Re: [PATCH] label_file.c: Fix MAC build

Stephen Smalley <sds@xxxxxxxxxxxxx> · Mon, 10 Feb 2020 15:49:18 -0500

On 2/7/20 6:00 PM, Nick Kralevich wrote:
On Android, the label_file.c file is compiled for all platforms,
including OSX. OSX has a slightly different prototype for the
getxattr function.

ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options);

which causes a compile error when compiling libselinux on OSX.

   ```
   external/selinux/libselinux/src/label_file.c:1038:37: error: too few arguments to function call, expected 6, have 4
                                        read_digest, SHA1_HASH_SIZE);
                                                                 ^
   /Applications/Xcode9.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/xattr.h:61:1: note: 'getxattr' declared here
   ssize_t getxattr(const char *path, const char *name, void *value, size_t size, u_int32_t position, int options);
   ^
   1 error generated.
   ```

On OSX builds, add the additional arguments so that the code compiles.

As both SELinux labels and the restorecon partial digest are stored in
extended attributes, it's theoretically possible that someone
could assign SELinux labels and hash digests on OSX filesystems.
Doing so would be extremely weird and completely untested, but
theoretically possible.

Signed-off-by: Nick Kralevich <nnk@xxxxxxxxxx>

Wondering why the getxattr() call isn't done in the selinux_restorecon 
code instead, or why this is needed as a separate selabel_ interface at 
all. Probably too late though to change it though without breaking API/ABI.

Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>

---
  libselinux/src/label_file.c | 6 +++++-
  1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 300625c2..f2aaf3ba 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -985,7 +985,11 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
  {
  	uint8_t read_digest[SHA1_HASH_SIZE];
  	ssize_t read_size = getxattr(pathname, RESTORECON_PARTIAL_MATCH_DIGEST,
-				     read_digest, SHA1_HASH_SIZE);
+				     read_digest, SHA1_HASH_SIZE
+#ifdef __APPLE__
+				     , 0, 0
+#endif /* __APPLE __ */
+				    );
  	uint8_t hash_digest[SHA1_HASH_SIZE];
  	bool status = selabel_hash_all_partial_matches(rec, pathname,
  						       hash_digest);


q






