Commits

Stephen Smalley committed a56b158 Merge

Merged in tresysmobile/external-libselinux/nsa-master-prefix (pull request #3)

seapp_contexts support for prefix matching on name

Comments (0)

Files changed (1)

 };
 #endif
 
+struct prefix_str {
+	size_t len;
+	char *str;
+	char is_prefix;
+};
+
 struct seapp_context {
 	/* input selectors */
 	char isSystemServer;
-	char *user;
-	size_t len;
-	char prefix;
+	struct prefix_str user;
 	char *seinfo;
-	char *name;
+	struct prefix_str name;
 	/* outputs */
 	char *domain;
 	char *type;
 		return (s1->isSystemServer ? -1 : 1);
 
 	/* Give precedence to a specified user= over an unspecified user=. */
-	if (s1->user && !s2->user)
+	if (s1->user.str && !s2->user.str)
 		return -1;
-	if (!s1->user && s2->user)
+	if (!s1->user.str && s2->user.str)
 		return 1;
 
-	if (s1->user) {
+	if (s1->user.str) {
 		/* Give precedence to a fixed user= string over a prefix. */
-		if (s1->prefix != s2->prefix)
-			return (s2->prefix ? -1 : 1);
+		if (s1->user.is_prefix != s2->user.is_prefix)
+			return (s2->user.is_prefix ? -1 : 1);
 
 		/* Give precedence to a longer prefix over a shorter prefix. */
-		if (s1->prefix && s1->len != s2->len)
-			return (s1->len > s2->len) ? -1 : 1;
+		if (s1->user.is_prefix && s1->user.len != s2->user.len)
+			return (s1->user.len > s2->user.len) ? -1 : 1;
 	}
 
 	/* Give precedence to a specified seinfo= over an unspecified seinfo=. */
 		return 1;
 
 	/* Give precedence to a specified name= over an unspecified name=. */
-	if (s1->name && !s2->name)
+	if (s1->name.str && !s2->name.str)
 		return -1;
-	if (!s1->name && s2->name)
+	if (!s1->name.str && s2->name.str)
 		return 1;
 
+	if (s1->name.str) {
+		/* Give precedence to a fixed name= string over a prefix. */
+		if (s1->name.is_prefix != s2->name.is_prefix)
+			return (s2->name.is_prefix ? -1 : 1);
+
+		/* Give precedence to a longer prefix over a shorter prefix. */
+		if (s1->name.is_prefix && s1->name.len != s2->name.len)
+			return (s1->name.len > s2->name.len) ? -1 : 1;
+	}
+
         /* Give precedence to a specified sebool= over an unspecified sebool=. */
         if (s1->sebool && !s2->sebool)
                 return -1;
 	if (seapp_contexts) {
 		for (n = 0; n < nspec; n++) {
 			cur = seapp_contexts[n];
-			free(cur->user);
+			free(cur->user.str);
 			free(cur->seinfo);
-			free(cur->name);
+			free(cur->name.str);
 			free(cur->domain);
 			free(cur->type);
 			free(cur->level);
 					goto err;
 				}
 			} else if (!strcasecmp(name, "user")) {
-				cur->user = strdup(value);
-				if (!cur->user)
+				cur->user.str = strdup(value);
+				if (!cur->user.str)
 					goto oom;
-				cur->len = strlen(cur->user);
-				if (cur->user[cur->len-1] == '*')
-					cur->prefix = 1;
+				cur->user.len = strlen(cur->user.str);
+				if (cur->user.str[cur->user.len-1] == '*')
+					cur->user.is_prefix = 1;
 			} else if (!strcasecmp(name, "seinfo")) {
 				cur->seinfo = strdup(value);
 				if (!cur->seinfo)
 					goto oom;
 			} else if (!strcasecmp(name, "name")) {
-				cur->name = strdup(value);
-				if (!cur->name)
+				cur->name.str = strdup(value);
+				if (!cur->name.str)
 					goto oom;
+				cur->name.len = strlen(cur->name.str);
+				if (cur->name.str[cur->name.len-1] == '*')
+					cur->name.is_prefix = 1;
 			} else if (!strcasecmp(name, "domain")) {
 				cur->domain = strdup(value);
 				if (!cur->domain)
 		if (cur->isSystemServer != isSystemServer)
 			continue;
 
-		if (cur->user) {
-			if (cur->prefix) {
-				if (strncasecmp(username, cur->user, cur->len-1))
+		if (cur->user.str) {
+			if (cur->user.is_prefix) {
+				if (strncasecmp(username, cur->user.str, cur->user.len-1))
 					continue;
 			} else {
-				if (strcasecmp(username, cur->user))
+				if (strcasecmp(username, cur->user.str))
 					continue;
 			}
 		}
 				continue;
 		}
 
-		if (cur->name) {
-			if (!pkgname || strcasecmp(pkgname, cur->name))
+		if (cur->name.str) {
+			if(!pkgname)
 				continue;
+
+			if (cur->name.is_prefix) {
+				if (strncasecmp(pkgname, cur->name.str, cur->name.len-1))
+					continue;
+			} else {
+				if (strcasecmp(pkgname, cur->name.str))
+					continue;
+			}
 		}
 
 		if (kind == SEAPP_TYPE && !cur->type)
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.