[Toybox] Regarding smack behavior of ls command

José Bollo jobol at nonadev.net
Mon May 18 00:48:33 PDT 2015 

Le lundi 18 mai 2015 à 12:26 +0900, Hyejin Kim a écrit :
> Hi.
>  
> Recently smack feature is added by ls command only and I tested it on
> emulator of tizen platform.
> But, some operations are not proper at my point of view and I'll share
> them.
>  
> Below is the smack code at seclabel().
> ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>   } else if (CFG_TOYBOX_SMACK) {
>     int fd = openat(dirtree_parentfd(dt), dt->name, O_PATH|
> O_NOFOLLOW);
>     char buf[SMACK_LABEL_LEN+1];
>     ssize_t len = 1;
>     strcpy(buf, "?");
>     if (fd != -1) {
>       len = fgetxattr(fd, XATTR_NAME_SMACK, pad?buf:0,
> pad?SMACK_LABEL_LEN:0);
>       close(fd);
>       if (len<1 || len>SMACK_LABEL_LEN) len = 0;
>       else buf[len] = 0;
>     }
>     if (pad) printf(" %*s "+(pad>0), pad, buf);
>     return len;
>   } 
>  
> ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>  
> 1. At first, fd is wrong. So, cant call fgetxattr() and print ? for
> label.

Hi Hyejin, hi all,

yes it is normal, opening with O_PATH doesn't allow to call fgetxattr.

 
> 2. 3rd and 4th param of fgetxattr() is changable for __pad__. but why
> should the __pad__ affect them? 

Having pad=0 means that only the size of the label is checked but the
label has not to be printed. Thus the only meaningful data is the
length. Passing a buffer would imply some unneeded copies of memory.

> 3. If it is hard to get fd, can change to call getxattr() with
> filepath instead of calling fgetxattr with fd. I got a right result on
> emulator with belowing example.

True. But having a file descriptor instead of a path is optimal.

In my last proposal https://github.com/jobol/toybox/tree/smack-10 this
algorithm is used:

 if getting file descriptor is either not possible (symbolic links,
socket) or returns an error, then get the path, else use the file
descriptor.

For most objects of the file system: regular files and directories, the
file descriptor is used.

Best regards
José Bollo

> For example : 
>     
> ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>   } else if (CFG_TOYBOX_SMACK) {
>     char* path = dirtree_path(dt, 0);
>     char buf[SMACK_LABEL_LEN+1];
>     ssize_t len = 1;
>     strcpy(buf, "?");
>     if (path) {
>       len = getxattr(path, XATTR_NAME_SMACK, buf, SMACK_LABEL_LEN);
>       if (len<1 || len>SMACK_LABEL_LEN) len = 0;
>       else buf[len] = 0;
>     }
>     printf(" %*s "+(pad>0), pad, buf);
>     return len;
>   } 
>  
> ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>  
> Can anyone give me an opinion?
>  
> Thanks.
>     
>  
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net



 1431935313.0

More information about the Toybox mailing list