These retrieved contexts are just passed to libselinux functions and not printed or otherwise made available to the outside, so a context translation to human readable MCS/MLS labels is not needed. (see man:setrans.conf(5)) The typedef security_context_t is deprecated, see https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 --- lib/selinux.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/selinux.c b/lib/selinux.c index c60cbed5..e31a5f92 100644 --- a/lib/selinux.c +++ b/lib/selinux.c @@ -53,7 +53,7 @@ static bool selinux_enabled; */ int set_selinux_file_context (const char *dst_name) { - /*@null@*/security_context_t scontext = NULL; + /*@null@*/char *scontext = NULL; if (!selinux_checked) { selinux_enabled = is_selinux_enabled () > 0; @@ -93,7 +93,7 @@ int reset_selinux_file_context (void) selinux_checked = true; } if (selinux_enabled) { - if (setfscreatecon (NULL) != 0) { + if (setfscreatecon_raw (NULL) != 0) { return 1; } } @@ -175,7 +175,7 @@ skip_syslog: */ int check_selinux_permit (const char *perm_name) { - char *user_context_str; + char *user_context_raw; int r; if (0 == is_selinux_enabled ()) { @@ -184,7 +184,7 @@ int check_selinux_permit (const char *perm_name) selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) selinux_log_cb); - if (getprevcon (&user_context_str) != 0) { + if (getprevcon_raw (&user_context_raw) != 0) { fprintf (stderr, _("%s: can not get previous SELinux process context: %s\n"), Prog, strerror (errno)); @@ -194,8 +194,8 @@ int check_selinux_permit (const char *perm_name) return (security_getenforce () != 0); } - r = selinux_check_access (user_context_str, user_context_str, "passwd", perm_name, NULL); - freecon (user_context_str); + r = selinux_check_access (user_context_raw, user_context_raw, "passwd", perm_name, NULL); + freecon (user_context_raw); return r; } -- 2.31.0
