- Bail out if not running on a SELinux enabled system
- Check whether the passed context is valid
- Do not report a get_ordered_context_list_with_level failure on zero
found contexts
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libselinux/utils/getseuser.c | 47 +++++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 14 deletions(-)
diff --git a/libselinux/utils/getseuser.c b/libselinux/utils/getseuser.c
index 9193fe0a..ce1b7b27 100644
--- a/libselinux/utils/getseuser.c
+++ b/libselinux/utils/getseuser.c
@@ -9,32 +9,51 @@ int main(int argc, char **argv)
{
char *seuser = NULL, *level = NULL;
char **contextlist;
- int rc, n, i;
+ int rc, n;
if (argc != 3) {
fprintf(stderr, "usage: %s linuxuser fromcon\n", argv[0]);
- exit(1);
+ return 1;
+ }
+
+ if (!is_selinux_enabled()) {
+ fprintf(stderr, "%s may be used only on a SELinux enabled kernel.\n", argv[0]);
+ return 4;
}
rc = getseuserbyname(argv[1], &seuser, &level);
if (rc) {
- fprintf(stderr, "getseuserbyname failed: %s\n",
- strerror(errno));
- exit(2);
+ fprintf(stderr, "getseuserbyname failed: %s\n", strerror(errno));
+ return 2;
}
printf("seuser: %s, level %s\n", seuser, level);
- n = get_ordered_context_list_with_level(seuser, level, argv[2],
- &contextlist);
- if (n <= 0) {
- fprintf(stderr,
- "get_ordered_context_list_with_level failed: %s\n",
- strerror(errno));
- exit(3);
+
+ rc = security_check_context(argv[2]);
+ if (rc) {
+ fprintf(stderr, "context '%s' is invalid\n", argv[2]);
+ free(seuser);
+ free(level);
+ return 5;
+ }
+
+ n = get_ordered_context_list_with_level(seuser, level, argv[2], &contextlist);
+ if (n < 0) {
+ fprintf(stderr, "get_ordered_context_list_with_level failed: %s\n", strerror(errno));
+ free(seuser);
+ free(level);
+ return 3;
}
+
free(seuser);
free(level);
- for (i = 0; i < n; i++)
+
+ if (n == 0)
+ printf("no valid context found\n");
+
+ for (int i = 0; i < n; i++)
printf("Context %d\t%s\n", i, contextlist[i]);
+
freeconary(contextlist);
- exit(EXIT_SUCCESS);
+
+ return EXIT_SUCCESS;
}
--
2.30.0
