diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-08-06 13:49:36 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2015-08-06 14:11:36 -0400 |
| commit | 49346faa05bf42615478429883284449809a8ec1 (patch) | |
| tree | 7b6aa0fb8fe85c7ac03a9c4c5a73d53855c65213 /libselinux/src | |
| parent | c95ede00343738a8ee74f5b9f104955bdf5ab03f (diff) | |
| download | android_external_selinux-49346faa05bf42615478429883284449809a8ec1.tar.gz android_external_selinux-49346faa05bf42615478429883284449809a8ec1.tar.bz2 android_external_selinux-49346faa05bf42615478429883284449809a8ec1.zip | |
libselinux: support context validation on file_contexts.bin
If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then
we should validate contexts in the same manner as with file_contexts.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'libselinux/src')
| -rw-r--r-- | libselinux/src/label_file.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 04b3826c..b91e1e6a 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -302,6 +302,14 @@ static int load_mmap(struct selabel_handle *rec, const char *path, } spec->lr.ctx_raw = str_buf; + if (strcmp(spec->lr.ctx_raw, "<<none>>") && rec->validating) { + if (selabel_validate(rec, &spec->lr) < 0) { + selinux_log(SELINUX_ERROR, + "%s: context %s is invalid\n", mmap_path, spec->lr.ctx_raw); + goto err; + } + } + /* Process regex string */ rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t)); if (rc < 0 || !entry_len) { |