static int validate_handler( const semanage_fcontext_t* fcon, void* varg) { char* str; /* Unpack varg */ struct validate_handler_arg* arg = (struct validate_handler_arg*) varg; semanage_handle_t* handle = arg->handle; const sepol_policydb_t* policydb = arg->policydb; /* Unpack fcontext */ const char* expr = semanage_fcontext_get_expr(fcon); int type = semanage_fcontext_get_type(fcon); const char* type_str = semanage_fcontext_get_type_str(type); semanage_context_t* con = semanage_fcontext_get_con(fcon); if (con && sepol_context_check(handle->sepolh, policydb, con) < 0) goto invalid; return 0; invalid: if (semanage_context_to_string(handle, con, &str) >= 0) { ERR(handle, "invalid context %s specified for %s [%s]", str, expr, type_str); free(str); } else ERR(handle, "invalid context specified for %s [%s]", expr, type_str); return -1; }
static int validate(char **contextp) { bool res; char *context = *contextp; sepol_context_t *ctx; int rc = sepol_context_from_string(global_state.sepolicy.handle, context, &ctx); if (rc < 0) { fprintf(stderr, "Error: Could not allocate context from string"); exit(1); } rc = sepol_context_check(global_state.sepolicy.handle, global_state.sepolicy.sdb, ctx); if (rc < 0) { goto out; } const char *type_name = sepol_context_get_type(ctx); uint32_t len = ebitmap_length(&global_state.assert.set); if (len > 0) { res = !is_type_of_attribute_set(global_state.sepolicy.pdb, type_name, &global_state.assert.set); if (res) { fprintf(stderr, "Error: type \"%s\" is not of set: ", type_name); dump_char_array(stderr, global_state.assert.attrs); fprintf(stderr, "\n"); /* The calls above did not affect rc, so set error before going to out */ rc = -1; goto out; } } /* Success: Although it should be 0, we explicitly set rc to 0 for clarity */ rc = 0; out: sepol_context_free(ctx); return rc; }
static int check_line(genhomedircon_settings_t * s, Ustr *line) { sepol_context_t *ctx_record = NULL; const char *ctx_str; int result; ctx_str = extract_context(line); if (!ctx_str) return STATUS_ERR; result = sepol_context_from_string(s->h_semanage->sepolh, ctx_str, &ctx_record); if (result == STATUS_SUCCESS && ctx_record != NULL) { sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL); result = sepol_context_check(s->h_semanage->sepolh, s->policydb, ctx_record); sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, s->h_semanage); sepol_context_free(ctx_record); } return result; }