From: "Christian Göttsche" <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 1/2] libselinux: accept const fromcon in get_context API
Date: Fri, 8 Jan 2021 17:00:47 +0100 [thread overview]
Message-ID: <20210108160048.67386-1-cgzones@googlemail.com> (raw)
Rework the APIs in <selinux/get_context_list.h> to take a constant
string as from context.
The passed string is not modified currently but not declared const,
which is restricting callers (who care about const-correctness).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/include/selinux/get_context_list.h | 12 ++---
.../man/man3/get_ordered_context_list.3 | 12 ++---
libselinux/src/get_context_list.c | 49 +++++++++----------
3 files changed, 36 insertions(+), 37 deletions(-)
diff --git a/libselinux/include/selinux/get_context_list.h b/libselinux/include/selinux/get_context_list.h
index db8641a4..6b2f14f3 100644
--- a/libselinux/include/selinux/get_context_list.h
+++ b/libselinux/include/selinux/get_context_list.h
@@ -17,14 +17,14 @@ extern "C" {
If 'fromcon' is NULL, defaults to current context.
Caller must free via freeconary. */
extern int get_ordered_context_list(const char *user,
- char * fromcon,
+ const char *fromcon,
char *** list);
/* As above, but use the provided MLS level rather than the
default level for the user. */
extern int get_ordered_context_list_with_level(const char *user,
const char *level,
- char * fromcon,
+ const char *fromcon,
char *** list);
/* Get the default security context for a user session for 'user'
@@ -35,14 +35,14 @@ extern "C" {
Returns 0 on success or -1 otherwise.
Caller must free via freecon. */
extern int get_default_context(const char *user,
- char * fromcon,
+ const char *fromcon,
char ** newcon);
/* As above, but use the provided MLS level rather than the
default level for the user. */
extern int get_default_context_with_level(const char *user,
const char *level,
- char * fromcon,
+ const char *fromcon,
char ** newcon);
/* Same as get_default_context, but only return a context
@@ -50,7 +50,7 @@ extern "C" {
for the user with that role, then return -1. */
extern int get_default_context_with_role(const char *user,
const char *role,
- char * fromcon,
+ const char *fromcon,
char ** newcon);
/* Same as get_default_context, but only return a context
@@ -59,7 +59,7 @@ extern "C" {
extern int get_default_context_with_rolelevel(const char *user,
const char *role,
const char *level,
- char * fromcon,
+ const char *fromcon,
char ** newcon);
/* Given a list of authorized security contexts for the user,
diff --git a/libselinux/man/man3/get_ordered_context_list.3 b/libselinux/man/man3/get_ordered_context_list.3
index 3ed14a96..2a1e08f0 100644
--- a/libselinux/man/man3/get_ordered_context_list.3
+++ b/libselinux/man/man3/get_ordered_context_list.3
@@ -7,17 +7,17 @@ get_ordered_context_list, get_ordered_context_list_with_level, get_default_conte
.br
.B #include <selinux/get_context_list.h>
.sp
-.BI "int get_ordered_context_list(const char *" user ", char *" fromcon ", char ***" list );
+.BI "int get_ordered_context_list(const char *" user ", const char *" fromcon ", char ***" list );
.sp
-.BI "int get_ordered_context_list_with_level(const char *" user ", const char *" level ", char *" fromcon ", char ***" list );
+.BI "int get_ordered_context_list_with_level(const char *" user ", const char *" level ", const char *" fromcon ", char ***" list );
.sp
-.BI "int get_default_context(const char *" user ", char *" fromcon ", char **" newcon );
+.BI "int get_default_context(const char *" user ", const char *" fromcon ", char **" newcon );
.sp
-.BI "int get_default_context_with_level(const char *" user ", const char *" level ", char *" fromcon ", char **" newcon );
+.BI "int get_default_context_with_level(const char *" user ", const char *" level ", const char *" fromcon ", char **" newcon );
.sp
-.BI "int get_default_context_with_role(const char *" user ", const char *" role ", char *" fromcon ", char **" newcon ");
+.BI "int get_default_context_with_role(const char *" user ", const char *" role ", const char *" fromcon ", char **" newcon ");
.sp
-.BI "int get_default_context_with_rolelevel(const char *" user ", const char *" role ", const char *" level ", char *" fromcon ", char **" newcon ");
+.BI "int get_default_context_with_rolelevel(const char *" user ", const char *" role ", const char *" level ", const char *" fromcon ", char **" newcon ");
.sp
.BI "int query_user_context(char **" list ", char **" newcon );
.sp
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
index b43652ff..cfe38e59 100644
--- a/libselinux/src/get_context_list.c
+++ b/libselinux/src/get_context_list.c
@@ -13,7 +13,7 @@
int get_default_context_with_role(const char *user,
const char *role,
- char * fromcon,
+ const char *fromcon,
char ** newcon)
{
char **conary;
@@ -56,23 +56,24 @@ int get_default_context_with_role(const char *user,
int get_default_context_with_rolelevel(const char *user,
const char *role,
const char *level,
- char * fromcon,
+ const char *fromcon,
char ** newcon)
{
- int rc = 0;
- int freefrom = 0;
+ int rc;
+ char *backup_fromcon = NULL;
context_t con;
- char *newfromcon;
+ const char *newfromcon;
+
if (!level)
return get_default_context_with_role(user, role, fromcon,
newcon);
if (!fromcon) {
- rc = getcon(&fromcon);
+ rc = getcon(&backup_fromcon);
if (rc < 0)
return rc;
- freefrom = 1;
+ fromcon = backup_fromcon;
}
rc = -1;
@@ -91,14 +92,13 @@ int get_default_context_with_rolelevel(const char *user,
out:
context_free(con);
- if (freefrom)
- freecon(fromcon);
+ freecon(backup_fromcon);
return rc;
}
int get_default_context(const char *user,
- char * fromcon, char ** newcon)
+ const char *fromcon, char ** newcon)
{
char **conary;
int rc;
@@ -128,7 +128,7 @@ static int is_in_reachable(char **reachable, const char *usercon_str)
}
static int get_context_user(FILE * fp,
- char * fromcon,
+ const char * fromcon,
const char * user,
char ***reachable,
unsigned int *nreachable)
@@ -345,22 +345,22 @@ static int get_failsafe_context(const char *user, char ** newcon)
int get_ordered_context_list_with_level(const char *user,
const char *level,
- char * fromcon,
+ const char *fromcon,
char *** list)
{
int rc;
- int freefrom = 0;
+ char *backup_fromcon = NULL;
context_t con;
- char *newfromcon;
+ const char *newfromcon;
if (!level)
return get_ordered_context_list(user, fromcon, list);
if (!fromcon) {
- rc = getcon(&fromcon);
+ rc = getcon(&backup_fromcon);
if (rc < 0)
return rc;
- freefrom = 1;
+ fromcon = backup_fromcon;
}
rc = -1;
@@ -379,15 +379,14 @@ int get_ordered_context_list_with_level(const char *user,
out:
context_free(con);
- if (freefrom)
- freecon(fromcon);
+ freecon(backup_fromcon);
return rc;
}
int get_default_context_with_level(const char *user,
const char *level,
- char * fromcon,
+ const char *fromcon,
char ** newcon)
{
char **conary;
@@ -405,12 +404,13 @@ int get_default_context_with_level(const char *user,
}
int get_ordered_context_list(const char *user,
- char * fromcon,
+ const char *fromcon,
char *** list)
{
char **reachable = NULL;
int rc = 0;
- unsigned nreachable = 0, freefrom = 0;
+ unsigned nreachable = 0;
+ char *backup_fromcon = NULL;
FILE *fp;
char *fname = NULL;
size_t fname_len;
@@ -418,10 +418,10 @@ int get_ordered_context_list(const char *user,
if (!fromcon) {
/* Get the current context and use it for the starting context */
- rc = getcon(&fromcon);
+ rc = getcon(&backup_fromcon);
if (rc < 0)
return rc;
- freefrom = 1;
+ fromcon = backup_fromcon;
}
/* Determine the ordering to apply from the optional per-user config
@@ -469,8 +469,7 @@ int get_ordered_context_list(const char *user,
else
freeconary(reachable);
- if (freefrom)
- freecon(fromcon);
+ freecon(backup_fromcon);
return rc;
--
2.30.0
next reply other threads:[~2021-01-08 16:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-08 16:00 Christian Göttsche [this message]
2021-01-08 16:00 ` [PATCH 2/2] libselinux: update getseuser Christian Göttsche
2021-01-20 16:06 ` Nicolas Iooss
2021-01-21 21:24 ` Nicolas Iooss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210108160048.67386-1-cgzones@googlemail.com \
--to=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.