From patchwork Fri May 12 10:23:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239047 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE2E6C77B75 for ; Fri, 12 May 2023 10:23:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240695AbjELKXo (ORCPT ); Fri, 12 May 2023 06:23:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240679AbjELKXj (ORCPT ); Fri, 12 May 2023 06:23:39 -0400 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5DAB11D92 for ; Fri, 12 May 2023 03:23:29 -0700 (PDT) Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-965ab8ed1c0so1608450666b.2 for ; Fri, 12 May 2023 03:23:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887008; x=1686479008; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=U56nBhJ2PGnlqrIbVDqlhdOuW9wpouh2AIwKDY0eaa8=; b=QnxuEc8gjle4pwBt4uejY+HGdBk/dS7QVKlDPHqw3LMsBg8uJMvQ/6+EPKVvRi+48g zbgUm7uP0Ed/nXnRWETtL7Jq70oUVp6VreN/Jq7B5USJos0lDHFXlAHrZuxRmyO0wxI4 JHX0dRBDtY3fFjAyDMXHBhPQ0FFsxHVMXQ8yS16RPLKDiWfYTXezTUiRtOQiTVR6Qy6s dYEt+uBrZcYbgOuMEOLlz81E3ePtPXkf/9xid0CnMAg43/ywcu5NwexDD4Hj8fOWbro+ N2RN9++vkCD5tj3dxvENbbZ310YNLs/9ST17UbGRB9F9usihnnx6Fwdk3liOPIoV+xuu EvGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887008; x=1686479008; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=U56nBhJ2PGnlqrIbVDqlhdOuW9wpouh2AIwKDY0eaa8=; b=JJgcF/s1KvkDf7OAyTZ0xhWhZU5/6br0gUhqC2vWuKmyzFEtL4/7NhOGnfEL0QZSRu 2AfN9hC91tcJo1gyQkH3D78BErNd0MIoP5F3Nd3/DA6hkAhiLT31eiWEkcYxJYjrFhVo jssAGbHJisVM8adTVdo7Pvho6+MnsfNF7GpTUHKNuoQAivmHOeL1RtVK0IJgHHQYAqsA U9IksbBWc6vUPEVr3Mbu3ZynsTmjfSnI6cvV3RIifEKKlcdO+pjAQjGXy4PhJ3Bssvib i6twVmThkb1YqDQ4PaBvPjaNDcY5Tbh+WOL1386yfLqfuVyP1NRib3tNVzmYwrd12War Fqfw== X-Gm-Message-State: AC+VfDxKoENkSjcyH0qwirEnaiCvqyrZ23p736A2lwKZPZ7K8ej1p85p obN5IZJlB6DqzX0RI4Nm8WEjjj668D+XVQ== X-Google-Smtp-Source: ACHHUZ65JbsvBGXOXFhVRofYLI3qSbI0JmhdIynmnrxWUworexToKphAklx4ksuFiWuXQ3oyt9fHjg== X-Received: by 2002:a17:907:3d86:b0:967:5c5f:e45c with SMTP id he6-20020a1709073d8600b009675c5fe45cmr16428897ejc.0.1683887007501; Fri, 12 May 2023 03:23:27 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:26 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 1/9] libselinux: annotate interfaces with compiler attributes Date: Fri, 12 May 2023 12:23:14 +0200 Message-Id: <20230512102322.72235-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org libselinux is used widely, in object managers, like systemd or dbus, and essential utilities, like coreutils or package managers. Help compilers and static analyzers to find suspicious usages of interfaces of libselinux by annotating them with function attributes. This includes potentially passing NULL to non-NULL parameters, no error handling by ignoring return values. Function attributes are GNU extensions and supported by GCC[1] and Clang[2]. [1]: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html [2]: https://clang.llvm.org/docs/AttributeReference.html#function-attributes Signed-off-by: Christian Göttsche --- libselinux/include/selinux/_private.h | 76 ++++ libselinux/include/selinux/avc.h | 66 ++-- libselinux/include/selinux/context.h | 22 +- libselinux/include/selinux/get_context_list.h | 16 +- libselinux/include/selinux/get_default_type.h | 6 +- libselinux/include/selinux/label.h | 24 +- libselinux/include/selinux/restorecon.h | 16 +- libselinux/include/selinux/selinux.h | 354 ++++++++---------- libselinux/src/exception.sh | 4 +- libselinux/src/selinuxswig.i | 1 + scripts/run-scan-build | 2 +- 11 files changed, 308 insertions(+), 279 deletions(-) create mode 100644 libselinux/include/selinux/_private.h diff --git a/libselinux/include/selinux/_private.h b/libselinux/include/selinux/_private.h new file mode 100644 index 00000000..ddbe9798 --- /dev/null +++ b/libselinux/include/selinux/_private.h @@ -0,0 +1,76 @@ +#if defined __INCLUDE_LEVEL__ && __INCLUDE_LEVEL__ < 2 && ! defined NO_INCLUDE_ERROR +# error This file should not be included directly! +#endif + + +#ifndef _SELINUX_PRIVATE_H_ +#define _SELINUX_PRIVATE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + + +/* helper macro to check GCC version */ +#if defined __GNUC__ && defined __GNUC_MINOR__ +# define REQUIRE_GNUC(major, minor) (__GNUC__ > (major) || (__GNUC__ == (major) && __GNUC_MINOR__ >= (minor))) +#else +# define REQUIRE_GNUC(major, minor) 0 +#endif + + +/* format */ +#ifndef selinux_format +# ifdef __GNUC__ +# define selinux_format(opts) __attribute__((__format__ opts)) +# else +# define selinux_format(opts) +# endif +#endif + + +/* nonnull */ +#ifndef selinux_nonnull +# if REQUIRE_GNUC(3,3) +# define selinux_nonnull(params) __attribute__((__nonnull__ params)) +# else +# define selinux_nonnull(params) +# endif +#endif + + +/* nodiscard / warn-unused-result */ +#ifndef selinux_nodiscard +# if REQUIRE_GNUC(3,4) +# define selinux_nodiscard __attribute__((__warn_unused_result__)) +# else +# define selinux_nodiscard +# endif +#endif + + +/* deprecated */ +#ifndef selinux_deprecated +# if REQUIRE_GNUC(4,5) +# define selinux_deprecated(msg) __attribute__((__deprecated__ (msg))) +# else +# define selinux_deprecated(msg) +# endif +#endif + + +/* access */ +#ifndef selinux_access +# if REQUIRE_GNUC(10,0) +# define selinux_access(opts) __attribute__((__access__ opts)) +# else +# define selinux_access(opts) +# endif +#endif + + +#ifdef __cplusplus +} +#endif + +#endif /* _SELINUX_PRIVATE_H_ */ diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h index 4bbd2382..92c79988 100644 --- a/libselinux/include/selinux/avc.h +++ b/libselinux/include/selinux/avc.h @@ -37,8 +37,8 @@ typedef struct security_id *security_id_t; * failure, with @errno set to %ENOMEM if insufficient memory was * available to make the copy, or %EINVAL if the input SID is invalid. */ -extern int avc_sid_to_context(security_id_t sid, char ** ctx); -extern int avc_sid_to_context_raw(security_id_t sid, char ** ctx); +extern int avc_sid_to_context(security_id_t sid, char ** ctx) selinux_nonnull((1,2)) selinux_nodiscard; +extern int avc_sid_to_context_raw(security_id_t sid, char ** ctx) selinux_nonnull((1,2)) selinux_nodiscard; /** * avc_context_to_sid - get SID for context. @@ -51,8 +51,8 @@ extern int avc_sid_to_context_raw(security_id_t sid, char ** ctx); * to the SID structure into the memory referenced by @sid, * returning %0 on success or -%1 on error with @errno set. */ -extern int avc_context_to_sid(const char * ctx, security_id_t * sid); -extern int avc_context_to_sid_raw(const char * ctx, security_id_t * sid); +extern int avc_context_to_sid(const char * ctx, security_id_t * sid) selinux_nonnull((1,2)) selinux_nodiscard; +extern int avc_context_to_sid_raw(const char * ctx, security_id_t * sid) selinux_nonnull((1,2)) selinux_nodiscard; /** * sidget - increment SID reference counter. @@ -64,11 +64,7 @@ extern int avc_context_to_sid_raw(const char * ctx, security_id_t * sid); * reference count). Note that avc_context_to_sid() also * increments reference counts. */ -extern int sidget(security_id_t sid) -#ifdef __GNUC__ -__attribute__ ((deprecated)) -#endif -; +extern int sidget(security_id_t sid) selinux_deprecated("SID refcounting has been removed"); /** * sidput - decrement SID reference counter. @@ -80,11 +76,7 @@ __attribute__ ((deprecated)) * zero, the SID is invalid, and avc_context_to_sid() must * be called to obtain a new SID for the security context. */ -extern int sidput(security_id_t sid) -#ifdef __GNUC__ -__attribute__ ((deprecated)) -#endif -; +extern int sidput(security_id_t sid) selinux_deprecated("SID refcounting has been removed"); /** * avc_get_initial_sid - get SID for an initial kernel security identifier @@ -95,7 +87,7 @@ __attribute__ ((deprecated)) * @name using security_get_initial_context() and then call * avc_context_to_sid() to get the corresponding SID. */ -extern int avc_get_initial_sid(const char *name, security_id_t * sid); +extern int avc_get_initial_sid(const char *name, security_id_t * sid) selinux_nonnull((1,2)) selinux_nodiscard; /* * AVC entry @@ -139,9 +131,7 @@ struct avc_memory_callback { struct avc_log_callback { /* log the printf-style format and arguments. */ void -#ifdef __GNUC__ -__attribute__ ((format(printf, 1, 2))) -#endif + selinux_format((printf, 1, 2)) (*func_log) (const char *fmt, ...); /* store a string representation of auditdata (corresponding to the given security class) into msgbuf. */ @@ -200,11 +190,7 @@ extern int avc_init(const char *msgprefix, const struct avc_memory_callback *mem_callbacks, const struct avc_log_callback *log_callbacks, const struct avc_thread_callback *thread_callbacks, - const struct avc_lock_callback *lock_callbacks) -#ifdef __GNUC__ - __attribute__ ((deprecated("Use avc_open and selinux_set_callback"))) -#endif -; + const struct avc_lock_callback *lock_callbacks) selinux_nodiscard selinux_deprecated("Use avc_open(3) and selinux_set_callback(3)"); /** * avc_open - Initialize the AVC. @@ -215,7 +201,7 @@ extern int avc_init(const char *msgprefix, * is set to "avc" and any callbacks desired should be specified via * selinux_set_callback(). Available options are listed above. */ -extern int avc_open(struct selinux_opt *opts, unsigned nopts); +extern int avc_open(struct selinux_opt *opts, unsigned nopts) selinux_access((read_only, 1, 2)) selinux_nodiscard; /** * avc_cleanup - Remove unused SIDs and AVC entries. @@ -235,7 +221,7 @@ extern void avc_cleanup(void); * The SID mapping is not affected. Return %0 on success, * -%1 with @errno set on error. */ -extern int avc_reset(void); +extern int avc_reset(void) selinux_nodiscard; /** * avc_destroy - Free all AVC structures. @@ -273,7 +259,7 @@ extern int avc_has_perm_noaudit(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, - struct avc_entry_ref *aeref, struct av_decision *avd); + struct avc_entry_ref *aeref, struct av_decision *avd) selinux_nonnull((1,2)) selinux_nodiscard; /** * avc_has_perm - Check permissions and perform any appropriate auditing. @@ -295,7 +281,7 @@ extern int avc_has_perm_noaudit(security_id_t ssid, */ extern int avc_has_perm(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, - struct avc_entry_ref *aeref, void *auditdata); + struct avc_entry_ref *aeref, void *auditdata) selinux_nonnull((1,2)) selinux_nodiscard; /** * avc_audit - Audit the granting or denial of permissions. @@ -318,7 +304,7 @@ extern int avc_has_perm(security_id_t ssid, security_id_t tsid, */ extern void avc_audit(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, - struct av_decision *avd, int result, void *auditdata); + struct av_decision *avd, int result, void *auditdata) selinux_nonnull((1,2,5)); /** * avc_compute_create - Compute SID for labeling a new object. @@ -336,7 +322,7 @@ extern void avc_audit(security_id_t ssid, security_id_t tsid, */ extern int avc_compute_create(security_id_t ssid, security_id_t tsid, - security_class_t tclass, security_id_t * newsid); + security_class_t tclass, security_id_t * newsid) selinux_nonnull((1,2,4)) selinux_nodiscard; /** * avc_compute_member - Compute SID for polyinstantation. @@ -354,7 +340,7 @@ extern int avc_compute_create(security_id_t ssid, */ extern int avc_compute_member(security_id_t ssid, security_id_t tsid, - security_class_t tclass, security_id_t * newsid); + security_class_t tclass, security_id_t * newsid) selinux_nonnull((1,2,4)) selinux_nodiscard; /* * security event callback facility @@ -392,7 +378,7 @@ extern int avc_add_callback(int (*callback) access_vector_t * out_retained), uint32_t events, security_id_t ssid, security_id_t tsid, security_class_t tclass, - access_vector_t perms); + access_vector_t perms) selinux_nonnull((1,3,4)) selinux_nodiscard; /* * AVC statistics @@ -423,7 +409,7 @@ struct avc_cache_stats { * avc_reset(). See the structure definition for * details. */ -extern void avc_cache_stats(struct avc_cache_stats *stats); +extern void avc_cache_stats(struct avc_cache_stats *stats) selinux_nonnull((1)); /** * avc_av_stats - log av table statistics. @@ -446,7 +432,7 @@ extern void avc_sid_stats(void); /** * avc_netlink_open - Create a netlink socket and connect to the kernel. */ -extern int avc_netlink_open(int blocking); +extern int avc_netlink_open(int blocking) selinux_nodiscard; /** * avc_netlink_loop - Wait for netlink messages from the kernel @@ -464,7 +450,7 @@ extern void avc_netlink_close(void); * Allows the application to manage messages from the netlink socket in * its own main loop. */ -extern int avc_netlink_acquire_fd(void); +extern int avc_netlink_acquire_fd(void) selinux_nodiscard; /** * avc_netlink_release_fd - Release netlink socket fd. @@ -479,13 +465,13 @@ extern void avc_netlink_release_fd(void); * Called by the application when using avc_netlink_acquire_fd() to * process kernel netlink events. */ -extern int avc_netlink_check_nb(void); +extern int avc_netlink_check_nb(void) selinux_nodiscard; /** * selinux_status_open - Open and map SELinux kernel status page * */ -extern int selinux_status_open(int fallback); +extern int selinux_status_open(int fallback) selinux_nodiscard; /** * selinux_status_close - Unmap and close SELinux kernel status page @@ -497,25 +483,25 @@ extern void selinux_status_close(void); * selinux_status_updated - Inform us whether the kernel status has been updated * */ -extern int selinux_status_updated(void); +extern int selinux_status_updated(void) selinux_nodiscard; /** * selinux_status_getenforce - Get the enforce flag value * */ -extern int selinux_status_getenforce(void); +extern int selinux_status_getenforce(void) selinux_nodiscard; /** * selinux_status_policyload - Get the number of policy reloaded * */ -extern int selinux_status_policyload(void); +extern int selinux_status_policyload(void) selinux_nodiscard; /** * selinux_status_deny_unknown - Get the behavior for undefined classes/permissions * */ -extern int selinux_status_deny_unknown(void); +extern int selinux_status_deny_unknown(void) selinux_nodiscard; #ifdef __cplusplus } diff --git a/libselinux/include/selinux/context.h b/libselinux/include/selinux/context.h index 59d9bb69..e3c99191 100644 --- a/libselinux/include/selinux/context.h +++ b/libselinux/include/selinux/context.h @@ -1,6 +1,8 @@ #ifndef _SELINUX_CONTEXT_H_ #define _SELINUX_CONTEXT_H_ +#include + #ifdef __cplusplus extern "C" { #endif @@ -17,7 +19,7 @@ extern "C" { /* Return a new context initialized to a context string */ - extern context_t context_new(const char *str); + extern context_t context_new(const char *str) selinux_nonnull((1)) selinux_nodiscard; /* * Return a pointer to the string value of the context_t @@ -25,24 +27,24 @@ extern "C" { * for the same context_t* */ - extern const char *context_str(context_t con); + extern const char *context_str(context_t con) selinux_nonnull((1)) selinux_nodiscard; /* Free the storage used by a context */ extern void context_free(context_t con); /* Get a pointer to the string value of a context component */ - extern const char *context_type_get(context_t con); - extern const char *context_range_get(context_t con); - extern const char *context_role_get(context_t con); - extern const char *context_user_get(context_t con); + extern const char *context_type_get(context_t con) selinux_nonnull((1)) selinux_nodiscard; + extern const char *context_range_get(context_t con) selinux_nonnull((1)) selinux_nodiscard; + extern const char *context_role_get(context_t con) selinux_nonnull((1)) selinux_nodiscard; + extern const char *context_user_get(context_t con) selinux_nonnull((1)) selinux_nodiscard; /* Set a context component. Returns nonzero if unsuccessful */ - extern int context_type_set(context_t con, const char *type); - extern int context_range_set(context_t con, const char *range); - extern int context_role_set(context_t con, const char *role); - extern int context_user_set(context_t con, const char *user); + extern int context_type_set(context_t con, const char *type) selinux_nonnull((1)) selinux_nodiscard; + extern int context_range_set(context_t con, const char *range) selinux_nonnull((1)) selinux_nodiscard; + extern int context_role_set(context_t con, const char *role) selinux_nonnull((1)) selinux_nodiscard; + extern int context_user_set(context_t con, const char *user) selinux_nonnull((1)) selinux_nodiscard; #ifdef __cplusplus } diff --git a/libselinux/include/selinux/get_context_list.h b/libselinux/include/selinux/get_context_list.h index 6b2f14f3..6146e4fe 100644 --- a/libselinux/include/selinux/get_context_list.h +++ b/libselinux/include/selinux/get_context_list.h @@ -18,14 +18,14 @@ extern "C" { Caller must free via freeconary. */ extern int get_ordered_context_list(const char *user, const char *fromcon, - char *** list); + char *** list) selinux_nonnull((1,3)) selinux_nodiscard; /* As above, but use the provided MLS level rather than the default level for the user. */ extern int get_ordered_context_list_with_level(const char *user, const char *level, const char *fromcon, - char *** list); + char *** list) selinux_nonnull((1,4)) selinux_nodiscard; /* Get the default security context for a user session for 'user' spawned by 'fromcon' and set *newcon to refer to it. The context @@ -36,14 +36,14 @@ extern "C" { Caller must free via freecon. */ extern int get_default_context(const char *user, const char *fromcon, - char ** newcon); + char ** newcon) selinux_nonnull((1,3)) selinux_nodiscard; /* As above, but use the provided MLS level rather than the default level for the user. */ extern int get_default_context_with_level(const char *user, const char *level, const char *fromcon, - char ** newcon); + char ** newcon) selinux_nonnull((1,4)) selinux_nodiscard; /* Same as get_default_context, but only return a context that has the specified role. If no reachable context exists @@ -51,7 +51,7 @@ extern "C" { extern int get_default_context_with_role(const char *user, const char *role, const char *fromcon, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; /* Same as get_default_context, but only return a context that has the specified role and level. If no reachable context exists @@ -60,21 +60,21 @@ extern "C" { const char *role, const char *level, const char *fromcon, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,5)) selinux_nodiscard; /* Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it. Caller must free via freecon. Returns 0 on success or -1 otherwise. */ extern int query_user_context(char ** list, - char ** newcon); + char ** newcon) selinux_nonnull((1,2)) selinux_nodiscard; /* Allow the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon. Returns 0 on success or -1 otherwise. */ extern int manual_user_enter_context(const char *user, - char ** newcon); + char ** newcon) selinux_nonnull((2)) selinux_nodiscard; #ifdef __cplusplus } diff --git a/libselinux/include/selinux/get_default_type.h b/libselinux/include/selinux/get_default_type.h index 93f5b276..dccb715b 100644 --- a/libselinux/include/selinux/get_default_type.h +++ b/libselinux/include/selinux/get_default_type.h @@ -5,17 +5,19 @@ #ifndef _SELINUX_GET_DEFAULT_TYPE_H_ #define _SELINUX_GET_DEFAULT_TYPE_H_ +#include + #ifdef __cplusplus extern "C" { #endif /* Return path to default type file. */ - extern const char *selinux_default_type_path(void); + extern const char *selinux_default_type_path(void) selinux_nodiscard; /* Get the default type (domain) for 'role' and set 'type' to refer to it. Caller must free via free(). Return 0 on success or -1 otherwise. */ - extern int get_default_type(const char *role, char **type); + extern int get_default_type(const char *role, char **type) selinux_nonnull((1,2)) selinux_nodiscard; #ifdef __cplusplus } diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h index e8983606..f12a5803 100644 --- a/libselinux/include/selinux/label.h +++ b/libselinux/include/selinux/label.h @@ -75,7 +75,7 @@ struct selabel_handle; */ extern struct selabel_handle *selabel_open(unsigned int backend, const struct selinux_opt *opts, - unsigned nopts); + unsigned nopts) selinux_access((read_only, 2, 3)) selinux_nodiscard; /** * selabel_close - Close a labeling handle. @@ -84,7 +84,7 @@ extern struct selabel_handle *selabel_open(unsigned int backend, * Destroy the specified handle, closing files, freeing allocated memory, * etc. The handle may not be further used after it has been closed. */ -extern void selabel_close(struct selabel_handle *handle); +extern void selabel_close(struct selabel_handle *handle) selinux_nonnull((1)); /** * selabel_lookup - Perform labeling lookup operation. @@ -100,24 +100,24 @@ extern void selabel_close(struct selabel_handle *handle); * by the user with freecon(). */ extern int selabel_lookup(struct selabel_handle *handle, char **con, - const char *key, int type); + const char *key, int type) selinux_nonnull((1,2)) selinux_nodiscard; extern int selabel_lookup_raw(struct selabel_handle *handle, char **con, - const char *key, int type); + const char *key, int type) selinux_nonnull((1,2)) selinux_nodiscard; -extern bool selabel_partial_match(struct selabel_handle *handle, const char *key); +extern bool selabel_partial_match(struct selabel_handle *handle, const char *key) selinux_nonnull((1,2)) selinux_nodiscard; extern bool selabel_get_digests_all_partial_matches(struct selabel_handle *rec, const char *key, uint8_t **calculated_digest, uint8_t **xattr_digest, - size_t *digest_len); + size_t *digest_len) selinux_nonnull((1,2,3,4,5)) selinux_nodiscard; extern bool selabel_hash_all_partial_matches(struct selabel_handle *rec, - const char *key, uint8_t* digest); + const char *key, uint8_t* digest) selinux_nonnull((1,2,3)) selinux_nodiscard; extern int selabel_lookup_best_match(struct selabel_handle *rec, char **con, - const char *key, const char **aliases, int type); + const char *key, const char **aliases, int type) selinux_nonnull((1,2,3)) selinux_nodiscard; extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, - const char *key, const char **aliases, int type); + const char *key, const char **aliases, int type) selinux_nonnull((1,2,3)) selinux_nodiscard; /** * selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to @@ -134,7 +134,7 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, */ extern int selabel_digest(struct selabel_handle *rec, unsigned char **digest, size_t *digest_len, - char ***specfiles, size_t *num_specfiles); + char ***specfiles, size_t *num_specfiles) selinux_nonnull((1,2,3,4,5)) selinux_nodiscard; enum selabel_cmp_result { SELABEL_SUBSET, @@ -154,7 +154,7 @@ enum selabel_cmp_result { * of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable. */ extern enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1, - struct selabel_handle *h2); + struct selabel_handle *h2) selinux_nonnull((1,2)) selinux_nodiscard; /** * selabel_stats - log labeling operation statistics. @@ -164,7 +164,7 @@ extern enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1, * number of unused matching entries, or other operational statistics. * Message is backend-specific, some backends may not output a message. */ -extern void selabel_stats(struct selabel_handle *handle); +extern void selabel_stats(struct selabel_handle *handle) selinux_nonnull((1)); /* * Type codes used by specific backends diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h index b10fe684..aa53c706 100644 --- a/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h @@ -5,6 +5,8 @@ #include #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -23,7 +25,7 @@ extern "C" { * selinux_restorecon_set_sehandle(3). */ extern int selinux_restorecon(const char *pathname, - unsigned int restorecon_flags); + unsigned int restorecon_flags) selinux_nonnull((1)) selinux_nodiscard; /** * selinux_restorecon_parallel - Relabel files, optionally use more threads. * @pathname: specifies file/directory to relabel. @@ -36,7 +38,7 @@ extern int selinux_restorecon(const char *pathname, */ extern int selinux_restorecon_parallel(const char *pathname, unsigned int restorecon_flags, - size_t nthreads); + size_t nthreads) selinux_nonnull((1)) selinux_nodiscard; /* * restorecon_flags options */ @@ -144,7 +146,7 @@ extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl); * Return value is the created handle on success or NULL with @errno set on * failure. */ -extern struct selabel_handle *selinux_restorecon_default_handle(void); +extern struct selabel_handle *selinux_restorecon_default_handle(void) selinux_nodiscard; /** * selinux_restorecon_set_exclude_list - Add a list of directories that are @@ -152,7 +154,7 @@ extern struct selabel_handle *selinux_restorecon_default_handle(void); * @exclude_list: containing a NULL terminated list of one or more * directories not to be relabeled. */ -extern void selinux_restorecon_set_exclude_list(const char **exclude_list); +extern void selinux_restorecon_set_exclude_list(const char **exclude_list) selinux_nonnull((1)); /** * selinux_restorecon_set_alt_rootpath - Use alternate rootpath. @@ -160,7 +162,7 @@ extern void selinux_restorecon_set_exclude_list(const char **exclude_list); * * Return %0 on success, -%1 with @errno set on failure. */ -extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath); +extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath) selinux_nonnull((1)) selinux_nodiscard; /** * selinux_restorecon_xattr - Read/remove security.sehash xattr entries. @@ -196,7 +198,7 @@ struct dir_xattr { extern int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags, - struct dir_xattr ***xattr_list); + struct dir_xattr ***xattr_list) selinux_nonnull((1,3)) selinux_nodiscard; /* * xattr_flags options @@ -218,7 +220,7 @@ extern int selinux_restorecon_xattr(const char *pathname, * (i.e., with a zero return value), then this function returns the number of * errors ignored during the file tree walk. */ -extern long unsigned selinux_restorecon_get_skipped_errors(void); +extern long unsigned selinux_restorecon_get_skipped_errors(void) selinux_nodiscard; #ifdef __cplusplus } diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index a0948853..7f8deb65 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -4,21 +4,19 @@ #include #include +#include + #ifdef __cplusplus extern "C" { #endif /* Return 1 if we are running on a SELinux kernel, or 0 otherwise. */ -extern int is_selinux_enabled(void); +extern int is_selinux_enabled(void) selinux_nodiscard; /* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */ -extern int is_selinux_mls_enabled(void); +extern int is_selinux_mls_enabled(void) selinux_nodiscard; /* No longer used; here for compatibility with legacy callers. */ -typedef char *security_context_t -#ifdef __GNUC__ -__attribute__ ((deprecated)) -#endif -; +typedef char *security_context_t selinux_deprecated("Use literal char*"); /* Free the memory allocated for a context by any of the below get* calls. */ extern void freecon(char * con); @@ -30,8 +28,8 @@ extern void freeconary(char ** con); /* Get current context, and set *con to refer to it. Caller must free via freecon. */ -extern int getcon(char ** con); -extern int getcon_raw(char ** con); +extern int getcon(char ** con) selinux_nonnull((1)) selinux_nodiscard; +extern int getcon_raw(char ** con) selinux_nonnull((1)) selinux_nodiscard; /* Set the current security context to con. Note that use of this function requires that the entire application @@ -41,18 +39,18 @@ extern int getcon_raw(char ** con); instead. Note that the application may lose access to its open descriptors as a result of a setcon() unless policy allows it to use descriptors opened by the old context. */ -extern int setcon(const char * con); -extern int setcon_raw(const char * con); +extern int setcon(const char * con) selinux_nodiscard; +extern int setcon_raw(const char * con) selinux_nodiscard; /* Get context of process identified by pid, and set *con to refer to it. Caller must free via freecon. */ -extern int getpidcon(pid_t pid, char ** con); -extern int getpidcon_raw(pid_t pid, char ** con); +extern int getpidcon(pid_t pid, char ** con) selinux_nonnull((2)) selinux_nodiscard; +extern int getpidcon_raw(pid_t pid, char ** con) selinux_nonnull((2)) selinux_nodiscard; /* Get previous context (prior to last exec), and set *con to refer to it. Caller must free via freecon. */ -extern int getprevcon(char ** con); -extern int getprevcon_raw(char ** con); +extern int getprevcon(char ** con) selinux_nonnull((1)) selinux_nodiscard; +extern int getprevcon_raw(char ** con) selinux_nonnull((1)) selinux_nodiscard; /* Get previous context (prior to last exec) of process identified by pid, and set *con to refer to it. Caller must free via freecon. */ @@ -62,72 +60,72 @@ extern int getpidprevcon_raw(pid_t pid, char ** con); /* Get exec context, and set *con to refer to it. Sets *con to NULL if no exec context has been set, i.e. using default. If non-NULL, caller must free via freecon. */ -extern int getexeccon(char ** con); -extern int getexeccon_raw(char ** con); +extern int getexeccon(char ** con) selinux_nonnull((1)) selinux_nodiscard; +extern int getexeccon_raw(char ** con) selinux_nonnull((1)) selinux_nodiscard; /* Set exec security context for the next execve. Call with NULL if you want to reset to the default. */ -extern int setexeccon(const char * con); -extern int setexeccon_raw(const char * con); +extern int setexeccon(const char * con) selinux_nodiscard; +extern int setexeccon_raw(const char * con) selinux_nodiscard; /* Get fscreate context, and set *con to refer to it. Sets *con to NULL if no fs create context has been set, i.e. using default. If non-NULL, caller must free via freecon. */ -extern int getfscreatecon(char ** con); -extern int getfscreatecon_raw(char ** con); +extern int getfscreatecon(char ** con) selinux_nonnull((1)) selinux_nodiscard; +extern int getfscreatecon_raw(char ** con) selinux_nonnull((1)) selinux_nodiscard; /* Set the fscreate security context for subsequent file creations. Call with NULL if you want to reset to the default. */ -extern int setfscreatecon(const char * context); -extern int setfscreatecon_raw(const char * context); +extern int setfscreatecon(const char * context) selinux_nodiscard; +extern int setfscreatecon_raw(const char * context) selinux_nodiscard; /* Get keycreate context, and set *con to refer to it. Sets *con to NULL if no key create context has been set, i.e. using default. If non-NULL, caller must free via freecon. */ -extern int getkeycreatecon(char ** con); -extern int getkeycreatecon_raw(char ** con); +extern int getkeycreatecon(char ** con) selinux_nonnull((1)) selinux_nodiscard; +extern int getkeycreatecon_raw(char ** con) selinux_nonnull((1)) selinux_nodiscard; /* Set the keycreate security context for subsequent key creations. Call with NULL if you want to reset to the default. */ -extern int setkeycreatecon(const char * context); -extern int setkeycreatecon_raw(const char * context); +extern int setkeycreatecon(const char * context) selinux_nodiscard; +extern int setkeycreatecon_raw(const char * context) selinux_nodiscard; /* Get sockcreate context, and set *con to refer to it. Sets *con to NULL if no socket create context has been set, i.e. using default. If non-NULL, caller must free via freecon. */ -extern int getsockcreatecon(char ** con); -extern int getsockcreatecon_raw(char ** con); +extern int getsockcreatecon(char ** con) selinux_nonnull((1)) selinux_nodiscard; +extern int getsockcreatecon_raw(char ** con) selinux_nonnull((1)) selinux_nodiscard; /* Set the sockcreate security context for subsequent socket creations. Call with NULL if you want to reset to the default. */ -extern int setsockcreatecon(const char * context); -extern int setsockcreatecon_raw(const char * context); +extern int setsockcreatecon(const char * context) selinux_nodiscard; +extern int setsockcreatecon_raw(const char * context) selinux_nodiscard; /* Wrappers for the xattr API. */ /* Get file context, and set *con to refer to it. Caller must free via freecon. */ -extern int getfilecon(const char *path, char ** con); -extern int getfilecon_raw(const char *path, char ** con); -extern int lgetfilecon(const char *path, char ** con); -extern int lgetfilecon_raw(const char *path, char ** con); -extern int fgetfilecon(int fd, char ** con); -extern int fgetfilecon_raw(int fd, char ** con); +extern int getfilecon(const char *path, char ** con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int getfilecon_raw(const char *path, char ** con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int lgetfilecon(const char *path, char ** con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int lgetfilecon_raw(const char *path, char ** con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int fgetfilecon(int fd, char ** con) selinux_nonnull((2)) selinux_nodiscard; +extern int fgetfilecon_raw(int fd, char ** con) selinux_nonnull((2)) selinux_nodiscard; /* Set file context */ -extern int setfilecon(const char *path, const char * con); -extern int setfilecon_raw(const char *path, const char * con); -extern int lsetfilecon(const char *path, const char * con); -extern int lsetfilecon_raw(const char *path, const char * con); -extern int fsetfilecon(int fd, const char * con); -extern int fsetfilecon_raw(int fd, const char * con); +extern int setfilecon(const char *path, const char * con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int setfilecon_raw(const char *path, const char * con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int lsetfilecon(const char *path, const char * con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int lsetfilecon_raw(const char *path, const char * con) selinux_nonnull((1,2)) selinux_nodiscard; +extern int fsetfilecon(int fd, const char * con) selinux_nonnull((2)) selinux_nodiscard; +extern int fsetfilecon_raw(int fd, const char * con) selinux_nonnull((2)) selinux_nodiscard; /* Wrappers for the socket API */ /* Get context of peer socket, and set *con to refer to it. Caller must free via freecon. */ -extern int getpeercon(int fd, char ** con); -extern int getpeercon_raw(int fd, char ** con); +extern int getpeercon(int fd, char ** con) selinux_nonnull((2)) selinux_nodiscard; +extern int getpeercon_raw(int fd, char ** con) selinux_nonnull((2)) selinux_nodiscard; /* Wrappers for the selinuxfs (policy) API. */ @@ -156,10 +154,8 @@ struct selinux_opt { union selinux_callback { /* log the printf-style format and arguments, with the type code indicating the type of message */ - int -#ifdef __GNUC__ -__attribute__ ((format(printf, 2, 3))) -#endif + int + selinux_format((printf, 2, 3)) (*func_log) (int type, const char *fmt, ...); /* store a string representation of auditdata (corresponding to the given security class) into msgbuf. */ @@ -179,7 +175,7 @@ __attribute__ ((format(printf, 2, 3))) #define SELINUX_CB_SETENFORCE 3 #define SELINUX_CB_POLICYLOAD 4 -extern union selinux_callback selinux_get_callback(int type); +extern union selinux_callback selinux_get_callback(int type) selinux_nodiscard; extern void selinux_set_callback(int type, union selinux_callback cb); /* Logging type codes, passed to the logging callback */ @@ -196,66 +192,66 @@ extern int security_compute_av(const char * scon, const char * tcon, security_class_t tclass, access_vector_t requested, - struct av_decision *avd); + struct av_decision *avd) selinux_nonnull((1,2,5)) selinux_nodiscard; extern int security_compute_av_raw(const char * scon, const char * tcon, security_class_t tclass, access_vector_t requested, - struct av_decision *avd); + struct av_decision *avd) selinux_nonnull((1,2,5)) selinux_nodiscard; extern int security_compute_av_flags(const char * scon, const char * tcon, security_class_t tclass, access_vector_t requested, - struct av_decision *avd); + struct av_decision *avd) selinux_nonnull((1,2,5)) selinux_nodiscard; extern int security_compute_av_flags_raw(const char * scon, const char * tcon, security_class_t tclass, access_vector_t requested, - struct av_decision *avd); + struct av_decision *avd) selinux_nonnull((1,2,5)) selinux_nodiscard; /* Compute a labeling decision and set *newcon to refer to it. Caller must free via freecon. */ extern int security_compute_create(const char * scon, const char * tcon, security_class_t tclass, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; extern int security_compute_create_raw(const char * scon, const char * tcon, security_class_t tclass, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; extern int security_compute_create_name(const char * scon, const char * tcon, security_class_t tclass, const char *objname, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,5)) selinux_nodiscard; extern int security_compute_create_name_raw(const char * scon, const char * tcon, security_class_t tclass, const char *objname, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,5)) selinux_nodiscard; /* Compute a relabeling decision and set *newcon to refer to it. Caller must free via freecon. */ extern int security_compute_relabel(const char * scon, const char * tcon, security_class_t tclass, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; extern int security_compute_relabel_raw(const char * scon, const char * tcon, security_class_t tclass, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; /* Compute a polyinstantiation member decision and set *newcon to refer to it. Caller must free via freecon. */ extern int security_compute_member(const char * scon, const char * tcon, security_class_t tclass, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; extern int security_compute_member_raw(const char * scon, const char * tcon, security_class_t tclass, - char ** newcon); + char ** newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; /* * Compute the set of reachable user contexts and set *con to refer to @@ -265,10 +261,10 @@ extern int security_compute_member_raw(const char * scon, */ extern int security_compute_user(const char * scon, const char *username, - char *** con); + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; extern int security_compute_user_raw(const char * scon, const char *username, - char *** con); + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; /* Validate a transition. This determines whether a transition from scon to newcon using tcon as the target for object class tclass is valid in the loaded policy. @@ -277,21 +273,21 @@ extern int security_compute_user_raw(const char * scon, extern int security_validatetrans(const char *scon, const char *tcon, security_class_t tclass, - const char *newcon); + const char *newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; extern int security_validatetrans_raw(const char *scon, const char *tcon, security_class_t tclass, - const char *newcon); + const char *newcon) selinux_nonnull((1,2,4)) selinux_nodiscard; /* Load a policy configuration. */ -extern int security_load_policy(const void *data, size_t len); +extern int security_load_policy(const void *data, size_t len) selinux_nonnull((1)) selinux_nodiscard; /* Get the context of an initial kernel security identifier by name. Caller must free via freecon */ extern int security_get_initial_context(const char *name, - char ** con); + char ** con) selinux_nonnull((1,2)) selinux_nodiscard; extern int security_get_initial_context_raw(const char *name, - char ** con); + char ** con) selinux_nonnull((1,2)) selinux_nodiscard; /* * Make a policy image and load it. @@ -303,7 +299,7 @@ extern int security_get_initial_context_raw(const char *name, * * 'preservebools' is no longer supported, set to 0. */ -extern int selinux_mkload_policy(int preservebools); +extern int selinux_mkload_policy(int preservebools) selinux_nodiscard; /* * Perform the initial policy load. @@ -320,7 +316,7 @@ extern int selinux_mkload_policy(int preservebools); * determine how to proceed. If enforcing (*enforce > 0), then init should * halt the system. Otherwise, init may proceed normally without a re-exec. */ -extern int selinux_init_load_policy(int *enforce); +extern int selinux_init_load_policy(int *enforce) selinux_nonnull((1)) selinux_nodiscard; /* Translate boolean strict to name value pair. */ typedef struct { @@ -331,62 +327,58 @@ typedef struct { * longer supported, set to 0. */ extern int security_set_boolean_list(size_t boolcnt, - SELboolean * boollist, int permanent); + SELboolean * boollist, int permanent) selinux_nonnull((2)) selinux_nodiscard; /* Load policy boolean settings. Deprecated as local policy booleans no * longer supported. Will always return -1. */ -extern int security_load_booleans(char *path) -#ifdef __GNUC__ -__attribute__ ((deprecated)) -#endif -; +extern int security_load_booleans(char *path) selinux_deprecated("Local booleans are no longer supported"); /* Check the validity of a security context. */ -extern int security_check_context(const char * con); -extern int security_check_context_raw(const char * con); +extern int security_check_context(const char * con) selinux_nonnull((1)) selinux_nodiscard; +extern int security_check_context_raw(const char * con) selinux_nonnull((1)) selinux_nodiscard; /* Canonicalize a security context. */ extern int security_canonicalize_context(const char * con, - char ** canoncon); + char ** canoncon) selinux_nonnull((1,2)) selinux_nodiscard; extern int security_canonicalize_context_raw(const char * con, - char ** canoncon); + char ** canoncon) selinux_nonnull((1,2)) selinux_nodiscard; /* Get the enforce flag value. */ -extern int security_getenforce(void); +extern int security_getenforce(void) selinux_nodiscard; /* Set the enforce flag value. */ -extern int security_setenforce(int value); +extern int security_setenforce(int value) selinux_nodiscard; /* Get the load-time behavior for undefined classes/permissions */ -extern int security_reject_unknown(void); +extern int security_reject_unknown(void) selinux_nodiscard; /* Get the runtime behavior for undefined classes/permissions */ -extern int security_deny_unknown(void); +extern int security_deny_unknown(void); selinux_nodiscard /* Get the checkreqprot value */ -extern int security_get_checkreqprot(void); +extern int security_get_checkreqprot(void) selinux_nodiscard; /* Disable SELinux at runtime (must be done prior to initial policy load). */ -extern int security_disable(void); +extern int security_disable(void) selinux_nodiscard; /* Get the policy version number. */ -extern int security_policyvers(void); +extern int security_policyvers(void) selinux_nodiscard; /* Get the boolean names */ -extern int security_get_boolean_names(char ***names, int *len); +extern int security_get_boolean_names(char ***names, int *len) selinux_nodiscard; /* Get the pending value for the boolean */ -extern int security_get_boolean_pending(const char *name); +extern int security_get_boolean_pending(const char *name) selinux_nodiscard; /* Get the active value for the boolean */ -extern int security_get_boolean_active(const char *name); +extern int security_get_boolean_active(const char *name) selinux_nodiscard; /* Set the pending value for the boolean */ -extern int security_set_boolean(const char *name, int value); +extern int security_set_boolean(const char *name, int value) selinux_nodiscard; /* Commit the pending values for the booleans */ -extern int security_commit_booleans(void); +extern int security_commit_booleans(void) selinux_nodiscard; /* Userspace class mapping support */ struct security_class_mapping { @@ -413,26 +405,26 @@ struct security_class_mapping { * starting at 1, and have one security_class_mapping structure entry * per define. */ -extern int selinux_set_mapping(struct security_class_mapping *map); +extern int selinux_set_mapping(struct security_class_mapping *map) selinux_nodiscard; /* Common helpers */ /* Convert between mode and security class values */ -extern security_class_t mode_to_security_class(mode_t mode); +extern security_class_t mode_to_security_class(mode_t mode) selinux_nodiscard; /* Convert between security class values and string names */ -extern security_class_t string_to_security_class(const char *name); -extern const char *security_class_to_string(security_class_t cls); +extern security_class_t string_to_security_class(const char *name) selinux_nonnull((1)) selinux_nodiscard; +extern const char *security_class_to_string(security_class_t cls) selinux_nodiscard; /* Convert between individual access vector permissions and string names */ extern const char *security_av_perm_to_string(security_class_t tclass, - access_vector_t perm); + access_vector_t perm) selinux_nodiscard; extern access_vector_t string_to_av_perm(security_class_t tclass, - const char *name); + const char *name) selinux_nonnull((2)) selinux_nodiscard; /* Returns an access vector in a string representation. User must free the * returned string via free(). */ extern int security_av_string(security_class_t tclass, - access_vector_t av, char **result); + access_vector_t av, char **result) selinux_nonnull((3)) selinux_nodiscard; /* Display an access vector in a string representation. */ extern void print_access_vector(security_class_t tclass, access_vector_t av); @@ -476,27 +468,19 @@ extern void set_matchpathcon_flags(unsigned int flags); function also checks for a 'path'.homedirs file and a 'path'.local file and loads additional specifications from them if present. */ -extern int matchpathcon_init(const char *path) -#ifdef __GNUC__ - __attribute__ ((deprecated("Use selabel_open with backend SELABEL_CTX_FILE"))) -#endif -; +extern int matchpathcon_init(const char *path) selinux_nodiscard selinux_deprecated("Use selabel_open(3) with backend SELABEL_CTX_FILE"); /* Same as matchpathcon_init, but only load entries with regexes that have stems that are prefixes of 'prefix'. */ -extern int matchpathcon_init_prefix(const char *path, const char *prefix); +extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard; /* Free the memory allocated by matchpathcon_init. */ -extern void matchpathcon_fini(void) -#ifdef __GNUC__ - __attribute__ ((deprecated("Use selabel_close"))) -#endif -; +extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); /* Resolve all of the symlinks and relative portions of a pathname, but NOT * the final component (same a realpath() unless the final component is a * symlink. Resolved path must be a path of size PATH_MAX + 1 */ -extern int realpath_not_final(const char *name, char *resolved_path); +extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard; /* Match the specified pathname and mode against the file contexts configuration and set *con to refer to the resulting context. @@ -505,23 +489,19 @@ extern int realpath_not_final(const char *name, char *resolved_path); If matchpathcon_init has not already been called, then this function will call it upon its first invocation with a NULL path. */ extern int matchpathcon(const char *path, - mode_t mode, char ** con) -#ifdef __GNUC__ - __attribute__ ((deprecated("Use selabel_lookup instead"))) -#endif -; + mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard selinux_deprecated("Use selabel_lookup(3)"); /* Same as above, but return a specification index for later use in a matchpathcon_filespec_add() call - see below. */ extern int matchpathcon_index(const char *path, - mode_t mode, char ** con); + mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard; /* Maintain an association between an inode and a specification index, and check whether a conflicting specification is already associated with the same inode (e.g. due to multiple hard links). If so, then use the latter of the two specifications based on their order in the file contexts configuration. Return the used specification index. */ -extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file); +extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard; /* Destroy any inode associations that have been added, e.g. to restart for a new filesystem. */ @@ -537,14 +517,14 @@ extern void matchpathcon_checkmatches(char *str); /* Match the specified media and against the media contexts configuration and set *con to refer to the resulting context. Caller must free con via freecon. */ -extern int matchmediacon(const char *media, char ** con); +extern int matchmediacon(const char *media, char ** con) selinux_nonnull((1,2)) selinux_nodiscard; /* selinux_getenforcemode reads the /etc/selinux/config file and determines whether the machine should be started in enforcing (1), permissive (0) or disabled (-1) mode. */ -extern int selinux_getenforcemode(int *enforce); +extern int selinux_getenforcemode(int *enforce) selinux_nonnull((1)) selinux_nodiscard; /* selinux_boolean_sub reads the /etc/selinux/TYPE/booleans.subs_dist file @@ -552,73 +532,65 @@ extern int selinux_getenforcemode(int *enforce); returns the translated name otherwise it returns the original name. The returned value needs to be freed. On failure NULL will be returned. */ -extern char *selinux_boolean_sub(const char *boolean_name); +extern char *selinux_boolean_sub(const char *boolean_name) selinux_nodiscard; /* selinux_getpolicytype reads the /etc/selinux/config file and determines what the default policy for the machine is. Calling application must free policytype. */ -extern int selinux_getpolicytype(char **policytype); +extern int selinux_getpolicytype(char **policytype) selinux_nonnull((1)) selinux_nodiscard; /* selinux_policy_root reads the /etc/selinux/config file and returns the directory path under which the compiled policy file and context configuration files exist. */ -extern const char *selinux_policy_root(void); +extern const char *selinux_policy_root(void) selinux_nodiscard; /* selinux_set_policy_root sets an alternate policy root directory path under which the compiled policy file and context configuration files exist. */ -extern int selinux_set_policy_root(const char *rootpath); +extern int selinux_set_policy_root(const char *rootpath) selinux_nonnull((1)) selinux_nodiscard; /* These functions return the paths to specific files under the policy root directory. */ -extern const char *selinux_current_policy_path(void); -extern const char *selinux_binary_policy_path(void); -extern const char *selinux_failsafe_context_path(void); -extern const char *selinux_removable_context_path(void); -extern const char *selinux_default_context_path(void); -extern const char *selinux_user_contexts_path(void); -extern const char *selinux_file_context_path(void); -extern const char *selinux_file_context_homedir_path(void); -extern const char *selinux_file_context_local_path(void); -extern const char *selinux_file_context_subs_path(void); -extern const char *selinux_file_context_subs_dist_path(void); -extern const char *selinux_homedir_context_path(void); -extern const char *selinux_media_context_path(void); -extern const char *selinux_virtual_domain_context_path(void); -extern const char *selinux_virtual_image_context_path(void); -extern const char *selinux_lxc_contexts_path(void); -extern const char *selinux_x_context_path(void); -extern const char *selinux_sepgsql_context_path(void); -extern const char *selinux_openrc_contexts_path(void); -extern const char *selinux_openssh_contexts_path(void); -extern const char *selinux_snapperd_contexts_path(void); -extern const char *selinux_systemd_contexts_path(void); -extern const char *selinux_contexts_path(void); -extern const char *selinux_securetty_types_path(void); -extern const char *selinux_booleans_subs_path(void); +extern const char *selinux_current_policy_path(void) selinux_nodiscard; +extern const char *selinux_binary_policy_path(void) selinux_nodiscard; +extern const char *selinux_failsafe_context_path(void) selinux_nodiscard; +extern const char *selinux_removable_context_path(void) selinux_nodiscard; +extern const char *selinux_default_context_path(void) selinux_nodiscard; +extern const char *selinux_user_contexts_path(void) selinux_nodiscard; +extern const char *selinux_file_context_path(void) selinux_nodiscard; +extern const char *selinux_file_context_homedir_path(void) selinux_nodiscard; +extern const char *selinux_file_context_local_path(void) selinux_nodiscard; +extern const char *selinux_file_context_subs_path(void) selinux_nodiscard; +extern const char *selinux_file_context_subs_dist_path(void) selinux_nodiscard; +extern const char *selinux_homedir_context_path(void) selinux_nodiscard; +extern const char *selinux_media_context_path(void) selinux_nodiscard; +extern const char *selinux_virtual_domain_context_path(void) selinux_nodiscard; +extern const char *selinux_virtual_image_context_path(void) selinux_nodiscard; +extern const char *selinux_lxc_contexts_path(void) selinux_nodiscard; +extern const char *selinux_x_context_path(void) selinux_nodiscard; +extern const char *selinux_sepgsql_context_path(void) selinux_nodiscard; +extern const char *selinux_openrc_contexts_path(void) selinux_nodiscard; +extern const char *selinux_openssh_contexts_path(void) selinux_nodiscard; +extern const char *selinux_snapperd_contexts_path(void) selinux_nodiscard; +extern const char *selinux_systemd_contexts_path(void) selinux_nodiscard; +extern const char *selinux_contexts_path(void) selinux_nodiscard; +extern const char *selinux_securetty_types_path(void) selinux_nodiscard; +extern const char *selinux_booleans_subs_path(void) selinux_nodiscard; /* Deprecated as local policy booleans no longer supported. */ -extern const char *selinux_booleans_path(void) -#ifdef __GNUC__ -__attribute__ ((deprecated)) -#endif -; -extern const char *selinux_customizable_types_path(void); +extern const char *selinux_booleans_path(void) selinux_nodiscard selinux_deprecated("Local booleans are no longer supported"); +extern const char *selinux_customizable_types_path(void) selinux_nodiscard; /* Deprecated as policy ./users no longer supported. */ -extern const char *selinux_users_path(void) -#ifdef __GNUC__ -__attribute__ ((deprecated)) -#endif -; -extern const char *selinux_usersconf_path(void); -extern const char *selinux_translations_path(void); -extern const char *selinux_colors_path(void); -extern const char *selinux_netfilter_context_path(void); -extern const char *selinux_path(void); +extern const char *selinux_users_path(void) selinux_nodiscard selinux_deprecated("Local users are no longer supported"); +extern const char *selinux_usersconf_path(void) selinux_nodiscard; +extern const char *selinux_translations_path(void) selinux_nodiscard; +extern const char *selinux_colors_path(void) selinux_nodiscard; +extern const char *selinux_netfilter_context_path(void) selinux_nodiscard; +extern const char *selinux_path(void) selinux_nodiscard; /** * selinux_check_access - Check permissions and perform appropriate auditing. @@ -637,56 +609,43 @@ extern const char *selinux_path(void); * If auditing or logging is configured the appropriate callbacks will be called * and passed the auditdata field */ -extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata); +extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata) selinux_nonnull((1,2,3,4)) selinux_nodiscard; /* Check a permission in the passwd class. Return 0 if granted or -1 otherwise. */ -extern int selinux_check_passwd_access(access_vector_t requested) -#ifdef __GNUC__ - __attribute__ ((deprecated("Use selinux_check_access"))) -#endif -; - -extern int checkPasswdAccess(access_vector_t requested) -#ifdef __GNUC__ - __attribute__ ((deprecated("Use selinux_check_access"))) -#endif -; +extern int selinux_check_passwd_access(access_vector_t requested) selinux_nodiscard selinux_deprecated("Use selinux_check_access(3)"); +extern int checkPasswdAccess(access_vector_t requested) selinux_nodiscard selinux_deprecated("Use selinux_check_access(3)"); /* Check if the tty_context is defined as a securetty Return 0 if secure, < 0 otherwise. */ -extern int selinux_check_securetty_context(const char * tty_context); +extern int selinux_check_securetty_context(const char * tty_context) selinux_nonnull((1)) selinux_nodiscard; /* Set the path to the selinuxfs mount point explicitly. Normally, this is determined automatically during libselinux initialization, but this is not always possible, e.g. for /sbin/init which performs the initial mount of selinuxfs. */ -extern void set_selinuxmnt(const char *mnt); +extern void set_selinuxmnt(const char *mnt) selinux_nonnull((1)); /* Check if selinuxfs exists as a kernel filesystem */ -extern int selinuxfs_exists(void); +extern int selinuxfs_exists(void) selinux_nodiscard; /* clear selinuxmnt variable and free allocated memory */ extern void fini_selinuxmnt(void); /* Set an appropriate security context based on the filename of a helper * program, falling back to a new context with the specified type. */ -extern int setexecfilecon(const char *filename, const char *fallback_type); +extern int setexecfilecon(const char *filename, const char *fallback_type) selinux_nonnull((1)) selinux_nodiscard; #ifndef DISABLE_RPM /* Execute a helper for rpm in an appropriate security context. */ extern int rpm_execcon(unsigned int verified, const char *filename, - char *const argv[], char *const envp[]) -#ifdef __GNUC__ - __attribute__((deprecated("Use setexecfilecon and execve"))) -#endif -; + char *const argv[], char *const envp[]) selinux_deprecated("Use setexecfilecon(3) and execve(2)"); #endif /* Returns whether a file context is customizable, and should not be relabeled . */ -extern int is_context_customizable(const char * scontext); +extern int is_context_customizable(const char * scontext) selinux_nonnull((1)) selinux_nodiscard; /* Perform context translation between the human-readable format ("translated") and the internal system format ("raw"). @@ -694,9 +653,9 @@ extern int is_context_customizable(const char * scontext); Returns -1 upon an error or 0 otherwise. If passed NULL, sets the returned context to NULL and returns 0. */ extern int selinux_trans_to_raw_context(const char * trans, - char ** rawp); + char ** rawp) selinux_nonnull((2)) selinux_nodiscard; extern int selinux_raw_to_trans_context(const char * raw, - char ** transp); + char ** transp) selinux_nonnull((2)) selinux_nodiscard; /* Perform context translation between security contexts and display colors. Returns a space-separated list of ten @@ -704,14 +663,14 @@ extern int selinux_raw_to_trans_context(const char * raw, Caller must free the resulting string via free. Returns -1 upon an error or 0 otherwise. */ extern int selinux_raw_context_to_color(const char * raw, - char **color_str); + char **color_str) selinux_nonnull((2)) selinux_nodiscard; /* Get the SELinux username and level to use for a given Linux username. These values may then be passed into the get_ordered_context_list* and get_default_context* functions to obtain a context for the user. Returns 0 on success or -1 otherwise. Caller must free the returned strings via free. */ -extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); +extern int getseuserbyname(const char *linuxuser, char **seuser, char **level) selinux_nonnull((1,2,3)) selinux_nodiscard; /* Get the SELinux username and level to use for a given Linux username and service. These values may then be passed into the get_ordered_context_list* @@ -719,20 +678,21 @@ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); Returns 0 on success or -1 otherwise. Caller must free the returned strings via free. */ extern int getseuser(const char *username, const char *service, - char **r_seuser, char **r_level); + char **r_seuser, char **r_level) selinux_nonnull((1,3,4)) selinux_nodiscard; -/* Compare two file contexts, return 0 if equivalent. */ +/* Compare two contexts to see if their differences are "significant", + * or whether the only difference is in the user. Return 0 if equivalent. */ extern int selinux_file_context_cmp(const char * a, - const char * b); + const char * b) selinux_nodiscard; /* * Verify the context of the file 'path' against policy. * Return 1 if match, 0 if not and -1 on error. */ -extern int selinux_file_context_verify(const char *path, mode_t mode); +extern int selinux_file_context_verify(const char *path, mode_t mode) selinux_nonnull((1)) selinux_nodiscard; /* This function sets the file context on to the system defaults returns 0 on success */ -extern int selinux_lsetfilecon_default(const char *path); +extern int selinux_lsetfilecon_default(const char *path) selinux_nonnull((1)) selinux_nodiscard; /* * Force a reset of the loaded configuration diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh index 3b7f2450..15413c7a 100755 --- a/libselinux/src/exception.sh +++ b/libselinux/src/exception.sh @@ -28,10 +28,10 @@ FILE_LIST=( ../include/selinux/label.h ../include/selinux/restorecon.h ) -if ! cat "${FILE_LIST[@]}" | ${CC:-gcc} -x c -c -I../include -o temp.o - -aux-info temp.aux +if ! cat "${FILE_LIST[@]}" | ${CC:-gcc} -x c -c -I../include -DNO_INCLUDE_ERROR -o temp.o - -aux-info temp.aux then # clang does not support -aux-info so fall back to gcc - cat "${FILE_LIST[@]}" | gcc -x c -c -I../include -o temp.o - -aux-info temp.aux + cat "${FILE_LIST[@]}" | gcc -x c -c -I../include -DNO_INCLUDE_ERROR -o temp.o - -aux-info temp.aux fi for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except $i ; done rm -f -- temp.aux temp.o diff --git a/libselinux/src/selinuxswig.i b/libselinux/src/selinuxswig.i index dbdb4c3d..42e31e10 100644 --- a/libselinux/src/selinuxswig.i +++ b/libselinux/src/selinuxswig.i @@ -57,6 +57,7 @@ %ignore avc_netlink_release_fd; %ignore avc_netlink_check_nb; +%include "../include/selinux/_private.h" %include "../include/selinux/avc.h" %include "../include/selinux/context.h" %include "../include/selinux/get_context_list.h" diff --git a/scripts/run-scan-build b/scripts/run-scan-build index 931ffd2a..5a79c8bc 100755 --- a/scripts/run-scan-build +++ b/scripts/run-scan-build @@ -32,7 +32,7 @@ fi make -C .. clean distclean -j"$(nproc)" $SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \ DESTDIR="$DESTDIR" \ - CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -I$DESTDIR/usr/include" \ + CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=2 -D__CHECKER__ -DNO_INCLUDE_ERROR -I$DESTDIR/usr/include" \ -j"$(nproc)" \ install install-pywrap install-rubywrap all test From patchwork Fri May 12 10:23:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239043 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD0F5C77B75 for ; Fri, 12 May 2023 10:23:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240424AbjELKXi (ORCPT ); Fri, 12 May 2023 06:23:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240681AbjELKXf (ORCPT ); Fri, 12 May 2023 06:23:35 -0400 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B85F12E for ; Fri, 12 May 2023 03:23:30 -0700 (PDT) Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-9661047f8b8so1385059066b.0 for ; Fri, 12 May 2023 03:23:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887008; x=1686479008; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hviBcf0QT4Xg8z3jYcj4W5h7zQQx/+YLgo6TweBa6UA=; b=Sharqyqv5Eqjctt04VMynCiZNOzNH0HFUWWJpSxOXnyGZiHoE8KqRv+6fNnR+rUmMS +tv4aSWhPUgy8BNEs0xNb6/Oyxs1r52Ncp5Q/c1l1EaCC8AgXgS1Ih0Xa2FBWXPPcjot t04HmE4fz7bgfkGcQAEVQG75yErIcG73Y7idd95ieAvWV6qzWmYap+JErKwKgjQELG4x 354VG7mC3ijehV5GpIVdFAQRelHwuj7hqG92hCDB8ZSMVSQ50ZYJeuNdxN8ZesoFErhK KoNUdv3rzzTzL1INQJdYeob+hGDOO5F9zEZmkZO7aMrspi8/yNk1AEZ3m3Do0YOyCZRc 0hJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887008; x=1686479008; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hviBcf0QT4Xg8z3jYcj4W5h7zQQx/+YLgo6TweBa6UA=; b=R1zqHqloVU8a/zKDGklWz4Q0dj0T5UubcSxCuPPSDkTw6PbwechzDx1HPPoC9FNckw 5NDf53OqcVHsyCfcsujpdiZIsBY03FVkZW9N+xANpISdBolSdnxA3mDalaJoj6qzX84R eNXUJXUzJclxV6xUY4GXnh/seH5gnr21LtLzgm8Fz4sORL5LzJ27s6uzD9OrhUzKPOq3 PclZJgYfHqFpj2oJaHjxopM9ocVJtm83GDy9haoUfB+xQrvGjM8OaZWL/Xc70YkoC3Ib P78uCPbq2jlhZj7YDbvCdW3dHOSQnCqF4t7NMe1wIJM+5oK9gP4irLHvfvIrpQUBs48c 76vQ== X-Gm-Message-State: AC+VfDxaNiV3OIqY2DexT4qG9+Yjv3tIphekbp0oT3ljDcwO/I9j+y/x ZJ2ifBOkU/FkNm1ZYQCsPHyky7/2HsWrQw== X-Google-Smtp-Source: ACHHUZ4SgjZie8wWHBfBEnjVhk7Fg5svYPxWeGLjETXvT9LENFR1Yx4SsE5x3KwI/mlSiVLvJBdWww== X-Received: by 2002:a17:907:70a:b0:953:9024:1b50 with SMTP id xb10-20020a170907070a00b0095390241b50mr20764182ejb.74.1683887008288; Fri, 12 May 2023 03:23:28 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:27 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 2/9] libselinux: deprecate matchpathcon and compute_user interfaces Date: Fri, 12 May 2023 12:23:15 +0200 Message-Id: <20230512102322.72235-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Annotate interfaces of the matchpathcon family and security_compute_user(3) and security_compute_user_raw(3) as deprecated. Signed-off-by: Christian Göttsche --- libselinux/include/selinux/selinux.h | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 7f8deb65..4799dd1c 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -261,10 +261,12 @@ extern int security_compute_member_raw(const char * scon, */ extern int security_compute_user(const char * scon, const char *username, - char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard + selinux_deprecated("Use get_ordered_context_list(3) family"); extern int security_compute_user_raw(const char * scon, const char *username, - char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard; + char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard + selinux_deprecated("Use get_ordered_context_list(3) family"); /* Validate a transition. This determines whether a transition from scon to newcon using tcon as the target for object class tclass is valid in the loaded policy. @@ -435,7 +437,7 @@ extern void selinux_flush_class_cache(void); /* Set the function used by matchpathcon_init when displaying errors about the file_contexts configuration. If not set, then this defaults to fprintf(stderr, fmt, ...). */ -extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); +extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) selinux_deprecated("matchpathcon family is deprecated"); /* Set the function used by matchpathcon_init when checking the validity of a context in the file contexts configuration. If not set, @@ -444,7 +446,7 @@ extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); may include the 'path' and 'lineno' in such error messages. */ extern void set_matchpathcon_invalidcon(int (*f) (const char *path, unsigned lineno, - char *context)); + char *context)) selinux_deprecated("matchpathcon family is deprecated"); /* Same as above, but also allows canonicalization of the context, by changing *context to refer to the canonical form. If not set, @@ -452,13 +454,13 @@ extern void set_matchpathcon_invalidcon(int (*f) (const char *path, security_canonicalize_context(). */ extern void set_matchpathcon_canoncon(int (*f) (const char *path, unsigned lineno, - char **context)); + char **context)) selinux_deprecated("matchpathcon family is deprecated"); /* Set flags controlling operation of matchpathcon_init or matchpathcon. */ #define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ #define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ #define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */ -extern void set_matchpathcon_flags(unsigned int flags); +extern void set_matchpathcon_flags(unsigned int flags) selinux_deprecated("matchpathcon family is deprecated"); /* Load the file contexts configuration specified by 'path' into memory for use by subsequent matchpathcon calls. @@ -472,7 +474,7 @@ extern int matchpathcon_init(const char *path) selinux_nodiscard selinux_depreca /* Same as matchpathcon_init, but only load entries with regexes that have stems that are prefixes of 'prefix'. */ -extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard; +extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard selinux_deprecated("Use selabel_open(3) with backend SELABEL_CTX_FILE"); /* Free the memory allocated by matchpathcon_init. */ extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); @@ -480,7 +482,7 @@ extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)"); /* Resolve all of the symlinks and relative portions of a pathname, but NOT * the final component (same a realpath() unless the final component is a * symlink. Resolved path must be a path of size PATH_MAX + 1 */ -extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard; +extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard selinux_deprecated("Not meant for external use"); /* Match the specified pathname and mode against the file contexts configuration and set *con to refer to the resulting context. @@ -494,25 +496,25 @@ extern int matchpathcon(const char *path, /* Same as above, but return a specification index for later use in a matchpathcon_filespec_add() call - see below. */ extern int matchpathcon_index(const char *path, - mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard; + mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard selinux_deprecated("Use selabel_lookup(3)"); /* Maintain an association between an inode and a specification index, and check whether a conflicting specification is already associated with the same inode (e.g. due to multiple hard links). If so, then use the latter of the two specifications based on their order in the file contexts configuration. Return the used specification index. */ -extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard; +extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard selinux_deprecated("matchpathcon family is deprecated"); /* Destroy any inode associations that have been added, e.g. to restart for a new filesystem. */ -extern void matchpathcon_filespec_destroy(void); +extern void matchpathcon_filespec_destroy(void) selinux_deprecated("matchpathcon family is deprecated"); /* Display statistics on the hash table usage for the associations. */ -extern void matchpathcon_filespec_eval(void); +extern void matchpathcon_filespec_eval(void) selinux_deprecated("matchpathcon family is deprecated"); /* Check to see whether any specifications had no matches and report them. The 'str' is used as a prefix for any warning messages. */ -extern void matchpathcon_checkmatches(char *str); +extern void matchpathcon_checkmatches(char *str) selinux_deprecated("matchpathcon family is deprecated"); /* Match the specified media and against the media contexts configuration and set *con to refer to the resulting context. From patchwork Fri May 12 10:23:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239044 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FDD4C77B7F for ; Fri, 12 May 2023 10:23:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240641AbjELKXi (ORCPT ); Fri, 12 May 2023 06:23:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240533AbjELKXg (ORCPT ); Fri, 12 May 2023 06:23:36 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCB5E83DC for ; Fri, 12 May 2023 03:23:30 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-50bc3a2d333so14709259a12.0 for ; Fri, 12 May 2023 03:23:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887009; x=1686479009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lLD47pdN7dbz+LdUU+chc5+5RmX7jMC7mzVzLHjiVJU=; b=B9AQWv+8CM4r86C7VVl14kDI+BLpqD69bjmUvGCeqrUlw7+u/i6u0ZpakxgLYfmQHo MuRhJ87pyNQ2x8qDvYBZtZ24vcBkBqlM75bdumkf+IgwQ7aRBysHLRfXLDR3fg2KBbvh +kOVnjnRL21EPa6WYzkEGpVt6h4g3tvUbzY59FI37s6+/DaJ+u1bFgGyvKfuNCbzgKY1 y34YtsYSBfzGqfqupoBMY/m7Urj1amLKnxJVCnySnx/iGmwp7THBPbmS3mizn0AgIsf2 pThOJEu0qV9zZlzVm5ZTqsSARDUUqfY5xvF248J1GY6KjPGCc8ajvck6e4NWHBn0G//B sN/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887009; x=1686479009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lLD47pdN7dbz+LdUU+chc5+5RmX7jMC7mzVzLHjiVJU=; b=XMc4rUn0r+QEb4uUfsSoM3fhoaPOwaOkW/G4osPa19+h0GG4cpm3UFBLMgmXlAm5HN 4jp/CAfXKcxbu78Ul183HcMfxUcYIPodPsrvoh9/8PHmUJH+yLxO0YN5aABAwau4ae0Q Z6h1A0u+DDMW9TB9rMb/NGec/lY17gmgxBH5y4IfBIc6B8Q9K17t2UVATcPi/YYOWfmj ib/IT0gQ2xfHwvkz6RACMg7ZmNjn66/GQiwHU+IisG3NCludCUuXlJAXs2wYQfGyUgz3 AYvF3RwIRsi38Orukq7+d43tGCMOetR25oxrOzUl36l3NGOdVDxVwXUg6UVv3ZHYgVgI 1nYg== X-Gm-Message-State: AC+VfDyTtOOXmeUZmvzXjWUdz9k3IKVFlkln3Ulgct/GdAF0bsh1rqp0 CEWEwMwQeeDpObiwAzR/9pZ71tsIHZ3hqg== X-Google-Smtp-Source: ACHHUZ5/l9cx0effsYbu6OLHy2iL+nLh7lATKylDWzDVeQHm0Fl4KraEAGyVVw9KJcj2NJaMhAHGaQ== X-Received: by 2002:a17:907:1607:b0:94f:1c90:cb71 with SMTP id hb7-20020a170907160700b0094f1c90cb71mr24971704ejc.65.1683887009047; Fri, 12 May 2023 03:23:29 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:28 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 3/9] libselinux: declare avc_open(3) options parameter const Date: Fri, 12 May 2023 12:23:16 +0200 Message-Id: <20230512102322.72235-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The first parameter of avc_open(3) is a read-only array of options. Signed-off-by: Christian Göttsche --- libselinux/include/selinux/avc.h | 2 +- libselinux/man/man3/avc_open.3 | 2 +- libselinux/src/avc.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h index 92c79988..3e75cbad 100644 --- a/libselinux/include/selinux/avc.h +++ b/libselinux/include/selinux/avc.h @@ -201,7 +201,7 @@ extern int avc_init(const char *msgprefix, * is set to "avc" and any callbacks desired should be specified via * selinux_set_callback(). Available options are listed above. */ -extern int avc_open(struct selinux_opt *opts, unsigned nopts) selinux_access((read_only, 1, 2)) selinux_nodiscard; +extern int avc_open(const struct selinux_opt *opts, unsigned nopts) selinux_access((read_only, 1, 2)) selinux_nodiscard; /** * avc_cleanup - Remove unused SIDs and AVC entries. diff --git a/libselinux/man/man3/avc_open.3 b/libselinux/man/man3/avc_open.3 index 55683bb6..74f85593 100644 --- a/libselinux/man/man3/avc_open.3 +++ b/libselinux/man/man3/avc_open.3 @@ -10,7 +10,7 @@ avc_open, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and .br .B #include .sp -.BI "int avc_open(struct selinux_opt *" options ", unsigned " nopt ");" +.BI "int avc_open(const struct selinux_opt *" options ", unsigned " nopt ");" .sp .BI "void avc_destroy(void);" .sp diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index 8d5983a2..634badf9 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -225,7 +225,7 @@ static int avc_init_internal(const char *prefix, return rc; } -int avc_open(struct selinux_opt *opts, unsigned nopts) +int avc_open(const struct selinux_opt *opts, unsigned nopts) { avc_setenforce = 0; From patchwork Fri May 12 10:23:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239045 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FFB7C77B7F for ; Fri, 12 May 2023 10:23:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240663AbjELKXj (ORCPT ); Fri, 12 May 2023 06:23:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240669AbjELKXh (ORCPT ); Fri, 12 May 2023 06:23:37 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 606F6E70C for ; Fri, 12 May 2023 03:23:31 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-50bd875398dso14716574a12.1 for ; Fri, 12 May 2023 03:23:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887010; x=1686479010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OzQQS9CaBHFklgqFBv69aCqDC9LqvjnUF8D3AJChTho=; b=OShm2TSxe2rSzox1EcJh3tSbeis1E0Ab5YJGqcolN4WQZ8PqvZu++0hn+DlyTp+IfO SV9RhrQaOY753w/ZqFuBHgx4sI9qIWzmNavbFQSsVDSN6ugHGHfJj91vwoF4DIecVop4 INQ+y1WnGmLw4Uvu+9X2I5L1BJVtEutw+ZKQfZ3WNkLAXGc14YiYYWoGWUYUDmiGdq17 K4OsW4g53eLALt56i3CJe7EgFf1U3O4v2AEE3T/YI0jC5HDrBiS0K/IQIOzhIK/smeJy hNdoi24wkwNhtpxhEzsQOlsMwCRw1EH2DfHbca4ycYWJ3K7sYMlp59tAreEyENX14O7v 5Sag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887010; x=1686479010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OzQQS9CaBHFklgqFBv69aCqDC9LqvjnUF8D3AJChTho=; b=WWBkDrZwJ5u0bq2IWgtOBRUotvnFff/2PAYN4oC+DO6T9Uxg75yamZ6eBr3V4mmrKd MQHpeu2a1ebhMHT3j4W36DMZsjFlvtj0p9DV+2cqWCEyQvDjzYBT10TaJrFGChsgMLKN ScArLk+DYBUmTMHKAg6RTfimgAH0lCwaUnBRl9A5F7TiZea8jKj4i2+BQ/cJBNs8piJn jLVHNjQPaMxtUvx8UpYNv9fEf98+F1E5eNavHFRQr1ZMn+StZhPPHWIHrt8bD9gSXlTf W/vfqxPxapTcE9jrXsmF0MVDvMVT9uk1/luPOiaU+1TnFoQC7JFZ+jbS8N1vc8UlLane LQxw== X-Gm-Message-State: AC+VfDzwFxVarytjn97ZJbyh/qXIb2suzWRhMo12RQ0ujPf6SJ6fElEq 3AOtfIQBQTla5CbvoP4jyNWCdaPQqD3jOg== X-Google-Smtp-Source: ACHHUZ7XoKwptnelsepDxP7ZFu6B1NWI2byYizRPG/fl6Jz1AzNPaHdVANFYK8Awawaz1FPgoKFW4w== X-Received: by 2002:a17:907:3e1d:b0:94e:dd30:54b5 with SMTP id hp29-20020a1709073e1d00b0094edd3054b5mr26051343ejc.6.1683887009669; Fri, 12 May 2023 03:23:29 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:29 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 4/9] mcstrans: check getcon(3) and context_range_set(3) for failure Date: Fri, 12 May 2023 12:23:17 +0200 Message-Id: <20230512102322.72235-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org mcstrans.c: In function ‘new_context_str’: mcstrans.c:926:9: error: ignoring return value of ‘context_range_set’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 926 | context_range_set(con, range); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mcscolor.c: In function ‘init_colors’: mcscolor.c:252:9: error: ignoring return value of ‘getcon’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 252 | getcon(&my_context); | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche --- mcstrans/src/mcscolor.c | 3 ++- mcstrans/src/mcstrans.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c index 9ff0ce2f..7d8f676e 100644 --- a/mcstrans/src/mcscolor.c +++ b/mcstrans/src/mcscolor.c @@ -249,7 +249,8 @@ int init_colors(void) { char *buffer = NULL; int line = 0; - getcon(&my_context); + if (getcon(&my_context) < 0) + return 1; cfg = fopen(selinux_colors_path(), "r"); if (!cfg) return 1; diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c index af3f507e..34dceca5 100644 --- a/mcstrans/src/mcstrans.c +++ b/mcstrans/src/mcstrans.c @@ -923,7 +923,10 @@ new_context_str(const char *incon, const char *range) { if (!con) { goto exit; } - context_range_set(con, range); + if (context_range_set(con, range) < 0) { + context_free(con); + goto exit; + } rcon = strdup(context_str(con)); context_free(con); if (!rcon) { From patchwork Fri May 12 10:23:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239046 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94CF0C77B7F for ; Fri, 12 May 2023 10:23:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240533AbjELKXl (ORCPT ); Fri, 12 May 2023 06:23:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240672AbjELKXj (ORCPT ); Fri, 12 May 2023 06:23:39 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F295810E49 for ; Fri, 12 May 2023 03:23:31 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-96ab81aa68dso42465466b.3 for ; Fri, 12 May 2023 03:23:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887010; x=1686479010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NVU8k4HYuv/EE7iiYZ5Uk1I4ExtS/sXPDlX59CJgtAI=; b=nJo/xJH13mdsHxbiLlzvJxrevFHWBLtfKKhC34zqt1NDREWeH1SpQI7aYJogEVERR5 SeX8aRx2q0uVGTkge/hQRUbO0khuQlx/YBxwL43rjTiblfbfUTC3+aNGvNaShw2AgJSc 7JTBH7ENPtMEgLev5Mit0yVOsDiYVQL2cI3fBxgWATWe+lX37uj2k854kP7zbeh/h0YR g7SgQl20+qIaTWGnnc6IzhDM97jF4lFQ/fLSogt4ZuQ0pnEu5YaDf5umSM/JBd3kRCyJ rMw5mKfHrdCm+BfL8x9AGdL5YKXWdyGEJVEQt1KQn883ijMzRAI0Bt65OpizRarFZ6qd 0ptA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887010; x=1686479010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NVU8k4HYuv/EE7iiYZ5Uk1I4ExtS/sXPDlX59CJgtAI=; b=fCKxNPwGoQZowj2otBianJ+XpqNAHo0B/0k9YVUQ0GqSi5lAGZVxGMA9GMBw4g51lU +6meFOoWemET4Lyal7xbeR/J934OFTA+abPeWSSNHL1ZLd46F+83uNESnQzmUYzsQmO0 MBventDaV+EDIepjvIe5KEM34CT3qmKee5mJVNmja0QWxrUwYLPsHx7rwxJh3LobWaq3 vu7ZhoO4ii9wxDsHpj0VJAHI8HZ6S9XHOy8LfPo4bPZSprlcI0OUiibQSD8do5XEeMq2 7nobzdQ2vuR8zlsaVdK7KvS32LtzFp7BcF+6qbz1DINAcU5h2W4e1EAbBNCFV184bMKB QyEg== X-Gm-Message-State: AC+VfDzLTD8r7HmPXJDRAr/ggxXKa3fYMKN1JwCPM2CGKL86pwILrcVr sZv0RRo59GA1rcSV1H24mCJ+mnHTTcdOGw== X-Google-Smtp-Source: ACHHUZ5YlKuPPuHUC+0tMklm2QGKFMKI1GZyfAnwxZcIaa17vzlQA8QL9ESSLAKBqhvC/vrXKPgF0g== X-Received: by 2002:a17:907:a0c:b0:966:2123:e0ca with SMTP id bb12-20020a1709070a0c00b009662123e0camr18231856ejc.34.1683887010265; Fri, 12 May 2023 03:23:30 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:29 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 5/9] libselinux: explicitly ignore return values Date: Fri, 12 May 2023 12:23:18 +0200 Message-Id: <20230512102322.72235-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Tell GCC, see [1], to actually no issue warnings about explicitly ignored return values. Also explicitly ignored return values in cleanup handlers. togglesebool.c: In function ‘rollback’: togglesebool.c:18:17: error: ignoring return value of ‘security_set_boolean’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 18 | security_set_boolean(argv[i], | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19 | security_get_boolean_active(argv[i])); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ load_policy.c: In function ‘selinux_init_load_policy’: load_policy.c:329:17: error: ‘security_disable’ is deprecated: SELinux runtime disable is deprecated [-Werror=deprecated-declarations] 329 | rc = security_disable(); | ^~ booleans.c: In function ‘rollback’: booleans.c:332:17: error: ignoring return value of ‘security_set_boolean’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 332 | security_set_boolean(boollist[i].name, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 333 | security_get_boolean_active(boollist[i]. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 334 | name)); | ~~~~~~ checkAccess.c: In function ‘selinux_check_access’: checkAccess.c:42:16: error: ignoring return value of ‘selinux_status_updated’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 42 | (void) selinux_status_updated(); | ^~~~~~~~~~~~~~~~~~~~~~~~ avc.c: In function ‘avc_has_perm_noaudit’: avc.c:761:24: error: ignoring return value of ‘selinux_status_updated’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 761 | (void) selinux_status_updated(); | ^~~~~~~~~~~~~~~~~~~~~~~~ [1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425 Signed-off-by: Christian Göttsche --- libselinux/src/avc.c | 2 +- libselinux/src/booleans.c | 2 +- libselinux/src/checkAccess.c | 2 +- libselinux/src/load_policy.c | 2 +- libselinux/utils/togglesebool.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index 634badf9..2cb6366f 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -757,7 +757,7 @@ int avc_has_perm_noaudit(security_id_t ssid, avd_init(avd); if (!avc_using_threads && !avc_app_main_loop) { - (void) selinux_status_updated(); + (void)! selinux_status_updated(); } if (!aeref) { diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index e34b39ff..30733564 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -327,7 +327,7 @@ static void rollback(SELboolean * boollist, int end) int i; for (i = 0; i < end; i++) - security_set_boolean(boollist[i].name, + (void)! security_set_boolean(boollist[i].name, security_get_boolean_active(boollist[i]. name)); } diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c index 022cd6b5..1df0c8ad 100644 --- a/libselinux/src/checkAccess.c +++ b/libselinux/src/checkAccess.c @@ -39,7 +39,7 @@ int selinux_check_access(const char *scon, const char *tcon, const char *class, if (rc < 0) return rc; - (void) selinux_status_updated(); + (void)! selinux_status_updated(); sclass = string_to_security_class(class); if (sclass == 0) { diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index 17918e8b..c3ac18e2 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -238,7 +238,7 @@ int selinux_init_load_policy(int *enforce) * Get desired mode (disabled, permissive, enforcing) from * /etc/selinux/config. */ - selinux_getenforcemode(&seconfig); + (void)! selinux_getenforcemode(&seconfig); /* Check for an override of the mode via the kernel command line. */ rc = mount("proc", "/proc", "proc", 0, 0); diff --git a/libselinux/utils/togglesebool.c b/libselinux/utils/togglesebool.c index 4a7c830e..d8cee287 100644 --- a/libselinux/utils/togglesebool.c +++ b/libselinux/utils/togglesebool.c @@ -15,7 +15,7 @@ static __attribute__ ((__noreturn__)) void rollback(int argc, char **argv) int i; for (i = 1; i < argc; i++) - security_set_boolean(argv[i], + (void)! security_set_boolean(argv[i], security_get_boolean_active(argv[i])); exit(1); } From patchwork Fri May 12 10:23:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239049 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F246C77B75 for ; Fri, 12 May 2023 10:23:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240672AbjELKXw (ORCPT ); Fri, 12 May 2023 06:23:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240686AbjELKXk (ORCPT ); Fri, 12 May 2023 06:23:40 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 628651BC1 for ; Fri, 12 May 2023 03:23:32 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-50bc22805d3so14796982a12.1 for ; Fri, 12 May 2023 03:23:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887011; x=1686479011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NJy+icQz3ZaRH9DMKznHuK0ig50Tcjf4Eh/7WAUc6nQ=; b=MefFssQGTtTbvNLVUuiN2e97La5fIjYwkVPybty5BgFHbadt/4QUAPLi5bkkHbMOSg hQHQqz1LvMlZIXbZc1KOMHIBXudcdgwraJvlZTwVJJa2CKuo94sCo4C4SGwtnGJUaZ+j Km5qkBooIZyygZ0icwGEW0eEsMZl9+AXYhMn5BLu4wOdnew+b7zDh0ZWNmbYetYxSXoF DeRS5/8QH8qQHFUwMCzNP8O+z/glXQDvrS0Y7jnaSjdPaGtMjGnANU/LOj+Z9J5QFAkd hc8n3cROn/9FngK/FEq1t5DkZt+UDCsuPiZNp0Pdkj+cM+V+7Hc9P/Wxw/frXF+SQzrt 6GKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887011; x=1686479011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NJy+icQz3ZaRH9DMKznHuK0ig50Tcjf4Eh/7WAUc6nQ=; b=hRZrEvfxpqB07WqHCoyct+A52XaKVm9Q0HfB4Yi3BTB0DmOMjvFRne9yRQSUUcTP16 v30+izoCe/zWt5TWobHWYRh15wCqmW8tB6305hsk9c0YganDRCrwkb4Ee0Zhnfm2PBeA o6Y5kxqSCXfSGzBlSjaC2KxweZUtIGYvKDEdtuGPpyOvd3JpD2iSk/QPB5VMqfRsehf8 pTY59cbhOK/JBgylB6sCyNOtE8cJ0C6C6cOU7bjblRr7oLxlED6I+NiW3Wv0qMgRmLfz 1z0txX0KaKGgGSO1GAKP5FkBZgEZsKpYycrh96MP2OOqbAZvyx9nfUtyvpmBzYxiYOxN yc6A== X-Gm-Message-State: AC+VfDxW0ILkPwOl8rGJbVBGYNGFIfd3nKqdS7Sp5xHfr7xJX+U1VnfP Ket3V3Av0DDQvTp9GYaU2C8D3MH6NWWDLA== X-Google-Smtp-Source: ACHHUZ6ciK6ydFsBbE8S73sbddWYHiTOCay4K+tBooGCOjw3mHdW7jJRUZBAZ/QjY4JDrMQK8wj06g== X-Received: by 2002:a17:906:ee88:b0:94b:ffe9:37fd with SMTP id wt8-20020a170906ee8800b0094bffe937fdmr23224478ejb.5.1683887010815; Fri, 12 May 2023 03:23:30 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:30 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 6/9] libselinux: ignore internal use of deprecated interfaces Date: Fri, 12 May 2023 12:23:19 +0200 Message-Id: <20230512102322.72235-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Ignore internal use of deprecated interfaces within deprecated interfaces. compute_user.c: In function ‘security_compute_user’: compute_user.c:93:9: error: ‘security_compute_user_raw’ is deprecated: Use get_ordered_context_list(3) family [-Werror=deprecated-declarations] 93 | ret = security_compute_user_raw(rscon, user, con); | ^~~ compute_user.c:13:5: note: declared here 13 | int security_compute_user_raw(const char * scon, | ^~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche --- libselinux/src/compute_user.c | 2 ++ libselinux/src/matchpathcon.c | 11 +++++++++++ libselinux/src/selinux_internal.h | 14 ++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c index f55f945a..5f54e16a 100644 --- a/libselinux/src/compute_user.c +++ b/libselinux/src/compute_user.c @@ -96,7 +96,9 @@ int security_compute_user(const char * scon, if (selinux_trans_to_raw_context(scon, &rscon)) return -1; +IGNORE_DEPRECATED_BEGIN ret = security_compute_user_raw(rscon, user, con); +IGNORE_DEPRECATED_END freecon(rscon); if (!ret) { diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c index bf2da083..f4e34df0 100644 --- a/libselinux/src/matchpathcon.c +++ b/libselinux/src/matchpathcon.c @@ -367,7 +367,9 @@ int matchpathcon_init_prefix(const char *path, const char *subset) int matchpathcon_init(const char *path) { +IGNORE_DEPRECATED_BEGIN return matchpathcon_init_prefix(path, NULL); +IGNORE_DEPRECATED_END } void matchpathcon_fini(void) @@ -439,6 +441,8 @@ static int matchpathcon_internal(const char *path, mode_t mode, char ** con) { char stackpath[PATH_MAX + 1]; char *p = NULL; + +IGNORE_DEPRECATED_BEGIN if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) return -1; @@ -450,6 +454,7 @@ static int matchpathcon_internal(const char *path, mode_t mode, char ** con) if (p) path = p; } +IGNORE_DEPRECATED_END return notrans ? selabel_lookup_raw(hnd, con, path, mode) : @@ -507,8 +512,10 @@ int selinux_file_context_verify(const char *path, mode_t mode) char *p = NULL; if (S_ISLNK(mode)) { +IGNORE_DEPRECATED_BEGIN if (!realpath_not_final(path, stackpath)) path = stackpath; +IGNORE_DEPRECATED_END } else { p = realpath(path, stackpath); if (p) @@ -523,8 +530,10 @@ int selinux_file_context_verify(const char *path, mode_t mode) return 0; } +IGNORE_DEPRECATED_BEGIN if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) return -1; +IGNORE_DEPRECATED_END if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) { if (errno != ENOENT) @@ -554,8 +563,10 @@ int selinux_lsetfilecon_default(const char *path) if (lstat(path, &st) != 0) return rc; +IGNORE_DEPRECATED_BEGIN if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) return -1; +IGNORE_DEPRECATED_END /* If there's an error determining the context, or it has none, return to allow default context */ diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h index 06f2c038..583dc205 100644 --- a/libselinux/src/selinux_internal.h +++ b/libselinux/src/selinux_internal.h @@ -94,6 +94,20 @@ extern int selinux_page_size ; extern int has_selinux_config ; +#ifdef __GNUC__ +# define IGNORE_DEPRECATED_BEGIN \ + _Pragma("GCC diagnostic push") \ + _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") +#else +# define IGNORE_DEPRECATED_BEGIN +#endif + +#ifdef __GNUC__ +# define IGNORE_DEPRECATED_END _Pragma("GCC diagnostic pop") +#else +# define IGNORE_DEPRECATED_END +#endif + #ifndef HAVE_STRLCPY size_t strlcpy(char *dest, const char *src, size_t size); #endif From patchwork Fri May 12 10:23:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239048 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91F42C77B7F for ; Fri, 12 May 2023 10:23:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240710AbjELKXv (ORCPT ); Fri, 12 May 2023 06:23:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240691AbjELKXk (ORCPT ); Fri, 12 May 2023 06:23:40 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35A51100F4 for ; Fri, 12 May 2023 03:23:33 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-966400ee79aso1321726766b.0 for ; Fri, 12 May 2023 03:23:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887011; x=1686479011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZdqR4pUMqP8H82QVZlZ9nX0C6mDk9sWHOx0UPmV5XNg=; b=jVOOhBonyxOtbJNAi6RRKsjAC6fmbkxL+SSfi6DgsY2HXgyQW1EV4jicub2xUixiiA 5IuI/9QhPAK21Asezha4KbELGxv6g4TCtrLT5yovlVM+w8JJdvFAzyD2rF5XNP8jtU1/ hoHPMRRHwvfFJMWjtoOsX/Ll+2MQKolfYxVWnFVUvEnBhIiCPp4B9pEcbNq3W+QpG8mQ XsyDiajFP5cGbKJRRo/f3w3oaYyD0tD1opJ50+4f7+1VRS6emeV+eX1E0ofgJTzUeo9y DMtmoGLKn2qGc3APm9H+LqnoPTmwIa34A5Q/eDV99hXWaNcDqZzEzLNbafGEdGBgCJ6W 4lZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887011; x=1686479011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZdqR4pUMqP8H82QVZlZ9nX0C6mDk9sWHOx0UPmV5XNg=; b=Bx0pR2pmJAq7+is/nPdJhyMwoNJx/36kDNymMl8Gk0O9mHKAPLskeVByZ8QTCbMRL4 BkYbfnijU7oGsuCGbWVnUYuhnHHPX0wuReFBEp57tuBHYx/ip0tB/8mvB/amZ2qZRttC YBcp5AEAjKlIpbcvAhZI6SzWIxuXPPkxfa55pro1yzrxil4VAKu6O8DB7ZxFV5NPQHbd Isu/tpkNd5iwFdZ89bUQlsSi2NdOc7EVyge8ZMj44hs7bDjkZvGzcDCJEau9yWEWst8V NgoVQBJ43qxt11EbrjDP8tq/APA1tYOpE+DAz2GKdJYHugyUwQkC/1TmTZGWN4OUbFND RlWg== X-Gm-Message-State: AC+VfDwVKzc2hVvlVh/7z2bSLP5UDo/h5jR/E/JVWJuaCV+AZTmrbiG2 Gl1Wg73TICQHhqSv+0WbuERQuLtupraTiA== X-Google-Smtp-Source: ACHHUZ7ABzJLmZ9TEni9+4qDR/fm8bIAekDJA/J6FW2VT6wGJAdC/JBhz55KmYMI0pPJ9sN7lnex0A== X-Received: by 2002:a17:907:982:b0:965:7fba:6bcf with SMTP id bf2-20020a170907098200b009657fba6bcfmr20448043ejc.67.1683887011372; Fri, 12 May 2023 03:23:31 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:31 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 7/9] secon: check selinux_raw_to_trans_context(3) for failure Date: Fri, 12 May 2023 12:23:20 +0200 Message-Id: <20230512102322.72235-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org secon.c: In function ‘disp_con’: secon.c:634:9: error: ignoring return value of ‘selinux_raw_to_trans_context’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 634 | selinux_raw_to_trans_context(scon_raw, &scon_trans); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche --- policycoreutils/secon/secon.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c index d624fa13..82266894 100644 --- a/policycoreutils/secon/secon.c +++ b/policycoreutils/secon/secon.c @@ -2,7 +2,7 @@ #include #include #include - +#include #include #define xstreq(x, y) !strcmp(x, y) @@ -631,7 +631,10 @@ static void disp_con(const char *scon_raw) char *color_str = NULL; struct context_color_t color = { .valid = 0 }; - selinux_raw_to_trans_context(scon_raw, &scon_trans); + if (selinux_raw_to_trans_context(scon_raw, &scon_trans) < 0) + errx(EXIT_FAILURE, "Couldn't convert context %s: %s", + scon_raw, strerror(errno)); + if (opts->disp_raw) scon = scon_raw; else From patchwork Fri May 12 10:23:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239050 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2026C7EE24 for ; Fri, 12 May 2023 10:23:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240696AbjELKXw (ORCPT ); Fri, 12 May 2023 06:23:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240693AbjELKXk (ORCPT ); Fri, 12 May 2023 06:23:40 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0B2FCE for ; Fri, 12 May 2023 03:23:33 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-96aadfb19d7so79797766b.2 for ; Fri, 12 May 2023 03:23:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887012; x=1686479012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eivSVdUQICgh4MaBbhp/ck88yPGPptoEbUC2TVWUHh4=; b=SSJLgH0ILNIk4GHn7Oy62scp4KB2uBZobrsxkxh4jKm+WRSVQ0skaNLKV+QOfQcPN4 nGhijxR2GLt/KSl1VUEzHrOzJ5QoYDMs1lxRR6X/XtlU1rzKbFxZ/UOTWw9F+oL8/9Oc vHeSJ0O7u21PHFksbQP23ch2ZgWx7TKoQZt9mHC/ajkTo7B/cZNAXjzQWJBE+jDxAbfC 7Q8xMFXdK5TGdF7FmNEida9Z8Cir7Amq3UbE0TdGYf/S0YsZppo9bArtX+CLsW8zLgA+ fH3KTKGsoxy3xXZigHpYMi+MbmOH5jt6AxvNbi+xg5mErvcTIUudiFyU7VOWgSfT+eDd Q7+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887012; x=1686479012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eivSVdUQICgh4MaBbhp/ck88yPGPptoEbUC2TVWUHh4=; b=PZc9vkLrKlPMDAee2n91cJrIiScgnnV3MoAuf9vHERN0D2uK81YdnfjC1iQwQY4Tcp jjka7J3TfWUVi7ePlzdJ8XVqTpSqzAra0fVvjTu387vJHtTrmyBtJ3HqciLKNReSkmR1 BmQmP7g9e1uJYJbgzeL9orDR75OvosdLROS4pRSFM/TqL29rDswYlyN6EeK88cXrKGnU DnN5wvkRv54hpfEDA9AvOv9/uFi16dL+ayLumlSCHbV1Xc+kAgaQ+R8GgmJVOZwGtlKv rY2V6yl/rORTV62hCIVcw1JR/JUh9uxqTOirJ1sCQjdEGRfrmiMnSYtr+aT5ArLTUxPz lgLQ== X-Gm-Message-State: AC+VfDzvryHjM/gKvljXaE586Xn5i1GX8kP7i1spUS9tKu//DFqHl8eo X/7nweyZQo99SdVUWyilyowtxhUHpEYVqQ== X-Google-Smtp-Source: ACHHUZ7zHK3EGPEyqS9TG0xppsy3vQ/6nVw0CeER+uMorO5NbY2mvi4olwN/9aSYQOaE/3oS1kNuBA== X-Received: by 2002:a17:907:31cb:b0:95e:ce3b:a471 with SMTP id xf11-20020a17090731cb00b0095ece3ba471mr22423762ejb.55.1683887012004; Fri, 12 May 2023 03:23:32 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:31 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 8/9] restorecond: check selinux_restorecon(3) for failure Date: Fri, 12 May 2023 12:23:21 +0200 Message-Id: <20230512102322.72235-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org watch.c: In function ‘watch_list_add’: watch.c:74:25: error: ignoring return value of ‘selinux_restorecon’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 74 | selinux_restorecon(globbuf.gl_pathv[i], | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 75 | r_opts.restorecon_flags); | ~~~~~~~~~~~~~~~~~~~~~~~~ watch.c: In function ‘watch_list_find’: watch.c:141:33: error: ignoring return value of ‘selinux_restorecon’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 141 | selinux_restorecon(path, | ^~~~~~~~~~~~~~~~~~~~~~~~ 142 | r_opts.restorecon_flags); | ~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche --- restorecond/watch.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/restorecond/watch.c b/restorecond/watch.c index 98ff797b..64bc29c6 100644 --- a/restorecond/watch.c +++ b/restorecond/watch.c @@ -71,8 +71,12 @@ void watch_list_add(int fd, const char *path) if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) continue; - selinux_restorecon(globbuf.gl_pathv[i], - r_opts.restorecon_flags); + + if (selinux_restorecon(globbuf.gl_pathv[i], r_opts.restorecon_flags) < 0) { + if (errno != ENOENT) + syslog(LOG_ERR, "Unable to relabel %s: %s\n", + globbuf.gl_pathv[i], strerror(errno)); + } } globfree(&globbuf); } @@ -138,8 +142,12 @@ int watch_list_find(int wd, const char *file) 0) exitApp("Error allocating memory."); - selinux_restorecon(path, - r_opts.restorecon_flags); + if (selinux_restorecon(path, r_opts.restorecon_flags) < 0) { + if (errno != ENOENT) + syslog(LOG_ERR, "Unable to relabel %s: %s\n", + path, strerror(errno)); + } + free(path); return 0; } From patchwork Fri May 12 10:23:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239051 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2177C7EE25 for ; Fri, 12 May 2023 10:23:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240681AbjELKXy (ORCPT ); Fri, 12 May 2023 06:23:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240669AbjELKXs (ORCPT ); Fri, 12 May 2023 06:23:48 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A18821160A for ; Fri, 12 May 2023 03:23:34 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-965f7bdab6bso1631240166b.3 for ; Fri, 12 May 2023 03:23:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683887012; x=1686479012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jtuF1WyPLprLSufpJla68O/unTeza43ZzPUlJs2Z33s=; b=FAR/A+5VNDsS0x87iXvSuKv2vZ+z69eSsWGJm/dEJZeGCqZ5wejWXu8vxVjusemI7r Z4WXqir3V9WF9qTx85VdPnITJGmNf/4eQhhP/NXFTaoOlXxuYagwOeqZaaZQNwDJVjeH aHQktfUfoDQNZSwUrrifJaj7Udj0r+gwodZNL/aJ0ajirSG0XN4+MrBq/d9Q0Uw21Cqe Fr9rfkY5Xybn6WhlserKdvT1qr3CLJJMDx/RDvXmBHbMwvBUO6E5FGo80Qwux+AXhXXL n3B2w5cA4XciKbpK1UU2dLGuZ2xAnRKITJRg2lB1XV7XFrMlboUV1tU+0R2g5wlwD0eU ZkjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683887012; x=1686479012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jtuF1WyPLprLSufpJla68O/unTeza43ZzPUlJs2Z33s=; b=EDvdDtfSioIHvfk0vXmngE0Twcn/KW4KZgs7fdvokdo4j5F7K2EQmh57wlYDDGMiDu gFKerL8ZksCKiRzOn7jw1tuSK8PtImLBWXoUDRM/3perknO3N/YI8US8NA2S4o5rylE+ VBshBZJT7GZ21CQ72HrQcZU/wQoId7ZsghyYM0O1hZGBSid6grL277chN33LB+HbNcH0 zzoU9I48GTSJORyn5yc24eC0NqeSaAVIu1QysAOr0nYO7KdKHKs8gCaZv9x6U0G8DdIP APShQXVK+0qnpaCgAevM+PpI32rggxzGP824SM9S9DYjt4sVC+5k4nidMC9PHG8RDXGI wy5A== X-Gm-Message-State: AC+VfDy1ZOV5DhfVqCII+XHIBicTK7dMKMUnC1D7J4w7w6A42zvFmGxU zFzJXKZaYAxn6k9xvUsfUawxw5Zyd1QcTA== X-Google-Smtp-Source: ACHHUZ5XWn+Trorg6rIVu1xlxUxesMtckgvfd4Wrr5jqDZmTtE1BiyfhKusAsjzgN60UjB5AbD3pdQ== X-Received: by 2002:a17:907:7b96:b0:966:1e74:a3ff with SMTP id ne22-20020a1709077b9600b009661e74a3ffmr20816617ejc.40.1683887012625; Fri, 12 May 2023 03:23:32 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id gz4-20020a170907a04400b009571293d6acsm5202920ejc.59.2023.05.12.03.23.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:23:32 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 9/9] restorecond: drop last matchpathcon call Date: Fri, 12 May 2023 12:23:22 +0200 Message-Id: <20230512102322.72235-9-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512102322.72235-1-cgzones@googlemail.com> References: <20230512102322.72235-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org As restorecond does not use the matchpathcon family but the selabel one, via selinux_restorecon(3), drop the last unneeded call. Signed-off-by: Christian Göttsche --- restorecond/user.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/restorecond/user.c b/restorecond/user.c index 3ae3ebbb..defba9b4 100644 --- a/restorecond/user.c +++ b/restorecond/user.c @@ -279,8 +279,6 @@ int server(int master_fd, const char *watch_file) { if (watch_list_isempty()) goto end; - set_matchpathcon_flags(MATCHPATHCON_NOTRANS); - GIOChannel *c = g_io_channel_unix_new(master_fd); g_io_add_watch_full(c,