libselinux: fail selabel_open(3) on invalid option

Return an error on invalid selabel_open(3) options, e.g. an option for a different backend was used. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2025-05-10 19:48:03 +00:00 · 2023-12-19 17:09:28 +01:00 · 2023-12-19 17:09:28 +01:00 · 65c8fd457b
commit 65c8fd457b
parent 7f925776d9
5 changed files with 36 additions and 0 deletions
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@ -157,6 +157,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}

 	if (!path)
--- a/libselinux/src/label_db.c
+++ b/libselinux/src/label_db.c
@ -268,6 +268,14 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
 		case SELABEL_OPT_PATH:
 			path = opts[nopts].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			free(catalog);
+			errno = EINVAL;
+			return NULL;
 		}
 	}

--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@ -812,6 +812,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_BASEONLY:
 			baseonly = !!opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}

 #if !defined(BUILD_HOST) && !defined(ANDROID)
--- a/libselinux/src/label_media.c
+++ b/libselinux/src/label_media.c
@ -85,6 +85,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}

 	/* Open the specification file. */
--- a/libselinux/src/label_x.c
+++ b/libselinux/src/label_x.c
@ -112,6 +112,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}

 	/* Open the specification file. */