Add --filecontext, --fscontext, --recontext for 3 sources of security contexts.

CVS patchset: 6994
CVS date: 2003/12/22 07:47:45

5 files changed, 404 insertions, 1 deletions

diff --git a/lib/formats.c b/lib/formats.c
index c86ffb459..4bab4170f 100644
--- a/lib/formats.c
+++ b/lib/formats.c
@@ -842,6 +842,78 @@ static int fileclassTag(Header h, /*@out@*/ rpmTagType * type,
 }
 
 /**
+ * Retrieve file contexts from header.
+ * @param h		header
+ * @retval *type	tag type
+ * @retval *data	tag value
+ * @retval *count	no. of data items
+ * @retval *freeData	data-was-malloc'ed indicator
+ * @return		0 on success
+ */
+static int filecontextsTag(Header h, /*@out@*/ rpmTagType * type,
+		/*@out@*/ const void ** data, /*@out@*/ int_32 * count,
+		/*@out@*/ int * freeData)
+	/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
+	/*@modifies h, *type, *data, *count, *freeData,
+		rpmGlobalMacroContext, fileSystem @*/
+	/*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0
+		/\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/
+{
+    *type = RPM_STRING_ARRAY_TYPE;
+    rpmfiBuildFContexts(h, (const char ***) data, count);
+    *freeData = 1;
+    return 0; 
+}
+
+/**
+ * Retrieve file contexts from file system.
+ * @param h		header
+ * @retval *type	tag type
+ * @retval *data	tag value
+ * @retval *count	no. of data items
+ * @retval *freeData	data-was-malloc'ed indicator
+ * @return		0 on success
+ */
+static int fscontextsTag(Header h, /*@out@*/ rpmTagType * type,
+		/*@out@*/ const void ** data, /*@out@*/ int_32 * count,
+		/*@out@*/ int * freeData)
+	/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
+	/*@modifies h, *type, *data, *count, *freeData,
+		rpmGlobalMacroContext, fileSystem @*/
+	/*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0
+		/\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/
+{
+    *type = RPM_STRING_ARRAY_TYPE;
+    rpmfiBuildFSContexts(h, (const char ***) data, count);
+    *freeData = 1;
+    return 0; 
+}
+
+/**
+ * Retrieve file contexts from policy RE's.
+ * @param h		header
+ * @retval *type	tag type
+ * @retval *data	tag value
+ * @retval *count	no. of data items
+ * @retval *freeData	data-was-malloc'ed indicator
+ * @return		0 on success
+ */
+static int recontextsTag(Header h, /*@out@*/ rpmTagType * type,
+		/*@out@*/ const void ** data, /*@out@*/ int_32 * count,
+		/*@out@*/ int * freeData)
+	/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
+	/*@modifies h, *type, *data, *count, *freeData,
+		rpmGlobalMacroContext, fileSystem @*/
+	/*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0
+		/\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/
+{
+    *type = RPM_STRING_ARRAY_TYPE;
+    rpmfiBuildREContexts(h, (const char ***) data, count);
+    *freeData = 1;
+    return 0; 
+}
+
+/**
  * Retrieve file provides.
  * @param h		header
  * @retval *type	tag type
@@ -1058,12 +1130,15 @@ const struct headerSprintfExtension_s rpmHeaderFormats[] = {
     { HEADER_EXT_TAG, "RPMTAG_DESCRIPTION",	{ descriptionTag } },
     { HEADER_EXT_TAG, "RPMTAG_SUMMARY",		{ summaryTag } },
     { HEADER_EXT_TAG, "RPMTAG_FILECLASS",	{ fileclassTag } },
+    { HEADER_EXT_TAG, "RPMTAG_FILECONTEXTS",	{ filecontextsTag } },
     { HEADER_EXT_TAG, "RPMTAG_FILENAMES",	{ filenamesTag } },
     { HEADER_EXT_TAG, "RPMTAG_FILEPROVIDE",	{ fileprovideTag } },
     { HEADER_EXT_TAG, "RPMTAG_FILEREQUIRE",	{ filerequireTag } },
-    { HEADER_EXT_TAG, "RPMTAG_FSSIZES",		{ fssizesTag } },
+    { HEADER_EXT_TAG, "RPMTAG_FSCONTEXTS",	{ fscontextsTag } },
     { HEADER_EXT_TAG, "RPMTAG_FSNAMES",		{ fsnamesTag } },
+    { HEADER_EXT_TAG, "RPMTAG_FSSIZES",		{ fssizesTag } },
     { HEADER_EXT_TAG, "RPMTAG_INSTALLPREFIX",	{ instprefixTag } },
+    { HEADER_EXT_TAG, "RPMTAG_RECONTEXTS",	{ recontextsTag } },
     { HEADER_EXT_TAG, "RPMTAG_TRIGGERCONDS",	{ triggercondsTag } },
     { HEADER_EXT_TAG, "RPMTAG_TRIGGERTYPE",	{ triggertypeTag } },
     { HEADER_EXT_FORMAT, "armor",		{ armorFormat } },
diff --git a/lib/poptALL.c b/lib/poptALL.c
index ae0e5465e..0f7190967 100644
--- a/lib/poptALL.c
+++ b/lib/poptALL.c
@@ -68,6 +68,9 @@ extern int _rpmps_debug;
 extern int _rpmsq_debug;
 
 /*@unchecked@*/
+extern int _rpmsx_debug;
+
+/*@unchecked@*/
 extern int _rpmte_debug;
 
 /*@unchecked@*/
@@ -95,8 +98,10 @@ rpmQueryFlags rpmcliQueryFlags;
 /*@-exportheadervar@*/
 /*@unchecked@*/
 extern int _ftp_debug;
+
 /*@unchecked@*/
 extern int noLibio;
+
 /*@unchecked@*/
 extern int _rpmio_debug;
 /*@=exportheadervar@*/
@@ -313,6 +318,8 @@ struct poptOption rpmcliAllPoptTable[] = {
 	NULL, NULL},
  { "rpmsqdebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmsq_debug, -1,
 	NULL, NULL},
+ { "rpmsxdebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmsx_debug, -1,
+	NULL, NULL},
  { "rpmtedebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmte_debug, -1,
 	NULL, NULL},
  { "rpmtsdebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmts_debug, -1,
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index 3f3af47b1..63202e62f 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -16,6 +16,8 @@
 #define	_RPMFI_INTERNAL
 #include "rpmfi.h"
 
+#include "rpmsx.h"
+
 #define	_RPMTE_INTERNAL	/* relocations */
 #include "rpmte.h"
 #include "rpmts.h"
@@ -305,6 +307,19 @@ const char * rpmfiFClass(rpmfi fi)
     return fclass;
 }
 
+const char * rpmfiFContext(rpmfi fi)
+{
+    const char * fcontext = NULL;
+
+    if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) {
+/*@-boundsread@*/
+	if (fi->fcontexts != NULL)
+	    fcontext = fi->fcontexts[fi->i];
+/*@=boundsread@*/
+    }
+    return fcontext;
+}
+
 int_32 rpmfiFDepends(rpmfi fi, const int_32 ** fddictp)
 {
     int fddictx = -1;
@@ -1135,6 +1150,8 @@ fprintf(stderr, "*** fi %p\t%s[%d]\n", fi, fi->Type, fi->fc);
     fi->obnl = hfd(fi->obnl, -1);
     fi->odnl = hfd(fi->odnl, -1);
 
+    fi->fcontexts = hfd(fi->fcontexts, -1);
+
     fi->actions = _free(fi->actions);
     fi->replacedSizes = _free(fi->replacedSizes);
     fi->replaced = _free(fi->replaced);
@@ -1183,6 +1200,10 @@ rpmfi rpmfiNew(rpmts ts, Header h, rpmTag tagN, int scareMem)
     uint_32 * uip;
     int dnlmax, bnlmax;
     unsigned char * t;
+security_context_t scon;
+int * fcnb;
+char * fctxt;
+int fctxtlen;
     int len;
     int xx;
     int i;
@@ -1407,6 +1428,44 @@ if (fi->actions == NULL)
     fi->dperms = 0755;
     fi->fperms = 0644;
 
+    /* Retrieve file contexts into single contiguous buffer, saving sizes. */
+    fctxt = NULL;
+    fctxtlen = 0;
+    len = fi->fc * sizeof(*fcnb);
+    fcnb = memset(alloca(len), 0, len);
+    fi->fn = xmalloc(fi->fnlen);
+/*@-branchstate@*/
+    for (i = 0; i < fi->fc; i++) {
+/*@-boundswrite@*/
+	*fi->fn = '\0';
+	(void) stpcpy( stpcpy(fi->fn, fi->dnl[fi->dil[i]]), fi->bnl[i]);
+/*@=boundswrite@*/
+	fcnb[i] = lgetfilecon(fi->fn, &scon);
+	if (fcnb[i] <= 0)
+	    continue;
+
+	fctxt = xrealloc(fctxt, fctxtlen + fcnb[i]);
+	memcpy(fctxt+fctxtlen, scon, fcnb[i]);
+	fctxtlen += fcnb[i];
+	(void) freecon(scon);
+    }
+/*@=branchstate@*/
+
+    /* Initialize array ptrs into data following array. */
+    len = ((fi->fc+1) * sizeof(*fi->fcontexts)) + fctxtlen;
+    fi->fcontexts = xmalloc(len);
+    (void) memset(fi->fcontexts, 0, (fi->fc+1) * sizeof(*fi->fcontexts));
+    (void) memcpy(&fi->fcontexts[fi->fc+1], fctxt, fctxtlen);
+    fctxt = _free(fctxt);
+    fctxt = (char *) (&fi->fcontexts[fi->fc+1]);
+    for (i = 0; i < fi->fc; i++) {
+	if (fcnb[i] <= 0)
+	    continue;
+	fi->fcontexts[i] = fctxt;
+	fctxt += fcnb[i];
+    }
+    fi->fcontexts[fi->fc] = NULL;
+
 exit:
 /*@-modfilesys@*/
 if (_rpmfi_debug < 0)
@@ -1473,6 +1532,209 @@ exit:
     if (fcp) *fcp = ac;
 }
 
+void rpmfiBuildFContexts(Header h,
+	/*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp)
+{
+    int scareMem = 1;
+    rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem);
+    const char * FContext;
+    const char ** av;
+    int ac;
+    size_t nb;
+    char * t;
+
+    if ((ac = rpmfiFC(fi)) <= 0) {
+	av = NULL;
+	ac = 0;
+	goto exit;
+    }
+
+    /* Compute size of argv array blob. */
+    nb = (ac + 1) * sizeof(*av);
+    fi = rpmfiInit(fi, 0);
+    if (fi != NULL)
+    while (rpmfiNext(fi) >= 0) {
+	FContext = rpmfiFContext(fi);
+	if (FContext && *FContext != '\0')
+	    nb += strlen(FContext);
+	nb += 1;
+    }
+
+    /* Create and load argv array. */
+    av = xmalloc(nb);
+    t = ((char *) av) + ((ac + 1) * sizeof(*av));
+    ac = 0;
+    fi = rpmfiInit(fi, 0);
+    if (fi != NULL)
+    while (rpmfiNext(fi) >= 0) {
+	FContext = rpmfiFContext(fi);
+	av[ac++] = t;
+	if (FContext && *FContext != '\0')
+	    t = stpcpy(t, FContext);
+	*t++ = '\0';
+    }
+    av[ac] = NULL;
+    /*@=branchstate@*/
+
+exit:
+    fi = rpmfiFree(fi);
+    /*@-branchstate@*/
+    if (fcontextp)
+	*fcontextp = av;
+    else
+	av = _free(av);
+    /*@=branchstate@*/
+    if (fcp) *fcp = ac;
+}
+
+void rpmfiBuildFSContexts(Header h,
+	/*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp)
+{
+    int scareMem = 1;
+    rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem);
+    const char ** av;
+    int ac;
+    size_t nb;
+    char * t;
+    char * fctxt = NULL;
+    size_t fctxtlen = 0;
+    int * fcnb;
+
+    if ((ac = rpmfiFC(fi)) <= 0) {
+	av = NULL;
+	ac = 0;
+	goto exit;
+    }
+
+    /* Compute size of argv array blob, concatenating file contexts. */
+    nb = ac * sizeof(*fcnb);
+    fcnb = memset(alloca(nb), 0, nb);
+    ac = 0;
+    fi = rpmfiInit(fi, 0);
+    if (fi != NULL)
+    while (rpmfiNext(fi) >= 0) {
+	const char * fn = rpmfiFN(fi);
+	security_context_t scon;
+
+	fcnb[ac] = lgetfilecon(fn, &scon);
+/*@-branchstate@*/
+	if (fcnb[ac] > 0) {
+	    fctxt = xrealloc(fctxt, fctxtlen + fcnb[ac]);
+	    memcpy(fctxt+fctxtlen, scon, fcnb[ac]);
+	    fctxtlen += fcnb[ac];
+	    (void) freecon(scon);
+	}
+/*@=branchstate@*/
+	ac++;
+    }
+
+    /* Create and load argv array from concatenated file contexts. */
+    nb = (ac + 1) * sizeof(*av) + fctxtlen;
+    av = xmalloc(nb);
+    t = ((char *) av) + ((ac + 1) * sizeof(*av));
+    (void) memcpy(t, fctxt, fctxtlen);
+    ac = 0;
+    fi = rpmfiInit(fi, 0);
+    if (fi != NULL)
+    while (rpmfiNext(fi) >= 0) {
+	av[ac] = NULL;
+	if (fcnb[ac] > 0) {
+	    av[ac] = t;
+	    t += fcnb[ac];
+	}
+	ac++;
+    }
+    av[ac] = NULL;
+
+exit:
+    fi = rpmfiFree(fi);
+    /*@-branchstate@*/
+    if (fcontextp)
+	*fcontextp = av;
+    else
+	av = _free(av);
+    /*@=branchstate@*/
+    if (fcp) *fcp = ac;
+}
+
+void rpmfiBuildREContexts(Header h,
+	/*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp)
+{
+    int scareMem = 1;
+    rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem);
+    rpmsx sx = NULL;
+    const char ** av;
+    int ac;
+    size_t nb;
+    char * t;
+    char * fctxt = NULL;
+    size_t fctxtlen = 0;
+    int * fcnb;
+
+    if ((ac = rpmfiFC(fi)) <= 0) {
+	av = NULL;
+	ac = 0;
+	goto exit;
+    }
+
+    /* Read security context patterns. */
+    sx = rpmsxNew(NULL);
+
+    /* Compute size of argv array blob, concatenating file contexts. */
+    nb = ac * sizeof(*fcnb);
+    fcnb = memset(alloca(nb), 0, nb);
+    ac = 0;
+    fi = rpmfiInit(fi, 0);
+    if (fi != NULL)
+    while (rpmfiNext(fi) >= 0) {
+	const char * fn = rpmfiFN(fi);
+	mode_t fmode = rpmfiFMode(fi);
+	const char * scon;
+
+	scon = rpmsxFContext(sx, fn, fmode);
+	if (scon != NULL) {
+	    fcnb[ac] = strlen(scon) + 1;
+/*@-branchstate@*/
+	    if (fcnb[ac] > 0) {
+		fctxt = xrealloc(fctxt, fctxtlen + fcnb[ac]);
+		memcpy(fctxt+fctxtlen, scon, fcnb[ac]);
+		fctxtlen += fcnb[ac];
+	    }
+/*@=branchstate@*/
+	}
+	ac++;
+    }
+
+    /* Create and load argv array from concatenated file contexts. */
+    nb = (ac + 1) * sizeof(*av) + fctxtlen;
+    av = xmalloc(nb);
+    t = ((char *) av) + ((ac + 1) * sizeof(*av));
+    (void) memcpy(t, fctxt, fctxtlen);
+    ac = 0;
+    fi = rpmfiInit(fi, 0);
+    if (fi != NULL)
+    while (rpmfiNext(fi) >= 0) {
+	av[ac] = NULL;
+	if (fcnb[ac] > 0) {
+	    av[ac] = t;
+	    t += fcnb[ac];
+	}
+	ac++;
+    }
+    av[ac] = NULL;
+
+exit:
+    fi = rpmfiFree(fi);
+    sx = rpmsxFree(sx);
+    /*@-branchstate@*/
+    if (fcontextp)
+	*fcontextp = av;
+    else
+	av = _free(av);
+    /*@=branchstate@*/
+    if (fcp) *fcp = ac;
+}
+
 void rpmfiBuildFDeps(Header h, rpmTag tagN,
 	/*@out@*/ const char *** fdepsp, /*@out@*/ int * fcp)
 {
diff --git a/lib/rpmfi.h b/lib/rpmfi.h
index d4456d3ac..af0ad2362 100644
--- a/lib/rpmfi.h
+++ b/lib/rpmfi.h
@@ -82,6 +82,9 @@ struct rpmfi_s {
     const uint_32 * fcolors;	/*!< File color bits (header) */
 
 /*@only@*/ /*@null@*/
+    const char ** fcontexts;	/*! FIle security contexts. */
+
+/*@only@*/ /*@null@*/
     const char ** cdict;	/*!< File class dictionary (header) */
     int_32 ncdict;		/*!< No. of class entries. */
 /*@only@*/ /*@null@*/
@@ -396,6 +399,17 @@ extern const char * rpmfiFClass(/*@null@*/ rpmfi fi)
 /*@=exportlocal@*/
 
 /**
+ * Return current file security context from file info set.
+ * @param fi		file info set
+ * @return		current file context, 0 on invalid
+ */
+/*@-exportlocal@*/
+/*@observer@*/ /*@null@*/
+extern const char * rpmfiFContext(/*@null@*/ rpmfi fi)
+	/*@*/;
+/*@=exportlocal@*/
+
+/**
  * Return current file depends dictionary from file info set.
  * @param fi		file info set
  * @retval *fddictp	file depends dictionary array (or NULL)
@@ -514,6 +528,48 @@ void rpmfiBuildFClasses(Header h,
 	/*@modifies h, *fclassp, *fcp, rpmGlobalMacroContext, fileSystem @*/;
 
 /**
+ * Retrieve file security contexts from header.
+ *
+ * This function is used to retrieve file contexts from the header.
+ * 
+ * @param h		header
+ * @retval *fcontextp	array of file contexts
+ * @retval *fcp		number of files
+ */
+void rpmfiBuildFContexts(Header h,
+		/*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp)
+	/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
+	/*@modifies h, *fcontextp, *fcp, rpmGlobalMacroContext, fileSystem @*/;
+
+/**
+ * Retrieve file security contexts from file system.
+ *
+ * This function is used to retrieve file contexts from the file system.
+ * 
+ * @param h		header
+ * @retval *fcontextp	array of file contexts
+ * @retval *fcp		number of files
+ */
+void rpmfiBuildFSContexts(Header h,
+		/*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp)
+	/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
+	/*@modifies h, *fcontextp, *fcp, rpmGlobalMacroContext, fileSystem @*/;
+
+/**
+ * Retrieve file security contexts from policy RE's.
+ *
+ * This function is used to retrieve file contexts from policy RE's.
+ * 
+ * @param h		header
+ * @retval *fcontextp	array of file contexts
+ * @retval *fcp		number of files
+ */
+void rpmfiBuildREContexts(Header h,
+		/*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp)
+	/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
+	/*@modifies h, *fcontextp, *fcp, rpmGlobalMacroContext, fileSystem @*/;
+
+/**
  * Retrieve per-file dependencies from header.
  *
  * This function is used to retrieve per-file dependencies from the header.
diff --git a/lib/rpmlib.h b/lib/rpmlib.h
index 73d638157..9356a074a 100644
--- a/lib/rpmlib.h
+++ b/lib/rpmlib.h
@@ -414,6 +414,9 @@ typedef enum rpmTag_e {
     RPMTAG_FILEDEPENDSN		= 1144,
     RPMTAG_DEPENDSDICT		= 1145,
     RPMTAG_SOURCEPKGID		= 1146,
+    RPMTAG_FILECONTEXTS		= 1147,
+    RPMTAG_FSCONTEXTS		= 1148,
+    RPMTAG_RECONTEXTS		= 1149,
 /*@-enummemuse@*/
     RPMTAG_FIRSTFREE_TAG	/*!< internal */
 /*@=enummemuse@*/