libselinux: Refactor rpm_execcon() into a new setexecfilecon()

This new function allows a process to invoke helper programs with a new execution context based on the filename, this is initially intended for package managers so that they can easily execute package scriptlets or maintainer scripts. Base rpm_execcon() off this new function. Signed-off-by: Guillem Jover <guillem@debian.org>
2025-02-27 23:10:30 +00:00 · 2012-11-20 16:27:55 +01:00 · 2012-11-20 16:27:55 +01:00 · a2737333c7
commit a2737333c7
parent 2ba1541f21
5 changed files with 47 additions and 13 deletions
--- a/libselinux/Makefile
+++ b/libselinux/Makefile
@ -16,6 +16,9 @@ endif
 ifeq ($(DISABLE_BOOL),y)
 	EMFLAGS+= -DDISABLE_BOOL
 endif
+ifeq ($(DISABLE_RPM),y)
+	EMFLAGS+= -DDISABLE_RPM
+endif
 ifeq ($(DISABLE_SETRANS),y)
 	EMFLAGS+= -DDISABLE_SETRANS
 endif
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@ -595,6 +595,10 @@ int selinuxfs_exists(void);
 /* clear selinuxmnt variable and free allocated memory */
 void fini_selinuxmnt(void);

+/* Set an appropriate security context based on the filename of a helper
+ * program, falling back to a new context with the specified type. */
+extern int setexecfilecon(const char *filename, const char *fallback_type);
+
 /* Execute a helper for rpm in an appropriate security context. */
 extern int rpm_execcon(unsigned int verified,
 		       const char *filename,
--- a/libselinux/man/man3/getexeccon.3
+++ b/libselinux/man/man3/getexeccon.3
@ -15,6 +15,8 @@ rpm_execcon \- run a helper for rpm in an appropriate security context
 .sp
 .BI "int setexeccon_raw(security_context_t "context );
 .sp
+.BI "int setexecfilecon(const char *" filename ", const char *" fallback_type );
+.sp
 .BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
 .
 .SH "DESCRIPTION"
@ -62,7 +64,21 @@ Signal handlers that perform an
 must take care to
 save, reset, and restore the exec context to avoid unexpected behavior.

+.BR setexecfilecon ()
+sets the context used for the next
+.BR execve (2)
+call, based on the policy for the
+.IR filename ,
+and falling back to a new context with a
+.I fallback_type
+in case there is no transition.
+
 .BR rpm_execcon ()
+is deprecated; please use
+.BR setexecfilecon ()
+in conjunction with
+.BR execve (2)
+in all new code. This function
 runs a helper for rpm in an appropriate security context.  The
 verified parameter should contain the return code from the signature
 verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
@ -76,10 +92,11 @@ environment arrays.
 On error \-1 is returned.

 On success
-.BR getexeccon ()
-and
+.BR getexeccon (),
 .BR setexeccon ()
-returns 0.
+and
+.BR setexecfilecon ()
+return 0.
 .BR rpm_execcon ()
 only returns upon errors, as it calls
 .BR execve (2).
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@ -45,9 +45,6 @@ endif
 ifeq ($(DISABLE_BOOL),y)
 	UNUSED_SRCS+=booleans.c
 endif
-ifeq ($(DISABLE_RPM),y)
-	UNUSED_SRCS+=rpm.c
-endif

 GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
 SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
--- a/libselinux/src/setexecfilecon.c
+++ b/libselinux/src/setexecfilecon.c
@ -5,15 +5,14 @@
 #include "selinux_internal.h"
 #include "context_internal.h"

-int rpm_execcon(unsigned int verified __attribute__ ((unused)),
-		const char *filename, char *const argv[], char *const envp[])
+int setexecfilecon(const char *filename, const char *fallback_type)
 {
 	security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
 	context_t con = NULL;
 	int rc = 0;

 	if (is_selinux_enabled() < 1)
-		return execve(filename, argv, envp);
+		return 0;

 	rc = getcon(&mycon);
 	if (rc < 0)
@ -28,12 +27,12 @@ int rpm_execcon(unsigned int verified __attribute__ ((unused)),
 		goto out;

 	if (!strcmp(mycon, newcon)) {
-		/* No default transition, use rpm_script_t for now. */
+		/* No default transition, use fallback_type for now. */
 		rc = -1;
 		con = context_new(mycon);
 		if (!con)
 			goto out;
-		if (context_type_set(con, "rpm_script_t"))
+		if (context_type_set(con, fallback_type))
 			goto out;
 		freecon(newcon);
 		newcon = strdup(context_str(con));
@ -47,8 +46,8 @@ int rpm_execcon(unsigned int verified __attribute__ ((unused)),
 		goto out;
      out:

-	if (rc >= 0 || security_getenforce() < 1)
-		rc = execve(filename, argv, envp);
+	if (rc < 0 && security_getenforce() == 0)
+		rc = 0;

 	context_free(con);
 	freecon(newcon);
@ -56,3 +55,17 @@ int rpm_execcon(unsigned int verified __attribute__ ((unused)),
 	freecon(mycon);
 	return rc < 0 ? rc : 0;
 }
+
+#ifndef DISABLE_RPM
+int rpm_execcon(unsigned int verified __attribute__ ((unused)),
+		const char *filename, char *const argv[], char *const envp[])
+{
+	int rc;
+
+	rc = setexecfilecon(filename, "rpm_script_t");
+	if (rc < 0)
+		return rc;
+
+	return execve(filename, argv, envp);
+}
+#endif