From patchwork Mon Sep 11 18:04:39 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Cashman <dcashman@android.com>
X-Patchwork-Id: 9947927
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	539A36024A for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 11 Sep 2017 18:11:19 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B28D28C3B
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 11 Sep 2017 18:11:19 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2FA4F28C56; Mon, 11 Sep 2017 18:11:19 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from uhil19pa12.eemsg.mail.mil (uhil19pa12.eemsg.mail.mil
	[214.24.21.85])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7FF1828C3B
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 11 Sep 2017 18:11:17 +0000 (UTC)
Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2])
	by uhil19pa12.eemsg.mail.mil with ESMTP/TLS/AES256-SHA;
	11 Sep 2017 18:11:15 +0000
X-IronPort-AV: E=Sophos;i="5.42,379,1500940800"; d="scan'208";a="2003976"
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2017 18:10:25 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8BI5rnw001381;
	Mon, 11 Sep 2017 14:06:48 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	v8BI5lDU065460 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 11 Sep 2017 14:05:47 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8BI5lVo001379
	for <selinux@tycho.nsa.gov>; Mon, 11 Sep 2017 14:05:47 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1DVAQBkz7ZZfyQaGNZcGwEBAQMBAQEJA?=
	=?us-ascii?q?QEBgzAogVUnjwyPLplQA1wKE4UrhCRXAQIBAQEBAQITAQELFoYjGQEBNwEvZQE?=
	=?us-ascii?q?FATWIX4FSA55sQIsgglg6gwkBAQWIHQEBCCAIEoMZgTJQgUYKgWONdB+KC4gxj?=
	=?us-ascii?q?j2LNYkPi1CHLkiUNgIEAgkCBhQkgRWBJT8yIQgcFYVTDgEcGYFuVohLK4IUAQE?=
	=?us-ascii?q?B?=
X-IPAS-Result: =?us-ascii?q?A1DVAQBkz7ZZfyQaGNZcGwEBAQMBAQEJAQEBgzAogVUnjwy?=
	=?us-ascii?q?PLplQA1wKE4UrhCRXAQIBAQEBAQITAQELFoYjGQEBNwEvZQEFATWIX4FSA55sQ?=
	=?us-ascii?q?Isgglg6gwkBAQWIHQEBCCAIEoMZgTJQgUYKgWONdB+KC4gxjj2LNYkPi1CHLki?=
	=?us-ascii?q?UNgIEAgkCBhQkgRWBJT8yIQgcFYVTDgEcGYFuVohLK4IUAQEB?=
X-IronPort-AV: E=Sophos;i="5.42,379,1500955200";
   d="scan'208";a="48100"
Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34])
	by goalie.tycho.ncsc.mil with ESMTP; 11 Sep 2017 14:05:44 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3A8DBYAR3gnUw0UWmesmDT+DRfVm0co7zxezQtwd8Z?=
	=?us-ascii?q?se0VK/ad9pjvdHbS+e9qxAeQG96KurQY06GP6v+ocFdDyK7JiGoFfp1IWk1Nou?=
	=?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?=
	=?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgD6wbal9IRmqogndq9QajIl/Iast1xXFpWdFdf?=
	=?us-ascii?q?5Lzm1yP1KTmBj85sa0/JF99ilbpuws+c1dX6jkZqo0VbNXAigoPGAz/83rqALM?=
	=?us-ascii?q?TRCT6XsGU2UZiQRHDg7Y5xznRJjxsy/6tu1g2CmGOMD9UL45VSi+46ptVRTljj?=
	=?us-ascii?q?oMOTwk/2HNksF+kaJVrgyvqRJ8xIDZe52ZOOZkc6/BZ94WWXZNU8BMXCJBGIO8?=
	=?us-ascii?q?aI4PAvIPM+lCqYn9pkUBrR+jDgSyHuzv0T9Ihnrs0q08zu8sFhzJ0xA6ENIVsH?=
	=?us-ascii?q?TUqc/6NKEJXO+vyqnH0C/Db/RX2Tjg8oTHbhchofSVUL92bMHfylEvGhvbglmN?=
	=?us-ascii?q?poHpJS2Z2+sXv2SF7udsT+yihm8/pwxzrTWj3NoghpfJi44PyV3J+z91zYk0KN?=
	=?us-ascii?q?C+VUV1e8SrEIFKuCGfL4Z2Qt0tQ2VvuCsixLIIpJ61cTUXxJkj3RDSd+CLfoqS?=
	=?us-ascii?q?7h39SumRJCx4hH1/dLK6nRmy8Eygxvf5Vsm11FZGtitFkt/SuXARzxHf9NWLR/?=
	=?us-ascii?q?Rn8ku/1juDzR7f5+BeLU06lKfXM5shzaQxlpoXv0TDBCj2mEDugaCLakor4POo?=
	=?us-ascii?q?6+TiYrr8oJ+RLJV7igfjPaQ0ncy/APk3PhISUGic/OSwzKfj8lHhQLVWkv02lb?=
	=?us-ascii?q?HUsIvEKsQfp665BRJV04k45hajDzapzNQYnX4dIFJDYxKIlZLlO17JIPDmXr+D?=
	=?us-ascii?q?hAG3nTNqwe3WFqHwCZXKaH7YmfHueqguxVRbzV8fxNZe6pYcIbgaIPf6XAeluN?=
	=?us-ascii?q?fRFR88OgqcyuDrEtJ82sUVXmfZUfzRC7/brVLdvrFnGOKLfoJA4Ds=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CkAQA5z7ZZfyQaGNZcGwEBAQMBAQEJA?=
	=?us-ascii?q?QEBFgEBAQMBAQEJAQEBgwUogVUnjwyofgNcCoU+hHsBAQEBAQEBAQIBEgEBCxZ?=
	=?us-ascii?q?dgjMignEZAQE3AS9lAQUBNYhfgVIDnmxAiyCCWDqDCQEBBYgdAQEIIAgSgxmBM?=
	=?us-ascii?q?oIWCoFjinUMgnMfiguIMY49izWJD4tQhy5IlDYCBAIJAgYUJIEVgSU/MiEIHBW?=
	=?us-ascii?q?FUw4BHBmBblaISyuCFAEBAQ?=
X-IronPort-AV: E=Sophos;i="5.42,379,1500940800"; d="scan'208";a="2003691"
Received: from uphb19pa04.eemsg.mail.mil (HELO USFB19PA07.eemsg.mail.mil)
	([214.24.26.36])
	by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2017 18:05:34 +0000
X-EEMSG-check-005: 0
X-EEMSG-check-006: 000-001;60ef64b4-fa2e-412f-81a9-b0fba2be5f7a
Authentication-Results: USFB19PA01.eemsg.mail.mil;
	dkim=pass (signature verified) header.i=@android.com
X-EEMSG-check-008: 127014484|USFB19PA01_EEMSG_MP17.csd.disa.mil
X-EEMSG-SBRS: 2.7
X-EEMSG-ORIG-IP: 74.125.83.46
X-EEMSG-check-002: true
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A0B3AACFzbZZfy5TfUpcGgEBAQECAQEBAQgBAQEBgzCCJI4YkCKYHYEzA1wKE4UrhCQ/GAECAQEBAQEBARMBAQkLCwgmMYVGGQEBNwEvZQEFATWIX4FSnntAiyCCWDqDCQEBBYgdAQEIIAgJAQiDGYEyUIFGCoFjinUMgnMfiguIMY49izWJD4tQhywCSJQ2AgQCCQIGFCSBFR+BBj8yIQgcFYVTDgEcggcgNocAK4IUAQEB
X-IPAS-Result: 
 A0B3AACFzbZZfy5TfUpcGgEBAQECAQEBAQgBAQEBgzCCJI4YkCKYHYEzA1wKE4UrhCQ/GAECAQEBAQEBARMBAQkLCwgmMYVGGQEBNwEvZQEFATWIX4FSnntAiyCCWDqDCQEBBYgdAQEIIAgJAQiDGYEyUIFGCoFjinUMgnMfiguIMY49izWJD4tQhywCSJQ2AgQCCQIGFCSBFR+BBj8yIQgcFYVTDgEcggcgNocAK4IUAQEB
Received: from mail-pg0-f46.google.com ([74.125.83.46])
	by USFB19PA01.eemsg.mail.mil with ESMTP; 11 Sep 2017 18:05:06 +0000
Received: by mail-pg0-f46.google.com with SMTP id v66so16594477pgb.5
	for <selinux@tycho.nsa.gov>; Mon, 11 Sep 2017 11:05:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=android.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=pvPY3e6GkX9I7lo6/wMUcY4Vu/TBDNjBWOCtzGXsQxQ=;
	b=mibp7PF2/qYJowVfJip05A+b15qT4ViiYGiEiFWZD05oxJL6dVRxuXWxR9TRGnzHMO
	zIM0ADf+bwbqm5ecsFfFquSL0Kei+1qbrKu2VUmfjQ//E2Hmfy+ZGW+spYfarjQqny2K
	D+IdutIM6ggGv2h6owimu/6FtzHYzpo0IZoaQazjvpHwU61zrh7J0B+fLSsbCDS7ak7A
	01g1lOdJDcaZjbnpZQxshobKxiqM5HekqW4Z+Zs1u7HSc1JcDm+JQyaPNcb5roH3GlNq
	oS3Cgmrl43ANfpSJqYdNKC4OE9HwpbHhAkoW7qP8VgDYaPsiA8U0je1Dd3QZlNX08snP
	9gVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=pvPY3e6GkX9I7lo6/wMUcY4Vu/TBDNjBWOCtzGXsQxQ=;
	b=fYdSNcqCMddkLx9hZLw5LgZB+Ng+KVe4K48ZHdZ1LuBtLa52mF3hK/+2ClfhMMorNd
	UYL3U4DhL5j557n5Umd7J1/NZzkgHsVKwS8pKP+3OP1/urP7+G0uGX+7zYp6tfjobvjG
	Edsa2poktfTBCGDt+pS1KzbR7yFJelA1Vwb3abSH1dRC74MYG99dqBP5MeGPp7lKWl/W
	dECMC6rUKl6HDqq2dVezckjdB218yvkpostCN21zdYs+AwoUdzOIYnR99t9bqx31/mGi
	gysGUmOLBSy4U+Ao14kAYmo5Eh+h6SYME569SQaHd4KgYq3F5BiZx0ndgoRPf/7G8R1W
	TIRA==
X-Gm-Message-State: AHPjjUiTL8l7UgdY8wzm3yIkcPj8SnJgo7vZ+W76H4+N18EG774mrDU7
	6tWEBZvNcIhMg6KqGuPwiA==
X-Google-Smtp-Source: 
 ADKCNb6RMxbQUoy7NdPRNIU1ZU56tlav33nyi9LccY4DaZGrcMdbpRnnefMyw81f+WD23Qjq851TaA==
X-Received: by 10.99.179.66 with SMTP id x2mr12228228pgt.336.1505153103790;
	Mon, 11 Sep 2017 11:05:03 -0700 (PDT)
Received: from dcashman2.mtv.corp.google.com ([172.22.112.71])
	by smtp.gmail.com with ESMTPSA id
	p5sm15599497pgc.94.2017.09.11.11.05.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 11 Sep 2017 11:05:03 -0700 (PDT)
From: Daniel Cashman <dcashman@android.com>
To: selinux@tycho.nsa.gov
Date: Mon, 11 Sep 2017 11:04:39 -0700
Message-Id: <20170911180439.26437-1-dcashman@android.com>
X-Mailer: git-send-email 2.14.1.581.gf28d330327-goog
Subject: [PATCH] selinux: libselinux: Enable multiple input files to
	selabel_open.
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: jwcart2@tycho.nsa.gov, dcashman@google.com
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Dan Cashman <dcashman@google.com>

The file_contexts labeling backend, specified in label_file.c, currently assumes
that only one path will be specified as an option to selabel_open().  The split
of platform and non-platform policy on device, however, will necessitate the
loading of two disparate policy files.  Rather than combining the files and then
calling the existing API on a newly-formed file, just add the ability to specify
multiple files to use.  Order of opt specification to selabel_open matters.

This corresponds to AOSP commit 50400d38203e4db08314168e60c281cc61a717a8, which
lead to a fork with upstream, which we'd like to correct.

Signed-off-by: Dan Cashman <dcashman@android.com>
---
 libselinux/src/label.c          |  21 +++++---
 libselinux/src/label_file.c     | 104 +++++++++++++++++++++++++++++-----------
 libselinux/src/label_internal.h |   5 +-
 3 files changed, 94 insertions(+), 36 deletions(-)

diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index 48f4d2d6..0dfa054c 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -143,7 +143,11 @@ static int selabel_fini(struct selabel_handle *rec,
 			    struct selabel_lookup_rec *lr,
 			    int translating)
 {
-	if (compat_validate(rec, lr, rec->spec_file, 0))
+	char *path = NULL;
+
+	if (rec->spec_files)
+		path = rec->spec_files[0];
+	if (compat_validate(rec, lr, path, 0))
 		return -1;
 
 	if (translating && !lr->ctx_trans &&
@@ -226,11 +230,9 @@ struct selabel_handle *selabel_open(unsigned int backend,
 	rec->digest = selabel_is_digest_set(opts, nopts, rec->digest);
 
 	if ((*initfuncs[backend])(rec, opts, nopts)) {
-		free(rec->spec_file);
-		free(rec);
+		selabel_close(rec);
 		rec = NULL;
 	}
-
 out:
 	return rec;
 }
@@ -337,10 +339,17 @@ int selabel_digest(struct selabel_handle *rec,
 
 void selabel_close(struct selabel_handle *rec)
 {
+	size_t i;
+
+	if (rec->spec_files) {
+		for (i = 0; i < rec->spec_files_len; i++)
+			free(rec->spec_files[i]);
+		free(rec->spec_files);
+	}
 	if (rec->digest)
 		selabel_digest_fini(rec->digest);
-	rec->func_close(rec);
-	free(rec->spec_file);
+	if (rec->func_close)
+		rec->func_close(rec);
 	free(rec);
 }
 
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 560d8c3d..b3b36bc2 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -709,28 +709,61 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		unsigned n)
 {
 	struct saved_data *data = (struct saved_data *)rec->data;
-	const char *path = NULL;
+	size_t num_paths = 0;
+	char **path = NULL;
 	const char *prefix = NULL;
-	int status = -1, baseonly = 0;
+	int status = -1;
+	size_t i;
+	bool baseonly = false;
+	bool path_provided;
 
 	/* Process arguments */
-	while (n--)
-		switch(opts[n].type) {
+	i = n;
+	while (i--)
+		switch(opts[i].type) {
 		case SELABEL_OPT_PATH:
-			path = opts[n].value;
+			num_paths++;
 			break;
 		case SELABEL_OPT_SUBSET:
-			prefix = opts[n].value;
+			prefix = opts[i].value;
 			break;
 		case SELABEL_OPT_BASEONLY:
-			baseonly = !!opts[n].value;
+			baseonly = !!opts[i].value;
 			break;
 		}
 
+	if (!num_paths) {
+		num_paths = 1;
+		path_provided = false;
+	} else {
+		path_provided = true;
+	}
+
+	path = calloc(num_paths, sizeof(*path));
+	if (path == NULL) {
+		goto finish;
+	}
+	rec->spec_files = path;
+	rec->spec_files_len = num_paths;
+
+	if (path_provided) {
+		for (i = 0; i < n; i++) {
+			switch(opts[i].type) {
+			case SELABEL_OPT_PATH:
+				*path = strdup(opts[i].value);
+				if (*path == NULL)
+					goto finish;
+				path++;
+				break;
+			default:
+				break;
+			}
+		}
+	}
 #if !defined(BUILD_HOST) && !defined(ANDROID)
 	char subs_file[PATH_MAX + 1];
 	/* Process local and distribution substitution files */
-	if (!path) {
+	if (!path_provided) {
 		status = selabel_subs_init(
 			selinux_file_context_subs_dist_path(),
 			rec->digest, &data->dist_subs);
@@ -740,43 +773,52 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			rec->digest, &data->subs);
 		if (status)
 			goto finish;
-		path = selinux_file_context_path();
+		rec->spec_files[0] = strdup(selinux_file_context_path());
+		if (rec->spec_files[0] == NULL)
+			goto finish;
 	} else {
-		snprintf(subs_file, sizeof(subs_file), "%s.subs_dist", path);
-		status = selabel_subs_init(subs_file, rec->digest,
+		for (i = 0; i < num_paths; i++) {
+			snprintf(subs_file, sizeof(subs_file), "%s.subs_dist", rec->spec_files[i]);
+			status = selabel_subs_init(subs_file, rec->digest,
 					   &data->dist_subs);
-		if (status)
-			goto finish;
-		snprintf(subs_file, sizeof(subs_file), "%s.subs", path);
-		status = selabel_subs_init(subs_file, rec->digest,
+			if (status)
+				goto finish;
+			snprintf(subs_file, sizeof(subs_file), "%s.subs", rec->spec_files[i]);
+			status = selabel_subs_init(subs_file, rec->digest,
 					   &data->subs);
-		if (status)
-			goto finish;
+			if (status)
+				goto finish;
+		}
+	}
+#else
+	if (!path_provided) {
+		selinux_log(SELINUX_ERROR, "No path given to file labeling backend\n");
+		goto finish;
 	}
-
 #endif
-	rec->spec_file = strdup(path);
 
 	/*
-	 * The do detailed validation of the input and fill the spec array
+	 * Do detailed validation of the input and fill the spec array
 	 */
-	status = process_file(path, NULL, rec, prefix, rec->digest);
-	if (status)
-		goto finish;
-
-	if (rec->validating) {
-		status = nodups_specs(data, path);
+	for (i = 0; i < num_paths; i++) {
+		status = process_file(rec->spec_files[i], NULL, rec, prefix, rec->digest);
 		if (status)
 			goto finish;
+
+		if (rec->validating) {
+			status = nodups_specs(data, rec->spec_files[i]);
+			if (status)
+				goto finish;
+		}
 	}
 
 	if (!baseonly) {
-		status = process_file(path, "homedirs", rec, prefix,
+		status = process_file(rec->spec_files[0], "homedirs", rec, prefix,
 							    rec->digest);
 		if (status && errno != ENOENT)
 			goto finish;
 
-		status = process_file(path, "local", rec, prefix,
+		status = process_file(rec->spec_files[0], "local", rec, prefix,
 							    rec->digest);
 		if (status && errno != ENOENT)
 			goto finish;
@@ -804,6 +846,12 @@ static void closef(struct selabel_handle *rec)
 	struct stem *stem;
 	unsigned int i;
 
+	if (!data)
+		return;
+
+	/* make sure successive ->func_close() calls are harmless */
+	rec->data = NULL;
+
 	selabel_subs_fini(data->subs);
 	selabel_subs_fini(data->dist_subs);
 
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index c55efb75..43b63513 100644
--- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h
@@ -98,10 +98,11 @@ struct selabel_handle {
 	void *data;
 
 	/*
-	 * The main spec file used. Note for file contexts the local and/or
+	 * The main spec file(s) used. Note for file contexts the local and/or
 	 * homedirs could also have been used to resolve a context.
 	 */
-	char *spec_file;
+	size_t spec_files_len;
+	char **spec_files;
 
 	/* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */
 	struct selabel_digest *digest;