[PATCH v2 3/3] lbespol: remove wild cards in mapfile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: William Roberts <william.c.roberts@xxxxxxxxx>

With the old hidden_def and hidden_proto DSO infrastructure removed,
correctness of the map file becomes paramount, as it is what filters out
public API. Because of this, the wild cards should not be used, as it
lets some functions through that should not be made public API. Thus
remove the wild cards, and sort the list.

Additionally, verify that nothing changed in external symbols as well:

This was checked by generating an old export map (from master):
nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map

Then creating a new one for this library after this patch is applied:
nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map

And diffing them:
diff old.map new.map

Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
---
 libsepol/src/libsepol.map.in | 275 +++++++++++++++++++++++++++++++----
 1 file changed, 245 insertions(+), 30 deletions(-)

diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
index f4946a79cae7..f08c2a861693 100644
--- a/libsepol/src/libsepol.map.in
+++ b/libsepol/src/libsepol.map.in
@@ -1,39 +1,254 @@
 LIBSEPOL_1.0 {
-  global: 
-	expand_module_avrules;
-	sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages;
-	sepol_bool_*; sepol_genbools*; 
-	sepol_context_*; sepol_mls_*; sepol_check_context;
-	sepol_iface_*; 
-	sepol_port_*;
-	sepol_ibpkey_*;
-	sepol_ibendport_*;
-	sepol_node_*;
-	sepol_user_*; sepol_genusers; sepol_set_delusers;
-	sepol_msg_*; sepol_debug;
-	sepol_handle_*;
-	sepol_policydb_*; sepol_set_policydb_from_file; 
-	sepol_policy_kern_*;
-	sepol_policy_file_*;
-	sepol_get_disable_dontaudit;
-	sepol_set_disable_dontaudit;
-	sepol_set_expand_consume_base;
-	sepol_get_preserve_tunables; sepol_set_preserve_tunables;
+  global:
+	cil_add_file;
+	cil_build_policydb;
+	cil_compile;
+	cil_db_destroy;
 	cil_db_init;
+	cil_filecons_to_string;
+	cil_selinuxusers_to_string;
 	cil_set_disable_dontaudit;
 	cil_set_disable_neverallow;
-	cil_set_preserve_tunables;
 	cil_set_handle_unknown;
-	cil_db_destroy;
-	cil_add_file;
-	cil_compile;
-	cil_build_policydb;
-	cil_userprefixes_to_string;
-	cil_selinuxusers_to_string;
-	cil_filecons_to_string;
-	cil_set_log_level;
 	cil_set_log_handler;
-	cil_set_malloc_error_handler;
+	cil_set_log_level;
+	cil_set_preserve_tunables;
+	cil_userprefixes_to_string;
+	expand_module_avrules;
+	sepol_bool_clone;
+	sepol_bool_compare;
+	sepol_bool_compare2;
+	sepol_bool_count;
+	sepol_bool_create;
+	sepol_bool_exists;
+	sepol_bool_free;
+	sepol_bool_get_name;
+	sepol_bool_get_value;
+	sepol_bool_iterate;
+	sepol_bool_key_create;
+	sepol_bool_key_extract;
+	sepol_bool_key_free;
+	sepol_bool_key_unpack;
+	sepol_bool_query;
+	sepol_bool_set;
+	sepol_bool_set_name;
+	sepol_bool_set_value;
+	sepol_check_context;
+	sepol_context_check;
+	sepol_context_clone;
+	sepol_context_create;
+	sepol_context_free;
+	sepol_context_from_string;
+	sepol_context_get_mls;
+	sepol_context_get_role;
+	sepol_context_get_type;
+	sepol_context_get_user;
+	sepol_context_set_mls;
+	sepol_context_set_role;
+	sepol_context_set_type;
+	sepol_context_set_user;
+	sepol_context_to_string;
+	sepol_debug;
+	sepol_expand_module;
+	sepol_genbools;
+	sepol_genbools_array;
+	sepol_genusers;
+	sepol_get_disable_dontaudit;
+	sepol_get_preserve_tunables;
+	sepol_handle_create;
+	sepol_handle_destroy;
+	sepol_ibendport_alloc_ibdev_name;
+	sepol_ibendport_clone;
+	sepol_ibendport_compare;
+	sepol_ibendport_compare2;
+	sepol_ibendport_count;
+	sepol_ibendport_create;
+	sepol_ibendport_exists;
+	sepol_ibendport_free;
+	sepol_ibendport_get_con;
+	sepol_ibendport_get_ibdev_name;
+	sepol_ibendport_get_port;
+	sepol_ibendport_iterate;
+	sepol_ibendport_key_create;
+	sepol_ibendport_key_extract;
+	sepol_ibendport_key_free;
+	sepol_ibendport_key_unpack;
+	sepol_ibendport_modify;
+	sepol_ibendport_query;
+	sepol_ibendport_set_con;
+	sepol_ibendport_set_ibdev_name;
+	sepol_ibendport_set_port;
+	sepol_ibpkey_clone;
+	sepol_ibpkey_compare;
+	sepol_ibpkey_compare2;
+	sepol_ibpkey_count;
+	sepol_ibpkey_create;
+	sepol_ibpkey_exists;
+	sepol_ibpkey_free;
+	sepol_ibpkey_get_con;
+	sepol_ibpkey_get_high;
+	sepol_ibpkey_get_low;
+	sepol_ibpkey_get_subnet_prefix;
+	sepol_ibpkey_get_subnet_prefix_bytes;
+	sepol_ibpkey_iterate;
+	sepol_ibpkey_key_create;
+	sepol_ibpkey_key_extract;
+	sepol_ibpkey_key_free;
+	sepol_ibpkey_key_unpack;
+	sepol_ibpkey_modify;
+	sepol_ibpkey_query;
+	sepol_ibpkey_set_con;
+	sepol_ibpkey_set_pkey;
+	sepol_ibpkey_set_range;
+	sepol_ibpkey_set_subnet_prefix;
+	sepol_ibpkey_set_subnet_prefix_bytes;
+	sepol_iface_clone;
+	sepol_iface_compare;
+	sepol_iface_compare2;
+	sepol_iface_count;
+	sepol_iface_create;
+	sepol_iface_exists;
+	sepol_iface_free;
+	sepol_iface_get_ifcon;
+	sepol_iface_get_msgcon;
+	sepol_iface_get_name;
+	sepol_iface_iterate;
+	sepol_iface_key_create;
+	sepol_iface_key_extract;
+	sepol_iface_key_free;
+	sepol_iface_key_unpack;
+	sepol_iface_modify;
+	sepol_iface_query;
+	sepol_iface_set_ifcon;
+	sepol_iface_set_msgcon;
+	sepol_iface_set_name;
+	sepol_link_modules;
+	sepol_link_packages;
+	sepol_mls_check;
+	sepol_mls_contains;
+	sepol_module_package_create;
+	sepol_module_package_free;
+	sepol_module_package_get_file_contexts;
+	sepol_module_package_get_file_contexts_len;
+	sepol_module_package_get_netfilter_contexts;
+	sepol_module_package_get_netfilter_contexts_len;
+	sepol_module_package_get_policy;
+	sepol_module_package_get_seusers;
+	sepol_module_package_get_seusers_len;
+	sepol_module_package_get_user_extra;
+	sepol_module_package_get_user_extra_len;
+	sepol_module_package_info;
+	sepol_module_package_read;
+	sepol_module_package_set_file_contexts;
+	sepol_module_package_set_netfilter_contexts;
+	sepol_module_package_set_seusers;
+	sepol_module_package_set_user_extra;
+	sepol_module_package_write;
+	sepol_msg_get_channel;
+	sepol_msg_get_fname;
+	sepol_msg_get_level;
+	sepol_msg_set_callback;
+	sepol_node_clone;
+	sepol_node_compare;
+	sepol_node_compare2;
+	sepol_node_count;
+	sepol_node_create;
+	sepol_node_exists;
+	sepol_node_free;
+	sepol_node_get_addr;
+	sepol_node_get_addr_bytes;
+	sepol_node_get_con;
+	sepol_node_get_mask;
+	sepol_node_get_mask_bytes;
+	sepol_node_get_proto;
+	sepol_node_get_proto_str;
+	sepol_node_iterate;
+	sepol_node_key_create;
+	sepol_node_key_extract;
+	sepol_node_key_free;
+	sepol_node_key_unpack;
+	sepol_node_modify;
+	sepol_node_query;
+	sepol_node_set_addr;
+	sepol_node_set_addr_bytes;
+	sepol_node_set_con;
+	sepol_node_set_mask;
+	sepol_node_set_mask_bytes;
+	sepol_node_set_proto;
+	sepol_policydb_compat_net;
+	sepol_policydb_create;
+	sepol_policydb_free;
+	sepol_policydb_from_image;
+	sepol_policydb_mls_enabled;
+	sepol_policydb_read;
+	sepol_policydb_set_handle_unknown;
+	sepol_policydb_set_target_platform;
+	sepol_policydb_set_typevers;
+	sepol_policydb_set_vers;
+	sepol_policydb_to_image;
+	sepol_policydb_write;
+	sepol_policy_file_create;
+	sepol_policy_file_free;
+	sepol_policy_file_get_len;
+	sepol_policy_file_set_fp;
+	sepol_policy_file_set_handle;
+	sepol_policy_file_set_mem;
+	sepol_policy_kern_vers_max;
+	sepol_policy_kern_vers_min;
+	sepol_port_clone;
+	sepol_port_compare;
+	sepol_port_compare2;
+	sepol_port_count;
+	sepol_port_create;
+	sepol_port_exists;
+	sepol_port_free;
+	sepol_port_get_con;
+	sepol_port_get_high;
+	sepol_port_get_low;
+	sepol_port_get_proto;
+	sepol_port_get_proto_str;
+	sepol_port_iterate;
+	sepol_port_key_create;
+	sepol_port_key_extract;
+	sepol_port_key_free;
+	sepol_port_key_unpack;
+	sepol_port_modify;
+	sepol_port_query;
+	sepol_port_set_con;
+	sepol_port_set_port;
+	sepol_port_set_proto;
+	sepol_port_set_range;
+	sepol_set_delusers;
+	sepol_set_disable_dontaudit;
+	sepol_set_expand_consume_base;
+	sepol_set_policydb_from_file;
+	sepol_set_preserve_tunables;
+	sepol_user_add_role;
+	sepol_user_clone;
+	sepol_user_compare;
+	sepol_user_compare2;
+	sepol_user_count;
+	sepol_user_create;
+	sepol_user_del_role;
+	sepol_user_exists;
+	sepol_user_free;
+	sepol_user_get_mlslevel;
+	sepol_user_get_mlsrange;
+	sepol_user_get_name;
+	sepol_user_get_num_roles;
+	sepol_user_get_roles;
+	sepol_user_has_role;
+	sepol_user_iterate;
+	sepol_user_key_create;
+	sepol_user_key_extract;
+	sepol_user_key_free;
+	sepol_user_key_unpack;
+	sepol_user_modify;
+	sepol_user_query;
+	sepol_user_set_mlslevel;
+	sepol_user_set_mlsrange;
+	sepol_user_set_name;
+	sepol_user_set_roles;
   local: *;
 };
 
-- 
2.17.1
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux