From patchwork Fri Sep 16 18:32:16 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Roberts, William C" <william.c.roberts@intel.com>
X-Patchwork-Id: 9336423
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5981C601C2 for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 16 Sep 2016 18:35:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4B51C23B3D
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 16 Sep 2016 18:35:27 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3B56B2A05E; Fri, 16 Sep 2016 18:35:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 410BF2A048
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 16 Sep 2016 18:35:25 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.30,346,1470700800"; d="scan'208";a="19321214"
IronPort-PHdr: =?us-ascii?q?9a23=3Afd+qlR/gMsvq/f9uRHKM819IXTAuvvDOBiVQ1KB8?=
	=?us-ascii?q?0OMcTK2v8tzYMVDF4r011RmSDNydtK0P0rOJ++C4ACpbsM7H6ChDOLV3FDY9wf?=
	=?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?=
	=?us-ascii?q?K6zPF5LIiIzvjqbpqsSVPFoD3WPiKfMqdVPt/F2X7pFXyaJZaY8JgiPTpXVJf+?=
	=?us-ascii?q?kEjUhJHnm02yjG28Gr4ZR4+D5Rsf9yv+RJUKH9YrhqBecAVGduDnoxrPHPmVGD?=
	=?us-ascii?q?CFLXpyhUbmJDiRdMAg7Y/DnmT5zxtW38reM71y6EeYXtQLkyVS6l7qsuTB7zlA?=
	=?us-ascii?q?8bJjU59yfRkcU2g6VF5Fq6qwdX35/fYIbTMuF3OKzaY5dSR3VKV9xNDQRdE4i8?=
	=?us-ascii?q?aM0JFONHMuFG/KfnoF5bshq6AQilAaXkjCVPjHLswbYS0uI9HAWA1wslTIFGi2?=
	=?us-ascii?q?jdsNigbPRaauuy1qSdiGybYg=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2ENBQC0OtxX/wHyM5BeGwEBAQMBAQEJAQEBFwEBBAEBCgE?=
	=?us-ascii?q?Bgw8BAQEBAR6BU6YglDwgh2FMAQEBAQEBAQECAQJbJ4IyBAMTBYIYAiQTFCAOA?=
	=?us-ascii?q?wkCFwghCAgDAS0VGAcLBRgEiCnBFQEkiDqGZhEBhXgFiC0HhnNDigOPWwKJeYV?=
	=?us-ascii?q?tkFxUgn8bgXBSAYUweIEnAQEB?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 16 Sep 2016 18:35:23 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8GIWPPU027111;
	Fri, 16 Sep 2016 14:32:37 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u8GIWMmw285118 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Fri, 16 Sep 2016 14:32:22 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8GIWMUW027092;
	Fri, 16 Sep 2016 14:32:22 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1AjBACHOdxX/yNjr8ZeGgEBAQECAQEBAQgBAQEBgzoBAQEBAR6BU7ZRhBIUhgqBXEwBAgEBAQEBAl6FNlIwgQ8SiErBBgEBCCeIOoleC4MHBYgtB4ZzQ4oDj1sCj2aQXFSCfxuBcFIBh08BAQE
X-IPAS-Result: 
 A1AjBACHOdxX/yNjr8ZeGgEBAQECAQEBAQgBAQEBgzoBAQEBAR6BU7ZRhBIUhgqBXEwBAgEBAQEBAl6FNlIwgQ8SiErBBgEBCCeIOoleC4MHBYgtB4ZzQ4oDj1sCj2aQXFSCfxuBcFIBh08BAQE
X-IronPort-AV: E=Sophos;i="5.30,346,1470715200"; d="scan'208";a="5710859"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 16 Sep 2016 14:32:21 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3AdZ88ch8pUrQ4Tf9uRHKM819IXTAuvvDOBiVQ1KB8?=
	=?us-ascii?q?1e4cTK2v8tzYMVDF4r011RmSDNydtK0P0rOJ++C4ACpbsM7H6ChDOLV3FDY9wf?=
	=?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?=
	=?us-ascii?q?K6zPF5LIiIzvjqbpqsSVPFoD3WPiKfMqdVPt/F2X7pFXyaJZaY8JgiPTpXVJf+?=
	=?us-ascii?q?kEjUhJHnm02yjG28Gr4ZR4+D5Rsf9yv+RJUKH9YrhqBecAVGduGykP6cbqrRjO?=
	=?us-ascii?q?SxeUrjtZCz1O00l+OA/f8Bz2ZJr6szOg/qohgGjJdfHxGKs5XTWk8rdDVA7jiC?=
	=?us-ascii?q?BBMSUwtm7QlIg4l69Sph67oB1zhorVe529KOt1fqSbe8gTA2VGQIIZTCBaKp+t?=
	=?us-ascii?q?ZIsISewaNKBXqJe571kRphKkGVOEGPLkyjgOgGT/m6I9zbcPCwbDiRMhG9YPuX?=
	=?us-ascii?q?GSp5PvM60fS/yu5KjO0TjHKfhR3GSuoLPUewws9KnfFYl7dtDcnAxxTw4=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FOBACHOdxX/yNjr8ZeGgEBAQECAQEBA?=
	=?us-ascii?q?QgBAQEBFgEBAQMBAQEJAQEBgw8BAQEBAR6BU6YgkDGEEhSGCoFcTAEBAQEBAQE?=
	=?us-ascii?q?BAgECWyeCMgQBFQWCPlIwgQ8SiErBBgEBCAIliDqMcAWILQeGc0OKA49bAo9mk?=
	=?us-ascii?q?FxUgn8bgXBSAYYPgUABAQE?=
X-IPAS-Result: =?us-ascii?q?A0FOBACHOdxX/yNjr8ZeGgEBAQECAQEBAQgBAQEBFgEBAQM?=
	=?us-ascii?q?BAQEJAQEBgw8BAQEBAR6BU6YgkDGEEhSGCoFcTAEBAQEBAQEBAgECWyeCMgQBF?=
	=?us-ascii?q?QWCPlIwgQ8SiErBBgEBCAIliDqMcAWILQeGc0OKA49bAo9mkFxUgn8bgXBSAYY?=
	=?us-ascii?q?PgUABAQE?=
X-IronPort-AV: E=Sophos;i="5.30,346,1470700800"; d="scan'208";a="19321115"
Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 16 Sep 2016 18:32:19 +0000
Received: from fmsmga003-icc.fm.intel.com ([198.175.99.8])
	by fmsmga002-icc.fm.intel.com with ESMTP; 16 Sep 2016 11:32:19 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.30,346,1470726000"; d="scan'208";a="762081282"
Received: from snair6-mobl.amr.corp.intel.com (HELO
	wcrobert-MOBL1.amr.corp.intel.com) ([10.249.8.41])
	by FMSMGA003.fm.intel.com with ESMTP; 16 Sep 2016 11:32:18 -0700
From: william.c.roberts@intel.com
To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov,
	jwcart2@tycho.nsa.gov
Subject: [PATCH v4] libselinux: correct error path to always try text
Date: Fri, 16 Sep 2016 11:32:16 -0700
Message-Id: <1474050736-8237-1-git-send-email-william.c.roberts@intel.com>
X-Mailer: git-send-email 1.9.1
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: William Roberts <william.c.roberts@intel.com>

patch 5e15a52aaa cleans up the process_file() routine,
but introduced a bug. If the binary file cannot be
opened, always attempt to fall back to the textual file,
this was not occurring.

The logic should be:
1. Open the newest file between base path + suffix and
   base_path + suffix + ".bin"
2. If anything fails, attempt to load the oldest file.

The result, with a concrete example, would be:
If file_contexts is the newest file, and it cannot be
processed, the code will fall back to file_contexts.bin
and vice versa.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/src/label_file.c | 48 +++++++++++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 15 deletions(-)

diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 9faecdb..4f3700c 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -447,7 +447,7 @@ static bool fcontext_is_binary(FILE *fp)
 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
 
 static FILE *open_file(const char *path, const char *suffix,
-		       char *save_path, size_t len, struct stat *sb)
+	       char *save_path, size_t len, struct stat *sb, bool open_oldest)
 {
 	unsigned int i;
 	int rc;
@@ -493,9 +493,17 @@ static FILE *open_file(const char *path, const char *suffix,
 		 * includes equality. This provides a precedence on
 		 * secondary suffixes even when the timestamp is the
 		 * same. Ie choose file_contexts.bin over file_contexts
-		 * even if the time stamp is the same.
+		 * even if the time stamp is the same. Invert this logic
+		 * on open_oldest set to true. The idea is that if the
+		 * newest file failed to process, we can attempt to
+		 * process the oldest. The logic here is subtle and depends
+		 * on the array ordering in fdetails for the case when time
+		 * stamps are the same.
 		 */
-		if (fdetails[i].sb.st_mtime >= found->sb.st_mtime) {
+		if ((!open_oldest
+			&& fdetails[i].sb.st_mtime >= found->sb.st_mtime)
+			|| (open_oldest
+			&& fdetails[i].sb.st_mtime < found->sb.st_mtime)) {
 			found = &fdetails[i];
 			strcpy(save_path, path);
 		}
@@ -515,24 +523,34 @@ static int process_file(const char *path, const char *suffix,
 			  const char *prefix, struct selabel_digest *digest)
 {
 	int rc;
+	unsigned int i;
 	struct stat sb;
 	FILE *fp = NULL;
 	char found_path[PATH_MAX];
 
-	fp = open_file(path, suffix, found_path, sizeof(found_path), &sb);
-	if (fp == NULL)
-		return -1;
+	/*
+	 * first path open the newest modified file, if it fails, the second
+	 * pass opens the oldest file. If both passes fail, its a fatal error.
+	 */
+	for (i = 0; i < 2; i++) {
+		fp = open_file(path, suffix, found_path, sizeof(found_path),
+			&sb, i > 0);
+		if (fp == NULL)
+			return -1;
 
-	rc = fcontext_is_binary(fp) ?
-			load_mmap(fp, sb.st_size, rec, found_path) :
-			process_text_file(fp, prefix, rec, found_path);
-	if (rc < 0)
-		goto out;
+		rc = fcontext_is_binary(fp) ?
+				load_mmap(fp, sb.st_size, rec, found_path) :
+				process_text_file(fp, prefix, rec, found_path);
+		if (!rc)
+			rc = digest_add_specfile(digest, fp, NULL, sb.st_size,
+				found_path);
 
-	rc = digest_add_specfile(digest, fp, NULL, sb.st_size, found_path);
-out:
-	fclose(fp);
-	return rc;
+		fclose(fp);
+
+		if (!rc)
+			return 0;
+	}
+	return -1;
 }
 
 static void closef(struct selabel_handle *rec);