Message ID | CAFftDdqxdn=atdtzP3B+F7SX4CAtccttyZmCMDvdYSSycr3fJg@mail.gmail.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
I don't know. I didn't test this change on a Mac. -- Nick On Sun, Dec 11, 2016 at 1:39 PM, William Roberts <bill.c.roberts@gmail.com> wrote: > Do you know if "re" poses any Mac issues? I would assume not, but I've > never checked. > > On Dec 11, 2016 09:32, "Nick Kralevich" <nnk@google.com> wrote: > > Makes libselinux safer and less likely to leak file descriptors when > used as part of a multithreaded program. > > Signed-off-by: Nick Kralevich <nnk@google.com> > --- > libselinux/src/audit2why.c | 4 ++-- > libselinux/src/booleans.c | 14 +++++++------- > libselinux/src/canonicalize_context.c | 2 +- > libselinux/src/check_context.c | 2 +- > libselinux/src/compute_av.c | 2 +- > libselinux/src/compute_create.c | 2 +- > libselinux/src/compute_member.c | 2 +- > libselinux/src/compute_relabel.c | 2 +- > libselinux/src/compute_user.c | 2 +- > libselinux/src/deny_unknown.c | 2 +- > libselinux/src/disable.c | 2 +- > libselinux/src/enabled.c | 2 +- > libselinux/src/get_context_list.c | 6 +++--- > libselinux/src/get_default_type.c | 2 +- > libselinux/src/get_initial_context.c | 2 +- > libselinux/src/getenforce.c | 2 +- > libselinux/src/init.c | 4 ++-- > libselinux/src/is_customizable_type.c | 2 +- > libselinux/src/label.c | 2 +- > libselinux/src/label_backends_android.c | 2 +- > libselinux/src/label_file.c | 2 +- > libselinux/src/label_media.c | 2 +- > libselinux/src/label_x.c | 2 +- > libselinux/src/load_policy.c | 8 ++++---- > libselinux/src/matchmediacon.c | 2 +- > libselinux/src/policyvers.c | 2 +- > libselinux/src/procattr.c | 4 ++-- > libselinux/src/selinux_check_securetty_context.c | 2 +- > libselinux/src/selinux_config.c | 4 ++-- > libselinux/src/selinux_restorecon.c | 2 +- > libselinux/src/setenforce.c | 2 +- > libselinux/src/seusers.c | 4 ++-- > libselinux/src/stringrep.c | 2 +- > 33 files changed, 49 insertions(+), 49 deletions(-) > > diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c > index 3135eed..857383a 100644 > --- a/libselinux/src/audit2why.c > +++ b/libselinux/src/audit2why.c > @@ -201,7 +201,7 @@ static int __policy_init(const char *init_path) > path[PATH_MAX-1] = '\0'; > if (init_path) { > strncpy(path, init_path, PATH_MAX-1); > - fp = fopen(path, "r"); > + fp = fopen(path, "re"); > if (!fp) { > snprintf(errormsg, sizeof(errormsg), > "unable to open %s: %s\n", > @@ -218,7 +218,7 @@ static int __policy_init(const char *init_path) > PyErr_SetString( PyExc_ValueError, errormsg); > return 1; > } > - fp = fopen(curpolicy, "r"); > + fp = fopen(curpolicy, "re"); > if (!fp) { > snprintf(errormsg, sizeof(errormsg), > "unable to open %s: %s\n", > diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c > index ba9d934..4a38a78 100644 > --- a/libselinux/src/booleans.c > +++ b/libselinux/src/booleans.c > @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) > if (!name) > return NULL; > > - cfg = fopen(selinux_booleans_subs_path(), "r"); > + cfg = fopen(selinux_booleans_subs_path(), "re"); > if (!cfg) > goto out; > > @@ -210,7 +210,7 @@ static int get_bool_value(const char *name, char **buf) > > (*buf)[STRBUF_SIZE] = 0; > > - fd = bool_open(name, O_RDONLY); > + fd = bool_open(name, O_RDONLY | O_CLOEXEC); > if (fd < 0) > goto out_err; > > @@ -274,7 +274,7 @@ int security_set_boolean(const char *name, int value) > return -1; > } > > - fd = bool_open(name, O_WRONLY); > + fd = bool_open(name, O_WRONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -305,7 +305,7 @@ int security_commit_booleans(void) > } > > snprintf(path, sizeof path, "%s/commit_pending_bools", > selinux_mnt); > - fd = open(path, O_WRONLY); > + fd = open(path, O_WRONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, SELboolean * > boollist) > > snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", > bool_file); > - boolf = fopen(local_bool_file, "r"); > + boolf = fopen(local_bool_file, "re"); > if (boolf != NULL) { > ssize_t ret; > size_t size = 0; > @@ -518,7 +518,7 @@ int security_load_booleans(char *path) > int val; > char name[BUFSIZ]; > > - boolf = fopen(path ? path : selinux_booleans_path(), "r"); > + boolf = fopen(path ? path : selinux_booleans_path(), "re"); > if (boolf == NULL) > goto localbool; > > @@ -536,7 +536,7 @@ int security_load_booleans(char *path) > localbool: > snprintf(localbools, sizeof(localbools), "%s.local", > (path ? path : selinux_booleans_path())); > - boolf = fopen(localbools, "r"); > + boolf = fopen(localbools, "re"); > > if (boolf != NULL) { > int ret; > diff --git a/libselinux/src/canonicalize_context.c > b/libselinux/src/canonicalize_context.c > index 7cf3139..ba4c9a2 100644 > --- a/libselinux/src/canonicalize_context.c > +++ b/libselinux/src/canonicalize_context.c > @@ -23,7 +23,7 @@ int security_canonicalize_context_raw(const char * con, > } > > snprintf(path, sizeof path, "%s/context", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context > .c > index 52063fa..8a7997f 100644 > --- a/libselinux/src/check_context.c > +++ b/libselinux/src/check_context.c > @@ -20,7 +20,7 @@ int security_check_context_raw(const char * con) > } > > snprintf(path, sizeof path, "%s/context", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c > index 937e5c3..1d05e7b 100644 > --- a/libselinux/src/compute_av.c > +++ b/libselinux/src/compute_av.c > @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const char * scon, > } > > snprintf(path, sizeof path, "%s/access", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_create.c > b/libselinux/src/compute_create.c > index 9559d42..0975aea 100644 > --- a/libselinux/src/compute_create.c > +++ b/libselinux/src/compute_create.c > @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const char * scon, > } > > snprintf(path, sizeof path, "%s/create", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_member.c > b/libselinux/src/compute_member.c > index 1fc7e41..4e2d221 100644 > --- a/libselinux/src/compute_member.c > +++ b/libselinux/src/compute_member.c > @@ -26,7 +26,7 @@ int security_compute_member_raw(const char * scon, > } > > snprintf(path, sizeof path, "%s/member", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_relabel.c > b/libselinux/src/compute_relabel.c > index 4615aee..49f77ef 100644 > --- a/libselinux/src/compute_relabel.c > +++ b/libselinux/src/compute_relabel.c > @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const char * scon, > } > > snprintf(path, sizeof path, "%s/relabel", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c > index b37c5d3..7b88121 100644 > --- a/libselinux/src/compute_user.c > +++ b/libselinux/src/compute_user.c > @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * scon, > } > > snprintf(path, sizeof path, "%s/user", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/deny_unknown.c b/libselinux/src/deny_unknown.c > index c93998a..77d04e3 100644 > --- a/libselinux/src/deny_unknown.c > +++ b/libselinux/src/deny_unknown.c > @@ -21,7 +21,7 @@ int security_deny_unknown(void) > } > > snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c > index dac0f5b..8d66262 100644 > --- a/libselinux/src/disable.c > +++ b/libselinux/src/disable.c > @@ -21,7 +21,7 @@ int security_disable(void) > } > > snprintf(path, sizeof path, "%s/disable", selinux_mnt); > - fd = open(path, O_WRONLY); > + fd = open(path, O_WRONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c > index 2ec6797..dd628fb 100644 > --- a/libselinux/src/enabled.c > +++ b/libselinux/src/enabled.c > @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) > return enabled; > > snprintf(path, sizeof path, "%s/mls", selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return enabled; > > diff --git a/libselinux/src/get_context_list.c > b/libselinux/src/get_context_list.c > index f3fa4a9..689e465 100644 > --- a/libselinux/src/get_context_list.c > +++ b/libselinux/src/get_context_list.c > @@ -275,7 +275,7 @@ static int get_failsafe_context(const char *user, char > ** newcon) > size_t plen, nlen; > int rc; > > - fp = fopen(selinux_failsafe_context_path(), "r"); > + fp = fopen(selinux_failsafe_context_path(), "re"); > if (!fp) > return -1; > > @@ -437,7 +437,7 @@ int get_ordered_context_list(const char *user, > if (!fname) > goto failsafe; > snprintf(fname, fname_len, "%s%s", user_contexts_path, user); > - fp = fopen(fname, "r"); > + fp = fopen(fname, "re"); > if (fp) { > __fsetlocking(fp, FSETLOCKING_BYCALLER); > rc = get_context_order(fp, fromcon, reachable, nreach, > ordering, > @@ -451,7 +451,7 @@ int get_ordered_context_list(const char *user, > } > } > free(fname); > - fp = fopen(selinux_default_context_path(), "r"); > + fp = fopen(selinux_default_context_path(), "re"); > if (fp) { > __fsetlocking(fp, FSETLOCKING_BYCALLER); > rc = get_context_order(fp, fromcon, reachable, nreach, > ordering, > diff --git a/libselinux/src/get_default_type.c > b/libselinux/src/get_default_type.c > index 27f2ae5..dd7b5d7 100644 > --- a/libselinux/src/get_default_type.c > +++ b/libselinux/src/get_default_type.c > @@ -11,7 +11,7 @@ int get_default_type(const char *role, char **type) > { > FILE *fp = NULL; > > - fp = fopen(selinux_default_type_path(), "r"); > + fp = fopen(selinux_default_type_path(), "re"); > if (!fp) > return -1; > > diff --git a/libselinux/src/get_initial_context.c > b/libselinux/src/get_initial_context.c > index 522ed78..5e919f4 100644 > --- a/libselinux/src/get_initial_context.c > +++ b/libselinux/src/get_initial_context.c > @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const char * name, > char ** con) > > snprintf(path, sizeof path, "%s%s%s", > selinux_mnt, SELINUX_INITCON_DIR, name); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c > index 03d3abc..d909dce 100644 > --- a/libselinux/src/getenforce.c > +++ b/libselinux/src/getenforce.c > @@ -21,7 +21,7 @@ int security_getenforce(void) > } > > snprintf(path, sizeof path, "%s/enforce", selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/init.c b/libselinux/src/init.c > index ddf91f8..2690a72 100644 > --- a/libselinux/src/init.c > +++ b/libselinux/src/init.c > @@ -61,7 +61,7 @@ int selinuxfs_exists(void) > size_t len; > ssize_t num; > > - fp = fopen("/proc/filesystems", "r"); > + fp = fopen("/proc/filesystems", "re"); > if (!fp) > return 1; /* Fail as if it exists */ > __fsetlocking(fp, FSETLOCKING_BYCALLER); > @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) > > /* At this point, the usual spot doesn't have an selinuxfs so > * we look around for it */ > - fp = fopen("/proc/mounts", "r"); > + fp = fopen("/proc/mounts", "re"); > if (!fp) > goto out; > > diff --git a/libselinux/src/is_customizable_type.c > b/libselinux/src/is_customizable_type.c > index 0b33edc..92876f4 100644 > --- a/libselinux/src/is_customizable_type.c > +++ b/libselinux/src/is_customizable_type.c > @@ -16,7 +16,7 @@ static int get_customizable_type_list(char *** retlist) > unsigned int ctr = 0, i; > char **list = NULL; > > - fp = fopen(selinux_customizable_types_path(), "r"); > + fp = fopen(selinux_customizable_types_path(), "re"); > if (!fp) > return -1; > > diff --git a/libselinux/src/label.c b/libselinux/src/label.c > index 60639cf..5c9d8c1 100644 > --- a/libselinux/src/label.c > +++ b/libselinux/src/label.c > @@ -96,7 +96,7 @@ struct selabel_sub *selabel_subs_init(const char *path, > struct selabel_digest *digest) > { > char buf[1024]; > - FILE *cfg = fopen(path, "r"); > + FILE *cfg = fopen(path, "re"); > struct selabel_sub *sub = NULL; > struct stat sb; > > diff --git a/libselinux/src/label_backends_android.c > b/libselinux/src/label_backends_android.c > index 4d6ec86..4ad71f9 100644 > --- a/libselinux/src/label_backends_android.c > +++ b/libselinux/src/label_backends_android.c > @@ -159,7 +159,7 @@ static int init(struct selabel_handle *rec, const > struct selinux_opt *opts, > return -1; > > /* Open the specification file. */ > - if ((fp = fopen(path, "r")) == NULL) > + if ((fp = fopen(path, "re")) == NULL) > return -1; > > if (fstat(fileno(fp), &sb) < 0) > diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c > index a4dc3cd..0d4029b 100644 > --- a/libselinux/src/label_file.c > +++ b/libselinux/src/label_file.c > @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, const char > *suffix, > } > > memcpy(sb, &found->sb, sizeof(*sb)); > - return fopen(save_path, "r"); > + return fopen(save_path, "re"); > } > > static int process_file(const char *path, const char *suffix, > diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c > index 622741b..d202e5d 100644 > --- a/libselinux/src/label_media.c > +++ b/libselinux/src/label_media.c > @@ -90,7 +90,7 @@ static int init(struct selabel_handle *rec, const struct > selinux_opt *opts, > /* Open the specification file. */ > if (!path) > path = selinux_media_context_path(); > - if ((fp = fopen(path, "r")) == NULL) > + if ((fp = fopen(path, "re")) == NULL) > return -1; > __fsetlocking(fp, FSETLOCKING_BYCALLER); > > diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c > index 700def1..9674529 100644 > --- a/libselinux/src/label_x.c > +++ b/libselinux/src/label_x.c > @@ -117,7 +117,7 @@ static int init(struct selabel_handle *rec, const > struct selinux_opt *opts, > /* Open the specification file. */ > if (!path) > path = selinux_x_context_path(); > - if ((fp = fopen(path, "r")) == NULL) > + if ((fp = fopen(path, "re")) == NULL) > return -1; > __fsetlocking(fp, FSETLOCKING_BYCALLER); > > diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c > index b7e1a6f..327cc6a 100644 > --- a/libselinux/src/load_policy.c > +++ b/libselinux/src/load_policy.c > @@ -34,7 +34,7 @@ int security_load_policy(void *data, size_t len) > } > > snprintf(path, sizeof path, "%s/load", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -173,13 +173,13 @@ checkbool: > search: > snprintf(path, sizeof(path), "%s.%d", > selinux_binary_policy_path(), vers); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > while (fd < 0 && errno == ENOENT > && --vers >= minvers) { > /* Check prior versions to see if old policy is available > */ > snprintf(path, sizeof(path), "%s.%d", > selinux_binary_policy_path(), vers); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > } > if (fd < 0) { > fprintf(stderr, > @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) > > /* Check for an override of the mode via the kernel command line. > */ > rc = mount("proc", "/proc", "proc", 0, 0); > - cfg = fopen("/proc/cmdline", "r"); > + cfg = fopen("/proc/cmdline", "re"); > if (cfg) { > char *tmp; > buf = malloc(selinux_page_size); > diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon > .c > index 46cba46..23d01af 100644 > --- a/libselinux/src/matchmediacon.c > +++ b/libselinux/src/matchmediacon.c > @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char ** con) > char *ptr, *ptr2 = NULL; > int found = 0; > char current_line[PATH_MAX]; > - if ((infile = fopen(path, "r")) == NULL) > + if ((infile = fopen(path, "re")) == NULL) > return -1; > while (!feof_unlocked(infile)) { > if (!fgets_unlocked(current_line, sizeof(current_line), > infile)) { > diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c > index 284a7f7..c97dd9d 100644 > --- a/libselinux/src/policyvers.c > +++ b/libselinux/src/policyvers.c > @@ -23,7 +23,7 @@ int security_policyvers(void) > } > > snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) { > if (errno == ENOENT) > return vers; > diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c > index 8cd59af..ebc0ade 100644 > --- a/libselinux/src/procattr.c > +++ b/libselinux/src/procattr.c > @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** context, > return 0; > } > > - fd = openattr(pid, attr, O_RDONLY); > + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char * context, > && !strcmp(context, *prev_context)) > return 0; > > - fd = openattr(pid, attr, O_RDWR); > + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > if (context) { > diff --git a/libselinux/src/selinux_check_securetty_context.c > b/libselinux/src/selinux_check_securetty_context.c > index 24e5e2c..55d4e03 100644 > --- a/libselinux/src/selinux_check_securetty_context.c > +++ b/libselinux/src/selinux_check_securetty_context.c > @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const char * > tty_context) > ssize_t len; > int found = -1; > FILE *fp; > - fp = fopen(selinux_securetty_types_path(), "r"); > + fp = fopen(selinux_securetty_types_path(), "re"); > if (fp) { > context_t con = context_new(tty_context); > if (con) { > diff --git a/libselinux/src/selinux_config.c > b/libselinux/src/selinux_config.c > index 88bcc85..d8e140c 100644 > --- a/libselinux/src/selinux_config.c > +++ b/libselinux/src/selinux_config.c > @@ -88,7 +88,7 @@ static const uint16_t file_path_suffixes_idx[NEL] = { > int selinux_getenforcemode(int *enforce) > { > int ret = -1; > - FILE *cfg = fopen(SELINUXCONFIG, "r"); > + FILE *cfg = fopen(SELINUXCONFIG, "re"); > if (cfg) { > char *buf; > int len = sizeof(SELINUXTAG) - 1; > @@ -163,7 +163,7 @@ static void init_selinux_config(void) > if (selinux_policyroot) > return; > > - fp = fopen(SELINUXCONFIG, "r"); > + fp = fopen(SELINUXCONFIG, "re"); > if (fp) { > __fsetlocking(fp, FSETLOCKING_BYCALLER); > while ((len = getline(&line_buf, &line_len, fp)) > 0) { > diff --git a/libselinux/src/selinux_restorecon.c > b/libselinux/src/selinux_restorecon.c > index e38d1d0..7ebfbdc 100644 > --- a/libselinux/src/selinux_restorecon.c > +++ b/libselinux/src/selinux_restorecon.c > @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) > if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) > return 0; > > - fp = fopen("/proc/mounts", "r"); > + fp = fopen("/proc/mounts", "re"); > if (!fp) > return 0; > > diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c > index e5e7612..09cad3c 100644 > --- a/libselinux/src/setenforce.c > +++ b/libselinux/src/setenforce.c > @@ -21,7 +21,7 @@ int security_setenforce(int value) > } > > snprintf(path, sizeof path, "%s/enforce", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c > index 09e704b..572a7b0 100644 > --- a/libselinux/src/seusers.c > +++ b/libselinux/src/seusers.c > @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, char **r_seuser, > char **r_level) > > gid_t gid = get_default_gid(name); > > - cfg = fopen(selinux_usersconf_path(), "r"); > + cfg = fopen(selinux_usersconf_path(), "re"); > if (!cfg) > goto nomatch; > > @@ -278,7 +278,7 @@ int getseuser(const char *username, const char > *service, > FILE *fp = NULL; > if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), > username) < 0) > goto err; > - fp = fopen(path, "r"); > + fp = fopen(path, "re"); > free(path); > if (fp == NULL) goto err; > __fsetlocking(fp, FSETLOCKING_BYCALLER); > diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c > index 2dbec2b..2d83f96 100644 > --- a/libselinux/src/stringrep.c > +++ b/libselinux/src/stringrep.c > @@ -80,7 +80,7 @@ static struct discover_class_node * discover_class(const > char *s) > > /* load up class index */ > snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > goto err3; > > -- > 2.8.0.rc3.226.g39d4020 > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov. > > >
I'll test it tomorrow on Mac OS for you if you want? On Dec 11, 2016 3:22 PM, "Nick Kralevich" <nnk@google.com> wrote: > I don't know. I didn't test this change on a Mac. > > -- Nick > > On Sun, Dec 11, 2016 at 1:39 PM, William Roberts <bill.c.roberts@gmail.com > > wrote: > >> Do you know if "re" poses any Mac issues? I would assume not, but I've >> never checked. >> >> On Dec 11, 2016 09:32, "Nick Kralevich" <nnk@google.com> wrote: >> >> Makes libselinux safer and less likely to leak file descriptors when >> used as part of a multithreaded program. >> >> Signed-off-by: Nick Kralevich <nnk@google.com> >> --- >> libselinux/src/audit2why.c | 4 ++-- >> libselinux/src/booleans.c | 14 +++++++------- >> libselinux/src/canonicalize_context.c | 2 +- >> libselinux/src/check_context.c | 2 +- >> libselinux/src/compute_av.c | 2 +- >> libselinux/src/compute_create.c | 2 +- >> libselinux/src/compute_member.c | 2 +- >> libselinux/src/compute_relabel.c | 2 +- >> libselinux/src/compute_user.c | 2 +- >> libselinux/src/deny_unknown.c | 2 +- >> libselinux/src/disable.c | 2 +- >> libselinux/src/enabled.c | 2 +- >> libselinux/src/get_context_list.c | 6 +++--- >> libselinux/src/get_default_type.c | 2 +- >> libselinux/src/get_initial_context.c | 2 +- >> libselinux/src/getenforce.c | 2 +- >> libselinux/src/init.c | 4 ++-- >> libselinux/src/is_customizable_type.c | 2 +- >> libselinux/src/label.c | 2 +- >> libselinux/src/label_backends_android.c | 2 +- >> libselinux/src/label_file.c | 2 +- >> libselinux/src/label_media.c | 2 +- >> libselinux/src/label_x.c | 2 +- >> libselinux/src/load_policy.c | 8 ++++---- >> libselinux/src/matchmediacon.c | 2 +- >> libselinux/src/policyvers.c | 2 +- >> libselinux/src/procattr.c | 4 ++-- >> libselinux/src/selinux_check_securetty_context.c | 2 +- >> libselinux/src/selinux_config.c | 4 ++-- >> libselinux/src/selinux_restorecon.c | 2 +- >> libselinux/src/setenforce.c | 2 +- >> libselinux/src/seusers.c | 4 ++-- >> libselinux/src/stringrep.c | 2 +- >> 33 files changed, 49 insertions(+), 49 deletions(-) >> >> diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c >> index 3135eed..857383a 100644 >> --- a/libselinux/src/audit2why.c >> +++ b/libselinux/src/audit2why.c >> @@ -201,7 +201,7 @@ static int __policy_init(const char *init_path) >> path[PATH_MAX-1] = '\0'; >> if (init_path) { >> strncpy(path, init_path, PATH_MAX-1); >> - fp = fopen(path, "r"); >> + fp = fopen(path, "re"); >> if (!fp) { >> snprintf(errormsg, sizeof(errormsg), >> "unable to open %s: %s\n", >> @@ -218,7 +218,7 @@ static int __policy_init(const char *init_path) >> PyErr_SetString( PyExc_ValueError, errormsg); >> return 1; >> } >> - fp = fopen(curpolicy, "r"); >> + fp = fopen(curpolicy, "re"); >> if (!fp) { >> snprintf(errormsg, sizeof(errormsg), >> "unable to open %s: %s\n", >> diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c >> index ba9d934..4a38a78 100644 >> --- a/libselinux/src/booleans.c >> +++ b/libselinux/src/booleans.c >> @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) >> if (!name) >> return NULL; >> >> - cfg = fopen(selinux_booleans_subs_path(), "r"); >> + cfg = fopen(selinux_booleans_subs_path(), "re"); >> if (!cfg) >> goto out; >> >> @@ -210,7 +210,7 @@ static int get_bool_value(const char *name, char >> **buf) >> >> (*buf)[STRBUF_SIZE] = 0; >> >> - fd = bool_open(name, O_RDONLY); >> + fd = bool_open(name, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> goto out_err; >> >> @@ -274,7 +274,7 @@ int security_set_boolean(const char *name, int value) >> return -1; >> } >> >> - fd = bool_open(name, O_WRONLY); >> + fd = bool_open(name, O_WRONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -305,7 +305,7 @@ int security_commit_booleans(void) >> } >> >> snprintf(path, sizeof path, "%s/commit_pending_bools", >> selinux_mnt); >> - fd = open(path, O_WRONLY); >> + fd = open(path, O_WRONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, SELboolean * >> boollist) >> >> snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", >> bool_file); >> - boolf = fopen(local_bool_file, "r"); >> + boolf = fopen(local_bool_file, "re"); >> if (boolf != NULL) { >> ssize_t ret; >> size_t size = 0; >> @@ -518,7 +518,7 @@ int security_load_booleans(char *path) >> int val; >> char name[BUFSIZ]; >> >> - boolf = fopen(path ? path : selinux_booleans_path(), "r"); >> + boolf = fopen(path ? path : selinux_booleans_path(), "re"); >> if (boolf == NULL) >> goto localbool; >> >> @@ -536,7 +536,7 @@ int security_load_booleans(char *path) >> localbool: >> snprintf(localbools, sizeof(localbools), "%s.local", >> (path ? path : selinux_booleans_path())); >> - boolf = fopen(localbools, "r"); >> + boolf = fopen(localbools, "re"); >> >> if (boolf != NULL) { >> int ret; >> diff --git a/libselinux/src/canonicalize_context.c >> b/libselinux/src/canonicalize_context.c >> index 7cf3139..ba4c9a2 100644 >> --- a/libselinux/src/canonicalize_context.c >> +++ b/libselinux/src/canonicalize_context.c >> @@ -23,7 +23,7 @@ int security_canonicalize_context_raw(const char * con, >> } >> >> snprintf(path, sizeof path, "%s/context", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/check_context.c >> b/libselinux/src/check_context.c >> index 52063fa..8a7997f 100644 >> --- a/libselinux/src/check_context.c >> +++ b/libselinux/src/check_context.c >> @@ -20,7 +20,7 @@ int security_check_context_raw(const char * con) >> } >> >> snprintf(path, sizeof path, "%s/context", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c >> index 937e5c3..1d05e7b 100644 >> --- a/libselinux/src/compute_av.c >> +++ b/libselinux/src/compute_av.c >> @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const char * scon, >> } >> >> snprintf(path, sizeof path, "%s/access", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_create.c >> b/libselinux/src/compute_create.c >> index 9559d42..0975aea 100644 >> --- a/libselinux/src/compute_create.c >> +++ b/libselinux/src/compute_create.c >> @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const char * scon, >> } >> >> snprintf(path, sizeof path, "%s/create", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_member.c >> b/libselinux/src/compute_member.c >> index 1fc7e41..4e2d221 100644 >> --- a/libselinux/src/compute_member.c >> +++ b/libselinux/src/compute_member.c >> @@ -26,7 +26,7 @@ int security_compute_member_raw(const char * scon, >> } >> >> snprintf(path, sizeof path, "%s/member", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_relabel.c >> b/libselinux/src/compute_relabel.c >> index 4615aee..49f77ef 100644 >> --- a/libselinux/src/compute_relabel.c >> +++ b/libselinux/src/compute_relabel.c >> @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const char * scon, >> } >> >> snprintf(path, sizeof path, "%s/relabel", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user. >> c >> index b37c5d3..7b88121 100644 >> --- a/libselinux/src/compute_user.c >> +++ b/libselinux/src/compute_user.c >> @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * scon, >> } >> >> snprintf(path, sizeof path, "%s/user", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/deny_unknown.c b/libselinux/src/deny_unknown. >> c >> index c93998a..77d04e3 100644 >> --- a/libselinux/src/deny_unknown.c >> +++ b/libselinux/src/deny_unknown.c >> @@ -21,7 +21,7 @@ int security_deny_unknown(void) >> } >> >> snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c >> index dac0f5b..8d66262 100644 >> --- a/libselinux/src/disable.c >> +++ b/libselinux/src/disable.c >> @@ -21,7 +21,7 @@ int security_disable(void) >> } >> >> snprintf(path, sizeof path, "%s/disable", selinux_mnt); >> - fd = open(path, O_WRONLY); >> + fd = open(path, O_WRONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c >> index 2ec6797..dd628fb 100644 >> --- a/libselinux/src/enabled.c >> +++ b/libselinux/src/enabled.c >> @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) >> return enabled; >> >> snprintf(path, sizeof path, "%s/mls", selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return enabled; >> >> diff --git a/libselinux/src/get_context_list.c >> b/libselinux/src/get_context_list.c >> index f3fa4a9..689e465 100644 >> --- a/libselinux/src/get_context_list.c >> +++ b/libselinux/src/get_context_list.c >> @@ -275,7 +275,7 @@ static int get_failsafe_context(const char *user, >> char ** newcon) >> size_t plen, nlen; >> int rc; >> >> - fp = fopen(selinux_failsafe_context_path(), "r"); >> + fp = fopen(selinux_failsafe_context_path(), "re"); >> if (!fp) >> return -1; >> >> @@ -437,7 +437,7 @@ int get_ordered_context_list(const char *user, >> if (!fname) >> goto failsafe; >> snprintf(fname, fname_len, "%s%s", user_contexts_path, user); >> - fp = fopen(fname, "r"); >> + fp = fopen(fname, "re"); >> if (fp) { >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> rc = get_context_order(fp, fromcon, reachable, nreach, >> ordering, >> @@ -451,7 +451,7 @@ int get_ordered_context_list(const char *user, >> } >> } >> free(fname); >> - fp = fopen(selinux_default_context_path(), "r"); >> + fp = fopen(selinux_default_context_path(), "re"); >> if (fp) { >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> rc = get_context_order(fp, fromcon, reachable, nreach, >> ordering, >> diff --git a/libselinux/src/get_default_type.c >> b/libselinux/src/get_default_type.c >> index 27f2ae5..dd7b5d7 100644 >> --- a/libselinux/src/get_default_type.c >> +++ b/libselinux/src/get_default_type.c >> @@ -11,7 +11,7 @@ int get_default_type(const char *role, char **type) >> { >> FILE *fp = NULL; >> >> - fp = fopen(selinux_default_type_path(), "r"); >> + fp = fopen(selinux_default_type_path(), "re"); >> if (!fp) >> return -1; >> >> diff --git a/libselinux/src/get_initial_context.c >> b/libselinux/src/get_initial_context.c >> index 522ed78..5e919f4 100644 >> --- a/libselinux/src/get_initial_context.c >> +++ b/libselinux/src/get_initial_context.c >> @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const char * >> name, char ** con) >> >> snprintf(path, sizeof path, "%s%s%s", >> selinux_mnt, SELINUX_INITCON_DIR, name); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c >> index 03d3abc..d909dce 100644 >> --- a/libselinux/src/getenforce.c >> +++ b/libselinux/src/getenforce.c >> @@ -21,7 +21,7 @@ int security_getenforce(void) >> } >> >> snprintf(path, sizeof path, "%s/enforce", selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/init.c b/libselinux/src/init.c >> index ddf91f8..2690a72 100644 >> --- a/libselinux/src/init.c >> +++ b/libselinux/src/init.c >> @@ -61,7 +61,7 @@ int selinuxfs_exists(void) >> size_t len; >> ssize_t num; >> >> - fp = fopen("/proc/filesystems", "r"); >> + fp = fopen("/proc/filesystems", "re"); >> if (!fp) >> return 1; /* Fail as if it exists */ >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) >> >> /* At this point, the usual spot doesn't have an selinuxfs so >> * we look around for it */ >> - fp = fopen("/proc/mounts", "r"); >> + fp = fopen("/proc/mounts", "re"); >> if (!fp) >> goto out; >> >> diff --git a/libselinux/src/is_customizable_type.c >> b/libselinux/src/is_customizable_type.c >> index 0b33edc..92876f4 100644 >> --- a/libselinux/src/is_customizable_type.c >> +++ b/libselinux/src/is_customizable_type.c >> @@ -16,7 +16,7 @@ static int get_customizable_type_list(char *** retlist) >> unsigned int ctr = 0, i; >> char **list = NULL; >> >> - fp = fopen(selinux_customizable_types_path(), "r"); >> + fp = fopen(selinux_customizable_types_path(), "re"); >> if (!fp) >> return -1; >> >> diff --git a/libselinux/src/label.c b/libselinux/src/label.c >> index 60639cf..5c9d8c1 100644 >> --- a/libselinux/src/label.c >> +++ b/libselinux/src/label.c >> @@ -96,7 +96,7 @@ struct selabel_sub *selabel_subs_init(const char *path, >> struct selabel_digest *digest) >> { >> char buf[1024]; >> - FILE *cfg = fopen(path, "r"); >> + FILE *cfg = fopen(path, "re"); >> struct selabel_sub *sub = NULL; >> struct stat sb; >> >> diff --git a/libselinux/src/label_backends_android.c >> b/libselinux/src/label_backends_android.c >> index 4d6ec86..4ad71f9 100644 >> --- a/libselinux/src/label_backends_android.c >> +++ b/libselinux/src/label_backends_android.c >> @@ -159,7 +159,7 @@ static int init(struct selabel_handle *rec, const >> struct selinux_opt *opts, >> return -1; >> >> /* Open the specification file. */ >> - if ((fp = fopen(path, "r")) == NULL) >> + if ((fp = fopen(path, "re")) == NULL) >> return -1; >> >> if (fstat(fileno(fp), &sb) < 0) >> diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c >> index a4dc3cd..0d4029b 100644 >> --- a/libselinux/src/label_file.c >> +++ b/libselinux/src/label_file.c >> @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, const char >> *suffix, >> } >> >> memcpy(sb, &found->sb, sizeof(*sb)); >> - return fopen(save_path, "r"); >> + return fopen(save_path, "re"); >> } >> >> static int process_file(const char *path, const char *suffix, >> diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c >> index 622741b..d202e5d 100644 >> --- a/libselinux/src/label_media.c >> +++ b/libselinux/src/label_media.c >> @@ -90,7 +90,7 @@ static int init(struct selabel_handle *rec, const >> struct selinux_opt *opts, >> /* Open the specification file. */ >> if (!path) >> path = selinux_media_context_path(); >> - if ((fp = fopen(path, "r")) == NULL) >> + if ((fp = fopen(path, "re")) == NULL) >> return -1; >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> >> diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c >> index 700def1..9674529 100644 >> --- a/libselinux/src/label_x.c >> +++ b/libselinux/src/label_x.c >> @@ -117,7 +117,7 @@ static int init(struct selabel_handle *rec, const >> struct selinux_opt *opts, >> /* Open the specification file. */ >> if (!path) >> path = selinux_x_context_path(); >> - if ((fp = fopen(path, "r")) == NULL) >> + if ((fp = fopen(path, "re")) == NULL) >> return -1; >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> >> diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c >> index b7e1a6f..327cc6a 100644 >> --- a/libselinux/src/load_policy.c >> +++ b/libselinux/src/load_policy.c >> @@ -34,7 +34,7 @@ int security_load_policy(void *data, size_t len) >> } >> >> snprintf(path, sizeof path, "%s/load", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -173,13 +173,13 @@ checkbool: >> search: >> snprintf(path, sizeof(path), "%s.%d", >> selinux_binary_policy_path(), vers); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> while (fd < 0 && errno == ENOENT >> && --vers >= minvers) { >> /* Check prior versions to see if old policy is available >> */ >> snprintf(path, sizeof(path), "%s.%d", >> selinux_binary_policy_path(), vers); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> } >> if (fd < 0) { >> fprintf(stderr, >> @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) >> >> /* Check for an override of the mode via the kernel command line. >> */ >> rc = mount("proc", "/proc", "proc", 0, 0); >> - cfg = fopen("/proc/cmdline", "r"); >> + cfg = fopen("/proc/cmdline", "re"); >> if (cfg) { >> char *tmp; >> buf = malloc(selinux_page_size); >> diff --git a/libselinux/src/matchmediacon.c >> b/libselinux/src/matchmediacon.c >> index 46cba46..23d01af 100644 >> --- a/libselinux/src/matchmediacon.c >> +++ b/libselinux/src/matchmediacon.c >> @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char ** con) >> char *ptr, *ptr2 = NULL; >> int found = 0; >> char current_line[PATH_MAX]; >> - if ((infile = fopen(path, "r")) == NULL) >> + if ((infile = fopen(path, "re")) == NULL) >> return -1; >> while (!feof_unlocked(infile)) { >> if (!fgets_unlocked(current_line, sizeof(current_line), >> infile)) { >> diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c >> index 284a7f7..c97dd9d 100644 >> --- a/libselinux/src/policyvers.c >> +++ b/libselinux/src/policyvers.c >> @@ -23,7 +23,7 @@ int security_policyvers(void) >> } >> >> snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) { >> if (errno == ENOENT) >> return vers; >> diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c >> index 8cd59af..ebc0ade 100644 >> --- a/libselinux/src/procattr.c >> +++ b/libselinux/src/procattr.c >> @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** context, >> return 0; >> } >> >> - fd = openattr(pid, attr, O_RDONLY); >> + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char * context, >> && !strcmp(context, *prev_context)) >> return 0; >> >> - fd = openattr(pid, attr, O_RDWR); >> + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> if (context) { >> diff --git a/libselinux/src/selinux_check_securetty_context.c >> b/libselinux/src/selinux_check_securetty_context.c >> index 24e5e2c..55d4e03 100644 >> --- a/libselinux/src/selinux_check_securetty_context.c >> +++ b/libselinux/src/selinux_check_securetty_context.c >> @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const char * >> tty_context) >> ssize_t len; >> int found = -1; >> FILE *fp; >> - fp = fopen(selinux_securetty_types_path(), "r"); >> + fp = fopen(selinux_securetty_types_path(), "re"); >> if (fp) { >> context_t con = context_new(tty_context); >> if (con) { >> diff --git a/libselinux/src/selinux_config.c >> b/libselinux/src/selinux_config.c >> index 88bcc85..d8e140c 100644 >> --- a/libselinux/src/selinux_config.c >> +++ b/libselinux/src/selinux_config.c >> @@ -88,7 +88,7 @@ static const uint16_t file_path_suffixes_idx[NEL] = { >> int selinux_getenforcemode(int *enforce) >> { >> int ret = -1; >> - FILE *cfg = fopen(SELINUXCONFIG, "r"); >> + FILE *cfg = fopen(SELINUXCONFIG, "re"); >> if (cfg) { >> char *buf; >> int len = sizeof(SELINUXTAG) - 1; >> @@ -163,7 +163,7 @@ static void init_selinux_config(void) >> if (selinux_policyroot) >> return; >> >> - fp = fopen(SELINUXCONFIG, "r"); >> + fp = fopen(SELINUXCONFIG, "re"); >> if (fp) { >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> while ((len = getline(&line_buf, &line_len, fp)) > 0) { >> diff --git a/libselinux/src/selinux_restorecon.c >> b/libselinux/src/selinux_restorecon.c >> index e38d1d0..7ebfbdc 100644 >> --- a/libselinux/src/selinux_restorecon.c >> +++ b/libselinux/src/selinux_restorecon.c >> @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) >> if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) >> return 0; >> >> - fp = fopen("/proc/mounts", "r"); >> + fp = fopen("/proc/mounts", "re"); >> if (!fp) >> return 0; >> >> diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c >> index e5e7612..09cad3c 100644 >> --- a/libselinux/src/setenforce.c >> +++ b/libselinux/src/setenforce.c >> @@ -21,7 +21,7 @@ int security_setenforce(int value) >> } >> >> snprintf(path, sizeof path, "%s/enforce", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c >> index 09e704b..572a7b0 100644 >> --- a/libselinux/src/seusers.c >> +++ b/libselinux/src/seusers.c >> @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, char >> **r_seuser, char **r_level) >> >> gid_t gid = get_default_gid(name); >> >> - cfg = fopen(selinux_usersconf_path(), "r"); >> + cfg = fopen(selinux_usersconf_path(), "re"); >> if (!cfg) >> goto nomatch; >> >> @@ -278,7 +278,7 @@ int getseuser(const char *username, const char >> *service, >> FILE *fp = NULL; >> if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), >> username) < 0) >> goto err; >> - fp = fopen(path, "r"); >> + fp = fopen(path, "re"); >> free(path); >> if (fp == NULL) goto err; >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c >> index 2dbec2b..2d83f96 100644 >> --- a/libselinux/src/stringrep.c >> +++ b/libselinux/src/stringrep.c >> @@ -80,7 +80,7 @@ static struct discover_class_node * >> discover_class(const char *s) >> >> /* load up class index */ >> snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> goto err3; >> >> -- >> 2.8.0.rc3.226.g39d4020 >> >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to >> Selinux-request@tycho.nsa.gov. >> >> >> > > > -- > Nick Kralevich | Android Security | nnk@google.com | 650.214.4037 > <(650)%20214-4037> >
On 12/11/2016 07:25 PM, William Roberts wrote: > I'll test it tomorrow on Mac OS for you if you want? It would be good if someone were to test it on MacOS, particularly whichever version of MacOS is supported for building Android (not sure which one(s) that is). The other consideration is that it isn't always available in older libc or other libc implementations, which can be a problem for embedded. meta-selinux carries patches to make the existing usage of FD_CLOEXEC, SOCK_CLOEXEC, and O_CLOEXEC optional if not defined, so they would presumably have to do the same for all of these calls. Maybe we could wrap this in a macro that gets defined once and drops the "e" or the O_CLOEXEC if not supported by the platform? > > On Dec 11, 2016 3:22 PM, "Nick Kralevich" <nnk@google.com > <mailto:nnk@google.com>> wrote: > > I don't know. I didn't test this change on a Mac. > > -- Nick > > On Sun, Dec 11, 2016 at 1:39 PM, William Roberts > <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote: > > Do you know if "re" poses any Mac issues? I would assume not, > but I've never checked. > > On Dec 11, 2016 09:32, "Nick Kralevich" <nnk@google.com > <mailto:nnk@google.com>> wrote: > > Makes libselinux safer and less likely to leak file > descriptors when > used as part of a multithreaded program. > > Signed-off-by: Nick Kralevich <nnk@google.com > <mailto:nnk@google.com>> > --- > libselinux/src/audit2why.c | 4 ++-- > libselinux/src/booleans.c | 14 > +++++++------- > libselinux/src/canonicalize_context.c | 2 +- > libselinux/src/check_context.c | 2 +- > libselinux/src/compute_av.c | 2 +- > libselinux/src/compute_create.c | 2 +- > libselinux/src/compute_member.c | 2 +- > libselinux/src/compute_relabel.c | 2 +- > libselinux/src/compute_user.c | 2 +- > libselinux/src/deny_unknown.c | 2 +- > libselinux/src/disable.c | 2 +- > libselinux/src/enabled.c | 2 +- > libselinux/src/get_context_list.c | 6 +++--- > libselinux/src/get_default_type.c | 2 +- > libselinux/src/get_initial_context.c | 2 +- > libselinux/src/getenforce.c | 2 +- > libselinux/src/init.c | 4 ++-- > libselinux/src/is_customizable_type.c | 2 +- > libselinux/src/label.c | 2 +- > libselinux/src/label_backends_android.c | 2 +- > libselinux/src/label_file.c | 2 +- > libselinux/src/label_media.c | 2 +- > libselinux/src/label_x.c | 2 +- > libselinux/src/load_policy.c | 8 ++++---- > libselinux/src/matchmediacon.c | 2 +- > libselinux/src/policyvers.c | 2 +- > libselinux/src/procattr.c | 4 ++-- > libselinux/src/selinux_check_securetty_context.c | 2 +- > libselinux/src/selinux_config.c | 4 ++-- > libselinux/src/selinux_restorecon.c | 2 +- > libselinux/src/setenforce.c | 2 +- > libselinux/src/seusers.c | 4 ++-- > libselinux/src/stringrep.c | 2 +- > 33 files changed, 49 insertions(+), 49 deletions(-) > > diff --git a/libselinux/src/audit2why.c > b/libselinux/src/audit2why.c > index 3135eed..857383a 100644 > --- a/libselinux/src/audit2why.c > +++ b/libselinux/src/audit2why.c > @@ -201,7 +201,7 @@ static int __policy_init(const char > *init_path) > path[PATH_MAX-1] = '\0'; > if (init_path) { > strncpy(path, init_path, PATH_MAX-1); > - fp = fopen(path, "r"); > + fp = fopen(path, "re"); > if (!fp) { > snprintf(errormsg, sizeof(errormsg), > "unable to open %s: %s\n", > @@ -218,7 +218,7 @@ static int __policy_init(const char > *init_path) > PyErr_SetString( PyExc_ValueError, > errormsg); > return 1; > } > - fp = fopen(curpolicy, "r"); > + fp = fopen(curpolicy, "re"); > if (!fp) { > snprintf(errormsg, sizeof(errormsg), > "unable to open %s: %s\n", > diff --git a/libselinux/src/booleans.c > b/libselinux/src/booleans.c > index ba9d934..4a38a78 100644 > --- a/libselinux/src/booleans.c > +++ b/libselinux/src/booleans.c > @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) > if (!name) > return NULL; > > - cfg = fopen(selinux_booleans_subs_path(), "r"); > + cfg = fopen(selinux_booleans_subs_path(), "re"); > if (!cfg) > goto out; > > @@ -210,7 +210,7 @@ static int get_bool_value(const char > *name, char **buf) > > (*buf)[STRBUF_SIZE] = 0; > > - fd = bool_open(name, O_RDONLY); > + fd = bool_open(name, O_RDONLY | O_CLOEXEC); > if (fd < 0) > goto out_err; > > @@ -274,7 +274,7 @@ int security_set_boolean(const char > *name, int value) > return -1; > } > > - fd = bool_open(name, O_WRONLY); > + fd = bool_open(name, O_WRONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -305,7 +305,7 @@ int security_commit_booleans(void) > } > > snprintf(path, sizeof path, > "%s/commit_pending_bools", selinux_mnt); > - fd = open(path, O_WRONLY); > + fd = open(path, O_WRONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, > SELboolean * boollist) > > snprintf(local_bool_file, sizeof(local_bool_file), > "%s.local", > bool_file); > - boolf = fopen(local_bool_file, "r"); > + boolf = fopen(local_bool_file, "re"); > if (boolf != NULL) { > ssize_t ret; > size_t size = 0; > @@ -518,7 +518,7 @@ int security_load_booleans(char *path) > int val; > char name[BUFSIZ]; > > - boolf = fopen(path ? path : selinux_booleans_path(), > "r"); > + boolf = fopen(path ? path : selinux_booleans_path(), > "re"); > if (boolf == NULL) > goto localbool; > > @@ -536,7 +536,7 @@ int security_load_booleans(char *path) > localbool: > snprintf(localbools, sizeof(localbools), "%s.local", > (path ? path : selinux_booleans_path())); > - boolf = fopen(localbools, "r"); > + boolf = fopen(localbools, "re"); > > if (boolf != NULL) { > int ret; > diff --git a/libselinux/src/canonicalize_context.c > b/libselinux/src/canonicalize_context.c > index 7cf3139..ba4c9a2 100644 > --- a/libselinux/src/canonicalize_context.c > +++ b/libselinux/src/canonicalize_context.c > @@ -23,7 +23,7 @@ int > security_canonicalize_context_raw(const char * con, > } > > snprintf(path, sizeof path, "%s/context", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/check_context.c > b/libselinux/src/check_context.c > index 52063fa..8a7997f 100644 > --- a/libselinux/src/check_context.c > +++ b/libselinux/src/check_context.c > @@ -20,7 +20,7 @@ int security_check_context_raw(const char > * con) > } > > snprintf(path, sizeof path, "%s/context", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_av.c > b/libselinux/src/compute_av.c > index 937e5c3..1d05e7b 100644 > --- a/libselinux/src/compute_av.c > +++ b/libselinux/src/compute_av.c > @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const > char * scon, > } > > snprintf(path, sizeof path, "%s/access", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_create.c > b/libselinux/src/compute_create.c > index 9559d42..0975aea 100644 > --- a/libselinux/src/compute_create.c > +++ b/libselinux/src/compute_create.c > @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const > char * scon, > } > > snprintf(path, sizeof path, "%s/create", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_member.c > b/libselinux/src/compute_member.c > index 1fc7e41..4e2d221 100644 > --- a/libselinux/src/compute_member.c > +++ b/libselinux/src/compute_member.c > @@ -26,7 +26,7 @@ int security_compute_member_raw(const char > * scon, > } > > snprintf(path, sizeof path, "%s/member", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_relabel.c > b/libselinux/src/compute_relabel.c > index 4615aee..49f77ef 100644 > --- a/libselinux/src/compute_relabel.c > +++ b/libselinux/src/compute_relabel.c > @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const > char * scon, > } > > snprintf(path, sizeof path, "%s/relabel", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/compute_user.c > b/libselinux/src/compute_user.c > index b37c5d3..7b88121 100644 > --- a/libselinux/src/compute_user.c > +++ b/libselinux/src/compute_user.c > @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * > scon, > } > > snprintf(path, sizeof path, "%s/user", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/deny_unknown.c > b/libselinux/src/deny_unknown.c > index c93998a..77d04e3 100644 > --- a/libselinux/src/deny_unknown.c > +++ b/libselinux/src/deny_unknown.c > @@ -21,7 +21,7 @@ int security_deny_unknown(void) > } > > snprintf(path, sizeof(path), "%s/deny_unknown", > selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c > index dac0f5b..8d66262 100644 > --- a/libselinux/src/disable.c > +++ b/libselinux/src/disable.c > @@ -21,7 +21,7 @@ int security_disable(void) > } > > snprintf(path, sizeof path, "%s/disable", selinux_mnt); > - fd = open(path, O_WRONLY); > + fd = open(path, O_WRONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c > index 2ec6797..dd628fb 100644 > --- a/libselinux/src/enabled.c > +++ b/libselinux/src/enabled.c > @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) > return enabled; > > snprintf(path, sizeof path, "%s/mls", selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return enabled; > > diff --git a/libselinux/src/get_context_list.c > b/libselinux/src/get_context_list.c > index f3fa4a9..689e465 100644 > --- a/libselinux/src/get_context_list.c > +++ b/libselinux/src/get_context_list.c > @@ -275,7 +275,7 @@ static int get_failsafe_context(const > char *user, char ** newcon) > size_t plen, nlen; > int rc; > > - fp = fopen(selinux_failsafe_context_path(), "r"); > + fp = fopen(selinux_failsafe_context_path(), "re"); > if (!fp) > return -1; > > @@ -437,7 +437,7 @@ int get_ordered_context_list(const char > *user, > if (!fname) > goto failsafe; > snprintf(fname, fname_len, "%s%s", > user_contexts_path, user); > - fp = fopen(fname, "r"); > + fp = fopen(fname, "re"); > if (fp) { > __fsetlocking(fp, FSETLOCKING_BYCALLER); > rc = get_context_order(fp, fromcon, > reachable, nreach, ordering, > @@ -451,7 +451,7 @@ int get_ordered_context_list(const char > *user, > } > } > free(fname); > - fp = fopen(selinux_default_context_path(), "r"); > + fp = fopen(selinux_default_context_path(), "re"); > if (fp) { > __fsetlocking(fp, FSETLOCKING_BYCALLER); > rc = get_context_order(fp, fromcon, > reachable, nreach, ordering, > diff --git a/libselinux/src/get_default_type.c > b/libselinux/src/get_default_type.c > index 27f2ae5..dd7b5d7 100644 > --- a/libselinux/src/get_default_type.c > +++ b/libselinux/src/get_default_type.c > @@ -11,7 +11,7 @@ int get_default_type(const char *role, > char **type) > { > FILE *fp = NULL; > > - fp = fopen(selinux_default_type_path(), "r"); > + fp = fopen(selinux_default_type_path(), "re"); > if (!fp) > return -1; > > diff --git a/libselinux/src/get_initial_context.c > b/libselinux/src/get_initial_context.c > index 522ed78..5e919f4 100644 > --- a/libselinux/src/get_initial_context.c > +++ b/libselinux/src/get_initial_context.c > @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const > char * name, char ** con) > > snprintf(path, sizeof path, "%s%s%s", > selinux_mnt, SELINUX_INITCON_DIR, name); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/getenforce.c > b/libselinux/src/getenforce.c > index 03d3abc..d909dce 100644 > --- a/libselinux/src/getenforce.c > +++ b/libselinux/src/getenforce.c > @@ -21,7 +21,7 @@ int security_getenforce(void) > } > > snprintf(path, sizeof path, "%s/enforce", selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/init.c b/libselinux/src/init.c > index ddf91f8..2690a72 100644 > --- a/libselinux/src/init.c > +++ b/libselinux/src/init.c > @@ -61,7 +61,7 @@ int selinuxfs_exists(void) > size_t len; > ssize_t num; > > - fp = fopen("/proc/filesystems", "r"); > + fp = fopen("/proc/filesystems", "re"); > if (!fp) > return 1; /* Fail as if it exists */ > __fsetlocking(fp, FSETLOCKING_BYCALLER); > @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) > > /* At this point, the usual spot doesn't have an > selinuxfs so > * we look around for it */ > - fp = fopen("/proc/mounts", "r"); > + fp = fopen("/proc/mounts", "re"); > if (!fp) > goto out; > > diff --git a/libselinux/src/is_customizable_type.c > b/libselinux/src/is_customizable_type.c > index 0b33edc..92876f4 100644 > --- a/libselinux/src/is_customizable_type.c > +++ b/libselinux/src/is_customizable_type.c > @@ -16,7 +16,7 @@ static int get_customizable_type_list(char > *** retlist) > unsigned int ctr = 0, i; > char **list = NULL; > > - fp = fopen(selinux_customizable_types_path(), "r"); > + fp = fopen(selinux_customizable_types_path(), "re"); > if (!fp) > return -1; > > diff --git a/libselinux/src/label.c b/libselinux/src/label.c > index 60639cf..5c9d8c1 100644 > --- a/libselinux/src/label.c > +++ b/libselinux/src/label.c > @@ -96,7 +96,7 @@ struct selabel_sub > *selabel_subs_init(const char *path, > struct > selabel_digest *digest) > { > char buf[1024]; > - FILE *cfg = fopen(path, "r"); > + FILE *cfg = fopen(path, "re"); > struct selabel_sub *sub = NULL; > struct stat sb; > > diff --git a/libselinux/src/label_backends_android.c > b/libselinux/src/label_backends_android.c > index 4d6ec86..4ad71f9 100644 > --- a/libselinux/src/label_backends_android.c > +++ b/libselinux/src/label_backends_android.c > @@ -159,7 +159,7 @@ static int init(struct selabel_handle > *rec, const struct selinux_opt *opts, > return -1; > > /* Open the specification file. */ > - if ((fp = fopen(path, "r")) == NULL) > + if ((fp = fopen(path, "re")) == NULL) > return -1; > > if (fstat(fileno(fp), &sb) < 0) > diff --git a/libselinux/src/label_file.c > b/libselinux/src/label_file.c > index a4dc3cd..0d4029b 100644 > --- a/libselinux/src/label_file.c > +++ b/libselinux/src/label_file.c > @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, > const char *suffix, > } > > memcpy(sb, &found->sb, sizeof(*sb)); > - return fopen(save_path, "r"); > + return fopen(save_path, "re"); > } > > static int process_file(const char *path, const char *suffix, > diff --git a/libselinux/src/label_media.c > b/libselinux/src/label_media.c > index 622741b..d202e5d 100644 > --- a/libselinux/src/label_media.c > +++ b/libselinux/src/label_media.c > @@ -90,7 +90,7 @@ static int init(struct selabel_handle > *rec, const struct selinux_opt *opts, > /* Open the specification file. */ > if (!path) > path = selinux_media_context_path(); > - if ((fp = fopen(path, "r")) == NULL) > + if ((fp = fopen(path, "re")) == NULL) > return -1; > __fsetlocking(fp, FSETLOCKING_BYCALLER); > > diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c > index 700def1..9674529 100644 > --- a/libselinux/src/label_x.c > +++ b/libselinux/src/label_x.c > @@ -117,7 +117,7 @@ static int init(struct selabel_handle > *rec, const struct selinux_opt *opts, > /* Open the specification file. */ > if (!path) > path = selinux_x_context_path(); > - if ((fp = fopen(path, "r")) == NULL) > + if ((fp = fopen(path, "re")) == NULL) > return -1; > __fsetlocking(fp, FSETLOCKING_BYCALLER); > > diff --git a/libselinux/src/load_policy.c > b/libselinux/src/load_policy.c > index b7e1a6f..327cc6a 100644 > --- a/libselinux/src/load_policy.c > +++ b/libselinux/src/load_policy.c > @@ -34,7 +34,7 @@ int security_load_policy(void *data, > size_t len) > } > > snprintf(path, sizeof path, "%s/load", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -173,13 +173,13 @@ checkbool: > search: > snprintf(path, sizeof(path), "%s.%d", > selinux_binary_policy_path(), vers); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > while (fd < 0 && errno == ENOENT > && --vers >= minvers) { > /* Check prior versions to see if old policy > is available */ > snprintf(path, sizeof(path), "%s.%d", > selinux_binary_policy_path(), vers); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > } > if (fd < 0) { > fprintf(stderr, > @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) > > /* Check for an override of the mode via the kernel > command line. */ > rc = mount("proc", "/proc", "proc", 0, 0); > - cfg = fopen("/proc/cmdline", "r"); > + cfg = fopen("/proc/cmdline", "re"); > if (cfg) { > char *tmp; > buf = malloc(selinux_page_size); > diff --git a/libselinux/src/matchmediacon.c > b/libselinux/src/matchmediacon.c > index 46cba46..23d01af 100644 > --- a/libselinux/src/matchmediacon.c > +++ b/libselinux/src/matchmediacon.c > @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char > ** con) > char *ptr, *ptr2 = NULL; > int found = 0; > char current_line[PATH_MAX]; > - if ((infile = fopen(path, "r")) == NULL) > + if ((infile = fopen(path, "re")) == NULL) > return -1; > while (!feof_unlocked(infile)) { > if (!fgets_unlocked(current_line, > sizeof(current_line), infile)) { > diff --git a/libselinux/src/policyvers.c > b/libselinux/src/policyvers.c > index 284a7f7..c97dd9d 100644 > --- a/libselinux/src/policyvers.c > +++ b/libselinux/src/policyvers.c > @@ -23,7 +23,7 @@ int security_policyvers(void) > } > > snprintf(path, sizeof path, "%s/policyvers", > selinux_mnt); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) { > if (errno == ENOENT) > return vers; > diff --git a/libselinux/src/procattr.c > b/libselinux/src/procattr.c > index 8cd59af..ebc0ade 100644 > --- a/libselinux/src/procattr.c > +++ b/libselinux/src/procattr.c > @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** > context, > return 0; > } > > - fd = openattr(pid, attr, O_RDONLY); > + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); > if (fd < 0) > return -1; > > @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char > * context, > && !strcmp(context, *prev_context)) > return 0; > > - fd = openattr(pid, attr, O_RDWR); > + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > if (context) { > diff --git > a/libselinux/src/selinux_check_securetty_context.c > b/libselinux/src/selinux_check_securetty_context.c > index 24e5e2c..55d4e03 100644 > --- a/libselinux/src/selinux_check_securetty_context.c > +++ b/libselinux/src/selinux_check_securetty_context.c > @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const > char * tty_context) > ssize_t len; > int found = -1; > FILE *fp; > - fp = fopen(selinux_securetty_types_path(), "r"); > + fp = fopen(selinux_securetty_types_path(), "re"); > if (fp) { > context_t con = context_new(tty_context); > if (con) { > diff --git a/libselinux/src/selinux_config.c > b/libselinux/src/selinux_config.c > index 88bcc85..d8e140c 100644 > --- a/libselinux/src/selinux_config.c > +++ b/libselinux/src/selinux_config.c > @@ -88,7 +88,7 @@ static const uint16_t > file_path_suffixes_idx[NEL] = { > int selinux_getenforcemode(int *enforce) > { > int ret = -1; > - FILE *cfg = fopen(SELINUXCONFIG, "r"); > + FILE *cfg = fopen(SELINUXCONFIG, "re"); > if (cfg) { > char *buf; > int len = sizeof(SELINUXTAG) - 1; > @@ -163,7 +163,7 @@ static void init_selinux_config(void) > if (selinux_policyroot) > return; > > - fp = fopen(SELINUXCONFIG, "r"); > + fp = fopen(SELINUXCONFIG, "re"); > if (fp) { > __fsetlocking(fp, FSETLOCKING_BYCALLER); > while ((len = getline(&line_buf, &line_len, > fp)) > 0) { > diff --git a/libselinux/src/selinux_restorecon.c > b/libselinux/src/selinux_restorecon.c > index e38d1d0..7ebfbdc 100644 > --- a/libselinux/src/selinux_restorecon.c > +++ b/libselinux/src/selinux_restorecon.c > @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) > if (uname(&uts) == 0 && strverscmp(uts.release, > "2.6.30") < 0) > return 0; > > - fp = fopen("/proc/mounts", "r"); > + fp = fopen("/proc/mounts", "re"); > if (!fp) > return 0; > > diff --git a/libselinux/src/setenforce.c > b/libselinux/src/setenforce.c > index e5e7612..09cad3c 100644 > --- a/libselinux/src/setenforce.c > +++ b/libselinux/src/setenforce.c > @@ -21,7 +21,7 @@ int security_setenforce(int value) > } > > snprintf(path, sizeof path, "%s/enforce", selinux_mnt); > - fd = open(path, O_RDWR); > + fd = open(path, O_RDWR | O_CLOEXEC); > if (fd < 0) > return -1; > > diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c > index 09e704b..572a7b0 100644 > --- a/libselinux/src/seusers.c > +++ b/libselinux/src/seusers.c > @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, > char **r_seuser, char **r_level) > > gid_t gid = get_default_gid(name); > > - cfg = fopen(selinux_usersconf_path(), "r"); > + cfg = fopen(selinux_usersconf_path(), "re"); > if (!cfg) > goto nomatch; > > @@ -278,7 +278,7 @@ int getseuser(const char *username, > const char *service, > FILE *fp = NULL; > if (asprintf(&path,"%s/logins/%s", > selinux_policy_root(), username) < 0) > goto err; > - fp = fopen(path, "r"); > + fp = fopen(path, "re"); > free(path); > if (fp == NULL) goto err; > __fsetlocking(fp, FSETLOCKING_BYCALLER); > diff --git a/libselinux/src/stringrep.c > b/libselinux/src/stringrep.c > index 2dbec2b..2d83f96 100644 > --- a/libselinux/src/stringrep.c > +++ b/libselinux/src/stringrep.c > @@ -80,7 +80,7 @@ static struct discover_class_node * > discover_class(const char *s) > > /* load up class index */ > snprintf(path, sizeof path, "%s/class/%s/index", > selinux_mnt,s); > - fd = open(path, O_RDONLY); > + fd = open(path, O_RDONLY | O_CLOEXEC); > if (fd < 0) > goto err3; > > -- > 2.8.0.rc3.226.g39d4020 > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov > <mailto:Selinux-leave@tycho.nsa.gov>. > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov > <mailto:Selinux-request@tycho.nsa.gov>. > > > > > > -- > Nick Kralevich | Android Security | nnk@google.com > <mailto:nnk@google.com> | 650.214.4037 <tel:(650)%20214-4037> > > > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. >
On Mon, Dec 12, 2016 at 12:16 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 12/11/2016 07:25 PM, William Roberts wrote: >> I'll test it tomorrow on Mac OS for you if you want? > > It would be good if someone were to test it on MacOS, particularly > whichever version of MacOS is supported for building Android (not sure > which one(s) that is). > > The other consideration is that it isn't always available in older libc > or other libc implementations, which can be a problem for embedded. > meta-selinux carries patches to make the existing usage of FD_CLOEXEC, > SOCK_CLOEXEC, and O_CLOEXEC optional if not defined, so they would > presumably have to do the same for all of these calls. Maybe we could > wrap this in a macro that gets defined once and drops the "e" or the > O_CLOEXEC if not supported by the platform? That doesn't seem to be a bad idea. I have not tested on Mac OS yet, But I will get to it by days end. > >> >> On Dec 11, 2016 3:22 PM, "Nick Kralevich" <nnk@google.com >> <mailto:nnk@google.com>> wrote: >> >> I don't know. I didn't test this change on a Mac. >> >> -- Nick >> >> On Sun, Dec 11, 2016 at 1:39 PM, William Roberts >> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote: >> >> Do you know if "re" poses any Mac issues? I would assume not, >> but I've never checked. >> >> On Dec 11, 2016 09:32, "Nick Kralevich" <nnk@google.com >> <mailto:nnk@google.com>> wrote: >> >> Makes libselinux safer and less likely to leak file >> descriptors when >> used as part of a multithreaded program. >> >> Signed-off-by: Nick Kralevich <nnk@google.com >> <mailto:nnk@google.com>> >> --- >> libselinux/src/audit2why.c | 4 ++-- >> libselinux/src/booleans.c | 14 >> +++++++------- >> libselinux/src/canonicalize_context.c | 2 +- >> libselinux/src/check_context.c | 2 +- >> libselinux/src/compute_av.c | 2 +- >> libselinux/src/compute_create.c | 2 +- >> libselinux/src/compute_member.c | 2 +- >> libselinux/src/compute_relabel.c | 2 +- >> libselinux/src/compute_user.c | 2 +- >> libselinux/src/deny_unknown.c | 2 +- >> libselinux/src/disable.c | 2 +- >> libselinux/src/enabled.c | 2 +- >> libselinux/src/get_context_list.c | 6 +++--- >> libselinux/src/get_default_type.c | 2 +- >> libselinux/src/get_initial_context.c | 2 +- >> libselinux/src/getenforce.c | 2 +- >> libselinux/src/init.c | 4 ++-- >> libselinux/src/is_customizable_type.c | 2 +- >> libselinux/src/label.c | 2 +- >> libselinux/src/label_backends_android.c | 2 +- >> libselinux/src/label_file.c | 2 +- >> libselinux/src/label_media.c | 2 +- >> libselinux/src/label_x.c | 2 +- >> libselinux/src/load_policy.c | 8 ++++---- >> libselinux/src/matchmediacon.c | 2 +- >> libselinux/src/policyvers.c | 2 +- >> libselinux/src/procattr.c | 4 ++-- >> libselinux/src/selinux_check_securetty_context.c | 2 +- >> libselinux/src/selinux_config.c | 4 ++-- >> libselinux/src/selinux_restorecon.c | 2 +- >> libselinux/src/setenforce.c | 2 +- >> libselinux/src/seusers.c | 4 ++-- >> libselinux/src/stringrep.c | 2 +- >> 33 files changed, 49 insertions(+), 49 deletions(-) >> >> diff --git a/libselinux/src/audit2why.c >> b/libselinux/src/audit2why.c >> index 3135eed..857383a 100644 >> --- a/libselinux/src/audit2why.c >> +++ b/libselinux/src/audit2why.c >> @@ -201,7 +201,7 @@ static int __policy_init(const char >> *init_path) >> path[PATH_MAX-1] = '\0'; >> if (init_path) { >> strncpy(path, init_path, PATH_MAX-1); >> - fp = fopen(path, "r"); >> + fp = fopen(path, "re"); >> if (!fp) { >> snprintf(errormsg, sizeof(errormsg), >> "unable to open %s: %s\n", >> @@ -218,7 +218,7 @@ static int __policy_init(const char >> *init_path) >> PyErr_SetString( PyExc_ValueError, >> errormsg); >> return 1; >> } >> - fp = fopen(curpolicy, "r"); >> + fp = fopen(curpolicy, "re"); >> if (!fp) { >> snprintf(errormsg, sizeof(errormsg), >> "unable to open %s: %s\n", >> diff --git a/libselinux/src/booleans.c >> b/libselinux/src/booleans.c >> index ba9d934..4a38a78 100644 >> --- a/libselinux/src/booleans.c >> +++ b/libselinux/src/booleans.c >> @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) >> if (!name) >> return NULL; >> >> - cfg = fopen(selinux_booleans_subs_path(), "r"); >> + cfg = fopen(selinux_booleans_subs_path(), "re"); >> if (!cfg) >> goto out; >> >> @@ -210,7 +210,7 @@ static int get_bool_value(const char >> *name, char **buf) >> >> (*buf)[STRBUF_SIZE] = 0; >> >> - fd = bool_open(name, O_RDONLY); >> + fd = bool_open(name, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> goto out_err; >> >> @@ -274,7 +274,7 @@ int security_set_boolean(const char >> *name, int value) >> return -1; >> } >> >> - fd = bool_open(name, O_WRONLY); >> + fd = bool_open(name, O_WRONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -305,7 +305,7 @@ int security_commit_booleans(void) >> } >> >> snprintf(path, sizeof path, >> "%s/commit_pending_bools", selinux_mnt); >> - fd = open(path, O_WRONLY); >> + fd = open(path, O_WRONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, >> SELboolean * boollist) >> >> snprintf(local_bool_file, sizeof(local_bool_file), >> "%s.local", >> bool_file); >> - boolf = fopen(local_bool_file, "r"); >> + boolf = fopen(local_bool_file, "re"); >> if (boolf != NULL) { >> ssize_t ret; >> size_t size = 0; >> @@ -518,7 +518,7 @@ int security_load_booleans(char *path) >> int val; >> char name[BUFSIZ]; >> >> - boolf = fopen(path ? path : selinux_booleans_path(), >> "r"); >> + boolf = fopen(path ? path : selinux_booleans_path(), >> "re"); >> if (boolf == NULL) >> goto localbool; >> >> @@ -536,7 +536,7 @@ int security_load_booleans(char *path) >> localbool: >> snprintf(localbools, sizeof(localbools), "%s.local", >> (path ? path : selinux_booleans_path())); >> - boolf = fopen(localbools, "r"); >> + boolf = fopen(localbools, "re"); >> >> if (boolf != NULL) { >> int ret; >> diff --git a/libselinux/src/canonicalize_context.c >> b/libselinux/src/canonicalize_context.c >> index 7cf3139..ba4c9a2 100644 >> --- a/libselinux/src/canonicalize_context.c >> +++ b/libselinux/src/canonicalize_context.c >> @@ -23,7 +23,7 @@ int >> security_canonicalize_context_raw(const char * con, >> } >> >> snprintf(path, sizeof path, "%s/context", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/check_context.c >> b/libselinux/src/check_context.c >> index 52063fa..8a7997f 100644 >> --- a/libselinux/src/check_context.c >> +++ b/libselinux/src/check_context.c >> @@ -20,7 +20,7 @@ int security_check_context_raw(const char >> * con) >> } >> >> snprintf(path, sizeof path, "%s/context", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_av.c >> b/libselinux/src/compute_av.c >> index 937e5c3..1d05e7b 100644 >> --- a/libselinux/src/compute_av.c >> +++ b/libselinux/src/compute_av.c >> @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const >> char * scon, >> } >> >> snprintf(path, sizeof path, "%s/access", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_create.c >> b/libselinux/src/compute_create.c >> index 9559d42..0975aea 100644 >> --- a/libselinux/src/compute_create.c >> +++ b/libselinux/src/compute_create.c >> @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const >> char * scon, >> } >> >> snprintf(path, sizeof path, "%s/create", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_member.c >> b/libselinux/src/compute_member.c >> index 1fc7e41..4e2d221 100644 >> --- a/libselinux/src/compute_member.c >> +++ b/libselinux/src/compute_member.c >> @@ -26,7 +26,7 @@ int security_compute_member_raw(const char >> * scon, >> } >> >> snprintf(path, sizeof path, "%s/member", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_relabel.c >> b/libselinux/src/compute_relabel.c >> index 4615aee..49f77ef 100644 >> --- a/libselinux/src/compute_relabel.c >> +++ b/libselinux/src/compute_relabel.c >> @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const >> char * scon, >> } >> >> snprintf(path, sizeof path, "%s/relabel", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/compute_user.c >> b/libselinux/src/compute_user.c >> index b37c5d3..7b88121 100644 >> --- a/libselinux/src/compute_user.c >> +++ b/libselinux/src/compute_user.c >> @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * >> scon, >> } >> >> snprintf(path, sizeof path, "%s/user", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/deny_unknown.c >> b/libselinux/src/deny_unknown.c >> index c93998a..77d04e3 100644 >> --- a/libselinux/src/deny_unknown.c >> +++ b/libselinux/src/deny_unknown.c >> @@ -21,7 +21,7 @@ int security_deny_unknown(void) >> } >> >> snprintf(path, sizeof(path), "%s/deny_unknown", >> selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c >> index dac0f5b..8d66262 100644 >> --- a/libselinux/src/disable.c >> +++ b/libselinux/src/disable.c >> @@ -21,7 +21,7 @@ int security_disable(void) >> } >> >> snprintf(path, sizeof path, "%s/disable", selinux_mnt); >> - fd = open(path, O_WRONLY); >> + fd = open(path, O_WRONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c >> index 2ec6797..dd628fb 100644 >> --- a/libselinux/src/enabled.c >> +++ b/libselinux/src/enabled.c >> @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) >> return enabled; >> >> snprintf(path, sizeof path, "%s/mls", selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return enabled; >> >> diff --git a/libselinux/src/get_context_list.c >> b/libselinux/src/get_context_list.c >> index f3fa4a9..689e465 100644 >> --- a/libselinux/src/get_context_list.c >> +++ b/libselinux/src/get_context_list.c >> @@ -275,7 +275,7 @@ static int get_failsafe_context(const >> char *user, char ** newcon) >> size_t plen, nlen; >> int rc; >> >> - fp = fopen(selinux_failsafe_context_path(), "r"); >> + fp = fopen(selinux_failsafe_context_path(), "re"); >> if (!fp) >> return -1; >> >> @@ -437,7 +437,7 @@ int get_ordered_context_list(const char >> *user, >> if (!fname) >> goto failsafe; >> snprintf(fname, fname_len, "%s%s", >> user_contexts_path, user); >> - fp = fopen(fname, "r"); >> + fp = fopen(fname, "re"); >> if (fp) { >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> rc = get_context_order(fp, fromcon, >> reachable, nreach, ordering, >> @@ -451,7 +451,7 @@ int get_ordered_context_list(const char >> *user, >> } >> } >> free(fname); >> - fp = fopen(selinux_default_context_path(), "r"); >> + fp = fopen(selinux_default_context_path(), "re"); >> if (fp) { >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> rc = get_context_order(fp, fromcon, >> reachable, nreach, ordering, >> diff --git a/libselinux/src/get_default_type.c >> b/libselinux/src/get_default_type.c >> index 27f2ae5..dd7b5d7 100644 >> --- a/libselinux/src/get_default_type.c >> +++ b/libselinux/src/get_default_type.c >> @@ -11,7 +11,7 @@ int get_default_type(const char *role, >> char **type) >> { >> FILE *fp = NULL; >> >> - fp = fopen(selinux_default_type_path(), "r"); >> + fp = fopen(selinux_default_type_path(), "re"); >> if (!fp) >> return -1; >> >> diff --git a/libselinux/src/get_initial_context.c >> b/libselinux/src/get_initial_context.c >> index 522ed78..5e919f4 100644 >> --- a/libselinux/src/get_initial_context.c >> +++ b/libselinux/src/get_initial_context.c >> @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const >> char * name, char ** con) >> >> snprintf(path, sizeof path, "%s%s%s", >> selinux_mnt, SELINUX_INITCON_DIR, name); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/getenforce.c >> b/libselinux/src/getenforce.c >> index 03d3abc..d909dce 100644 >> --- a/libselinux/src/getenforce.c >> +++ b/libselinux/src/getenforce.c >> @@ -21,7 +21,7 @@ int security_getenforce(void) >> } >> >> snprintf(path, sizeof path, "%s/enforce", selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/init.c b/libselinux/src/init.c >> index ddf91f8..2690a72 100644 >> --- a/libselinux/src/init.c >> +++ b/libselinux/src/init.c >> @@ -61,7 +61,7 @@ int selinuxfs_exists(void) >> size_t len; >> ssize_t num; >> >> - fp = fopen("/proc/filesystems", "r"); >> + fp = fopen("/proc/filesystems", "re"); >> if (!fp) >> return 1; /* Fail as if it exists */ >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) >> >> /* At this point, the usual spot doesn't have an >> selinuxfs so >> * we look around for it */ >> - fp = fopen("/proc/mounts", "r"); >> + fp = fopen("/proc/mounts", "re"); >> if (!fp) >> goto out; >> >> diff --git a/libselinux/src/is_customizable_type.c >> b/libselinux/src/is_customizable_type.c >> index 0b33edc..92876f4 100644 >> --- a/libselinux/src/is_customizable_type.c >> +++ b/libselinux/src/is_customizable_type.c >> @@ -16,7 +16,7 @@ static int get_customizable_type_list(char >> *** retlist) >> unsigned int ctr = 0, i; >> char **list = NULL; >> >> - fp = fopen(selinux_customizable_types_path(), "r"); >> + fp = fopen(selinux_customizable_types_path(), "re"); >> if (!fp) >> return -1; >> >> diff --git a/libselinux/src/label.c b/libselinux/src/label.c >> index 60639cf..5c9d8c1 100644 >> --- a/libselinux/src/label.c >> +++ b/libselinux/src/label.c >> @@ -96,7 +96,7 @@ struct selabel_sub >> *selabel_subs_init(const char *path, >> struct >> selabel_digest *digest) >> { >> char buf[1024]; >> - FILE *cfg = fopen(path, "r"); >> + FILE *cfg = fopen(path, "re"); >> struct selabel_sub *sub = NULL; >> struct stat sb; >> >> diff --git a/libselinux/src/label_backends_android.c >> b/libselinux/src/label_backends_android.c >> index 4d6ec86..4ad71f9 100644 >> --- a/libselinux/src/label_backends_android.c >> +++ b/libselinux/src/label_backends_android.c >> @@ -159,7 +159,7 @@ static int init(struct selabel_handle >> *rec, const struct selinux_opt *opts, >> return -1; >> >> /* Open the specification file. */ >> - if ((fp = fopen(path, "r")) == NULL) >> + if ((fp = fopen(path, "re")) == NULL) >> return -1; >> >> if (fstat(fileno(fp), &sb) < 0) >> diff --git a/libselinux/src/label_file.c >> b/libselinux/src/label_file.c >> index a4dc3cd..0d4029b 100644 >> --- a/libselinux/src/label_file.c >> +++ b/libselinux/src/label_file.c >> @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, >> const char *suffix, >> } >> >> memcpy(sb, &found->sb, sizeof(*sb)); >> - return fopen(save_path, "r"); >> + return fopen(save_path, "re"); >> } >> >> static int process_file(const char *path, const char *suffix, >> diff --git a/libselinux/src/label_media.c >> b/libselinux/src/label_media.c >> index 622741b..d202e5d 100644 >> --- a/libselinux/src/label_media.c >> +++ b/libselinux/src/label_media.c >> @@ -90,7 +90,7 @@ static int init(struct selabel_handle >> *rec, const struct selinux_opt *opts, >> /* Open the specification file. */ >> if (!path) >> path = selinux_media_context_path(); >> - if ((fp = fopen(path, "r")) == NULL) >> + if ((fp = fopen(path, "re")) == NULL) >> return -1; >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> >> diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c >> index 700def1..9674529 100644 >> --- a/libselinux/src/label_x.c >> +++ b/libselinux/src/label_x.c >> @@ -117,7 +117,7 @@ static int init(struct selabel_handle >> *rec, const struct selinux_opt *opts, >> /* Open the specification file. */ >> if (!path) >> path = selinux_x_context_path(); >> - if ((fp = fopen(path, "r")) == NULL) >> + if ((fp = fopen(path, "re")) == NULL) >> return -1; >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> >> diff --git a/libselinux/src/load_policy.c >> b/libselinux/src/load_policy.c >> index b7e1a6f..327cc6a 100644 >> --- a/libselinux/src/load_policy.c >> +++ b/libselinux/src/load_policy.c >> @@ -34,7 +34,7 @@ int security_load_policy(void *data, >> size_t len) >> } >> >> snprintf(path, sizeof path, "%s/load", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -173,13 +173,13 @@ checkbool: >> search: >> snprintf(path, sizeof(path), "%s.%d", >> selinux_binary_policy_path(), vers); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> while (fd < 0 && errno == ENOENT >> && --vers >= minvers) { >> /* Check prior versions to see if old policy >> is available */ >> snprintf(path, sizeof(path), "%s.%d", >> selinux_binary_policy_path(), vers); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> } >> if (fd < 0) { >> fprintf(stderr, >> @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) >> >> /* Check for an override of the mode via the kernel >> command line. */ >> rc = mount("proc", "/proc", "proc", 0, 0); >> - cfg = fopen("/proc/cmdline", "r"); >> + cfg = fopen("/proc/cmdline", "re"); >> if (cfg) { >> char *tmp; >> buf = malloc(selinux_page_size); >> diff --git a/libselinux/src/matchmediacon.c >> b/libselinux/src/matchmediacon.c >> index 46cba46..23d01af 100644 >> --- a/libselinux/src/matchmediacon.c >> +++ b/libselinux/src/matchmediacon.c >> @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char >> ** con) >> char *ptr, *ptr2 = NULL; >> int found = 0; >> char current_line[PATH_MAX]; >> - if ((infile = fopen(path, "r")) == NULL) >> + if ((infile = fopen(path, "re")) == NULL) >> return -1; >> while (!feof_unlocked(infile)) { >> if (!fgets_unlocked(current_line, >> sizeof(current_line), infile)) { >> diff --git a/libselinux/src/policyvers.c >> b/libselinux/src/policyvers.c >> index 284a7f7..c97dd9d 100644 >> --- a/libselinux/src/policyvers.c >> +++ b/libselinux/src/policyvers.c >> @@ -23,7 +23,7 @@ int security_policyvers(void) >> } >> >> snprintf(path, sizeof path, "%s/policyvers", >> selinux_mnt); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) { >> if (errno == ENOENT) >> return vers; >> diff --git a/libselinux/src/procattr.c >> b/libselinux/src/procattr.c >> index 8cd59af..ebc0ade 100644 >> --- a/libselinux/src/procattr.c >> +++ b/libselinux/src/procattr.c >> @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** >> context, >> return 0; >> } >> >> - fd = openattr(pid, attr, O_RDONLY); >> + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char >> * context, >> && !strcmp(context, *prev_context)) >> return 0; >> >> - fd = openattr(pid, attr, O_RDWR); >> + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> if (context) { >> diff --git >> a/libselinux/src/selinux_check_securetty_context.c >> b/libselinux/src/selinux_check_securetty_context.c >> index 24e5e2c..55d4e03 100644 >> --- a/libselinux/src/selinux_check_securetty_context.c >> +++ b/libselinux/src/selinux_check_securetty_context.c >> @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const >> char * tty_context) >> ssize_t len; >> int found = -1; >> FILE *fp; >> - fp = fopen(selinux_securetty_types_path(), "r"); >> + fp = fopen(selinux_securetty_types_path(), "re"); >> if (fp) { >> context_t con = context_new(tty_context); >> if (con) { >> diff --git a/libselinux/src/selinux_config.c >> b/libselinux/src/selinux_config.c >> index 88bcc85..d8e140c 100644 >> --- a/libselinux/src/selinux_config.c >> +++ b/libselinux/src/selinux_config.c >> @@ -88,7 +88,7 @@ static const uint16_t >> file_path_suffixes_idx[NEL] = { >> int selinux_getenforcemode(int *enforce) >> { >> int ret = -1; >> - FILE *cfg = fopen(SELINUXCONFIG, "r"); >> + FILE *cfg = fopen(SELINUXCONFIG, "re"); >> if (cfg) { >> char *buf; >> int len = sizeof(SELINUXTAG) - 1; >> @@ -163,7 +163,7 @@ static void init_selinux_config(void) >> if (selinux_policyroot) >> return; >> >> - fp = fopen(SELINUXCONFIG, "r"); >> + fp = fopen(SELINUXCONFIG, "re"); >> if (fp) { >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> while ((len = getline(&line_buf, &line_len, >> fp)) > 0) { >> diff --git a/libselinux/src/selinux_restorecon.c >> b/libselinux/src/selinux_restorecon.c >> index e38d1d0..7ebfbdc 100644 >> --- a/libselinux/src/selinux_restorecon.c >> +++ b/libselinux/src/selinux_restorecon.c >> @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) >> if (uname(&uts) == 0 && strverscmp(uts.release, >> "2.6.30") < 0) >> return 0; >> >> - fp = fopen("/proc/mounts", "r"); >> + fp = fopen("/proc/mounts", "re"); >> if (!fp) >> return 0; >> >> diff --git a/libselinux/src/setenforce.c >> b/libselinux/src/setenforce.c >> index e5e7612..09cad3c 100644 >> --- a/libselinux/src/setenforce.c >> +++ b/libselinux/src/setenforce.c >> @@ -21,7 +21,7 @@ int security_setenforce(int value) >> } >> >> snprintf(path, sizeof path, "%s/enforce", selinux_mnt); >> - fd = open(path, O_RDWR); >> + fd = open(path, O_RDWR | O_CLOEXEC); >> if (fd < 0) >> return -1; >> >> diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c >> index 09e704b..572a7b0 100644 >> --- a/libselinux/src/seusers.c >> +++ b/libselinux/src/seusers.c >> @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, >> char **r_seuser, char **r_level) >> >> gid_t gid = get_default_gid(name); >> >> - cfg = fopen(selinux_usersconf_path(), "r"); >> + cfg = fopen(selinux_usersconf_path(), "re"); >> if (!cfg) >> goto nomatch; >> >> @@ -278,7 +278,7 @@ int getseuser(const char *username, >> const char *service, >> FILE *fp = NULL; >> if (asprintf(&path,"%s/logins/%s", >> selinux_policy_root(), username) < 0) >> goto err; >> - fp = fopen(path, "r"); >> + fp = fopen(path, "re"); >> free(path); >> if (fp == NULL) goto err; >> __fsetlocking(fp, FSETLOCKING_BYCALLER); >> diff --git a/libselinux/src/stringrep.c >> b/libselinux/src/stringrep.c >> index 2dbec2b..2d83f96 100644 >> --- a/libselinux/src/stringrep.c >> +++ b/libselinux/src/stringrep.c >> @@ -80,7 +80,7 @@ static struct discover_class_node * >> discover_class(const char *s) >> >> /* load up class index */ >> snprintf(path, sizeof path, "%s/class/%s/index", >> selinux_mnt,s); >> - fd = open(path, O_RDONLY); >> + fd = open(path, O_RDONLY | O_CLOEXEC); >> if (fd < 0) >> goto err3; >> >> -- >> 2.8.0.rc3.226.g39d4020 >> >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov> >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov >> <mailto:Selinux-leave@tycho.nsa.gov>. >> To get help, send an email containing "help" to >> Selinux-request@tycho.nsa.gov >> <mailto:Selinux-request@tycho.nsa.gov>. >> >> >> >> >> >> -- >> Nick Kralevich | Android Security | nnk@google.com >> <mailto:nnk@google.com> | 650.214.4037 <tel:(650)%20214-4037> >> >> >> >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. >> >
On Mon, Dec 12, 2016 at 1:19 PM, William Roberts <bill.c.roberts@gmail.com> wrote: > On Mon, Dec 12, 2016 at 12:16 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On 12/11/2016 07:25 PM, William Roberts wrote: >>> I'll test it tomorrow on Mac OS for you if you want? >> >> It would be good if someone were to test it on MacOS, particularly >> whichever version of MacOS is supported for building Android (not sure >> which one(s) that is). >> >> The other consideration is that it isn't always available in older libc >> or other libc implementations, which can be a problem for embedded. >> meta-selinux carries patches to make the existing usage of FD_CLOEXEC, >> SOCK_CLOEXEC, and O_CLOEXEC optional if not defined, so they would >> presumably have to do the same for all of these calls. Maybe we could >> wrap this in a macro that gets defined once and drops the "e" or the >> O_CLOEXEC if not supported by the platform? > > That doesn't seem to be a bad idea. I have not tested on Mac OS yet, > But I will get to it by days end. I just wrote a small test program to fopen() a file with "re" and it worked just fine. I can also put strings like so, "rqpoipj" and fopen returns a file pointer that is readable in all cases. "re" seems supported. I am on version: $ defaults read loginwindow SystemVersionStampAsString 10.11.6 > >> >>> >>> On Dec 11, 2016 3:22 PM, "Nick Kralevich" <nnk@google.com >>> <mailto:nnk@google.com>> wrote: >>> >>> I don't know. I didn't test this change on a Mac. >>> >>> -- Nick >>> >>> On Sun, Dec 11, 2016 at 1:39 PM, William Roberts >>> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote: >>> >>> Do you know if "re" poses any Mac issues? I would assume not, >>> but I've never checked. >>> >>> On Dec 11, 2016 09:32, "Nick Kralevich" <nnk@google.com >>> <mailto:nnk@google.com>> wrote: >>> >>> Makes libselinux safer and less likely to leak file >>> descriptors when >>> used as part of a multithreaded program. >>> >>> Signed-off-by: Nick Kralevich <nnk@google.com >>> <mailto:nnk@google.com>> >>> --- >>> libselinux/src/audit2why.c | 4 ++-- >>> libselinux/src/booleans.c | 14 >>> +++++++------- >>> libselinux/src/canonicalize_context.c | 2 +- >>> libselinux/src/check_context.c | 2 +- >>> libselinux/src/compute_av.c | 2 +- >>> libselinux/src/compute_create.c | 2 +- >>> libselinux/src/compute_member.c | 2 +- >>> libselinux/src/compute_relabel.c | 2 +- >>> libselinux/src/compute_user.c | 2 +- >>> libselinux/src/deny_unknown.c | 2 +- >>> libselinux/src/disable.c | 2 +- >>> libselinux/src/enabled.c | 2 +- >>> libselinux/src/get_context_list.c | 6 +++--- >>> libselinux/src/get_default_type.c | 2 +- >>> libselinux/src/get_initial_context.c | 2 +- >>> libselinux/src/getenforce.c | 2 +- >>> libselinux/src/init.c | 4 ++-- >>> libselinux/src/is_customizable_type.c | 2 +- >>> libselinux/src/label.c | 2 +- >>> libselinux/src/label_backends_android.c | 2 +- >>> libselinux/src/label_file.c | 2 +- >>> libselinux/src/label_media.c | 2 +- >>> libselinux/src/label_x.c | 2 +- >>> libselinux/src/load_policy.c | 8 ++++---- >>> libselinux/src/matchmediacon.c | 2 +- >>> libselinux/src/policyvers.c | 2 +- >>> libselinux/src/procattr.c | 4 ++-- >>> libselinux/src/selinux_check_securetty_context.c | 2 +- >>> libselinux/src/selinux_config.c | 4 ++-- >>> libselinux/src/selinux_restorecon.c | 2 +- >>> libselinux/src/setenforce.c | 2 +- >>> libselinux/src/seusers.c | 4 ++-- >>> libselinux/src/stringrep.c | 2 +- >>> 33 files changed, 49 insertions(+), 49 deletions(-) >>> >>> diff --git a/libselinux/src/audit2why.c >>> b/libselinux/src/audit2why.c >>> index 3135eed..857383a 100644 >>> --- a/libselinux/src/audit2why.c >>> +++ b/libselinux/src/audit2why.c >>> @@ -201,7 +201,7 @@ static int __policy_init(const char >>> *init_path) >>> path[PATH_MAX-1] = '\0'; >>> if (init_path) { >>> strncpy(path, init_path, PATH_MAX-1); >>> - fp = fopen(path, "r"); >>> + fp = fopen(path, "re"); >>> if (!fp) { >>> snprintf(errormsg, sizeof(errormsg), >>> "unable to open %s: %s\n", >>> @@ -218,7 +218,7 @@ static int __policy_init(const char >>> *init_path) >>> PyErr_SetString( PyExc_ValueError, >>> errormsg); >>> return 1; >>> } >>> - fp = fopen(curpolicy, "r"); >>> + fp = fopen(curpolicy, "re"); >>> if (!fp) { >>> snprintf(errormsg, sizeof(errormsg), >>> "unable to open %s: %s\n", >>> diff --git a/libselinux/src/booleans.c >>> b/libselinux/src/booleans.c >>> index ba9d934..4a38a78 100644 >>> --- a/libselinux/src/booleans.c >>> +++ b/libselinux/src/booleans.c >>> @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) >>> if (!name) >>> return NULL; >>> >>> - cfg = fopen(selinux_booleans_subs_path(), "r"); >>> + cfg = fopen(selinux_booleans_subs_path(), "re"); >>> if (!cfg) >>> goto out; >>> >>> @@ -210,7 +210,7 @@ static int get_bool_value(const char >>> *name, char **buf) >>> >>> (*buf)[STRBUF_SIZE] = 0; >>> >>> - fd = bool_open(name, O_RDONLY); >>> + fd = bool_open(name, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> goto out_err; >>> >>> @@ -274,7 +274,7 @@ int security_set_boolean(const char >>> *name, int value) >>> return -1; >>> } >>> >>> - fd = bool_open(name, O_WRONLY); >>> + fd = bool_open(name, O_WRONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> @@ -305,7 +305,7 @@ int security_commit_booleans(void) >>> } >>> >>> snprintf(path, sizeof path, >>> "%s/commit_pending_bools", selinux_mnt); >>> - fd = open(path, O_WRONLY); >>> + fd = open(path, O_WRONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, >>> SELboolean * boollist) >>> >>> snprintf(local_bool_file, sizeof(local_bool_file), >>> "%s.local", >>> bool_file); >>> - boolf = fopen(local_bool_file, "r"); >>> + boolf = fopen(local_bool_file, "re"); >>> if (boolf != NULL) { >>> ssize_t ret; >>> size_t size = 0; >>> @@ -518,7 +518,7 @@ int security_load_booleans(char *path) >>> int val; >>> char name[BUFSIZ]; >>> >>> - boolf = fopen(path ? path : selinux_booleans_path(), >>> "r"); >>> + boolf = fopen(path ? path : selinux_booleans_path(), >>> "re"); >>> if (boolf == NULL) >>> goto localbool; >>> >>> @@ -536,7 +536,7 @@ int security_load_booleans(char *path) >>> localbool: >>> snprintf(localbools, sizeof(localbools), "%s.local", >>> (path ? path : selinux_booleans_path())); >>> - boolf = fopen(localbools, "r"); >>> + boolf = fopen(localbools, "re"); >>> >>> if (boolf != NULL) { >>> int ret; >>> diff --git a/libselinux/src/canonicalize_context.c >>> b/libselinux/src/canonicalize_context.c >>> index 7cf3139..ba4c9a2 100644 >>> --- a/libselinux/src/canonicalize_context.c >>> +++ b/libselinux/src/canonicalize_context.c >>> @@ -23,7 +23,7 @@ int >>> security_canonicalize_context_raw(const char * con, >>> } >>> >>> snprintf(path, sizeof path, "%s/context", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/check_context.c >>> b/libselinux/src/check_context.c >>> index 52063fa..8a7997f 100644 >>> --- a/libselinux/src/check_context.c >>> +++ b/libselinux/src/check_context.c >>> @@ -20,7 +20,7 @@ int security_check_context_raw(const char >>> * con) >>> } >>> >>> snprintf(path, sizeof path, "%s/context", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/compute_av.c >>> b/libselinux/src/compute_av.c >>> index 937e5c3..1d05e7b 100644 >>> --- a/libselinux/src/compute_av.c >>> +++ b/libselinux/src/compute_av.c >>> @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const >>> char * scon, >>> } >>> >>> snprintf(path, sizeof path, "%s/access", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/compute_create.c >>> b/libselinux/src/compute_create.c >>> index 9559d42..0975aea 100644 >>> --- a/libselinux/src/compute_create.c >>> +++ b/libselinux/src/compute_create.c >>> @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const >>> char * scon, >>> } >>> >>> snprintf(path, sizeof path, "%s/create", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/compute_member.c >>> b/libselinux/src/compute_member.c >>> index 1fc7e41..4e2d221 100644 >>> --- a/libselinux/src/compute_member.c >>> +++ b/libselinux/src/compute_member.c >>> @@ -26,7 +26,7 @@ int security_compute_member_raw(const char >>> * scon, >>> } >>> >>> snprintf(path, sizeof path, "%s/member", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/compute_relabel.c >>> b/libselinux/src/compute_relabel.c >>> index 4615aee..49f77ef 100644 >>> --- a/libselinux/src/compute_relabel.c >>> +++ b/libselinux/src/compute_relabel.c >>> @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const >>> char * scon, >>> } >>> >>> snprintf(path, sizeof path, "%s/relabel", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/compute_user.c >>> b/libselinux/src/compute_user.c >>> index b37c5d3..7b88121 100644 >>> --- a/libselinux/src/compute_user.c >>> +++ b/libselinux/src/compute_user.c >>> @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * >>> scon, >>> } >>> >>> snprintf(path, sizeof path, "%s/user", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/deny_unknown.c >>> b/libselinux/src/deny_unknown.c >>> index c93998a..77d04e3 100644 >>> --- a/libselinux/src/deny_unknown.c >>> +++ b/libselinux/src/deny_unknown.c >>> @@ -21,7 +21,7 @@ int security_deny_unknown(void) >>> } >>> >>> snprintf(path, sizeof(path), "%s/deny_unknown", >>> selinux_mnt); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c >>> index dac0f5b..8d66262 100644 >>> --- a/libselinux/src/disable.c >>> +++ b/libselinux/src/disable.c >>> @@ -21,7 +21,7 @@ int security_disable(void) >>> } >>> >>> snprintf(path, sizeof path, "%s/disable", selinux_mnt); >>> - fd = open(path, O_WRONLY); >>> + fd = open(path, O_WRONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c >>> index 2ec6797..dd628fb 100644 >>> --- a/libselinux/src/enabled.c >>> +++ b/libselinux/src/enabled.c >>> @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) >>> return enabled; >>> >>> snprintf(path, sizeof path, "%s/mls", selinux_mnt); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> return enabled; >>> >>> diff --git a/libselinux/src/get_context_list.c >>> b/libselinux/src/get_context_list.c >>> index f3fa4a9..689e465 100644 >>> --- a/libselinux/src/get_context_list.c >>> +++ b/libselinux/src/get_context_list.c >>> @@ -275,7 +275,7 @@ static int get_failsafe_context(const >>> char *user, char ** newcon) >>> size_t plen, nlen; >>> int rc; >>> >>> - fp = fopen(selinux_failsafe_context_path(), "r"); >>> + fp = fopen(selinux_failsafe_context_path(), "re"); >>> if (!fp) >>> return -1; >>> >>> @@ -437,7 +437,7 @@ int get_ordered_context_list(const char >>> *user, >>> if (!fname) >>> goto failsafe; >>> snprintf(fname, fname_len, "%s%s", >>> user_contexts_path, user); >>> - fp = fopen(fname, "r"); >>> + fp = fopen(fname, "re"); >>> if (fp) { >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> rc = get_context_order(fp, fromcon, >>> reachable, nreach, ordering, >>> @@ -451,7 +451,7 @@ int get_ordered_context_list(const char >>> *user, >>> } >>> } >>> free(fname); >>> - fp = fopen(selinux_default_context_path(), "r"); >>> + fp = fopen(selinux_default_context_path(), "re"); >>> if (fp) { >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> rc = get_context_order(fp, fromcon, >>> reachable, nreach, ordering, >>> diff --git a/libselinux/src/get_default_type.c >>> b/libselinux/src/get_default_type.c >>> index 27f2ae5..dd7b5d7 100644 >>> --- a/libselinux/src/get_default_type.c >>> +++ b/libselinux/src/get_default_type.c >>> @@ -11,7 +11,7 @@ int get_default_type(const char *role, >>> char **type) >>> { >>> FILE *fp = NULL; >>> >>> - fp = fopen(selinux_default_type_path(), "r"); >>> + fp = fopen(selinux_default_type_path(), "re"); >>> if (!fp) >>> return -1; >>> >>> diff --git a/libselinux/src/get_initial_context.c >>> b/libselinux/src/get_initial_context.c >>> index 522ed78..5e919f4 100644 >>> --- a/libselinux/src/get_initial_context.c >>> +++ b/libselinux/src/get_initial_context.c >>> @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const >>> char * name, char ** con) >>> >>> snprintf(path, sizeof path, "%s%s%s", >>> selinux_mnt, SELINUX_INITCON_DIR, name); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/getenforce.c >>> b/libselinux/src/getenforce.c >>> index 03d3abc..d909dce 100644 >>> --- a/libselinux/src/getenforce.c >>> +++ b/libselinux/src/getenforce.c >>> @@ -21,7 +21,7 @@ int security_getenforce(void) >>> } >>> >>> snprintf(path, sizeof path, "%s/enforce", selinux_mnt); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/init.c b/libselinux/src/init.c >>> index ddf91f8..2690a72 100644 >>> --- a/libselinux/src/init.c >>> +++ b/libselinux/src/init.c >>> @@ -61,7 +61,7 @@ int selinuxfs_exists(void) >>> size_t len; >>> ssize_t num; >>> >>> - fp = fopen("/proc/filesystems", "r"); >>> + fp = fopen("/proc/filesystems", "re"); >>> if (!fp) >>> return 1; /* Fail as if it exists */ >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) >>> >>> /* At this point, the usual spot doesn't have an >>> selinuxfs so >>> * we look around for it */ >>> - fp = fopen("/proc/mounts", "r"); >>> + fp = fopen("/proc/mounts", "re"); >>> if (!fp) >>> goto out; >>> >>> diff --git a/libselinux/src/is_customizable_type.c >>> b/libselinux/src/is_customizable_type.c >>> index 0b33edc..92876f4 100644 >>> --- a/libselinux/src/is_customizable_type.c >>> +++ b/libselinux/src/is_customizable_type.c >>> @@ -16,7 +16,7 @@ static int get_customizable_type_list(char >>> *** retlist) >>> unsigned int ctr = 0, i; >>> char **list = NULL; >>> >>> - fp = fopen(selinux_customizable_types_path(), "r"); >>> + fp = fopen(selinux_customizable_types_path(), "re"); >>> if (!fp) >>> return -1; >>> >>> diff --git a/libselinux/src/label.c b/libselinux/src/label.c >>> index 60639cf..5c9d8c1 100644 >>> --- a/libselinux/src/label.c >>> +++ b/libselinux/src/label.c >>> @@ -96,7 +96,7 @@ struct selabel_sub >>> *selabel_subs_init(const char *path, >>> struct >>> selabel_digest *digest) >>> { >>> char buf[1024]; >>> - FILE *cfg = fopen(path, "r"); >>> + FILE *cfg = fopen(path, "re"); >>> struct selabel_sub *sub = NULL; >>> struct stat sb; >>> >>> diff --git a/libselinux/src/label_backends_android.c >>> b/libselinux/src/label_backends_android.c >>> index 4d6ec86..4ad71f9 100644 >>> --- a/libselinux/src/label_backends_android.c >>> +++ b/libselinux/src/label_backends_android.c >>> @@ -159,7 +159,7 @@ static int init(struct selabel_handle >>> *rec, const struct selinux_opt *opts, >>> return -1; >>> >>> /* Open the specification file. */ >>> - if ((fp = fopen(path, "r")) == NULL) >>> + if ((fp = fopen(path, "re")) == NULL) >>> return -1; >>> >>> if (fstat(fileno(fp), &sb) < 0) >>> diff --git a/libselinux/src/label_file.c >>> b/libselinux/src/label_file.c >>> index a4dc3cd..0d4029b 100644 >>> --- a/libselinux/src/label_file.c >>> +++ b/libselinux/src/label_file.c >>> @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, >>> const char *suffix, >>> } >>> >>> memcpy(sb, &found->sb, sizeof(*sb)); >>> - return fopen(save_path, "r"); >>> + return fopen(save_path, "re"); >>> } >>> >>> static int process_file(const char *path, const char *suffix, >>> diff --git a/libselinux/src/label_media.c >>> b/libselinux/src/label_media.c >>> index 622741b..d202e5d 100644 >>> --- a/libselinux/src/label_media.c >>> +++ b/libselinux/src/label_media.c >>> @@ -90,7 +90,7 @@ static int init(struct selabel_handle >>> *rec, const struct selinux_opt *opts, >>> /* Open the specification file. */ >>> if (!path) >>> path = selinux_media_context_path(); >>> - if ((fp = fopen(path, "r")) == NULL) >>> + if ((fp = fopen(path, "re")) == NULL) >>> return -1; >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> >>> diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c >>> index 700def1..9674529 100644 >>> --- a/libselinux/src/label_x.c >>> +++ b/libselinux/src/label_x.c >>> @@ -117,7 +117,7 @@ static int init(struct selabel_handle >>> *rec, const struct selinux_opt *opts, >>> /* Open the specification file. */ >>> if (!path) >>> path = selinux_x_context_path(); >>> - if ((fp = fopen(path, "r")) == NULL) >>> + if ((fp = fopen(path, "re")) == NULL) >>> return -1; >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> >>> diff --git a/libselinux/src/load_policy.c >>> b/libselinux/src/load_policy.c >>> index b7e1a6f..327cc6a 100644 >>> --- a/libselinux/src/load_policy.c >>> +++ b/libselinux/src/load_policy.c >>> @@ -34,7 +34,7 @@ int security_load_policy(void *data, >>> size_t len) >>> } >>> >>> snprintf(path, sizeof path, "%s/load", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> @@ -173,13 +173,13 @@ checkbool: >>> search: >>> snprintf(path, sizeof(path), "%s.%d", >>> selinux_binary_policy_path(), vers); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> while (fd < 0 && errno == ENOENT >>> && --vers >= minvers) { >>> /* Check prior versions to see if old policy >>> is available */ >>> snprintf(path, sizeof(path), "%s.%d", >>> selinux_binary_policy_path(), vers); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> } >>> if (fd < 0) { >>> fprintf(stderr, >>> @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) >>> >>> /* Check for an override of the mode via the kernel >>> command line. */ >>> rc = mount("proc", "/proc", "proc", 0, 0); >>> - cfg = fopen("/proc/cmdline", "r"); >>> + cfg = fopen("/proc/cmdline", "re"); >>> if (cfg) { >>> char *tmp; >>> buf = malloc(selinux_page_size); >>> diff --git a/libselinux/src/matchmediacon.c >>> b/libselinux/src/matchmediacon.c >>> index 46cba46..23d01af 100644 >>> --- a/libselinux/src/matchmediacon.c >>> +++ b/libselinux/src/matchmediacon.c >>> @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char >>> ** con) >>> char *ptr, *ptr2 = NULL; >>> int found = 0; >>> char current_line[PATH_MAX]; >>> - if ((infile = fopen(path, "r")) == NULL) >>> + if ((infile = fopen(path, "re")) == NULL) >>> return -1; >>> while (!feof_unlocked(infile)) { >>> if (!fgets_unlocked(current_line, >>> sizeof(current_line), infile)) { >>> diff --git a/libselinux/src/policyvers.c >>> b/libselinux/src/policyvers.c >>> index 284a7f7..c97dd9d 100644 >>> --- a/libselinux/src/policyvers.c >>> +++ b/libselinux/src/policyvers.c >>> @@ -23,7 +23,7 @@ int security_policyvers(void) >>> } >>> >>> snprintf(path, sizeof path, "%s/policyvers", >>> selinux_mnt); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) { >>> if (errno == ENOENT) >>> return vers; >>> diff --git a/libselinux/src/procattr.c >>> b/libselinux/src/procattr.c >>> index 8cd59af..ebc0ade 100644 >>> --- a/libselinux/src/procattr.c >>> +++ b/libselinux/src/procattr.c >>> @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** >>> context, >>> return 0; >>> } >>> >>> - fd = openattr(pid, attr, O_RDONLY); >>> + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char >>> * context, >>> && !strcmp(context, *prev_context)) >>> return 0; >>> >>> - fd = openattr(pid, attr, O_RDWR); >>> + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> if (context) { >>> diff --git >>> a/libselinux/src/selinux_check_securetty_context.c >>> b/libselinux/src/selinux_check_securetty_context.c >>> index 24e5e2c..55d4e03 100644 >>> --- a/libselinux/src/selinux_check_securetty_context.c >>> +++ b/libselinux/src/selinux_check_securetty_context.c >>> @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const >>> char * tty_context) >>> ssize_t len; >>> int found = -1; >>> FILE *fp; >>> - fp = fopen(selinux_securetty_types_path(), "r"); >>> + fp = fopen(selinux_securetty_types_path(), "re"); >>> if (fp) { >>> context_t con = context_new(tty_context); >>> if (con) { >>> diff --git a/libselinux/src/selinux_config.c >>> b/libselinux/src/selinux_config.c >>> index 88bcc85..d8e140c 100644 >>> --- a/libselinux/src/selinux_config.c >>> +++ b/libselinux/src/selinux_config.c >>> @@ -88,7 +88,7 @@ static const uint16_t >>> file_path_suffixes_idx[NEL] = { >>> int selinux_getenforcemode(int *enforce) >>> { >>> int ret = -1; >>> - FILE *cfg = fopen(SELINUXCONFIG, "r"); >>> + FILE *cfg = fopen(SELINUXCONFIG, "re"); >>> if (cfg) { >>> char *buf; >>> int len = sizeof(SELINUXTAG) - 1; >>> @@ -163,7 +163,7 @@ static void init_selinux_config(void) >>> if (selinux_policyroot) >>> return; >>> >>> - fp = fopen(SELINUXCONFIG, "r"); >>> + fp = fopen(SELINUXCONFIG, "re"); >>> if (fp) { >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> while ((len = getline(&line_buf, &line_len, >>> fp)) > 0) { >>> diff --git a/libselinux/src/selinux_restorecon.c >>> b/libselinux/src/selinux_restorecon.c >>> index e38d1d0..7ebfbdc 100644 >>> --- a/libselinux/src/selinux_restorecon.c >>> +++ b/libselinux/src/selinux_restorecon.c >>> @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) >>> if (uname(&uts) == 0 && strverscmp(uts.release, >>> "2.6.30") < 0) >>> return 0; >>> >>> - fp = fopen("/proc/mounts", "r"); >>> + fp = fopen("/proc/mounts", "re"); >>> if (!fp) >>> return 0; >>> >>> diff --git a/libselinux/src/setenforce.c >>> b/libselinux/src/setenforce.c >>> index e5e7612..09cad3c 100644 >>> --- a/libselinux/src/setenforce.c >>> +++ b/libselinux/src/setenforce.c >>> @@ -21,7 +21,7 @@ int security_setenforce(int value) >>> } >>> >>> snprintf(path, sizeof path, "%s/enforce", selinux_mnt); >>> - fd = open(path, O_RDWR); >>> + fd = open(path, O_RDWR | O_CLOEXEC); >>> if (fd < 0) >>> return -1; >>> >>> diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c >>> index 09e704b..572a7b0 100644 >>> --- a/libselinux/src/seusers.c >>> +++ b/libselinux/src/seusers.c >>> @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, >>> char **r_seuser, char **r_level) >>> >>> gid_t gid = get_default_gid(name); >>> >>> - cfg = fopen(selinux_usersconf_path(), "r"); >>> + cfg = fopen(selinux_usersconf_path(), "re"); >>> if (!cfg) >>> goto nomatch; >>> >>> @@ -278,7 +278,7 @@ int getseuser(const char *username, >>> const char *service, >>> FILE *fp = NULL; >>> if (asprintf(&path,"%s/logins/%s", >>> selinux_policy_root(), username) < 0) >>> goto err; >>> - fp = fopen(path, "r"); >>> + fp = fopen(path, "re"); >>> free(path); >>> if (fp == NULL) goto err; >>> __fsetlocking(fp, FSETLOCKING_BYCALLER); >>> diff --git a/libselinux/src/stringrep.c >>> b/libselinux/src/stringrep.c >>> index 2dbec2b..2d83f96 100644 >>> --- a/libselinux/src/stringrep.c >>> +++ b/libselinux/src/stringrep.c >>> @@ -80,7 +80,7 @@ static struct discover_class_node * >>> discover_class(const char *s) >>> >>> /* load up class index */ >>> snprintf(path, sizeof path, "%s/class/%s/index", >>> selinux_mnt,s); >>> - fd = open(path, O_RDONLY); >>> + fd = open(path, O_RDONLY | O_CLOEXEC); >>> if (fd < 0) >>> goto err3; >>> >>> -- >>> 2.8.0.rc3.226.g39d4020 >>> >>> _______________________________________________ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov> >>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov >>> <mailto:Selinux-leave@tycho.nsa.gov>. >>> To get help, send an email containing "help" to >>> Selinux-request@tycho.nsa.gov >>> <mailto:Selinux-request@tycho.nsa.gov>. >>> >>> >>> >>> >>> >>> -- >>> Nick Kralevich | Android Security | nnk@google.com >>> <mailto:nnk@google.com> | 650.214.4037 <tel:(650)%20214-4037> >>> >>> >>> >>> _______________________________________________ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov >>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >>> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. >>> >> > > > > -- > Respectfully, > > William C Roberts
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index 3135eed..857383a 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c @@ -201,7 +201,7 @@ static int __policy_init(const char *init_path) path[PATH_MAX-1] = '\0'; if (init_path) { strncpy(path, init_path, PATH_MAX-1); - fp = fopen(path, "r"); + fp = fopen(path, "re"); if (!fp) { snprintf(errormsg, sizeof(errormsg), "unable to open %s: %s\n", @@ -218,7 +218,7 @@ static int __policy_init(const char *init_path) PyErr_SetString( PyExc_ValueError, errormsg); return 1; } - fp = fopen(curpolicy, "r"); + fp = fopen(curpolicy, "re"); if (!fp) { snprintf(errormsg, sizeof(errormsg), "unable to open %s: %s\n", diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index ba9d934..4a38a78 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) if (!name) return NULL; - cfg = fopen(selinux_booleans_subs_path(), "r"); + cfg = fopen(selinux_booleans_subs_path(), "re"); if (!cfg) goto out; @@ -210,7 +210,7 @@ static int get_bool_value(const char *name, char **buf) (*buf)[STRBUF_SIZE] = 0; - fd = bool_open(name, O_RDONLY); + fd = bool_open(name, O_RDONLY | O_CLOEXEC); if (fd < 0) goto out_err; @@ -274,7 +274,7 @@ int security_set_boolean(const char *name, int value) return -1; } - fd = bool_open(name, O_WRONLY); + fd = bool_open(name, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -305,7 +305,7 @@ int security_commit_booleans(void) } snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist) snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", bool_file); - boolf = fopen(local_bool_file, "r"); + boolf = fopen(local_bool_file, "re"); if (boolf != NULL) { ssize_t ret; size_t size = 0; @@ -518,7 +518,7 @@ int security_load_booleans(char *path) int val; char name[BUFSIZ]; - boolf = fopen(path ? path : selinux_booleans_path(), "r"); + boolf = fopen(path ? path : selinux_booleans_path(), "re"); if (boolf == NULL) goto localbool; @@ -536,7 +536,7 @@ int security_load_booleans(char *path) localbool: snprintf(localbools, sizeof(localbools), "%s.local", (path ? path : selinux_booleans_path())); - boolf = fopen(localbools, "r"); + boolf = fopen(localbools, "re"); if (boolf != NULL) { int ret; diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c index 7cf3139..ba4c9a2 100644 --- a/libselinux/src/canonicalize_context.c +++ b/libselinux/src/canonicalize_context.c @@ -23,7 +23,7 @@ int security_canonicalize_context_raw(const char * con, } snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c index 52063fa..8a7997f 100644 --- a/libselinux/src/check_context.c +++ b/libselinux/src/check_context.c @@ -20,7 +20,7 @@ int security_check_context_raw(const char * con) } snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c index 937e5c3..1d05e7b 100644 --- a/libselinux/src/compute_av.c +++ b/libselinux/src/compute_av.c @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const char * scon, } snprintf(path, sizeof path, "%s/access", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_ create.c index 9559d42..0975aea 100644 --- a/libselinux/src/compute_create.c +++ b/libselinux/src/compute_create.c @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const char * scon, } snprintf(path, sizeof path, "%s/create", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_ member.c index 1fc7e41..4e2d221 100644 --- a/libselinux/src/compute_member.c +++ b/libselinux/src/compute_member.c @@ -26,7 +26,7 @@ int security_compute_member_raw(const char * scon, } snprintf(path, sizeof path, "%s/member", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_ relabel.c index 4615aee..49f77ef 100644 --- a/libselinux/src/compute_relabel.c +++ b/libselinux/src/compute_relabel.c @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const char * scon, } snprintf(path, sizeof path, "%s/relabel", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c index b37c5d3..7b88121 100644 --- a/libselinux/src/compute_user.c +++ b/libselinux/src/compute_user.c @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * scon, } snprintf(path, sizeof path, "%s/user", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/deny_unknown.c b/libselinux/src/deny_unknown.c index c93998a..77d04e3 100644 --- a/libselinux/src/deny_unknown.c +++ b/libselinux/src/deny_unknown.c @@ -21,7 +21,7 @@ int security_deny_unknown(void) } snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c index dac0f5b..8d66262 100644 --- a/libselinux/src/disable.c +++ b/libselinux/src/disable.c @@ -21,7 +21,7 @@ int security_disable(void) } snprintf(path, sizeof path, "%s/disable", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c index 2ec6797..dd628fb 100644 --- a/libselinux/src/enabled.c +++ b/libselinux/src/enabled.c @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) return enabled; snprintf(path, sizeof path, "%s/mls", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return enabled; diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_ list.c index f3fa4a9..689e465 100644 --- a/libselinux/src/get_context_list.c +++ b/libselinux/src/get_context_list.c @@ -275,7 +275,7 @@ static int get_failsafe_context(const char *user, char ** newcon) size_t plen, nlen; int rc; - fp = fopen(selinux_failsafe_context_path(), "r"); + fp = fopen(selinux_failsafe_context_path(), "re"); if (!fp) return -1; @@ -437,7 +437,7 @@ int get_ordered_context_list(const char *user, if (!fname) goto failsafe; snprintf(fname, fname_len, "%s%s", user_contexts_path, user); - fp = fopen(fname, "r"); + fp = fopen(fname, "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); rc = get_context_order(fp, fromcon, reachable, nreach, ordering, @@ -451,7 +451,7 @@ int get_ordered_context_list(const char *user, } } free(fname); - fp = fopen(selinux_default_context_path(), "r"); + fp = fopen(selinux_default_context_path(), "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); rc = get_context_order(fp, fromcon, reachable, nreach, ordering, diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_ type.c index 27f2ae5..dd7b5d7 100644 --- a/libselinux/src/get_default_type.c +++ b/libselinux/src/get_default_type.c @@ -11,7 +11,7 @@ int get_default_type(const char *role, char **type) { FILE *fp = NULL; - fp = fopen(selinux_default_type_path(), "r"); + fp = fopen(selinux_default_type_path(), "re"); if (!fp) return -1; diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c index 522ed78..5e919f4 100644 --- a/libselinux/src/get_initial_context.c +++ b/libselinux/src/get_initial_context.c @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const char * name, char ** con) snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c index 03d3abc..d909dce 100644 --- a/libselinux/src/getenforce.c +++ b/libselinux/src/getenforce.c @@ -21,7 +21,7 @@ int security_getenforce(void) } snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/init.c b/libselinux/src/init.c index ddf91f8..2690a72 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -61,7 +61,7 @@ int selinuxfs_exists(void) size_t len; ssize_t num; - fp = fopen("/proc/filesystems", "r"); + fp = fopen("/proc/filesystems", "re"); if (!fp) return 1; /* Fail as if it exists */ __fsetlocking(fp, FSETLOCKING_BYCALLER); @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) /* At this point, the usual spot doesn't have an selinuxfs so * we look around for it */ - fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "re"); if (!fp) goto out; diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_ customizable_type.c index 0b33edc..92876f4 100644 --- a/libselinux/src/is_customizable_type.c +++ b/libselinux/src/is_customizable_type.c @@ -16,7 +16,7 @@ static int get_customizable_type_list(char *** retlist) unsigned int ctr = 0, i; char **list = NULL; - fp = fopen(selinux_customizable_types_path(), "r"); + fp = fopen(selinux_customizable_types_path(), "re"); if (!fp) return -1; diff --git a/libselinux/src/label.c b/libselinux/src/label.c index 60639cf..5c9d8c1 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -96,7 +96,7 @@ struct selabel_sub *selabel_subs_init(const char *path, struct selabel_digest *digest) { char buf[1024]; - FILE *cfg = fopen(path, "r"); + FILE *cfg = fopen(path, "re"); struct selabel_sub *sub = NULL; struct stat sb; diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_ backends_android.c index 4d6ec86..4ad71f9 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -159,7 +159,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, return -1; /* Open the specification file. */ - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; if (fstat(fileno(fp), &sb) < 0) diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index a4dc3cd..0d4029b 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, const char *suffix, } memcpy(sb, &found->sb, sizeof(*sb)); - return fopen(save_path, "r"); + return fopen(save_path, "re"); } static int process_file(const char *path, const char *suffix, diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c index 622741b..d202e5d 100644 --- a/libselinux/src/label_media.c +++ b/libselinux/src/label_media.c @@ -90,7 +90,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, /* Open the specification file. */ if (!path) path = selinux_media_context_path(); - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c index 700def1..9674529 100644 --- a/libselinux/src/label_x.c +++ b/libselinux/src/label_x.c @@ -117,7 +117,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, /* Open the specification file. */ if (!path) path = selinux_x_context_path(); - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index b7e1a6f..327cc6a 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -34,7 +34,7 @@ int security_load_policy(void *data, size_t len) } snprintf(path, sizeof path, "%s/load", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; @@ -173,13 +173,13 @@ checkbool: search: snprintf(path, sizeof(path), "%s.%d", selinux_binary_policy_path(), vers); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); while (fd < 0 && errno == ENOENT && --vers >= minvers) { /* Check prior versions to see if old policy is available */ snprintf(path, sizeof(path), "%s.%d", selinux_binary_policy_path(), vers); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); } if (fd < 0) { fprintf(stderr, @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) /* Check for an override of the mode via the kernel command line. */ rc = mount("proc", "/proc", "proc", 0, 0); - cfg = fopen("/proc/cmdline", "r"); + cfg = fopen("/proc/cmdline", "re"); if (cfg) { char *tmp; buf = malloc(selinux_page_size); diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c index 46cba46..23d01af 100644 --- a/libselinux/src/matchmediacon.c +++ b/libselinux/src/matchmediacon.c @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char ** con) char *ptr, *ptr2 = NULL; int found = 0; char current_line[PATH_MAX]; - if ((infile = fopen(path, "r")) == NULL) + if ((infile = fopen(path, "re")) == NULL) return -1; while (!feof_unlocked(infile)) { if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c index 284a7f7..c97dd9d 100644 --- a/libselinux/src/policyvers.c +++ b/libselinux/src/policyvers.c @@ -23,7 +23,7 @@ int security_policyvers(void) } snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) { if (errno == ENOENT) return vers; diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c index 8cd59af..ebc0ade 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** context, return 0; } - fd = openattr(pid, attr, O_RDONLY); + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char * context, && !strcmp(context, *prev_context)) return 0; - fd = openattr(pid, attr, O_RDWR); + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; if (context) { diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c index 24e5e2c..55d4e03 100644 --- a/libselinux/src/selinux_check_securetty_context.c +++ b/libselinux/src/selinux_check_securetty_context.c @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const char * tty_context) ssize_t len; int found = -1; FILE *fp; - fp = fopen(selinux_securetty_types_path(), "r"); + fp = fopen(selinux_securetty_types_path(), "re"); if (fp) { context_t con = context_new(tty_context); if (con) { diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_ config.c index 88bcc85..d8e140c 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -88,7 +88,7 @@ static const uint16_t file_path_suffixes_idx[NEL] = { int selinux_getenforcemode(int *enforce) { int ret = -1; - FILE *cfg = fopen(SELINUXCONFIG, "r"); + FILE *cfg = fopen(SELINUXCONFIG, "re"); if (cfg) { char *buf; int len = sizeof(SELINUXTAG) - 1; @@ -163,7 +163,7 @@ static void init_selinux_config(void) if (selinux_policyroot) return; - fp = fopen(SELINUXCONFIG, "r"); + fp = fopen(SELINUXCONFIG, "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); while ((len = getline(&line_buf, &line_len, fp)) > 0) { diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_ restorecon.c index e38d1d0..7ebfbdc 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) return 0; - fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "re"); if (!fp) return 0; diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c index e5e7612..09cad3c 100644 --- a/libselinux/src/setenforce.c +++ b/libselinux/src/setenforce.c @@ -21,7 +21,7 @@ int security_setenforce(int value) } snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c index 09e704b..572a7b0 100644 --- a/libselinux/src/seusers.c +++ b/libselinux/src/seusers.c @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, char **r_seuser, char **r_level) gid_t gid = get_default_gid(name); - cfg = fopen(selinux_usersconf_path(), "r"); + cfg = fopen(selinux_usersconf_path(), "re"); if (!cfg) goto nomatch; @@ -278,7 +278,7 @@ int getseuser(const char *username, const char *service, FILE *fp = NULL; if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0) goto err; - fp = fopen(path, "r"); + fp = fopen(path, "re"); free(path); if (fp == NULL) goto err; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c index 2dbec2b..2d83f96 100644 --- a/libselinux/src/stringrep.c +++ b/libselinux/src/stringrep.c @@ -80,7 +80,7 @@ static struct discover_class_node * discover_class(const char *s) /* load up class index */ snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) goto err3;
Do you know if "re" poses any Mac issues? I would assume not, but I've never checked. On Dec 11, 2016 09:32, "Nick Kralevich" <nnk@google.com> wrote: Makes libselinux safer and less likely to leak file descriptors when used as part of a multithreaded program. Signed-off-by: Nick Kralevich <nnk@google.com> --- libselinux/src/audit2why.c | 4 ++-- libselinux/src/booleans.c | 14 +++++++------- libselinux/src/canonicalize_context.c | 2 +- libselinux/src/check_context.c | 2 +- libselinux/src/compute_av.c | 2 +- libselinux/src/compute_create.c | 2 +- libselinux/src/compute_member.c | 2 +- libselinux/src/compute_relabel.c | 2 +- libselinux/src/compute_user.c | 2 +- libselinux/src/deny_unknown.c | 2 +- libselinux/src/disable.c | 2 +- libselinux/src/enabled.c | 2 +- libselinux/src/get_context_list.c | 6 +++--- libselinux/src/get_default_type.c | 2 +- libselinux/src/get_initial_context.c | 2 +- libselinux/src/getenforce.c | 2 +- libselinux/src/init.c | 4 ++-- libselinux/src/is_customizable_type.c | 2 +- libselinux/src/label.c | 2 +- libselinux/src/label_backends_android.c | 2 +- libselinux/src/label_file.c | 2 +- libselinux/src/label_media.c | 2 +- libselinux/src/label_x.c | 2 +- libselinux/src/load_policy.c | 8 ++++---- libselinux/src/matchmediacon.c | 2 +- libselinux/src/policyvers.c | 2 +- libselinux/src/procattr.c | 4 ++-- libselinux/src/selinux_check_securetty_context.c | 2 +- libselinux/src/selinux_config.c | 4 ++-- libselinux/src/selinux_restorecon.c | 2 +- libselinux/src/setenforce.c | 2 +- libselinux/src/seusers.c | 4 ++-- libselinux/src/stringrep.c | 2 +- 33 files changed, 49 insertions(+), 49 deletions(-) -- 2.8.0.rc3.226.g39d4020