static int validate(char **contextp) { bool res; char *context = *contextp; sepol_context_t *ctx; int rc = sepol_context_from_string(global_state.sepolicy.handle, context, &ctx); if (rc < 0) { fprintf(stderr, "Error: Could not allocate context from string"); exit(1); } rc = sepol_context_check(global_state.sepolicy.handle, global_state.sepolicy.sdb, ctx); if (rc < 0) { goto out; } const char *type_name = sepol_context_get_type(ctx); uint32_t len = ebitmap_length(&global_state.assert.set); if (len > 0) { res = !is_type_of_attribute_set(global_state.sepolicy.pdb, type_name, &global_state.assert.set); if (res) { fprintf(stderr, "Error: type \"%s\" is not of set: ", type_name); dump_char_array(stderr, global_state.assert.attrs); fprintf(stderr, "\n"); /* The calls above did not affect rc, so set error before going to out */ rc = -1; goto out; } } /* Success: Although it should be 0, we explicitly set rc to 0 for clarity */ rc = 0; out: sepol_context_free(ctx); return rc; }
static int check_line(genhomedircon_settings_t * s, Ustr *line) { sepol_context_t *ctx_record = NULL; const char *ctx_str; int result; ctx_str = extract_context(line); if (!ctx_str) return STATUS_ERR; result = sepol_context_from_string(s->h_semanage->sepolh, ctx_str, &ctx_record); if (result == STATUS_SUCCESS && ctx_record != NULL) { sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL); result = sepol_context_check(s->h_semanage->sepolh, s->policydb, ctx_record); sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, s->h_semanage); sepol_context_free(ctx_record); } return result; }