diff options
author | dcashman <dcashman@google.com> | 2015-06-12 14:38:54 -0700 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-06-15 14:40:06 -0700 |
commit | 943ed44a46ed95d557bf552b57fe61280a77489c (patch) | |
tree | 722df8151f8b9d258b7e0f18ed4782e10eaf5faf | |
parent | ceaa55fce32209054e4b0555ae676b01117eb9e3 (diff) | |
download | libselinux-943ed44a46ed95d557bf552b57fe61280a77489c.tar.gz |
restorecon: only operate on canonical paths.android-cts-6.0_r9android-cts-6.0_r8android-cts-6.0_r7android-cts-6.0_r6android-cts-6.0_r5android-cts-6.0_r4android-cts-6.0_r32android-cts-6.0_r31android-cts-6.0_r30android-cts-6.0_r3android-cts-6.0_r29android-cts-6.0_r28android-cts-6.0_r27android-cts-6.0_r26android-cts-6.0_r25android-cts-6.0_r24android-cts-6.0_r23android-cts-6.0_r22android-cts-6.0_r21android-cts-6.0_r20android-cts-6.0_r2android-cts-6.0_r19android-cts-6.0_r18android-cts-6.0_r17android-cts-6.0_r16android-cts-6.0_r15android-cts-6.0_r14android-cts-6.0_r13android-cts-6.0_r12android-cts-6.0_r1android-6.0.1_r9android-6.0.1_r81android-6.0.1_r80android-6.0.1_r8android-6.0.1_r79android-6.0.1_r78android-6.0.1_r77android-6.0.1_r74android-6.0.1_r73android-6.0.1_r72android-6.0.1_r70android-6.0.1_r7android-6.0.1_r69android-6.0.1_r68android-6.0.1_r67android-6.0.1_r66android-6.0.1_r65android-6.0.1_r63android-6.0.1_r62android-6.0.1_r61android-6.0.1_r60android-6.0.1_r59android-6.0.1_r58android-6.0.1_r57android-6.0.1_r56android-6.0.1_r55android-6.0.1_r54android-6.0.1_r53android-6.0.1_r52android-6.0.1_r51android-6.0.1_r50android-6.0.1_r5android-6.0.1_r49android-6.0.1_r48android-6.0.1_r47android-6.0.1_r46android-6.0.1_r45android-6.0.1_r43android-6.0.1_r42android-6.0.1_r41android-6.0.1_r40android-6.0.1_r4android-6.0.1_r33android-6.0.1_r32android-6.0.1_r31android-6.0.1_r30android-6.0.1_r3android-6.0.1_r28android-6.0.1_r27android-6.0.1_r26android-6.0.1_r25android-6.0.1_r24android-6.0.1_r22android-6.0.1_r21android-6.0.1_r20android-6.0.1_r18android-6.0.1_r17android-6.0.1_r16android-6.0.1_r13android-6.0.1_r12android-6.0.1_r11android-6.0.1_r10android-6.0.1_r1android-6.0.0_r7android-6.0.0_r6android-6.0.0_r5android-6.0.0_r41android-6.0.0_r4android-6.0.0_r3android-6.0.0_r26android-6.0.0_r25android-6.0.0_r24android-6.0.0_r23android-6.0.0_r2android-6.0.0_r13android-6.0.0_r12android-6.0.0_r11android-6.0.0_r1marshmallow-releasemarshmallow-mr3-releasemarshmallow-mr2-releasemarshmallow-mr1-releasemarshmallow-mr1-devmarshmallow-dr1.6-releasemarshmallow-dr1.5-releasemarshmallow-dr1.5-devmarshmallow-dr-releasemarshmallow-dr-dragon-releasemarshmallow-dr-devmarshmallow-devmarshmallow-cts-releaselinaro-android-6.0
(cherry-pick of commit: 06d45512e2df93f65a51877a51549e522b4f2cf5)
Bug: 21732016
Change-Id: I56c3e73a089da65bbe0f064bbdd6e8096c082db0
-rw-r--r-- | src/android.c | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/src/android.c b/src/android.c index f2b2370..1b4496d 100644 --- a/src/android.c +++ b/src/android.c @@ -28,6 +28,7 @@ #include "selinux_internal.h" #include "label_internal.h" #include <fnmatch.h> +#include <limits.h> /* * XXX Where should this configuration file be located? @@ -1212,7 +1213,7 @@ err: #define SYS_PATH "/sys" #define SYS_PREFIX SYS_PATH "/" -static int selinux_android_restorecon_common(const char* pathname, +static int selinux_android_restorecon_common(const char* pathname_orig, const char *seinfo, uid_t uid, unsigned int flags) @@ -1222,12 +1223,13 @@ static int selinux_android_restorecon_common(const char* pathname, bool recurse = (flags & SELINUX_ANDROID_RESTORECON_RECURSE) ? true : false; bool force = (flags & SELINUX_ANDROID_RESTORECON_FORCE) ? true : false; bool datadata = (flags & SELINUX_ANDROID_RESTORECON_DATADATA) ? true : false; - bool issys = (!strcmp(pathname, SYS_PATH) || !strncmp(pathname, SYS_PREFIX, sizeof(SYS_PREFIX)-1)) ? true : false; + bool issys; bool setrestoreconlast = true; struct stat sb; FTS *fts; FTSENT *ftsent; - char *const paths[2] = { __UNCONST(pathname), NULL }; + char *pathname; + char * paths[2] = { NULL , NULL }; int ftsflags = FTS_NOCHDIR | FTS_XDEV | FTS_PHYSICAL; int error, sverrno; char xattr_value[FC_DIGEST_SIZE]; @@ -1241,11 +1243,28 @@ static int selinux_android_restorecon_common(const char* pathname, if (!fc_sehandle) return 0; + // convert passed-in pathname to canonical pathname + pathname = realpath(pathname_orig, NULL); + if (!pathname) { + sverrno = errno; + selinux_log(SELINUX_ERROR, "SELinux: Could not get canonical path %s restorecon: %s.\n", + pathname_orig, strerror(errno)); + errno = sverrno; + error = -1; + goto cleanup; + } + paths[0] = pathname; + issys = (!strcmp(pathname, SYS_PATH) + || !strncmp(pathname, SYS_PREFIX, sizeof(SYS_PREFIX)-1)) ? true : false; + if (!recurse) { - if (lstat(pathname, &sb) < 0) - return -1; + if (lstat(pathname, &sb) < 0) { + error = -1; + goto cleanup; + } - return restorecon_sb(pathname, &sb, nochange, verbose, seinfo, uid); + error = restorecon_sb(pathname, &sb, nochange, verbose, seinfo, uid); + goto cleanup; } /* @@ -1269,13 +1288,16 @@ static int selinux_android_restorecon_common(const char* pathname, selinux_log(SELINUX_INFO, "SELinux: Skipping restorecon_recursive(%s)\n", pathname); - return 0; + error = 0; + goto cleanup; } } fts = fts_open(paths, ftsflags, NULL); - if (!fts) - return -1; + if (!fts) { + error = -1; + goto cleanup; + } error = 0; while ((ftsent = fts_read(fts)) != NULL) { @@ -1332,6 +1354,8 @@ out: sverrno = errno; (void) fts_close(fts); errno = sverrno; +cleanup: + free(pathname); return error; } |