>From 687fb693bebd4197f363b60d67263d7ead7cdd08 Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Tue, 20 Oct 2020 00:53:41 +0200 Subject: [PATCH] selinux-at, selinux-h: port to SELinux 3.1 The new release finally deprecated the typedef 'security_context_t', see . Use the simpler 'char *' instead. * lib/getfilecon.c (getfilecon): Adjust type of context parameter. (lgetfilecon): Likewise. (fgetfilecon): Likewise. (map_to_failure): Likewise. (rpl_getfilecon): Likewise. (rpl_lgetfilecon): Likewise. (rpl_fgetfilecon): Likewise. * lib/se-selinux.in.h (security_context_t): Remove typedef. (getcon): Adjust type of context parameter. (freecon): Likewise. (getfscreatecon): Likewise. (setfscreatecon): Likewise. (matchpathcon): Likewise. (getfilecon): Likewise. (lgetfilecon): Likewise. (fgetfilecon): Likewise. (setfilecon): Likewise. (lsetfilecon): Likewise. (fsetfilecon): Likewise. (security_check_context): Likewise. (security_check_context_raw): Likewise. (setexeccon): Likewise. (security_compute_create): Likewise. * lib/selinux-at.c (getfileconat): Likewise. (lgetfileconat): Likewise. (setfileconat): Likewise. (lsetfileconat): Likewise. * lib/selinux-at.h: Likewise. --- ChangeLog | 35 +++++++++++++++++++++++++++++++++++ lib/getfilecon.c | 14 +++++++------- lib/se-selinux.in.h | 35 +++++++++++++++++------------------ lib/selinux-at.c | 8 ++++---- lib/selinux-at.h | 8 ++++---- 5 files changed, 67 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4903d51e9..57d24801c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,38 @@ +2020-10-20 Bernhard Voelker + + selinux-at, selinux-h: port to SELinux 3.1 + The new release finally deprecated the typedef 'security_context_t', + see . + Use the simpler 'char *' instead. + * lib/getfilecon.c (getfilecon): Adjust type of context parameter. + (lgetfilecon): Likewise. + (fgetfilecon): Likewise. + (map_to_failure): Likewise. + (rpl_getfilecon): Likewise. + (rpl_lgetfilecon): Likewise. + (rpl_fgetfilecon): Likewise. + * lib/se-selinux.in.h (security_context_t): Remove typedef. + (getcon): Adjust type of context parameter. + (freecon): Likewise. + (getfscreatecon): Likewise. + (setfscreatecon): Likewise. + (matchpathcon): Likewise. + (getfilecon): Likewise. + (lgetfilecon): Likewise. + (fgetfilecon): Likewise. + (setfilecon): Likewise. + (lsetfilecon): Likewise. + (fsetfilecon): Likewise. + (security_check_context): Likewise. + (security_check_context_raw): Likewise. + (setexeccon): Likewise. + (security_compute_create): Likewise. + * lib/selinux-at.c (getfileconat): Likewise. + (lgetfileconat): Likewise. + (setfileconat): Likewise. + (lsetfileconat): Likewise. + * lib/selinux-at.h: Likewise. + 2020-10-18 Bruno Haible ssfmalloc: Add tests. diff --git a/lib/getfilecon.c b/lib/getfilecon.c index a35a001b1..3f4689138 100644 --- a/lib/getfilecon.c +++ b/lib/getfilecon.c @@ -33,9 +33,9 @@ #undef getfilecon #undef lgetfilecon #undef fgetfilecon -int getfilecon (char const *file, security_context_t *con); -int lgetfilecon (char const *file, security_context_t *con); -int fgetfilecon (int fd, security_context_t *con); +int getfilecon (char const *file, char **con); +int lgetfilecon (char const *file, char **con); +int fgetfilecon (int fd, char **con); /* getfilecon, lgetfilecon, and fgetfilecon can all misbehave, be it via an old version of libselinux where these would return 0 and set the @@ -46,7 +46,7 @@ int fgetfilecon (int fd, security_context_t *con); set errno to ENOTSUP in the first case, and ENODATA in the latter. */ static int -map_to_failure (int ret, security_context_t *con) +map_to_failure (int ret, char **con) { if (ret == 0) { @@ -66,21 +66,21 @@ map_to_failure (int ret, security_context_t *con) } int -rpl_getfilecon (char const *file, security_context_t *con) +rpl_getfilecon (char const *file, char **con) { int ret = getfilecon (file, con); return map_to_failure (ret, con); } int -rpl_lgetfilecon (char const *file, security_context_t *con) +rpl_lgetfilecon (char const *file, char **con) { int ret = lgetfilecon (file, con); return map_to_failure (ret, con); } int -rpl_fgetfilecon (int fd, security_context_t *con) +rpl_fgetfilecon (int fd, char**con) { int ret = fgetfilecon (fd, con); return map_to_failure (ret, con); diff --git a/lib/se-selinux.in.h b/lib/se-selinux.in.h index 05a766c10..022596bb8 100644 --- a/lib/se-selinux.in.h +++ b/lib/se-selinux.in.h @@ -43,64 +43,63 @@ _GL_INLINE_HEADER_BEGIN # if !GNULIB_defined_security_types typedef unsigned short security_class_t; -typedef char *security_context_t; # define is_selinux_enabled() 0 SE_SELINUX_INLINE int -getcon (security_context_t *con _GL_UNUSED_PARAMETER) +getcon (char **con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE void -freecon (security_context_t con _GL_UNUSED_PARAMETER) {} +freecon (char *con _GL_UNUSED_PARAMETER) {} SE_SELINUX_INLINE int -getfscreatecon (security_context_t *con _GL_UNUSED_PARAMETER) +getfscreatecon (char **con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int -setfscreatecon (security_context_t con _GL_UNUSED_PARAMETER) +setfscreatecon (char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int matchpathcon (char const *file _GL_UNUSED_PARAMETER, mode_t m _GL_UNUSED_PARAMETER, - security_context_t *con _GL_UNUSED_PARAMETER) + char **con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int getfilecon (char const *file _GL_UNUSED_PARAMETER, - security_context_t *con _GL_UNUSED_PARAMETER) + char **con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int lgetfilecon (char const *file _GL_UNUSED_PARAMETER, - security_context_t *con _GL_UNUSED_PARAMETER) + char **con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int -fgetfilecon (int fd, security_context_t *con _GL_UNUSED_PARAMETER) +fgetfilecon (int fd, char **con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int setfilecon (char const *file _GL_UNUSED_PARAMETER, - security_context_t con _GL_UNUSED_PARAMETER) + char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int lsetfilecon (char const *file _GL_UNUSED_PARAMETER, - security_context_t con _GL_UNUSED_PARAMETER) + char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int fsetfilecon (int fd _GL_UNUSED_PARAMETER, - security_context_t con _GL_UNUSED_PARAMETER) + char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int -security_check_context (security_context_t con _GL_UNUSED_PARAMETER) +security_check_context (char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int -security_check_context_raw (security_context_t con _GL_UNUSED_PARAMETER) +security_check_context_raw (char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int -setexeccon (security_context_t con _GL_UNUSED_PARAMETER) +setexeccon (char *con _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE int -security_compute_create (security_context_t scon _GL_UNUSED_PARAMETER, - security_context_t tcon _GL_UNUSED_PARAMETER, +security_compute_create (char *scon _GL_UNUSED_PARAMETER, + char *tcon _GL_UNUSED_PARAMETER, security_class_t tclass _GL_UNUSED_PARAMETER, - security_context_t *newcon _GL_UNUSED_PARAMETER) + char **newcon _GL_UNUSED_PARAMETER) { errno = ENOTSUP; return -1; } SE_SELINUX_INLINE security_class_t string_to_security_class (char const *name) diff --git a/lib/selinux-at.c b/lib/selinux-at.c index 77ac3378e..105a9f9d5 100644 --- a/lib/selinux-at.c +++ b/lib/selinux-at.c @@ -32,7 +32,7 @@ #define AT_FUNC_NAME getfileconat #define AT_FUNC_F1 getfilecon -#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con +#define AT_FUNC_POST_FILE_PARAM_DECLS , char **con #define AT_FUNC_POST_FILE_ARGS , con #include "at-func.c" #undef AT_FUNC_NAME @@ -42,7 +42,7 @@ #define AT_FUNC_NAME lgetfileconat #define AT_FUNC_F1 lgetfilecon -#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con +#define AT_FUNC_POST_FILE_PARAM_DECLS , char **con #define AT_FUNC_POST_FILE_ARGS , con #include "at-func.c" #undef AT_FUNC_NAME @@ -52,7 +52,7 @@ #define AT_FUNC_NAME setfileconat #define AT_FUNC_F1 setfilecon -#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con +#define AT_FUNC_POST_FILE_PARAM_DECLS , char *con #define AT_FUNC_POST_FILE_ARGS , con #include "at-func.c" #undef AT_FUNC_NAME @@ -62,7 +62,7 @@ #define AT_FUNC_NAME lsetfileconat #define AT_FUNC_F1 lsetfilecon -#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con +#define AT_FUNC_POST_FILE_PARAM_DECLS , char *con #define AT_FUNC_POST_FILE_ARGS , con #include "at-func.c" #undef AT_FUNC_NAME diff --git a/lib/selinux-at.h b/lib/selinux-at.h index fa975ef8d..50537f80f 100644 --- a/lib/selinux-at.h +++ b/lib/selinux-at.h @@ -31,22 +31,22 @@ must be freed with freecon. Upon error, set *CON to NULL, set errno and return -1. [*] with flags=0 here, with flags=AT_SYMLINK_NOFOLLOW for lgetfileconat */ -int getfileconat (int dir_fd, char const *file, security_context_t *con); +int getfileconat (int dir_fd, char const *file, char **con); /* dir-fd-relative lgetfilecon. This function is just like getfileconat, except when DIR_FD and FILE specify a symlink: lgetfileconat operates on the symlink, while getfileconat operates on the referent of the symlink. */ -int lgetfileconat (int dir_fd, char const *file, security_context_t *con); +int lgetfileconat (int dir_fd, char const *file, char **con); /* dir-fd-relative setfilecon. Set the SELinux security context of the file specified by DIR_FD and FILE to CON. DIR_FD and FILE are interpreted as for fstatat[*]. Upon success, return 0. Otherwise, return -1 and set errno. */ -int setfileconat (int dir_fd, char const *file, security_context_t con); +int setfileconat (int dir_fd, char const *file, char *con); /* dir-fd-relative lsetfilecon. This function is just like setfileconat, except that rather than dereferencing a symlink, this function affects it. */ /* dir-fd-relative lsetfilecon. This function is just like setfileconat, except when DIR_FD and FILE specify a symlink: lsetfileconat operates on the symlink, while setfileconat operates on the referent of the symlink. */ -int lsetfileconat (int dir_fd, char const *file, security_context_t con); +int lsetfileconat (int dir_fd, char const *file, char *con); -- 2.28.0