* [PATCH] libsepol: quote paths in CIL conversion
@ 2021-06-08 19:39 Christian Göttsche
2021-06-09 17:40 ` James Carter
0 siblings, 1 reply; 3+ messages in thread
From: Christian Göttsche @ 2021-06-08 19:39 UTC (permalink / raw)
To: selinux
When generating CIL policy from kernel or module policy quote paths,
which are allowed to contain spaces, in the statements `genfscon` and
`devicetreecon`.
Reported by LuK1337 while building policy for Android via IRC.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/kernel_to_cil.c | 4 ++--
libsepol/src/module_to_cil.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 989aacde..30a27bf5 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
goto exit;
}
- rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
+ rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
fstype, name, ctx);
free(ctx);
if (rc != 0) {
@@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
goto exit;
}
- sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
+ sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
free(ctx);
}
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 496693f4..19c7c65c 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
- cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
+ cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
context_to_cil(pdb, &ocon->context[0]);
cil_printf(")\n");
}
--
2.32.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol: quote paths in CIL conversion
2021-06-08 19:39 [PATCH] libsepol: quote paths in CIL conversion Christian Göttsche
@ 2021-06-09 17:40 ` James Carter
2021-06-14 13:36 ` James Carter
0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2021-06-09 17:40 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Tue, Jun 8, 2021 at 3:46 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> When generating CIL policy from kernel or module policy quote paths,
> which are allowed to contain spaces, in the statements `genfscon` and
> `devicetreecon`.
>
> Reported by LuK1337 while building policy for Android via IRC.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsepol/src/kernel_to_cil.c | 4 ++--
> libsepol/src/module_to_cil.c | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index 989aacde..30a27bf5 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
> goto exit;
> }
>
> - rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
> + rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
> fstype, name, ctx);
> free(ctx);
> if (rc != 0) {
> @@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
> goto exit;
> }
>
> - sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
> + sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
>
> free(ctx);
> }
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index 496693f4..19c7c65c 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
>
> for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
> for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
> - cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
> + cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
> context_to_cil(pdb, &ocon->context[0]);
> cil_printf(")\n");
> }
> --
> 2.32.0
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol: quote paths in CIL conversion
2021-06-09 17:40 ` James Carter
@ 2021-06-14 13:36 ` James Carter
0 siblings, 0 replies; 3+ messages in thread
From: James Carter @ 2021-06-14 13:36 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Wed, Jun 9, 2021 at 1:40 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, Jun 8, 2021 at 3:46 PM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > When generating CIL policy from kernel or module policy quote paths,
> > which are allowed to contain spaces, in the statements `genfscon` and
> > `devicetreecon`.
> >
> > Reported by LuK1337 while building policy for Android via IRC.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>
Merged.
Thanks,
Jim
> > ---
> > libsepol/src/kernel_to_cil.c | 4 ++--
> > libsepol/src/module_to_cil.c | 2 +-
> > 2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index 989aacde..30a27bf5 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
> > goto exit;
> > }
> >
> > - rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
> > + rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
> > fstype, name, ctx);
> > free(ctx);
> > if (rc != 0) {
> > @@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
> > goto exit;
> > }
> >
> > - sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
> > + sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
> >
> > free(ctx);
> > }
> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> > index 496693f4..19c7c65c 100644
> > --- a/libsepol/src/module_to_cil.c
> > +++ b/libsepol/src/module_to_cil.c
> > @@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
> >
> > for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
> > for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
> > - cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
> > + cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
> > context_to_cil(pdb, &ocon->context[0]);
> > cil_printf(")\n");
> > }
> > --
> > 2.32.0
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-14 13:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-08 19:39 [PATCH] libsepol: quote paths in CIL conversion Christian Göttsche
2021-06-09 17:40 ` James Carter
2021-06-14 13:36 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.