Christian Göttsche <cgzones@xxxxxxxxxxxxxx> writes:
> Check the given context a priori, to print a more user friendly message,
> opposed to a generic following get_ordered_context_list/_with_level
> failure.
>
> Notify the user about failures of get_ordered_context_list/_with_level,
> so no-context-found and a failure results are distinguishable.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> libselinux/utils/getconlist.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> index 29c16640..76654b75 100644
> --- a/libselinux/utils/getconlist.c
> +++ b/libselinux/utils/getconlist.c
> @@ -58,8 +58,14 @@ int main(int argc, char **argv)
> free(level);
> return 2;
> }
> - } else
> + } else {
> cur_context = argv[optind + 1];
> + if (security_check_context(cur_context) != 0) {
> + fprintf(stderr, "Given context '%s' is invalid.\n", cur_context);
> + free(level);
> + return 3;
3 is already used for "memory allocation failure: %d(%s)\n" error
But I'm not sure if it's important
> + }
> + }
>
> /* Get the list and print it */
> if (level)
> @@ -72,6 +78,11 @@ int main(int argc, char **argv)
> for (i = 0; list[i]; i++)
> puts(list[i]);
> freeconary(list);
> + } else {
> + fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n",
> + level ? "_with_level" : "", errno, strerror(errno));
> + free(level);
> + return 4;
> }
>
> free(level);
> --
> 2.30.0
