OpenCoverage

selinux.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/coreutils/src/src/selinux.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* selinux - core functions for maintaining SELinux labeling-
2 Copyright (C) 2012-2018 Free Software Foundation, Inc.-
3-
4 This program is free software: you can redistribute it and/or modify-
5 it under the terms of the GNU General Public License as published by-
6 the Free Software Foundation, either version 3 of the License, or-
7 (at your option) any later version.-
8-
9 This program is distributed in the hope that it will be useful,-
10 but WITHOUT ANY WARRANTY; without even the implied warranty of-
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the-
12 GNU General Public License for more details.-
13-
14 You should have received a copy of the GNU General Public License-
15 along with this program. If not, see <https://www.gnu.org/licenses/>. */-
16-
17/* Written by Daniel Walsh <dwalsh@redhat.com> */-
18-
19#include <config.h>-
20#include <selinux/selinux.h>-
21#include <selinux/context.h>-
22#include <sys/types.h>-
23-
24#include "die.h"-
25#include "error.h"-
26#include "system.h"-
27#include "canonicalize.h"-
28#include "dosname.h"-
29#include "xfts.h"-
30#include "selinux.h"-
31-
32#if HAVE_SELINUX_SELINUX_H-
33-
34# if ! HAVE_MODE_TO_SECURITY_CLASS-
35/*-
36 This function has been added to libselinux-2.1.12-5, but is here-
37 for support with older versions of SELinux-
38-
39 Translates a mode into an Internal SELinux security_class definition.-
40 Returns 0 on failure, with errno set to EINVAL.-
41*/-
42static security_class_t-
43mode_to_security_class (mode_t m)-
44{-
45-
46 if (S_ISREG (m))-
47 return string_to_security_class ("file");-
48 if (S_ISDIR (m))-
49 return string_to_security_class ("dir");-
50 if (S_ISCHR (m))-
51 return string_to_security_class ("chr_file");-
52 if (S_ISBLK (m))-
53 return string_to_security_class ("blk_file");-
54 if (S_ISFIFO (m))-
55 return string_to_security_class ("fifo_file");-
56 if (S_ISLNK (m))-
57 return string_to_security_class ("lnk_file");-
58 if (S_ISSOCK (m))-
59 return string_to_security_class ("sock_file");-
60-
61 errno = EINVAL;-
62 return 0;-
63}-
64# endif-
65-
66/*-
67 This function takes a PATH and a MODE and then asks SELinux what the label-
68 of the path object would be if the current process label created it.-
69 It then returns the label.-
70-
71 Returns -1 on failure. errno will be set appropriately.-
72*/-
73-
74static int-
75computecon (char const *path, mode_t mode, char **con)-
76{-
77 char *scon = NULL;-
78 char *tcon = NULL;-
79 security_class_t tclass;-
80 int rc = -1;-
81-
82 char *dir = dir_name (path);-
83 if (!dir)
!dirDescription
TRUEnever evaluated
FALSEnever evaluated
0
84 goto quit;
never executed: goto quit;
0
85 if (getcon (&scon) < 0)
getcon (&scon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
86 goto quit;
never executed: goto quit;
0
87 if (getfilecon (dir, &tcon) < 0)
rpl_getfilecon...ir, &tcon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
88 goto quit;
never executed: goto quit;
0
89 tclass = mode_to_security_class (mode);-
90 if (!tclass)
!tclassDescription
TRUEnever evaluated
FALSEnever evaluated
0
91 goto quit;
never executed: goto quit;
0
92 rc = security_compute_create (scon, tcon, tclass, con);-
93-
94quit:
code before this statement never executed: quit:
0
95 free (dir);-
96 freecon (scon);-
97 freecon (tcon);-
98 return rc;
never executed: return rc;
0
99}-
100-
101/*-
102 This function takes a path and a mode, it calls computecon to get the-
103 label of the path object if the current process created it, then it calls-
104 matchpathcon to get the default type for the object. It substitutes the-
105 default type into label. It tells the SELinux Kernel to label all new file-
106 system objects created by the current process with this label.-
107-
108 Returns -1 on failure. errno will be set appropriately.-
109*/-
110int-
111defaultcon (char const *path, mode_t mode)-
112{-
113 int rc = -1;-
114 char *scon = NULL;-
115 char *tcon = NULL;-
116 context_t scontext = 0, tcontext = 0;-
117 const char *contype;-
118 char *constr;-
119 char *newpath = NULL;-
120-
121 if (! IS_ABSOLUTE_FILE_NAME (path))
(((path)[0]) == '/')Description
TRUEnever evaluated
FALSEnever evaluated
0 != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
122 {-
123 /* Generate absolute path as required by subsequent matchpathcon(),-
124 with libselinux < 2.1.5 2011-0826. */-
125 newpath = canonicalize_filename_mode (path, CAN_MISSING);-
126 if (! newpath)
! newpathDescription
TRUEnever evaluated
FALSEnever evaluated
0
127 die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
never executed: ((!!sizeof (struct { _Static_assert ( 1 , "verify_expr (" "1" ", " "(error (1, (*__errno_location ()), dcgettext (((void *)0), \"error canonicalizing %s\", 5), quotearg_style (shell_escape_always_quoting_style, path)), assume (false))" ")"); int _gl_dummy...(( 0 ) ? (void) 0 : __builtin_unreachable ()))) : ((error ( 1 , (*__errno_location ()) , dcgettext (((void *)0), "error canonicalizing %s" , 5) , quotearg_style (shell_escape_always_quoting_style, path)), (( 0 ) ? (void) 0 : __builtin_unreachable ())))) ;
0
128 quoteaf (path));
never executed: ((!!sizeof (struct { _Static_assert ( 1 , "verify_expr (" "1" ", " "(error (1, (*__errno_location ()), dcgettext (((void *)0), \"error canonicalizing %s\", 5), quotearg_style (shell_escape_always_quoting_style, path)), assume (false))" ")"); int _gl_dummy...(( 0 ) ? (void) 0 : __builtin_unreachable ()))) : ((error ( 1 , (*__errno_location ()) , dcgettext (((void *)0), "error canonicalizing %s" , 5) , quotearg_style (shell_escape_always_quoting_style, path)), (( 0 ) ? (void) 0 : __builtin_unreachable ())))) ;
0
129 path = newpath;-
130 }
never executed: end of block
0
131-
132 if (matchpathcon (path, mode, &scon) < 0)
matchpathcon (...de, &scon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
133 {-
134 /* "No such file or directory" is a confusing error,-
135 when processing files, when in fact it was the-
136 associated default context that was not found.-
137 Therefore map the error to something more appropriate-
138 to the context in which we're using matchpathcon(). */-
139 if (errno == ENOENT)
(*__errno_location ()) == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
140 errno = ENODATA;
never executed: (*__errno_location ()) = 61 ;
0
141 goto quit;
never executed: goto quit;
0
142 }-
143 if (computecon (path, mode, &tcon) < 0)
computecon (pa...de, &tcon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
144 goto quit;
never executed: goto quit;
0
145 if (!(scontext = context_new (scon)))
!(scontext = c...xt_new (scon))Description
TRUEnever evaluated
FALSEnever evaluated
0
146 goto quit;
never executed: goto quit;
0
147 if (!(tcontext = context_new (tcon)))
!(tcontext = c...xt_new (tcon))Description
TRUEnever evaluated
FALSEnever evaluated
0
148 goto quit;
never executed: goto quit;
0
149-
150 if (!(contype = context_type_get (scontext)))
!(contype = co...et (scontext))Description
TRUEnever evaluated
FALSEnever evaluated
0
151 goto quit;
never executed: goto quit;
0
152 if (context_type_set (tcontext, contype))
context_type_s...text, contype)Description
TRUEnever evaluated
FALSEnever evaluated
0
153 goto quit;
never executed: goto quit;
0
154 if (!(constr = context_str (tcontext)))
!(constr = con...tr (tcontext))Description
TRUEnever evaluated
FALSEnever evaluated
0
155 goto quit;
never executed: goto quit;
0
156-
157 rc = setfscreatecon (constr);-
158-
159quit:
code before this statement never executed: quit:
0
160 context_free (scontext);-
161 context_free (tcontext);-
162 freecon (scon);-
163 freecon (tcon);-
164 free (newpath);-
165 return rc;
never executed: return rc;
0
166}-
167-
168/*-
169 This function takes a PATH of an existing file system object, and a LOCAL-
170 boolean that indicates whether the function should set the object's label-
171 to the default for the local process, or one using system wide settings.-
172 If LOCAL == true, it will ask the SELinux Kernel what the default label-
173 for all objects created should be and then sets the label on the object.-
174 Otherwise it calls matchpathcon on the object to ask the system what the-
175 default label should be, extracts the type field and then modifies the file-
176 system object. Note only the type field is updated, thus preserving MLS-
177 levels and user identity etc. of the PATH.-
178-
179 Returns -1 on failure. errno will be set appropriately.-
180*/-
181static int-
182restorecon_private (char const *path, bool local)-
183{-
184 int rc = -1;-
185 struct stat sb;-
186 char *scon = NULL;-
187 char *tcon = NULL;-
188 context_t scontext = 0, tcontext = 0;-
189 const char *contype;-
190 char *constr;-
191 int fd;-
192-
193 if (local)
localDescription
TRUEnever evaluated
FALSEnever evaluated
0
194 {-
195 if (getfscreatecon (&tcon) < 0)
getfscreatecon (&tcon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
196 return rc;
never executed: return rc;
0
197 if (!tcon)
!tconDescription
TRUEnever evaluated
FALSEnever evaluated
0
198 {-
199 errno = ENODATA;-
200 return rc;
never executed: return rc;
0
201 }-
202 rc = lsetfilecon (path, tcon);-
203 freecon (tcon);-
204 return rc;
never executed: return rc;
0
205 }-
206-
207 fd = open (path, O_RDONLY | O_NOFOLLOW);-
208 if (fd == -1 && (errno != ELOOP))
fd == -1Description
TRUEnever evaluated
FALSEnever evaluated
( (*__errno_lo...on ()) != 40 )Description
TRUEnever evaluated
FALSEnever evaluated
0
209 goto quit;
never executed: goto quit;
0
210-
211 if (fd != -1)
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
212 {-
213 if (fstat (fd, &sb) < 0)
fstat (fd, &sb) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
214 goto quit;
never executed: goto quit;
0
215 }
never executed: end of block
0
216 else-
217 {-
218 if (lstat (path, &sb) < 0)
lstat (path, &sb) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
219 goto quit;
never executed: goto quit;
0
220 }
never executed: end of block
0
221-
222 if (matchpathcon (path, sb.st_mode, &scon) < 0)
matchpathcon (...de, &scon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
223 {-
224 /* "No such file or directory" is a confusing error,-
225 when processing files, when in fact it was the-
226 associated default context that was not found.-
227 Therefore map the error to something more appropriate-
228 to the context in which we're using matchpathcon(). */-
229 if (errno == ENOENT)
(*__errno_location ()) == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
230 errno = ENODATA;
never executed: (*__errno_location ()) = 61 ;
0
231 goto quit;
never executed: goto quit;
0
232 }-
233 if (!(scontext = context_new (scon)))
!(scontext = c...xt_new (scon))Description
TRUEnever evaluated
FALSEnever evaluated
0
234 goto quit;
never executed: goto quit;
0
235-
236 if (fd != -1)
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
237 {-
238 if (fgetfilecon (fd, &tcon) < 0)
rpl_fgetfileco...fd, &tcon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
239 goto quit;
never executed: goto quit;
0
240 }
never executed: end of block
0
241 else-
242 {-
243 if (lgetfilecon (path, &tcon) < 0)
rpl_lgetfileco...th, &tcon) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
244 goto quit;
never executed: goto quit;
0
245 }
never executed: end of block
0
246-
247 if (!(tcontext = context_new (tcon)))
!(tcontext = c...xt_new (tcon))Description
TRUEnever evaluated
FALSEnever evaluated
0
248 goto quit;
never executed: goto quit;
0
249-
250 if (!(contype = context_type_get (scontext)))
!(contype = co...et (scontext))Description
TRUEnever evaluated
FALSEnever evaluated
0
251 goto quit;
never executed: goto quit;
0
252 if (context_type_set (tcontext, contype))
context_type_s...text, contype)Description
TRUEnever evaluated
FALSEnever evaluated
0
253 goto quit;
never executed: goto quit;
0
254 if (!(constr = context_str (tcontext)))
!(constr = con...tr (tcontext))Description
TRUEnever evaluated
FALSEnever evaluated
0
255 goto quit;
never executed: goto quit;
0
256-
257 if (fd != -1)
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
258 rc = fsetfilecon (fd, constr);
never executed: rc = fsetfilecon (fd, constr);
0
259 else-
260 rc = lsetfilecon (path, constr);
never executed: rc = lsetfilecon (path, constr);
0
261-
262quit:
code before this statement never executed: quit:
0
263 if (fd != -1)
fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
264 close (fd);
never executed: close (fd);
0
265 context_free (scontext);-
266 context_free (tcontext);-
267 freecon (scon);-
268 freecon (tcon);-
269 return rc;
never executed: return rc;
0
270}-
271-
272/*-
273 This function takes three parameters:-
274-
275 PATH of an existing file system object.-
276-
277 A RECURSE boolean which if the file system object is a directory, will-
278 call restorecon_private on every file system object in the directory.-
279-
280 A LOCAL boolean that indicates whether the function should set object labels-
281 to the default for the local process, or use system wide settings.-
282-
283 Returns false on failure. errno will be set appropriately.-
284*/-
285bool-
286restorecon (char const *path, bool recurse, bool local)-
287{-
288 char *newpath = NULL;-
289 FTS *fts;-
290 bool ok = true;-
291-
292 if (! IS_ABSOLUTE_FILE_NAME (path) && ! local)
(((path)[0]) == '/')Description
TRUEnever evaluated
FALSEnever evaluated
0 != 0Description
TRUEnever evaluated
FALSEnever evaluated
! localDescription
TRUEnever evaluated
FALSEnever evaluated
0
293 {-
294 /* Generate absolute path as required by subsequent matchpathcon(),-
295 with libselinux < 2.1.5 2011-0826. Also generating the absolute-
296 path before the fts walk, will generate absolute paths in the-
297 fts entries, which may be quicker to process in any case. */-
298 newpath = canonicalize_filename_mode (path, CAN_MISSING);-
299 if (! newpath)
! newpathDescription
TRUEnever evaluated
FALSEnever evaluated
0
300 die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
never executed: ((!!sizeof (struct { _Static_assert ( 1 , "verify_expr (" "1" ", " "(error (1, (*__errno_location ()), dcgettext (((void *)0), \"error canonicalizing %s\", 5), quotearg_style (shell_escape_always_quoting_style, path)), assume (false))" ")"); int _gl_dummy...(( 0 ) ? (void) 0 : __builtin_unreachable ()))) : ((error ( 1 , (*__errno_location ()) , dcgettext (((void *)0), "error canonicalizing %s" , 5) , quotearg_style (shell_escape_always_quoting_style, path)), (( 0 ) ? (void) 0 : __builtin_unreachable ())))) ;
0
301 quoteaf (path));
never executed: ((!!sizeof (struct { _Static_assert ( 1 , "verify_expr (" "1" ", " "(error (1, (*__errno_location ()), dcgettext (((void *)0), \"error canonicalizing %s\", 5), quotearg_style (shell_escape_always_quoting_style, path)), assume (false))" ")"); int _gl_dummy...(( 0 ) ? (void) 0 : __builtin_unreachable ()))) : ((error ( 1 , (*__errno_location ()) , dcgettext (((void *)0), "error canonicalizing %s" , 5) , quotearg_style (shell_escape_always_quoting_style, path)), (( 0 ) ? (void) 0 : __builtin_unreachable ())))) ;
0
302 }
never executed: end of block
0
303-
304 const char *ftspath[2] = { newpath ? newpath : path, NULL };-
305-
306 if (! recurse)
! recurseDescription
TRUEnever evaluated
FALSEnever evaluated
0
307 {-
308 ok = restorecon_private (*ftspath, local) != -1;-
309 free (newpath);-
310 return ok;
never executed: return ok;
0
311 }-
312-
313 fts = xfts_open ((char *const *) ftspath, FTS_PHYSICAL, NULL);-
314 while (1)-
315 {-
316 FTSENT *ent;-
317-
318 ent = fts_read (fts);-
319 if (ent == NULL)
ent == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
320 {-
321 if (errno != 0)
(*__errno_location ()) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
322 {-
323 error (0, errno, _("fts_read failed"));-
324 ok = false;-
325 }
never executed: end of block
0
326 break;
never executed: break;
0
327 }-
328-
329 ok &= restorecon_private (fts->fts_path, local) != -1;-
330 }
never executed: end of block
0
331-
332 if (fts_close (fts) != 0)
fts_close (fts) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
333 {-
334 error (0, errno, _("fts_close failed"));-
335 ok = false;-
336 }
never executed: end of block
0
337-
338 free (newpath);-
339 return ok;
never executed: return ok;
0
340}-
341#endif-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.1.2