Got Segmentation fault when use avc_context_to_sid() funtion!! can anyone help me?

Got Segmentation fault when use avc_context_to_sid() funtion!! can anyone help me?

[kuangjiou]

[-- Attachment #1: Type: text/plain, Size: 622 bytes --]

Hello,everyone!
I am learning how to use the selinux userspace apps recent.And I got Segmentation fault when I use the  avc_context_to_sid() funtion, dose anyone know how to resolve this problem? Thank you very much!

The following is my testing code with avc_context_to_sid()  funtion

#include <selinux/selinux.h>
#include <selinux/avc.h>
#include <stdlib.h>
#include <stdio.h>

int main()
{
         const char *scon = "system_u:object_r:unconfined_t";
         security_id_t sid;
         sid->ctx = scon;
         sid->refcnt = 28;

         avc_context_to_sid(scon, &sid);

         return 0;
}

[-- Attachment #2: Type: text/html, Size: 4137 bytes --]

Re: Got Segmentation fault when use avc_context_to_sid() funtion!! can anyone help me?

[Stephen Smalley]

On 11/06/2014 07:44 AM, kuangjiou wrote:
> Hello,everyone!
> I am learning how to use the selinux userspace apps recent.And I got Segmentation fault when I use the  avc_context_to_sid() funtion, dose anyone know how to resolve this problem? Thank you very much!
> 
> The following is my testing code with avc_context_to_sid()  funtion
> 
> #include <selinux/selinux.h>
> #include <selinux/avc.h>
> #include <stdlib.h>
> #include <stdio.h>
> 
> int main()
> {
>          const char *scon = "system_u:object_r:unconfined_t";
>          security_id_t sid;
>          sid->ctx = scon;
>          sid->refcnt = 28;
> 
>          avc_context_to_sid(scon, &sid);
> 
>          return 0;
> }

Must be preceded by a call to avc_init() or avc_open().  In current
libselinux, that is asserted on entry to the function.

However, I'd encourage you to consider using selinux_check_access()
instead for SELinux userspace object managers; it internally handles
calling avc_init() and avc_context_to_sid() as well as mapping class and
permission strings to numbers, making it much easier to use the AVC from
userspace.  We have been using it in the Android userspace.

Re: Got Segmentation fault when use avc_context_to_sid() funtion!! can anyone help me?

[Stephen Smalley]

On 11/06/2014 08:05 AM, Stephen Smalley wrote:
> On 11/06/2014 07:44 AM, kuangjiou wrote:
>> Hello,everyone!
>> I am learning how to use the selinux userspace apps recent.And I got Segmentation fault when I use the  avc_context_to_sid() funtion, dose anyone know how to resolve this problem? Thank you very much!
>>
>> The following is my testing code with avc_context_to_sid()  funtion
>>
>> #include <selinux/selinux.h>
>> #include <selinux/avc.h>
>> #include <stdlib.h>
>> #include <stdio.h>
>>
>> int main()
>> {
>>          const char *scon = "system_u:object_r:unconfined_t";
>>          security_id_t sid;
>>          sid->ctx = scon;
>>          sid->refcnt = 28;
>>
>>          avc_context_to_sid(scon, &sid);
>>
>>          return 0;
>> }
> 
> Must be preceded by a call to avc_init() or avc_open().  In current
> libselinux, that is asserted on entry to the function.
> 
> However, I'd encourage you to consider using selinux_check_access()
> instead for SELinux userspace object managers; it internally handles
> calling avc_init() and avc_context_to_sid() as well as mapping class and
> permission strings to numbers, making it much easier to use the AVC from
> userspace.  We have been using it in the Android userspace.

Also, for avc_context_to_sid(), the sid is an output argument; you
aren't supposed to initialize it to anything prior to making the call.
avc_context_to_sid() looks to see if there is already a SID allocated
for the context; if so, it sets sid to reference that SID; if not, it
allocates a new SID and sets sid to reference it.  Any assignment you
make to sid prior to the call will be ignored and overridden.