| Message ID | 20220405132630.47946-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 1020a5a24835 |
| Headers | show |
| Series | [v2] libselinux/utils: check for valid contexts to improve error causes | expand |
On Wed, Apr 6, 2022 at 3:26 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Return more detailed error messages when the supplied contexts are > invalid. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > > --- > v2: > check new context in validatetrans > --- > libselinux/utils/compute_av.c | 10 ++++++++++ > libselinux/utils/compute_create.c | 12 +++++++++++- > libselinux/utils/compute_member.c | 12 +++++++++++- > libselinux/utils/compute_relabel.c | 10 ++++++++++ > libselinux/utils/getdefaultcon.c | 5 +++++ > libselinux/utils/selinuxexeccon.c | 6 +++++- > libselinux/utils/validatetrans.c | 15 +++++++++++++++ > 7 files changed, 67 insertions(+), 3 deletions(-) > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > index df4a77e8..ef08338f 100644 > --- a/libselinux/utils/compute_av.c > +++ b/libselinux/utils/compute_av.c > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > index 449ccd90..63029c19 100644 > --- a/libselinux/utils/compute_create.c > +++ b/libselinux/utils/compute_create.c > @@ -17,9 +17,19 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > - fprintf(stderr, "Invalid class '%s'\n", argv[3]); > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > exit(2); > } > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > index c6dad19e..1ef47c25 100644 > --- a/libselinux/utils/compute_member.c > +++ b/libselinux/utils/compute_member.c > @@ -17,9 +17,19 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > - fprintf(stderr, "Invalid class '%s'\n", argv[3]); > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > exit(2); > } > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > index 85c760bc..f6a957da 100644 > --- a/libselinux/utils/compute_relabel.c > +++ b/libselinux/utils/compute_relabel.c > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > index 957c1cb2..590e98d9 100644 > --- a/libselinux/utils/getdefaultcon.c > +++ b/libselinux/utils/getdefaultcon.c > @@ -68,6 +68,11 @@ int main(int argc, char **argv) > } else > cur_context = argv[optind + 1]; > > + if (security_check_context(cur_context)) { > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context); > + return 3; > + } > + > if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) { > if (! level) level=dlevel; > if (role != NULL && role[0]) > diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c > index b50e7886..66754b6a 100644 > --- a/libselinux/utils/selinuxexeccon.c > +++ b/libselinux/utils/selinuxexeccon.c > @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d > exit(rc); > } > > -static char * get_selinux_proc_context(const char *command, char * execcon) { > +static char * get_selinux_proc_context(const char *command, const char * execcon) { > char * fcon = NULL, *newcon = NULL; > > int ret = getfilecon(command, &fcon); > @@ -43,6 +43,10 @@ int main(int argc, char **argv) > } > } else { > con = strdup(argv[2]); > + if (security_check_context(con)) { > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con); > + return -1; > + } > } > > proccon = get_selinux_proc_context(argv[1], con); > diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c > index 1db33e66..9d642a93 100644 > --- a/libselinux/utils/validatetrans.c > +++ b/libselinux/utils/validatetrans.c > @@ -17,12 +17,27 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > exit(2); > } > > + if (security_check_context(argv[4])) { > + fprintf(stderr, "%s: invalid new context '%s'\n", argv[0], argv[4]); > + exit(6); > + } > + > ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]); > printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno)); > > -- > 2.35.1 >
On Wed, Apr 6, 2022 at 12:14 PM James Carter <jwcart2@gmail.com> wrote: > > On Wed, Apr 6, 2022 at 3:26 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Return more detailed error messages when the supplied contexts are > > invalid. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > > > --- > > v2: > > check new context in validatetrans > > --- > > libselinux/utils/compute_av.c | 10 ++++++++++ > > libselinux/utils/compute_create.c | 12 +++++++++++- > > libselinux/utils/compute_member.c | 12 +++++++++++- > > libselinux/utils/compute_relabel.c | 10 ++++++++++ > > libselinux/utils/getdefaultcon.c | 5 +++++ > > libselinux/utils/selinuxexeccon.c | 6 +++++- > > libselinux/utils/validatetrans.c | 15 +++++++++++++++ > > 7 files changed, 67 insertions(+), 3 deletions(-) > > > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > > index df4a77e8..ef08338f 100644 > > --- a/libselinux/utils/compute_av.c > > +++ b/libselinux/utils/compute_av.c > > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > > exit(1); > > } > > > > + if (security_check_context(argv[1])) { > > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > > + exit(4); > > + } > > + > > + if (security_check_context(argv[2])) { > > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > > + exit(5); > > + } > > + > > tclass = string_to_security_class(argv[3]); > > if (!tclass) { > > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > > index 449ccd90..63029c19 100644 > > --- a/libselinux/utils/compute_create.c > > +++ b/libselinux/utils/compute_create.c > > @@ -17,9 +17,19 @@ int main(int argc, char **argv) > > exit(1); > > } > > > > + if (security_check_context(argv[1])) { > > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > > + exit(4); > > + } > > + > > + if (security_check_context(argv[2])) { > > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > > + exit(5); > > + } > > + > > tclass = string_to_security_class(argv[3]); > > if (!tclass) { > > - fprintf(stderr, "Invalid class '%s'\n", argv[3]); > > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > > exit(2); > > } > > > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > > index c6dad19e..1ef47c25 100644 > > --- a/libselinux/utils/compute_member.c > > +++ b/libselinux/utils/compute_member.c > > @@ -17,9 +17,19 @@ int main(int argc, char **argv) > > exit(1); > > } > > > > + if (security_check_context(argv[1])) { > > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > > + exit(4); > > + } > > + > > + if (security_check_context(argv[2])) { > > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > > + exit(5); > > + } > > + > > tclass = string_to_security_class(argv[3]); > > if (!tclass) { > > - fprintf(stderr, "Invalid class '%s'\n", argv[3]); > > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > > exit(2); > > } > > > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > > index 85c760bc..f6a957da 100644 > > --- a/libselinux/utils/compute_relabel.c > > +++ b/libselinux/utils/compute_relabel.c > > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > > exit(1); > > } > > > > + if (security_check_context(argv[1])) { > > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > > + exit(4); > > + } > > + > > + if (security_check_context(argv[2])) { > > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > > + exit(5); > > + } > > + > > tclass = string_to_security_class(argv[3]); > > if (!tclass) { > > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > > index 957c1cb2..590e98d9 100644 > > --- a/libselinux/utils/getdefaultcon.c > > +++ b/libselinux/utils/getdefaultcon.c > > @@ -68,6 +68,11 @@ int main(int argc, char **argv) > > } else > > cur_context = argv[optind + 1]; > > > > + if (security_check_context(cur_context)) { > > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context); > > + return 3; > > + } > > + > > if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) { > > if (! level) level=dlevel; > > if (role != NULL && role[0]) > > diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c > > index b50e7886..66754b6a 100644 > > --- a/libselinux/utils/selinuxexeccon.c > > +++ b/libselinux/utils/selinuxexeccon.c > > @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d > > exit(rc); > > } > > > > -static char * get_selinux_proc_context(const char *command, char * execcon) { > > +static char * get_selinux_proc_context(const char *command, const char * execcon) { > > char * fcon = NULL, *newcon = NULL; > > > > int ret = getfilecon(command, &fcon); > > @@ -43,6 +43,10 @@ int main(int argc, char **argv) > > } > > } else { > > con = strdup(argv[2]); > > + if (security_check_context(con)) { > > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con); > > + return -1; > > + } > > } > > > > proccon = get_selinux_proc_context(argv[1], con); > > diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c > > index 1db33e66..9d642a93 100644 > > --- a/libselinux/utils/validatetrans.c > > +++ b/libselinux/utils/validatetrans.c > > @@ -17,12 +17,27 @@ int main(int argc, char **argv) > > exit(1); > > } > > > > + if (security_check_context(argv[1])) { > > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > > + exit(4); > > + } > > + > > + if (security_check_context(argv[2])) { > > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > > + exit(5); > > + } > > + > > tclass = string_to_security_class(argv[3]); > > if (!tclass) { > > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > > exit(2); > > } > > > > + if (security_check_context(argv[4])) { > > + fprintf(stderr, "%s: invalid new context '%s'\n", argv[0], argv[4]); > > + exit(6); > > + } > > + > > ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]); > > printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno)); > > > > -- > > 2.35.1 > >
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c index df4a77e8..ef08338f 100644 --- a/libselinux/utils/compute_av.c +++ b/libselinux/utils/compute_av.c @@ -17,6 +17,16 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c index 449ccd90..63029c19 100644 --- a/libselinux/utils/compute_create.c +++ b/libselinux/utils/compute_create.c @@ -17,9 +17,19 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { - fprintf(stderr, "Invalid class '%s'\n", argv[3]); + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); exit(2); } diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c index c6dad19e..1ef47c25 100644 --- a/libselinux/utils/compute_member.c +++ b/libselinux/utils/compute_member.c @@ -17,9 +17,19 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { - fprintf(stderr, "Invalid class '%s'\n", argv[3]); + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); exit(2); } diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c index 85c760bc..f6a957da 100644 --- a/libselinux/utils/compute_relabel.c +++ b/libselinux/utils/compute_relabel.c @@ -17,6 +17,16 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c index 957c1cb2..590e98d9 100644 --- a/libselinux/utils/getdefaultcon.c +++ b/libselinux/utils/getdefaultcon.c @@ -68,6 +68,11 @@ int main(int argc, char **argv) } else cur_context = argv[optind + 1]; + if (security_check_context(cur_context)) { + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context); + return 3; + } + if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) { if (! level) level=dlevel; if (role != NULL && role[0]) diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c index b50e7886..66754b6a 100644 --- a/libselinux/utils/selinuxexeccon.c +++ b/libselinux/utils/selinuxexeccon.c @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d exit(rc); } -static char * get_selinux_proc_context(const char *command, char * execcon) { +static char * get_selinux_proc_context(const char *command, const char * execcon) { char * fcon = NULL, *newcon = NULL; int ret = getfilecon(command, &fcon); @@ -43,6 +43,10 @@ int main(int argc, char **argv) } } else { con = strdup(argv[2]); + if (security_check_context(con)) { + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con); + return -1; + } } proccon = get_selinux_proc_context(argv[1], con); diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c index 1db33e66..9d642a93 100644 --- a/libselinux/utils/validatetrans.c +++ b/libselinux/utils/validatetrans.c @@ -17,12 +17,27 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); exit(2); } + if (security_check_context(argv[4])) { + fprintf(stderr, "%s: invalid new context '%s'\n", argv[0], argv[4]); + exit(6); + } + ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]); printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno));
Return more detailed error messages when the supplied contexts are invalid. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v2: check new context in validatetrans --- libselinux/utils/compute_av.c | 10 ++++++++++ libselinux/utils/compute_create.c | 12 +++++++++++- libselinux/utils/compute_member.c | 12 +++++++++++- libselinux/utils/compute_relabel.c | 10 ++++++++++ libselinux/utils/getdefaultcon.c | 5 +++++ libselinux/utils/selinuxexeccon.c | 6 +++++- libselinux/utils/validatetrans.c | 15 +++++++++++++++ 7 files changed, 67 insertions(+), 3 deletions(-)