From patchwork Fri Sep 16 19:37:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Roberts, William C" X-Patchwork-Id: 9336485 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9619860839 for ; Fri, 16 Sep 2016 19:40:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8615E29C74 for ; Fri, 16 Sep 2016 19:40:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 77F4729D01; Fri, 16 Sep 2016 19:40:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BAF8B29C74 for ; Fri, 16 Sep 2016 19:40:10 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,346,1470700800"; d="scan'208";a="17681154" IronPort-PHdr: =?us-ascii?q?9a23=3ApUKrXhTFg3tLWCjoceEKVIqPCtpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa65Zx2N2/xhgRfzUJnB7Loc0qyN4vmmBjNLuM/e+DBaKdoXBkdD0Z?= =?us-ascii?q?1X1yUbQ+e9QXXhK/DrayFoVO9jb3RCu0+BDE5OBczlbEfTqHDhpRQbGxH4KBYn?= =?us-ascii?q?br+tQt2asc272qiI9oHJZE0Q3XzmMOo0c0r99FyO/olO2M05e/53kkOI6lJzOM?= =?us-ascii?q?1ujVtyIlySmxuuruyRx7VEtxpqhvQ66sRbWr/7dalrBZZRDTAhLnxnrJaz7UqL?= =?us-ascii?q?cBGLrkc4fi1W10MQQluN0BavRZr1sy3npsJhySKaOovwVrlyVjO8q+9wRRbuhD?= =?us-ascii?q?0ANjJ89GDMluRsnalbp1SnvBU5zInKJMmOOOFWYrLWfdRcQ3FIGMlWSWgJAJy3?= =?us-ascii?q?ZpETVcIdLO1YqM/7vFJIohygVie2A+a61T5Mgn7/2Osxlf4mGwzcwBcIHtQSvX?= =?us-ascii?q?CSp9LwZ/Raavy80KSdlWaLVPhRwzqordGQfw=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2ENBQA4SdxX/wHyM5BeGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?Bgw8BAQEBAR6BU6YglDwgh2JMAQEBAQEBAQECAQJbJ4IyBAMTBYIYAiQTFCAOA?= =?us-ascii?q?wkCFwghCAgDAS0VGAcLBRgEiCnBNAEkiDqGZhEBhXgFiC0HhnNDigOPWwKJeYV?= =?us-ascii?q?tkFxUgn8bgXBSAYUweIEnAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 16 Sep 2016 19:40:08 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8GJbOxc001543; Fri, 16 Sep 2016 15:37:31 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8GJbNcj285281 for ; Fri, 16 Sep 2016 15:37:23 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8GJbMHL001528; Fri, 16 Sep 2016 15:37:23 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AjBAD8SNxX/yNjr8ZeGgEBAQECAQEBAQgBAQEBgzoBAQEBAR6BU7ZRhBIUhgqBXUwBAgEBAQEBAl6FNlIwgQ8SiErBKAEBCCeIOoleC4MHBYgtB4ZzQ4oDj1sCj2aQXFSCfxuBcFIBh08BAQE X-IPAS-Result: A1AjBAD8SNxX/yNjr8ZeGgEBAQECAQEBAQgBAQEBgzoBAQEBAR6BU7ZRhBIUhgqBXUwBAgEBAQEBAl6FNlIwgQ8SiErBKAEBCCeIOoleC4MHBYgtB4ZzQ4oDj1sCj2aQXFSCfxuBcFIBh08BAQE X-IronPort-AV: E=Sophos;i="5.30,346,1470715200"; d="scan'208";a="5711029" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 16 Sep 2016 15:37:22 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AQYuuoxLwYsxyx+ubdNmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgVLPjxwZ3uMQTl6Ol3ixeRBMOAuqsC1LWd6vm/ESxYuNDa4ShEKMQNHzY+yu?= =?us-ascii?q?wu1zQ6B8CEDUCpZNXLVAcdWPp4aVl+4nugOlJUEsutL3fbo3m18CJAUk6nbVk9?= =?us-ascii?q?GO35F8bogtit0KjqotuIMlwO22X2OOotZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?= =?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN9zITRuBLC?= =?us-ascii?q?VQqC4GcHGiVTy0IQQlvz1xbgQpr9iCbxt/InkGnGZYylBYwzDC+v66ZtVQ/AlD?= =?us-ascii?q?YMNzl/9nrezMN3kuYTux+ooRBlxI/YJYWUL+ZWYrLWfdRcQ3FIGMlWSWgJGY+n?= =?us-ascii?q?R5ceBOoGe+BDps/yoEVK5RmhDgC2GLnH1i5Dhniw27YzlesmD1LoxgslSs0PtH?= =?us-ascii?q?DVpdCzP+EIVuq41rXT5TTFc/5Snzz67dubOis9qO2BCOojOfHazlMiQkab1lg?= =?us-ascii?q?=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FOBADHSNxX/yNjr8ZeGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBFgEBAQMBAQEJAQEBgw8BAQEBAR6BU6YgkDGEEhSGCoFdTAEBAQEBAQE?= =?us-ascii?q?BAgECWyeCMgQBFQWCPlIwgQ8SiErBKAEBCAIliDqMcAWILQeGc0OKA49bAo9mk?= =?us-ascii?q?FxUgn8bgXBSAYYPgUABAQE?= X-IPAS-Result: =?us-ascii?q?A0FOBADHSNxX/yNjr8ZeGgEBAQECAQEBAQgBAQEBFgEBAQM?= =?us-ascii?q?BAQEJAQEBgw8BAQEBAR6BU6YgkDGEEhSGCoFdTAEBAQEBAQEBAgECWyeCMgQBF?= =?us-ascii?q?QWCPlIwgQ8SiErBKAEBCAIliDqMcAWILQeGc0OKA49bAo9mkFxUgn8bgXBSAYY?= =?us-ascii?q?PgUABAQE?= X-IronPort-AV: E=Sophos;i="5.30,346,1470700800"; d="scan'208";a="19323527" Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP; 16 Sep 2016 19:37:21 +0000 Received: from fmsmga004-icc.fm.intel.com ([198.175.99.11]) by fmsmga002-icc.fm.intel.com with ESMTP; 16 Sep 2016 12:37:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,346,1470726000"; d="scan'208";a="169648280" Received: from snair6-mobl.amr.corp.intel.com (HELO wcrobert-MOBL1.amr.corp.intel.com) ([10.249.8.41]) by fmsmga004.fm.intel.com with ESMTP; 16 Sep 2016 12:37:19 -0700 From: william.c.roberts@intel.com To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov, jwcart2@tycho.nsa.gov Subject: [PATCH v5] libselinux: correct error path to always try text Date: Fri, 16 Sep 2016 12:37:16 -0700 Message-Id: <1474054636-9318-1-git-send-email-william.c.roberts@intel.com> X-Mailer: git-send-email 1.9.1 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: William Roberts patch 5e15a52aaa cleans up the process_file() routine, but introduced a bug. If the binary file cannot be opened, always attempt to fall back to the textual file, this was not occurring. The logic should be: 1. Open the newest file between base path + suffix and base_path + suffix + ".bin" 2. If anything fails, attempt to load the oldest file. The result, with a concrete example, would be: If file_contexts is the newest file, and it cannot be processed, the code will fall back to file_contexts.bin and vice versa. Signed-off-by: William Roberts --- libselinux/src/label_file.c | 47 ++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 9faecdb..ff6bc94 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -447,7 +447,7 @@ static bool fcontext_is_binary(FILE *fp) #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) static FILE *open_file(const char *path, const char *suffix, - char *save_path, size_t len, struct stat *sb) + char *save_path, size_t len, struct stat *sb, bool open_oldest) { unsigned int i; int rc; @@ -493,9 +493,15 @@ static FILE *open_file(const char *path, const char *suffix, * includes equality. This provides a precedence on * secondary suffixes even when the timestamp is the * same. Ie choose file_contexts.bin over file_contexts - * even if the time stamp is the same. + * even if the time stamp is the same. Invert this logic + * on open_oldest set to true. The idea is that if the + * newest file failed to process, we can attempt to + * process the oldest. The logic here is subtle and depends + * on the array ordering in fdetails for the case when time + * stamps are the same. */ - if (fdetails[i].sb.st_mtime >= found->sb.st_mtime) { + if (open_oldest ^ + (fdetails[i].sb.st_mtime >= found->sb.st_mtime)) { found = &fdetails[i]; strcpy(save_path, path); } @@ -515,24 +521,35 @@ static int process_file(const char *path, const char *suffix, const char *prefix, struct selabel_digest *digest) { int rc; + unsigned int i; struct stat sb; FILE *fp = NULL; char found_path[PATH_MAX]; - fp = open_file(path, suffix, found_path, sizeof(found_path), &sb); - if (fp == NULL) - return -1; + /* + * On the first pass open the newest modified file. If it fails to + * process, then the second pass shall open the oldest file. If both + * passes fail, then it's a fatal error. + */ + for (i = 0; i < 2; i++) { + fp = open_file(path, suffix, found_path, sizeof(found_path), + &sb, i > 0); + if (fp == NULL) + return -1; - rc = fcontext_is_binary(fp) ? - load_mmap(fp, sb.st_size, rec, found_path) : - process_text_file(fp, prefix, rec, found_path); - if (rc < 0) - goto out; + rc = fcontext_is_binary(fp) ? + load_mmap(fp, sb.st_size, rec, found_path) : + process_text_file(fp, prefix, rec, found_path); + if (!rc) + rc = digest_add_specfile(digest, fp, NULL, sb.st_size, + found_path); - rc = digest_add_specfile(digest, fp, NULL, sb.st_size, found_path); -out: - fclose(fp); - return rc; + fclose(fp); + + if (!rc) + return 0; + } + return -1; } static void closef(struct selabel_handle *rec);