Merge pull request #17732 from yuwata/core-use-synthetic_errno

[thirdparty/systemd.git] / src / core / smack-setup.c
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c

index 47138b863a1c1f117bef2699e00826cd48949402..8cc1696a4fa47b754f83e207bcdf3251a79fca03 100644 (file)
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -1,20 +1,17 @@
-/* SPDX-License-Identifier: LGPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
  /***
    Copyright © 2013 Intel Corporation
    Authors:
          Nathaniel Chen <nathaniel.chen@intel.com>
  ***/
  
-#include <dirent.h>
  #include <errno.h>
  #include <fcntl.h>
  #include <stdio.h>
-#include <stdio_ext.h>
  #include <stdlib.h>
-#include <string.h>
+#include <unistd.h>
  
  #include "alloc-util.h"
-#include "def.h"
  #include "dirent-util.h"
  #include "fd-util.h"
  #include "fileio.h"
@@ -26,12 +23,36 @@
  
  #if ENABLE_SMACK
  
-static int write_access2_rules(const char* srcdir) {
+static int fdopen_unlocked_at(int dfd, const char *dir, const char *name, int *status, FILE **ret_file) {
+        int fd, r;
+        FILE *f;
+
+        fd = openat(dfd, name, O_RDONLY|O_CLOEXEC);
+        if (fd < 0) {
+                if (*status == 0)
+                        *status = -errno;
+
+                return log_warning_errno(errno, "Failed to open \"%s/%s\": %m", dir, name);
+        }
+
+        r = fdopen_unlocked(fd, "r", &f);
+        if (r < 0) {
+                if (*status == 0)
+                        *status = r;
+
+                safe_close(fd);
+                return log_error_errno(r, "Failed to open \"%s/%s\": %m", dir, name);
+        }
+
+        *ret_file = f;
+        return 0;
+}
+
+static int write_access2_rules(const char *srcdir) {
          _cleanup_close_ int load2_fd = -1, change_fd = -1;
          _cleanup_closedir_ DIR *dir = NULL;
          struct dirent *entry;
-        int dfd = -1;
-        int r = 0;
+        int dfd = -1, r = 0;
  
          load2_fd = open("/sys/fs/smackfs/load2", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
          if (load2_fd < 0)  {
@@ -59,28 +80,14 @@ static int write_access2_rules(const char* srcdir) {
          assert(dfd >= 0);
  
          FOREACH_DIRENT(entry, dir, return 0) {
-                int fd;
                  _cleanup_fclose_ FILE *policy = NULL;
  
+                dirent_ensure_type(dir, entry);
                  if (!dirent_is_file(entry))
                          continue;
  
-                fd = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
-                if (fd < 0) {
-                        if (r == 0)
-                                r = -errno;
-                        log_warning_errno(errno, "Failed to open '%s': %m", entry->d_name);
+                if (fdopen_unlocked_at(dfd, srcdir, entry->d_name, &r, &policy) < 0)
                          continue;
-                }
-
-                policy = fdopen(fd, "re");
-                if (!policy) {
-                        if (r == 0)
-                                r = -errno;
-                        safe_close(fd);
-                        log_error_errno(errno, "Failed to open '%s': %m", entry->d_name);
-                        continue;
-                }
  
                  /* load2 write rules in the kernel require a line buffered stream */
                  for (;;) {
@@ -115,12 +122,11 @@ static int write_access2_rules(const char* srcdir) {
          return r;
  }
  
-static int write_cipso2_rules(const char* srcdir) {
+static int write_cipso2_rules(const char *srcdir) {
          _cleanup_close_ int cipso2_fd = -1;
          _cleanup_closedir_ DIR *dir = NULL;
          struct dirent *entry;
-        int dfd = -1;
-        int r = 0;
+        int dfd = -1, r = 0;
  
          cipso2_fd = open("/sys/fs/smackfs/cipso2", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
          if (cipso2_fd < 0)  {
@@ -141,28 +147,14 @@ static int write_cipso2_rules(const char* srcdir) {
          assert(dfd >= 0);
  
          FOREACH_DIRENT(entry, dir, return 0) {
-                int fd;
                  _cleanup_fclose_ FILE *policy = NULL;
  
+                dirent_ensure_type(dir, entry);
                  if (!dirent_is_file(entry))
                          continue;
  
-                fd = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
-                if (fd < 0) {
-                        if (r == 0)
-                                r = -errno;
-                        log_error_errno(errno, "Failed to open '%s': %m", entry->d_name);
-                        continue;
-                }
-
-                policy = fdopen(fd, "re");
-                if (!policy) {
-                        if (r == 0)
-                                r = -errno;
-                        safe_close(fd);
-                        log_error_errno(errno, "Failed to open '%s': %m", entry->d_name);
+                if (fdopen_unlocked_at(dfd, srcdir, entry->d_name, &r, &policy) < 0)
                          continue;
-                }
  
                  /* cipso2 write rules in the kernel require a line buffered stream */
                  for (;;) {
@@ -191,12 +183,11 @@ static int write_cipso2_rules(const char* srcdir) {
          return r;
  }
  
-static int write_netlabel_rules(const char* srcdir) {
+static int write_netlabel_rules(const char *srcdir) {
          _cleanup_fclose_ FILE *dst = NULL;
          _cleanup_closedir_ DIR *dir = NULL;
          struct dirent *entry;
-        int dfd = -1;
-        int r = 0;
+        int dfd = -1, r = 0;
  
          dst = fopen("/sys/fs/smackfs/netlabel", "we");
          if (!dst)  {
@@ -217,27 +208,10 @@ static int write_netlabel_rules(const char* srcdir) {
          assert(dfd >= 0);
  
          FOREACH_DIRENT(entry, dir, return 0) {
-                int fd;
                  _cleanup_fclose_ FILE *policy = NULL;
  
-                fd = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
-                if (fd < 0) {
-                        if (r == 0)
-                                r = -errno;
-                        log_warning_errno(errno, "Failed to open %s: %m", entry->d_name);
+                if (fdopen_unlocked_at(dfd, srcdir, entry->d_name, &r, &policy) < 0)
                          continue;
-                }
-
-                policy = fdopen(fd, "re");
-                if (!policy) {
-                        if (r == 0)
-                                r = -errno;
-                        safe_close(fd);
-                        log_error_errno(errno, "Failed to open %s: %m", entry->d_name);
-                        continue;
-                }
-
-                (void) __fsetlocking(policy, FSETLOCKING_BYCALLER);
  
                  /* load2 write rules in the kernel require a line buffered stream */
                  for (;;) {
@@ -351,17 +325,17 @@ int mac_smack_setup(bool *loaded_policy) {
          }
  
  #ifdef SMACK_RUN_LABEL
-        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0);
+        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
          if (r < 0)
                  log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m");
-        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0);
+        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
          if (r < 0)
                  log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m");
          r = write_string_file("/sys/fs/smackfs/netlabel",
-                              "0.0.0.0/0 " SMACK_RUN_LABEL, 0);
+                              "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
          if (r < 0)
                  log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m");
-        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0);
+        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER);
          if (r < 0)
                  log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
  #endif
@@ -410,8 +384,7 @@ int mac_smack_setup(bool *loaded_policy) {
                  log_info("Successfully wrote Smack onlycap list.");
                  break;
          default:
-                log_emergency_errno(r, "Failed to write Smack onlycap list: %m");
-                return r;
+                return log_emergency_errno(r, "Failed to write Smack onlycap list: %m");
          }
  
          *loaded_policy = true;