diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-04 00:32:25 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-04 00:32:25 +0000 |
| commit | 020aba06ec81ba1244712aab4235cc579a68bf91 (patch) | |
| tree | f590b2cbe742e41ae8d2171fa9147ad555d99fbf | |
| parent | ea4c91ea97a7896dce463bb99196c5a47e25367d (diff) | |
| parent | f52d3c7a9bd315cb0962ad5f4d500885df6e8575 (diff) | |
| download | selinux-020aba06ec81ba1244712aab4235cc579a68bf91.tar.gz | |
Revert "Restorecon: Ignore the stem when looking up all matches in file context" am: b0f301ae2e am: 0538aabb73 am: f52d3c7a9b
Change-Id: I4e37abdd20aac2b9fb5ecc2a217ca720c97e20da
| -rw-r--r-- | libselinux/src/label_file.c | 27 | ||||
| -rw-r--r-- | libselinux/src/label_file.h | 10 |
2 files changed, 23 insertions, 14 deletions
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 7bc2daca..bc1e4716 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -39,17 +39,18 @@ static int get_stem_from_file_name(const char *const buf) /* find the stem of a file name, returns the index into stem_arr (or -1 if * there is no match - IE for a file in the root directory or a regex that is - * too complex for us). */ -static int find_stem_from_file(struct saved_data *data, const char *key) + * too complex for us). Makes buf point to the text AFTER the stem. */ +static int find_stem_from_file(struct saved_data *data, const char **buf) { int i; - int stem_len = get_stem_from_file_name(key); + int stem_len = get_stem_from_file_name(*buf); if (!stem_len) return -1; for (i = 0; i < data->num_stems; i++) { if (stem_len == data->stem_arr[i].len - && !strncmp(key, data->stem_arr[i].buf, stem_len)) { + && !strncmp(*buf, data->stem_arr[i].buf, stem_len)) { + *buf += stem_len; return i; } } @@ -905,6 +906,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, struct spec *spec_arr = data->spec_arr; int i, rc, file_stem; mode_t mode = (mode_t)type; + const char *buf; char *clean_key = NULL; const char *prev_slash, *next_slash; unsigned int sofar = 0; @@ -947,7 +949,8 @@ static const struct spec **lookup_all(struct selabel_handle *rec, if (sub) key = sub; - file_stem = find_stem_from_file(data, key); + buf = key; + file_stem = find_stem_from_file(data, &buf); mode &= S_IFMT; /* @@ -960,15 +963,15 @@ static const struct spec **lookup_all(struct selabel_handle *rec, * stem as the file AND if the spec in question has no mode * specified or if the mode matches the file mode then we do * a regex check */ - bool stem_matches = spec->stem_id == -1 || spec->stem_id == file_stem; - // Don't check the stem if we want to find partial matches. - // Otherwise the case "/abc/efg/(/.*)?" will be considered - //a miss for "/abc". - if ((partial || stem_matches) && + if ((spec->stem_id == -1 || spec->stem_id == file_stem) && (!mode || !spec->mode || mode == spec->mode)) { - if (compile_regex(spec, NULL) < 0) + if (compile_regex(data, spec, NULL) < 0) goto finish; - rc = regex_match(spec->regex, key, partial); + if (spec->stem_id == -1) + rc = regex_match(spec->regex, key, partial); + else + rc = regex_match(spec->regex, buf, partial); + if (rc == REGEX_MATCH || (partial && rc == REGEX_MATCH_PARTIAL)) { if (rc == REGEX_MATCH) { spec->matches++; diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h index 6f4ee101..47859baf 100644 --- a/libselinux/src/label_file.h +++ b/libselinux/src/label_file.h @@ -336,11 +336,13 @@ static inline int next_entry(void *buf, struct mmap_area *fp, size_t bytes) return 0; } -static inline int compile_regex(struct spec *spec, const char **errbuf) +static inline int compile_regex(struct saved_data *data, struct spec *spec, + const char **errbuf) { char *reg_buf, *anchored_regex, *cp; struct regex_error_data error_data; static char regex_error_format_buffer[256]; + struct stem *stem_arr = data->stem_arr; size_t len; int rc; bool regex_compiled; @@ -377,7 +379,11 @@ static inline int compile_regex(struct spec *spec, const char **errbuf) return 0; } + /* Skip the fixed stem. */ reg_buf = spec->regex_str; + if (spec->stem_id >= 0) + reg_buf += stem_arr[spec->stem_id].len; + /* Anchor the regular expression. */ len = strlen(reg_buf); cp = anchored_regex = malloc(len + 3); @@ -495,7 +501,7 @@ static inline int process_line(struct selabel_handle *rec, data->nspec++; if (rec->validating - && compile_regex(&spec_arr[nspec], &errbuf)) { + && compile_regex(data, &spec_arr[nspec], &errbuf)) { COMPAT_LOG(SELINUX_ERROR, "%s: line %u has invalid regex %s: %s\n", path, lineno, regex, errbuf); |