From: Stephen Smalley <sds@tycho.nsa.gov>
To: Nick Kralevich <nnk@google.com>,
selinux@vger.kernel.org,
Richard Haines <richard_c_haines@btinternet.com>
Subject: Re: [PATCH] label_file.c: Fix MAC build
Date: Mon, 10 Feb 2020 15:49:18 -0500 [thread overview]
Message-ID: <92a60e95-f304-5361-82dc-89a3c3590962@tycho.nsa.gov> (raw)
In-Reply-To: <20200207230032.210843-1-nnk@google.com>
On 2/7/20 6:00 PM, Nick Kralevich wrote:
> On Android, the label_file.c file is compiled for all platforms,
> including OSX. OSX has a slightly different prototype for the
> getxattr function.
>
> ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options);
>
> which causes a compile error when compiling libselinux on OSX.
>
> ```
> external/selinux/libselinux/src/label_file.c:1038:37: error: too few arguments to function call, expected 6, have 4
> read_digest, SHA1_HASH_SIZE);
> ^
> /Applications/Xcode9.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/xattr.h:61:1: note: 'getxattr' declared here
> ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options);
> ^
> 1 error generated.
> ```
>
> On OSX builds, add the additional arguments so that the code compiles.
>
> As both SELinux labels and the restorecon partial digest are stored in
> extended attributes, it's theoretically possible that someone
> could assign SELinux labels and hash digests on OSX filesystems.
> Doing so would be extremely weird and completely untested, but
> theoretically possible.
>
> Signed-off-by: Nick Kralevich <nnk@google.com>
Wondering why the getxattr() call isn't done in the selinux_restorecon
code instead, or why this is needed as a separate selabel_ interface at
all. Probably too late though to change it though without breaking API/ABI.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> libselinux/src/label_file.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
> index 300625c2..f2aaf3ba 100644
> --- a/libselinux/src/label_file.c
> +++ b/libselinux/src/label_file.c
> @@ -985,7 +985,11 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
> {
> uint8_t read_digest[SHA1_HASH_SIZE];
> ssize_t read_size = getxattr(pathname, RESTORECON_PARTIAL_MATCH_DIGEST,
> - read_digest, SHA1_HASH_SIZE);
> + read_digest, SHA1_HASH_SIZE
> +#ifdef __APPLE__
> + , 0, 0
> +#endif /* __APPLE __ */
> + );
> uint8_t hash_digest[SHA1_HASH_SIZE];
> bool status = selabel_hash_all_partial_matches(rec, pathname,
> hash_digest);
>
q
next prev parent reply other threads:[~2020-02-10 20:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-07 23:00 [PATCH] label_file.c: Fix MAC build Nick Kralevich
2020-02-10 20:49 ` Stephen Smalley [this message]
2020-02-11 14:53 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=92a60e95-f304-5361-82dc-89a3c3590962@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=nnk@google.com \
--cc=richard_c_haines@btinternet.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).