mkswap: remove deprecated SELinux matchpathcon()

Signed-off-by: Karel Zak <kzak@redhat.com>
2 years ago · b105446e69
4 changed files with 40 additions and 2 deletions
--- a/disk-utils/Makemodule.am
+++ b/disk-utils/Makemodule.am
@ -66,6 +66,9 @@ mkswap_LDADD += libblkid.la
 endif
 if HAVE_SELINUX
 mkswap_LDADD += -lselinux
+mkswap_SOURCES += \
+	lib/selinux-utils.c \
+	include/selinux-utils.h
 endif
 endif # BUILD_MKSWAP

--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@ -23,6 +23,7 @@
 #ifdef HAVE_LIBSELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
+# include "selinux-utils.h"
 #endif
 #ifdef HAVE_LINUX_FIEMAP_H
 # include <linux/fs.h>
@ -636,8 +637,11 @@ int main(int argc, char **argv)
 				err(EXIT_FAILURE,
 					_("%s: unable to obtain selinux file label"),
 					ctl.devname);
-			if (matchpathcon(ctl.devname, ctl.devstat.st_mode, &oldcontext))
-				errx(EXIT_FAILURE, _("unable to matchpathcon()"));
+			if (ul_selinux_get_default_context(ctl.devname,
+						ctl.devstat.st_mode, &oldcontext))
+				errx(EXIT_FAILURE,
+					_("%s: unable to obtain default selinux file label"),
+					ctl.devname);
 		}
 		if (!(newcontext = context_new(oldcontext)))
 			errx(EXIT_FAILURE, _("unable to create new selinux context"));
--- a/include/selinux-utils.h
+++ b/include/selinux-utils.h
@ -3,5 +3,6 @@

 extern int ul_setfscreatecon_from_file(char *orig_file);
 extern int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cxt);
+extern int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt);

 #endif
--- a/lib/selinux-utils.c
+++ b/lib/selinux-utils.c
@ -1,8 +1,16 @@
+/*
+ * No copyright is claimed.  This code is in the public domain; do with
+ * it what you wish.
+ *
+ * Written by Karel Zak <kzak@redhat.com> [January 2021]
+ */
 #include <selinux/context.h>
 #include <selinux/selinux.h>
+#include <selinux/label.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <errno.h>

 #include "selinux-utils.h"

@ -46,3 +54,25 @@ int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cx
 	return rc == 0 ? 1 : 0;
 }

+/* return 0 on success, 0 on error; @cxt returns the default context for @path
+ * and @st_mode (stat())
+ */
+int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt)
+{
+	struct selabel_handle *hnd;
+	struct selinux_opt options[SELABEL_NOPT] = {};
+	int rc = 0;
+
+	*cxt = NULL;
+
+	hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT);
+	if (!hnd)
+		return -errno;
+
+	if (selabel_lookup(hnd, cxt, path, st_mode) != 0)
+		rc = -errno
+			;
+	selabel_close(hnd);
+
+	return rc;
+}