Hi Stephen, Thank you for pointing out the error. I think it would be better checking mkdir return value instead of waiting for mount to catch the error, although the end result will be the same. Here is the change.
>From 1b64d988c2722acebcab2b6866e4b46526d64a46 Mon Sep 17 00:00:00 2001 From: Alice Chu <[email protected]> Date: Fri, 4 Jan 2013 16:02:46 -0800 Subject: [PATCH] Fix issues found by Klocwork. Change-Id: Ieab3494c04b835ae48f43ee14834f57f1ca3f2a8 --- src/android.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/android.c b/src/android.c index a74428f..d299ade 100644 --- a/src/android.c +++ b/src/android.c @@ -731,7 +731,12 @@ int selinux_android_load_policy(void) if (errno == ENOENT) { /* Fall back to legacy mountpoint. */ mnt = OLDSELINUXMNT; - mkdir(mnt, 0755); + rc = mkdir(mnt, 0755); + if (rc == -1 && errno != EEXIST) { + selinux_log(SELINUX_ERROR,"SELinux: Could not mkdir: %s\n", + strerror(errno)); + return -1; + } rc = mount(SELINUXFS, mnt, SELINUXFS, 0, NULL); } } -- 1.7.0.4 Thanks for the feedback, Alice ________________________________________ From: Stephen Smalley [[email protected]] Sent: Wednesday, January 02, 2013 10:28 AM To: Alice Chu Cc: [email protected]; William Roberts Subject: Re: Fixing libselinux issue found by Klocwork On 12/21/2012 09:47 PM, Alice Chu wrote: > Hello, > > This is for external/libselinux. > > Klocwork complains android.c line 734 mkdir() return value not being checked. > Attached is the fix. > Please review and thanks for the feedback. First, the original code would have eventually caught and handled the failed mkdir because the mount would fail due to a missing mount point directory. So it isn't clear that this requires any fix unless you care about the specific error message spelling out the fact that it was the prior mkdir that failed. Second, the patch yields an undesirable behavior if the mkdir fails due to the mount point directory already existing i.e. errno == EEXIST. In that situation, we still want to perform the mount rather than failing. So you can either drop the patch altogether, or you can adapt it to perform the mount if the mkdir succeeds or errno == EEXIST. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
