Substitute security_context_t with char *

Historically, we've used security_context_t for variables passed to libselinux APIs. But almost 7 years ago, libselinux developers admitted in their API that in fact, it's just a 'char *' type [1]. Ever since then the APIs accept 'char *' instead, but they kept the old alias just for API stability. Well, not anymore [2]. 1: 9eb9c93275 2: 7a124ca275 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2025-01-18 10:35:20 +00:00 · 2020-07-15 12:32:48 +02:00 · 2020-07-15 12:32:48 +02:00 · e71e13488d
commit e71e13488d
parent deceb1e09f
9 changed files with 29 additions and 29 deletions
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@ -204,7 +204,7 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
    if (STREQ(model->model, "selinux")) {
 #ifdef WITH_SELINUX
        if (oldlabel) {
-            security_context_t ctx;
+            char *ctx;
            if (getcon(&ctx) < 0) {
                virReportSystemError(errno,
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@ -1593,7 +1593,7 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock G_GNUC_UNUSED,
 int virNetSocketGetSELinuxContext(virNetSocketPtr sock,
                                  char **context)
 {
-    security_context_t seccon = NULL;
+    char *seccon = NULL;
    int ret = -1;
    *context = NULL;
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -198,7 +198,7 @@ virSecuritySELinuxTransactionAppend(const char *path,
 static int
 virSecuritySELinuxRememberLabel(const char *path,
-                                const security_context_t con)
+                                const char *con)
 {
    return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME,
                                         path, con);
@ -207,7 +207,7 @@ virSecuritySELinuxRememberLabel(const char *path,
 static int
 virSecuritySELinuxRecallLabel(const char *path,
-                              security_context_t *con)
+                              char **con)
 {
    int rv;
@ -431,7 +431,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
                                     int *catMin,
                                     int *catMax)
 {
-    security_context_t ourSecContext = NULL;
+    char *ourSecContext = NULL;
    context_t ourContext = NULL;
    char *cat = NULL;
    char *tmp;
@ -530,8 +530,8 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
 }
 static char *
-virSecuritySELinuxContextAddRange(security_context_t src,
+virSecuritySELinuxContextAddRange(char *src,
-                                  security_context_t dst)
+                                  char *dst)
 {
    char *str = NULL;
    char *ret = NULL;
@ -575,7 +575,7 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
    context_t context = NULL;
    char *ret = NULL;
    char *str;
-    security_context_t ourSecContext = NULL;
+    char *ourSecContext = NULL;
    context_t ourContext = NULL;
    VIR_DEBUG("basecontext=%s mcs=%s isObjectContext=%d",
@ -955,7 +955,7 @@ virSecuritySELinuxReserveLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr def,
                               pid_t pid)
 {
-    security_context_t pctx;
+    char *pctx;
    context_t ctx = NULL;
    const char *mcs;
    int rv;
@ -1203,7 +1203,7 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
                                  pid_t pid,
                                  virSecurityLabelPtr sec)
 {
-    security_context_t ctx;
+    char *ctx;
    if (getpidcon_raw(pid, &ctx) == -1) {
        virReportSystemError(errno,
@ -1316,7 +1316,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
                             bool remember)
 {
    bool privileged = virSecurityManagerGetPrivileged(mgr);
-    security_context_t econ = NULL;
+    char *econ = NULL;
    int refcount;
    int rc;
    bool rollback = false;
@ -1426,7 +1426,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon)
 /* Set fcon to the appropriate label for path and mode, or return -1.  */
 static int
 getContext(virSecurityManagerPtr mgr G_GNUC_UNUSED,
-           const char *newpath, mode_t mode, security_context_t *fcon)
+           const char *newpath, mode_t mode, char **fcon)
 {
    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@ -1443,7 +1443,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
 {
    bool privileged = virSecurityManagerGetPrivileged(mgr);
    struct stat buf;
-    security_context_t fcon = NULL;
+    char *fcon = NULL;
    char *newpath = NULL;
    int rc;
    int ret = -1;
@ -2974,7 +2974,7 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
 {
    /* TODO: verify DOI */
    virSecurityLabelDefPtr secdef;
-    security_context_t scon = NULL;
+    char *scon = NULL;
    char *str = NULL;
    int rc = -1;
@ -3283,7 +3283,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr,
                                int fd)
 {
    struct stat buf;
-    security_context_t fcon = NULL;
+    char *fcon = NULL;
    virSecurityLabelDefPtr secdef;
    char *str = NULL, *proc = NULL, *fd_path = NULL;
    int rc = -1;
--- a/src/storage/storage_util.c
+++ b/src/storage/storage_util.c
@ -1814,7 +1814,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSourcePtr target,
                                       struct stat *sb)
 {
 #if WITH_SELINUX
-    security_context_t filecon = NULL;
+    char *filecon = NULL;
 #endif
    if (virStorageSourceUpdateBackingSizes(target, fd, sb) < 0)
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@ -157,7 +157,7 @@ virIdentityPtr virIdentityGetSystem(void)
    unsigned long long startTime;
    g_autoptr(virIdentity) ret = NULL;
 #if WITH_SELINUX
-    security_context_t con;
+    char *con;
 #endif
    if (!(ret = virIdentityNew()))
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@ -55,7 +55,7 @@ static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
                                                  unsigned nopts);
 static void (*real_selabel_close)(struct selabel_handle *handle);
 static int (*real_selabel_lookup_raw)(struct selabel_handle *handle,
-                                     security_context_t *con,
+                                     char **con,
                                     const char *key,
                                     int type);
@ -89,7 +89,7 @@ static void init_syms(void)
 * the virt_use_nfs bool is set.
 */
-int getcon_raw(security_context_t *context)
+int getcon_raw(char **context)
 {
    if (!is_selinux_enabled()) {
        errno = EINVAL;
@ -104,12 +104,12 @@ int getcon_raw(security_context_t *context)
    return 0;
 }
-int getcon(security_context_t *context)
+int getcon(char **context)
 {
    return getcon_raw(context);
 }
-int getpidcon_raw(pid_t pid, security_context_t *context)
+int getpidcon_raw(pid_t pid, char **context)
 {
    if (!is_selinux_enabled()) {
        errno = EINVAL;
@ -129,7 +129,7 @@ int getpidcon_raw(pid_t pid, security_context_t *context)
    return 0;
 }
-int getpidcon(pid_t pid, security_context_t *context)
+int getpidcon(pid_t pid, char **context)
 {
    return getpidcon_raw(pid, context);
 }
@ -165,7 +165,7 @@ int setfilecon(const char *path, const char *con)
    return setfilecon_raw(path, con);
 }
-int getfilecon_raw(const char *path, security_context_t *con)
+int getfilecon_raw(const char *path, char **con)
 {
    char *constr = NULL;
    ssize_t len = getxattr(path, "user.libvirt.selinux",
@ -189,7 +189,7 @@ int getfilecon_raw(const char *path, security_context_t *con)
 }
-int getfilecon(const char *path, security_context_t *con)
+int getfilecon(const char *path, char **con)
 {
    return getfilecon_raw(path, con);
 }
@ -308,7 +308,7 @@ void selabel_close(struct selabel_handle *handle)
 }
 int selabel_lookup_raw(struct selabel_handle *handle,
-                       security_context_t *con,
+                       char **con,
                       const char *key,
                       int type)
 {
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@ -252,7 +252,7 @@ static int
 testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles)
 {
    size_t i;
-    security_context_t ctx;
+    char *ctx;
    for (i = 0; i < nfiles; i++) {
        ctx = NULL;
@ -360,7 +360,7 @@ mymain(void)
    if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
        ret = -1;
-    setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
+    setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
    DO_TEST_LABELING("disks");
    DO_TEST_LABELING("kernel");
--- a/tests/securityselinuxtest.c
+++ b/tests/securityselinuxtest.c
@ -217,7 +217,7 @@ testSELinuxGenLabel(const void *opaque)
    context_t con = NULL;
    context_t imgcon = NULL;
-    if (setcon_raw((security_context_t)data->pidcon) < 0) {
+    if (setcon_raw(data->pidcon) < 0) {
        perror("Cannot set process security context");
        return -1;
    }
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@ -120,7 +120,7 @@ static int testIdentityGetSystem(const void *data)
 static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
 {
 #if WITH_SELINUX
-    return setcon_raw((security_context_t)data);
+    return setcon_raw(data);
 #else
    VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
    return EXIT_AM_SKIP;