From patchwork Mon Dec 11 15:00:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13487375 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="NN0nqRis" Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E053A9 for ; Mon, 11 Dec 2023 07:00:38 -0800 (PST) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-a1c7b20f895so530818266b.2 for ; Mon, 11 Dec 2023 07:00:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1702306837; x=1702911637; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=NiLLniJLE6fb8KiurbJNtdtPhG37u715gDxtCJGRTDg=; b=NN0nqRisBRiBGUVnap9OTEiHNJDRVkw7PFq4qqu3mI/3PBotWhqCiyPl2iMgWEOCUw 1+H3BGNyktNX9XkspgN1eu7eEr4MqzxER1OdgqZpOu2MLMyA5GXmaRQFMG1EMKI3MQJs OAo2heV1/xPykAHE0gVmQeblE2F3PCaHTC/aD1kycfAM2pJfWor07cLOn7HzWKvGnnDe 9HPVKpLH8hqhe2jXIEM5u56j74aKxmnaosoCieJDTLdkxiYYlspB/xjdV0YTr5mz1szl HBk4NrYs5/edWiQqpyBKJ8OAxqlkmm064OWkB04ICbemjO1VvWkbhjakFQbAqJ/vFRbZ TcEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702306837; x=1702911637; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NiLLniJLE6fb8KiurbJNtdtPhG37u715gDxtCJGRTDg=; b=X1nNWg+eeukKzlwaU6jWC72xA4LjVE29ZLYhKJyLix+F6acVKSllDe6kOECHKrAMLT N8jDpoudG8lfr9BxYzRXApv73SfjfdmULFtE/aXpjOQ4sjRU3hKyQLUI5CItRG0pIusR FIIm8gAS8V8mIV4jGmWJyS177bliBcbv4YyFsJrrw4oBFanXaVqT77eHh8REy5j3hKSk eUivT/OI16J9WRYpeWX3nihVMjywFPJugdattn+sEETyrDoBMtPtreIjIwMP5sN9DgO8 5D1u2lREmeIDPDM/kpk07/WRYen0/pOdAGCOcuvlrRVWyK5EJAHn6sfU5mQb2BqMwdti GEfA== X-Gm-Message-State: AOJu0YxNiyKWOWFgwdNglz4BcUavt+d0ut3IrVJy1vpR56adRPNLpIm4 nkdy0FQ87lx/KdBZENwi1CotXt579zA= X-Google-Smtp-Source: AGHT+IHlYBJP5Nf2F7O85cSpxsaha9Ie8x+HeMQr6WJfa66x4c2JsjtXxtMUIUS3rtRk3ZilKR8tag== X-Received: by 2002:a17:906:e215:b0:a1d:3ecc:8add with SMTP id gf21-20020a170906e21500b00a1d3ecc8addmr2236713ejb.78.1702306836962; Mon, 11 Dec 2023 07:00:36 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-001-173-175.77.1.pool.telefonica.de. [77.1.173.175]) by smtp.gmail.com with ESMTPSA id vq6-20020a170907a4c600b00a19b7362dcfsm4983559ejc.139.2023.12.11.07.00.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 07:00:36 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/3] libselinux: update const qualifier of parameters in man pages Date: Mon, 11 Dec 2023 16:00:29 +0100 Message-ID: <20231211150031.127850-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add missing const qualifier to parameters in the man pages to align them with . Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/man/man3/getexeccon.3 | 4 +-- libselinux/man/man3/security_compute_av.3 | 32 +++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/libselinux/man/man3/getexeccon.3 b/libselinux/man/man3/getexeccon.3 index d6222a4f..9cc24e8c 100644 --- a/libselinux/man/man3/getexeccon.3 +++ b/libselinux/man/man3/getexeccon.3 @@ -11,9 +11,9 @@ rpm_execcon \- run a helper for rpm in an appropriate security context .sp .BI "int getexeccon_raw(char **" context ); .sp -.BI "int setexeccon(char *" context ); +.BI "int setexeccon(const char *" context ); .sp -.BI "int setexeccon_raw(char *" context ); +.BI "int setexeccon_raw(const char *" context ); .sp .BI "int setexecfilecon(const char *" filename ", const char *" fallback_type ); .sp diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3 index efa4baf3..6c82eca5 100644 --- a/libselinux/man/man3/security_compute_av.3 +++ b/libselinux/man/man3/security_compute_av.3 @@ -7,37 +7,37 @@ the SELinux policy database in the kernel .SH "SYNOPSIS" .B #include .sp -.BI "int security_compute_av(char *" scon ", char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); +.BI "int security_compute_av(const char *" scon ", const char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); .sp -.BI "int security_compute_av_raw(char *" scon ", char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); +.BI "int security_compute_av_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); .sp -.BI "int security_compute_av_flags(char *" scon ", char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); +.BI "int security_compute_av_flags(const char *" scon ", const char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); .sp -.BI "int security_compute_av_flags_raw(char *" scon ", char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); +.BI "int security_compute_av_flags_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); .sp -.BI "int security_compute_create(char *" scon ", char *" tcon ", security_class_t "tclass ", char **" newcon ); +.BI "int security_compute_create(const char *" scon ", const char *" tcon ", security_class_t "tclass ", char **" newcon ); .sp -.BI "int security_compute_create_raw(char *" scon ", char *" tcon ", security_class_t "tclass ", char **" newcon ); +.BI "int security_compute_create_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", char **" newcon ); .sp -.BI "int security_compute_create_name(char *" scon ", char *" tcon ", security_class_t "tclass ", const char *" objname ", char **" newcon ); +.BI "int security_compute_create_name(const char *" scon ", const char *" tcon ", security_class_t "tclass ", const char *" objname ", char **" newcon ); .sp -.BI "int security_compute_create_name_raw(char *" scon ", char *" tcon ", security_class_t "tclass ", const char *" objname ", char **" newcon ); +.BI "int security_compute_create_name_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", const char *" objname ", char **" newcon ); .sp -.BI "int security_compute_relabel(char *" scon ", char *" tcon ", security_class_t "tclass ", char **" newcon ); +.BI "int security_compute_relabel(const char *" scon ", const char *" tcon ", security_class_t "tclass ", char **" newcon ); .sp -.BI "int security_compute_relabel_raw(char *" scon ", char *" tcon ", security_class_t "tclass ", char **" newcon ); +.BI "int security_compute_relabel_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", char **" newcon ); .sp -.BI "int security_compute_member(char *" scon ", char *" tcon ", security_class_t "tclass ", char **" newcon ); +.BI "int security_compute_member(const char *" scon ", const char *" tcon ", security_class_t "tclass ", char **" newcon ); .sp -.BI "int security_compute_member_raw(char *" scon ", char *" tcon ", security_class_t "tclass ", char **" newcon ); +.BI "int security_compute_member_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", char **" newcon ); .sp -.BI "int security_compute_user(char *" scon ", const char *" username ", char ***" con ); +.BI "int security_compute_user(const char *" scon ", const char *" username ", char ***" con ); .sp -.BI "int security_compute_user_raw(char *" scon ", const char *" username ", char ***" con ); +.BI "int security_compute_user_raw(const char *" scon ", const char *" username ", char ***" con ); .sp -.BI "int security_validatetrans(char *" scon ", const char *" tcon ", security_class_t "tclass ", char *" newcon ); +.BI "int security_validatetrans(const char *" scon ", const char *" tcon ", security_class_t "tclass ", const char *" newcon ); .sp -.BI "int security_validatetrans_raw(char *" scon ", const char *" tcon ", security_class_t "tclass ", char *" newcon ); +.BI "int security_validatetrans_raw(const char *" scon ", const char *" tcon ", security_class_t "tclass ", const char *" newcon ); .sp .BI "int security_get_initial_context(const char *" name ", char **" con ); .sp From patchwork Mon Dec 11 15:00:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13487374 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="FIkhXd0C" Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54F33AB for ; Mon, 11 Dec 2023 07:00:39 -0800 (PST) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-9fa45e75ed9so518005066b.1 for ; Mon, 11 Dec 2023 07:00:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1702306838; x=1702911638; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2UjZTySHNB2P+vNE/4xggV9jecsPUDSn2PqnFhrTosc=; b=FIkhXd0CSrSgRVGWrI/enaACttL5XR4WdzreeqstetBQhsJKfFbuQ3YzGtKoY4xsRb Nx+soyItwGOzbo+Q2cH5bI3Z3vPFhENUjWxI9WHAyiC59XXncjK49imt014bNEUP5qy2 qS2IY+u2CDRg8bUs4+cu0EnweMRHaAuVHpugw1QcnyKAHz7qe/JSJ7kpFrmoGpdUaiSH mLkKhsDUM07lBJWdr9ku62qsCBOPTbNGWX9c5ps5KnuqwCQJHKcvBjOfgrgWB9x0aJFw 4LMyksbc58rYcfPG5S48X1HLDNdr1mQZkGJvw0VhOfAGjDcINAYThB4q9r0WmCiyxqt0 mwag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702306838; x=1702911638; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2UjZTySHNB2P+vNE/4xggV9jecsPUDSn2PqnFhrTosc=; b=eT6KYpDwdiiSIm1DpCz+u6JmcJzvER948iA/xnwCsvK1rj3ZpNhQLc8jnpa0vOyGxv 0LWP+dRnWUswxIVUkWx/Ko94zLswiTUhh+HD/I6oPqbbe7ZCLZzW+kzN524ujCdIUCDR vt4pC6psK7cvushlOkTbDSXG/3w2+sYE7kEct45slZ6HZTsFWkeWkmPEqTdJEIqMBWiB /1RO31xFM9qDnaWwHZMlmvuX77D/WmZEVLST8oZNn+vbuXutxp3Z6xHZCgCReetSsIQL OVWjm1VbJMcxGGdzxcsipwHqCdxwSlXSp1TVvX81MbW9aT5COrWpuCah5QKEXVAOaI9k /yWw== X-Gm-Message-State: AOJu0Yyrk9+gj6IYhUEAwcfVSstmvOEGrdFV/IZIs0H2yvOAnC595jWd 3sa3/MAIertobk4oJLdLf6soAvosYik= X-Google-Smtp-Source: AGHT+IEKS70E8YqJLTTz4ILYDq7LqZiwF/KbyrJR6aYFjDHYYRsLSJdAWbven17CPBgilathRiYW6w== X-Received: by 2002:a17:906:7489:b0:a19:a19a:eab3 with SMTP id e9-20020a170906748900b00a19a19aeab3mr2096975ejl.108.1702306837510; Mon, 11 Dec 2023 07:00:37 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-001-173-175.77.1.pool.telefonica.de. [77.1.173.175]) by smtp.gmail.com with ESMTPSA id vq6-20020a170907a4c600b00a19b7362dcfsm4983559ejc.139.2023.12.11.07.00.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 07:00:37 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/3] libselinux: always set errno on context translation failure Date: Mon, 11 Dec 2023 16:00:30 +0100 Message-ID: <20231211150031.127850-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231211150031.127850-1-cgzones@googlemail.com> References: <20231211150031.127850-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow callers to expect errno is set on failure, e.g. other exported libselinux functions like setexecfilecon(3). Signed-off-by: Christian Göttsche --- libselinux/src/setrans_client.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c index 920f9032..d7dbc0ca 100644 --- a/libselinux/src/setrans_client.c +++ b/libselinux/src/setrans_client.c @@ -92,8 +92,10 @@ send_request(int fd, uint32_t function, const char *data1, const char *data2) ssize_t count, expected; unsigned int i; - if (fd < 0) + if (fd < 0) { + errno = EINVAL; return -1; + } if (!data1) data1 = ""; @@ -123,8 +125,12 @@ send_request(int fd, uint32_t function, const char *data1, const char *data2) while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0) && (errno == EINTR)) ; - if (count < 0 || count != expected) + if (count < 0) + return -1; + if (count != expected) { + errno = EBADMSG; return -1; + } return 0; } @@ -140,8 +146,10 @@ receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val) struct iovec resp_data; ssize_t count; - if (fd < 0) + if (fd < 0) { + errno = EINVAL; return -1; + } resp_hdr[0].iov_base = &func; resp_hdr[0].iov_len = sizeof(func); @@ -151,11 +159,17 @@ receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val) resp_hdr[2].iov_len = sizeof(*ret_val); while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ; + if (count < 0) { + return -1; + } + if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) { + errno = EBADMSG; return -1; } if (func != function || !data_size || data_size > MAX_DATA_BUF) { + errno = EBADMSG; return -1; } @@ -172,6 +186,8 @@ receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val) if (count < 0 || (uint32_t) count != data_size || data[data_size - 1] != '\0') { free(data); + if (count >= 0) + errno = EBADMSG; return -1; } *outdata = data; From patchwork Mon Dec 11 15:00:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13487376 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="CRxEn5W1" Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98B7BCF for ; Mon, 11 Dec 2023 07:00:39 -0800 (PST) Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-54f4fa5002cso3934135a12.1 for ; Mon, 11 Dec 2023 07:00:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1702306838; x=1702911638; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=y+i3fJpta+YZL7Kqt3KB1G/o84dul4fXPO2DxheMfn0=; b=CRxEn5W10NOLVM7Rtwt5T/9zI2/lKyp3J4EZ9TxErh6sTWJX/yps+poJHibT9GJaWc +7KphUM+Ned71ElJMdE3K1Z11ic2W5Q201ZymS5zenDmh5d5eQh7EoIuSd/mVzSAR6zF pxTy++uGSr9Vp+Qfc4Dkovrux44CU0Xjo4rUnf8WEqhc6XJkmUvQ98u6crtkqu352VeD Nnnfkoh9/4uHcuSyKVHu29Ztn5eTZN697j/qhFDvVOKlmp4f7uN4wJHJPLGnxXHLx1JF UJXdYDhKRMbH8HfWA+wICWUibaHsERr4+1mqZT93GOTyDO7cEBtQnrA2FdrPakk18TJ4 yBrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702306838; x=1702911638; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y+i3fJpta+YZL7Kqt3KB1G/o84dul4fXPO2DxheMfn0=; b=Rvw9E0BpXVZ9sVQ6fsOsPxkeFRejaRmopIyMcwADFpkflKZmF15SMEbKBP0KyAC0jG rQSkS4m/rXvQVPOtcQ895cQQ76eWpDBMff+HMpelzdBHP1H0jR+fOgFRGj32PidKIDsQ do0NDnUxD/NL4vqlxdXUat3is/ZnENccD3qJwPlPu8FjcRgaIeouuyCm0fEM5fkXEIoV c/NAwlcsi3i/Q3E/ZeCaLXyfDBWgFyAmu854wx4Cjh0SQA5uHcMiDUEp4lcIrLxWieyU i9J0PiD93qMBl2g5teVex+/LN9kHb4RCn1emudgOCPX+FKcEMlsLphIhWM86AJfDWqoM xSag== X-Gm-Message-State: AOJu0YxMceI521wJvZKmSiY98Pj2QD2shPAePXohAH0VW8yP2xNyVrAs sqjZIKjn6g/nIbO+FFncQWDqg5xj4Ek= X-Google-Smtp-Source: AGHT+IEj373zTzE8MNOslq1N1xKAThDERkMsaclPDj1sROpVTktvNmMetTdJrzd2Z7yWwX1frPnOAQ== X-Received: by 2002:a17:906:ac7:b0:a18:7b92:d8b9 with SMTP id z7-20020a1709060ac700b00a187b92d8b9mr2126889ejf.38.1702306837991; Mon, 11 Dec 2023 07:00:37 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-001-173-175.77.1.pool.telefonica.de. [77.1.173.175]) by smtp.gmail.com with ESMTPSA id vq6-20020a170907a4c600b00a19b7362dcfsm4983559ejc.139.2023.12.11.07.00.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 07:00:37 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 3/3] libselinux: state setexecfilecon(3) sets errno on failure Date: Mon, 11 Dec 2023 16:00:31 +0100 Message-ID: <20231211150031.127850-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231211150031.127850-1-cgzones@googlemail.com> References: <20231211150031.127850-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The other functions (getexeccon(3) and setexeccon(3)) from the man page also set errno on failure similar to the getcon(3) function family. Signed-off-by: Christian Göttsche --- libselinux/man/man3/getexeccon.3 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libselinux/man/man3/getexeccon.3 b/libselinux/man/man3/getexeccon.3 index 9cc24e8c..edaa6669 100644 --- a/libselinux/man/man3/getexeccon.3 +++ b/libselinux/man/man3/getexeccon.3 @@ -89,7 +89,9 @@ then executes the specified filename with the provided argument and environment arrays. . .SH "RETURN VALUE" -On error \-1 is returned. +On failure, \-1 is returned and +.I errno +is set appropriately. On success .BR getexeccon (),