On Sun, May 29, 2022 at 8:54 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote:
>
> On Fri, May 20, 2022 at 3:16 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > context_str(3) returns a string representation of the given context.
> > This string is owned by the context and free'd on context_free(3).
> > Declare it const, as already done in the man page, since it must not be
> > free'd by the caller.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
>
Merged.
Thanks,
Jim
> Thanks!
>
> > ---
> > libselinux/include/selinux/context.h | 2 +-
> > libselinux/src/context.c | 2 +-
> > libselinux/src/get_context_list.c | 11 ++++++-----
> > libselinux/src/query_user_context.c | 2 +-
> > policycoreutils/newrole/newrole.c | 2 +-
> > 5 files changed, 10 insertions(+), 9 deletions(-)
> >
> > diff --git a/libselinux/include/selinux/context.h b/libselinux/include/selinux/context.h
> > index 949fb1e1..82f4e690 100644
> > --- a/libselinux/include/selinux/context.h
> > +++ b/libselinux/include/selinux/context.h
> > @@ -25,7 +25,7 @@ extern "C" {
> > * for the same context_t*
> > */
> >
> > - extern char *context_str(context_t);
> > + extern const char *context_str(context_t);
> >
> > /* Free the storage used by a context */
> > extern void context_free(context_t);
> > diff --git a/libselinux/src/context.c b/libselinux/src/context.c
> > index b2144c7c..9dddbc5a 100644
> > --- a/libselinux/src/context.c
> > +++ b/libselinux/src/context.c
> > @@ -116,7 +116,7 @@ void context_free(context_t context)
> > /*
> > * Return a pointer to the string value of the context.
> > */
> > -char *context_str(context_t context)
> > +const char *context_str(context_t context)
> > {
> > context_private_t *n = context->ptr;
> > int i;
> > diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
> > index cfe38e59..d774b9cf 100644
> > --- a/libselinux/src/get_context_list.c
> > +++ b/libselinux/src/get_context_list.c
> > @@ -143,6 +143,7 @@ static int get_context_user(FILE * fp,
> > char *linerole, *linetype;
> > char **new_reachable = NULL;
> > char *usercon_str;
> > + const char *usercon_str2;
> > context_t con;
> > context_t usercon;
> >
> > @@ -257,20 +258,20 @@ static int get_context_user(FILE * fp,
> > rc = -1;
> > goto out;
> > }
> > - usercon_str = context_str(usercon);
> > - if (!usercon_str) {
> > + usercon_str2 = context_str(usercon);
> > + if (!usercon_str2) {
> > context_free(usercon);
> > rc = -1;
> > goto out;
> > }
> >
> > /* check whether usercon is already in reachable */
> > - if (is_in_reachable(*reachable, usercon_str)) {
> > + if (is_in_reachable(*reachable, usercon_str2)) {
> > context_free(usercon);
> > start = end;
> > continue;
> > }
> > - if (security_check_context(usercon_str) == 0) {
> > + if (security_check_context(usercon_str2) == 0) {
> > new_reachable = realloc(*reachable, (*nreachable + 2) * sizeof(char *));
> > if (!new_reachable) {
> > context_free(usercon);
> > @@ -278,7 +279,7 @@ static int get_context_user(FILE * fp,
> > goto out;
> > }
> > *reachable = new_reachable;
> > - new_reachable[*nreachable] = strdup(usercon_str);
> > + new_reachable[*nreachable] = strdup(usercon_str2);
> > if (new_reachable[*nreachable] == NULL) {
> > context_free(usercon);
> > rc = -1;
> > diff --git a/libselinux/src/query_user_context.c b/libselinux/src/query_user_context.c
> > index b8125c96..29a1b360 100644
> > --- a/libselinux/src/query_user_context.c
> > +++ b/libselinux/src/query_user_context.c
> > @@ -115,7 +115,7 @@ int manual_user_enter_context(const char *user, char ** newcon)
> > int mls_enabled = is_selinux_mls_enabled();
> >
> > context_t new_context; /* The new context chosen by the user */
> > - char *user_context = NULL; /* String value of the user's context */
> > + const char *user_context = NULL; /* String value of the user's context */
> > int done = 0; /* true if a valid sid has been obtained */
> >
> > /* Initialize the context. How this is done depends on whether
> > diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
> > index ae37d725..c2afa37e 100644
> > --- a/policycoreutils/newrole/newrole.c
> > +++ b/policycoreutils/newrole/newrole.c
> > @@ -842,7 +842,7 @@ static int parse_command_line_arguments(int argc, char **argv, char *ttyn,
> > char *type_ptr = NULL; /* stores malloc'd data from get_default_type */
> > char *level_s = NULL; /* level spec'd by user in argv[] */
> > char *range_ptr = NULL;
> > - char *new_con = NULL;
> > + const char *new_con = NULL;
> > char *tty_con = NULL;
> > context_t context = NULL; /* manipulatable form of new_context */
> > const struct option long_options[] = {
> > --
> > 2.36.1
> >
>
