tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libselinux: support context validation on file_contexts.bin

Browse source 
If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then
we should validate contexts in the same manner as with file_contexts.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-08-06 13:49:36 -04:00
parent c95ede0034
commit 49346faa05
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libselinux/src/label_file.c
View file

@ -302,6 +302,14 @@ static int load_mmap(struct selabel_handle *rec, const char *path,
} }
spec->lr.ctx_raw = str_buf; spec->lr.ctx_raw = str_buf;
if (strcmp(spec->lr.ctx_raw, "<<none>>") && rec->validating) {
if (selabel_validate(rec, &spec->lr) < 0) {
selinux_log(SELINUX_ERROR,
"%s: context %s is invalid\n", mmap_path, spec->lr.ctx_raw);
goto err;
}
}
/* Process regex string */ /* Process regex string */
rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t)); rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t));
if (rc < 0 || !entry_len) { if (rc < 0 || !entry_len) {