Re: [PATCH v5] libselinux: Eliminate use of security_compute_user()

Stephen Smalley <sds@xxxxxxxxxxxxx> · Wed, 12 Feb 2020 11:01:41 -0500

On 2/11/20 5:14 AM, Petr Lautrbach wrote:
get_ordered_context_list() code used to ask the kernel to compute the complete
set of reachable contexts using /sys/fs/selinux/user aka
security_compute_user(). This set can be so huge so that it doesn't fit into a
kernel page and security_compute_user() fails. Even if it doesn't fail,
get_ordered_context_list() throws away the vast majority of the returned
contexts because they don't match anything in
/etc/selinux/targeted/contexts/default_contexts or
/etc/selinux/targeted/contexts/users/

get_ordered_context_list() is rewritten to compute set of contexts based on
/etc/selinux/targeted/contexts/users/ and
/etc/selinux/targeted/contexts/default_contexts files and to return only valid
contexts, using security_check_context(), from this set.

Fixes: https://github.com/SELinuxProject/selinux/issues/28

Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
---

diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
index 689e46589f30..6078d980cde1 100644
--- a/libselinux/src/get_context_list.c
+++ b/libselinux/src/get_context_list.c
@@ -463,40 +467,18 @@ int get_ordered_context_list(const char *user,
  				__FUNCTION__, selinux_default_context_path());
  			/* Fall through */
  		}
-		rc = 0;
+		rc = nreachable;

Shouldn't we do this outside the if (fp) statement?  Otherwise, if we 
got some reachable contexts from the per-user contexts file but the 
global default_contexts file was missing, we'll end up freeing the 
reachable contexts and returning 0 on the out path.

  	}
  
-	if (!nordered)
+	if (!nreachable)
  		goto failsafe;
  
-	/* Apply the ordering. */
-	co = malloc(nreach * sizeof(struct context_order));
-	if (!co)
-		goto failsafe;
-	for (i = 0; i < nreach; i++) {
-		co[i].con = reachable[i];
-		co[i].order = ordering[i];
-	}
-	qsort(co, nreach, sizeof(struct context_order), order_compare);
-	for (i = 0; i < nreach; i++)
-		reachable[i] = co[i].con;
-	free(co);
-
-	/* Only report the ordered entries to the caller. */
-	if (nordered <= nreach) {
-		for (i = nordered; i < nreach; i++)
-			free(reachable[i]);
-		reachable[nordered] = NULL;
-		rc = nordered;
-	}
-
        out:
  	if (rc > 0)
  		*list = reachable;
  	else
  		freeconary(reachable);
  
-	free(ordering);
  	if (freefrom)
  		freecon(fromcon);
  








