From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renaud=20M=C3=A9trich?= Date: Tue, 21 Jun 2022 08:43:00 +0200 Subject: [PATCH] secontext: print context of Unix socket's sun_path field MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Renaud Métrich * src/sockaddr.c: Include "secontext.h". (print_sockaddr_data_un): Print the SELinux context of sun_path field using selinux_printfilecon. * NEWS: Mention this change. * tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd, raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New functions. * tests/secontext.h (secontext_full_fd, secontext_short_fd, get_secontext_field_fd): New prototypes. (SECONTEXT_FD): New macro. * tests/sockname.c: Include "secontext.h". (test_sockname_syscall): Update expected output. * tests/gen_tests.in (getsockname--secontext, getsockname--secontext_full, getsockname--secontext_full_mismatch, getsockname--secontext_mismatch): New tests. Resolves: https://github.com/strace/strace/pull/214 --- NEWS | 1 + src/sockaddr.c | 3 +++ tests/gen_tests.in | 4 ++++ tests/secontext.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ tests/secontext.h | 12 ++++++++++++ tests/sockname.c | 54 +++++++++++++++++++++++++++++++++++------------------- 6 files changed, 104 insertions(+), 19 deletions(-) Index: strace-5.18/NEWS =================================================================== --- strace-5.18.orig/NEWS 2022-07-12 18:20:18.495470531 +0200 +++ strace-5.18/NEWS 2022-07-12 18:20:44.531163262 +0200 @@ -5,6 +5,7 @@ * Added an interface of raising des Strausses awareness. * Added --tips option to print strace tips, tricks, and tweaks at the end of the tracing session. + * Implemented printing of Unix socket sun_path field's SELinux context. * Enhanced decoding of bpf and io_uring_register syscalls. * Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl commands. Index: strace-5.18/src/sockaddr.c =================================================================== --- strace-5.18.orig/src/sockaddr.c 2022-07-12 18:17:36.745379483 +0200 +++ strace-5.18/src/sockaddr.c 2022-07-12 18:20:18.495470531 +0200 @@ -63,6 +63,8 @@ #include "xlat/mctp_addrs.h" #include "xlat/mctp_nets.h" +#include "secontext.h" + #define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family) struct sockaddr_rxrpc { @@ -115,6 +117,7 @@ if (sa_un->sun_path[0]) { print_quoted_string(sa_un->sun_path, path_len + 1, QUOTE_0_TERMINATED); + selinux_printfilecon(tcp, sa_un->sun_path); } else { tprints("@"); print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0); Index: strace-5.18/tests/gen_tests.in =================================================================== --- strace-5.18.orig/tests/gen_tests.in 2022-07-12 18:17:36.746379471 +0200 +++ strace-5.18/tests/gen_tests.in 2022-07-12 18:20:18.496470519 +0200 @@ -225,6 +225,10 @@ getsid -a10 getsid--pidns-translation test_pidns -e trace=getsid -a10 getsockname -a27 +getsockname--secontext -a27 --secontext -e trace=getsockname +getsockname--secontext_full -a27 --secontext=full -e trace=getsockname +getsockname--secontext_full_mismatch -a27 --secontext=full,mismatch -e trace=getsockname +getsockname--secontext_mismatch -a27 --secontext=mismatch -e trace=getsockname gettid -a9 getuid-creds +getuid.test getuid32 +getuid.test Index: strace-5.18/tests/secontext.c =================================================================== --- strace-5.18.orig/tests/secontext.c 2022-07-12 18:17:36.747379459 +0200 +++ strace-5.18/tests/secontext.c 2022-07-12 18:20:18.496470519 +0200 @@ -141,6 +141,21 @@ return full_secontext; } +static char * +raw_secontext_full_fd(int fd) +{ + int saved_errno = errno; + char *full_secontext = NULL; + char *secontext; + + if (fgetfilecon(fd, &secontext) >= 0) { + full_secontext = strip_trailing_newlines(xstrdup(secontext)); + freecon(secontext); + } + errno = saved_errno; + return full_secontext; +} + char * get_secontext_field_file(const char *file, enum secontext_field field) { @@ -151,6 +166,16 @@ return type; } +char * +get_secontext_field_fd(int fd, enum secontext_field field) +{ + char *ctx = raw_secontext_full_fd(fd); + char *type = get_secontext_field(ctx, field); + free(ctx); + + return type; +} + static char * raw_secontext_short_file(const char *filename) { @@ -158,6 +183,12 @@ } static char * +raw_secontext_short_fd(int fd) +{ + return get_secontext_field_fd(fd, SECONTEXT_TYPE); +} + +static char * raw_secontext_full_pid(pid_t pid) { int saved_errno = errno; @@ -205,6 +236,15 @@ } char * +secontext_full_fd(int fd) +{ + int saved_errno = errno; + char *context = raw_secontext_full_fd(fd); + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); +} + +char * secontext_full_pid(pid_t pid) { return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid)); @@ -228,6 +268,15 @@ errno = saved_errno; return FORMAT_SPACE_BEFORE(context); } + +char * +secontext_short_fd(int fd) +{ + int saved_errno = errno; + char *context = raw_secontext_short_fd(fd); + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); +} char * secontext_short_pid(pid_t pid) Index: strace-5.18/tests/secontext.h =================================================================== --- strace-5.18.orig/tests/secontext.h 2022-07-12 18:17:36.747379459 +0200 +++ strace-5.18/tests/secontext.h 2022-07-12 18:20:18.496470519 +0200 @@ -9,9 +9,11 @@ #include "xmalloc.h" #include +char *secontext_full_fd(int) ATTRIBUTE_MALLOC; char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC; char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC; +char *secontext_short_fd(int) ATTRIBUTE_MALLOC; char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC; char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC; @@ -30,6 +32,7 @@ */ char *get_secontext_field(const char *full_context, enum secontext_field field); +char *get_secontext_field_fd(int fd, enum secontext_field field); char *get_secontext_field_file(const char *file, enum secontext_field field); void reset_secontext_file(const char *file); @@ -44,6 +47,7 @@ # else # define SECONTEXT_FILE(filename) secontext_full_file(filename, false) # endif +# define SECONTEXT_FD(fd) secontext_full_fd(fd) # define SECONTEXT_PID(pid) secontext_full_pid(pid) # else @@ -53,6 +57,7 @@ # else # define SECONTEXT_FILE(filename) secontext_short_file(filename, false) # endif +# define SECONTEXT_FD(fd) secontext_short_fd(fd) # define SECONTEXT_PID(pid) secontext_short_pid(pid) # endif @@ -65,6 +70,12 @@ return NULL; } static inline char * +get_secontext_field_fd(int fd, enum secontext_field field) +{ + return NULL; +} + +static inline char * get_secontext_field_file(const char *file, enum secontext_field field) { return NULL; @@ -81,6 +92,7 @@ { } +# define SECONTEXT_FD(fd) xstrdup("") # define SECONTEXT_FILE(filename) xstrdup("") # define SECONTEXT_PID(pid) xstrdup("") Index: strace-5.18/tests/sockname.c =================================================================== --- strace-5.18.orig/tests/sockname.c 2022-07-12 18:17:36.748379448 +0200 +++ strace-5.18/tests/sockname.c 2022-07-12 18:20:18.496470519 +0200 @@ -18,6 +18,8 @@ #include #include +#include "secontext.h" + #ifndef TEST_SYSCALL_NAME # error TEST_SYSCALL_NAME must be defined #endif @@ -59,14 +61,19 @@ *plen = sizeof(struct sockaddr_un); struct sockaddr_un *addr = tail_alloc(*plen); + char *my_secontext = SECONTEXT_PID_MY(); + char *fd_secontext = SECONTEXT_FD(fd); + PREPARE_TEST_SYSCALL_INVOCATION; int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr, plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" ", [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + addr->sun_path, SECONTEXT_FILE(addr->sun_path), (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc); memset(addr, 0, sizeof(*addr)); @@ -75,28 +82,34 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" ", [%d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + addr->sun_path, SECONTEXT_FILE(addr->sun_path), (int) *plen, SUFFIX_STR, rc); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS); - printf("%s(%d%s, %p, NULL%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR, - sprintrc(rc)); + printf("%s%s(%d%s%s, %p, NULL%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, + addr, SUFFIX_STR, sprintrc(rc)); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS); - printf("%s(%d%s, NULL, NULL%s) = %s\n", - TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, + printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, + rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, SUFFIX_STR, sprintrc(rc)); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, plen + 1 SUFFIX_ARGS); - printf("%s(%d%s, %p, %p%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, + printf("%s%s(%d%s%s, %p, %p%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, plen + 1, SUFFIX_STR, sprintrc(rc)); const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path); @@ -108,8 +121,9 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, + printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc); ++addr; @@ -121,17 +135,19 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}" ", [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, (int) (sizeof(struct sockaddr) - offsetof_sun_path), - addr->sun_path, (int) sizeof(struct sockaddr), - (int) *plen, SUFFIX_STR, rc); + addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, plen SUFFIX_ARGS); - printf("%s(%d%s, %p, [%d]%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, + printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, *plen, SUFFIX_STR, sprintrc(rc)); } Index: strace-5.18/tests-m32/secontext.c =================================================================== --- strace-5.18.orig/tests-m32/secontext.c 2022-07-12 18:17:36.747379459 +0200 +++ strace-5.18/tests-m32/secontext.c 2022-07-12 18:20:18.496470519 +0200 @@ -141,6 +141,21 @@ return full_secontext; } +static char * +raw_secontext_full_fd(int fd) +{ + int saved_errno = errno; + char *full_secontext = NULL; + char *secontext; + + if (fgetfilecon(fd, &secontext) >= 0) { + full_secontext = strip_trailing_newlines(xstrdup(secontext)); + freecon(secontext); + } + errno = saved_errno; + return full_secontext; +} + char * get_secontext_field_file(const char *file, enum secontext_field field) { @@ -151,6 +166,16 @@ return type; } +char * +get_secontext_field_fd(int fd, enum secontext_field field) +{ + char *ctx = raw_secontext_full_fd(fd); + char *type = get_secontext_field(ctx, field); + free(ctx); + + return type; +} + static char * raw_secontext_short_file(const char *filename) { @@ -158,6 +183,12 @@ } static char * +raw_secontext_short_fd(int fd) +{ + return get_secontext_field_fd(fd, SECONTEXT_TYPE); +} + +static char * raw_secontext_full_pid(pid_t pid) { int saved_errno = errno; @@ -205,6 +236,15 @@ } char * +secontext_full_fd(int fd) +{ + int saved_errno = errno; + char *context = raw_secontext_full_fd(fd); + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); +} + +char * secontext_full_pid(pid_t pid) { return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid)); @@ -228,6 +268,15 @@ errno = saved_errno; return FORMAT_SPACE_BEFORE(context); } + +char * +secontext_short_fd(int fd) +{ + int saved_errno = errno; + char *context = raw_secontext_short_fd(fd); + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); +} char * secontext_short_pid(pid_t pid) Index: strace-5.18/tests-m32/secontext.h =================================================================== --- strace-5.18.orig/tests-m32/secontext.h 2022-07-12 18:17:36.747379459 +0200 +++ strace-5.18/tests-m32/secontext.h 2022-07-12 18:20:18.496470519 +0200 @@ -9,9 +9,11 @@ #include "xmalloc.h" #include +char *secontext_full_fd(int) ATTRIBUTE_MALLOC; char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC; char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC; +char *secontext_short_fd(int) ATTRIBUTE_MALLOC; char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC; char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC; @@ -30,6 +32,7 @@ */ char *get_secontext_field(const char *full_context, enum secontext_field field); +char *get_secontext_field_fd(int fd, enum secontext_field field); char *get_secontext_field_file(const char *file, enum secontext_field field); void reset_secontext_file(const char *file); @@ -44,6 +47,7 @@ # else # define SECONTEXT_FILE(filename) secontext_full_file(filename, false) # endif +# define SECONTEXT_FD(fd) secontext_full_fd(fd) # define SECONTEXT_PID(pid) secontext_full_pid(pid) # else @@ -53,6 +57,7 @@ # else # define SECONTEXT_FILE(filename) secontext_short_file(filename, false) # endif +# define SECONTEXT_FD(fd) secontext_short_fd(fd) # define SECONTEXT_PID(pid) secontext_short_pid(pid) # endif @@ -65,6 +70,12 @@ return NULL; } static inline char * +get_secontext_field_fd(int fd, enum secontext_field field) +{ + return NULL; +} + +static inline char * get_secontext_field_file(const char *file, enum secontext_field field) { return NULL; @@ -81,6 +92,7 @@ { } +# define SECONTEXT_FD(fd) xstrdup("") # define SECONTEXT_FILE(filename) xstrdup("") # define SECONTEXT_PID(pid) xstrdup("") Index: strace-5.18/tests-m32/sockname.c =================================================================== --- strace-5.18.orig/tests-m32/sockname.c 2022-07-12 18:17:36.748379448 +0200 +++ strace-5.18/tests-m32/sockname.c 2022-07-12 18:20:18.496470519 +0200 @@ -18,6 +18,8 @@ #include #include +#include "secontext.h" + #ifndef TEST_SYSCALL_NAME # error TEST_SYSCALL_NAME must be defined #endif @@ -59,14 +61,19 @@ *plen = sizeof(struct sockaddr_un); struct sockaddr_un *addr = tail_alloc(*plen); + char *my_secontext = SECONTEXT_PID_MY(); + char *fd_secontext = SECONTEXT_FD(fd); + PREPARE_TEST_SYSCALL_INVOCATION; int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr, plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" ", [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + addr->sun_path, SECONTEXT_FILE(addr->sun_path), (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc); memset(addr, 0, sizeof(*addr)); @@ -75,28 +82,34 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" ", [%d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + addr->sun_path, SECONTEXT_FILE(addr->sun_path), (int) *plen, SUFFIX_STR, rc); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS); - printf("%s(%d%s, %p, NULL%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR, - sprintrc(rc)); + printf("%s%s(%d%s%s, %p, NULL%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, + addr, SUFFIX_STR, sprintrc(rc)); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS); - printf("%s(%d%s, NULL, NULL%s) = %s\n", - TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, + printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, + rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, SUFFIX_STR, sprintrc(rc)); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, plen + 1 SUFFIX_ARGS); - printf("%s(%d%s, %p, %p%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, + printf("%s%s(%d%s%s, %p, %p%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, plen + 1, SUFFIX_STR, sprintrc(rc)); const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path); @@ -108,8 +121,9 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, + printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc); ++addr; @@ -121,17 +135,19 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}" ", [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, (int) (sizeof(struct sockaddr) - offsetof_sun_path), - addr->sun_path, (int) sizeof(struct sockaddr), - (int) *plen, SUFFIX_STR, rc); + addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, plen SUFFIX_ARGS); - printf("%s(%d%s, %p, [%d]%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, + printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, *plen, SUFFIX_STR, sprintrc(rc)); } Index: strace-5.18/tests-mx32/secontext.c =================================================================== --- strace-5.18.orig/tests-mx32/secontext.c 2022-07-12 18:17:36.747379459 +0200 +++ strace-5.18/tests-mx32/secontext.c 2022-07-12 18:20:18.496470519 +0200 @@ -141,6 +141,21 @@ return full_secontext; } +static char * +raw_secontext_full_fd(int fd) +{ + int saved_errno = errno; + char *full_secontext = NULL; + char *secontext; + + if (fgetfilecon(fd, &secontext) >= 0) { + full_secontext = strip_trailing_newlines(xstrdup(secontext)); + freecon(secontext); + } + errno = saved_errno; + return full_secontext; +} + char * get_secontext_field_file(const char *file, enum secontext_field field) { @@ -151,6 +166,16 @@ return type; } +char * +get_secontext_field_fd(int fd, enum secontext_field field) +{ + char *ctx = raw_secontext_full_fd(fd); + char *type = get_secontext_field(ctx, field); + free(ctx); + + return type; +} + static char * raw_secontext_short_file(const char *filename) { @@ -158,6 +183,12 @@ } static char * +raw_secontext_short_fd(int fd) +{ + return get_secontext_field_fd(fd, SECONTEXT_TYPE); +} + +static char * raw_secontext_full_pid(pid_t pid) { int saved_errno = errno; @@ -205,6 +236,15 @@ } char * +secontext_full_fd(int fd) +{ + int saved_errno = errno; + char *context = raw_secontext_full_fd(fd); + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); +} + +char * secontext_full_pid(pid_t pid) { return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid)); @@ -228,6 +268,15 @@ errno = saved_errno; return FORMAT_SPACE_BEFORE(context); } + +char * +secontext_short_fd(int fd) +{ + int saved_errno = errno; + char *context = raw_secontext_short_fd(fd); + errno = saved_errno; + return FORMAT_SPACE_BEFORE(context); +} char * secontext_short_pid(pid_t pid) Index: strace-5.18/tests-mx32/secontext.h =================================================================== --- strace-5.18.orig/tests-mx32/secontext.h 2022-07-12 18:17:36.747379459 +0200 +++ strace-5.18/tests-mx32/secontext.h 2022-07-12 18:20:18.496470519 +0200 @@ -9,9 +9,11 @@ #include "xmalloc.h" #include +char *secontext_full_fd(int) ATTRIBUTE_MALLOC; char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC; char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC; +char *secontext_short_fd(int) ATTRIBUTE_MALLOC; char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC; char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC; @@ -30,6 +32,7 @@ */ char *get_secontext_field(const char *full_context, enum secontext_field field); +char *get_secontext_field_fd(int fd, enum secontext_field field); char *get_secontext_field_file(const char *file, enum secontext_field field); void reset_secontext_file(const char *file); @@ -44,6 +47,7 @@ # else # define SECONTEXT_FILE(filename) secontext_full_file(filename, false) # endif +# define SECONTEXT_FD(fd) secontext_full_fd(fd) # define SECONTEXT_PID(pid) secontext_full_pid(pid) # else @@ -53,6 +57,7 @@ # else # define SECONTEXT_FILE(filename) secontext_short_file(filename, false) # endif +# define SECONTEXT_FD(fd) secontext_short_fd(fd) # define SECONTEXT_PID(pid) secontext_short_pid(pid) # endif @@ -65,6 +70,12 @@ return NULL; } static inline char * +get_secontext_field_fd(int fd, enum secontext_field field) +{ + return NULL; +} + +static inline char * get_secontext_field_file(const char *file, enum secontext_field field) { return NULL; @@ -81,6 +92,7 @@ { } +# define SECONTEXT_FD(fd) xstrdup("") # define SECONTEXT_FILE(filename) xstrdup("") # define SECONTEXT_PID(pid) xstrdup("") Index: strace-5.18/tests-mx32/sockname.c =================================================================== --- strace-5.18.orig/tests-mx32/sockname.c 2022-07-12 18:17:36.748379448 +0200 +++ strace-5.18/tests-mx32/sockname.c 2022-07-12 18:20:18.496470519 +0200 @@ -18,6 +18,8 @@ #include #include +#include "secontext.h" + #ifndef TEST_SYSCALL_NAME # error TEST_SYSCALL_NAME must be defined #endif @@ -59,14 +61,19 @@ *plen = sizeof(struct sockaddr_un); struct sockaddr_un *addr = tail_alloc(*plen); + char *my_secontext = SECONTEXT_PID_MY(); + char *fd_secontext = SECONTEXT_FD(fd); + PREPARE_TEST_SYSCALL_INVOCATION; int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr, plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" ", [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + addr->sun_path, SECONTEXT_FILE(addr->sun_path), (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc); memset(addr, 0, sizeof(*addr)); @@ -75,28 +82,34 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}" ", [%d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, + addr->sun_path, SECONTEXT_FILE(addr->sun_path), (int) *plen, SUFFIX_STR, rc); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS); - printf("%s(%d%s, %p, NULL%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR, - sprintrc(rc)); + printf("%s%s(%d%s%s, %p, NULL%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, + addr, SUFFIX_STR, sprintrc(rc)); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS); - printf("%s(%d%s, NULL, NULL%s) = %s\n", - TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, + printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, + rc == -1 ? PREFIX_F_STR : PREFIX_S_STR, SUFFIX_STR, sprintrc(rc)); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, plen + 1 SUFFIX_ARGS); - printf("%s(%d%s, %p, %p%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, + printf("%s%s(%d%s%s, %p, %p%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, plen + 1, SUFFIX_STR, sprintrc(rc)); const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path); @@ -108,8 +121,9 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, + printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc); ++addr; @@ -121,17 +135,19 @@ plen SUFFIX_ARGS); if (rc < 0) perror_msg_and_skip(TEST_SYSCALL_STR); - printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}" + printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}" ", [%d => %d]%s) = %d\n", - TEST_SYSCALL_STR, fd, PREFIX_S_STR, + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR, (int) (sizeof(struct sockaddr) - offsetof_sun_path), - addr->sun_path, (int) sizeof(struct sockaddr), - (int) *plen, SUFFIX_STR, rc); + addr->sun_path, SECONTEXT_FILE(addr->sun_path), + (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc); PREPARE_TEST_SYSCALL_INVOCATION; rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, plen SUFFIX_ARGS); - printf("%s(%d%s, %p, [%d]%s) = %s\n", - TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, + printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n", + my_secontext, + TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr, *plen, SUFFIX_STR, sprintrc(rc)); }