Re: [PATCH v2] libselinux/utils: check for valid contexts to improve error causes

James Carter <jwcart2@xxxxxxxxx> · Tue, 12 Apr 2022 14:05:29 -0400

On Wed, Apr 6, 2022 at 12:14 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, Apr 6, 2022 at 3:26 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Return more detailed error messages when the supplied contexts are
> > invalid.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

Merged.
Thanks,
Jim

> >
> > ---
> > v2:
> >    check new context in validatetrans
> > ---
> >  libselinux/utils/compute_av.c      | 10 ++++++++++
> >  libselinux/utils/compute_create.c  | 12 +++++++++++-
> >  libselinux/utils/compute_member.c  | 12 +++++++++++-
> >  libselinux/utils/compute_relabel.c | 10 ++++++++++
> >  libselinux/utils/getdefaultcon.c   |  5 +++++
> >  libselinux/utils/selinuxexeccon.c  |  6 +++++-
> >  libselinux/utils/validatetrans.c   | 15 +++++++++++++++
> >  7 files changed, 67 insertions(+), 3 deletions(-)
> >
> > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
> > index df4a77e8..ef08338f 100644
> > --- a/libselinux/utils/compute_av.c
> > +++ b/libselinux/utils/compute_av.c
> > @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> >                 exit(1);
> >         }
> >
> > +       if (security_check_context(argv[1])) {
> > +               fprintf(stderr, "%s:  invalid source context '%s'\n", argv[0], argv[1]);
> > +               exit(4);
> > +       }
> > +
> > +       if (security_check_context(argv[2])) {
> > +               fprintf(stderr, "%s:  invalid target context '%s'\n", argv[0], argv[2]);
> > +               exit(5);
> > +       }
> > +
> >         tclass = string_to_security_class(argv[3]);
> >         if (!tclass) {
> >                 fprintf(stderr, "%s:  invalid class '%s'\n", argv[0], argv[3]);
> > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
> > index 449ccd90..63029c19 100644
> > --- a/libselinux/utils/compute_create.c
> > +++ b/libselinux/utils/compute_create.c
> > @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> >                 exit(1);
> >         }
> >
> > +       if (security_check_context(argv[1])) {
> > +               fprintf(stderr, "%s:  invalid source context '%s'\n", argv[0], argv[1]);
> > +               exit(4);
> > +       }
> > +
> > +       if (security_check_context(argv[2])) {
> > +               fprintf(stderr, "%s:  invalid target context '%s'\n", argv[0], argv[2]);
> > +               exit(5);
> > +       }
> > +
> >         tclass = string_to_security_class(argv[3]);
> >         if (!tclass) {
> > -               fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> > +               fprintf(stderr, "%s:  invalid class '%s'\n", argv[0], argv[3]);
> >                 exit(2);
> >         }
> >
> > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
> > index c6dad19e..1ef47c25 100644
> > --- a/libselinux/utils/compute_member.c
> > +++ b/libselinux/utils/compute_member.c
> > @@ -17,9 +17,19 @@ int main(int argc, char **argv)
> >                 exit(1);
> >         }
> >
> > +       if (security_check_context(argv[1])) {
> > +               fprintf(stderr, "%s:  invalid source context '%s'\n", argv[0], argv[1]);
> > +               exit(4);
> > +       }
> > +
> > +       if (security_check_context(argv[2])) {
> > +               fprintf(stderr, "%s:  invalid target context '%s'\n", argv[0], argv[2]);
> > +               exit(5);
> > +       }
> > +
> >         tclass = string_to_security_class(argv[3]);
> >         if (!tclass) {
> > -               fprintf(stderr, "Invalid class '%s'\n", argv[3]);
> > +               fprintf(stderr, "%s:  invalid class '%s'\n", argv[0], argv[3]);
> >                 exit(2);
> >         }
> >
> > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
> > index 85c760bc..f6a957da 100644
> > --- a/libselinux/utils/compute_relabel.c
> > +++ b/libselinux/utils/compute_relabel.c
> > @@ -17,6 +17,16 @@ int main(int argc, char **argv)
> >                 exit(1);
> >         }
> >
> > +       if (security_check_context(argv[1])) {
> > +               fprintf(stderr, "%s:  invalid source context '%s'\n", argv[0], argv[1]);
> > +               exit(4);
> > +       }
> > +
> > +       if (security_check_context(argv[2])) {
> > +               fprintf(stderr, "%s:  invalid target context '%s'\n", argv[0], argv[2]);
> > +               exit(5);
> > +       }
> > +
> >         tclass = string_to_security_class(argv[3]);
> >         if (!tclass) {
> >                 fprintf(stderr, "%s:  invalid class '%s'\n", argv[0], argv[3]);
> > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
> > index 957c1cb2..590e98d9 100644
> > --- a/libselinux/utils/getdefaultcon.c
> > +++ b/libselinux/utils/getdefaultcon.c
> > @@ -68,6 +68,11 @@ int main(int argc, char **argv)
> >         } else
> >                 cur_context = argv[optind + 1];
> >
> > +       if (security_check_context(cur_context)) {
> > +               fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], cur_context);
> > +               return 3;
> > +       }
> > +
> >         if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
> >                 if (! level) level=dlevel;
> >                 if (role != NULL && role[0])
> > diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
> > index b50e7886..66754b6a 100644
> > --- a/libselinux/utils/selinuxexeccon.c
> > +++ b/libselinux/utils/selinuxexeccon.c
> > @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
> >         exit(rc);
> >  }
> >
> > -static char * get_selinux_proc_context(const char *command, char * execcon) {
> > +static char * get_selinux_proc_context(const char *command, const char * execcon) {
> >         char * fcon = NULL, *newcon = NULL;
> >
> >         int ret = getfilecon(command, &fcon);
> > @@ -43,6 +43,10 @@ int main(int argc, char **argv)
> >                 }
> >         } else {
> >                 con = strdup(argv[2]);
> > +               if (security_check_context(con)) {
> > +                       fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], con);
> > +                       return -1;
> > +               }
> >         }
> >
> >         proccon = get_selinux_proc_context(argv[1], con);
> > diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c
> > index 1db33e66..9d642a93 100644
> > --- a/libselinux/utils/validatetrans.c
> > +++ b/libselinux/utils/validatetrans.c
> > @@ -17,12 +17,27 @@ int main(int argc, char **argv)
> >                 exit(1);
> >         }
> >
> > +       if (security_check_context(argv[1])) {
> > +               fprintf(stderr, "%s:  invalid source context '%s'\n", argv[0], argv[1]);
> > +               exit(4);
> > +       }
> > +
> > +       if (security_check_context(argv[2])) {
> > +               fprintf(stderr, "%s:  invalid target context '%s'\n", argv[0], argv[2]);
> > +               exit(5);
> > +       }
> > +
> >         tclass = string_to_security_class(argv[3]);
> >         if (!tclass) {
> >                 fprintf(stderr, "%s:  invalid class '%s'\n", argv[0], argv[3]);
> >                 exit(2);
> >         }
> >
> > +       if (security_check_context(argv[4])) {
> > +               fprintf(stderr, "%s:  invalid new context '%s'\n", argv[0], argv[4]);
> > +               exit(6);
> > +       }
> > +
> >         ret = security_validatetrans(argv[1], argv[2], tclass, argv[4]);
> >         printf("security_validatetrans returned %d errno: %s\n", ret, strerror(errno));
> >
> > --
> > 2.35.1
> >