From patchwork Mon Sep 26 19:28:09 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Smalley <sds@tycho.nsa.gov>
X-Patchwork-Id: 9351213
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D18876077B for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 26 Sep 2016 19:26:10 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C301828DEF
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 26 Sep 2016 19:26:10 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B7CB328DF1; Mon, 26 Sep 2016 19:26:10 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 18A7B28DEF
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 26 Sep 2016 19:26:10 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.30,401,1470700800"; d="scan'208";a="19563210"
IronPort-PHdr: =?us-ascii?q?9a23=3APtxu5hAymO2iBbJFLDydUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP7+psbcNUDSrc9gkEXOFd2CrakV0ayP6Ou5AjNIyK3CmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWD1YLujKvroMKbSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?=
	=?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGxtofZpy+psGeW/Jfx5HvRkC2E9PmQ04tD7nQXS?=
	=?us-ascii?q?RguIoH0HWyMZlQQbLRLC6UTBQprpsib8/tF40S2eMNy+Gas4Qhy+/qxrT1nuky?=
	=?us-ascii?q?5BODknpjKEwvdshb5W9Ury7yd0xJTZNcTPbPc=3D?=
X-IPAS-Result: =?us-ascii?q?A2G2AwDtdOlX/wHyM5BdGgEBAQECAQEBAQgBAQEBFgEBAQM?=
	=?us-ascii?q?BAQEJAQEBgxIBAQEBAR6BRA+0RYY6IIdoTAEBAQEBAQEBAgECWyeCMgQDEwWCG?=
	=?us-ascii?q?AIkExQgCwMDCQIXKQgIAwEtFR8LBRgEiCq/SCWPIREBhXoFiC0CB4c4igiPaAK?=
	=?us-ascii?q?Je4VsAkiQH1SFIVaFR3iBJwEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 19:26:07 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QJPoEE026956;
	Mon, 26 Sep 2016 15:25:56 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u8QJPm5U254098 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 26 Sep 2016 15:25:48 -0400
Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto
	[192.168.25.131])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u8QJPmIm026950; Mon, 26 Sep 2016 15:25:48 -0400
From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Subject: [PATCH] sefcontext_compile: do not fail silently
Date: Mon, 26 Sep 2016 15:28:09 -0400
Message-Id: <1474918089-7298-1-git-send-email-sds@tycho.nsa.gov>
X-Mailer: git-send-email 2.7.4
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

sefcontext_compile was failing silently on various error paths.
Generate a suitable error message to stderr for each error.

Before:
$ sefcontext_compile /path/to/unwritabledirectory/file_contexts
<no output, although non-zero exit status>

After:
$ sefcontext_compile /path/to/unwritabledirectory/file_contexts
sefcontext_compile: mkstemp /path/to/unwritabledirectory/file_contexts.binNmQJqa failed: Permission denied

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libselinux/utils/sefcontext_compile.c | 48 +++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index 70853e7..ebd1264 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -309,7 +309,7 @@ int main(int argc, char *argv[])
 
 	path = argv[optind];
 	if (stat(path, &buf) < 0) {
-		fprintf(stderr, "Can not stat: %s: %m\n", path);
+		fprintf(stderr, "%s: could not stat: %s: %s\n", argv[0], path, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
 
@@ -318,14 +318,14 @@ int main(int argc, char *argv[])
 		policy_fp = fopen(policy_file, "r");
 
 		if (!policy_fp) {
-			fprintf(stderr, "Failed to open policy: %s\n",
-							    policy_file);
+			fprintf(stderr, "%s: failed to open %s: %s\n",
+				argv[0], policy_file, strerror(errno));
 			exit(EXIT_FAILURE);
 		}
 
 		if (sepol_set_policydb_from_file(policy_fp) < 0) {
-			fprintf(stderr, "Failed to load policy: %s\n",
-							    policy_file);
+			fprintf(stderr, "%s: failed to load policy from %s\n",
+				argv[0], policy_file);
 			fclose(policy_fp);
 			exit(EXIT_FAILURE);
 		}
@@ -334,7 +334,7 @@ int main(int argc, char *argv[])
 	/* Generate dummy handle for process_line() function */
 	rec = (struct selabel_handle *)calloc(1, sizeof(*rec));
 	if (!rec) {
-		fprintf(stderr, "Failed to calloc handle\n");
+		fprintf(stderr, "%s: calloc failed: %s\n", argv[0], strerror(errno));
 		if (policy_fp)
 			fclose(policy_fp);
 		exit(EXIT_FAILURE);
@@ -353,7 +353,7 @@ int main(int argc, char *argv[])
 
 	data = (struct saved_data *)calloc(1, sizeof(*data));
 	if (!data) {
-		fprintf(stderr, "Failed to calloc saved_data\n");
+		fprintf(stderr, "%s: calloc failed: %s\n", argv[0], strerror(errno));
 		free(rec);
 		if (policy_fp)
 			fclose(policy_fp);
@@ -363,46 +363,62 @@ int main(int argc, char *argv[])
 	rec->data = data;
 
 	rc = process_file(rec, path);
-	if (rc < 0)
+	if (rc < 0) {
+		fprintf(stderr, "%s: process_file failed\n", argv[0]);
 		goto err;
+	}
 
 	rc = sort_specs(data);
-	if (rc)
+	if (rc) {
+		fprintf(stderr, "%s: sort_specs failed\n", argv[0]);
 		goto err;
+	}
 
 	if (out_file)
 		rc = snprintf(stack_path, sizeof(stack_path), "%s", out_file);
 	else
 		rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path);
 
-	if (rc < 0 || rc >= (int)sizeof(stack_path))
+	if (rc < 0 || rc >= (int)sizeof(stack_path)) {
+		fprintf(stderr, "%s: snprintf failed\n", argv[0]);
 		goto err;
+	}
 
 	tmp = malloc(strlen(stack_path) + 7);
-	if (!tmp)
+	if (!tmp) {
+		fprintf(stderr, "%s: malloc failed: %s\n", argv[0], strerror(errno));
 		goto err;
+	}
 
 	rc = sprintf(tmp, "%sXXXXXX", stack_path);
-	if (rc < 0)
+	if (rc < 0) {
+		fprintf(stderr, "%s: sprintf failed\n", argv[0]);
 		goto err;
+	}
 
 	fd  = mkstemp(tmp);
-	if (fd < 0)
+	if (fd < 0) {
+		fprintf(stderr, "%s: mkstemp %s failed: %s\n", argv[0], tmp, strerror(errno));
 		goto err;
+	}
 
 	rc = fchmod(fd, buf.st_mode);
 	if (rc < 0) {
-		perror("fchmod failed to set permission on compiled regexs");
+		fprintf(stderr, "%s: fchmod %s failed: %s\n", argv[0], tmp, strerror(errno));
 		goto err_unlink;
 	}
 
 	rc = write_binary_file(data, fd, do_write_precompregex);
-	if (rc < 0)
+	if (rc < 0) {
+		fprintf(stderr, "%s: write_binary_file %s failed\n", argv[0], tmp);
 		goto err_unlink;
+	}
 
 	rc = rename(tmp, stack_path);
-	if (rc < 0)
+	if (rc < 0) {
+		fprintf(stderr, "%s: rename %s -> %s failed: %s\n", argv[0], tmp, stack_path, strerror(errno));
 		goto err_unlink;
+	}
 
 	rc = 0;
 out: