From 156dd0de5cad31e7d437c64e11a8aef027f0a691 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 7 Jan 2021 21:41:54 +0100
Subject: [PATCH] libselinux: update getseuser
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Bail out if not running on a SELinux enabled system
- Check whether the passed context is valid
- Do not report a get_ordered_context_list_with_level failure on zero
  found contexts

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/utils/getseuser.c | 47 +++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 14 deletions(-)

diff --git a/libselinux/utils/getseuser.c b/libselinux/utils/getseuser.c
index 9193fe0a..ce1b7b27 100644
--- a/libselinux/utils/getseuser.c
+++ b/libselinux/utils/getseuser.c
@@ -9,32 +9,51 @@ int main(int argc, char **argv)
 {
 	char *seuser = NULL, *level = NULL;
 	char **contextlist;
-	int rc, n, i;
+	int rc, n;
 
 	if (argc != 3) {
 		fprintf(stderr, "usage:  %s linuxuser fromcon\n", argv[0]);
-		exit(1);
+		return 1;
+	}
+
+	if (!is_selinux_enabled()) {
+		fprintf(stderr, "%s may be used only on a SELinux enabled kernel.\n", argv[0]);
+		return 4;
 	}
 
 	rc = getseuserbyname(argv[1], &seuser, &level);
 	if (rc) {
-		fprintf(stderr, "getseuserbyname failed:  %s\n",
-			strerror(errno));
-		exit(2);
+		fprintf(stderr, "getseuserbyname failed:  %s\n", strerror(errno));
+		return 2;
 	}
 	printf("seuser:  %s, level %s\n", seuser, level);
-	n = get_ordered_context_list_with_level(seuser, level, argv[2],
-						&contextlist);
-	if (n <= 0) {
-		fprintf(stderr,
-			"get_ordered_context_list_with_level failed:  %s\n",
-			strerror(errno));
-		exit(3);
+
+	rc = security_check_context(argv[2]);
+	if (rc) {
+		fprintf(stderr, "context '%s' is invalid\n", argv[2]);
+		free(seuser);
+		free(level);
+		return 5;
 	}
+
+	n = get_ordered_context_list_with_level(seuser, level, argv[2], &contextlist);
+	if (n < 0) {
+		fprintf(stderr, "get_ordered_context_list_with_level failed:  %s\n", strerror(errno));
+		free(seuser);
+		free(level);
+		return 3;
+	}
+
 	free(seuser);
 	free(level);
-	for (i = 0; i < n; i++)
+
+	if (n == 0)
+		printf("no valid context found\n");
+
+	for (int i = 0; i < n; i++)
 		printf("Context %d\t%s\n", i, contextlist[i]);
+
 	freeconary(contextlist);
-	exit(EXIT_SUCCESS);
+
+	return EXIT_SUCCESS;
 }