Annotate libselinux functions #357
Open
Commits on May 12, 2023
-
libselinux: annotate interfaces with compiler attributes
libselinux is used widely, in object managers, like systemd or dbus, and essential utilities, like coreutils or package managers. Help compilers and static analyzers to find suspicious usages of interfaces of libselinux by annotating them with function attributes. This includes potentially passing NULL to non-NULL parameters, no error handling by ignoring return values. Function attributes are GNU extensions and supported by GCC[1] and Clang[2]. [1]: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html [2]: https://clang.llvm.org/docs/AttributeReference.html#function-attributes Signed-off-by: Christian Göttsche <[email protected]>
-
libselinux: deprecate matchpathcon and compute_user interfaces
Annotate interfaces of the matchpathcon family and security_compute_user(3) and security_compute_user_raw(3) as deprecated. Signed-off-by: Christian Göttsche <[email protected]>
-
libselinux: declare avc_open(3) options parameter const
The first parameter of avc_open(3) is a read-only array of options. Signed-off-by: Christian Göttsche <[email protected]>
-
mcstrans: check getcon(3) and context_range_set(3) for failure
mcstrans.c: In function ‘new_context_str’: mcstrans.c:926:9: error: ignoring return value of ‘context_range_set’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 926 | context_range_set(con, range); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mcscolor.c: In function ‘init_colors’: mcscolor.c:252:9: error: ignoring return value of ‘getcon’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 252 | getcon(&my_context); | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche <[email protected]> -
libselinux: explicitly ignore return values
Tell GCC, see [1], to actually no issue warnings about explicitly ignored return values. Also explicitly ignored return values in cleanup handlers. togglesebool.c: In function ‘rollback’: togglesebool.c:18:17: error: ignoring return value of ‘security_set_boolean’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 18 | security_set_boolean(argv[i], | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19 | security_get_boolean_active(argv[i])); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ load_policy.c: In function ‘selinux_init_load_policy’: load_policy.c:329:17: error: ‘security_disable’ is deprecated: SELinux runtime disable is deprecated [-Werror=deprecated-declarations] 329 | rc = security_disable(); | ^~ booleans.c: In function ‘rollback’: booleans.c:332:17: error: ignoring return value of ‘security_set_boolean’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 332 | security_set_boolean(boollist[i].name, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 333 | security_get_boolean_active(boollist[i]. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 334 | name)); | ~~~~~~ checkAccess.c: In function ‘selinux_check_access’: checkAccess.c:42:16: error: ignoring return value of ‘selinux_status_updated’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 42 | (void) selinux_status_updated(); | ^~~~~~~~~~~~~~~~~~~~~~~~ avc.c: In function ‘avc_has_perm_noaudit’: avc.c:761:24: error: ignoring return value of ‘selinux_status_updated’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 761 | (void) selinux_status_updated(); | ^~~~~~~~~~~~~~~~~~~~~~~~ [1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425 Signed-off-by: Christian Göttsche <[email protected]> -
libselinux: ignore internal use of deprecated interfaces
Ignore internal use of deprecated interfaces within deprecated interfaces. compute_user.c: In function ‘security_compute_user’: compute_user.c:93:9: error: ‘security_compute_user_raw’ is deprecated: Use get_ordered_context_list(3) family [-Werror=deprecated-declarations] 93 | ret = security_compute_user_raw(rscon, user, con); | ^~~ compute_user.c:13:5: note: declared here 13 | int security_compute_user_raw(const char * scon, | ^~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche <[email protected]> -
secon: check selinux_raw_to_trans_context(3) for failure
secon.c: In function ‘disp_con’: secon.c:634:9: error: ignoring return value of ‘selinux_raw_to_trans_context’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 634 | selinux_raw_to_trans_context(scon_raw, &scon_trans); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche <[email protected]> -
restorecond: check selinux_restorecon(3) for failure
watch.c: In function ‘watch_list_add’: watch.c:74:25: error: ignoring return value of ‘selinux_restorecon’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 74 | selinux_restorecon(globbuf.gl_pathv[i], | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 75 | r_opts.restorecon_flags); | ~~~~~~~~~~~~~~~~~~~~~~~~ watch.c: In function ‘watch_list_find’: watch.c:141:33: error: ignoring return value of ‘selinux_restorecon’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 141 | selinux_restorecon(path, | ^~~~~~~~~~~~~~~~~~~~~~~~ 142 | r_opts.restorecon_flags); | ~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche <[email protected]> -
restorecond: drop last matchpathcon call
As restorecond does not use the matchpathcon family but the selabel one, via selinux_restorecon(3), drop the last unneeded call. Signed-off-by: Christian Göttsche <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.