From f415b29255819e19ffde16018fb9ad02cbbfd17c Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Sat, 28 Sep 2019 21:10:15 +0200 Subject: Move fstree selinux code to gensquashfs Same rational as for the dir-scanner code: It's actually the only user and it is going to get a lot closer integerated with libsquashfs. Signed-off-by: David Oberhollenzer --- include/fstree.h | 4 --- lib/fstree/Makemodule.am | 7 +---- lib/fstree/selinux.c | 70 ------------------------------------------------ mkfs/Makemodule.am | 4 ++- mkfs/mkfs.h | 7 +++++ mkfs/selinux.c | 62 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 73 insertions(+), 81 deletions(-) delete mode 100644 lib/fstree/selinux.c create mode 100644 mkfs/selinux.c diff --git a/include/fstree.h b/include/fstree.h index 110ad1f..a60b214 100644 --- a/include/fstree.h +++ b/include/fstree.h @@ -222,10 +222,6 @@ void fstree_xattr_deduplicate(fstree_t *fs); */ int fstree_from_file(fstree_t *fs, const char *filename, FILE *fp); -/* Add labels from an SELinux labeling file to all tree nodes. - Returns 0 on success. Internally prints errors to stderr. */ -int fstree_relabel_selinux(fstree_t *fs, const char *filename); - /* Returns 0 on success. Prints to stderr on failure */ int fstree_gen_inode_table(fstree_t *fs); diff --git a/lib/fstree/Makemodule.am b/lib/fstree/Makemodule.am index 960ab1d..fe2c5ca 100644 --- a/lib/fstree/Makemodule.am +++ b/lib/fstree/Makemodule.am @@ -6,12 +6,7 @@ libfstree_a_SOURCES += lib/fstree/add_by_path.c lib/fstree/xattr.c libfstree_a_SOURCES += include/fstree.h libfstree_a_SOURCES += lib/fstree/gen_file_list.c libfstree_a_SOURCES += lib/fstree/source_date_epoch.c -libfstree_a_CFLAGS = $(AM_CFLAGS) $(LIBSELINUX_CFLAGS) +libfstree_a_CFLAGS = $(AM_CFLAGS) libfstree_a_CPPFLAGS = $(AM_CPPFLAGS) -if WITH_SELINUX -libfstree_a_SOURCES += lib/fstree/selinux.c -libfstree_a_CPPFLAGS += -DWITH_SELINUX -endif - noinst_LIBRARIES += libfstree.a diff --git a/lib/fstree/selinux.c b/lib/fstree/selinux.c deleted file mode 100644 index 1cb921d..0000000 --- a/lib/fstree/selinux.c +++ /dev/null @@ -1,70 +0,0 @@ -/* SPDX-License-Identifier: GPL-3.0-or-later */ -/* - * selinux.c - * - * Copyright (C) 2019 David Oberhollenzer - */ -#include "config.h" - -#include "fstree.h" - -#include -#include -#include -#include -#include - -#define XATTR_NAME_SELINUX "security.selinux" -#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0" - -static int relable_node(fstree_t *fs, struct selabel_handle *sehnd, - tree_node_t *node) -{ - char *context = NULL, *path; - int ret; - - path = fstree_get_path(node); - if (path == NULL) - goto fail; - - if (selabel_lookup(sehnd, &context, path, node->mode) < 0) { - context = strdup(XATTR_VALUE_SELINUX); - if (context == NULL) - goto fail; - } - - ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context); - free(context); - free(path); - return ret; -fail: - perror("relabeling files"); - free(path); - return -1; -} - -int fstree_relabel_selinux(fstree_t *fs, const char *filename) -{ - struct selabel_handle *sehnd; - struct selinux_opt seopts[] = { - { SELABEL_OPT_PATH, filename }, - }; - size_t i; - int ret = 0; - - sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1); - - if (sehnd == NULL) { - perror(filename); - return -1; - } - - for (i = 2; i < fs->inode_tbl_size; ++i) { - ret = relable_node(fs, sehnd, fs->inode_table[i]); - if (ret) - break; - } - - selabel_close(sehnd); - return ret; -} diff --git a/mkfs/Makemodule.am b/mkfs/Makemodule.am index f1e0d0d..75fc3a4 100644 --- a/mkfs/Makemodule.am +++ b/mkfs/Makemodule.am @@ -3,9 +3,11 @@ gensquashfs_SOURCES += mkfs/dirscan.c gensquashfs_LDADD = libsqfshelper.a libsquashfs.la libfstree.a libutil.la gensquashfs_LDADD += $(LIBSELINUX_LIBS) gensquashfs_CPPFLAGS = $(AM_CPPFLAGS) -gensquashfs_CFLAGS = $(AM_CFLAGS) +gensquashfs_CFLAGS = $(AM_CFLAGS) $(LIBSELINUX_CFLAGS) + if WITH_SELINUX gensquashfs_CPPFLAGS += -DWITH_SELINUX +gensquashfs_SOURCES += mkfs/selinux.c endif bin_PROGRAMS += gensquashfs diff --git a/mkfs/mkfs.h b/mkfs/mkfs.h index bce98d8..f00898b 100644 --- a/mkfs/mkfs.h +++ b/mkfs/mkfs.h @@ -23,6 +23,11 @@ #include #endif +#ifdef WITH_SELINUX +#include +#include +#endif + #include #include #include @@ -65,4 +70,6 @@ void process_command_line(options_t *opt, int argc, char **argv); int fstree_from_dir(fstree_t *fs, const char *path, unsigned int flags); +int fstree_relabel_selinux(fstree_t *fs, const char *filename); + #endif /* MKFS_H */ diff --git a/mkfs/selinux.c b/mkfs/selinux.c new file mode 100644 index 0000000..5fc4f52 --- /dev/null +++ b/mkfs/selinux.c @@ -0,0 +1,62 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * selinux.c + * + * Copyright (C) 2019 David Oberhollenzer + */ +#include "mkfs.h" + +#define XATTR_NAME_SELINUX "security.selinux" +#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0" + +static int relable_node(fstree_t *fs, struct selabel_handle *sehnd, + tree_node_t *node) +{ + char *context = NULL, *path; + int ret; + + path = fstree_get_path(node); + if (path == NULL) + goto fail; + + if (selabel_lookup(sehnd, &context, path, node->mode) < 0) { + context = strdup(XATTR_VALUE_SELINUX); + if (context == NULL) + goto fail; + } + + ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context); + free(context); + free(path); + return ret; +fail: + perror("relabeling files"); + free(path); + return -1; +} + +int fstree_relabel_selinux(fstree_t *fs, const char *filename) +{ + struct selabel_handle *sehnd; + struct selinux_opt seopts[] = { + { SELABEL_OPT_PATH, filename }, + }; + size_t i; + int ret = 0; + + sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1); + + if (sehnd == NULL) { + perror(filename); + return -1; + } + + for (i = 2; i < fs->inode_tbl_size; ++i) { + ret = relable_node(fs, sehnd, fs->inode_table[i]); + if (ret) + break; + } + + selabel_close(sehnd); + return ret; +} -- cgit v1.2.3