74de835e2c
- Use libsepol.so.2 - Convert matchpathcon to selabel_lookup() - Change userspace AVC setenforce and policy load messages to audit format - Remove trailing slash on selabel_file lookups - Use kernel status page by default
65 lines
1.9 KiB
Diff
65 lines
1.9 KiB
Diff
From 9e4480b921bb50f59b064e842362b26b87e36bbd Mon Sep 17 00:00:00 2001
|
|
From: Chris PeBenito <chpebeni@linux.microsoft.com>
|
|
Date: Mon, 24 Aug 2020 09:44:16 -0400
|
|
Subject: [PATCH] libselinux: Remove trailing slash on selabel_file lookups.
|
|
|
|
Having a trailing slash on a file lookup, e.g. "/some/path/", can
|
|
cause a different result, for example, when file contexts are written to have
|
|
the directory have a different label than the contents. This is inconsistent
|
|
with normal Linux behaviors where trailing slashes are ignored.
|
|
|
|
Many callers already strip the trailing slash before the lookup or users
|
|
revise the file contexts to work around this. This fixes it comprehensively.
|
|
|
|
v2: fix length issues
|
|
|
|
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
|
|
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
---
|
|
libselinux/src/label_file.c | 22 ++++++++++++++++++++++
|
|
1 file changed, 22 insertions(+)
|
|
|
|
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
|
index 412904d14c06..6eeeea68aea4 100644
|
|
--- a/libselinux/src/label_file.c
|
|
+++ b/libselinux/src/label_file.c
|
|
@@ -854,6 +854,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
|
|
struct saved_data *data = (struct saved_data *)rec->data;
|
|
struct spec *spec_arr = data->spec_arr;
|
|
int i, rc, file_stem;
|
|
+ size_t len;
|
|
mode_t mode = (mode_t)type;
|
|
char *clean_key = NULL;
|
|
const char *prev_slash, *next_slash;
|
|
@@ -894,6 +895,27 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
|
|
key = clean_key;
|
|
}
|
|
|
|
+ /* remove trailing slash */
|
|
+ len = strlen(key);
|
|
+ if (len == 0) {
|
|
+ errno = EINVAL;
|
|
+ goto finish;
|
|
+ }
|
|
+
|
|
+ if (key[len - 1] == '/') {
|
|
+ /* reuse clean_key from above if available */
|
|
+ if (!clean_key) {
|
|
+ clean_key = (char *) malloc(len);
|
|
+ if (!clean_key)
|
|
+ goto finish;
|
|
+
|
|
+ strncpy(clean_key, key, len - 1);
|
|
+ }
|
|
+
|
|
+ clean_key[len - 1] = '\0';
|
|
+ key = clean_key;
|
|
+ }
|
|
+
|
|
sub = selabel_sub_key(data, key);
|
|
if (sub)
|
|
key = sub;
|
|
--
|
|
2.29.0
|
|
|