diff options
| author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-09-28 20:46:50 +0300 |
|---|---|---|
| committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-09-28 20:46:50 +0300 |
| commit | d73e39703a0260c8911cb439b579e1c2bada4b20 (patch) | |
| tree | 4fa9f965ae954c587ab773ecaced6b8f8e18d359 /poky/meta/recipes-core/dbus | |
| parent | 6f106a0a4ce15fe0678d4ffefd572e6978c72597 (diff) | |
| parent | 6d8c5d2c6204714ca6b7a43f04348162b683cdbc (diff) | |
| download | openbmc-d73e39703a0260c8911cb439b579e1c2bada4b20.tar.xz | |
Merge tag '0.75' of ssh://git-amr-1.devtools.intel.com:29418/openbmc-openbmc into update
Diffstat (limited to 'poky/meta/recipes-core/dbus')
| -rw-r--r-- | poky/meta/recipes-core/dbus/dbus-glib_0.112.bb | 18 | ||||
| -rw-r--r-- | poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb | 8 | ||||
| -rw-r--r-- | poky/meta/recipes-core/dbus/dbus.inc | 11 | ||||
| -rw-r--r-- | poky/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch | 148 | ||||
| -rw-r--r-- | poky/meta/recipes-core/dbus/dbus_1.12.20.bb | 40 |
5 files changed, 187 insertions, 38 deletions
diff --git a/poky/meta/recipes-core/dbus/dbus-glib_0.112.bb b/poky/meta/recipes-core/dbus/dbus-glib_0.112.bb index 003c3accc..99b0a2000 100644 --- a/poky/meta/recipes-core/dbus/dbus-glib_0.112.bb +++ b/poky/meta/recipes-core/dbus/dbus-glib_0.112.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c31c73c1d8f5d06784b2ccd22e42d641 \ SECTION = "base" DEPENDS = "expat glib-2.0 virtual/libintl dbus-glib-native dbus" -DEPENDS_class-native = "glib-2.0-native dbus-native" +DEPENDS:class-native = "glib-2.0-native dbus-native" SRC_URI = "https://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-${PV}.tar.gz \ file://no-examples.patch \ @@ -20,20 +20,20 @@ SRC_URI[sha256sum] = "7d550dccdfcd286e33895501829ed971eeb65c614e73aadb4a08aeef71 inherit autotools pkgconfig gettext bash-completion gtk-doc #default disable regression tests, some unit test code in non testing code -#PACKAGECONFIG_pn-${PN} = "tests" enable regression tests local.conf +#PACKAGECONFIG:pn-${PN} = "tests" enable regression tests local.conf PACKAGECONFIG ??= "" PACKAGECONFIG[tests] = "--enable-tests,,," -EXTRA_OECONF_class-target = "--with-dbus-binding-tool=${STAGING_BINDIR_NATIVE}/dbus-binding-tool" +EXTRA_OECONF:class-target = "--with-dbus-binding-tool=${STAGING_BINDIR_NATIVE}/dbus-binding-tool" PACKAGES += "${PN}-tests" -FILES_${PN} = "${libdir}/lib*${SOLIBS}" -FILES_${PN}-bash-completion += "${libexecdir}/dbus-bash-completion-helper" -FILES_${PN}-dev += "${libdir}/dbus-1.0/include ${bindir}/dbus-glib-tool" -FILES_${PN}-dev += "${bindir}/dbus-binding-tool" +FILES:${PN} = "${libdir}/lib*${SOLIBS}" +FILES:${PN}-bash-completion += "${libexecdir}/dbus-bash-completion-helper" +FILES:${PN}-dev += "${libdir}/dbus-1.0/include ${bindir}/dbus-glib-tool" +FILES:${PN}-dev += "${bindir}/dbus-binding-tool" -RDEPENDS_${PN}-tests += "dbus-x11" -FILES_${PN}-tests = "${datadir}/${BPN}/tests" +RDEPENDS:${PN}-tests += "dbus-x11" +FILES:${PN}-tests = "${datadir}/${BPN}/tests" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb b/poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb index 755c841ba..ae7030143 100644 --- a/poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb +++ b/poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb @@ -10,7 +10,7 @@ SRC_URI += "file://run-ptest \ DEPENDS = "dbus glib-2.0" -RDEPENDS_${PN}-dev = "" +RDEPENDS:${PN}-dev = "" S="${WORKDIR}/dbus-${PV}" FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" @@ -58,7 +58,7 @@ do_install_ptest() { sed -i -e 's;@PTEST_PATH@;${PTEST_PATH};g' ${D}${PTEST_PATH}/run-ptest } -RDEPENDS_${PN}-ptest += "bash make dbus" -RDEPENDS_${PN}-ptest_remove = "${PN}" +RDEPENDS:${PN}-ptest += "bash make dbus" +RDEPENDS:${PN}-ptest:remove = "${PN}" -PRIVATE_LIBS_${PN}-ptest = "libdbus-1.so.3" +PRIVATE_LIBS:${PN}-ptest = "libdbus-1.so.3" diff --git a/poky/meta/recipes-core/dbus/dbus.inc b/poky/meta/recipes-core/dbus/dbus.inc index dcbcc0a9d..adc138bf1 100644 --- a/poky/meta/recipes-core/dbus/dbus.inc +++ b/poky/meta/recipes-core/dbus/dbus.inc @@ -8,6 +8,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ file://tmpdir.patch \ file://dbus-1.init \ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ + file://stop_using_selinux_set_mapping.patch \ " SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4" @@ -15,20 +16,20 @@ SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa EXTRA_OECONF = "--disable-xml-docs \ --disable-doxygen-docs \ - --disable-libaudit \ --enable-largefile \ --with-system-socket=/run/dbus/system_bus_socket \ " -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" -EXTRA_OECONF_append_class-native = " --disable-selinux" +EXTRA_OECONF:append:class-target = " SYSTEMCTL=${base_bindir}/systemctl" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ user-session \ " -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" +PACKAGECONFIG:class-native = "" +PACKAGECONFIG:class-nativesdk = "" PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," +PACKAGECONFIG[audit] = "--enable-libaudit,--disable-libaudit,audit" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" diff --git a/poky/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch b/poky/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch new file mode 100644 index 000000000..7035098e4 --- /dev/null +++ b/poky/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch @@ -0,0 +1,148 @@ +From 6072f8b24153d844a3033108a17bcd0c1a967816 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville <bigon@bigon.be> +Date: Sat, 3 Mar 2018 11:15:23 +0100 +Subject: [PATCH] Stop using selinux_set_mapping() function + +Currently, if the "dbus" security class or the associated AV doesn't +exist, dbus-daemon fails to initialize and exits immediately. Also the +security classes or access vector cannot be reordered in the policy. +This can be a problem for people developing their own policy or trying +to access a machine where, for some reasons, there is not policy defined +at all. + +The code here copy the behaviour of the selinux_check_access() function. +We cannot use this function here as it doesn't allow us to define the +AVC entry reference. + +See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2 + +Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198 +--- + bus/selinux.c | 75 ++++++++++++++++++++++++++++----------------------- + 1 file changed, 42 insertions(+), 33 deletions(-) + + +Upstream-Status: Backport +Signed-off-by: Nisha.Parrakat <Nisha.Parrakat@kpit.com> +diff --git a/bus/selinux.c b/bus/selinux.c + +--- a/bus/selinux.c 2021-08-11 14:45:59.048513026 +0000 ++++ b/bus/selinux.c 2021-08-11 14:57:47.144846966 +0000 +@@ -311,24 +311,6 @@ + #endif + } + +-/* +- * Private Flask definitions; the order of these constants must +- * exactly match that of the structure array below! +- */ +-/* security dbus class constants */ +-#define SECCLASS_DBUS 1 +- +-/* dbus's per access vector constants */ +-#define DBUS__ACQUIRE_SVC 1 +-#define DBUS__SEND_MSG 2 +- +-#ifdef HAVE_SELINUX +-static struct security_class_mapping dbus_map[] = { +- { "dbus", { "acquire_svc", "send_msg", NULL } }, +- { NULL } +-}; +-#endif /* HAVE_SELINUX */ +- + /** + * Establish dynamic object class and permission mapping and + * initialize the user space access vector cache (AVC) for D-Bus and set up +@@ -350,13 +332,6 @@ + + _dbus_verbose ("SELinux is enabled in this kernel.\n"); + +- if (selinux_set_mapping (dbus_map) < 0) +- { +- _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).", +- strerror (errno)); +- return FALSE; +- } +- + avc_entry_ref_init (&aeref); + if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0) + { +@@ -421,19 +396,53 @@ + static dbus_bool_t + bus_selinux_check (BusSELinuxID *sender_sid, + BusSELinuxID *override_sid, +- security_class_t target_class, +- access_vector_t requested, ++ const char *target_class, ++ const char *requested, + DBusString *auxdata) + { ++ int saved_errno; ++ security_class_t security_class; ++ access_vector_t requested_access; ++ + if (!selinux_enabled) + return TRUE; + ++ security_class = string_to_security_class (target_class); ++ if (security_class == 0) ++ { ++ saved_errno = errno; ++ log_callback (SELINUX_ERROR, "Unknown class %s", target_class); ++ if (security_deny_unknown () == 0) ++ { ++ return TRUE; ++ } ++ ++ _dbus_verbose ("Unknown class %s\n", target_class); ++ errno = saved_errno; ++ return FALSE; ++ } ++ ++ requested_access = string_to_av_perm (security_class, requested); ++ if (requested_access == 0) ++ { ++ saved_errno = errno; ++ log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class); ++ if (security_deny_unknown () == 0) ++ { ++ return TRUE; ++ } ++ ++ _dbus_verbose ("Unknown permission %s for class %s\n", requested, target_class); ++ errno = saved_errno; ++ return FALSE; ++ } ++ + /* Make the security check. AVC checks enforcing mode here as well. */ + if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), + override_sid ? + SELINUX_SID_FROM_BUS (override_sid) : + bus_sid, +- target_class, requested, &aeref, auxdata) < 0) ++ security_class, requested_access, &aeref, auxdata) < 0) + { + switch (errno) + { +@@ -500,8 +509,8 @@ + + ret = bus_selinux_check (connection_sid, + service_sid, +- SECCLASS_DBUS, +- DBUS__ACQUIRE_SVC, ++ "dbus", ++ "acquire_svc", + &auxdata); + + _dbus_string_free (&auxdata); +@@ -629,8 +638,8 @@ + + ret = bus_selinux_check (sender_sid, + recipient_sid, +- SECCLASS_DBUS, +- DBUS__SEND_MSG, ++ "dbus", ++ "send_msg", + &auxdata); + + _dbus_string_free (&auxdata); diff --git a/poky/meta/recipes-core/dbus/dbus_1.12.20.bb b/poky/meta/recipes-core/dbus/dbus_1.12.20.bb index 2f6da6751..48947209d 100644 --- a/poky/meta/recipes-core/dbus/dbus_1.12.20.bb +++ b/poky/meta/recipes-core/dbus/dbus_1.12.20.bb @@ -7,10 +7,10 @@ require dbus.inc DEPENDS = "expat virtual/libintl autoconf-archive" PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', d)}" -ALLOW_EMPTY_dbus-ptest = "1" -RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" -RDEPENDS_${PN} += "${PN}-common ${PN}-tools" -RDEPENDS_${PN}_class-native = "" +ALLOW_EMPTY:dbus-ptest = "1" +RDEPENDS:dbus-ptest:class-target = "dbus-test-ptest" +RDEPENDS:${PN} += "${PN}-common ${PN}-tools" +RDEPENDS:${PN}:class-native = "" inherit useradd update-rc.d @@ -25,22 +25,22 @@ python __anonymous() { PACKAGES =+ "${PN}-lib ${PN}-common ${PN}-tools" USERADD_PACKAGES = "dbus-common" -USERADD_PARAM_dbus-common = "--system --home ${localstatedir}/lib/dbus \ +USERADD_PARAM:dbus-common = "--system --home ${localstatedir}/lib/dbus \ --no-create-home --shell /bin/false \ --user-group messagebus" -CONFFILES_${PN} = "${sysconfdir}/dbus-1/system.conf ${sysconfdir}/dbus-1/session.conf" +CONFFILES:${PN} = "${sysconfdir}/dbus-1/system.conf ${sysconfdir}/dbus-1/session.conf" -DEBIANNAME_${PN} = "dbus-1" +DEBIANNAME:${PN} = "dbus-1" OLDPKGNAME = "dbus-x11" -OLDPKGNAME_class-nativesdk = "" +OLDPKGNAME:class-nativesdk = "" # for compatibility -RPROVIDES_${PN} = "${OLDPKGNAME}" -RREPLACES_${PN} += "${OLDPKGNAME}" +RPROVIDES:${PN} = "${OLDPKGNAME}" +RREPLACES:${PN} += "${OLDPKGNAME}" -FILES_${PN} = "${bindir}/dbus-daemon* \ +FILES:${PN} = "${bindir}/dbus-daemon* \ ${bindir}/dbus-cleanup-sockets \ ${bindir}/dbus-launch \ ${bindir}/dbus-run-session \ @@ -51,7 +51,7 @@ FILES_${PN} = "${bindir}/dbus-daemon* \ ${systemd_user_unitdir} \ ${nonarch_libdir}/tmpfiles.d/dbus.conf \ " -FILES_${PN}-common = "${sysconfdir}/dbus-1 \ +FILES:${PN}-common = "${sysconfdir}/dbus-1 \ ${datadir}/dbus-1/services \ ${datadir}/dbus-1/system-services \ ${datadir}/dbus-1/session.d \ @@ -64,17 +64,17 @@ FILES_${PN}-common = "${sysconfdir}/dbus-1 \ ${systemd_user_unitdir}/sockets.target.wants \ ${nonarch_libdir}/sysusers.d/dbus.conf \ " -FILES_${PN}-tools = "${bindir}/dbus-uuidgen \ +FILES:${PN}-tools = "${bindir}/dbus-uuidgen \ ${bindir}/dbus-send \ ${bindir}/dbus-monitor \ ${bindir}/dbus-update-activation-environment \ " -FILES_${PN}-lib = "${libdir}/lib*.so.*" -RRECOMMENDS_${PN}-lib = "${PN}" -FILES_${PN}-dev += "${libdir}/dbus-1.0/include ${bindir}/dbus-test-tool ${datadir}/xml/dbus-1" +FILES:${PN}-lib = "${libdir}/lib*.so.*" +RRECOMMENDS:${PN}-lib = "${PN}" +FILES:${PN}-dev += "${libdir}/dbus-1.0/include ${bindir}/dbus-test-tool ${datadir}/xml/dbus-1" PACKAGE_WRITE_DEPS += "${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','systemd-systemctl-native','',d)}" -pkg_postinst_dbus() { +pkg_postinst:dbus() { # If both systemd and sysvinit are enabled, mask the dbus-1 init script if ${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','true','false',d)}; then if [ -n "$D" ]; then @@ -130,7 +130,7 @@ do_install() { rm -rf ${D}${localstatedir}/run } -do_install_class-native() { +do_install:class-native() { autotools_do_install # dbus-launch has no X support so lets not install it in case the host @@ -138,7 +138,7 @@ do_install_class-native() { rm -f ${D}${bindir}/dbus-launch } -do_install_class-nativesdk() { +do_install:class-nativesdk() { autotools_do_install # dbus-launch has no X support so lets not install it in case the host @@ -150,4 +150,4 @@ do_install_class-nativesdk() { } BBCLASSEXTEND = "native nativesdk" -INSANE_SKIP_${PN}-ptest += "build-deps" +INSANE_SKIP:${PN}-ptest += "build-deps" |