On Mon, Jun 3, 2019 at 12:02 PM Richard Haines
<richard_c_haines@xxxxxxxxxxxxxx> wrote:
>
> We used to hash the file_context and skip the restorecon on the top
> level directory if the hash doesn't change. But the file_context
> might change after an OTA update; and some users experienced long
> restorecon time as they have lots of files under directories like
> /data/media.
>
> This CL tries to hash all the partial match entries in the
> file_context for each directory; and skips the restorecon if that
> digest stays the same, regardless of the changes to the other parts
> of file_context.
>
> This is a version ported from Android that was originally written by:
> xunchang <xunchang@xxxxxxxxxx>
>
> Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> ---
> V2 Change
> Restore using SELABEL_OPT_DIGEST
>
[...]
> +/*
> + * Returns true if the digest of all partial matched contexts is the same as
> + * the one saved by setxattr, otherwise returns false. The length of the SHA1
> + * digest will always be returned. The caller must free any returned digests.
> + */
> +static bool get_digests_all_partial_matches(struct selabel_handle *rec,
> + const char *pathname,
> + uint8_t **calculated_digest,
> + uint8_t **xattr_digest,
> + size_t *digest_len)
> +{
> + uint8_t read_digest[SHA1_HASH_SIZE];
> + ssize_t read_size = getxattr(pathname, RESTORECON_PARTIAL_MATCH_DIGEST,
> + read_digest, SHA1_HASH_SIZE);
> + uint8_t hash_digest[SHA1_HASH_SIZE];
> + bool status = selabel_hash_all_partial_matches(rec, pathname,
> + hash_digest);
> +
> + *xattr_digest = NULL;
> + *calculated_digest = NULL;
> + *digest_len = SHA1_HASH_SIZE;
> +
> + if (read_size == SHA1_HASH_SIZE) {
> + *xattr_digest = calloc(1, sizeof(SHA1_HASH_SIZE + 1));
> + if (!*xattr_digest)
> + goto oom;
> +
> + memcpy(*xattr_digest, read_digest, SHA1_HASH_SIZE);
> + }
> +
> + if (status) {
> + *calculated_digest = calloc(1, sizeof(SHA1_HASH_SIZE + 1));
> + if (!*calculated_digest)
> + goto oom;
> +
> + memcpy(*calculated_digest, hash_digest, SHA1_HASH_SIZE);
> + }
Hi,
I do not know whether this patch is still pending or has been
withdrawn (https://patchwork.kernel.org/patch/10972685/ tells "State:
New"). In case you are still waiting for review/tests, I have been
testing this patch, and it appears that this breaks on Travis-CI (gcc
5.4.0 on Ubuntu 16.04):
In function ‘memcpy’,
inlined from ‘get_digests_all_partial_matches’ at label_file.c:1005:3:
/usr/include/x86_64-linux-gnu/bits/string3.h:53:10: error: call to
__builtin___memcpy_chk will always overflow destination buffer
[-Werror]
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^
In function ‘memcpy’,
inlined from ‘get_digests_all_partial_matches’ at label_file.c:1013:3:
/usr/include/x86_64-linux-gnu/bits/string3.h:53:10: error: call to
__builtin___memcpy_chk will always overflow destination buffer
[-Werror]
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^
This is a true-positive error: sizeof(SHA1_HASH_SIZE + 1) is the size
of an integer, not "SHA1_HASH_SIZE + 1". Therefore gcc is right to
report a heap overflow.
Nicolas
