| #include "restore.h" |
| #include <glob.h> |
| #include <selinux/context.h> |
| |
| #define SKIP -2 |
| #define ERR -1 |
| #define MAX_EXCLUDES 1000 |
| |
| /* |
| * The hash table of associations, hashed by inode number. |
| * Chaining is used for collisions, with elements ordered |
| * by inode number in each bucket. Each hash bucket has a dummy |
| * header. |
| */ |
| #define HASH_BITS 16 |
| #define HASH_BUCKETS (1 << HASH_BITS) |
| #define HASH_MASK (HASH_BUCKETS-1) |
| |
| /* |
| * An association between an inode and a context. |
| */ |
| typedef struct file_spec { |
| ino_t ino; /* inode number */ |
| char *con; /* matched context */ |
| char *file; /* full pathname */ |
| struct file_spec *next; /* next association in hash bucket chain */ |
| } file_spec_t; |
| |
| struct edir { |
| char *directory; |
| size_t size; |
| }; |
| |
| |
| static file_spec_t *fl_head; |
| static int filespec_add(ino_t ino, const security_context_t con, const char *file); |
| struct restore_opts *r_opts = NULL; |
| static void filespec_destroy(void); |
| static void filespec_eval(void); |
| static int excludeCtr = 0; |
| static struct edir excludeArray[MAX_EXCLUDES]; |
| |
| void remove_exclude(const char *directory) |
| { |
| int i = 0; |
| for (i = 0; i < excludeCtr; i++) { |
| if (strcmp(directory, excludeArray[i].directory) == 0) { |
| free(excludeArray[i].directory); |
| if (i != excludeCtr-1) |
| excludeArray[i] = excludeArray[excludeCtr-1]; |
| excludeCtr--; |
| return; |
| } |
| } |
| return; |
| } |
| |
| void restore_init(struct restore_opts *opts) |
| { |
| r_opts = opts; |
| struct selinux_opt selinux_opts[] = { |
| { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, |
| { SELABEL_OPT_PATH, r_opts->selabel_opt_path } |
| }; |
| r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2); |
| if (!r_opts->hnd) { |
| perror(r_opts->selabel_opt_path); |
| exit(1); |
| } |
| } |
| |
| void restore_finish() |
| { |
| int i; |
| for (i = 0; i < excludeCtr; i++) { |
| free(excludeArray[i].directory); |
| } |
| } |
| |
| static int match(const char *name, struct stat *sb, char **con) |
| { |
| if (!(r_opts->hard_links) && !S_ISDIR(sb->st_mode) && (sb->st_nlink > 1)) { |
| fprintf(stderr, "Warning! %s refers to a file with more than one hard link, not fixing hard links.\n", |
| name); |
| return -1; |
| } |
| |
| if (NULL != r_opts->rootpath) { |
| if (0 != strncmp(r_opts->rootpath, name, r_opts->rootpathlen)) { |
| fprintf(stderr, "%s: %s is not located in %s\n", |
| r_opts->progname, name, r_opts->rootpath); |
| return -1; |
| } |
| name += r_opts->rootpathlen; |
| } |
| |
| if (r_opts->rootpath != NULL && name[0] == '\0') |
| /* this is actually the root dir of the alt root */ |
| return selabel_lookup_raw(r_opts->hnd, con, "/", sb->st_mode); |
| else |
| return selabel_lookup_raw(r_opts->hnd, con, name, sb->st_mode); |
| } |
| static int restore(FTSENT *ftsent, int recurse) |
| { |
| char *my_file = strdupa(ftsent->fts_path); |
| int ret = -1; |
| security_context_t curcon = NULL, newcon = NULL; |
| float progress; |
| if (match(my_file, ftsent->fts_statp, &newcon) < 0) { |
| if ((errno == ENOENT) && ((!recurse) || (r_opts->verbose))) |
| fprintf(stderr, "%s: Warning no default label for %s\n", r_opts->progname, my_file); |
| |
| /* Check for no matching specification. */ |
| return (errno == ENOENT) ? 0 : -1; |
| } |
| |
| if (r_opts->progress) { |
| r_opts->count++; |
| if (r_opts->count % STAR_COUNT == 0) { |
| if (r_opts->progress == 1) { |
| fprintf(stdout, "\r%luk", (size_t) r_opts->count / STAR_COUNT ); |
| } else { |
| if (r_opts->nfile > 0) { |
| progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100; |
| fprintf(stdout, "\r%-.1f%%", progress); |
| } |
| } |
| fflush(stdout); |
| } |
| } |
| |
| /* |
| * Try to add an association between this inode and |
| * this specification. If there is already an association |
| * for this inode and it conflicts with this specification, |
| * then use the last matching specification. |
| */ |
| if (r_opts->add_assoc) { |
| ret = filespec_add(ftsent->fts_statp->st_ino, newcon, my_file); |
| if (ret < 0) |
| goto err; |
| |
| if (ret > 0) |
| /* There was already an association and it took precedence. */ |
| goto out; |
| } |
| |
| if (r_opts->debug) { |
| printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon); |
| } |
| |
| /* |
| * Do not relabel if their is no default specification for this file |
| */ |
| |
| if (strcmp(newcon, "<<none>>") == 0) { |
| goto out; |
| } |
| |
| /* Get the current context of the file. */ |
| ret = lgetfilecon_raw(ftsent->fts_accpath, &curcon); |
| if (ret < 0) { |
| if (errno == ENODATA) { |
| curcon = NULL; |
| } else { |
| fprintf(stderr, "%s get context on %s failed: '%s'\n", |
| r_opts->progname, my_file, strerror(errno)); |
| goto err; |
| } |
| } |
| |
| /* lgetfilecon returns number of characters and ret needs to be reset |
| * to 0. |
| */ |
| ret = 0; |
| |
| /* |
| * Do not relabel the file if the file is already labeled according to |
| * the specification. |
| */ |
| if (curcon && (strcmp(curcon, newcon) == 0)) { |
| goto out; |
| } |
| |
| if (!r_opts->force && curcon && (is_context_customizable(curcon) > 0)) { |
| if (r_opts->verbose > 1) { |
| fprintf(stderr, |
| "%s: %s not reset customized by admin to %s\n", |
| r_opts->progname, my_file, curcon); |
| } |
| goto out; |
| } |
| |
| /* |
| * Do not change label unless this is a force or the type is different |
| */ |
| if (!r_opts->force && curcon) { |
| int types_differ = 0; |
| context_t cona; |
| context_t conb; |
| int err = 0; |
| cona = context_new(curcon); |
| if (! cona) { |
| goto out; |
| } |
| conb = context_new(newcon); |
| if (! conb) { |
| context_free(cona); |
| goto out; |
| } |
| |
| types_differ = strcmp(context_type_get(cona), context_type_get(conb)); |
| if (types_differ) { |
| err |= context_user_set(conb, context_user_get(cona)); |
| err |= context_role_set(conb, context_role_get(cona)); |
| err |= context_range_set(conb, context_range_get(cona)); |
| if (!err) { |
| freecon(newcon); |
| newcon = strdup(context_str(conb)); |
| } |
| } |
| context_free(cona); |
| context_free(conb); |
| |
| if (!types_differ || err) { |
| goto out; |
| } |
| } |
| |
| if (r_opts->verbose) { |
| printf("%s reset %s context %s->%s\n", |
| r_opts->progname, my_file, curcon ?: "", newcon); |
| } |
| |
| if (r_opts->logging && r_opts->change) { |
| if (curcon) |
| syslog(LOG_INFO, "relabeling %s from %s to %s\n", |
| my_file, curcon, newcon); |
| else |
| syslog(LOG_INFO, "labeling %s to %s\n", |
| my_file, newcon); |
| } |
| |
| if (r_opts->outfile) |
| fprintf(r_opts->outfile, "%s\n", my_file); |
| |
| /* |
| * Do not relabel the file if -n was used. |
| */ |
| if (!r_opts->change) |
| goto out; |
| |
| /* |
| * Relabel the file to the specified context. |
| */ |
| ret = lsetfilecon(ftsent->fts_accpath, newcon); |
| if (ret) { |
| fprintf(stderr, "%s set context %s->%s failed:'%s'\n", |
| r_opts->progname, my_file, newcon, strerror(errno)); |
| goto skip; |
| } |
| ret = 0; |
| out: |
| freecon(curcon); |
| freecon(newcon); |
| return ret; |
| skip: |
| freecon(curcon); |
| freecon(newcon); |
| return SKIP; |
| err: |
| freecon(curcon); |
| freecon(newcon); |
| return ERR; |
| } |
| /* |
| * Apply the last matching specification to a file. |
| * This function is called by fts on each file during |
| * the directory traversal. |
| */ |
| static int apply_spec(FTSENT *ftsent, int recurse) |
| { |
| if (ftsent->fts_info == FTS_DNR) { |
| fprintf(stderr, "%s: unable to read directory %s\n", |
| r_opts->progname, ftsent->fts_path); |
| return SKIP; |
| } |
| |
| int rc = restore(ftsent, recurse); |
| if (rc == ERR) { |
| if (!r_opts->abort_on_error) |
| return SKIP; |
| } |
| return rc; |
| } |
| |
| #include <sys/statvfs.h> |
| |
| static int process_one(char *name, int recurse_this_path) |
| { |
| int rc = 0; |
| const char *namelist[2] = {name, NULL}; |
| dev_t dev_num = 0; |
| FTS *fts_handle = NULL; |
| FTSENT *ftsent = NULL; |
| |
| if (r_opts == NULL){ |
| fprintf(stderr, |
| "Must call initialize first!"); |
| goto err; |
| } |
| |
| fts_handle = fts_open((char **)namelist, r_opts->fts_flags, NULL); |
| if (fts_handle == NULL) { |
| fprintf(stderr, |
| "%s: error while labeling %s: %s\n", |
| r_opts->progname, namelist[0], strerror(errno)); |
| goto err; |
| } |
| |
| |
| ftsent = fts_read(fts_handle); |
| if (ftsent == NULL) { |
| fprintf(stderr, |
| "%s: error while labeling %s: %s\n", |
| r_opts->progname, namelist[0], strerror(errno)); |
| goto err; |
| } |
| |
| /* Keep the inode of the first one. */ |
| dev_num = ftsent->fts_statp->st_dev; |
| |
| do { |
| rc = 0; |
| /* Skip the post order nodes. */ |
| if (ftsent->fts_info == FTS_DP) |
| continue; |
| /* If the XDEV flag is set and the device is different */ |
| if (ftsent->fts_statp->st_dev != dev_num && |
| FTS_XDEV == (r_opts->fts_flags & FTS_XDEV)) |
| continue; |
| if (excludeCtr > 0) { |
| if (exclude(ftsent->fts_path)) { |
| fts_set(fts_handle, ftsent, FTS_SKIP); |
| continue; |
| } |
| } |
| |
| rc = apply_spec(ftsent, recurse_this_path); |
| if (rc == SKIP) |
| fts_set(fts_handle, ftsent, FTS_SKIP); |
| if (rc == ERR) |
| goto err; |
| if (!recurse_this_path) |
| break; |
| } while ((ftsent = fts_read(fts_handle)) != NULL); |
| |
| out: |
| if (r_opts->add_assoc) { |
| if (!r_opts->quiet) |
| filespec_eval(); |
| filespec_destroy(); |
| } |
| if (fts_handle) |
| fts_close(fts_handle); |
| return rc; |
| |
| err: |
| rc = -1; |
| goto out; |
| } |
| |
| int process_glob(char *name, int recurse) { |
| glob_t globbuf; |
| size_t i = 0; |
| int errors; |
| memset(&globbuf, 0, sizeof(globbuf)); |
| errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK | GLOB_BRACE, NULL, &globbuf); |
| if (errors) |
| return errors; |
| |
| for (i = 0; i < globbuf.gl_pathc; i++) { |
| int len = strlen(globbuf.gl_pathv[i]) -2; |
| if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) |
| continue; |
| if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) |
| continue; |
| int rc = process_one_realpath(globbuf.gl_pathv[i], recurse); |
| if (rc < 0) |
| errors = rc; |
| } |
| globfree(&globbuf); |
| return errors; |
| } |
| |
| int process_one_realpath(char *name, int recurse) |
| { |
| int rc = 0; |
| char *p; |
| struct stat64 sb; |
| |
| if (r_opts == NULL){ |
| fprintf(stderr, |
| "Must call initialize first!"); |
| return -1; |
| } |
| |
| if (!r_opts->expand_realpath) { |
| return process_one(name, recurse); |
| } else { |
| rc = lstat64(name, &sb); |
| if (rc < 0) { |
| if (r_opts->ignore_enoent && errno == ENOENT) |
| return 0; |
| fprintf(stderr, "%s: lstat(%s) failed: %s\n", |
| r_opts->progname, name, strerror(errno)); |
| return -1; |
| } |
| |
| if (S_ISLNK(sb.st_mode)) { |
| char path[PATH_MAX + 1]; |
| |
| rc = realpath_not_final(name, path); |
| if (rc < 0) |
| return rc; |
| rc = process_one(path, 0); |
| if (rc < 0) |
| return rc; |
| |
| p = realpath(name, NULL); |
| if (p) { |
| rc = process_one(p, recurse); |
| free(p); |
| } |
| return rc; |
| } else { |
| p = realpath(name, NULL); |
| if (!p) { |
| fprintf(stderr, "realpath(%s) failed %s\n", name, |
| strerror(errno)); |
| return -1; |
| } |
| rc = process_one(p, recurse); |
| free(p); |
| return rc; |
| } |
| } |
| } |
| |
| int exclude(const char *file) |
| { |
| int i = 0; |
| for (i = 0; i < excludeCtr; i++) { |
| if (strncmp |
| (file, excludeArray[i].directory, |
| excludeArray[i].size) == 0) { |
| if (file[excludeArray[i].size] == 0 |
| || file[excludeArray[i].size] == '/') { |
| return 1; |
| } |
| } |
| } |
| return 0; |
| } |
| |
| int add_exclude(const char *directory) |
| { |
| size_t len = 0; |
| |
| if (directory == NULL || directory[0] != '/') { |
| fprintf(stderr, "Full path required for exclude: %s.\n", |
| directory); |
| return 1; |
| } |
| if (excludeCtr == MAX_EXCLUDES) { |
| fprintf(stderr, "Maximum excludes %d exceeded.\n", |
| MAX_EXCLUDES); |
| return 1; |
| } |
| |
| len = strlen(directory); |
| while (len > 1 && directory[len - 1] == '/') { |
| len--; |
| } |
| excludeArray[excludeCtr].directory = strndup(directory, len); |
| |
| if (excludeArray[excludeCtr].directory == NULL) { |
| fprintf(stderr, "Out of memory.\n"); |
| return 1; |
| } |
| excludeArray[excludeCtr++].size = len; |
| |
| return 0; |
| } |
| |
| /* |
| * Evaluate the association hash table distribution. |
| */ |
| static void filespec_eval(void) |
| { |
| file_spec_t *fl; |
| int h, used, nel, len, longest; |
| |
| if (!fl_head) |
| return; |
| |
| used = 0; |
| longest = 0; |
| nel = 0; |
| for (h = 0; h < HASH_BUCKETS; h++) { |
| len = 0; |
| for (fl = fl_head[h].next; fl; fl = fl->next) { |
| len++; |
| } |
| if (len) |
| used++; |
| if (len > longest) |
| longest = len; |
| nel += len; |
| } |
| |
| if (r_opts->verbose > 1) |
| printf |
| ("%s: hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n", |
| __FUNCTION__, nel, used, HASH_BUCKETS, longest); |
| } |
| |
| /* |
| * Destroy the association hash table. |
| */ |
| static void filespec_destroy(void) |
| { |
| file_spec_t *fl, *tmp; |
| int h; |
| |
| if (!fl_head) |
| return; |
| |
| for (h = 0; h < HASH_BUCKETS; h++) { |
| fl = fl_head[h].next; |
| while (fl) { |
| tmp = fl; |
| fl = fl->next; |
| freecon(tmp->con); |
| free(tmp->file); |
| free(tmp); |
| } |
| fl_head[h].next = NULL; |
| } |
| free(fl_head); |
| fl_head = NULL; |
| } |
| /* |
| * Try to add an association between an inode and a context. |
| * If there is a different context that matched the inode, |
| * then use the first context that matched. |
| */ |
| static int filespec_add(ino_t ino, const security_context_t con, const char *file) |
| { |
| file_spec_t *prevfl, *fl; |
| int h, ret; |
| struct stat64 sb; |
| |
| if (!fl_head) { |
| fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); |
| if (!fl_head) |
| goto oom; |
| memset(fl_head, 0, sizeof(file_spec_t) * HASH_BUCKETS); |
| } |
| |
| h = (ino + (ino >> HASH_BITS)) & HASH_MASK; |
| for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; |
| prevfl = fl, fl = fl->next) { |
| if (ino == fl->ino) { |
| ret = lstat64(fl->file, &sb); |
| if (ret < 0 || sb.st_ino != ino) { |
| freecon(fl->con); |
| free(fl->file); |
| fl->file = strdup(file); |
| if (!fl->file) |
| goto oom; |
| fl->con = strdup(con); |
| if (!fl->con) |
| goto oom; |
| return 1; |
| } |
| |
| if (strcmp(fl->con, con) == 0) |
| return 1; |
| |
| fprintf(stderr, |
| "%s: conflicting specifications for %s and %s, using %s.\n", |
| __FUNCTION__, file, fl->file, fl->con); |
| free(fl->file); |
| fl->file = strdup(file); |
| if (!fl->file) |
| goto oom; |
| return 1; |
| } |
| |
| if (ino > fl->ino) |
| break; |
| } |
| |
| fl = malloc(sizeof(file_spec_t)); |
| if (!fl) |
| goto oom; |
| fl->ino = ino; |
| fl->con = strdup(con); |
| if (!fl->con) |
| goto oom_freefl; |
| fl->file = strdup(file); |
| if (!fl->file) |
| goto oom_freefl; |
| fl->next = prevfl->next; |
| prevfl->next = fl; |
| return 0; |
| oom_freefl: |
| free(fl); |
| oom: |
| fprintf(stderr, |
| "%s: insufficient memory for file label entry for %s\n", |
| __FUNCTION__, file); |
| return -1; |
| } |
| |
| #include <sys/utsname.h> |
| int file_system_count(char *name) { |
| struct statvfs statvfs_buf; |
| int nfile = 0; |
| memset(&statvfs_buf, 0, sizeof(statvfs_buf)); |
| if (!statvfs(name, &statvfs_buf)) { |
| nfile = statvfs_buf.f_files - statvfs_buf.f_ffree; |
| } |
| return nfile; |
| } |
| |
| /* |
| Search /proc/mounts for all file systems that do not support extended |
| attributes and add them to the exclude directory table. File systems |
| that support security labels have the seclabel option, return total file count |
| */ |
| int exclude_non_seclabel_mounts() |
| { |
| struct utsname uts; |
| FILE *fp; |
| size_t len; |
| ssize_t num; |
| int index = 0, found = 0; |
| char *mount_info[4]; |
| char *buf = NULL, *item; |
| int nfile = 0; |
| /* Check to see if the kernel supports seclabel */ |
| if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) |
| return 0; |
| if (is_selinux_enabled() <= 0) |
| return 0; |
| |
| fp = fopen("/proc/mounts", "r"); |
| if (!fp) |
| return 0; |
| |
| while ((num = getline(&buf, &len, fp)) != -1) { |
| found = 0; |
| index = 0; |
| item = strtok(buf, " "); |
| while (item != NULL) { |
| mount_info[index] = item; |
| if (index == 3) |
| break; |
| index++; |
| item = strtok(NULL, " "); |
| } |
| if (index < 3) { |
| fprintf(stderr, |
| "/proc/mounts record \"%s\" has incorrect format.\n", |
| buf); |
| continue; |
| } |
| |
| /* remove pre-existing entry */ |
| remove_exclude(mount_info[1]); |
| |
| item = strtok(mount_info[3], ","); |
| while (item != NULL) { |
| if (strcmp(item, "seclabel") == 0) { |
| found = 1; |
| nfile += file_system_count(mount_info[1]); |
| break; |
| } |
| item = strtok(NULL, ","); |
| } |
| |
| /* exclude mount points without the seclabel option */ |
| if (!found) |
| add_exclude(mount_info[1]); |
| } |
| |
| free(buf); |
| fclose(fp); |
| /* return estimated #Files + 5% for directories and hard links */ |
| return nfile * 1.05; |
| } |
| |
