diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-04 00:32:27 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-04 00:32:27 +0000 |
| commit | b52d79ad9c184892aa9d7da3de97b83925b1a64b (patch) | |
| tree | 20a5f3277b7bc00aef802cce80a9ca937a7bcefc | |
| parent | 020aba06ec81ba1244712aab4235cc579a68bf91 (diff) | |
| parent | 65ba33ba3185d3880d024670227e42b53e0a71ad (diff) | |
| download | selinux-b52d79ad9c184892aa9d7da3de97b83925b1a64b.tar.gz | |
Revert "Restorecon: factor out a lookup helper for context matches" am: 263539011d am: 106e12e4cf am: 65ba33ba31
Change-Id: Ied9c2ee5ea757f27cc88d95ae4442819851d611a
| -rw-r--r-- | libselinux/include/selinux/label.h | 4 | ||||
| -rw-r--r-- | libselinux/src/label.c | 9 | ||||
| -rw-r--r-- | libselinux/src/label_file.c | 110 | ||||
| -rw-r--r-- | libselinux/src/label_internal.h | 2 |
4 files changed, 20 insertions, 105 deletions
diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h index e537aa11..277287ed 100644 --- a/libselinux/include/selinux/label.h +++ b/libselinux/include/selinux/label.h @@ -7,7 +7,6 @@ #define _SELABEL_H_ #include <stdbool.h> -#include <stdint.h> #include <sys/types.h> #include <selinux/selinux.h> @@ -106,9 +105,6 @@ int selabel_lookup_raw(struct selabel_handle *handle, char **con, bool selabel_partial_match(struct selabel_handle *handle, const char *key); -bool selabel_hash_all_partial_matches(struct selabel_handle *rec, - const char *key, uint8_t* digest); - int selabel_lookup_best_match(struct selabel_handle *rec, char **con, const char *key, const char **aliases, int type); int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, diff --git a/libselinux/src/label.c b/libselinux/src/label.c index e232eb1b..ce786cd4 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -282,15 +282,6 @@ bool selabel_partial_match(struct selabel_handle *rec, const char *key) return rec->func_partial_match(rec, key); } -bool selabel_hash_all_partial_matches(struct selabel_handle *rec, - const char *key, uint8_t *digest) { - if (!rec->func_hash_all_partial_matches) { - return false; - } - - return rec->func_hash_all_partial_matches(rec, key, digest); -} - int selabel_lookup_best_match(struct selabel_handle *rec, char **con, const char *key, const char **aliases, int type) { diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index bc1e4716..0f3d0df2 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -893,37 +893,22 @@ static void closef(struct selabel_handle *rec) free(data); } -// Finds all the matches of |key| in the given context. Returns the result in -// the allocated array and updates the match count. If match_count is NULL, -// stops early once the 1st match is found. -static const struct spec **lookup_all(struct selabel_handle *rec, - const char *key, - int type, - bool partial, - size_t *match_count) +static struct spec *lookup_common(struct selabel_handle *rec, + const char *key, + int type, + bool partial) { struct saved_data *data = (struct saved_data *)rec->data; struct spec *spec_arr = data->spec_arr; int i, rc, file_stem; mode_t mode = (mode_t)type; const char *buf; + struct spec *ret = NULL; char *clean_key = NULL; const char *prev_slash, *next_slash; unsigned int sofar = 0; char *sub = NULL; - const struct spec **result = NULL; - if (match_count) { - *match_count = 0; - result = calloc(data->nspec, sizeof(struct spec*)); - } else { - result = calloc(1, sizeof(struct spec*)); - } - if (!result) { - selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__); - goto finish; - } - if (!data->nspec) { errno = ENOENT; goto finish; @@ -964,33 +949,18 @@ static const struct spec **lookup_all(struct selabel_handle *rec, * specified or if the mode matches the file mode then we do * a regex check */ if ((spec->stem_id == -1 || spec->stem_id == file_stem) && - (!mode || !spec->mode || mode == spec->mode)) { + (!mode || !spec->mode || mode == spec->mode)) { if (compile_regex(data, spec, NULL) < 0) goto finish; if (spec->stem_id == -1) rc = regex_match(spec->regex, key, partial); else rc = regex_match(spec->regex, buf, partial); - - if (rc == REGEX_MATCH || (partial && rc == REGEX_MATCH_PARTIAL)) { - if (rc == REGEX_MATCH) { - spec->matches++; - } - - if (strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) { - errno = ENOENT; - goto finish; - } - - if (match_count) { - result[*match_count] = spec; - *match_count += 1; - // Continue to find all the matches. - continue; - } - result[0] = spec; + if (rc == REGEX_MATCH) { + spec->matches++; + break; + } else if (partial && rc == REGEX_MATCH_PARTIAL) break; - } if (rc == REGEX_NO_MATCH) continue; @@ -1001,58 +971,19 @@ static const struct spec **lookup_all(struct selabel_handle *rec, } } -finish: - free(clean_key); - free(sub); - if (result && !result[0]) { - free(result); - result = NULL; - } - return result; -} - -static struct spec *lookup_common(struct selabel_handle *rec, - const char *key, - int type, - bool partial) { - const struct spec **matches = lookup_all(rec, key, type, partial, NULL); - if (!matches) { - return NULL; - } - struct spec *result = (struct spec*)matches[0]; - free(matches); - return result; -} - -static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key, uint8_t *digest) -{ - assert(digest); - - size_t total_matches; - const struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); - if (!matches) { - return false; - } - - Sha1Context context; - Sha1Initialise(&context); - size_t i; - for (i = 0; i < total_matches; i++) { - char* regex_str = matches[i]->regex_str; - uint32_t mode = matches[i]->mode; - char* ctx_raw = matches[i]->lr.ctx_raw; - - Sha1Update(&context, regex_str, strlen(regex_str) + 1); - Sha1Update(&context, &mode, sizeof(uint32_t)); - Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1); + if (i < 0 || strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) { + /* No matching specification. */ + errno = ENOENT; + goto finish; } - SHA1_HASH sha1_hash; - Sha1Finalise(&context, &sha1_hash); - memcpy(digest, sha1_hash.bytes, SHA1_HASH_SIZE); + errno = 0; + ret = &spec_arr[i]; - free(matches); - return true; +finish: + free(clean_key); + free(sub); + return ret; } static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, @@ -1252,7 +1183,6 @@ int selabel_file_init(struct selabel_handle *rec, rec->func_stats = &stats; rec->func_lookup = &lookup; rec->func_partial_match = &partial_match; - rec->func_hash_all_partial_matches = &hash_all_partial_matches; rec->func_lookup_best_match = &lookup_best_match; rec->func_cmp = &cmp; diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h index 8add71a5..a05a10a6 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -87,8 +87,6 @@ struct selabel_handle { void (*func_close) (struct selabel_handle *h); void (*func_stats) (struct selabel_handle *h); bool (*func_partial_match) (struct selabel_handle *h, const char *key); - bool (*func_hash_all_partial_matches) (struct selabel_handle *h, - const char *key, uint8_t *digest); struct selabel_lookup_rec *(*func_lookup_best_match) (struct selabel_handle *h, const char *key, |