Re: [RFC PATCH 2/9] libselinux: deprecate matchpathcon and compute_user interfaces

James Carter <jwcart2@xxxxxxxxx> · Thu, 15 Jun 2023 16:31:12 -0400

On Fri, May 12, 2023 at 6:25 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Annotate interfaces of the matchpathcon family and
> security_compute_user(3) and security_compute_user_raw(3) as deprecated.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
>  libselinux/include/selinux/selinux.h | 28 +++++++++++++++-------------
>  1 file changed, 15 insertions(+), 13 deletions(-)
>
> diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
> index 7f8deb65..4799dd1c 100644
> --- a/libselinux/include/selinux/selinux.h
> +++ b/libselinux/include/selinux/selinux.h
> @@ -261,10 +261,12 @@ extern int security_compute_member_raw(const char * scon,
>   */
>  extern int security_compute_user(const char * scon,
>                                  const char *username,
> -                                char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard;
> +                                char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard
> +                                              selinux_deprecated("Use get_ordered_context_list(3) family");
>  extern int security_compute_user_raw(const char * scon,
>                                      const char *username,
> -                                    char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard;
> +                                    char *** con) selinux_nonnull((1,2,3)) selinux_nodiscard
> +                                                  selinux_deprecated("Use get_ordered_context_list(3) family");
>
>  /* Validate a transition. This determines whether a transition from scon to newcon
>     using tcon as the target for object class tclass is valid in the loaded policy.
> @@ -435,7 +437,7 @@ extern void selinux_flush_class_cache(void);
>  /* Set the function used by matchpathcon_init when displaying
>     errors about the file_contexts configuration.  If not set,
>     then this defaults to fprintf(stderr, fmt, ...). */
> -extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
> +extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Set the function used by matchpathcon_init when checking the
>     validity of a context in the file contexts configuration.  If not set,
> @@ -444,7 +446,7 @@ extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
>     may include the 'path' and 'lineno' in such error messages. */
>  extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
>                                                   unsigned lineno,
> -                                                 char *context));
> +                                                 char *context)) selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Same as above, but also allows canonicalization of the context,
>     by changing *context to refer to the canonical form.  If not set,
> @@ -452,13 +454,13 @@ extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
>     security_canonicalize_context(). */
>  extern void set_matchpathcon_canoncon(int (*f) (const char *path,
>                                                 unsigned lineno,
> -                                               char **context));
> +                                               char **context)) selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Set flags controlling operation of matchpathcon_init or matchpathcon. */
>  #define MATCHPATHCON_BASEONLY 1        /* Only process the base file_contexts file. */
>  #define MATCHPATHCON_NOTRANS  2        /* Do not perform any context translation. */
>  #define MATCHPATHCON_VALIDATE 4        /* Validate/canonicalize contexts at init time. */
> -extern void set_matchpathcon_flags(unsigned int flags);
> +extern void set_matchpathcon_flags(unsigned int flags) selinux_deprecated("matchpathcon family is deprecated");
>

It seems that set_matchpathcon_printf(),
set_matchpathcon_invalidcon(), and set_matchpathcon_flags() should be
deprecated, but I can't find anything that says that they are.
Jim

>  /* Load the file contexts configuration specified by 'path'
>     into memory for use by subsequent matchpathcon calls.
> @@ -472,7 +474,7 @@ extern int matchpathcon_init(const char *path) selinux_nodiscard selinux_depreca
>
>  /* Same as matchpathcon_init, but only load entries with
>     regexes that have stems that are prefixes of 'prefix'. */
> -extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard;
> +extern int matchpathcon_init_prefix(const char *path, const char *prefix) selinux_nodiscard selinux_deprecated("Use selabel_open(3) with backend SELABEL_CTX_FILE");
>
>  /* Free the memory allocated by matchpathcon_init. */
>  extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)");
> @@ -480,7 +482,7 @@ extern void matchpathcon_fini(void) selinux_deprecated("Use selabel_close(3)");
>  /* Resolve all of the symlinks and relative portions of a pathname, but NOT
>   * the final component (same a realpath() unless the final component is a
>   * symlink.  Resolved path must be a path of size PATH_MAX + 1 */
> -extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard;
> +extern int realpath_not_final(const char *name, char *resolved_path) selinux_nonnull((1,2)) selinux_nodiscard selinux_deprecated("Not meant for external use");
>
>  /* Match the specified pathname and mode against the file contexts
>     configuration and set *con to refer to the resulting context.
> @@ -494,25 +496,25 @@ extern int matchpathcon(const char *path,
>  /* Same as above, but return a specification index for
>     later use in a matchpathcon_filespec_add() call - see below. */
>  extern int matchpathcon_index(const char *path,
> -                             mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard;
> +                             mode_t mode, char ** con) selinux_nonnull((1,3)) selinux_nodiscard selinux_deprecated("Use selabel_lookup(3)");
>
>  /* Maintain an association between an inode and a specification index,
>     and check whether a conflicting specification is already associated
>     with the same inode (e.g. due to multiple hard links).  If so, then
>     use the latter of the two specifications based on their order in the
>     file contexts configuration.  Return the used specification index. */
> -extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard;
> +extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) selinux_nonnull((3)) selinux_nodiscard selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Destroy any inode associations that have been added, e.g. to restart
>     for a new filesystem. */
> -extern void matchpathcon_filespec_destroy(void);
> +extern void matchpathcon_filespec_destroy(void) selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Display statistics on the hash table usage for the associations. */
> -extern void matchpathcon_filespec_eval(void);
> +extern void matchpathcon_filespec_eval(void) selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Check to see whether any specifications had no matches and report them.
>     The 'str' is used as a prefix for any warning messages. */
> -extern void matchpathcon_checkmatches(char *str);
> +extern void matchpathcon_checkmatches(char *str) selinux_deprecated("matchpathcon family is deprecated");
>
>  /* Match the specified media and against the media contexts
>     configuration and set *con to refer to the resulting context.
> --
> 2.40.1
>