This isn't quite ready (ENODATA is one issue, not well tested is
another), but it should give a good idea of what's coming.
With this, the recently-reported chcon abort will be fixed properly,
and I can remove a related hack in ls.c.
>From 321981877c8f31faa724890fd45e2ef967a6befa Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyer...@redhat.com>
Date: Wed, 7 Oct 2009 19:00:42 +0200
Subject: [PATCH] selinux-h: always use getfilecon wrappers
* lib/getfilecon.c: New file.
* lib/se-selinux.in.h: Use a better inclusion guard symbol name.
[HAVE_SELINUX_SELINUX_H]: Include-next <selinux/selinux.h>.
[!HAVE_SELINUX_SELINUX_H]: Use better parameter names.
(fgetfilecon): Provide a stub.
* m4/selinux-selinux-h.m4 (gl_HEADERS_SELINUX_SELINUX_H): Don't
AC_SUBST SELINUX_SELINUX_H, since now we're generating that
file unconditionally.
When <selinux/selinux.h> is found, arrange to use wrappers.
* modules/selinux-h (Files): Add getfilecon.c.
(Makefile.am): Substitute include-next-related bits
into the now-always-generated selinux/selinux.h file.
---
ChangeLog | 16 +++++++++
lib/getfilecon.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++
lib/se-selinux.in.h | 39 +++++++++++++++-------
m4/selinux-selinux-h.m4 | 20 +++++++++--
modules/selinux-h | 10 +++++-
5 files changed, 148 insertions(+), 18 deletions(-)
create mode 100644 lib/getfilecon.c
diff --git a/ChangeLog b/ChangeLog
index 6f9e546..e4e401d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2009-10-07 Jim Meyering <meyer...@redhat.com>
+
+ selinux-h: always use getfilecon wrappers
+ * lib/getfilecon.c: New file.
+ * lib/se-selinux.in.h: Use a better inclusion guard symbol name.
+ [HAVE_SELINUX_SELINUX_H]: Include-next <selinux/selinux.h>.
+ [!HAVE_SELINUX_SELINUX_H]: Use better parameter names.
+ (fgetfilecon): Provide a stub.
+ * m4/selinux-selinux-h.m4 (gl_HEADERS_SELINUX_SELINUX_H): Don't
+ AC_SUBST SELINUX_SELINUX_H, since now we're generating that
+ file unconditionally.
+ When <selinux/selinux.h> is found, arrange to use wrappers.
+ * modules/selinux-h (Files): Add getfilecon.c.
+ (Makefile.am): Substitute include-next-related bits
+ into the now-always-generated selinux/selinux.h file.
+
2009-10-08 Jim Meyering <meyer...@redhat.com>
unistd: fix comment typo
diff --git a/lib/getfilecon.c b/lib/getfilecon.c
new file mode 100644
index 0000000..65858e9
--- /dev/null
+++ b/lib/getfilecon.c
@@ -0,0 +1,81 @@
+/* wrap getfilecon, lgetfilecon, and fgetfilecon
+ Copyright (C) 2009 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* written by Jim Meyering */
+
+#include <config.h>
+
+#include <selinux/selinux.h>
+
+#include <sys/types.h>
+#include <errno.h>
+#include <string.h>
+
+#undef getfilecon
+#undef lgetfilecon
+#undef fgetfilecon
+int getfilecon (char const *file, security_context_t *con);
+int lgetfilecon (char const *file, security_context_t *con);
+int fgetfilecon (int fd, security_context_t *con);
+
+/* getfilecon, lgetfilecon, and fgetfilecon can all misbehave, be it
+ via an old version of libselinux where these would return 0 and set the
+ result context to NULL, or via a modern kernel+lib operating on a file
+ from a disk whose attributes were set by a kernel from around 2006.
+ In that latter case, the functions return a length of 10 for the
+ "unlabeled" context. Map both failures to a return value of -1, and
+ set errno to ENOTSUP in the first case, and ENODATA in the latter. */
+
+static inline int
+map_to_failure (int ret, security_context_t *con)
+{
+ if (ret == 0)
+ {
+ errno = ENOTSUP;
+ return -1;
+ }
+
+ if (ret == 10 && strcmp (*con, "unlabeled") == 0)
+ {
+ freecon (*con);
+ errno = ENODATA;
+ return -1;
+ }
+
+ return ret;
+}
+
+int
+rpl_getfilecon (char const *file, security_context_t *con)
+{
+ int ret = getfilecon (file, con);
+ return map_to_failure (ret, con);
+}
+
+int
+rpl_lgetfilecon (char const *file, security_context_t *con)
+{
+ int ret = lgetfilecon (file, con);
+ return map_to_failure (ret, con);
+}
+
+int
+rpl_fgetfilecon (int fd, security_context_t *con)
+{
+ int ret = fgetfilecon (fd, con);
+ return map_to_failure (ret, con);
+}
diff --git a/lib/se-selinux.in.h b/lib/se-selinux.in.h
index 25cbaae..c09aebd 100644
--- a/lib/se-selinux.in.h
+++ b/lib/se-selinux.in.h
@@ -1,12 +1,22 @@
-#ifndef SELINUX_SELINUX_H
-# define SELINUX_SELINUX_H
+#ifndef _GL_SELINUX_SELINUX_H
+# define _GL_SELINUX_SELINUX_H
-# include <sys/types.h>
-# include <errno.h>
+# if __GNUC__ >= 3
+...@pragma_system_header@
+# endif
+
+# if HAVE_SELINUX_SELINUX_H
+
+...@include_next@ @NEXT_SELINUX_SELINUX_H@
+
+# else
+
+# include <sys/types.h>
+# include <errno.h>
typedef unsigned short security_class_t;
-# define security_context_t char*
-# define is_selinux_enabled() 0
+# define security_context_t char*
+# define is_selinux_enabled() 0
static inline int getcon (security_context_t *con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
@@ -17,20 +27,23 @@ static inline int getfscreatecon (security_context_t *con
_UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
static inline int setfscreatecon (security_context_t con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
-static inline int matchpathcon (char const *s _UNUSED_PARAMETER_,
+static inline int matchpathcon (char const *file _UNUSED_PARAMETER_,
mode_t m _UNUSED_PARAMETER_,
security_context_t *con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
-static inline int getfilecon (char const *s _UNUSED_PARAMETER_,
+static inline int getfilecon (char const *file _UNUSED_PARAMETER_,
security_context_t *con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
-static inline int lgetfilecon (char const *s _UNUSED_PARAMETER_,
+static inline int lgetfilecon (char const *file _UNUSED_PARAMETER_,
security_context_t *con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
-static inline int setfilecon (char const *s _UNUSED_PARAMETER_,
+static inline int fgetfilecon (int fd,
+ security_context_t *con _UNUSED_PARAMETER_)
+ { errno = ENOTSUP; return -1; }
+static inline int setfilecon (char const *file _UNUSED_PARAMETER_,
security_context_t con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
-static inline int lsetfilecon (char const *s _UNUSED_PARAMETER_,
+static inline int lsetfilecon (char const *file _UNUSED_PARAMETER_,
security_context_t con _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
static inline int fsetfilecon (int fd _UNUSED_PARAMETER_,
@@ -55,4 +68,6 @@ static inline int matchpathcon_init_prefix
(char const *path _UNUSED_PARAMETER_,
char const *prefix _UNUSED_PARAMETER_)
{ errno = ENOTSUP; return -1; }
-#endif
+
+# endif
+#endif /* _GL_SELINUX_SELINUX_H */
diff --git a/m4/selinux-selinux-h.m4 b/m4/selinux-selinux-h.m4
index 20dc77c..767c4f7 100644
--- a/m4/selinux-selinux-h.m4
+++ b/m4/selinux-selinux-h.m4
@@ -6,14 +6,26 @@
# From Jim Meyering
# Provide <selinux/selinux.h>, if necessary.
+# If it is already present, provide wrapper functions to guard against
+# misbehavior from getfilecon, lgetfilecon, and fgetfilecon.
AC_DEFUN([gl_HEADERS_SELINUX_SELINUX_H],
[
AC_REQUIRE([gl_LIBSELINUX])
- AC_CHECK_HEADERS([selinux/selinux.h],
- [SELINUX_SELINUX_H=],
- [SELINUX_SELINUX_H=selinux/selinux.h])
- AC_SUBST([SELINUX_SELINUX_H])
+ AC_CHECK_HEADERS([selinux/selinux.h])
+
+ if test "$ac_cv_header_selinux_selinux_h" = yes; then
+ # We do have <selinux/selinux.h>, so do compile getfilecon.c
+ # and arrange to use its wrappers.
+ AC_LIBOBJ([getfilecon])
+ gl_CHECK_NEXT_HEADERS([selinux/selinux.h])
+ AC_DEFINE([getfilecon], [rpl_getfilecon],
+ [Always use our getfilecon wrapper.])
+ AC_DEFINE([lgetfilecon], [rpl_lgetfilecon],
+ [Always use our lgetfilecon wrapper.])
+ AC_DEFINE([fgetfilecon], [rpl_fgetfilecon],
+ [Always use our fgetfilecon wrapper.])
+ fi
case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in
no:*) # already warned
diff --git a/modules/selinux-h b/modules/selinux-h
index c9a5a04..fd01241 100644
--- a/modules/selinux-h
+++ b/modules/selinux-h
@@ -2,6 +2,7 @@ Description:
SELinux-related headers for systems that lack them.
Files:
+lib/getfilecon.c
lib/se-context.in.h
lib/se-selinux.in.h
m4/selinux-context-h.m4
@@ -18,11 +19,16 @@ AC_REQUIRE([AC_C_INLINE])
Makefile.am:
lib_SOURCES += se-context.in.h se-selinux.in.h
-BUILT_SOURCES += $(SELINUX_SELINUX_H)
+BUILT_SOURCES += selinux/selinux.h
selinux/selinux.h: se-selinux.in.h
$(AM_V_at)$(MKDIR_P) selinux
$(AM_V_GEN)rm -f $...@-t $@ && \
- cp $(srcdir)/se-selinux.in.h $...@-t && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''NEXT_SELINUX_SELINUX_H''@|$(NEXT_SELINUX_SELINUX_H)|g' \
+ < $(srcdir)/se-selinux.in.h; \
+ } > $...@-t && \
chmod a-x $...@-t && \
mv $...@-t $@
MOSTLYCLEANFILES += selinux/selinux.h selinux/selinux.h-t
--
1.6.5.rc3.193.gdf7a
