Re: [PATCH] libselinux: fix parsing of the enforcing kernel cmdline parameter

["robinshao007@163.com" <robinshao007@163.com>]

Hi Rahul，

I got what you want to do.
But I'm wondering whether the file "libselinux/src/load_policy.c" belongs to the SELinux kernel code - perhaps it's not part of the SELinux kernel components. 
It is a part of libselinux module.

robinshao007@163.com


///////////////////////////////////////////////////////////

 



From: Rahul Sandhu



Date: 2025-07-20 20:52



To: selinux



CC: Rahul Sandhu



Subject: [PATCH] libselinux: fix parsing of the enforcing kernel cmdline parameter



Currently, parsing of the cmdline has two issues:



- By using atoi, no error checking is done. What happens if an argument



  that isn't an integer is provided, e.g. enforcing=foo? And as there



  is also no validation that the number provided is actually valid, 1



  or 0, what happens if enforcing=2?



 



- After the first strstr, no arguments that follow are searched for; if



  I have enforcing=0 enforcing=1, the latter enforcing=1 is not taken



  into account. This is made even worse due to halting searching after



  finding the first "enforcing=" token, meaning that if the cmdline was



  as follows:



 



  fooenforcing=0 enforcing=0



 



  the enforcing parameter is entirely ignored.



 



This patch fixes this by:



 



  - Using strtol to actually validate that we got passed a number, and



    then validating that that number is either 0 or 1. If instead we



    get passed an invalid value, we skip over the argument entirely.



 



  - Looping until the last "enforcing=" in the cmdline. Latter (valid)



    arguments take precedence over previous arguments.



 



Although this patch (intentionally) breaks the case where "enforcing="



is provided with a positive argument that isn't 1, enforcing=2 doesn't



really make much sense, and being strict with the arguments we parse is



a good thing given that SELinux's mode of operation is controlled by



that option.



 



Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>



---



libselinux/src/load_policy.c | 21 +++++++++++++++------



1 file changed, 15 insertions(+), 6 deletions(-)



 



diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c



index dc1e4b6e..9d411b95 100644



--- a/libselinux/src/load_policy.c



+++ b/libselinux/src/load_policy.c



@@ -244,17 +244,26 @@ int selinux_init_load_policy(int *enforce)



rc = mount("proc", "/proc", "proc", 0, 0);



cfg = fopen("/proc/cmdline", "re");



if (cfg) {



- char *tmp;



buf = malloc(selinux_page_size);



if (!buf) {



fclose(cfg);



return -1;



}



- if (fgets(buf, selinux_page_size, cfg) &&



-     (tmp = strstr(buf, "enforcing="))) {



- if (tmp == buf || isspace((unsigned char)*(tmp - 1))) {



- secmdline =



-     atoi(tmp + sizeof("enforcing=") - 1);



+ if (fgets(buf, selinux_page_size, cfg)) {



+ char *search = buf;



+ char *tmp;



+ while ((tmp = strstr(search, "enforcing="))) {



+ if (tmp == buf || isspace((unsigned char)*(tmp - 1))) {



+ char *valstr = tmp + sizeof("enforcing=") - 1;



+ char *endptr;



+ errno = 0;



+ long val = strtol(valstr, &endptr, 10);



+ if (endptr != valstr && errno == 0 && (val == 0 || val == 1)) {



+ secmdline = (int)val;



+ }



+ }



+ /* advance past the current substring, latter arguments take precedence */



+ search = tmp + 1;



}



}



fclose(cfg);



--



2.50.1