| Message ID | 20200221083819.1124890-1-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | libselinux: deprecate security_compute_user(), update man pages | expand |
On Mon, Feb 24, 2020 at 12:44 PM William Roberts <bill.c.roberts@gmail.com> wrote: > > > > On Mon, Feb 24, 2020 at 11:00 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >> On 2/24/20 11:49 AM, William Roberts wrote: >> > On Fri, Feb 21, 2020 at 2:40 AM Petr Lautrbach <plautrba@redhat.com >> > <mailto:plautrba@redhat.com>> wrote: >> > >> > From: Stephen Smalley <sds@tycho.nsa.gov <mailto:sds@tycho.nsa.gov>> >> > >> > commit 1f89c4e7879fcf6da5d8d1b025dcc03371f30fc9 ("libselinux: Eliminate >> > use of security_compute_user()") eliminated the use of >> > security_compute_user() by get_ordered_context_list(). Deprecate >> > all use of security_compute_user() by updating the headers and man >> > pages and logging a warning message on any calls to it. Remove >> > the example utility that called the interface. While here, also >> > fix the documentation of correct usage of the user argument to these >> > interfaces. >> > >> > Fixes: https://github.com/SELinuxProject/selinux/issues/70 >> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov >> > <mailto:sds@tycho.nsa.gov>> >> > Acked-by: Petr Lautrbach <plautrba@redhat.com >> > <mailto:plautrba@redhat.com>> >> > --- >> >> > diff --git a/libselinux/include/selinux/selinux.h >> > b/libselinux/include/selinux/selinux.h >> > index 883d8b85742c..6a512b383325 100644 >> > --- a/libselinux/include/selinux/selinux.h >> > +++ b/libselinux/include/selinux/selinux.h >> > @@ -246,8 +246,12 @@ extern int security_compute_member_raw(const >> > char * scon, >> > security_class_t tclass, >> > char ** newcon); >> > >> > -/* Compute the set of reachable user contexts and set *con to refer to >> > - the NULL-terminated array of contexts. Caller must free via >> > freeconary. */ >> > +/* >> > + * Compute the set of reachable user contexts and set *con to refer to >> > + * the NULL-terminated array of contexts. Caller must free via >> > freeconary. >> > + * These interfaces are deprecated. Use get_ordered_context_list() or >> > + * one of its variant interfaces instead. >> > + */ >> > extern int security_compute_user(const char * scon, >> > const char *username, >> > char *** con); >> > >> > >> > Any reason we're not tagging this with __attribute__ ((deprecated));? >> >> Doesn't appear that we've ever used that. Is it widely supported across >> compilers and versions or limited to recent gcc? >> > > Its at least since GCC 3.3 and it's been supported in every clang compiler version I am aware of (linked to 3.3). > https://gcc.gnu.org/onlinedocs/gcc-3.3/gcc/Type-Attributes.html > https://releases.llvm.org/3.3/tools/clang/docs/LanguageExtensions.html > Sorry for the HTML, apparently Google stopped making that my default when replying... >
Ill go through and post a follow up with the deprecated tag for all the "deprecated" interfaces. Ill work on these and post em out next week. Bill On Mon, Feb 24, 2020 at 1:25 PM Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On 2/24/20 1:44 PM, William Roberts wrote: > > On Mon, Feb 24, 2020 at 11:00 AM Stephen Smalley <sds@tycho.nsa.gov > > <mailto:sds@tycho.nsa.gov>> wrote: > > > > On 2/24/20 11:49 AM, William Roberts wrote: > > > Any reason we're not tagging this with __attribute__ ((deprecated));? > > > > Doesn't appear that we've ever used that. Is it widely supported > > across > > compilers and versions or limited to recent gcc? > > > > Its at least since GCC 3.3 and it's been supported in every clang > > compiler version I am aware of (linked to 3.3). > > https://gcc.gnu.org/onlinedocs/gcc-3.3/gcc/Type-Attributes.html > > https://releases.llvm.org/3.3/tools/clang/docs/LanguageExtensions.html > > Ok, I have no particular objection to adding it but am not in a position > currently to post any patches to the list so someone else will have to > either re-spin it or do it as a follow-up. There are certainly a > variety of other interfaces in libse* that are considered deprecated but > have never been marked in this way. > > >
On Fri, Feb 21, 2020 at 3:40 AM Petr Lautrbach <plautrba@redhat.com> wrote: > > From: Stephen Smalley <sds@tycho.nsa.gov> > > commit 1f89c4e7879fcf6da5d8d1b025dcc03371f30fc9 ("libselinux: Eliminate > use of security_compute_user()") eliminated the use of > security_compute_user() by get_ordered_context_list(). Deprecate > all use of security_compute_user() by updating the headers and man > pages and logging a warning message on any calls to it. Remove > the example utility that called the interface. While here, also > fix the documentation of correct usage of the user argument to these > interfaces. > > Fixes: https://github.com/SELinuxProject/selinux/issues/70 > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > Acked-by: Petr Lautrbach <plautrba@redhat.com> > --- > > It looks like the original email didn't get to the mailing list. Therefore > I'm resending it for a broader audience. Can this be merged?
Stephen Smalley <stephen.smalley@gmail.com> writes: > On Fri, Feb 21, 2020 at 3:40 AM Petr Lautrbach <plautrba@redhat.com> wrote: >> >> From: Stephen Smalley <sds@tycho.nsa.gov> >> >> commit 1f89c4e7879fcf6da5d8d1b025dcc03371f30fc9 ("libselinux: Eliminate >> use of security_compute_user()") eliminated the use of >> security_compute_user() by get_ordered_context_list(). Deprecate >> all use of security_compute_user() by updating the headers and man >> pages and logging a warning message on any calls to it. Remove >> the example utility that called the interface. While here, also >> fix the documentation of correct usage of the user argument to these >> interfaces. >> >> Fixes: https://github.com/SELinuxProject/selinux/issues/70 >> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> >> Acked-by: Petr Lautrbach <plautrba@redhat.com> >> --- >> >> It looks like the original email didn't get to the mailing list. Therefore >> I'm resending it for a broader audience. > > Can this be merged? I'm sorry I mis-read https://lore.kernel.org/selinux/CAFftDdqKkRc5S236+OjXJkfJaHVw8F-1XicHUb2aaxYqZK1QSQ@mail.gmail.com/ and I though that there would be a re-spin, but the mail says that it will be follow up. It's merged now. Thanks! Petr
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 883d8b85742c..6a512b383325 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -246,8 +246,12 @@ extern int security_compute_member_raw(const char * scon, security_class_t tclass, char ** newcon); -/* Compute the set of reachable user contexts and set *con to refer to - the NULL-terminated array of contexts. Caller must free via freeconary. */ +/* + * Compute the set of reachable user contexts and set *con to refer to + * the NULL-terminated array of contexts. Caller must free via freeconary. + * These interfaces are deprecated. Use get_ordered_context_list() or + * one of its variant interfaces instead. + */ extern int security_compute_user(const char * scon, const char *username, char *** con); diff --git a/libselinux/man/man3/get_ordered_context_list.3 b/libselinux/man/man3/get_ordered_context_list.3 index e084da406af1..3ed14a96879c 100644 --- a/libselinux/man/man3/get_ordered_context_list.3 +++ b/libselinux/man/man3/get_ordered_context_list.3 @@ -26,14 +26,28 @@ get_ordered_context_list, get_ordered_context_list_with_level, get_default_conte .BI "int get_default_type(const char *" role ", char **" type ); . .SH "DESCRIPTION" + +This family of functions can be used to obtain either a prioritized list of +all reachable security contexts for a given SELinux user or a single default +(highest priority) context for a given SELinux user for use by login-like +programs. These functions takes a SELinux user identity that must +be defined in the SELinux policy as their input, not a Linux username. +Most callers should typically first call +.BR getseuserbyname(3) +to look up the SELinux user identity and level for a given +Linux username and then invoke one of +.BR get_ordered_context_list_with_level () +or +.BR get_default_context_with_level () +with the returned SELinux user and level as inputs. + .BR get_ordered_context_list () -invokes the -.BR security_compute_user (3) -function to obtain the list of contexts for the specified +obtains the list of contexts for the specified +SELinux .I user -that are reachable from the specified +identity that are reachable from the specified .I fromcon -context. The function then orders the resulting list based on the global +context based on the global .I \%/etc/selinux/{SELINUXTYPE}/contexts/default_contexts file and the per-user .I \%/etc/selinux/{SELINUXTYPE}/contexts/users/<username> diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3 index 3de1b0fe7f1b..efa4baf3304f 100644 --- a/libselinux/man/man3/security_compute_av.3 +++ b/libselinux/man/man3/security_compute_av.3 @@ -134,8 +134,9 @@ instance. .BR security_compute_user () is used to determine the set of user contexts that can be reached from a -source context. It is mainly used by -.BR get_ordered_context_list (3). +source context. This function is deprecated; use +.BR get_ordered_context_list (3) +instead. .BR security_validatetrans () is used to determine if a transition from scon to newcon using tcon as the object diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c index 7b8812155750..e7da964ff46d 100644 --- a/libselinux/src/compute_user.c +++ b/libselinux/src/compute_user.c @@ -8,6 +8,7 @@ #include "selinux_internal.h" #include "policy.h" #include <limits.h> +#include "callbacks.h" int security_compute_user_raw(const char * scon, const char *user, char *** con) @@ -24,6 +25,8 @@ int security_compute_user_raw(const char * scon, return -1; } + selinux_log(SELINUX_WARNING, "Direct use of security_compute_user() is deprecated, switch to get_ordered_context_list()\n"); + snprintf(path, sizeof path, "%s/user", selinux_mnt); fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) diff --git a/libselinux/utils/compute_user.c b/libselinux/utils/compute_user.c deleted file mode 100644 index 86d00a6eff1c..000000000000 --- a/libselinux/utils/compute_user.c +++ /dev/null @@ -1,38 +0,0 @@ -#include <unistd.h> -#include <sys/types.h> -#include <fcntl.h> -#include <stdio.h> -#include <stdlib.h> -#include <errno.h> -#include <string.h> -#include <ctype.h> -#include <selinux/selinux.h> - -int main(int argc, char **argv) -{ - char **buf, **ptr; - int ret; - - if (argc != 3) { - fprintf(stderr, "usage: %s context user\n", argv[0]); - exit(1); - } - - ret = security_compute_user(argv[1], argv[2], &buf); - if (ret < 0) { - fprintf(stderr, "%s: security_compute_user(%s,%s) failed\n", - argv[0], argv[1], argv[2]); - exit(2); - } - - if (!buf[0]) { - printf("none\n"); - exit(EXIT_SUCCESS); - } - - for (ptr = buf; *ptr; ptr++) { - printf("%s\n", *ptr); - } - freeconary(buf); - exit(EXIT_SUCCESS); -}