Пример #1
0
static int validate_handler(
	const semanage_fcontext_t* fcon,
	void* varg) {

	char* str;

	/* Unpack varg */
	struct validate_handler_arg* arg =
		(struct validate_handler_arg*) varg;
	semanage_handle_t* handle = arg->handle;
	const sepol_policydb_t* policydb = arg->policydb;

	/* Unpack fcontext */
	const char* expr = semanage_fcontext_get_expr(fcon);
	int type = semanage_fcontext_get_type(fcon);
	const char* type_str = semanage_fcontext_get_type_str(type);
	semanage_context_t* con = semanage_fcontext_get_con(fcon);

	if (con && sepol_context_check(handle->sepolh, policydb, con) < 0)
		goto invalid;

	return 0;

	invalid:
	if (semanage_context_to_string(handle, con, &str) >= 0) {
		ERR(handle, "invalid context %s specified for %s [%s]", 
			str, expr, type_str);
		free(str);
	} else
		ERR(handle, "invalid context specified for %s [%s]", 
			expr, type_str);
	return -1;
}
Пример #2
0
/* Helper function called via semanage_fcontext_iterate() */
static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
{
	const char *oexpr = semanage_fcontext_get_expr(fcontext);
	fc_match_handle_t *handp = varg;
	struct Ustr *expr;
	regex_t re;
	int type, retval = -1;

	/* Only match ALL or DIR */
	type = semanage_fcontext_get_type(fcontext);
	if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_ALL)
		return 0;

	/* Convert oexpr into a Ustr and anchor it at the beginning */
	expr = ustr_dup_cstr("^");
	if (expr == USTR_NULL)
		goto done;
	if (!ustr_add_cstr(&expr, oexpr))
		goto done;

	/* Strip off trailing ".+" or ".*" */
	if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
	    ustr_cmp_suffix_cstr_eq(expr, ".*")) {
		if (!ustr_del(&expr, 2))
			goto done;
	}

	/* Strip off trailing "(/.*)?" */
	if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
		if (!ustr_del(&expr, 6))
			goto done;
	}

	if (ustr_cmp_suffix_cstr_eq(expr, "/")) {
		if (!ustr_del(&expr, 1))
			goto done;
	}

	/* Append pattern to eat up trailing slashes */
	if (!ustr_add_cstr(&expr, "/*$"))
		goto done;

	/* Check dir against expr */
	if (regcomp(&re, ustr_cstr(expr), REG_EXTENDED) != 0)
		goto done;
	if (regexec(&re, handp->dir, 0, NULL, 0) == 0)
		handp->matched = 1;
	regfree(&re);

	retval = 0;

done:
	ustr_free(expr);

	return retval;
}