL; From patchwork Thu Feb 3 16:53:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12734353 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97858C433EF for ; Thu, 3 Feb 2022 16:53:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352452AbiBCQxp (ORCPT ); Thu, 3 Feb 2022 11:53:45 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:48464 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352447AbiBCQxo (ORCPT ); Thu, 3 Feb 2022 11:53:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643907224; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kBlCWs2C7lpFrfIAgPR5unql6DEKerw+1S9Rd03H88s=; b=fWQSp6gUwE5XCRxdR0sNU7O6IF3jYXUlo1AXZirTP5I4XeVf1rU8LE+vdTNTV9Nen/eoQp R1p1sxvT79G/SYJxVwSesVOdjLniqn//j/f3l9/JcaDGcD2XTkkmMmNcl/+LeTsG2k2aGq w2TlQ4NjFrLqcFVhrT7ewK1QgI1fhTE= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-262-JLALD0R4P1OEIsQXBuojVQ-1; Thu, 03 Feb 2022 11:53:42 -0500 X-MC-Unique: JLALD0R4P1OEIsQXBuojVQ-1 Received: by mail-ej1-f69.google.com with SMTP id q21-20020a17090622d500b006bb15a59a68so1429072eja.18 for ; Thu, 03 Feb 2022 08:53:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kBlCWs2C7lpFrfIAgPR5unql6DEKerw+1S9Rd03H88s=; b=aRcaC92iwFxZzQ82gEpa4KoYdjBuQpyfyfiXcDVsQniEMV1diOVZ8PnRWVXrABzrq5 13zd/uZPDDjl2XBsp/Vney4a8LqCFFyTs8n5YO0urJ53z6IGbebnPh80pm7V89T99azM oJlj4ClLF0GoQdd6GgDjQ6MwjkSmX1KHB8mIcDhZ6MmewpuAsQPZWEJbeyWZVWm7QAh9 KYlQQtKVrAV0googYYzAqbIq1/JjNK7yHRazJqdPGrhshPY9glZfGRgod/TxIHEbLZY4 mv2irlp7Sl+uVJ2WDW6a1wT3ZeUim+Lg2a8Xxg88TLG6fvXgL0gBwBTelpIprY7Nhoyr tGtw== X-Gm-Message-State: AOAM532RKtBIDNLnJh1rcJjuX6Gn8o3u6Q8GmL2sDKntxo3449WCMBnw nuwTDMCFzp621CljwcxaiZpvsW8haq/UQWdT87RkP67jHzX/c27hDuy0UKF8kXHflNOwE91ENKt o8AK7yYv7NiAipqKF7ex8PR0WUjPtxDGEi9EgFmXtztUnFn+g6G/xdWs8s1iTIc3thm2+yg== X-Received: by 2002:a17:907:97c9:: with SMTP id js9mr29399642ejc.216.1643907220674; Thu, 03 Feb 2022 08:53:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJzUJ/Tld/M+8A+niufSIlmDQv7ZDlrz7yfdx4Udb4SLvRbv+Rv4r6QlcDE4VQcnENOuRNrNRQ== X-Received: by 2002:a17:907:97c9:: with SMTP id js9mr29399601ejc.216.1643907219859; Thu, 03 Feb 2022 08:53:39 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b106:e300:32b0:6ebb:8ca4:d4d3]) by smtp.gmail.com with ESMTPSA id bs4sm18141027edb.84.2022.02.03.08.53.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:53:39 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Subject: [PATCH userspace v2 3/6] libsemanage: move compressed file handling into a separate object Date: Thu, 3 Feb 2022 17:53:24 +0100 Message-Id: <20220203165327.213601-4-omosnace@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220203165327.213601-1-omosnace@redhat.com> References: <20220203165327.213601-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In order to reduce exisiting and future code duplication and to avoid some unnecessary allocations and copying, factor the compressed file utility functions out into a separate C/header file and refactor their interface. Note that this change effectively removes the __fsetlocking(3) call from semanage_load_files() - I haven't been able to figure out what purpose it serves, but it seems pointless... Signed-off-by: Ondrej Mosnacek --- libsemanage/src/compressed_file.c | 224 +++++++++++++++++++++++++ libsemanage/src/compressed_file.h | 78 +++++++++ libsemanage/src/direct_api.c | 263 +++++------------------------- libsemanage/src/direct_api.h | 4 - libsemanage/src/semanage_store.c | 52 ++---- 5 files changed, 354 insertions(+), 267 deletions(-) create mode 100644 libsemanage/src/compressed_file.c create mode 100644 libsemanage/src/compressed_file.h diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c new file mode 100644 index 00000000..5546b830 --- /dev/null +++ b/libsemanage/src/compressed_file.c @@ -0,0 +1,224 @@ +/* Author: Jason Tang + * Christopher Ashworth + * Ondrej Mosnacek + * + * Copyright (C) 2004-2006 Tresys Technology, LLC + * Copyright (C) 2005-2021 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include +#include + +#include +#include + +#include + +#include "compressed_file.h" + +#include "debug.h" + +#define BZ2_MAGICSTR "BZh" +#define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) + +/* bzip() a data to a file, returning the total number of compressed bytes + * in the file. Returns -1 if file could not be compressed. */ +static int bzip(semanage_handle_t *sh, const char *filename, void *data, + size_t num_bytes) +{ + BZFILE* b; + size_t size = 1<<16; + int bzerror; + size_t total = 0; + size_t len = 0; + FILE *f; + + if ((f = fopen(filename, "wb")) == NULL) { + return -1; + } + + if (!sh->conf->bzip_blocksize) { + if (fwrite(data, 1, num_bytes, f) < num_bytes) { + fclose(f); + return -1; + } + fclose(f); + return 0; + } + + b = BZ2_bzWriteOpen( &bzerror, f, sh->conf->bzip_blocksize, 0, 0); + if (bzerror != BZ_OK) { + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); + fclose(f); + return -1; + } + + while ( num_bytes > total ) { + if (num_bytes - total > size) { + len = size; + } else { + len = num_bytes - total; + } + BZ2_bzWrite ( &bzerror, b, (uint8_t *)data + total, len ); + if (bzerror == BZ_IO_ERROR) { + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); + fclose(f); + return -1; + } + total += len; + } + + BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); + fclose(f); + if (bzerror == BZ_IO_ERROR) { + return -1; + } + return 0; +} + +/* bunzip() a file to '*data', returning the total number of uncompressed bytes + * in the file. Returns -1 if file could not be decompressed. */ +static ssize_t bunzip(semanage_handle_t *sh, FILE *f, void **data) +{ + BZFILE* b = NULL; + size_t nBuf; + uint8_t* buf = NULL; + size_t size = 1<<18; + size_t bufsize = size; + int bzerror; + size_t total = 0; + uint8_t* uncompress = NULL; + uint8_t* tmpalloc = NULL; + int ret = -1; + + buf = malloc(bufsize); + if (buf == NULL) { + ERR(sh, "Failure allocating memory."); + goto exit; + } + + /* Check if the file is bzipped */ + bzerror = fread(buf, 1, BZ2_MAGICLEN, f); + rewind(f); + if ((bzerror != BZ2_MAGICLEN) || memcmp(buf, BZ2_MAGICSTR, BZ2_MAGICLEN)) { + goto exit; + } + + b = BZ2_bzReadOpen ( &bzerror, f, 0, sh->conf->bzip_small, NULL, 0 ); + if ( bzerror != BZ_OK ) { + ERR(sh, "Failure opening bz2 archive."); + goto exit; + } + + uncompress = malloc(size); + if (uncompress == NULL) { + ERR(sh, "Failure allocating memory."); + goto exit; + } + + while ( bzerror == BZ_OK) { + nBuf = BZ2_bzRead ( &bzerror, b, buf, bufsize); + if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { + if (total + nBuf > size) { + size *= 2; + tmpalloc = realloc(uncompress, size); + if (tmpalloc == NULL) { + ERR(sh, "Failure allocating memory."); + goto exit; + } + uncompress = tmpalloc; + } + memcpy(&uncompress[total], buf, nBuf); + total += nBuf; + } + } + if ( bzerror != BZ_STREAM_END ) { + ERR(sh, "Failure reading bz2 archive."); + goto exit; + } + + ret = total; + *data = uncompress; + +exit: + BZ2_bzReadClose ( &bzerror, b ); + free(buf); + if ( ret < 0 ) { + free(uncompress); + } + return ret; +} + +int map_compressed_file(semanage_handle_t *sh, const char *path, + struct file_contents *contents) +{ + ssize_t size = -1; + void *uncompress; + int ret = 0, fd = -1; + FILE *file = NULL; + + fd = open(path, O_RDONLY); + if (fd == -1) { + ERR(sh, "Unable to open %s\n", path); + return -1; + } + + file = fdopen(fd, "r"); + if (file == NULL) { + ERR(sh, "Unable to open %s\n", path); + close(fd); + return -1; + } + + if ((size = bunzip(sh, file, &uncompress)) >= 0) { + contents->data = uncompress; + contents->len = size; + contents->compressed = 1; + } else { + struct stat sb; + if (fstat(fd, &sb) == -1 || + (uncompress = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == + MAP_FAILED) { + ret = -1; + } else { + contents->data = uncompress; + contents->len = sb.st_size; + contents->compressed = 0; + } + } + fclose(file); + return ret; +} + +void unmap_compressed_file(struct file_contents *contents) +{ + if (!contents->data) + return; + + if (contents->compressed) { + free(contents->data); + } else { + munmap(contents->data, contents->len); + } +} + +int write_compressed_file(semanage_handle_t *sh, const char *path, + void *data, size_t len) +{ + return bzip(sh, path, data, len); +} diff --git a/libsemanage/src/compressed_file.h b/libsemanage/src/compressed_file.h new file mode 100644 index 00000000..96cfb4b6 --- /dev/null +++ b/libsemanage/src/compressed_file.h @@ -0,0 +1,78 @@ +/* Author: Jason Tang + * Christopher Ashworth + * Ondrej Mosnacek + * + * Copyright (C) 2004-2006 Tresys Technology, LLC + * Copyright (C) 2005-2021 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef _SEMANAGE_CIL_FILE_H_ +#define _SEMANAGE_CIL_FILE_H_ + +#include +#include + +#include "handle.h" + +struct file_contents { + void *data; /** file contents (uncompressed) */ + size_t len; /** length of contents */ + int compressed; /** whether file was compressed */ +}; + +/** + * Map/read a possibly-compressed file into memory. + * + * If the file is bzip compressed map_file will uncompress the file into + * @p contents. The caller is responsible for calling + * @ref unmap_compressed_file on @p contents on success. + * + * @param sh semanage handle + * @param path path to the file + * @param contents pointer to struct file_contents, which will be + * populated with data pointer, size, and an indication whether + * the file was compressed or not + * + * @return 0 on success, -1 otherwise. + */ +int map_compressed_file(semanage_handle_t *sh, const char *path, + struct file_contents *contents); + +/** + * Destroy a previously mapped possibly-compressed file. + * + * If all fields of @p contents are zero/NULL, the function is + * guaranteed to do nothing. + * + * @param contents pointer to struct file_contents to destroy + */ +void unmap_compressed_file(struct file_contents *contents); + +/** + * Write bytes into a file, using compression if configured. + * + * @param sh semanage handle + * @param path path to the file + * @param data pointer to the data + * @param len length of the data + * + * @return 0 on success, -1 otherwise. + */ +int write_compressed_file(semanage_handle_t *sh, const char *path, + void *data, size_t len); + +#endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index f0e2300a..7eb6938b 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -50,6 +50,7 @@ #include "debug.h" #include "handle.h" +#include "compressed_file.h" #include "modules.h" #include "direct_api.h" #include "semanage_store.h" @@ -446,194 +447,6 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, return 0; } -#include -#include -#include -#include - -/* bzip() a data to a file, returning the total number of compressed bytes - * in the file. Returns -1 if file could not be compressed. */ -static ssize_t bzip(semanage_handle_t *sh, const char *filename, char *data, - size_t num_bytes) -{ - BZFILE* b; - size_t size = 1<<16; - int bzerror; - size_t total = 0; - size_t len = 0; - FILE *f; - - if ((f = fopen(filename, "wb")) == NULL) { - return -1; - } - - if (!sh->conf->bzip_blocksize) { - if (fwrite(data, 1, num_bytes, f) < num_bytes) { - fclose(f); - return -1; - } - fclose(f); - return num_bytes; - } - - b = BZ2_bzWriteOpen( &bzerror, f, sh->conf->bzip_blocksize, 0, 0); - if (bzerror != BZ_OK) { - BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); - return -1; - } - - while ( num_bytes > total ) { - if (num_bytes - total > size) { - len = size; - } else { - len = num_bytes - total; - } - BZ2_bzWrite ( &bzerror, b, &data[total], len ); - if (bzerror == BZ_IO_ERROR) { - BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); - return -1; - } - total += len; - } - - BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); - fclose(f); - if (bzerror == BZ_IO_ERROR) { - return -1; - } - return total; -} - -#define BZ2_MAGICSTR "BZh" -#define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) - -/* bunzip() a file to '*data', returning the total number of uncompressed bytes - * in the file. Returns -1 if file could not be decompressed. */ -ssize_t bunzip(semanage_handle_t *sh, FILE *f, char **data) -{ - BZFILE* b = NULL; - size_t nBuf; - char* buf = NULL; - size_t size = 1<<18; - size_t bufsize = size; - int bzerror; - size_t total = 0; - char* uncompress = NULL; - char* tmpalloc = NULL; - int ret = -1; - - buf = malloc(bufsize); - if (buf == NULL) { - ERR(sh, "Failure allocating memory."); - goto exit; - } - - /* Check if the file is bzipped */ - bzerror = fread(buf, 1, BZ2_MAGICLEN, f); - rewind(f); - if ((bzerror != BZ2_MAGICLEN) || memcmp(buf, BZ2_MAGICSTR, BZ2_MAGICLEN)) { - goto exit; - } - - b = BZ2_bzReadOpen ( &bzerror, f, 0, sh->conf->bzip_small, NULL, 0 ); - if ( bzerror != BZ_OK ) { - ERR(sh, "Failure opening bz2 archive."); - goto exit; - } - - uncompress = malloc(size); - if (uncompress == NULL) { - ERR(sh, "Failure allocating memory."); - goto exit; - } - - while ( bzerror == BZ_OK) { - nBuf = BZ2_bzRead ( &bzerror, b, buf, bufsize); - if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { - if (total + nBuf > size) { - size *= 2; - tmpalloc = realloc(uncompress, size); - if (tmpalloc == NULL) { - ERR(sh, "Failure allocating memory."); - goto exit; - } - uncompress = tmpalloc; - } - memcpy(&uncompress[total], buf, nBuf); - total += nBuf; - } - } - if ( bzerror != BZ_STREAM_END ) { - ERR(sh, "Failure reading bz2 archive."); - goto exit; - } - - ret = total; - *data = uncompress; - -exit: - BZ2_bzReadClose ( &bzerror, b ); - free(buf); - if ( ret < 0 ) { - free(uncompress); - } - return ret; -} - -/* mmap() a file to '*data', - * If the file is bzip compressed map_file will uncompress - * the file into '*data'. - * Returns the total number of bytes in memory . - * Returns -1 if file could not be opened or mapped. */ -static ssize_t map_file(semanage_handle_t *sh, const char *path, char **data, - int *compressed) -{ - ssize_t size = -1; - char *uncompress; - int fd = -1; - FILE *file = NULL; - - fd = open(path, O_RDONLY); - if (fd == -1) { - ERR(sh, "Unable to open %s\n", path); - return -1; - } - - file = fdopen(fd, "r"); - if (file == NULL) { - ERR(sh, "Unable to open %s\n", path); - close(fd); - return -1; - } - - if ((size = bunzip(sh, file, &uncompress)) > 0) { - *data = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); - if (*data == MAP_FAILED) { - free(uncompress); - fclose(file); - return -1; - } else { - memcpy(*data, uncompress, size); - } - free(uncompress); - *compressed = 1; - } else { - struct stat sb; - if (fstat(fd, &sb) == -1 || - (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == - MAP_FAILED) { - size = -1; - } else { - size = sb.st_size; - } - *compressed = 0; - } - - fclose(file); - - return size; -} - /* Writes a block of data to a file. Returns 0 on success, -1 on * error. */ static int write_file(semanage_handle_t * sh, @@ -1045,15 +858,12 @@ static int semanage_compile_module(semanage_handle_t *sh, char *compiler_path = NULL; char *cil_data = NULL; char *err_data = NULL; - char *hll_data = NULL; char *start = NULL; char *end = NULL; - ssize_t hll_data_len = 0; - ssize_t bzip_status; int status = 0; - int compressed; size_t cil_data_len = 0; size_t err_data_len = 0; + struct file_contents hll_contents = {}; if (!strcasecmp(modinfo->lang_ext, "cil")) { goto cleanup; @@ -1084,13 +894,15 @@ static int semanage_compile_module(semanage_handle_t *sh, goto cleanup; } - if ((hll_data_len = map_file(sh, hll_path, &hll_data, &compressed)) <= 0) { + status = map_compressed_file(sh, hll_path, &hll_contents); + if (status < 0) { ERR(sh, "Unable to read file %s\n", hll_path); - status = -1; goto cleanup; } - status = semanage_pipe_data(sh, compiler_path, hll_data, (size_t)hll_data_len, &cil_data, &cil_data_len, &err_data, &err_data_len); + status = semanage_pipe_data(sh, compiler_path, hll_contents.data, + hll_contents.len, &cil_data, &cil_data_len, + &err_data, &err_data_len); if (err_data_len > 0) { for (start = end = err_data; end < err_data + err_data_len; end++) { if (*end == '\n') { @@ -1110,10 +922,9 @@ static int semanage_compile_module(semanage_handle_t *sh, goto cleanup; } - bzip_status = bzip(sh, cil_path, cil_data, cil_data_len); - if (bzip_status == -1) { - ERR(sh, "Failed to bzip %s\n", cil_path); - status = -1; + status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); + if (status == -1) { + ERR(sh, "Failed to write %s\n", cil_path); goto cleanup; } @@ -1131,9 +942,7 @@ static int semanage_compile_module(semanage_handle_t *sh, } cleanup: - if (hll_data_len > 0) { - munmap(hll_data, hll_data_len); - } + unmap_compressed_file(&hll_contents); free(cil_data); free(err_data); free(compiler_path); @@ -1756,19 +1565,17 @@ static int semanage_direct_install_file(semanage_handle_t * sh, { int retval = -1; - char *data = NULL; - ssize_t data_len = 0; - int compressed = 0; char *path = NULL; char *filename; char *lang_ext = NULL; char *module_name = NULL; char *separator; char *version = NULL; + struct file_contents contents = {}; - if ((data_len = map_file(sh, install_filename, &data, &compressed)) <= 0) { + retval = map_compressed_file(sh, install_filename, &contents); + if (retval < 0) { ERR(sh, "Unable to read file %s\n", install_filename); - retval = -1; goto cleanup; } @@ -1781,7 +1588,7 @@ static int semanage_direct_install_file(semanage_handle_t * sh, filename = basename(path); - if (compressed) { + if (contents.compressed) { separator = strrchr(filename, '.'); if (separator == NULL) { ERR(sh, "Compressed module does not have a valid extension."); @@ -1805,7 +1612,8 @@ static int semanage_direct_install_file(semanage_handle_t * sh, } if (strcmp(lang_ext, "pp") == 0) { - retval = parse_module_headers(sh, data, data_len, &module_name, &version); + retval = parse_module_headers(sh, contents.data, contents.len, + &module_name, &version); free(version); if (retval != 0) goto cleanup; @@ -1822,10 +1630,11 @@ static int semanage_direct_install_file(semanage_handle_t * sh, fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); } - retval = semanage_direct_install(sh, data, data_len, module_name, lang_ext); + retval = semanage_direct_install(sh, contents.data, contents.len, + module_name, lang_ext); cleanup: - if (data_len > 0) munmap(data, data_len); + unmap_compressed_file(&contents); free(module_name); free(path); @@ -1844,10 +1653,8 @@ static int semanage_direct_extract(semanage_handle_t * sh, enum semanage_module_path_type file_type; int rc = -1; semanage_module_info_t *_modinfo = NULL; - ssize_t _data_len; - char *_data; - int compressed; struct stat sb; + struct file_contents contents = {}; /* get path of module */ rc = semanage_module_get_path( @@ -1903,19 +1710,33 @@ static int semanage_direct_extract(semanage_handle_t * sh, } } - _data_len = map_file(sh, input_file, &_data, &compressed); - if (_data_len <= 0) { + rc = map_compressed_file(sh, input_file, &contents); + if (rc < 0) { ERR(sh, "Error mapping file: %s", input_file); - rc = -1; goto cleanup; } + /* The API promises an mmap'ed pointer */ + if (contents.compressed) { + *mapped_data = mmap(NULL, contents.len, PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); + if (*mapped_data == MAP_FAILED) { + ERR(sh, "Unable to map memory"); + rc = -1; + goto cleanup; + } + memcpy(*mapped_data, contents.data, contents.len); + free(contents.data); + } else { + *mapped_data = contents.data; + } + *modinfo = _modinfo; - *data_len = (size_t)_data_len; - *mapped_data = _data; + *data_len = contents.len; cleanup: if (rc != 0) { + unmap_compressed_file(&contents); semanage_module_info_destroy(sh, _modinfo); free(_modinfo); } @@ -2869,8 +2690,8 @@ static int semanage_direct_install_info(semanage_handle_t *sh, goto cleanup; } - ret = bzip(sh, path, data, data_len); - if (ret <= 0) { + ret = write_compressed_file(sh, path, data, data_len); + if (ret < 0) { ERR(sh, "Error while writing to %s.", path); status = -3; goto cleanup; diff --git a/libsemanage/src/direct_api.h b/libsemanage/src/direct_api.h index e56107b2..ffd428eb 100644 --- a/libsemanage/src/direct_api.h +++ b/libsemanage/src/direct_api.h @@ -39,8 +39,4 @@ int semanage_direct_access_check(struct semanage_handle *sh); int semanage_direct_mls_enabled(struct semanage_handle *sh); -#include -#include -ssize_t bunzip(struct semanage_handle *sh, FILE *f, char **data); - #endif diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index c6a736fe..633ee731 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -59,6 +59,7 @@ typedef struct dbase_policydb dbase_t; #include "debug.h" #include "utilities.h" +#include "compressed_file.h" #define SEMANAGE_CONF_FILE "semanage.conf" /* relative path names to enum semanage_paths to special files and @@ -2054,60 +2055,27 @@ int semanage_direct_get_serial(semanage_handle_t * sh) int semanage_load_files(semanage_handle_t * sh, cil_db_t *cildb, char **filenames, int numfiles) { - int retval = 0; - FILE *fp; - ssize_t size; - char *data = NULL; + int i, retval = 0; char *filename; - int i; + struct file_contents contents = {}; for (i = 0; i < numfiles; i++) { filename = filenames[i]; - if ((fp = fopen(filename, "rb")) == NULL) { - ERR(sh, "Could not open module file %s for reading.", filename); - goto cleanup; - } - - if ((size = bunzip(sh, fp, &data)) <= 0) { - rewind(fp); - __fsetlocking(fp, FSETLOCKING_BYCALLER); - - if (fseek(fp, 0, SEEK_END) != 0) { - ERR(sh, "Failed to determine size of file %s.", filename); - goto cleanup; - } - size = ftell(fp); - rewind(fp); - - data = malloc(size); - if (fread(data, size, 1, fp) != 1) { - ERR(sh, "Failed to read file %s.", filename); - goto cleanup; - } - } + retval = map_compressed_file(sh, filename, &contents); + if (retval < 0) + return -1; - fclose(fp); - fp = NULL; + retval = cil_add_file(cildb, filename, contents.data, contents.len); + unmap_compressed_file(&contents); - retval = cil_add_file(cildb, filename, data, size); if (retval != SEPOL_OK) { ERR(sh, "Error while reading from file %s.", filename); - goto cleanup; + return -1; } - - free(data); - data = NULL; } - return retval; - - cleanup: - if (fp != NULL) { - fclose(fp); - } - free(data); - return -1; + return 0; } /* From patchwork Thu Feb 3 16:53:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12734352 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23872C433FE for ; Thu, 3 Feb 2022 16:53:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352450AbiBCQxo (ORCPT ); Thu, 3 Feb 2022 11:53:44 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52153 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352441AbiBCQxo (ORCPT ); Thu, 3 Feb 2022 11:53:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643907223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X0NdXg5yzCYHZTH0V7EG9B4rZd0u+04O3/S8qHXYy0k=; b=eBmHu7aqKaGXEe//mdTt1Q/Ja0ORBXyxwKNYTMe+bls1RhqX4Y0d3hONkqhOIKg1rFlJkQ 3nzZTaltFxFSOvfmOCH/AKC48Gp7+o94LzvhXVVC/f3HVsRug3+yYhjjgJ03Bwi823mR2J Ymw+RFsx5jrcW7lTp5/Yyb2uxwcunXI= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-634-_R0osSdJO1ufQkGYTSI3PA-1; Thu, 03 Feb 2022 11:53:42 -0500 X-MC-Unique: _R0osSdJO1ufQkGYTSI3PA-1 Received: by mail-ej1-f70.google.com with SMTP id k16-20020a17090632d000b006ae1cdb0f07so1425723ejk.16 for ; Thu, 03 Feb 2022 08:53:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X0NdXg5yzCYHZTH0V7EG9B4rZd0u+04O3/S8qHXYy0k=; b=IZfyFa2sK3Ruqlk2b0aj7efyzHYYK4fo0XGMIz6sNPnCEvS49kzeV7Kkuq9Q0JSIt8 fSu1XYcvKrZi5HZQFeFgm1BNSX4hDqW658Bw3L3/735XTB6G9EEt883yWNaHIxcoXn1Q LOtOiOC9nb9TPgsMMPox/p2esVyc2X9wBN44JXLnOJbyldUOba1sJhArpN8IfF8jTOAw RLGRpPFLkJZSkZN4zqM/TG+CRrCCOWlEk9FV7CIjvb9235spP8JiwuP0eCIPUgYiJb2q jrWBQf7WIUFDYMXC59G9QAehLqvGDlUTX7RImZJIL/wYXxIm5E559wxQre0V0kXiID/u 2H9Q== X-Gm-Message-State: AOAM533/3hmTsA2X94/tw5otuFqJI4J5xKmnHZ8ed1wlNom3T1S7tos6 bI7+qjczjvWm4Gc/nrS//Fd6Jo2o44ZpiJz91nehbeVRaCDlUpsEmbp5O97/WYFRN2WwUw+LvtE ZiY52Pq61b3flO3MEsICWKrpcM2Eh2yb5/leSgq+RIn3x1ckMmCJ8hWqqZhJUO6GKT50ZxA== X-Received: by 2002:a17:907:948c:: with SMTP id dm12mr31611617ejc.770.1643907221126; Thu, 03 Feb 2022 08:53:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJyUptYgKo7Iqdi+E3YCm15WlBbXH3o46JdPXeiEXo293Ko/TGU231+lj/hn5iUZDK5QEkkc9Q== X-Received: by 2002:a17:907:948c:: with SMTP id dm12mr31611599ejc.770.1643907220789; Thu, 03 Feb 2022 08:53:40 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b106:e300:32b0:6ebb:8ca4:d4d3]) by smtp.gmail.com with ESMTPSA id bs4sm18141027edb.84.2022.02.03.08.53.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:53:40 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Subject: [PATCH userspace v2 4/6] libsemanage: clean up semanage_direct_commit() a bit Date: Thu, 3 Feb 2022 17:53:25 +0100 Message-Id: <20220203165327.213601-5-omosnace@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220203165327.213601-1-omosnace@redhat.com> References: <20220203165327.213601-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Do some minor cosmetic cleanup, mainly to eliminate the 'rebuilt' goto label. Signed-off-by: Ondrej Mosnacek --- libsemanage/src/direct_api.c | 91 ++++++++++++++++++------------------ 1 file changed, 45 insertions(+), 46 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 7eb6938b..f0bd7716 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -994,6 +994,16 @@ cleanup: return status; } +/* Files that must exist in order to skip policy rebuild. */ +static const int semanage_computed_files[] = { + SEMANAGE_STORE_KERNEL, + SEMANAGE_STORE_FC, + SEMANAGE_STORE_SEUSERS, + SEMANAGE_LINKED, + SEMANAGE_SEUSERS_LINKED, + SEMANAGE_USERS_EXTRA_LINKED +}; + /* Copies a file from src to dst. If dst already exists then * overwrite it. If source doesn't exist then return success. * Returns 0 on success, -1 on error. */ @@ -1053,6 +1063,14 @@ static int semanage_direct_commit(semanage_handle_t * sh) seusers_modified = seusers->dtable->is_modified(seusers->dbase); fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase); + /* Before we do anything else, flush the join to its component parts. + * This *does not* flush to disk automatically */ + if (users->dtable->is_modified(users->dbase)) { + retval = users->dtable->flush(sh, users->dbase); + if (retval < 0) + goto cleanup; + } + /* Rebuild if explicitly requested or any module changes occurred. */ do_rebuild = sh->do_rebuild | sh->modules_modified; @@ -1119,14 +1137,6 @@ static int semanage_direct_commit(semanage_handle_t * sh) } } - /* Before we do anything else, flush the join to its component parts. - * This *does not* flush to disk automatically */ - if (users->dtable->is_modified(users->dbase)) { - retval = users->dtable->flush(sh, users->dbase); - if (retval < 0) - goto cleanup; - } - /* * This is for systems that have already migrated with an older version * of semanage_migrate_store. The older version did not copy @@ -1135,48 +1145,20 @@ static int semanage_direct_commit(semanage_handle_t * sh) * in order to skip re-linking are present; otherwise, we force * a rebuild. */ - if (!do_rebuild) { - int files[] = {SEMANAGE_STORE_KERNEL, - SEMANAGE_STORE_FC, - SEMANAGE_STORE_SEUSERS, - SEMANAGE_LINKED, - SEMANAGE_SEUSERS_LINKED, - SEMANAGE_USERS_EXTRA_LINKED}; - - for (i = 0; i < (int) ARRAY_SIZE(files); i++) { - path = semanage_path(SEMANAGE_TMP, files[i]); - if (stat(path, &sb) != 0) { - if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); - retval = -1; - goto cleanup; - } - - do_rebuild = 1; - goto rebuild; + for (i = 0; !do_rebuild && i < (int)ARRAY_SIZE(semanage_computed_files); i++) { + path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]); + if (stat(path, &sb) != 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + retval = -1; + goto cleanup; } + + do_rebuild = 1; + break; } } -rebuild: - /* - * Now that we know whether or not a rebuild is required, - * we can determine what else needs to be done. - * We need to write the kernel policy if we are rebuilding - * or if any other policy component that lives in the kernel - * policy has been modified. - * We need to install the policy files if any of the managed files - * that live under /etc/selinux (kernel policy, seusers, file contexts) - * will be modified. - */ - do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | - ibendports_modified | - bools->dtable->is_modified(bools->dbase) | - ifaces->dtable->is_modified(ifaces->dbase) | - nodes->dtable->is_modified(nodes->dbase) | - users->dtable->is_modified(users_base->dbase); - do_install = do_write_kernel | seusers_modified | fcontexts_modified; - /* * If there were policy changes, or explicitly requested, or * any required files are missing, rebuild the policy. @@ -1330,6 +1312,23 @@ rebuild: } } + /* + * Determine what else needs to be done. + * We need to write the kernel policy if we are rebuilding + * or if any other policy component that lives in the kernel + * policy has been modified. + * We need to install the policy files if any of the managed files + * that live under /etc/selinux (kernel policy, seusers, file contexts) + * will be modified. + */ + do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | + ibendports_modified | + bools->dtable->is_modified(bools->dbase) | + ifaces->dtable->is_modified(ifaces->dbase) | + nodes->dtable->is_modified(nodes->dbase) | + users->dtable->is_modified(users_base->dbase); + do_install = do_write_kernel | seusers_modified | fcontexts_modified; + /* Attach our databases to the policydb we just created or loaded. */ dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out); dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); From patchwork Thu Feb 3 16:53:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12734355 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD0C1C433F5 for ; Thu, 3 Feb 2022 16:53:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233351AbiBCQxt (ORCPT ); Thu, 3 Feb 2022 11:53:49 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:38821 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352453AbiBCQxp (ORCPT ); Thu, 3 Feb 2022 11:53:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643907225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zGv6bPtumEMo8FJ1eMId97fCbbf94xuAltSewWRlwEA=; b=LlLSnltKsYaMj0nHpIZv1avngIe9EidxwTJbwaF+iP9sfQXsm/4YWRusAPcNsHA+Q2kaOt gtJS7nLYQwbYCyYE4nrz/0CDEnC3dus7GsRa6k5oktB25pnsEkkzixQHyAwJmNUcaG1roF eNaF/9IzF7EJXV3X/A/31zT+X/GQcCg= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-512-YO1ZLoosMQqMSg9Zl4jUXA-1; Thu, 03 Feb 2022 11:53:44 -0500 X-MC-Unique: YO1ZLoosMQqMSg9Zl4jUXA-1 Received: by mail-ed1-f71.google.com with SMTP id w15-20020a056402268f00b00408234dc1dfso1755595edd.16 for ; Thu, 03 Feb 2022 08:53:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zGv6bPtumEMo8FJ1eMId97fCbbf94xuAltSewWRlwEA=; b=LpMH6MiNo1QoFiDRUQDt10eJS47ZA5zVzXY3QM6bgH3oZPQCnwPt9Unetb1Lvq8TXb yeoQEyii9ifS4yjq8pI1wwyhFGhSQshfyf76JJ9WijZC9SfT3oUDSJ1/IFggMQ4ZDXQS Jq/Ly9K/5wIE9OxlDp2XtF13yVAG/+aCA5yv3iwMiSjtNsDCfiXX5IRcT0YQRojQwc+n kb3hpfkQnZMmBrvwhvXb4mQiJrHg1EpxfVcGHcA3hta3D/XMTaTbTFsEcYoz/A3MGJIu EPrg0dh9vp7vToIysqltmlWfgkGFoXY0f9rVaD3XWM5yI1FqhqmPM52l5ECTvUwnE2a+ tTFQ== X-Gm-Message-State: AOAM53111Ff5M4oQGrCRte/1fQgdOVEVwyhmgyDYhLrtDma/pUH1u47T +PaV42YCJXud5fnF+MSYZpnbzeOEnOOFYQynU7W/SGNCQYfWqExS3O8A8/RC1nDS5b/8OcgOOEf G47McHBsZVgULa+fayNvu04KiXJ1Uliw+m42uuu7YpirFQKY3ZUjtCgLDkKs7IWtmRlzCYw== X-Received: by 2002:a05:6402:35d0:: with SMTP id z16mr36287029edc.149.1643907222097; Thu, 03 Feb 2022 08:53:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJx5PPdSsF23fHTl/T692kvYiTNt3k7KcBy5BxHkSo5Pz7PvSbi2OwALi4fFgLjXKDZg1lPUDA== X-Received: by 2002:a05:6402:35d0:: with SMTP id z16mr36286998edc.149.1643907221603; Thu, 03 Feb 2022 08:53:41 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b106:e300:32b0:6ebb:8ca4:d4d3]) by smtp.gmail.com with ESMTPSA id bs4sm18141027edb.84.2022.02.03.08.53.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:53:41 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Subject: [PATCH userspace v2 5/6] libsemanage: optionally rebuild policy when modules are changed externally Date: Thu, 3 Feb 2022 17:53:26 +0100 Message-Id: <20220203165327.213601-6-omosnace@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220203165327.213601-1-omosnace@redhat.com> References: <20220203165327.213601-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In Fedora/RHEL's selinux-policy package we ship a pre-built SELinux policy store in the RPMs. When updating the main policy RPM, care must be taken to rebuild the policy using `semodule -B` if there are any other SELinux modules installed (whether shipped via another RPM or manually installed locally). However, this way of shipping/managing the policy creates complications on systems, where system files are managed by rpm-ostree (such as Fedora CoreOS or Red Hat CoreOS), where the "package update" process is more sophisticated. (Disclaimer: The following is written according to my current limited understanding of rpm-ostree and may not be entirely accurate, but the gist of it should match the reality.) Basically, one can think of rpm-ostree as a kind of Git for system files. The package content is provided on a "branch", where each "commit" represents a set of package updates layered on top of the previous commit (i.e. it is a rolling release with some defined package content snapshots). The user can then maintain their own branch with additional package updates/installations/... and "rebase" it on top of the main branch as needed. On top of that, the user can also have additional configuration files (or modifications to existing files) in /etc, which represent an additional layer on top of the package content. When updating the system (i.e. rebasing on a new "commit" of the "main branch"), the files on the running system are not touched and the new system state is prepared under a new root directory, which is chrooted into on the next reboot. When an rpm-ostree system is updated, there are three moments when the SELinux module store needs to be rebuilt to ensure that all modules are included in the binary policy: 1. When the local RPM installations are applied on top of the base system snapshot. 2. When local user configuartion is applied on top of that. 3. On system shutdown, to ensure that any changes in local configuration performed since (2.) are reflected in the final new system image. Forcing a full rebuild at each step is not optimal and in many cases is not necessary, as the user may not have any custom modules installed. Thus, this patch extends libsemanage to compute a checksum of the content of all enabled modules, which is stored in the store, and adds a flag to the libsemanage handle that instructs it to check the module content checksum against the one from the last successful transaction and force a full policy rebuild if they don't match. This will allow rpm-ostree systems to potentially reduce delays when reconciling the module store when applying updates. I wasn't able to measure any noticeable overhead of the hash computation, which is now added for every transaction (both before and after this change a full policy rebuild took about 7 seconds on my test x86 VM). With the new option check_ext_changes enabled, rebuilding a policy store with unchanged modules took only about 0.96 seconds. Signed-off-by: Ondrej Mosnacek --- libsemanage/include/semanage/handle.h | 5 + libsemanage/src/direct_api.c | 187 +++++++++++++++++++++----- libsemanage/src/handle.c | 11 +- libsemanage/src/handle.h | 1 + libsemanage/src/libsemanage.map | 1 + libsemanage/src/modules.c | 4 +- libsemanage/src/modules.h | 3 + libsemanage/src/semanage_store.c | 1 + libsemanage/src/semanage_store.h | 1 + 9 files changed, 175 insertions(+), 39 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index 946d69bc..0157be4f 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -66,6 +66,11 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); * 1 for yes, 0 for no (default) */ extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); +/* set whether to rebuild the policy on commit when potential changes + * to module files since last rebuild are detected, + * 1 for yes (default), 0 for no */ +extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); + /* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path * corresponding to lang_ext. * Upon success returns 0, -1 on error. */ diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index f0bd7716..d83941b0 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -33,6 +33,8 @@ #include #include #include +#include +#include #include #include #include @@ -56,8 +58,7 @@ #include "semanage_store.h" #include "database_policydb.h" #include "policy.h" -#include -#include +#include "sha256.h" #define PIPE_READ 0 #define PIPE_WRITE 1 @@ -450,7 +451,7 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, /* Writes a block of data to a file. Returns 0 on success, -1 on * error. */ static int write_file(semanage_handle_t * sh, - const char *filename, char *data, size_t num_bytes) + const char *filename, const char *data, size_t num_bytes) { int out; @@ -850,8 +851,21 @@ cleanup: return ret; } +static void update_checksum_with_len(Sha256Context *context, size_t s) +{ + int i; + uint8_t buffer[8]; + + for (i = 0; i < 8; i++) { + buffer[i] = s & 0xff; + s >>= 8; + } + Sha256Update(context, buffer, 8); +} + static int semanage_compile_module(semanage_handle_t *sh, - semanage_module_info_t *modinfo) + semanage_module_info_t *modinfo, + Sha256Context *context) { char cil_path[PATH_MAX]; char hll_path[PATH_MAX]; @@ -922,6 +936,11 @@ static int semanage_compile_module(semanage_handle_t *sh, goto cleanup; } + if (context) { + update_checksum_with_len(context, cil_data_len); + Sha256Update(context, cil_data, cil_data_len); + } + status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); if (status == -1) { ERR(sh, "Failed to write %s\n", cil_path); @@ -950,18 +969,40 @@ cleanup: return status; } +static int modinfo_cmp(const void *a, const void *b) +{ + const semanage_module_info_t *ma = a; + const semanage_module_info_t *mb = b; + + return strcmp(ma->name, mb->name); +} + static int semanage_compile_hll_modules(semanage_handle_t *sh, - semanage_module_info_t *modinfos, - int num_modinfos) + semanage_module_info_t *modinfos, + int num_modinfos, + char *cil_checksum) { - int status = 0; - int i; + /* to be incremented when checksum input data format changes */ + static const size_t CHECKSUM_EPOCH = 1; + + int i, status = 0; char cil_path[PATH_MAX]; struct stat sb; + Sha256Context context; + SHA256_HASH hash; + struct file_contents contents = {}; assert(sh); assert(modinfos); + /* Sort modules by name to get consistent ordering. */ + qsort(modinfos, num_modinfos, sizeof(*modinfos), &modinfo_cmp); + + Sha256Initialise(&context); + update_checksum_with_len(&context, CHECKSUM_EPOCH); + + /* prefix with module count to avoid collisions */ + update_checksum_with_len(&context, num_modinfos); for (i = 0; i < num_modinfos; i++) { status = semanage_module_get_path( sh, @@ -969,29 +1010,91 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, SEMANAGE_MODULE_PATH_CIL, cil_path, sizeof(cil_path)); - if (status != 0) { - goto cleanup; - } + if (status != 0) + return -1; - if (semanage_get_ignore_module_cache(sh) == 0 && - (status = stat(cil_path, &sb)) == 0) { - continue; - } - if (status != 0 && errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno)); - goto cleanup; //an error in the "stat" call + if (!semanage_get_ignore_module_cache(sh)) { + status = stat(cil_path, &sb); + if (status == 0) { + status = map_compressed_file(sh, cil_path, &contents); + if (status < 0) { + ERR(sh, "Error mapping file: %s", cil_path); + return -1; + } + + /* prefix with length to avoid collisions */ + update_checksum_with_len(&context, contents.len); + Sha256Update(&context, contents.data, contents.len); + + unmap_compressed_file(&contents); + continue; + } else if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", cil_path, + strerror(errno)); + return -1; //an error in the "stat" call + } } - status = semanage_compile_module(sh, &modinfos[i]); - if (status < 0) { - goto cleanup; + status = semanage_compile_module(sh, &modinfos[i], &context); + if (status < 0) + return -1; + } + Sha256Finalise(&context, &hash); + + semanage_hash_to_checksum_string(hash.bytes, cil_checksum); + return 0; +} + +static int semanage_compare_checksum(semanage_handle_t *sh, const char *reference) +{ + const char *path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES_CHECKSUM); + struct stat sb; + int fd, retval; + char *data; + + fd = open(path, O_RDONLY); + if (fd == -1) { + if (errno != ENOENT) { + ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); + return -1; } + /* Checksum file not present - force a rebuild. */ + return 1; + } + + if (fstat(fd, &sb) == -1) { + ERR(sh, "Unable to stat %s\n", path); + retval = -1; + goto out_close; } - status = 0; + if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) { + /* Incompatible/invalid hash type - just force a rebuild. */ + WARN(sh, "Module checksum invalid - forcing a rebuild\n"); + retval = 1; + goto out_close; + } -cleanup: - return status; + data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); + if (data == MAP_FAILED) { + ERR(sh, "Unable to mmap %s\n", path); + retval = -1; + goto out_close; + } + + retval = memcmp(data, reference, CHECKSUM_CONTENT_SIZE) != 0; + munmap(data, sb.st_size); +out_close: + close(fd); + return retval; +} + +static int semanage_write_modules_checksum(semanage_handle_t *sh, + const char *checksum) +{ + const char *path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES_CHECKSUM); + + return write_file(sh, path, checksum, CHECKSUM_CONTENT_SIZE); } /* Files that must exist in order to skip policy rebuild. */ @@ -1030,6 +1133,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) semanage_module_info_t *modinfos = NULL; mode_t mask = umask(0077); struct stat sb; + char modules_checksum[CHECKSUM_CONTENT_SIZE + 1 /* '\0' */]; int do_rebuild, do_write_kernel, do_install; int fcontexts_modified, ports_modified, seusers_modified, @@ -1159,28 +1263,45 @@ static int semanage_direct_commit(semanage_handle_t * sh) } } - /* - * If there were policy changes, or explicitly requested, or - * any required files are missing, rebuild the policy. - */ - if (do_rebuild) { - /* =================== Module expansion =============== */ - + if (do_rebuild || sh->check_ext_changes) { retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos); if (retval < 0) { goto cleanup; } + /* No modules - nothing to rebuild. */ if (num_modinfos == 0) { goto cleanup; } - retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos); + retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, + modules_checksum); if (retval < 0) { ERR(sh, "Failed to compile hll files into cil files.\n"); goto cleanup; } + if (!do_rebuild && sh->check_ext_changes) { + retval = semanage_compare_checksum(sh, modules_checksum); + if (retval < 0) + goto cleanup; + do_rebuild = retval; + } + + retval = semanage_write_modules_checksum(sh, modules_checksum); + if (retval < 0) { + ERR(sh, "Failed to write module checksum file.\n"); + goto cleanup; + } + } + + /* + * If there were policy changes, or explicitly requested, or + * any required files are missing, rebuild the policy. + */ + if (do_rebuild) { + /* =================== Module expansion =============== */ + retval = semanage_get_cil_paths(sh, modinfos, num_modinfos, &mod_filenames); if (retval < 0) goto cleanup; @@ -1703,7 +1824,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, goto cleanup; } - rc = semanage_compile_module(sh, _modinfo); + rc = semanage_compile_module(sh, _modinfo, NULL); if (rc < 0) { goto cleanup; } diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index bb1e6140..b2201ee3 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -116,20 +116,23 @@ semanage_handle_t *semanage_handle_create(void) void semanage_set_rebuild(semanage_handle_t * sh, int do_rebuild) { - assert(sh != NULL); sh->do_rebuild = do_rebuild; - return; } void semanage_set_reload(semanage_handle_t * sh, int do_reload) { - assert(sh != NULL); sh->do_reload = do_reload; - return; +} + +void semanage_set_check_ext_changes(semanage_handle_t * sh, int do_check) +{ + assert(sh != NULL); + + sh->check_ext_changes = do_check; } int semanage_get_hll_compiler_path(semanage_handle_t *sh, diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index e1ce83ba..4d2aae8f 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -61,6 +61,7 @@ struct semanage_handle { int is_in_transaction; int do_reload; /* whether to reload policy after commit */ int do_rebuild; /* whether to rebuild policy if there were no changes */ + int check_ext_changes; /* whether to rebuild if external changes are detected via checksum */ int commit_err; /* set by semanage_direct_commit() if there are * any errors when building or committing the * sandbox to kernel policy at /etc/selinux diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index 00259fc8..c8214b26 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -348,4 +348,5 @@ LIBSEMANAGE_1.1 { LIBSEMANAGE_3.4 { semanage_module_compute_checksum; + semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c index fe937519..c3bd90ac 100644 --- a/libsemanage/src/modules.c +++ b/libsemanage/src/modules.c @@ -979,9 +979,9 @@ int semanage_module_remove_key(semanage_handle_t *sh, } static const char CHECKSUM_TYPE[] = "sha256"; -static const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; +const size_t CHECKSUM_CONTENT_SIZE = sizeof(CHECKSUM_TYPE) + 1 + 2 * SHA256_HASH_SIZE; -static void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) +void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum) { size_t i; diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h index 64d4a157..cf2432c5 100644 --- a/libsemanage/src/modules.h +++ b/libsemanage/src/modules.h @@ -102,4 +102,7 @@ int semanage_module_get_path(semanage_handle_t *sh, char *path, size_t len); +extern const size_t CHECKSUM_CONTENT_SIZE; +void semanage_hash_to_checksum_string(const uint8_t *hash, char *checksum); + #endif diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 633ee731..767f05cb 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -115,6 +115,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { "/disable_dontaudit", "/preserve_tunables", "/modules/disabled", + "/modules_checksum", "/policy.kern", "/file_contexts.local", "/file_contexts.homedirs", diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h index b9ec5664..1fc77da8 100644 --- a/libsemanage/src/semanage_store.h +++ b/libsemanage/src/semanage_store.h @@ -60,6 +60,7 @@ enum semanage_sandbox_defs { SEMANAGE_DISABLE_DONTAUDIT, SEMANAGE_PRESERVE_TUNABLES, SEMANAGE_MODULES_DISABLED, + SEMANAGE_MODULES_CHECKSUM, SEMANAGE_STORE_KERNEL, SEMANAGE_STORE_FC_LOCAL, SEMANAGE_STORE_FC_HOMEDIRS, From patchwork Thu Feb 3 16:53:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 12734354 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33A39C433EF for ; Thu, 3 Feb 2022 16:53:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352447AbiBCQxu (ORCPT ); Thu, 3 Feb 2022 11:53:50 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:55632 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352455AbiBCQxq (ORCPT ); Thu, 3 Feb 2022 11:53:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643907225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3GN1YIOijkPerY3Twy/e4p+uRKzvmr+RrRlaKf/E0JU=; b=c5pK/3NBuslRyeaU7HNazdv+rxrvta9qEqeMwmGXj7AS2JwueMq5xm1M5SH6Ecf5isNlKE IS+1CJ62eul00Pj7qC+0n7rtlMaA/i+WA46V1hJQxE7NJA9Pewtsyd0tQCB5yaGjldh45t aEWsobe43gA5eAlxKZNNSvHAXNlfyUo= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-527-DC2aF5FUMyuVTq0yTsVVOA-1; Thu, 03 Feb 2022 11:53:44 -0500 X-MC-Unique: DC2aF5FUMyuVTq0yTsVVOA-1 Received: by mail-ed1-f70.google.com with SMTP id n7-20020a05640205c700b0040b7be76147so1774549edx.10 for ; Thu, 03 Feb 2022 08:53:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3GN1YIOijkPerY3Twy/e4p+uRKzvmr+RrRlaKf/E0JU=; b=sU9Ikc07KDtdCrDHqy7IL4H2on+F/QRO+2oMocxQL041xpm49uIlU67S+tPY7BCP4V fH/tXeO4acEwc6D+JoNDZMMqZyl5fAcCZbuIxxW7ir5dM4ppUTLzgCxQZIXNptkdxAMO rgS909CMlTEJgOWihxahI9b6eWPlnnJZYrTfZUZt9s2YC2R107r68xB/rQ8NL8yCCLPH Kte4vF1qzhyyK2rKUl9Q3MPDXssP3W2FHmW6CZi863Q2RQSxxypnlm2BUnzVzvJfIZYX jzVfpboqVG9O2luBUyDGsImdOCqQeH7dbmiir07OvkGK0afrXjJDPmLpCuKrAchNDHRO ElNw== X-Gm-Message-State: AOAM532afdGee4rkoT/JZIogJlTEwPdgm44u9XIo4z2jPZO1wlYGrA/6 d24aC/ZUAK53OHLeDrOK85KmlBucGcoe70S2i2z8vYiw0KcdSczYa8qS3M9GGthzcPIXLrRNA48 40pIX2qJIWdU05SxcDHp+ekzDLIOrGfMgz65hQP+5+u4HWvRyejX0SxNjU0CMps7pXhy2Bw== X-Received: by 2002:a17:907:16a9:: with SMTP id hc41mr31647787ejc.289.1643907223033; Thu, 03 Feb 2022 08:53:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJykxSuYn+vNbSuimbDdJurbxbYNH4o5GIpOUkDzigj+/kklijd78X33Qmygn8uvVchR3KVgTA== X-Received: by 2002:a17:907:16a9:: with SMTP id hc41mr31647758ejc.289.1643907222607; Thu, 03 Feb 2022 08:53:42 -0800 (PST) Received: from localhost.localdomain ([2a02:8308:b106:e300:32b0:6ebb:8ca4:d4d3]) by smtp.gmail.com with ESMTPSA id bs4sm18141027edb.84.2022.02.03.08.53.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 08:53:42 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Subject: [PATCH userspace v2 6/6] semodule: add command-line option to detect module changes Date: Thu, 3 Feb 2022 17:53:27 +0100 Message-Id: <20220203165327.213601-7-omosnace@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220203165327.213601-1-omosnace@redhat.com> References: <20220203165327.213601-1-omosnace@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add a new command-line option "--rebuild-if-modules-changed" to control the newly introduced check_ext_changes libsemanage flag. For example, running `semodule --rebuild-if-modules-changed` will ensure that any externally added/removed modules (e.g. by an RPM transaction) are reflected in the compiled policy, while skipping the most expensive part of the rebuild if no module change was deteceted since the last libsemanage transaction. Signed-off-by: Ondrej Mosnacek --- policycoreutils/semodule/semodule.8 | 7 +++++++ policycoreutils/semodule/semodule.c | 32 ++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 index 3a2fb21c..d1735d21 100644 --- a/policycoreutils/semodule/semodule.8 +++ b/policycoreutils/semodule/semodule.8 @@ -23,6 +23,13 @@ force a reload of policy .B \-B, \-\-build force a rebuild of policy (also reloads unless \-n is used) .TP +.B \-\-rebuild-if-modules-changed +Force a rebuild of the policy if any changes to module content are detected +(by comparing with checksum from the last transaction). One can use this +instead of \-B to ensure that any changes to the module store done by an +external tool (e.g. a package manager) are applied, while automatically +skipping the rebuild if there are no new changes. +.TP .B \-D, \-\-disable_dontaudit Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt .TP diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index f4a76289..1ed8e690 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -47,6 +47,7 @@ static int verbose; static int reload; static int no_reload; static int build; +static int check_ext_changes; static int disable_dontaudit; static int preserve_tunables; static int ignore_module_cache; @@ -149,6 +150,9 @@ static void usage(char *progname) printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); printf(" -m, --checksum print module checksum (SHA256).\n"); + printf(" --rebuild-if-modules-changed\n" + " force policy rebuild if module content changed since\n" + " last rebuild (based on checksum)\n"); } /* Sets the global mode variable to new_mode, but only if no other @@ -180,6 +184,7 @@ static void set_mode(enum client_modes new_mode, char *arg) static void parse_command_line(int argc, char **argv) { static struct option opts[] = { + {"rebuild-if-modules-changed", 0, NULL, '\0'}, {"store", required_argument, NULL, 's'}, {"base", required_argument, NULL, 'b'}, {"help", 0, NULL, 'h'}, @@ -207,15 +212,26 @@ static void parse_command_line(int argc, char **argv) }; int extract_selected = 0; int cil_hll_set = 0; - int i; + int i, longind; verbose = 0; reload = 0; no_reload = 0; + check_ext_changes = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts, - NULL)) != -1) { + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", + opts, &longind)) != -1) { switch (i) { + case '\0': + switch(longind) { + case 0: /* --rebuild-if-modules-changed */ + check_ext_changes = 1; + break; + default: + usage(argv[0]); + exit(1); + } + break; case 'b': fprintf(stderr, "The --base option is deprecated. Use --install instead.\n"); set_mode(INSTALL_M, optarg); @@ -300,13 +316,13 @@ static void parse_command_line(int argc, char **argv) } } } - if ((build || reload) && num_commands) { + if ((build || reload || check_ext_changes) && num_commands) { fprintf(stderr, "build or reload should not be used with other commands\n"); usage(argv[0]); exit(1); } - if (num_commands == 0 && reload == 0 && build == 0) { + if (num_commands == 0 && reload == 0 && build == 0 && check_ext_changes == 0) { fprintf(stderr, "At least one mode must be specified.\n"); usage(argv[0]); exit(1); @@ -395,7 +411,7 @@ int main(int argc, char *argv[]) cil_set_log_level(CIL_ERR + verbose); - if (build) + if (build || check_ext_changes) commit = 1; sh = semanage_handle_create(); @@ -434,7 +450,7 @@ int main(int argc, char *argv[]) } } - if (build) { + if (build || check_ext_changes) { if ((result = semanage_begin_transaction(sh)) < 0) { fprintf(stderr, "%s: Could not begin transaction: %s\n", argv[0], errno ? strerror(errno) : ""); @@ -807,6 +823,8 @@ cleanup_disable: semanage_set_reload(sh, 0); if (build) semanage_set_rebuild(sh, 1); + if (check_ext_changes) + semanage_set_check_ext_changes(sh, 1); if (disable_dontaudit) semanage_set_disable_dontaudit(sh, 1); else if (build)