Performs exact match if a property key of property contexts ends with '$'
instead of prefix match.
This will enable to define an exact rule which can avoid unexpected
context assignment.
Signed-off-by: Jaekyun Seok <jaek...@google.com>
---
libselinux/src/label_backends_android.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/label_backends_android.c
b/libselinux/src/label_backends_android.c
index cb8aae26..4611d396 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -258,8 +258,13 @@ static struct selabel_lookup_rec *property_lookup(struct
selabel_handle *rec,
}
for (i = 0; i < data->nspec; i++) {
- if (strncmp(spec_arr[i].property_key, key,
- strlen(spec_arr[i].property_key)) == 0) {
+ size_t property_key_len = strlen(spec_arr[i].property_key);
+ if (spec_arr[i].property_key[property_key_len - 1] == '$' &&
+ strlen(key) == property_key_len - 1 &&
+ strncmp(spec_arr[i].property_key, key, property_key_len -
1) == 0) {
+ break;
+ }
+ if (strncmp(spec_arr[i].property_key, key, property_key_len) ==
0) {
break;
}
if (strncmp(spec_arr[i].property_key, "*", 1) == 0)
--
2.15.0.rc0.271.g36b669edcc-goog
