Add stubs and wrappers of already covered libselinux interfaces for
their `raw` counterparts. These counterparts perform the same
operation expect for context translation. Context translation is used
to convert SELinux MCS/MLS labales into human readable form, see
mcstransd(8).
Support the usage of those interfaces, e.g. in coreutils.
---
lib/getfilecon.c | 27 +++++++++++++++++++++++++++
lib/se-label.in.h | 7 +++++++
lib/se-selinux.in.h | 41 +++++++++++++++++++++++++++++++++++++++++
m4/selinux-selinux-h.m4 | 6 ++++++
4 files changed, 81 insertions(+)
diff --git a/lib/getfilecon.c b/lib/getfilecon.c
index 9506eb89cc..ddd7343523 100644
--- a/lib/getfilecon.c
+++ b/lib/getfilecon.c
@@ -31,11 +31,17 @@
#endif
#undef getfilecon
+#undef getfilecon_raw
#undef lgetfilecon
+#undef lgetfilecon_raw
#undef fgetfilecon
+#undef fgetfilecon_raw
int getfilecon (char const *file, char **con);
+int getfilecon_raw (char const *file, char **con);
int lgetfilecon (char const *file, char **con);
+int lgetfilecon_raw (char const *file, char **con);
int fgetfilecon (int fd, char **con);
+int fgetfilecon_raw (int fd, char **con);
/* getfilecon, lgetfilecon, and fgetfilecon can all misbehave, be it
via an old version of libselinux where these would return 0 and set the
@@ -72,6 +78,13 @@ rpl_getfilecon (char const *file, char **con)
return map_to_failure (ret, con);
}
+int
+rpl_getfilecon_raw (char const *file, char **con)
+{
+ int ret = getfilecon_raw (file, con);
+ return map_to_failure (ret, con);
+}
+
int
rpl_lgetfilecon (char const *file, char **con)
{
@@ -79,9 +92,23 @@ rpl_lgetfilecon (char const *file, char **con)
return map_to_failure (ret, con);
}
+int
+rpl_lgetfilecon_raw (char const *file, char **con)
+{
+ int ret = lgetfilecon_raw (file, con);
+ return map_to_failure (ret, con);
+}
+
int
rpl_fgetfilecon (int fd, char**con)
{
int ret = fgetfilecon (fd, con);
return map_to_failure (ret, con);
}
+
+int
+rpl_fgetfilecon_raw (int fd, char**con)
+{
+ int ret = fgetfilecon_raw (fd, con);
+ return map_to_failure (ret, con);
+}
diff --git a/lib/se-label.in.h b/lib/se-label.in.h
index 6455808679..d4ceb89aa6 100644
--- a/lib/se-label.in.h
+++ b/lib/se-label.in.h
@@ -57,6 +57,13 @@ selabel_lookup (_GL_ATTRIBUTE_MAYBE_UNUSED struct
selabel_handle *hnd,
_GL_ATTRIBUTE_MAYBE_UNUSED int type)
{ errno = ENOTSUP; return -1; }
+SE_LABEL_INLINE int
+selabel_lookup_raw (_GL_ATTRIBUTE_MAYBE_UNUSED struct selabel_handle *hnd,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char **context,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char const *key,
+ _GL_ATTRIBUTE_MAYBE_UNUSED int type)
+{ errno = ENOTSUP; return -1; }
+
SE_LABEL_INLINE struct selabel_handle *
selabel_open (_GL_ATTRIBUTE_MAYBE_UNUSED int backend,
_GL_ATTRIBUTE_MAYBE_UNUSED struct selinux_opt *options,
diff --git a/lib/se-selinux.in.h b/lib/se-selinux.in.h
index baf2154cad..48e835e04d 100644
--- a/lib/se-selinux.in.h
+++ b/lib/se-selinux.in.h
@@ -63,6 +63,9 @@ struct selinux_opt;
SE_SELINUX_INLINE int
getcon (_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
{ errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
+getcon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
+ { errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE void
freecon (_GL_ATTRIBUTE_MAYBE_UNUSED char *con) {}
@@ -70,9 +73,15 @@ SE_SELINUX_INLINE int
getfscreatecon (_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+getfscreatecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
setfscreatecon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+setfscreatecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
matchpathcon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
_GL_ATTRIBUTE_MAYBE_UNUSED mode_t m,
_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
@@ -82,24 +91,47 @@ getfilecon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+getfilecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char **con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
lgetfilecon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+lgetfilecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char **con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
fgetfilecon (int fd,_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+fgetfilecon_raw (int fd,_GL_ATTRIBUTE_MAYBE_UNUSED char **con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
setfilecon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+setfilecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
lsetfilecon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+lsetfilecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *file,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
fsetfilecon (_GL_ATTRIBUTE_MAYBE_UNUSED int fd,
_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
{ errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
+fsetfilecon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED int fd,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
+ { errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
security_check_context (_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
@@ -111,11 +143,20 @@ SE_SELINUX_INLINE int
setexeccon (_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
+setexeccon_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *con)
+ { errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
security_compute_create (_GL_ATTRIBUTE_MAYBE_UNUSED char const *scon,
_GL_ATTRIBUTE_MAYBE_UNUSED char const *tcon,
_GL_ATTRIBUTE_MAYBE_UNUSED security_class_t tclass,
_GL_ATTRIBUTE_MAYBE_UNUSED char **newcon)
{ errno = ENOTSUP; return -1; }
+SE_SELINUX_INLINE int
+security_compute_create_raw (_GL_ATTRIBUTE_MAYBE_UNUSED char const *scon,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char const *tcon,
+ _GL_ATTRIBUTE_MAYBE_UNUSED security_class_t
tclass,
+ _GL_ATTRIBUTE_MAYBE_UNUSED char **newcon)
+ { errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE security_class_t
string_to_security_class (char const *name)
{ errno = ENOTSUP; return 0; }
diff --git a/m4/selinux-selinux-h.m4 b/m4/selinux-selinux-h.m4
index 2c943f1606..8f0f3112a8 100644
--- a/m4/selinux-selinux-h.m4
+++ b/m4/selinux-selinux-h.m4
@@ -27,10 +27,16 @@ AC_DEFUN([gl_HEADERS_SELINUX_SELINUX_H],
gl_CHECK_NEXT_HEADERS([selinux/selinux.h])
AC_DEFINE([getfilecon], [rpl_getfilecon],
[Always use our getfilecon wrapper.])
+ AC_DEFINE([getfilecon_raw], [rpl_getfilecon_raw],
+ [Always use our getfilecon_raw wrapper.])
AC_DEFINE([lgetfilecon], [rpl_lgetfilecon],
[Always use our lgetfilecon wrapper.])
+ AC_DEFINE([lgetfilecon_raw], [rpl_lgetfilecon_raw],
+ [Always use our lgetfilecon_raw wrapper.])
AC_DEFINE([fgetfilecon], [rpl_fgetfilecon],
[Always use our fgetfilecon wrapper.])
+ AC_DEFINE([fgetfilecon_raw], [rpl_fgetfilecon_raw],
+ [Always use our fgetfilecon_raw wrapper.])
fi
case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in
--
2.43.0
