[Toybox] Regarding smack behavior of ls command

José Bollo jobol at nonadev.net
Mon May 18 04:51:24 PDT 2015 

Le lundi 18 mai 2015 à 19:35 +0900, Hyejin Kim a écrit :
> Hi.
>  
> I checked https://github.com/jobol/toybox/tree/smack-10 and It is good
> to make common lib/security.h
>  
> And, found that seclabel() still calls __security_fget_context()__
> only, without handling fd failed cases.

Hey Hyejin,

You are right, it lakes the last patch I made. See message
http://lists.landley.net/pipermail/toybox-landley.net/2015-May/004175.html
 
> According to your opinion as below : 
>  if getting file descriptor is either not possible (symbolic links,
> socket) or returns an error, then get the path, else use the file
> descriptor.
>  
> Could you modify here if necessary? I want to know any direction.
> Further, Can I know your test environment?


Please check the above link and tell me your opinion on it.
I'm testing on Tizen:Common.

Best regards
José

> Thank you.
>  
> 
>  
> 2015-05-18 16:48 GMT+09:00 José Bollo <jobol at nonadev.net>:
>         Le lundi 18 mai 2015 à 12:26 +0900, Hyejin Kim a écrit :
>         > Hi.
>         >
>         > Recently smack feature is added by ls command only and I
>         tested it on
>         > emulator of tizen platform.
>         > But, some operations are not proper at my point of view and
>         I'll share
>         > them.
>         >
>         > Below is the smack code at seclabel().
>         > ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>         >   } else if (CFG_TOYBOX_SMACK) {
>         >     int fd = openat(dirtree_parentfd(dt), dt->name, O_PATH|
>         > O_NOFOLLOW);
>         >     char buf[SMACK_LABEL_LEN+1];
>         >     ssize_t len = 1;
>         >     strcpy(buf, "?");
>         >     if (fd != -1) {
>         >       len = fgetxattr(fd, XATTR_NAME_SMACK, pad?buf:0,
>         > pad?SMACK_LABEL_LEN:0);
>         >       close(fd);
>         >       if (len<1 || len>SMACK_LABEL_LEN) len = 0;
>         >       else buf[len] = 0;
>         >     }
>         >     if (pad) printf(" %*s "+(pad>0), pad, buf);
>         >     return len;
>         >   }
>         >
>         > ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>         >
>         > 1. At first, fd is wrong. So, cant call fgetxattr() and
>         print ? for
>         > label.
>         
>         
>         Hi Hyejin, hi all,
>         
>         yes it is normal, opening with O_PATH doesn't allow to call
>         fgetxattr.
>         
>         
>         > 2. 3rd and 4th param of fgetxattr() is changable for
>         __pad__. but why
>         > should the __pad__ affect them?
>         
>         Having pad=0 means that only the size of the label is checked
>         but the
>         label has not to be printed. Thus the only meaningful data is
>         the
>         length. Passing a buffer would imply some unneeded copies of
>         memory.
>         
>         > 3. If it is hard to get fd, can change to call getxattr()
>         with
>         > filepath instead of calling fgetxattr with fd. I got a right
>         result on
>         > emulator with belowing example.
>         
>         True. But having a file descriptor instead of a path is
>         optimal.
>         
>         In my last proposal
>         https://github.com/jobol/toybox/tree/smack-10 this
>         algorithm is used:
>         
>          if getting file descriptor is either not possible (symbolic
>         links,
>         socket) or returns an error, then get the path, else use the
>         file
>         descriptor.
>         
>         For most objects of the file system: regular files and
>         directories, the
>         file descriptor is used.
>         
>         Best regards
>         José Bollo
>         
>         > For example :
>         >
>         > ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>         >   } else if (CFG_TOYBOX_SMACK) {
>         >     char* path = dirtree_path(dt, 0);
>         >     char buf[SMACK_LABEL_LEN+1];
>         >     ssize_t len = 1;
>         >     strcpy(buf, "?");
>         >     if (path) {
>         >       len = getxattr(path, XATTR_NAME_SMACK, buf,
>         SMACK_LABEL_LEN);
>         >       if (len<1 || len>SMACK_LABEL_LEN) len = 0;
>         >       else buf[len] = 0;
>         >     }
>         >     printf(" %*s "+(pad>0), pad, buf);
>         >     return len;
>         >   }
>         >
>         > ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
>         >
>         > Can anyone give me an opinion?
>         >
>         > Thanks.
>         >
>         >
>         > _______________________________________________
>         > Toybox mailing list
>         > Toybox at lists.landley.net
>         > http://lists.landley.net/listinfo.cgi/toybox-landley.net
>         
>         
> 
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net



 1431949884.0

More information about the Toybox mailing list