libselinux: selinux_file_context_verify function returns wrong value.

selinux_file_context_verify(3) should now return the correct codes and
matchpathcon(8) has been modified to handle them.

The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages
have also been updated (re-written really) to correct return codes.

I found that selabel_open left errno set to ENOENT because a
file_contexts.subs file did not exist on my system, but left selabel_open
alone and set errno = 0 before calling selinux_filecontext_cmp.

[fix uninitialize init variable in matchpathcon.c::main - eparis]
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>

2 files changed, 160 insertions, 13 deletions

diff --git a/libselinux/man/man3/selinux_file_context_cmp.3 b/libselinux/man/man3/selinux_file_context_cmp.3
index 51e8c204..cd671888 100644
--- a/libselinux/man/man3/selinux_file_context_cmp.3
+++ b/libselinux/man/man3/selinux_file_context_cmp.3
@@ -1,25 +1,75 @@
-.TH "selinux_file_context_cmp" "3" "21 November 2009" "sds@tycho.nsa.gov" "SELinux API documentation"
+.TH "selinux_file_context_cmp" "3" "08 March 2011" "SELinux API documentation"
+
 .SH "NAME"
-selinux_file_context_cmp, selinux_file_context_verify \- comparison of two file contexts.
+selinux_file_context_cmp \- Compare two SELinux security contexts excluding the 'user' component.
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
-
-.BI "int selinux_file_context_cmp(const security_context_t " a ", const security_context_t " b ");"
-
-.BI "int selinux_file_context_verify(const char *" path ", mode_t " mode ");"
+.BI "int selinux_file_context_cmp(const security_context_t " a ", "
+.RS
+.BI "const security_context_t " b ");"
+.RE
 
 .SH "DESCRIPTION"
 .B selinux_file_context_cmp
-compares two file contexts to see if their differences are "significant", the function runs the strcmp function ignoring the user componant of the file context.  
-.sp
-.B selinux_file_context_verify
-compares the file context on disk to the system default.
+compares two context strings excluding the user component with
+.B strcmp(3)
+as shown in the
+.B EXAMPLE
+section.
 .sp
+This is useful as for most object contexts, the user component is not relevant.
 
 .SH "RETURN VALUE"
-Returns zero on success or \-1 otherwise.
+The return values follow the
+.B strcmp(3)
+function, where:
+.RS
+0  if they are equal.
+.RE
+.RS
+1  if
+.I a
+is greater than
+.I b
+.RE
+.RS
+\-1 if
+.I a
+is less than
+.I b
+.RE
+
+.SH "ERRORS"
+None.
+
+.SH "NOTES"
+The contexts being compared do not specifically need to be file contexts.
+
+.SH "EXAMPLE"
+If context
+.I a
+is:
+.RS
+user_u:user_r:user_t:s0
+.RE
+.sp
+and context
+.I b
+is:
+.RS
+root:user_r:user_t:s0
+.RE
+.sp
+then the actual strings compared are:
+.RS
+:user_r:user_t:s0 and :user_r:user_t:s0
+.RE
+.sp
+Therefore they will match and
+.B selinux_file_context_cmp
+will return zero.
 
 .SH "SEE ALSO"
-.BR selinux "(8), " selinux_lsetfilecon "(3), " matchpathcon "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8)"
diff --git a/libselinux/man/man3/selinux_file_context_verify.3 b/libselinux/man/man3/selinux_file_context_verify.3
index d7775477..e22be706 100644
--- a/libselinux/man/man3/selinux_file_context_verify.3
+++ b/libselinux/man/man3/selinux_file_context_verify.3
@@ -1 +1,98 @@
-.so man3/selinux_file_context_cmp.3
+.TH "selinux_file_context_verify" "3" "08 March 2011" "SELinux API documentation"
+
+.SH "NAME"
+selinux_file_context_verify \- Compare the SELinux security context on disk to the default security context required by the policy file contexts file.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int selinux_file_context_verify(const char *" path ", mode_t " mode ");"
+
+.SH "DESCRIPTION"
+.B selinux_file_context_verify
+compares the context of the specified
+.I path
+that is held on disk (in the extended attribute), to the system default entry held in the file contexts series of files.
+.sp
+The
+.I mode
+may be zero.
+.sp
+Note that the two contexts are compared for "significant" differences (i.e. the user component of the contexts are ignored) as shown in the
+.B EXAMPLE
+section.
+
+.SH "RETURN VALUE"
+If the contexts significantly match, 1 (one) is returned.
+.sp
+If the contexts do not match 0 (zero) is returned and
+.I errno
+is set to either
+.B ENOENT
+or
+.B EINVAL
+for the reasons listed in the
+.B ERRORS
+section, or if
+.I errno
+= 0 then the contexts did not match.
+.sp
+On failure \-1 is returned and
+.I errno
+set appropriately.
+
+.SH "ERRORS"
+.TP
+.B ENOTSUP
+if extended attributes are not supported by the file system.
+.TP
+.B ENOENT
+if there is no entry in the file contexts series of files or
+.I path
+does not exist.
+.TP
+.B EINVAL
+if the entry in the file contexts series of files or
+.I path
+are invalid, or the returned context fails validation.
+.TP
+.B ENOMEM
+if attempt to allocate memory failed.
+
+.SH "FILES"
+The following configuration files (the file contexts series of files) supporting the active policy will be used (should they exist) to determine the
+.I path
+default context:
+.sp
+.RS
+contexts/files/file_contexts - This file must exist.
+.sp
+contexts/files/file_contexts.local - If exists has local customizations.
+.sp
+contexts/files/file_contexts.homedirs - If exists has users home directory customizations.
+.sp
+contexts/files/file_contexts.subs - If exists has substitutions that are then applied to the 'in memory' version of the file contexts files.
+.RE
+
+.SH "EXAMPLE"
+If the files context is:
+.RS
+unconfined_u:object_r:admin_home_t:s0
+.RE
+.sp
+and the default context defined in the file contexts file is:
+.RS
+system_u:object_r:admin_home_t:s0
+.RE
+.sp
+then the actual strings compared are:
+.RS
+:object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
+.RE
+.sp
+Therefore they will match and
+.B selinux_file_context_verify
+will return 1.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"