Hi. I checked https://github.com/jobol/toybox/tree/smack-10 and It is good to make common lib/security.h
And, found that seclabel() still calls __security_fget_context()__ only, without handling fd failed cases. According to your opinion as below : * if getting file descriptor is either not possible (symbolic links, socket) or returns an error, then get the path, else use the file descriptor.* Could you modify here if necessary? I want to know any direction. Further, Can I know your test environment? Thank you. 2015-05-18 16:48 GMT+09:00 José Bollo <[email protected]>: > Le lundi 18 mai 2015 à 12:26 +0900, Hyejin Kim a écrit : > > Hi. > > > > Recently smack feature is added by ls command only and I tested it on > > emulator of tizen platform. > > But, some operations are not proper at my point of view and I'll share > > them. > > > > Below is the smack code at seclabel(). > > > /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > } else if (CFG_TOYBOX_SMACK) { > > int fd = openat(dirtree_parentfd(dt), dt->name, O_PATH| > > O_NOFOLLOW); > > char buf[SMACK_LABEL_LEN+1]; > > ssize_t len = 1; > > strcpy(buf, "?"); > > if (fd != -1) { > > len = fgetxattr(fd, XATTR_NAME_SMACK, pad?buf:0, > > pad?SMACK_LABEL_LEN:0); > > close(fd); > > if (len<1 || len>SMACK_LABEL_LEN) len = 0; > > else buf[len] = 0; > > } > > if (pad) printf(" %*s "+(pad>0), pad, buf); > > return len; > > } > > > > > /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > > > 1. At first, fd is wrong. So, cant call fgetxattr() and print ? for > > label. > > Hi Hyejin, hi all, > > yes it is normal, opening with O_PATH doesn't allow to call fgetxattr. > > > > 2. 3rd and 4th param of fgetxattr() is changable for __pad__. but why > > should the __pad__ affect them? > > Having pad=0 means that only the size of the label is checked but the > label has not to be printed. Thus the only meaningful data is the > length. Passing a buffer would imply some unneeded copies of memory. > > > 3. If it is hard to get fd, can change to call getxattr() with > > filepath instead of calling fgetxattr with fd. I got a right result on > > emulator with belowing example. > > True. But having a file descriptor instead of a path is optimal. > > In my last proposal https://github.com/jobol/toybox/tree/smack-10 this > algorithm is used: > > if getting file descriptor is either not possible (symbolic links, > socket) or returns an error, then get the path, else use the file > descriptor. > > For most objects of the file system: regular files and directories, the > file descriptor is used. > > Best regards > José Bollo > > > For example : > > > > > /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > } else if (CFG_TOYBOX_SMACK) { > > char* path = dirtree_path(dt, 0); > > char buf[SMACK_LABEL_LEN+1]; > > ssize_t len = 1; > > strcpy(buf, "?"); > > if (path) { > > len = getxattr(path, XATTR_NAME_SMACK, buf, SMACK_LABEL_LEN); > > if (len<1 || len>SMACK_LABEL_LEN) len = 0; > > else buf[len] = 0; > > } > > printf(" %*s "+(pad>0), pad, buf); > > return len; > > } > > > > > /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > > > > Can anyone give me an opinion? > > > > Thanks. > > > > > > _______________________________________________ > > Toybox mailing list > > [email protected] > > http://lists.landley.net/listinfo.cgi/toybox-landley.net > > >
_______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
