setting any portions selected via the global variables, specified_user,
specified_role, etc. */
static int
-compute_context_from_mask (security_context_t context, context_t *ret)
+compute_context_from_mask (char const *context, context_t *ret)
{
bool ok = true;
context_t new_context = context_new (context);
static int
change_file_context (int fd, char const *file)
{
- security_context_t file_context = NULL;
+ char *file_context = NULL;
context_t context IF_LINT (= NULL);
- security_context_t context_string;
+ char const * context_string;
int errors = 0;
if (specified_context == NULL)
if (file_context == NULL || ! STREQ (context_string, file_context))
{
int fail = (affect_symlink_referent
- ? setfileconat (fd, file, context_string)
- : lsetfileconat (fd, file, context_string));
+ ? setfileconat (fd, file, se_const (context_string))
+ : lsetfileconat (fd, file, se_const (context_string)));
if (fail)
{
int
main (int argc, char **argv)
{
- security_context_t ref_context = NULL;
-
/* Bit flags that control how fts works. */
int bit_flags = FTS_PHYSICAL;
if (reference_file)
{
+ char *ref_context = NULL;
+
if (getfilecon (reference_file, &ref_context) < 0)
error (EXIT_FAILURE, errno, _("failed to get security context of %s"),
quote (reference_file));
else
{
specified_context = argv[optind++];
- if (security_check_context (specified_context) < 0)
+ if (security_check_context (se_const (specified_context)) < 0)
error (EXIT_FAILURE, errno, _("invalid context: %s"),
quotearg_colon (specified_context));
}
/* Set the default context for the process to match the source. */
bool all_errors = !x->data_copy_required || x->require_preserve_context;
bool some_errors = !all_errors && !x->reduce_diagnostics;
- security_context_t con;
+ char *con;
if (0 <= lgetfilecon (src_name, &con))
{
bool copy_contents = false;
char *target_directory = NULL;
bool no_target_directory = false;
- security_context_t scontext = NULL;
+ char const *scontext = NULL;
initialize_main (&argc, &argv);
set_program_name (argv[0]);
if (scontext)
restorecon (dst_path, 0, true);
*/
- if (scontext && setfscreatecon (scontext) < 0)
+ if (scontext && setfscreatecon (se_const (scontext)) < 0)
error (EXIT_FAILURE, errno,
_("failed to set default file creation context to %s"),
quote (scontext));
/* The SELinux context. Start with a known invalid value so print_full_info
knows when 'context' has not been set to a meaningful value. */
-static security_context_t context = NULL;
+static char *context = NULL;
static struct option const longopts[] =
{
/* Report failure only if --context (-Z) was explicitly requested. */
if ((selinux_enabled && getcon (&context) && just_context)
|| (smack_enabled
- && smack_new_label_from_self ((char **) &context) < 0
+ && smack_new_label_from_self (&context) < 0
&& just_context))
error (EXIT_FAILURE, 0, _("can't get process context"));
}
/* compare SELinux context if preserving */
if (selinux_enabled && x->preserve_security_context)
{
- security_context_t file_scontext = NULL;
- security_context_t to_scontext = NULL;
+ char *file_scontext = NULL;
+ char *to_scontext = NULL;
bool scontext_match;
if (getfilecon (src_name, &file_scontext) == -1)
setdefaultfilecon (char const *file)
{
struct stat st;
- security_context_t scontext = NULL;
+ char *scontext = NULL;
static bool first_call = true;
if (selinux_enabled != 1)
int n_files;
char **file;
bool strip_program_specified = false;
- security_context_t scontext = NULL;
+ char const *scontext = NULL;
/* set iff kernel has extra selinux system calls */
selinux_enabled = (0 < is_selinux_enabled ());
error (EXIT_FAILURE, 0,
_("cannot set target context and preserve it"));
- if (scontext && setfscreatecon (scontext) < 0)
+ if (scontext && setfscreatecon (se_const (scontext)) < 0)
error (EXIT_FAILURE, errno,
_("failed to set default file creation context to %s"),
quote (scontext));
mode_t linkmode;
/* security context. */
- security_context_t scontext;
+ char *scontext;
bool stat_ok;
{
const char *specified_mode = NULL;
int optc;
- security_context_t scontext = NULL;
+ char const *scontext = NULL;
struct mkdir_options options;
options.make_ancestor_function = NULL;
if (is_smack_enabled ())
ret = smack_set_label_for_self (scontext);
else
- ret = setfscreatecon (scontext);
+ ret = setfscreatecon (se_const (scontext));
if (ret < 0)
error (EXIT_FAILURE, errno,
char const *specified_mode = NULL;
int exit_status = EXIT_SUCCESS;
int optc;
- security_context_t scontext = NULL;
+ char const *scontext = NULL;
bool set_security_context = false;
initialize_main (&argc, &argv);
if (is_smack_enabled ())
ret = smack_set_label_for_self (scontext);
else
- ret = setfscreatecon (scontext);
+ ret = setfscreatecon (se_const (scontext));
if (ret < 0)
error (EXIT_FAILURE, errno,
int optc;
int expected_operands;
mode_t node_type;
- security_context_t scontext = NULL;
+ char const *scontext = NULL;
bool set_security_context = false;
initialize_main (&argc, &argv);
if (is_smack_enabled ())
ret = smack_set_label_for_self (scontext);
else
- ret = setfscreatecon (scontext);
+ ret = setfscreatecon (se_const (scontext));
if (ret < 0)
error (EXIT_FAILURE, errno,
char *user = NULL;
char *type = NULL;
char *context = NULL;
- security_context_t cur_context = NULL;
- security_context_t file_context = NULL;
- security_context_t new_context = NULL;
+ char *cur_context = NULL;
+ char *file_context = NULL;
+ char *new_context = NULL;
bool compute_trans = false;
context_t con;
*/
static int
-computecon (char const *path, mode_t mode, security_context_t * con)
+computecon (char const *path, mode_t mode, char **con)
{
- security_context_t scon = NULL;
- security_context_t tcon = NULL;
+ char *scon = NULL;
+ char *tcon = NULL;
security_class_t tclass;
int rc = -1;
defaultcon (char const *path, mode_t mode)
{
int rc = -1;
- security_context_t scon = NULL, tcon = NULL;
+ char *scon = NULL;
+ char *tcon = NULL;
context_t scontext = 0, tcontext = 0;
const char *contype;
char *constr;
{
int rc = -1;
struct stat sb;
- security_context_t scon = NULL, tcon = NULL;
+ char *scon = NULL;
+ char *tcon = NULL;
context_t scontext = 0, tcontext = 0;
const char *contype;
char *constr;
#ifndef ARRAY_CARDINALITY
# define ARRAY_CARDINALITY(Array) (sizeof (Array) / sizeof *(Array))
#endif
+
+/* Avoid const warnings by casting to more portable type.
+ This is to cater for the incorrect const function declarations
+ in selinux.h before libselinux-2.3 (May 2014).
+ When version >= 2.3 is ubiquitous remove this function. */
+static inline char * se_const (char const * sctx) { return (char *) sctx; }
#include <selinux/selinux.h>
#include <errno.h>
-int getfilecon (const char *path, security_context_t *con)
+int getfilecon (const char *path, char **con)
{
/* Leave a marker so we can identify if the function was intercepted. */
fclose(fopen("preloaded", "w"));
return -1;
}
-int lgetfilecon (const char *path, security_context_t *con)
+int lgetfilecon (const char *path, char **con)
{ return getfilecon (path, con); }
EOF
projects / thirdparty / coreutils.git / commitdiff
