| Message ID | 20230512102322.72235-2-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Rejected |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [RFC,1/9] libselinux: annotate interfaces with compiler attributes | expand |
On Fri, May 12, 2023 at 6:25 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Annotate interfaces of the matchpathcon family and > security_compute_user(3) and security_compute_user_raw(3) as deprecated. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > libselinux/include/selinux/selinux.h | 28 +++++++++++++++------------- > 1 file changed, 15 insertions(+), 13 deletions(-) > > diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h > index 7f8deb65..4799dd1c 100644 > --- a/libselinux/include/selinux/selinux.h > +++ b/libselinux/include/selinux/selinux.h > @@ -261,10 +261,12 @@ extern int security_compute_member_raw(const char * scon, > */ > extern int security_compute_user(const char * scon, > const char *username, > - char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; > + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard > + selinux_deprecated("Use get_ordered_context_list(3) family"); > extern int security_compute_user_raw(const char * scon, > const char *username, > - char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; > + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard > + selinux_deprecated("Use get_ordered_context_list(3) family"); > > /* Validate a transition. This determines whether a transition from scon to newcon > using tcon as the target for object class tclass is valid in the loaded policy. > @@ -435,7 +437,7 @@ extern void selinux_flush_class_cache(void); > /* Set the function used by matchpathcon_init when displaying > errors about the file_contexts configuration. If not set, > then this defaults to fprintf(stderr, fmt, ...). */ > -extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); > +extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) selinux_deprecated("matchpathcon family is deprecated"); > > /* Set the function used by matchpathcon_init when checking the > validity of a context in the file contexts configuration. If not set, > @@ -444,7 +446,7 @@ extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); > may include the 'path' and 'lineno' in such error messages. */ > extern void set_matchpathcon_invalidcon(int (*f) (const char *path, > unsigned lineno, > - char *context)); > + char *context)) selinux_deprecated("matchpathcon family is deprecated"); > > /* Same as above, but also allows canonicalization of the context, > by changing *context to refer to the canonical form. If not set, > @@ -452,13 +454,13 @@ extern void set_matchpathcon_invalidcon(int (*f) (const char *path, > security_canonicalize_context(). */ > extern void set_matchpathcon_canoncon(int (*f) (const char *path, > unsigned lineno, > - char **context)); > + char **context)) selinux_deprecated("matchpathcon family is deprecated"); > > /* Set flags controlling operation of matchpathcon_init or matchpathcon. */ > #define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ > #define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ > #define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */ > -extern void set_matchpathcon_flags(unsigned int flags); > +extern void set_matchpathcon_flags(unsigned int flags) selinux_deprecated("matchpathcon family is deprecated"); > It seems that set_matchpathcon_printf(), set_matchpathcon_invalidcon(), and set_matchpathcon_flags() should be deprecated, but I can't find anything that says that they are. Jim > /* Load the file contexts configuration specified by 'path' > into memory for use by subsequent matchpathcon calls. > @@ -472,7 +474,7 @@ extern int matchpathcon_init(const char *path) selinux_nodiscard selinux_depreca > > /* Same as matchpathcon_init, but only load entries with > regexes that have stems that are prefixes of 'prefix'. */ > -extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard; > +extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard selinux_deprecated("Use selabel_open(3) with backend SELABEL_CTX_FILE"); > > /* Free the memory allocated by matchpathcon_init. */ > extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); > @@ -480,7 +482,7 @@ extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); > /* Resolve all of the symlinks and relative portions of a pathname, but NOT > * the final component (same a realpath() unless the final component is a > * symlink. Resolved path must be a path of size PATH_MAX + 1 */ > -extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard; > +extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard selinux_deprecated("Not meant for external use"); > > /* Match the specified pathname and mode against the file contexts > configuration and set *con to refer to the resulting context. > @@ -494,25 +496,25 @@ extern int matchpathcon(const char *path, > /* Same as above, but return a specification index for > later use in a matchpathcon_filespec_add() call - see below. */ > extern int matchpathcon_index(const char *path, > - mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard; > + mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard selinux_deprecated("Use selabel_lookup(3)"); > > /* Maintain an association between an inode and a specification index, > and check whether a conflicting specification is already associated > with the same inode (e.g. due to multiple hard links). If so, then > use the latter of the two specifications based on their order in the > file contexts configuration. Return the used specification index. */ > -extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard; > +extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard selinux_deprecated("matchpathcon family is deprecated"); > > /* Destroy any inode associations that have been added, e.g. to restart > for a new filesystem. */ > -extern void matchpathcon_filespec_destroy(void); > +extern void matchpathcon_filespec_destroy(void) selinux_deprecated("matchpathcon family is deprecated"); > > /* Display statistics on the hash table usage for the associations. */ > -extern void matchpathcon_filespec_eval(void); > +extern void matchpathcon_filespec_eval(void) selinux_deprecated("matchpathcon family is deprecated"); > > /* Check to see whether any specifications had no matches and report them. > The 'str' is used as a prefix for any warning messages. */ > -extern void matchpathcon_checkmatches(char *str); > +extern void matchpathcon_checkmatches(char *str) selinux_deprecated("matchpathcon family is deprecated"); > > /* Match the specified media and against the media contexts > configuration and set *con to refer to the resulting context. > -- > 2.40.1 >
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 7f8deb65..4799dd1c 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -261,10 +261,12 @@ extern int security_compute_member_raw(const char * scon, */ extern int security_compute_user(const char * scon, const char *username, - char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard + selinux_deprecated("Use get_ordered_context_list(3) family"); extern int security_compute_user_raw(const char * scon, const char *username, - char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard + selinux_deprecated("Use get_ordered_context_list(3) family"); /* Validate a transition. This determines whether a transition from scon to newcon using tcon as the target for object class tclass is valid in the loaded policy. @@ -435,7 +437,7 @@ extern void selinux_flush_class_cache(void); /* Set the function used by matchpathcon_init when displaying errors about the file_contexts configuration. If not set, then this defaults to fprintf(stderr, fmt, ...). */ -extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); +extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) selinux_deprecated("matchpathcon family is deprecated"); /* Set the function used by matchpathcon_init when checking the validity of a context in the file contexts configuration. If not set, @@ -444,7 +446,7 @@ extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); may include the 'path' and 'lineno' in such error messages. */ extern void set_matchpathcon_invalidcon(int (*f) (const char *path, unsigned lineno, - char *context)); + char *context)) selinux_deprecated("matchpathcon family is deprecated"); /* Same as above, but also allows canonicalization of the context, by changing *context to refer to the canonical form. If not set, @@ -452,13 +454,13 @@ extern void set_matchpathcon_invalidcon(int (*f) (const char *path, security_canonicalize_context(). */ extern void set_matchpathcon_canoncon(int (*f) (const char *path, unsigned lineno, - char **context)); + char **context)) selinux_deprecated("matchpathcon family is deprecated"); /* Set flags controlling operation of matchpathcon_init or matchpathcon. */ #define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ #define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ #define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */ -extern void set_matchpathcon_flags(unsigned int flags); +extern void set_matchpathcon_flags(unsigned int flags) selinux_deprecated("matchpathcon family is deprecated"); /* Load the file contexts configuration specified by 'path' into memory for use by subsequent matchpathcon calls. @@ -472,7 +474,7 @@ extern int matchpathcon_init(const char *path) selinux_nodiscard selinux_depreca /* Same as matchpathcon_init, but only load entries with regexes that have stems that are prefixes of 'prefix'. */ -extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard; +extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard selinux_deprecated("Use selabel_open(3) with backend SELABEL_CTX_FILE"); /* Free the memory allocated by matchpathcon_init. */ extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); @@ -480,7 +482,7 @@ extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); /* Resolve all of the symlinks and relative portions of a pathname, but NOT * the final component (same a realpath() unless the final component is a * symlink. Resolved path must be a path of size PATH_MAX + 1 */ -extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard; +extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard selinux_deprecated("Not meant for external use"); /* Match the specified pathname and mode against the file contexts configuration and set *con to refer to the resulting context. @@ -494,25 +496,25 @@ extern int matchpathcon(const char *path, /* Same as above, but return a specification index for later use in a matchpathcon_filespec_add() call - see below. */ extern int matchpathcon_index(const char *path, - mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard; + mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard selinux_deprecated("Use selabel_lookup(3)"); /* Maintain an association between an inode and a specification index, and check whether a conflicting specification is already associated with the same inode (e.g. due to multiple hard links). If so, then use the latter of the two specifications based on their order in the file contexts configuration. Return the used specification index. */ -extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard; +extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard selinux_deprecated("matchpathcon family is deprecated"); /* Destroy any inode associations that have been added, e.g. to restart for a new filesystem. */ -extern void matchpathcon_filespec_destroy(void); +extern void matchpathcon_filespec_destroy(void) selinux_deprecated("matchpathcon family is deprecated"); /* Display statistics on the hash table usage for the associations. */ -extern void matchpathcon_filespec_eval(void); +extern void matchpathcon_filespec_eval(void) selinux_deprecated("matchpathcon family is deprecated"); /* Check to see whether any specifications had no matches and report them. The 'str' is used as a prefix for any warning messages. */ -extern void matchpathcon_checkmatches(char *str); +extern void matchpathcon_checkmatches(char *str) selinux_deprecated("matchpathcon family is deprecated"); /* Match the specified media and against the media contexts configuration and set *con to refer to the resulting context.
Annotate interfaces of the matchpathcon family and security_compute_user(3) and security_compute_user_raw(3) as deprecated. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/include/selinux/selinux.h | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-)