@@ -50,7 +50,7 @@ struct selabel_handle;
#define SELABEL_OPT_BASEONLY 2
/* specify an alternate path to use when loading backend data */
#define SELABEL_OPT_PATH 3
-/* select a subset of the search space as an optimization (file backend) */
+/* Unsupported since v3.6: select a subset of the search space as an optimization (file backend) */
#define SELABEL_OPT_SUBSET 4
/* require a hash calculation on spec files */
#define SELABEL_OPT_DIGEST 5
@@ -484,7 +484,11 @@ extern int matchpathcon_init(const char *path)
/* Same as matchpathcon_init, but only load entries with
regexes that have stems that are prefixes of 'prefix'. */
-extern int matchpathcon_init_prefix(const char *path, const char *prefix);
+extern int matchpathcon_init_prefix(const char *path, const char *prefix)
+#ifdef __GNUC__
+ __attribute__ ((deprecated("Use selabel_open with backend SELABEL_CTX_FILE")))
+#endif
+;
/* Free the memory allocated by matchpathcon_init. */
extern void matchpathcon_fini(void)
@@ -144,6 +144,10 @@ ifeq ($(DISABLE_X11),y)
SRCS:= $(filter-out label_x.c, $(SRCS))
endif
+# ignore usage of matchpathcon_init_prefix(3)
+matchpathcon.o: CFLAGS += -Wno-deprecated -Wno-deprecated-declarations
+matchpathcon.lo: CFLAGS += -Wno-deprecated -Wno-deprecated-declarations
+
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
all: $(LIBA) $(LIBSO) $(LIBPC)
@@ -166,7 +166,7 @@ static int nodups_specs(struct saved_data *data, const char *path)
return rc;
}
-static int process_text_file(FILE *fp, const char *prefix,
+static int process_text_file(FILE *fp,
struct selabel_handle *rec, const char *path)
{
int rc;
@@ -175,7 +175,7 @@ static int process_text_file(FILE *fp, const char *prefix,
char *line_buf = NULL;
while (getline(&line_buf, &line_len, fp) > 0) {
- rc = process_line(rec, path, prefix, line_buf, ++lineno);
+ rc = process_line(rec, path, line_buf, ++lineno);
if (rc)
goto out;
}
@@ -603,7 +603,7 @@ static FILE *open_file(const char *path, const char *suffix,
static int process_file(const char *path, const char *suffix,
struct selabel_handle *rec,
- const char *prefix, struct selabel_digest *digest)
+ struct selabel_digest *digest)
{
int rc;
unsigned int i;
@@ -624,7 +624,7 @@ static int process_file(const char *path, const char *suffix,
rc = fcontext_is_binary(fp) ?
load_mmap(fp, sb.st_size, rec, found_path) :
- process_text_file(fp, prefix, rec, found_path);
+ process_text_file(fp, rec, found_path);
if (!rc)
rc = digest_add_specfile(digest, fp, NULL, sb.st_size,
found_path);
@@ -785,7 +785,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
{
struct saved_data *data = (struct saved_data *)rec->data;
const char *path = NULL;
- const char *prefix = NULL;
int status = -1, baseonly = 0;
/* Process arguments */
@@ -795,7 +794,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
case SELABEL_OPT_SUBSET:
- prefix = opts[n].value;
+ selinux_log(SELINUX_WARNING, "selabel_open(3): SELABEL_OPT_SUBSET support has been removed, ignoring option\n");
break;
case SELABEL_OPT_BASEONLY:
baseonly = !!opts[n].value;
@@ -839,7 +838,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
/*
* The do detailed validation of the input and fill the spec array
*/
- status = process_file(path, NULL, rec, prefix, rec->digest);
+ status = process_file(path, NULL, rec, rec->digest);
if (status)
goto finish;
@@ -850,13 +849,11 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
}
if (!baseonly) {
- status = process_file(path, "homedirs", rec, prefix,
- rec->digest);
+ status = process_file(path, "homedirs", rec, rec->digest);
if (status && errno != ENOENT)
goto finish;
- status = process_file(path, "local", rec, prefix,
- rec->digest);
+ status = process_file(path, "local", rec, rec->digest);
if (status && errno != ENOENT)
goto finish;
}
@@ -425,10 +425,10 @@ static inline int compile_regex(struct spec *spec, const char **errbuf)
/* This service is used by label_file.c process_file() and
* utils/sefcontext_compile.c */
static inline int process_line(struct selabel_handle *rec,
- const char *path, const char *prefix,
+ const char *path,
char *line_buf, unsigned lineno)
{
- int items, len, rc;
+ int items, rc;
char *regex = NULL, *type = NULL, *context = NULL;
struct saved_data *data = (struct saved_data *)rec->data;
struct spec *spec_arr;
@@ -466,15 +466,6 @@ static inline int process_line(struct selabel_handle *rec,
type = 0;
}
- len = get_stem_from_spec(regex);
- if (len && prefix && strncmp(prefix, regex, len)) {
- /* Stem of regex does not match requested prefix, discard. */
- free(regex);
- free(type);
- free(context);
- return 0;
- }
-
rc = grow_specs(data);
if (rc)
return rc;
@@ -347,7 +347,7 @@ static void matchpathcon_init_once(void)
destructor_key_initialized = 1;
}
-int matchpathcon_init_prefix(const char *path, const char *subset)
+int matchpathcon_init_prefix(const char *path, const char *prefix __attribute__((unused)))
{
if (!mycanoncon)
mycanoncon = default_canoncon;
@@ -355,8 +355,6 @@ int matchpathcon_init_prefix(const char *path, const char *subset)
__selinux_once(once, matchpathcon_init_once);
__selinux_setspecific(destructor_key, /* some valid address to please GCC */ &selinux_page_size);
- options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
- options[SELABEL_OPT_SUBSET].value = subset;
options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH;
options[SELABEL_OPT_PATH].value = path;
@@ -13,7 +13,7 @@
static __attribute__ ((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr,
- "usage: %s [-V] [-N] [-n] [-m type] [-f file_contexts_file] [-p prefix] [-P policy_root_path] filepath...\n",
+ "usage: %s [-V] [-N] [-n] [-m type] [-f file_contexts_file] [-P policy_root_path] filepath...\n",
progname);
exit(1);
}
@@ -83,7 +83,7 @@ int main(int argc, char **argv)
if (argc < 2)
usage(argv[0]);
- while ((opt = getopt(argc, argv, "m:Nnf:P:p:Vq")) > 0) {
+ while ((opt = getopt(argc, argv, "m:Nnf:P:Vq")) > 0) {
switch (opt) {
case 'n':
header = 0;
@@ -114,13 +114,6 @@ int main(int argc, char **argv)
exit(1);
}
break;
- case 'p':
- // This option has been deprecated since libselinux 2.5 (2016):
- // https://github.com/SELinuxProject/selinux/commit/26e05da0fc2d0a4bd274320968a88f8acbb3b6a6
- fprintf(stderr, "Warning: using %s -p is deprecated\n", argv[0]);
- options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
- options[SELABEL_OPT_SUBSET].value = optarg;
- break;
case 'q':
quiet = 1;
break;
@@ -36,7 +36,6 @@ static int process_file(struct selabel_handle *rec, const char *filename)
char *line_buf = NULL;
size_t line_len = 0;
FILE *context_file;
- const char *prefix = NULL;
context_file = fopen(filename, "r");
if (!context_file) {
@@ -48,7 +47,7 @@ static int process_file(struct selabel_handle *rec, const char *filename)
line_num = 0;
rc = 0;
while (getline(&line_buf, &line_len, context_file) > 0) {
- rc = process_line(rec, filename, prefix, line_buf, ++line_num);
+ rc = process_line(rec, filename, line_buf, ++line_num);
if (rc || ctx_err) {
/* With -p option need to check and fail if ctx err as
* process_line() context validation on Linux does not
The selabel_file(5) option SELABEL_OPT_SUBSET has been deprecated in commit 26e05da0fc2d ("libselinux: matchpathcon/selabel_file: Fix man pages.") for version 2.5. Drop the support to easy refactoring the selabel_file related code. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/include/selinux/label.h | 2 +- libselinux/include/selinux/selinux.h | 6 +++++- libselinux/src/Makefile | 4 ++++ libselinux/src/label_file.c | 19 ++++++++----------- libselinux/src/label_file.h | 13 ++----------- libselinux/src/matchpathcon.c | 4 +--- libselinux/utils/matchpathcon.c | 11 ++--------- libselinux/utils/sefcontext_compile.c | 3 +-- 8 files changed, 24 insertions(+), 38 deletions(-)