From patchwork Tue Feb 23 20:24:00 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Cashman <dcashman@android.com>
X-Patchwork-Id: 8395851
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id D92AAC0553
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 23 Feb 2016 20:36:29 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 37CF8202E5
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 23 Feb 2016 20:36:29 +0000 (UTC)
Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 497CC202DD
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 23 Feb 2016 20:36:28 +0000 (UTC)
X-TM-IMSS-Message-ID: <32eef7f000090ae0@nsa.gov>
Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov
	([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id
	32eef7f000090ae0 ; Tue, 23 Feb 2016 15:33:57 -0500
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u1NKYRHh022820;
	Tue, 23 Feb 2016 15:34:27 -0500
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u1NKOaw2035125 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Tue, 23 Feb 2016 15:24:36 -0500
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u1NKOUw5020565
	for <selinux@tycho.nsa.gov>; Tue, 23 Feb 2016 15:24:36 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1ArAgCmv8xWdCzcVdFeGQEBAg8BAQEBhEm4WIN9CheFdgKCGQEBAQEBARIBCgsMCB+EcwEBAQMSLgEBNwEPIDE0AQUBHBkih3ygb4ExPjGKTYUnAQSKJwEBAQEBAQQCARcGCoQGgXgKiTuBfAtAgSeOI4hplnGFXo0LL4EPglgNGYFpGy6INQEBAQ
X-IPAS-Result: 
 A1ArAgCmv8xWdCzcVdFeGQEBAg8BAQEBhEm4WIN9CheFdgKCGQEBAQEBARIBCgsMCB+EcwEBAQMSLgEBNwEPIDE0AQUBHBkih3ygb4ExPjGKTYUnAQSKJwEBAQEBAQQCARcGCoQGgXgKiTuBfAtAgSeOI4hplnGFXo0LL4EPglgNGYFpGy6INQEBAQ
X-IronPort-AV: E=Sophos;i="5.22,491,1449550800"; d="scan'208";a="5226857"
Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193])
	by goalie.tycho.ncsc.mil with ESMTP; 23 Feb 2016 15:24:35 -0500
X-TM-IMSS-Message-ID: <32e5dee4000906f0@nsa.gov>
Received: from mail-pa0-f44.google.com (mail-pa0-f44.google.com
	[209.85.220.44]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS
	SMTP
	Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 32e5dee4000906f0 ;
	Tue, 23 Feb 2016 15:24:01 -0500
Received: by mail-pa0-f44.google.com with SMTP id yy13so115792925pab.3
	for <selinux@tycho.nsa.gov>; Tue, 23 Feb 2016 12:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=android.com; s=20120917;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=t9wr5fVsv2Zg2RrQpAh9Q4+eQrUqF+phOe6hDOQZ+oY=;
	b=ZPPo4n02Q84P5XaOlkTjPgKVDqM07sUz1oAzNWDDDPAN+ibu7H43OrQ95ZLPsKXzSl
	APw6P2BpfRsVWsM026tfgGc7u0ec1swHPvFk9HSo0hMmGGG8/0L1SrkH161nOdrICkxt
	JkclKl40VRg9VgOiC3yC7L1SMeAouSggqvRwHFoa7707/+/HhjVjna1G6KcnxCn59ymb
	BbHHPkbAKVgOaLqtjmx4QdYjBLYbRx/aZAfChnWBc4ksibbG37fxwO0e020MuvHnIFkL
	buUQqzDPpFeo436X7fYMHRLqP/xTQr3P/q+ysw54w4VKdX9oPXZwCDl4XewATsC87HcP
	8FKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=t9wr5fVsv2Zg2RrQpAh9Q4+eQrUqF+phOe6hDOQZ+oY=;
	b=h+omuRc1vxDC6+BsbCjBqJG/1lYTU5PAkL5MA8FVbpq7ZkcCxdHG3ZqGvDlBmIVWeh
	zQs+PiF6fb1BfnoLKM77JzBAeN8FlE9A0iQ42tlmTdl/Od+/DWVwyZsteRQ6RH2RF9yT
	nGlZrsPKgiAMsRs06QGQzOC0kiVIB+4g69BRlqZkY0Z3GQaFfVt/HsfZBXn8C7vY+1SF
	1VoEBVntUMhajMmiZGbGCxPlvaPPaZoX61YcvOkBim06JZjl4++eU+/PbZi2Mun5DGCu
	wmHq5ZgscQF6gCAnAJ58jJTnwuiZURo9F+uroR33IYO2IlG1lt2CSaTJNlZVkcjjDAJa
	p/Bg==
X-Gm-Message-State: 
 AG10YOSY1dl+0tlB5i6CqbyWyV44H5JuH7tCIniwZb5a84VcgyvVPNeTfZL3OeYpn26Q7A==
X-Received: by 10.66.61.204 with SMTP id s12mr8322183par.108.1456259070828;
	Tue, 23 Feb 2016 12:24:30 -0800 (PST)
Received: from dcashman.mtv.corp.google.com ([172.22.115.19])
	by smtp.gmail.com with ESMTPSA id
	fc8sm46328943pab.21.2016.02.23.12.24.29
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 23 Feb 2016 12:24:29 -0800 (PST)
From: Daniel Cashman <dcashman@android.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
Date: Tue, 23 Feb 2016 12:24:00 -0800
Message-Id: <1456259040-13721-3-git-send-email-dcashman@android.com>
X-Mailer: git-send-email 2.7.0.rc3.207.g0ac5344
In-Reply-To: <1456259040-13721-2-git-send-email-dcashman@android.com>
References: <1456259040-13721-1-git-send-email-dcashman@android.com>
	<1456259040-13721-2-git-send-email-dcashman@android.com>
X-TM-AS-MML: disable
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: sds@tycho.nsa.gov
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: dcashman <dcashman@android.com>

getpidcon documentation does not specify that a pid of 0 refers to the
current process, and getcon exists specifically to provide this
functionality, and getpidcon(getpid()) would provide it as well.
Disallow pid values <= 0 that may lead to unintended behavior in
userspace object managers.

Signed-off-by: Daniel Cashman <dcashman@android.com>
Acked-by: Nick Kralevich <nnk@google.com>
---
 libselinux/src/procattr.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index c20f003..eee4612 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -306,11 +306,21 @@ static int setprocattrcon(const char * context,
 #define getpidattr_def(fn, attr) \
 	int get##fn##_raw(pid_t pid, char **c)	\
 	{ \
-		return getprocattrcon_raw(c, pid, #attr); \
+		if (pid <= 0) { \
+			errno = EINVAL; \
+			return -1; \
+		} else { \
+			return getprocattrcon_raw(c, pid, #attr); \
+		} \
 	} \
 	int get##fn(pid_t pid, char **c)	\
 	{ \
-		return getprocattrcon(c, pid, #attr); \
+		if (pid <= 0) { \
+			errno = EINVAL; \
+			return -1; \
+		} else { \
+			return getprocattrcon(c, pid, #attr); \
+		} \
 	}
 
 all_selfattr_def(con, current)