All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libsepol: quote paths in CIL conversion
@ 2021-06-08 19:39 Christian Göttsche
  2021-06-09 17:40 ` James Carter
  0 siblings, 1 reply; 3+ messages in thread
From: Christian Göttsche @ 2021-06-08 19:39 UTC (permalink / raw)
  To: selinux

When generating CIL policy from kernel or module policy quote paths,
which are allowed to contain spaces, in the statements `genfscon` and
`devicetreecon`.

Reported by LuK1337 while building policy for Android via IRC.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_cil.c | 4 ++--
 libsepol/src/module_to_cil.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 989aacde..30a27bf5 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
 				goto exit;
 			}
 
-			rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
+			rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
 						 fstype, name, ctx);
 			free(ctx);
 			if (rc != 0) {
@@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
 			goto exit;
 		}
 
-		sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
+		sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
 
 		free(ctx);
 	}
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 496693f4..19c7c65c 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
 
 	for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
 		for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
-			cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
+			cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
 			context_to_cil(pdb, &ocon->context[0]);
 			cil_printf(")\n");
 		}
-- 
2.32.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] libsepol: quote paths in CIL conversion
  2021-06-08 19:39 [PATCH] libsepol: quote paths in CIL conversion Christian Göttsche
@ 2021-06-09 17:40 ` James Carter
  2021-06-14 13:36   ` James Carter
  0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2021-06-09 17:40 UTC (permalink / raw)
  To: Christian Göttsche; +Cc: SElinux list

On Tue, Jun 8, 2021 at 3:46 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> When generating CIL policy from kernel or module policy quote paths,
> which are allowed to contain spaces, in the statements `genfscon` and
> `devicetreecon`.
>
> Reported by LuK1337 while building policy for Android via IRC.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/src/kernel_to_cil.c | 4 ++--
>  libsepol/src/module_to_cil.c | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index 989aacde..30a27bf5 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
>                                 goto exit;
>                         }
>
> -                       rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
> +                       rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
>                                                  fstype, name, ctx);
>                         free(ctx);
>                         if (rc != 0) {
> @@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
>                         goto exit;
>                 }
>
> -               sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
> +               sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
>
>                 free(ctx);
>         }
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index 496693f4..19c7c65c 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
>
>         for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
>                 for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
> -                       cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
> +                       cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
>                         context_to_cil(pdb, &ocon->context[0]);
>                         cil_printf(")\n");
>                 }
> --
> 2.32.0
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] libsepol: quote paths in CIL conversion
  2021-06-09 17:40 ` James Carter
@ 2021-06-14 13:36   ` James Carter
  0 siblings, 0 replies; 3+ messages in thread
From: James Carter @ 2021-06-14 13:36 UTC (permalink / raw)
  To: Christian Göttsche; +Cc: SElinux list

On Wed, Jun 9, 2021 at 1:40 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, Jun 8, 2021 at 3:46 PM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > When generating CIL policy from kernel or module policy quote paths,
> > which are allowed to contain spaces, in the statements `genfscon` and
> > `devicetreecon`.
> >
> > Reported by LuK1337 while building policy for Android via IRC.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/src/kernel_to_cil.c | 4 ++--
> >  libsepol/src/module_to_cil.c | 2 +-
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index 989aacde..30a27bf5 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
> >                                 goto exit;
> >                         }
> >
> > -                       rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
> > +                       rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
> >                                                  fstype, name, ctx);
> >                         free(ctx);
> >                         if (rc != 0) {
> > @@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
> >                         goto exit;
> >                 }
> >
> > -               sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
> > +               sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
> >
> >                 free(ctx);
> >         }
> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> > index 496693f4..19c7c65c 100644
> > --- a/libsepol/src/module_to_cil.c
> > +++ b/libsepol/src/module_to_cil.c
> > @@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
> >
> >         for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
> >                 for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
> > -                       cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
> > +                       cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
> >                         context_to_cil(pdb, &ocon->context[0]);
> >                         cil_printf(")\n");
> >                 }
> > --
> > 2.32.0
> >

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-06-14 13:37 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-08 19:39 [PATCH] libsepol: quote paths in CIL conversion Christian Göttsche
2021-06-09 17:40 ` James Carter
2021-06-14 13:36   ` James Carter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.