* [PATCH] libselinux/utils: check for valid contexts to improve error causes
@ 2022-03-31 14:46 Christian Göttsche
2022-04-04 17:46 ` James Carter
2022-04-05 13:26 ` [PATCH v2] " Christian Göttsche
0 siblings, 2 replies; 5+ messages in thread
From: Christian Göttsche @ 2022-03-31 14:46 UTC (permalink / raw)
To: selinux
Return more detailed error messages when the supplied contexts are
invalid.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/compute_av.c | 10 ++++++++++
libselinux/utils/compute_create.c | 12 +++++++++++-
libselinux/utils/compute_member.c | 12 +++++++++++-
libselinux/utils/compute_relabel.c | 10 ++++++++++
libselinux/utils/getdefaultcon.c | 5 +++++
libselinux/utils/selinuxexeccon.c | 6 +++++-
libselinux/utils/validatetrans.c | 10 ++++++++++
7 files changed, 62 insertions(+), 3 deletions(-)
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
index df4a77e8..ef08338f 100644
--- a/libselinux/utils/compute_av.c
+++ b/libselinux/utils/compute_av.c
@@ -17,6 +17,16 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
index 449ccd90..63029c19 100644
--- a/libselinux/utils/compute_create.c
+++ b/libselinux/utils/compute_create.c
@@ -17,9 +17,19 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
- fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
exit(2);
}
diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
index c6dad19e..1ef47c25 100644
--- a/libselinux/utils/compute_member.c
+++ b/libselinux/utils/compute_member.c
@@ -17,9 +17,19 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
- fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
exit(2);
}
diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
index 85c760bc..f6a957da 100644
--- a/libselinux/utils/compute_relabel.c
+++ b/libselinux/utils/compute_relabel.c
@@ -17,6 +17,16 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
index 957c1cb2..590e98d9 100644
--- a/libselinux/utils/getdefaultcon.c
+++ b/libselinux/utils/getdefaultcon.c
@@ -68,6 +68,11 @@ int main(int argc, char **argv)
} else
cur_context = argv[optind + 1];
+ if (security_check_context(cur_context)) {
+ fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
+ return 3;
+ }
+
if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
if (! level) level=dlevel;
if (role != NULL && role[0])
diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
index b50e7886..66754b6a 100644
--- a/libselinux/utils/selinuxexeccon.c
+++ b/libselinux/utils/selinuxexeccon.c
@@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
exit(rc);
}
-static char * get_selinux_proc_context(const char *command, char * execcon) {
+static char * get_selinux_proc_context(const char *command, const char * execcon) {
char * fcon = NULL, *newcon = NULL;
int ret = getfilecon(command, &fcon);
@@ -43,6 +43,10 @@ int main(int argc, char **argv)
}
} else {
con = strdup(argv[2]);
+ if (security_check_context(con)) {
+ fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
+ return -1;
+ }
}
proccon = get_selinux_proc_context(argv[1], con);
diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c
index 1db33e66..9aa03e62 100644
--- a/libselinux/utils/validatetrans.c
+++ b/libselinux/utils/validatetrans.c
@@ -17,6 +17,16 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux/utils: check for valid contexts to improve error causes
2022-03-31 14:46 [PATCH] libselinux/utils: check for valid contexts to improve error causes Christian Göttsche
@ 2022-04-04 17:46 ` James Carter
2022-04-05 13:26 ` [PATCH v2] " Christian Göttsche
1 sibling, 0 replies; 5+ messages in thread
From: James Carter @ 2022-04-04 17:46 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Fri, Apr 1, 2022 at 11:38 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Return more detailed error messages when the supplied contexts are
> invalid.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> libselinux/utils/compute_av.c | 10 ++++++++++
> libselinux/utils/compute_create.c | 12 +++++++++++-
> libselinux/utils/compute_member.c | 12 +++++++++++-
> libselinux/utils/compute_relabel.c | 10 ++++++++++
> libselinux/utils/getdefaultcon.c | 5 +++++
> libselinux/utils/selinuxexeccon.c | 6 +++++-
> libselinux/utils/validatetrans.c | 10 ++++++++++
> 7 files changed, 62 insertions(+), 3 deletions(-)
>
> diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> index df4a77e8..ef08338f 100644
> --- a/libselinux/utils/compute_av.c
> +++ b/libselinux/utils/compute_av.c
> @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> index 449ccd90..63029c19 100644
> --- a/libselinux/utils/compute_create.c
> +++ b/libselinux/utils/compute_create.c
> @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> - fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> exit(2);
> }
>
> diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> index c6dad19e..1ef47c25 100644
> --- a/libselinux/utils/compute_member.c
> +++ b/libselinux/utils/compute_member.c
> @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> - fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> exit(2);
> }
>
> diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> index 85c760bc..f6a957da 100644
> --- a/libselinux/utils/compute_relabel.c
> +++ b/libselinux/utils/compute_relabel.c
> @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> index 957c1cb2..590e98d9 100644
> --- a/libselinux/utils/getdefaultcon.c
> +++ b/libselinux/utils/getdefaultcon.c
> @@ -68,6 +68,11 @@ int main(int argc, char **argv)
> } else
> cur_context = argv[optind + 1];
>
> + if (security_check_context(cur_context)) {
> + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
> + return 3;
> + }
> +
> if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
> if (! level) level=dlevel;
> if (role != NULL && role[0])
> diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
> index b50e7886..66754b6a 100644
> --- a/libselinux/utils/selinuxexeccon.c
> +++ b/libselinux/utils/selinuxexeccon.c
> @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
> exit(rc);
> }
>
> -static char * get_selinux_proc_context(const char *command, char * execcon) {
> +static char * get_selinux_proc_context(const char *command, const char * execcon) {
> char * fcon = NULL, *newcon = NULL;
>
> int ret = getfilecon(command, &fcon);
> @@ -43,6 +43,10 @@ int main(int argc, char **argv)
> }
> } else {
> con = strdup(argv[2]);
> + if (security_check_context(con)) {
> + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
> + return -1;
> + }
> }
>
> proccon = get_selinux_proc_context(argv[1], con);
> diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c
> index 1db33e66..9aa03e62 100644
> --- a/libselinux/utils/validatetrans.c
> +++ b/libselinux/utils/validatetrans.c
> @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
You should check that argv[4] is a valid context as well.
Everything else looks good.
Jim
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] libselinux/utils: check for valid contexts to improve error causes
2022-03-31 14:46 [PATCH] libselinux/utils: check for valid contexts to improve error causes Christian Göttsche
2022-04-04 17:46 ` James Carter
@ 2022-04-05 13:26 ` Christian Göttsche
2022-04-06 16:14 ` James Carter
1 sibling, 1 reply; 5+ messages in thread
From: Christian Göttsche @ 2022-04-05 13:26 UTC (permalink / raw)
To: selinux
Return more detailed error messages when the supplied contexts are
invalid.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
check new context in validatetrans
---
libselinux/utils/compute_av.c | 10 ++++++++++
libselinux/utils/compute_create.c | 12 +++++++++++-
libselinux/utils/compute_member.c | 12 +++++++++++-
libselinux/utils/compute_relabel.c | 10 ++++++++++
libselinux/utils/getdefaultcon.c | 5 +++++
libselinux/utils/selinuxexeccon.c | 6 +++++-
libselinux/utils/validatetrans.c | 15 +++++++++++++++
7 files changed, 67 insertions(+), 3 deletions(-)
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
index df4a77e8..ef08338f 100644
--- a/libselinux/utils/compute_av.c
+++ b/libselinux/utils/compute_av.c
@@ -17,6 +17,16 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
index 449ccd90..63029c19 100644
--- a/libselinux/utils/compute_create.c
+++ b/libselinux/utils/compute_create.c
@@ -17,9 +17,19 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
- fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
exit(2);
}
diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
index c6dad19e..1ef47c25 100644
--- a/libselinux/utils/compute_member.c
+++ b/libselinux/utils/compute_member.c
@@ -17,9 +17,19 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
- fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
exit(2);
}
diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
index 85c760bc..f6a957da 100644
--- a/libselinux/utils/compute_relabel.c
+++ b/libselinux/utils/compute_relabel.c
@@ -17,6 +17,16 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
index 957c1cb2..590e98d9 100644
--- a/libselinux/utils/getdefaultcon.c
+++ b/libselinux/utils/getdefaultcon.c
@@ -68,6 +68,11 @@ int main(int argc, char **argv)
} else
cur_context = argv[optind + 1];
+ if (security_check_context(cur_context)) {
+ fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
+ return 3;
+ }
+
if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
if (! level) level=dlevel;
if (role != NULL && role[0])
diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
index b50e7886..66754b6a 100644
--- a/libselinux/utils/selinuxexeccon.c
+++ b/libselinux/utils/selinuxexeccon.c
@@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
exit(rc);
}
-static char * get_selinux_proc_context(const char *command, char * execcon) {
+static char * get_selinux_proc_context(const char *command, const char * execcon) {
char * fcon = NULL, *newcon = NULL;
int ret = getfilecon(command, &fcon);
@@ -43,6 +43,10 @@ int main(int argc, char **argv)
}
} else {
con = strdup(argv[2]);
+ if (security_check_context(con)) {
+ fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
+ return -1;
+ }
}
proccon = get_selinux_proc_context(argv[1], con);
diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c
index 1db33e66..9d642a93 100644
--- a/libselinux/utils/validatetrans.c
+++ b/libselinux/utils/validatetrans.c
@@ -17,12 +17,27 @@ int main(int argc, char **argv)
exit(1);
}
+ if (security_check_context(argv[1])) {
+ fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
+ exit(4);
+ }
+
+ if (security_check_context(argv[2])) {
+ fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
+ exit(5);
+ }
+
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
exit(2);
}
+ if (security_check_context(argv[4])) {
+ fprintf(stderr, "%s: invalid new context '%s'\n", argv[0], argv[4]);
+ exit(6);
+ }
+
ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]);
printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno));
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] libselinux/utils: check for valid contexts to improve error causes
2022-04-05 13:26 ` [PATCH v2] " Christian Göttsche
@ 2022-04-06 16:14 ` James Carter
2022-04-12 18:05 ` James Carter
0 siblings, 1 reply; 5+ messages in thread
From: James Carter @ 2022-04-06 16:14 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Wed, Apr 6, 2022 at 3:26 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Return more detailed error messages when the supplied contexts are
> invalid.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
>
> ---
> v2:
> check new context in validatetrans
> ---
> libselinux/utils/compute_av.c | 10 ++++++++++
> libselinux/utils/compute_create.c | 12 +++++++++++-
> libselinux/utils/compute_member.c | 12 +++++++++++-
> libselinux/utils/compute_relabel.c | 10 ++++++++++
> libselinux/utils/getdefaultcon.c | 5 +++++
> libselinux/utils/selinuxexeccon.c | 6 +++++-
> libselinux/utils/validatetrans.c | 15 +++++++++++++++
> 7 files changed, 67 insertions(+), 3 deletions(-)
>
> diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> index df4a77e8..ef08338f 100644
> --- a/libselinux/utils/compute_av.c
> +++ b/libselinux/utils/compute_av.c
> @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> index 449ccd90..63029c19 100644
> --- a/libselinux/utils/compute_create.c
> +++ b/libselinux/utils/compute_create.c
> @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> - fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> exit(2);
> }
>
> diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> index c6dad19e..1ef47c25 100644
> --- a/libselinux/utils/compute_member.c
> +++ b/libselinux/utils/compute_member.c
> @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> - fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> exit(2);
> }
>
> diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> index 85c760bc..f6a957da 100644
> --- a/libselinux/utils/compute_relabel.c
> +++ b/libselinux/utils/compute_relabel.c
> @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> index 957c1cb2..590e98d9 100644
> --- a/libselinux/utils/getdefaultcon.c
> +++ b/libselinux/utils/getdefaultcon.c
> @@ -68,6 +68,11 @@ int main(int argc, char **argv)
> } else
> cur_context = argv[optind + 1];
>
> + if (security_check_context(cur_context)) {
> + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
> + return 3;
> + }
> +
> if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
> if (! level) level=dlevel;
> if (role != NULL && role[0])
> diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
> index b50e7886..66754b6a 100644
> --- a/libselinux/utils/selinuxexeccon.c
> +++ b/libselinux/utils/selinuxexeccon.c
> @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
> exit(rc);
> }
>
> -static char * get_selinux_proc_context(const char *command, char * execcon) {
> +static char * get_selinux_proc_context(const char *command, const char * execcon) {
> char * fcon = NULL, *newcon = NULL;
>
> int ret = getfilecon(command, &fcon);
> @@ -43,6 +43,10 @@ int main(int argc, char **argv)
> }
> } else {
> con = strdup(argv[2]);
> + if (security_check_context(con)) {
> + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
> + return -1;
> + }
> }
>
> proccon = get_selinux_proc_context(argv[1], con);
> diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c
> index 1db33e66..9d642a93 100644
> --- a/libselinux/utils/validatetrans.c
> +++ b/libselinux/utils/validatetrans.c
> @@ -17,12 +17,27 @@ int main(int argc, char **argv)
> exit(1);
> }
>
> + if (security_check_context(argv[1])) {
> + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> + exit(4);
> + }
> +
> + if (security_check_context(argv[2])) {
> + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> + exit(5);
> + }
> +
> tclass = string_to_security_class(argv[3]);
> if (!tclass) {
> fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> exit(2);
> }
>
> + if (security_check_context(argv[4])) {
> + fprintf(stderr, "%s: invalid new context '%s'\n", argv[0], argv[4]);
> + exit(6);
> + }
> +
> ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]);
> printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno));
>
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] libselinux/utils: check for valid contexts to improve error causes
2022-04-06 16:14 ` James Carter
@ 2022-04-12 18:05 ` James Carter
0 siblings, 0 replies; 5+ messages in thread
From: James Carter @ 2022-04-12 18:05 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Wed, Apr 6, 2022 at 12:14 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Apr 6, 2022 at 3:26 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Return more detailed error messages when the supplied contexts are
> > invalid.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>
Merged.
Thanks,
Jim
> >
> > ---
> > v2:
> > check new context in validatetrans
> > ---
> > libselinux/utils/compute_av.c | 10 ++++++++++
> > libselinux/utils/compute_create.c | 12 +++++++++++-
> > libselinux/utils/compute_member.c | 12 +++++++++++-
> > libselinux/utils/compute_relabel.c | 10 ++++++++++
> > libselinux/utils/getdefaultcon.c | 5 +++++
> > libselinux/utils/selinuxexeccon.c | 6 +++++-
> > libselinux/utils/validatetrans.c | 15 +++++++++++++++
> > 7 files changed, 67 insertions(+), 3 deletions(-)
> >
> > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> > index df4a77e8..ef08338f 100644
> > --- a/libselinux/utils/compute_av.c
> > +++ b/libselinux/utils/compute_av.c
> > @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> > exit(1);
> > }
> >
> > + if (security_check_context(argv[1])) {
> > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> > + exit(4);
> > + }
> > +
> > + if (security_check_context(argv[2])) {
> > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> > + exit(5);
> > + }
> > +
> > tclass = string_to_security_class(argv[3]);
> > if (!tclass) {
> > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> > index 449ccd90..63029c19 100644
> > --- a/libselinux/utils/compute_create.c
> > +++ b/libselinux/utils/compute_create.c
> > @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> > exit(1);
> > }
> >
> > + if (security_check_context(argv[1])) {
> > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> > + exit(4);
> > + }
> > +
> > + if (security_check_context(argv[2])) {
> > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> > + exit(5);
> > + }
> > +
> > tclass = string_to_security_class(argv[3]);
> > if (!tclass) {
> > - fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> > exit(2);
> > }
> >
> > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> > index c6dad19e..1ef47c25 100644
> > --- a/libselinux/utils/compute_member.c
> > +++ b/libselinux/utils/compute_member.c
> > @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> > exit(1);
> > }
> >
> > + if (security_check_context(argv[1])) {
> > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> > + exit(4);
> > + }
> > +
> > + if (security_check_context(argv[2])) {
> > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> > + exit(5);
> > + }
> > +
> > tclass = string_to_security_class(argv[3]);
> > if (!tclass) {
> > - fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> > exit(2);
> > }
> >
> > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> > index 85c760bc..f6a957da 100644
> > --- a/libselinux/utils/compute_relabel.c
> > +++ b/libselinux/utils/compute_relabel.c
> > @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> > exit(1);
> > }
> >
> > + if (security_check_context(argv[1])) {
> > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> > + exit(4);
> > + }
> > +
> > + if (security_check_context(argv[2])) {
> > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> > + exit(5);
> > + }
> > +
> > tclass = string_to_security_class(argv[3]);
> > if (!tclass) {
> > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> > index 957c1cb2..590e98d9 100644
> > --- a/libselinux/utils/getdefaultcon.c
> > +++ b/libselinux/utils/getdefaultcon.c
> > @@ -68,6 +68,11 @@ int main(int argc, char **argv)
> > } else
> > cur_context = argv[optind + 1];
> >
> > + if (security_check_context(cur_context)) {
> > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
> > + return 3;
> > + }
> > +
> > if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
> > if (! level) level=dlevel;
> > if (role != NULL && role[0])
> > diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
> > index b50e7886..66754b6a 100644
> > --- a/libselinux/utils/selinuxexeccon.c
> > +++ b/libselinux/utils/selinuxexeccon.c
> > @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
> > exit(rc);
> > }
> >
> > -static char * get_selinux_proc_context(const char *command, char * execcon) {
> > +static char * get_selinux_proc_context(const char *command, const char * execcon) {
> > char * fcon = NULL, *newcon = NULL;
> >
> > int ret = getfilecon(command, &fcon);
> > @@ -43,6 +43,10 @@ int main(int argc, char **argv)
> > }
> > } else {
> > con = strdup(argv[2]);
> > + if (security_check_context(con)) {
> > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
> > + return -1;
> > + }
> > }
> >
> > proccon = get_selinux_proc_context(argv[1], con);
> > diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c
> > index 1db33e66..9d642a93 100644
> > --- a/libselinux/utils/validatetrans.c
> > +++ b/libselinux/utils/validatetrans.c
> > @@ -17,12 +17,27 @@ int main(int argc, char **argv)
> > exit(1);
> > }
> >
> > + if (security_check_context(argv[1])) {
> > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
> > + exit(4);
> > + }
> > +
> > + if (security_check_context(argv[2])) {
> > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
> > + exit(5);
> > + }
> > +
> > tclass = string_to_security_class(argv[3]);
> > if (!tclass) {
> > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
> > exit(2);
> > }
> >
> > + if (security_check_context(argv[4])) {
> > + fprintf(stderr, "%s: invalid new context '%s'\n", argv[0], argv[4]);
> > + exit(6);
> > + }
> > +
> > ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]);
> > printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno));
> >
> > --
> > 2.35.1
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-12 18:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-31 14:46 [PATCH] libselinux/utils: check for valid contexts to improve error causes Christian Göttsche
2022-04-04 17:46 ` James Carter
2022-04-05 13:26 ` [PATCH v2] " Christian Göttsche
2022-04-06 16:14 ` James Carter
2022-04-12 18:05 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.