On Mon, Jun 3, 2019 at 12:02 PM Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> wrote: > > We used to hash the file_context and skip the restorecon on the top > level directory if the hash doesn't change. But the file_context > might change after an OTA update; and some users experienced long > restorecon time as they have lots of files under directories like > /data/media. > > This CL tries to hash all the partial match entries in the > file_context for each directory; and skips the restorecon if that > digest stays the same, regardless of the changes to the other parts > of file_context. > > This is a version ported from Android that was originally written by: > xunchang <xunchang@xxxxxxxxxx> > > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> > --- > V2 Change > Restore using SELABEL_OPT_DIGEST > [...] > +/* > + * Returns true if the digest of all partial matched contexts is the same as > + * the one saved by setxattr, otherwise returns false. The length of the SHA1 > + * digest will always be returned. The caller must free any returned digests. > + */ > +static bool get_digests_all_partial_matches(struct selabel_handle *rec, > + const char *pathname, > + uint8_t **calculated_digest, > + uint8_t **xattr_digest, > + size_t *digest_len) > +{ > + uint8_t read_digest[SHA1_HASH_SIZE]; > + ssize_t read_size = getxattr(pathname, RESTORECON_PARTIAL_MATCH_DIGEST, > + read_digest, SHA1_HASH_SIZE); > + uint8_t hash_digest[SHA1_HASH_SIZE]; > + bool status = selabel_hash_all_partial_matches(rec, pathname, > + hash_digest); > + > + *xattr_digest = NULL; > + *calculated_digest = NULL; > + *digest_len = SHA1_HASH_SIZE; > + > + if (read_size == SHA1_HASH_SIZE) { > + *xattr_digest = calloc(1, sizeof(SHA1_HASH_SIZE + 1)); > + if (!*xattr_digest) > + goto oom; > + > + memcpy(*xattr_digest, read_digest, SHA1_HASH_SIZE); > + } > + > + if (status) { > + *calculated_digest = calloc(1, sizeof(SHA1_HASH_SIZE + 1)); > + if (!*calculated_digest) > + goto oom; > + > + memcpy(*calculated_digest, hash_digest, SHA1_HASH_SIZE); > + } Hi, I do not know whether this patch is still pending or has been withdrawn (https://patchwork.kernel.org/patch/10972685/ tells "State: New"). In case you are still waiting for review/tests, I have been testing this patch, and it appears that this breaks on Travis-CI (gcc 5.4.0 on Ubuntu 16.04): In function ‘memcpy’, inlined from ‘get_digests_all_partial_matches’ at label_file.c:1005:3: /usr/include/x86_64-linux-gnu/bits/string3.h:53:10: error: call to __builtin___memcpy_chk will always overflow destination buffer [-Werror] return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); ^ In function ‘memcpy’, inlined from ‘get_digests_all_partial_matches’ at label_file.c:1013:3: /usr/include/x86_64-linux-gnu/bits/string3.h:53:10: error: call to __builtin___memcpy_chk will always overflow destination buffer [-Werror] return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); ^ This is a true-positive error: sizeof(SHA1_HASH_SIZE + 1) is the size of an integer, not "SHA1_HASH_SIZE + 1". Therefore gcc is right to report a heap overflow. Nicolas