[PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[Eric Paris]

The below attached patch implements two new function, get and set
procattrcon.  These are generic functions that take a context and a path
and attempt to write that context to that path.  These are used by of
exported libselinux interfaces, like getfscreatecon, as a generic
backend to reduce duplication of code.

 include/selinux/selinux.h |    8 +++++
 src/getprocattrcon.c      |   67 ++++++++++++++++++++++++++++++++++++++++++++++
 src/selinux_internal.h    |    4 ++
 src/setprocattrcon.c      |   40 +++++++++++++++++++++++++++

--- libselinux-1.30.15/src/setprocattrcon.c.p1	2006-06-23 15:05:25.000000000 -0400
+++ libselinux-1.30.15/src/setprocattrcon.c	2006-06-23 15:10:05.000000000 -0400
@@ -0,0 +1,40 @@
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include "selinux_internal.h"
+
+int setprocattrcon_raw(char *context, char *proc_entry)
+{
+	int fd;
+	ssize_t ret;
+
+	fd = open(proc_entry, O_RDWR);
+	if (fd < 0)
+		return -1;
+	if (context) 
+		ret = write(fd, context, strlen(context)+1);
+	else
+		ret = write(fd, NULL, 0); /* clear */
+	close(fd);
+	if (ret < 0)
+		return -1;
+	else
+		return 0;
+}
+hidden_def(setprocattrcon_raw)
+
+int setprocattrcon(char *context, char *proc_entry)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (selinux_trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = setprocattrcon_raw(rcontext, proc_entry);
+
+	freecon(rcontext);
+
+	return ret;
+}
+hidden_def(setprocattrcon)
--- libselinux-1.30.15/src/selinux_internal.h.p1	2006-06-23 15:05:25.000000000 -0400
+++ libselinux-1.30.15/src/selinux_internal.h	2006-06-23 15:20:06.000000000 -0400
@@ -26,6 +26,10 @@ hidden_proto(is_selinux_enabled)
 hidden_proto(is_selinux_mls_enabled)
 hidden_proto(freecon)
 hidden_proto(freeconary)
+hidden_proto(getprocattrcon)
+hidden_proto(getprocattrcon_raw)
+hidden_proto(setprocattrcon)
+hidden_proto(setprocattrcon_raw)
 hidden_proto(getprevcon)
 hidden_proto(getprevcon_raw)
 hidden_proto(getcon)
--- libselinux-1.30.15/src/getprocattrcon.c.p1	2006-06-23 15:05:25.000000000 -0400
+++ libselinux-1.30.15/src/getprocattrcon.c	2006-06-23 15:10:05.000000000 -0400
@@ -0,0 +1,67 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int getprocattrcon_raw(security_context_t *context, char *proc_entry)
+{
+	char *buf;
+	size_t size;
+	int fd;
+	ssize_t ret;
+
+	fd = open(proc_entry, O_RDONLY);
+	if (fd < 0)
+		return -1;
+
+	size = selinux_page_size;
+	buf = malloc(size);
+	if (!buf) {
+		ret = -1;
+		goto out;
+	}
+	memset(buf, 0, size);
+
+	do {
+		ret = read(fd, buf, size-1);
+	} while (ret < 0 && errno == EINTR);
+	if (ret < 0)
+		goto out2;
+
+	if (ret == 0) {
+		*context = NULL;
+		goto out2;
+	}
+
+	*context = strdup(buf);
+	if (!(*context)) {
+		ret = -1;
+		goto out2;
+	}
+	ret = 0;
+out2:			
+	free(buf);
+out:
+	close(fd);
+	return ret;
+}
+hidden_def(getprocattrcon_raw)
+
+int getprocattrcon(security_context_t *context, char *proc_entry)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getprocattrcon_raw(&rcontext, proc_entry);
+
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
+		freecon(rcontext);
+	} 
+
+	return ret;
+}
+hidden_def(getprocattrcon)
--- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-23 15:05:25.000000000 -0400
+++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-23 15:20:06.000000000 -0400
@@ -24,6 +24,14 @@ extern void freeconary(security_context_
 
 /* Wrappers for the /proc/pid/attr API. */
 
+/* Generic /proc pid attr handlers.  These will either get or set the context
+   from or into the proc location passed to them.  Should only be called from 
+   inside libselinux */
+extern int getprocattrcon(security_context_t *con, char *path);
+extern int getprocattrcon_raw(security_context_t *con, char *path);
+extern int setprocattrcon(security_context_t con, char *path);
+extern int setprocattrcon_raw(security_context_t con, char *path);
+
 /* Get current context, and set *con to refer to it.
    Caller must free via freecon. */
 extern int getcon(security_context_t *con);



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[James Antill]

[-- Attachment #1: Type: text/plain, Size: 2340 bytes --]

On Fri, 2006-06-23 at 16:32 -0400, Eric Paris wrote:
> The below attached patch implements two new function, get and set
> procattrcon.  These are generic functions that take a context and a path
> and attempt to write that context to that path.  These are used by of
> exported libselinux interfaces, like getfscreatecon, as a generic
> backend to reduce duplication of code.

> --- libselinux-1.30.15/src/setprocattrcon.c.p1	2006-06-23 15:05:25.000000000 -0400
> +++ libselinux-1.30.15/src/setprocattrcon.c	2006-06-23 15:10:05.000000000 -0400
> @@ -0,0 +1,40 @@
> +#include <unistd.h>
> +#include <string.h>
> +#include <fcntl.h>
> +#include "selinux_internal.h"
> +
> +int setprocattrcon_raw(char *context, char *proc_entry)
> +{
> +	int fd;
> +	ssize_t ret;
> +
> +	fd = open(proc_entry, O_RDWR);
> +	if (fd < 0)
> +		return -1;
> +	if (context) 
> +		ret = write(fd, context, strlen(context)+1);
> +	else
> +		ret = write(fd, NULL, 0); /* clear */
> +	close(fd);

 Could you save and restore errno around the close? I know it didn't do
that before, but still...

> +	if (ret < 0)
> +		return -1;
> +	else
> +		return 0;
> +}
> +hidden_def(setprocattrcon_raw)
[...]
> +hidden_def(setprocattrcon)

 These make it impossible to call those functions from outside the
shared library, but you've declared them in the external header.

> --- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-23 15:05:25.000000000 -0400
> +++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-23 15:20:06.000000000 -0400
> @@ -24,6 +24,14 @@ extern void freeconary(security_context_
>  
>  /* Wrappers for the /proc/pid/attr API. */
>  
> +/* Generic /proc pid attr handlers.  These will either get or set the context
> +   from or into the proc location passed to them.  Should only be called from 
> +   inside libselinux */
> +extern int getprocattrcon(security_context_t *con, char *path);
> +extern int getprocattrcon_raw(security_context_t *con, char *path);
> +extern int setprocattrcon(security_context_t con, char *path);
> +extern int setprocattrcon_raw(security_context_t con, char *path);
> +
>  /* Get current context, and set *con to refer to it.
>     Caller must free via freecon. */
>  extern int getcon(security_context_t *con);

-- 
James Antill <jantill@redhat.com>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[Eric Paris]

The below attached patch implements two new function, get and set
procattrcon.  These are generic functions that take a context and a path
and attempt to write that context to that path.  These are used by of
exported libselinux interfaces, like getfscreatecon, as a generic
backend to reduce duplication of code.

-Eric

 include/selinux/selinux.h |    8 +++++
 src/getprocattrcon.c      |   70 ++++++++++++++++++++++++++++++++++++++++++++++
 src/selinux_internal.h    |    4 ++
 src/setprocattrcon.c      |   48 +++++++++++++++++++++++++++++++
 4 files changed, 130 insertions(+)

--- libselinux-1.30.15/src/setprocattrcon.c.p1	2006-06-26 12:00:54.000000000 -0400
+++ libselinux-1.30.15/src/setprocattrcon.c	2006-06-26 12:20:21.000000000 -0400
@@ -0,0 +1,48 @@
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include "selinux_internal.h"
+
+int setprocattrcon_raw(char *context, char *proc_entry)
+{
+	int fd;
+	ssize_t ret;
+	int errno_hold;
+
+	fd = open(proc_entry, O_RDWR);
+	if (fd < 0)
+		return -1;
+	if (context) 
+		do {
+			ret = write(fd, context, strlen(context)+1);
+		} while (ret < 0 && errno == EINTR);
+	else
+		do {
+			ret = write(fd, NULL, 0); /* clear */
+		} while (ret < 0 && errno == EINTR);
+	errno_hold = errno;
+	close(fd);
+	errno = errno_hold;
+	if (ret < 0)
+		return -1;
+	else
+		return 0;
+}
+hidden_def(setprocattrcon_raw)
+
+int setprocattrcon(char *context, char *proc_entry)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (selinux_trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = setprocattrcon_raw(rcontext, proc_entry);
+
+	freecon(rcontext);
+
+	return ret;
+}
+hidden_def(setprocattrcon)
--- libselinux-1.30.15/src/selinux_internal.h.p1	2006-06-16 15:08:51.000000000 -0400
+++ libselinux-1.30.15/src/selinux_internal.h	2006-06-26 12:00:54.000000000 -0400
@@ -26,6 +26,10 @@ hidden_proto(is_selinux_enabled)
 hidden_proto(is_selinux_mls_enabled)
 hidden_proto(freecon)
 hidden_proto(freeconary)
+hidden_proto(getprocattrcon)
+hidden_proto(getprocattrcon_raw)
+hidden_proto(setprocattrcon)
+hidden_proto(setprocattrcon_raw)
 hidden_proto(getprevcon)
 hidden_proto(getprevcon_raw)
 hidden_proto(getcon)
--- libselinux-1.30.15/src/getprocattrcon.c.p1	2006-06-26 12:00:54.000000000 -0400
+++ libselinux-1.30.15/src/getprocattrcon.c	2006-06-26 12:19:23.000000000 -0400
@@ -0,0 +1,70 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int getprocattrcon_raw(security_context_t *context, char *proc_entry)
+{
+	char *buf;
+	size_t size;
+	int fd;
+	ssize_t ret;
+	int errno_hold;
+
+	fd = open(proc_entry, O_RDONLY);
+	if (fd < 0)
+		return -1;
+
+	size = selinux_page_size;
+	buf = malloc(size);
+	if (!buf) {
+		ret = -1;
+		goto out;
+	}
+	memset(buf, 0, size);
+
+	do {
+		ret = read(fd, buf, size-1);
+	} while (ret < 0 && errno == EINTR);
+	if (ret < 0)
+		goto out2;
+
+	if (ret == 0) {
+		*context = NULL;
+		goto out2;
+	}
+
+	*context = strdup(buf);
+	if (!(*context)) {
+		ret = -1;
+		goto out2;
+	}
+	ret = 0;
+out2:			
+	free(buf);
+out:
+	errno_hold = errno;
+	close(fd);
+	errno = errno_hold;
+	return ret;
+}
+hidden_def(getprocattrcon_raw)
+
+int getprocattrcon(security_context_t *context, char *proc_entry)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getprocattrcon_raw(&rcontext, proc_entry);
+
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
+		freecon(rcontext);
+	} 
+
+	return ret;
+}
+hidden_def(getprocattrcon)
--- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-26 12:00:54.000000000 -0400
+++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-26 12:00:54.000000000 -0400
@@ -24,6 +24,14 @@ extern void freeconary(security_context_
 
 /* Wrappers for the /proc/pid/attr API. */
 
+/* Generic /proc pid attr handlers.  These will either get or set the context
+   from or into the proc location passed to them.  Should only be called from 
+   inside libselinux */
+extern int getprocattrcon(security_context_t *con, char *path);
+extern int getprocattrcon_raw(security_context_t *con, char *path);
+extern int setprocattrcon(security_context_t con, char *path);
+extern int setprocattrcon_raw(security_context_t con, char *path);
+
 /* Get current context, and set *con to refer to it.
    Caller must free via freecon. */
 extern int getcon(security_context_t *con);



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[Stephen Smalley]

On Mon, 2006-06-26 at 12:48 -0400, Eric Paris wrote:
> The below attached patch implements two new function, get and set
> procattrcon.  These are generic functions that take a context and a path
> and attempt to write that context to that path.  These are used by of
> exported libselinux interfaces, like getfscreatecon, as a generic
> backend to reduce duplication of code.

> --- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-26 12:00:54.000000000 -0400
> +++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-26 12:00:54.000000000 -0400
> @@ -24,6 +24,14 @@ extern void freeconary(security_context_
>  
>  /* Wrappers for the /proc/pid/attr API. */
>  
> +/* Generic /proc pid attr handlers.  These will either get or set the context
> +   from or into the proc location passed to them.  Should only be called from 
> +   inside libselinux */
> +extern int getprocattrcon(security_context_t *con, char *path);
> +extern int getprocattrcon_raw(security_context_t *con, char *path);
> +extern int setprocattrcon(security_context_t con, char *path);
> +extern int setprocattrcon_raw(security_context_t con, char *path);
> +
>  /* Get current context, and set *con to refer to it.
>     Caller must free via freecon. */
>  extern int getcon(security_context_t *con);

If they should only be called from inside libselinux, why are they
defined in selinux/selinux.h, and exported to users of the library?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[Eric Paris]

On Mon, 2006-06-26 at 14:31 -0400, Stephen Smalley wrote:
> > --- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-26 12:00:54.000000000 -0400
> > +++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-26 12:00:54.000000000 -0400
> > @@ -24,6 +24,14 @@ extern void freeconary(security_context_
> >  
> >  /* Wrappers for the /proc/pid/attr API. */
> >  
> > +/* Generic /proc pid attr handlers.  These will either get or set the context
> > +   from or into the proc location passed to them.  Should only be called from 
> > +   inside libselinux */
> > +extern int getprocattrcon(security_context_t *con, char *path);
> > +extern int getprocattrcon_raw(security_context_t *con, char *path);
> > +extern int setprocattrcon(security_context_t con, char *path);
> > +extern int setprocattrcon_raw(security_context_t con, char *path);
> > +
> >  /* Get current context, and set *con to refer to it.
> >     Caller must free via freecon. */
> >  extern int getcon(security_context_t *con);
> 
> If they should only be called from inside libselinux, why are they
> defined in selinux/selinux.h, and exported to users of the library?

When I originally typed that comment I was still under the misguided
impression they were being hidden (which should have stood out as
strange for the same reason it did to james).  I could see value if you
had done something custom to your kernel or your libselinux didn't have
interfaces for all of the /proc/pid/attr/* (as is now the case since
there are kernels with keycreate and sockcreate but no libselinux
interface, even if that will get fixed shortly.)  I don't think it's
unreasonable to remove that comment and just leave them as visable
functions.  Do you want another patch to remove the comment?  Anyone
have feelings that we shouldn't export such a general interface?

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[Stephen Smalley]

On Mon, 2006-06-26 at 15:38 -0400, Eric Paris wrote:
> On Mon, 2006-06-26 at 14:31 -0400, Stephen Smalley wrote:
> > > --- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-26 12:00:54.000000000 -0400
> > > +++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-26 12:00:54.000000000 -0400
> > > @@ -24,6 +24,14 @@ extern void freeconary(security_context_
> > >  
> > >  /* Wrappers for the /proc/pid/attr API. */
> > >  
> > > +/* Generic /proc pid attr handlers.  These will either get or set the context
> > > +   from or into the proc location passed to them.  Should only be called from 
> > > +   inside libselinux */
> > > +extern int getprocattrcon(security_context_t *con, char *path);
> > > +extern int getprocattrcon_raw(security_context_t *con, char *path);
> > > +extern int setprocattrcon(security_context_t con, char *path);
> > > +extern int setprocattrcon_raw(security_context_t con, char *path);
> > > +
> > >  /* Get current context, and set *con to refer to it.
> > >     Caller must free via freecon. */
> > >  extern int getcon(security_context_t *con);
> > 
> > If they should only be called from inside libselinux, why are they
> > defined in selinux/selinux.h, and exported to users of the library?
> 
> When I originally typed that comment I was still under the misguided
> impression they were being hidden (which should have stood out as
> strange for the same reason it did to james).  I could see value if you
> had done something custom to your kernel or your libselinux didn't have
> interfaces for all of the /proc/pid/attr/* (as is now the case since
> there are kernels with keycreate and sockcreate but no libselinux
> interface, even if that will get fixed shortly.)  I don't think it's
> unreasonable to remove that comment and just leave them as visable
> functions.  Do you want another patch to remove the comment?  Anyone
> have feelings that we shouldn't export such a general interface?

I'm not sure what we gain from such an interface for users of the
library, as it requires the caller to know the full path of the proc
file, so they have to already know about /proc/pid/attr and about the
specific node they want.  At which point they might as well just open
and read it directly (no added abstraction).  So I'd hide these
functions within the library (i.e. hidden qualifier), not make them part
of the public interface.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libselinux: 1/2 Introduce {get,set}procattrcon

[Stephen Smalley]

On Mon, 2006-06-26 at 16:15 -0400, Stephen Smalley wrote:
> On Mon, 2006-06-26 at 15:38 -0400, Eric Paris wrote:
> > On Mon, 2006-06-26 at 14:31 -0400, Stephen Smalley wrote:
> > > > --- libselinux-1.30.15/include/selinux/selinux.h.p1	2006-06-26 12:00:54.000000000 -0400
> > > > +++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-26 12:00:54.000000000 -0400
> > > > @@ -24,6 +24,14 @@ extern void freeconary(security_context_
> > > >  
> > > >  /* Wrappers for the /proc/pid/attr API. */
> > > >  
> > > > +/* Generic /proc pid attr handlers.  These will either get or set the context
> > > > +   from or into the proc location passed to them.  Should only be called from 
> > > > +   inside libselinux */
> > > > +extern int getprocattrcon(security_context_t *con, char *path);
> > > > +extern int getprocattrcon_raw(security_context_t *con, char *path);
> > > > +extern int setprocattrcon(security_context_t con, char *path);
> > > > +extern int setprocattrcon_raw(security_context_t con, char *path);
> > > > +
> > > >  /* Get current context, and set *con to refer to it.
> > > >     Caller must free via freecon. */
> > > >  extern int getcon(security_context_t *con);
> > > 
> > > If they should only be called from inside libselinux, why are they
> > > defined in selinux/selinux.h, and exported to users of the library?
> > 
> > When I originally typed that comment I was still under the misguided
> > impression they were being hidden (which should have stood out as
> > strange for the same reason it did to james).  I could see value if you
> > had done something custom to your kernel or your libselinux didn't have
> > interfaces for all of the /proc/pid/attr/* (as is now the case since
> > there are kernels with keycreate and sockcreate but no libselinux
> > interface, even if that will get fixed shortly.)  I don't think it's
> > unreasonable to remove that comment and just leave them as visable
> > functions.  Do you want another patch to remove the comment?  Anyone
> > have feelings that we shouldn't export such a general interface?
> 
> I'm not sure what we gain from such an interface for users of the
> library, as it requires the caller to know the full path of the proc
> file, so they have to already know about /proc/pid/attr and about the
> specific node they want.  At which point they might as well just open
> and read it directly (no added abstraction).  So I'd hide these
> functions within the library (i.e. hidden qualifier), not make them part
> of the public interface.

I merged the patches, with the above change ([gs]etprocattrcon are now
truly hidden functions within the shared library).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.