!24 [sync] PR-22: fix the problem that pointers access invalid addresses

From: @openeuler-sync-bot 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001

backport-Fix-invalid-memory-access-in-tcti_tabrmd_read.patch

@@ -0,0 +1,37 @@
+From 6af641bfa46130670a8462d1031f9276aeb0af1f Mon Sep 17 00:00:00 2001
+From: Nicolas Iooss <nicolas.iooss@ledger.fr>
+Date: Mon, 27 Sep 2021 16:46:42 +0200
+Subject: [PATCH] tcti: initialize GError to NULL
+
+When an error happens in `tcti_tabrmd_read`, Glib reports:
+
+    (process:905338): GLib-WARNING **: 06:59:08.971: GError set over the
+    top of a previous GError or uninitialized memory.
+    This indicates a bug in someone's code. You must ensure an error is
+    NULL before it's set.
+    The overwriting error message was: Error receiving data: Connection
+    reset by peer
+
+This warning was reported on
+https://github.com/tpm2-software/tpm2-pkcs11/issues/705
+
+Fix the warning by initializing `error` correctly.
+
+Signed-off-by: Nicolas Iooss <nicolas.iooss@ledger.fr>
+---
+ src/tcti-tabrmd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tcti-tabrmd.c b/src/tcti-tabrmd.c
+index dffe9062..f00a1f1c 100644
+--- a/src/tcti-tabrmd.c
++++ b/src/tcti-tabrmd.c
+@@ -187,7 +187,7 @@ tcti_tabrmd_read (TSS2_TCTI_TABRMD_CONTEXT *ctx,
+                   size_t size,
+                   int32_t timeout)
+ {
+-    GError *error;
++    GError *error = NULL;
+     ssize_t num_read;
+     int ret;
+ 

tpm2-abrmd.spec

@@ -1,13 +1,22 @@
+%global selinuxtype targeted
+
 Name:            tpm2-abrmd
-Version:         2.0.1
-Release:         4
+Version:         2.3.3
+Release:         3
 Summary:         A system daemon implementing the TPM2 access broker (TAB) & Resource Manager (RM) spec from the TCG
 License:         BSD
 URL:             https://github.com/tpm2-software/tpm2-abrmd
 Source0:         https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/%{name}-%{version}.tar.gz
 
+Patch6000:       backport-Fix-invalid-memory-access-in-tcti_tabrmd_read.patch
+
 BuildRequires:   systemd pkgconfig(cmocka) pkgconfig(dbus-1) pkgconfig(gio-unix-2.0) pkgconfig(tss2-mu) pkgconfig(tss2-sys)
 BuildRequires:   tpm2-tss-devel libtool autoconf-archive libgcrypt libgcrypt-devel
+BuildRequires:   chrpath
+BuildRequires:   selinux-policy-devel pkgconfig(systemd)
+
+# tpm2-abrmd depends on the package that contains itsSELinux policy module
+Requires: (%{name}-selinux >= 2.3.3-2 if selinux-policy)
 
 %description
 This is a system daemon implementing the TPM2 access broker (TAB) & Resource Manager (RM) spec from the TCG. 
@@ -24,20 +33,46 @@ This package contains development library files, headers and config files of tpm
 
 %package_help
 
+%package selinux
+BuildArch: noarch
+Summary: SELinux policies for tpm2-abrmd
+Requires: selinux-policy >= 0.0.1
+Requires(post): selinux-policy-%{selinuxtype}
+Requires(post): libselinux-utils
+Requires(post): policycoreutils
+Requires(post): policycoreutils-python-utils
+
+%description selinux
+This package contains SELinux policies for tpm2-abrmd
+
 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -p1 -n %{name}-%{version}
 
 %build
 export GDBUS_CODEGEN="/usr/bin/gdbus-codegen"
 %configure --disable-static --disable-silent-rules \
            --with-systemdsystemunitdir=%{_unitdir} \
-           --with-systemdpresetdir=%{_presetdir}
+           --with-systemdpresetdir=%{_presetdir} \
+           --with-sepolicy
 %make_build
 
 %install
+pushd selinux
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -d -p %{buildroot}%{_datadir}/selinux/devel/include/contrib
+install -p -m 644 tabrmd.if %{buildroot}%{_datadir}/selinux/devel/include/contrib
+install -m 0644 tabrmd.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
+popd
+
 %make_install
 %delete_la_and_a
 
+#Remove Rpath
+chrpath -d $RPM_BUILD_ROOT%{_libdir}/libtss2-tcti-tabrmd.so.0.0.0
+chrpath -d $RPM_BUILD_ROOT%{_sbindir}/tpm2-abrmd
+mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
+echo "/usr/lib64/" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+
 %check
 make test
 
@@ -49,6 +84,9 @@ useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \
  -c "Account used by the tpm2-abrmd package to sandbox the tpm2-abrmd daemon" tss
 exit 0
 
+%pre selinux
+%selinux_relabel_pre -s targeted
+
 %preun
 %systemd_preun tpm2-abrmd.service
 
@@ -56,10 +94,21 @@ exit 0
 /sbin/ldconfig
 %systemd_post tpm2-abrmd.service
 
+%post selinux
+%selinux_modules_install -s targeted %{_datadir}/selinux/packages/tabrmd.pp.bz2
+
 %postun
 /sbin/ldconfig
 %systemd_postun tpm2-abrmd.service
 
+%postun selinux
+if [ $1 -eq 0 ]; then
+%selinux_modules_uninstall -s targeted tabrmd
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s targeted
+
 %files
 %defattr(-,root,root)
 %license LICENSE
@@ -70,6 +119,7 @@ exit 0
 %{_presetdir}/tpm2-abrmd.preset
 %{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %files devel
 %defattr(-,root,root)
@@ -82,7 +132,55 @@ exit 0
 %{_mandir}/man7/*.7.gz
 %{_mandir}/man8/*.8.gz
 
+%files selinux
+%defattr(-,root,root)
+%license LICENSE
+%{_datadir}/selinux/devel/include/contrib/tabrmd.if
+%{_datadir}/selinux/packages/tabrmd.pp.bz2
+
 %changelog
+* Mon Oct 10 2022 jinlun<jinlun@huawei.com> - 2.3.3-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix the problem that pointers access invalid addresses
+
+* Tue May 25 2021 Hugel<gengqihu1@huawei.com> - 2.3.3-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix the SELinux label missing issue
+
+* Mon Aug 31 2020 Hugel<gengqihu1@huawei.com> - 2.3.3-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: update to 2.3.3
+
+* Thu Aug 27 2020 Hugel<gengqihu1@huawei.com> - 2.3.2-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: update to 2.3.2
+
+* Fri Apr 24 2020 wanghongzhe<wanghongzhe@huawei.com> - 2.2.0-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: update to 2.2.0
+
+* Wed Mar 25 2020 wanghongzhe<wanghongzhe@huawei.com> - 2.0.1-4.h2
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: fix communication faild to tpm because updated glib2
+
+* Sat Mar 7 2020 wanghongzhe<wanghongzhe@huawei.com> - 2.0.1-4.h1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: remove rpath and runpath of exec files and libraries
+
 * Wed Jan 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.0.1-4
 - Add buildrequires of libgcrypt-devel