[Selinux-commits] SF.net SVN: selinux: [2557] trunk/libselinux/src

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2557
          http://selinux.svn.sourceforge.net/selinux/?rev=2557&view=rev
Author:   ssmalley
Date:     2007-09-12 08:45:09 -0700 (Wed, 12 Sep 2007)

Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: getfilecon return code
Date: Mon, 09 Jul 2007 14:42:35 -0400

On Mon, 2007-07-09 at 14:30 -0400, Stephen Smalley wrote:
> On Mon, 2007-07-09 at 14:07 -0400, John D. Ramsdell wrote:
> > I hadn't carefully read the manual page for getfilecon until now, but
> > I notice it states that a positive number is returned indicating the
> > number of bytes malloc'd for the context, and -1 is returned
> > indicating failure and that errno is set.  I would have guessed from
> > the description that zero is never an allowed return value.  In fact,
> > I wrote code that freecon'd a context whenever the return value was
> > not -1.
> 
> freecon(NULL) is perfectly legal and harmless, like free(NULL), so that
> part is ok.
> 
> It is possible to set extended attributes with no values, e.g. 
> 	$ setfattr -n user.foo /path/to/foo
> 	$ getfattr -n user.foo /path/to/foo
> and directly calling getxattr() on that file will return 0.
> 
> So technically this is a possible case, even if it is unusual and was
> introduced in this case by the proc sysctl rewrite in the kernel leaving
> us with "private" /proc/sys inodes.
> 
> I'd be inclined to change security_inode_getsecurity() in the kernel to
> return -EOPNOTSUPP in the IS_PRIVATE(inode) case.  But that won't help
> with current kernels, of course.
> 
> libselinux could remap a zero return from getxattr to a -1 return with
> errno EOPNOTSUPP in the meantime if we want to present this behavior to
> applications now.

Like so:

Modified Paths:
--------------
    trunk/libselinux/src/fgetfilecon.c
    trunk/libselinux/src/getfilecon.c
    trunk/libselinux/src/lgetfilecon.c

Modified: trunk/libselinux/src/fgetfilecon.c
===================================================================

--- trunk/libselinux/src/fgetfilecon.c	2007-09-10 19:30:31 UTC (rev 2556)
+++ trunk/libselinux/src/fgetfilecon.c	2007-09-12 15:45:09 UTC (rev 2557)
@@ -37,6 +37,11 @@
 		ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
 	}
       out:
+	if (ret == 0) {
+		/* Re-map empty attribute values to errors. */
+		errno = EOPNOTSUPP;
+		ret = -1;
+	}
 	if (ret < 0)
 		free(buf);
 	else

Modified: trunk/libselinux/src/getfilecon.c
===================================================================
--- trunk/libselinux/src/getfilecon.c	2007-09-10 19:30:31 UTC (rev 2556)
+++ trunk/libselinux/src/getfilecon.c	2007-09-12 15:45:09 UTC (rev 2557)
@@ -37,6 +37,11 @@
 		ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
 	}
       out:
+	if (ret == 0) {
+		/* Re-map empty attribute values to errors. */
+		errno = EOPNOTSUPP;
+		ret = -1;
+	}
 	if (ret < 0)
 		free(buf);
 	else

Modified: trunk/libselinux/src/lgetfilecon.c
===================================================================
--- trunk/libselinux/src/lgetfilecon.c	2007-09-10 19:30:31 UTC (rev 2556)
+++ trunk/libselinux/src/lgetfilecon.c	2007-09-12 15:45:09 UTC (rev 2557)
@@ -37,6 +37,11 @@
 		ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
 	}
       out:
+	if (ret == 0) {
+		/* Re-map empty attribute values to errors. */
+		errno = EOPNOTSUPP;
+		ret = -1;
+	}
 	if (ret < 0)
 		free(buf);
 	else


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


