> On Monday, 6 July 2015, 16:03, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 07/04/2015 06:57 AM, Richard Haines wrote: >> File labels assigned using the lookup_best_match() function do not >> assign the best match if its regex contains metacharacters in the >> binary file_contexts file version. >> >> This change adds a new entry in the binary file with the calculated >> prefix length that is then read when processing the file. This fix >> also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS. >> >> This patch relies on patch [1] that fixes the same problem >> for text based file_contexts files. >> >> [1] http://marc.info/?l=selinux&m=143576498713964&w=2 >> >> Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> >> --- >> libselinux/src/label_file.c | 11 ++++++++++- >> libselinux/src/label_file.h | 3 ++- >> libselinux/utils/sefcontext_compile.c | 8 ++++++++ >> 3 files changed, 20 insertions(+), 2 deletions(-) >> >> diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c >> index 4faf808..b4ee15d 100644 >> --- a/libselinux/src/label_file.c >> +++ b/libselinux/src/label_file.c >> @@ -261,7 +261,7 @@ static int load_mmap(struct selabel_handle *rec, const > char *path, >> for (i = 0; i < regex_array_len; i++) { >> struct spec *spec; >> int32_t stem_id, meta_chars; >> - uint32_t mode = 0; >> + uint32_t mode = 0, prefix_len = 0; >> >> rc = grow_specs(data); >> if (rc < 0) >> @@ -337,6 +337,15 @@ static int load_mmap(struct selabel_handle *rec, const > char *path, >> goto err; >> >> spec->hasMetaChars = meta_chars; >> + /* and prefix length for use by selabel_lookup_best_match */ >> + if (version >= SELINUX_COMPILED_FCONTEXT_PREFIX_LEN) { >> + rc = next_entry(&prefix_len, mmap_area, >> + sizeof(uint32_t)); >> + if (rc < 0) >> + goto err; >> + >> + spec->prefix_len = prefix_len; >> + } > > Not opposed, but wondering if it is worth storing this versus just > recomputing it by calling spec_hasMetaChars() again. I suppose it is > consistent with the fact that we were storing hasMetaChars in the binary > file in the first place though... I was just going to recalc by calling spec_hasMetaChars() but that also sets spec->hasMetaChars, so I thought I would add the already calc value for consistancy. I could just recalc if you would prefer this !!! And remove the hasMetaChars entry in the binary file ??? > >> >> /* Process regex and study_data entries */ >> rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t)); >> diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h >> index 73bcbba..1818dd6 100644 >> --- a/libselinux/src/label_file.h >> +++ b/libselinux/src/label_file.h >> @@ -12,8 +12,9 @@ >> #define SELINUX_COMPILED_FCONTEXT_NOPCRE_VERS 1 >> #define SELINUX_COMPILED_FCONTEXT_PCRE_VERS 2 >> #define SELINUX_COMPILED_FCONTEXT_MODE 3 >> +#define SELINUX_COMPILED_FCONTEXT_PREFIX_LEN 4 >> >> -#define SELINUX_COMPILED_FCONTEXT_MAX_VERS > SELINUX_COMPILED_FCONTEXT_MODE >> +#define SELINUX_COMPILED_FCONTEXT_MAX_VERS > SELINUX_COMPILED_FCONTEXT_PREFIX_LEN >> >> /* Prior to version 8.20, libpcre did not have pcre_free_study() */ >> #if (PCRE_MAJOR < 8 || (PCRE_MAJOR == 8 && PCRE_MINOR < 20)) >> diff --git a/libselinux/utils/sefcontext_compile.c > b/libselinux/utils/sefcontext_compile.c >> index a93105d..4160632 100644 >> --- a/libselinux/utils/sefcontext_compile.c >> +++ b/libselinux/utils/sefcontext_compile.c >> @@ -68,6 +68,7 @@ out: >> * mode_t for <= SELINUX_COMPILED_FCONTEXT_PCRE_VERS >> * s32 - stemid associated with the regex >> * u32 - spec has meta characters >> + * u32 - The specs prefix_len if >= > SELINUX_COMPILED_FCONTEXT_PREFIX_LEN >> * u32 - data length of the pcre regex >> * char - a bufer holding the raw pcre regex info >> * u32 - data length of the pcre regex study daya >> @@ -141,6 +142,7 @@ static int write_binary_file(struct saved_data *data, > int fd) >> char *context = specs[i].lr.ctx_raw; >> char *regex_str = specs[i].regex_str; >> mode_t mode = specs[i].mode; >> + size_t prefix_len = specs[i].prefix_len; >> int32_t stem_id = specs[i].stem_id; >> pcre *re = specs[i].regex; >> pcre_extra *sd = get_pcre_extra(&specs[i]); >> @@ -186,6 +188,12 @@ static int write_binary_file(struct saved_data *data, > int fd) >> if (len != 1) >> goto err; >> >> + /* For SELINUX_COMPILED_FCONTEXT_PREFIX_LEN */ >> + to_write = prefix_len; >> + len = fwrite(&to_write, sizeof(to_write), 1, bin_file); >> + if (len != 1) >> + goto err; >> + >> /* determine the size of the pcre data in bytes */ >> rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size); >> if (rc < 0) >> > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
