<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en">

<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <title>LCOV - strace-5.15.0.11.7c5c-dirty - src/secontext.c</title>
  <link rel="stylesheet" type="text/css" href="../gcov.css">
</head>

<body>

  <table width="100%" border=0 cellspacing=0 cellpadding=0>
    <tr><td class="title">LCOV - code coverage report</td></tr>
    <tr><td class="ruler"><img src="../glass.png" width=3 height=3 alt=""></td></tr>

    <tr>
      <td width="100%">
        <table cellpadding=1 border=0 width="100%">
          <tr>
            <td width="10%" class="headerItem">Current view:</td>
            <td width="35%" class="headerValue"><a href="../index.html">top level</a> - <a href="index.html">src</a> - secontext.c<span style="font-size: 80%;"> (source / <a href="secontext.c.func-sort-c.html">functions</a>)</span></td>
            <td width="5%"></td>
            <td width="15%"></td>
            <td width="10%" class="headerCovTableHead">Hit</td>
            <td width="10%" class="headerCovTableHead">Total</td>
            <td width="15%" class="headerCovTableHead">Coverage</td>
          </tr>
          <tr>
            <td class="headerItem">Test:</td>
            <td class="headerValue">strace-5.15.0.11.7c5c-dirty</td>
            <td></td>
            <td class="headerItem">Lines:</td>
            <td class="headerCovTableEntry">102</td>
            <td class="headerCovTableEntry">105</td>
            <td class="headerCovTableEntryHi">97.14 %</td>
          </tr>
          <tr>
            <td class="headerItem">Date:</td>
            <td class="headerValue">2021-12-29 11:55:56</td>
            <td></td>
            <td class="headerItem">Functions:</td>
            <td class="headerCovTableEntry">7</td>
            <td class="headerCovTableEntry">7</td>
            <td class="headerCovTableEntryHi">100.00 %</td>
          </tr>
          <tr>
            <td class="headerItem">Legend:</td>
            <td class="headerValueLeg">            Lines:
            <span class="coverLegendCov">hit</span>
            <span class="coverLegendNoCov">not hit</span>
            | Branches:
            <span class="coverLegendCov">+</span> taken
            <span class="coverLegendNoCov">-</span> not taken
            <span class="coverLegendNoCov">#</span> not executed
</td>
            <td></td>
            <td class="headerItem">Branches:</td>
            <td class="headerCovTableEntry">54</td>
            <td class="headerCovTableEntry">66</td>
            <td class="headerCovTableEntryMed">81.82 %</td>
          </tr>
          <tr><td><img src="../glass.png" width=3 height=3 alt=""></td></tr>
        </table>
      </td>
    </tr>

    <tr><td class="ruler"><img src="../glass.png" width=3 height=3 alt=""></td></tr>
  </table>

  <table cellpadding=0 cellspacing=0 border=0>
    <tr>
      <td><br></td>
    </tr>
    <tr>
      <td>
<pre class="sourceHeading">           Branch data     Line data    Source code</pre>
<pre class="source">
<a name="1"><span class="lineNum">       1 </span>                :            : /*</a>
<a name="2"><span class="lineNum">       2 </span>                :            :  * Copyright (c) 2020-2021 The strace developers.</a>
<a name="3"><span class="lineNum">       3 </span>                :            :  * All rights reserved.</a>
<a name="4"><span class="lineNum">       4 </span>                :            :  *</a>
<a name="5"><span class="lineNum">       5 </span>                :            :  * SPDX-License-Identifier: LGPL-2.1-or-later</a>
<a name="6"><span class="lineNum">       6 </span>                :            :  */</a>
<a name="7"><span class="lineNum">       7 </span>                :            : </a>
<a name="8"><span class="lineNum">       8 </span>                :            : #include "defs.h"</a>
<a name="9"><span class="lineNum">       9 </span>                :            : #include "filter.h"</a>
<a name="10"><span class="lineNum">      10 </span>                :            : #include "number_set.h"</a>
<a name="11"><span class="lineNum">      11 </span>                :            : </a>
<a name="12"><span class="lineNum">      12 </span>                :            : #include <stdlib.h></a>
<a name="13"><span class="lineNum">      13 </span>                :            : #include <fcntl.h></a>
<a name="14"><span class="lineNum">      14 </span>                :            : #include <limits.h></a>
<a name="15"><span class="lineNum">      15 </span>                :            : #include <selinux/selinux.h></a>
<a name="16"><span class="lineNum">      16 </span>                :            : #include <selinux/label.h></a>
<a name="17"><span class="lineNum">      17 </span>                :            : #include <sys/types.h></a>
<a name="18"><span class="lineNum">      18 </span>                :            : #include <sys/stat.h></a>
<a name="19"><span class="lineNum">      19 </span>                :            : #include <unistd.h></a>
<a name="20"><span class="lineNum">      20 </span>                :            : </a>
<a name="21"><span class="lineNum">      21 </span>                :            : #include "secontext.h"</a>
<a name="22"><span class="lineNum">      22 </span>                :            : #include "xmalloc.h"</a>
<a name="23"><span class="lineNum">      23 </span>                :            : #include "xstring.h"</a>
<a name="24"><span class="lineNum">      24 </span>                :            : </a>
<a name="25"><span class="lineNum">      25 </span>                :            : struct number_set *secontext_set;</a>
<a name="26"><span class="lineNum">      26 </span>                :            : </a>
<a name="27"><span class="lineNum">      27 </span>                :            : static int</a>
<a name="28"><span class="lineNum">      28 </span>                :<span class="lineCov">        120 : secontextstr_to_uint(const char *s)</span></a>
<a name="29"><span class="lineNum">      29 </span>                :            : {</a>
<a name="30"><span class="lineNum">      30 </span>                :<span class="lineCov">        120 :         static const struct xlat_data secontext_strs[] = {</span></a>
<a name="31"><span class="lineNum">      31 </span>                :            :                 { SECONTEXT_FULL,       "full" },</a>
<a name="32"><span class="lineNum">      32 </span>                :            :                 { SECONTEXT_MISMATCH,   "mismatch" },</a>
<a name="33"><span class="lineNum">      33 </span>                :            :         };</a>
<a name="34"><span class="lineNum">      34 </span>                :            : </a>
<a name="35"><span class="lineNum">      35 </span>                :<span class="lineCov">        120 :         return (int) find_arg_val(s, secontext_strs, -1ULL, -1ULL);</span></a>
<a name="36"><span class="lineNum">      36 </span>                :            : }</a>
<a name="37"><span class="lineNum">      37 </span>                :            : </a>
<a name="38"><span class="lineNum">      38 </span>                :            : void</a>
<a name="39"><span class="lineNum">      39 </span>                :<span class="lineCov">      23911 : qualify_secontext(const char *const str)</span></a>
<a name="40"><span class="lineNum">      40 </span>                :            : {</a>
<a name="41"><span class="lineNum">      41 </span>        [<span class="branchCov" title="Branch 0 was taken 23834 times"> + </span><span class="branchCov" title="Branch 1 was taken 77 times"> + </span>]:<span class="lineCov">      23911 :         if (!secontext_set)</span></a>
<a name="42"><span class="lineNum">      42 </span>                :<span class="lineCov">      23834 :                 secontext_set = alloc_number_set_array(1);</span></a>
<a name="43"><span class="lineNum">      43 </span>                :<span class="lineCov">      23911 :         qualify_tokens(str, secontext_set, secontextstr_to_uint,</span></a>
<a name="44"><span class="lineNum">      44 </span>                :            :                        "secontext");</a>
<a name="45"><span class="lineNum">      45 </span>                :<span class="lineCov">      23895 : }</span></a>
<a name="46"><span class="lineNum">      46 </span>                :            : </a>
<a name="47"><span class="lineNum">      47 </span>                :            : static int</a>
<a name="48"><span class="lineNum">      48 </span>                :<span class="lineCov">       1347 : getcontext(int rc, char **secontext, char **result)</span></a>
<a name="49"><span class="lineNum">      49 </span>                :            : {</a>
<a name="50"><span class="lineNum">      50 </span>        [<span class="branchCov" title="Branch 0 was taken 1147 times"> + </span><span class="branchCov" title="Branch 1 was taken 200 times"> + </span>]:<span class="lineCov">       1347 :         if (rc < 0)</span></a>
<a name="51"><span class="lineNum">      51 </span>                :            :                 return rc;</a>
<a name="52"><span class="lineNum">      52 </span>                :            : </a>
<a name="53"><span class="lineNum">      53 </span>                :<span class="lineCov">       1147 :         *result = NULL;</span></a>
<a name="54"><span class="lineNum">      54 </span>        [<span class="branchCov" title="Branch 0 was taken 572 times"> + </span><span class="branchCov" title="Branch 1 was taken 575 times"> + </span>]:<span class="lineCov">       1147 :         if (!is_number_in_set(SECONTEXT_FULL, secontext_set)) {</span></a>
<a name="55"><span class="lineNum">      55 </span>                :<span class="lineCov">        572 :                 char *saveptr = NULL;</span></a>
<a name="56"><span class="lineNum">      56 </span>                :<span class="lineCov">        572 :                 char *secontext_copy = xstrdup(*secontext);</span></a>
<a name="57"><span class="lineNum">      57 </span>                :<span class="lineCov">        572 :                 const char *token;</span></a>
<a name="58"><span class="lineNum">      58 </span>                :<span class="lineCov">        572 :                 unsigned int i;</span></a>
<a name="59"><span class="lineNum">      59 </span>                :            : </a>
<a name="60"><span class="lineNum">      60 </span>                :            :                 /*</a>
<a name="61"><span class="lineNum">      61 </span>                :            :                  * We only want to keep the type (3rd field, ':' separator).</a>
<a name="62"><span class="lineNum">      62 </span>                :            :                  */</a>
<a name="63"><span class="lineNum">      63 </span>                :<span class="lineCov">        572 :                 for (token = strtok_r(secontext_copy, ":", &saveptr), i = 0;</span></a>
<a name="64"><span class="lineNum">      64 </span>        [<span class="branchCov" title="Branch 0 was taken 1716 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">       1716 :                      token; token = strtok_r(NULL, ":", &saveptr), i++) {</span></a>
<a name="65"><span class="lineNum">      65 </span>        [<span class="branchCov" title="Branch 0 was taken 572 times"> + </span><span class="branchCov" title="Branch 1 was taken 1144 times"> + </span>]:<span class="lineCov">       1716 :                         if (i == 2) {</span></a>
<a name="66"><span class="lineNum">      66 </span>                :<span class="lineCov">        572 :                                 *result = xstrdup(token);</span></a>
<a name="67"><span class="lineNum">      67 </span>                :<span class="lineCov">        572 :                                 break;</span></a>
<a name="68"><span class="lineNum">      68 </span>                :            :                         }</a>
<a name="69"><span class="lineNum">      69 </span>                :            :                 }</a>
<a name="70"><span class="lineNum">      70 </span>                :<span class="lineCov">        572 :                 free(secontext_copy);</span></a>
<a name="71"><span class="lineNum">      71 </span>                :            :         }</a>
<a name="72"><span class="lineNum">      72 </span>                :            : </a>
<a name="73"><span class="lineNum">      73 </span>        [<span class="branchCov" title="Branch 0 was taken 575 times"> + </span><span class="branchCov" title="Branch 1 was taken 572 times"> + </span>]:<span class="lineCov">       1147 :         if (*result == NULL) {</span></a>
<a name="74"><span class="lineNum">      74 </span>                :            :                 /*</a>
<a name="75"><span class="lineNum">      75 </span>                :            :                  * On the CI at least, the context may have a trailing \n,</a>
<a name="76"><span class="lineNum">      76 </span>                :            :                  * let's remove it just in case.</a>
<a name="77"><span class="lineNum">      77 </span>                :            :                  */</a>
<a name="78"><span class="lineNum">      78 </span>                :<span class="lineCov">        575 :                 size_t len = strlen(*secontext);</span></a>
<a name="79"><span class="lineNum">      79 </span>        [<span class="branchCov" title="Branch 0 was taken 575 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">        575 :                 for (; len > 0; --len) {</span></a>
<a name="80"><span class="lineNum">      80 </span>        [<span class="branchNoCov" title="Branch 0 was not taken"> - </span><span class="branchCov" title="Branch 1 was taken 575 times"> + </span>]:<span class="lineCov">        575 :                         if ((*secontext)[len - 1] != '\n')</span></a>
<a name="81"><span class="lineNum">      81 </span>                :            :                                 break;</a>
<a name="82"><span class="lineNum">      82 </span>                :            :                 }</a>
<a name="83"><span class="lineNum">      83 </span>                :<span class="lineCov">        575 :                 *result = xstrndup(*secontext, len);</span></a>
<a name="84"><span class="lineNum">      84 </span>                :            :         }</a>
<a name="85"><span class="lineNum">      85 </span>                :<span class="lineCov">       1147 :         freecon(*secontext);</span></a>
<a name="86"><span class="lineNum">      86 </span>                :<span class="lineCov">       1147 :         return 0;</span></a>
<a name="87"><span class="lineNum">      87 </span>                :            : }</a>
<a name="88"><span class="lineNum">      88 </span>                :            : </a>
<a name="89"><span class="lineNum">      89 </span>                :            : static int</a>
<a name="90"><span class="lineNum">      90 </span>                :<span class="lineCov">        168 : get_expected_filecontext(const char *realpath, char **result)</span></a>
<a name="91"><span class="lineNum">      91 </span>                :            : {</a>
<a name="92"><span class="lineNum">      92 </span>                :<span class="lineCov">        168 :         static struct selabel_handle *hdl = NULL;</span></a>
<a name="93"><span class="lineNum">      93 </span>                :<span class="lineCov">        168 :         static bool disabled = false;</span></a>
<a name="94"><span class="lineNum">      94 </span>                :            : </a>
<a name="95"><span class="lineNum">      95 </span>        [<span class="branchCov" title="Branch 0 was taken 168 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">        168 :         if (disabled)</span></a>
<a name="96"><span class="lineNum">      96 </span>                :            :                 return -1;</a>
<a name="97"><span class="lineNum">      97 </span>                :            : </a>
<a name="98"><span class="lineNum">      98 </span>        [<span class="branchCov" title="Branch 0 was taken 30 times"> + </span><span class="branchCov" title="Branch 1 was taken 138 times"> + </span>]:<span class="lineCov">        168 :         if (!hdl) {</span></a>
<a name="99"><span class="lineNum">      99 </span>                :<span class="lineCov">         30 :                 hdl = selabel_open(SELABEL_CTX_FILE, NULL, 0);</span></a>
<a name="100"><span class="lineNum">     100 </span>        [<span class="branchNoCov" title="Branch 0 was not taken"> - </span><span class="branchCov" title="Branch 1 was taken 30 times"> + </span>]:<span class="lineCov">         30 :                 if (!hdl) {</span></a>
<a name="101"><span class="lineNum">     101 </span>                :<span class="lineNoCov">          0 :                         perror_msg("could not open SELinux database, disabling "</span></a>
<a name="102"><span class="lineNum">     102 </span>                :            :                                    "context mismatch checking");</a>
<a name="103"><span class="lineNum">     103 </span>                :<span class="lineNoCov">          0 :                         disabled = true;</span></a>
<a name="104"><span class="lineNum">     104 </span>                :<span class="lineNoCov">          0 :                         return -1;</span></a>
<a name="105"><span class="lineNum">     105 </span>                :            :                 }</a>
<a name="106"><span class="lineNum">     106 </span>                :            :         }</a>
<a name="107"><span class="lineNum">     107 </span>                :            : </a>
<a name="108"><span class="lineNum">     108 </span>                :<span class="lineCov">        168 :         struct stat statbuf;</span></a>
<a name="109"><span class="lineNum">     109 </span>        [<span class="branchCov" title="Branch 0 was taken 155 times"> + </span><span class="branchCov" title="Branch 1 was taken 13 times"> + </span>]:<span class="lineCov">        168 :         if (stat(realpath, &statbuf) == -1) {</span></a>
<a name="110"><span class="lineNum">     110 </span>                :            :                 return -1;</a>
<a name="111"><span class="lineNum">     111 </span>                :            :         }</a>
<a name="112"><span class="lineNum">     112 </span>                :            : </a>
<a name="113"><span class="lineNum">     113 </span>                :<span class="lineCov">        155 :         char *secontext;</span></a>
<a name="114"><span class="lineNum">     114 </span>                :<span class="lineCov">        310 :         int rc = getcontext(selabel_lookup(hdl, &secontext, realpath,</span></a>
<a name="115"><span class="lineNum">     115 </span>                :<span class="lineCov">        155 :                                            statbuf.st_mode),</span></a>
<a name="116"><span class="lineNum">     116 </span>                :            :                             &secontext, result);</a>
<a name="117"><span class="lineNum">     117 </span>                :<span class="lineCov">        155 :         return rc;</span></a>
<a name="118"><span class="lineNum">     118 </span>                :            : }</a>
<a name="119"><span class="lineNum">     119 </span>                :            : </a>
<a name="120"><span class="lineNum">     120 </span>                :            : /*</a>
<a name="121"><span class="lineNum">     121 </span>                :            :  * Retrieves the SELinux context of the given PID (extracted from the tcb).</a>
<a name="122"><span class="lineNum">     122 </span>                :            :  * Memory must be freed.</a>
<a name="123"><span class="lineNum">     123 </span>                :            :  * Returns 0 on success, -1 on failure.</a>
<a name="124"><span class="lineNum">     124 </span>                :            :  */</a>
<a name="125"><span class="lineNum">     125 </span>                :            : int</a>
<a name="126"><span class="lineNum">     126 </span>                :<span class="lineCov">    1158333 : selinux_getpidcon(struct tcb *tcp, char **result)</span></a>
<a name="127"><span class="lineNum">     127 </span>                :            : {</a>
<a name="128"><span class="lineNum">     128 </span>        [<span class="branchCov" title="Branch 0 was taken 716 times"> + </span><span class="branchCov" title="Branch 1 was taken 1157617 times"> + </span>]:<span class="lineCov">    1158333 :         if (number_set_array_is_empty(secontext_set, 0))</span></a>
<a name="129"><span class="lineNum">     129 </span>                :            :                 return -1;</a>
<a name="130"><span class="lineNum">     130 </span>                :            : </a>
<a name="131"><span class="lineNum">     131 </span>                :<span class="lineCov">        716 :         int proc_pid = get_proc_pid(tcp->pid);</span></a>
<a name="132"><span class="lineNum">     132 </span>        [<span class="branchCov" title="Branch 0 was taken 716 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">        716 :         if (!proc_pid)</span></a>
<a name="133"><span class="lineNum">     133 </span>                :            :                 return -1;</a>
<a name="134"><span class="lineNum">     134 </span>                :            : </a>
<a name="135"><span class="lineNum">     135 </span>                :<span class="lineCov">        716 :         char *secontext;</span></a>
<a name="136"><span class="lineNum">     136 </span>                :<span class="lineCov">        716 :         return getcontext(getpidcon(proc_pid, &secontext), &secontext, result);</span></a>
<a name="137"><span class="lineNum">     137 </span>                :            : }</a>
<a name="138"><span class="lineNum">     138 </span>                :            : </a>
<a name="139"><span class="lineNum">     139 </span>                :            : /*</a>
<a name="140"><span class="lineNum">     140 </span>                :            :  * Retrieves the SELinux context of the given pid and descriptor.</a>
<a name="141"><span class="lineNum">     141 </span>                :            :  * Memory must be freed.</a>
<a name="142"><span class="lineNum">     142 </span>                :            :  * Returns 0 on success, -1 on failure.</a>
<a name="143"><span class="lineNum">     143 </span>                :            :  */</a>
<a name="144"><span class="lineNum">     144 </span>                :            : int</a>
<a name="145"><span class="lineNum">     145 </span>                :<span class="lineCov">     807366 : selinux_getfdcon(pid_t pid, int fd, char **result)</span></a>
<a name="146"><span class="lineNum">     146 </span>                :            : {</a>
<a name="147"><span class="lineNum">     147 </span>  [<span class="branchCov" title="Branch 0 was taken 508 times"> + </span><span class="branchCov" title="Branch 1 was taken 806858 times"> + </span><span class="branchCov" title="Branch 2 was taken 152 times"> + </span><span class="branchCov" title="Branch 3 was taken 356 times"> + </span>]:<span class="lineCov">     807366 :         if (number_set_array_is_empty(secontext_set, 0) || pid <= 0 || fd < 0)</span></a>
<a name="148"><span class="lineNum">     148 </span>                :            :                 return -1;</a>
<a name="149"><span class="lineNum">     149 </span>                :            : </a>
<a name="150"><span class="lineNum">     150 </span>                :<span class="lineCov">        152 :         int proc_pid = get_proc_pid(pid);</span></a>
<a name="151"><span class="lineNum">     151 </span>        [<span class="branchCov" title="Branch 0 was taken 152 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">        152 :         if (!proc_pid)</span></a>
<a name="152"><span class="lineNum">     152 </span>                :            :                 return -1;</a>
<a name="153"><span class="lineNum">     153 </span>                :            : </a>
<a name="154"><span class="lineNum">     154 </span>                :<span class="lineCov">        152 :         char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];</span></a>
<a name="155"><span class="lineNum">     155 </span>                :<span class="lineCov">        152 :         xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);</span></a>
<a name="156"><span class="lineNum">     156 </span>                :            : </a>
<a name="157"><span class="lineNum">     157 </span>                :<span class="lineCov">        152 :         char *secontext;</span></a>
<a name="158"><span class="lineNum">     158 </span>                :<span class="lineCov">        152 :         int rc = getcontext(getfilecon(linkpath, &secontext), &secontext, result);</span></a>
<a name="159"><span class="lineNum">     159 </span>  [<span class="branchCov" title="Branch 0 was taken 152 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span><span class="branchCov" title="Branch 2 was taken 76 times"> + </span><span class="branchCov" title="Branch 3 was taken 76 times"> + </span>]:<span class="lineCov">        152 :         if (rc == -1 || !is_number_in_set(SECONTEXT_MISMATCH, secontext_set))</span></a>
<a name="160"><span class="lineNum">     160 </span>                :<span class="lineCov">         76 :                 return rc;</span></a>
<a name="161"><span class="lineNum">     161 </span>                :            : </a>
<a name="162"><span class="lineNum">     162 </span>                :            :         /*</a>
<a name="163"><span class="lineNum">     163 </span>                :            :          * We need to resolve the path, because selabel_lookup() doesn't</a>
<a name="164"><span class="lineNum">     164 </span>                :            :          * resolve anything. Using readlink() is sufficient here.</a>
<a name="165"><span class="lineNum">     165 </span>                :            :          */</a>
<a name="166"><span class="lineNum">     166 </span>                :            : </a>
<a name="167"><span class="lineNum">     167 </span>                :<span class="lineCov">         76 :         char buf[PATH_MAX];</span></a>
<a name="168"><span class="lineNum">     168 </span>                :<span class="lineCov">         76 :         ssize_t n = readlink(linkpath, buf, sizeof(buf));</span></a>
<a name="169"><span class="lineNum">     169 </span>        [<span class="branchCov" title="Branch 0 was taken 76 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">         76 :         if ((size_t) n >= sizeof(buf))</span></a>
<a name="170"><span class="lineNum">     170 </span>                :            :                 return 0;</a>
<a name="171"><span class="lineNum">     171 </span>                :            : </a>
<a name="172"><span class="lineNum">     172 </span>                :<span class="lineCov">         76 :         char *expected;</span></a>
<a name="173"><span class="lineNum">     173 </span>        [<span class="branchCov" title="Branch 0 was taken 63 times"> + </span><span class="branchCov" title="Branch 1 was taken 13 times"> + </span>]:<span class="lineCov">         76 :         if (get_expected_filecontext(buf, &expected) == -1)</span></a>
<a name="174"><span class="lineNum">     174 </span>                :            :                 return 0;</a>
<a name="175"><span class="lineNum">     175 </span>        [<span class="branchCov" title="Branch 0 was taken 49 times"> + </span><span class="branchCov" title="Branch 1 was taken 14 times"> + </span>]:<span class="lineCov">         63 :         if (strcmp(expected, *result) == 0) {</span></a>
<a name="176"><span class="lineNum">     176 </span>                :<span class="lineCov">         49 :                 free(expected);</span></a>
<a name="177"><span class="lineNum">     177 </span>                :<span class="lineCov">         49 :                 return 0;</span></a>
<a name="178"><span class="lineNum">     178 </span>                :            :         }</a>
<a name="179"><span class="lineNum">     179 </span>                :<span class="lineCov">         14 :         char *final_result = xasprintf("%s!!%s", *result, expected);</span></a>
<a name="180"><span class="lineNum">     180 </span>                :<span class="lineCov">         14 :         free(*result);</span></a>
<a name="181"><span class="lineNum">     181 </span>                :<span class="lineCov">         14 :         free(expected);</span></a>
<a name="182"><span class="lineNum">     182 </span>                :<span class="lineCov">         14 :         *result = final_result;</span></a>
<a name="183"><span class="lineNum">     183 </span>                :<span class="lineCov">         14 :         return 0;</span></a>
<a name="184"><span class="lineNum">     184 </span>                :            : }</a>
<a name="185"><span class="lineNum">     185 </span>                :            : </a>
<a name="186"><span class="lineNum">     186 </span>                :            : /*</a>
<a name="187"><span class="lineNum">     187 </span>                :            :  * Retrieves the SELinux context of the given path.</a>
<a name="188"><span class="lineNum">     188 </span>                :            :  * Memory must be freed.</a>
<a name="189"><span class="lineNum">     189 </span>                :            :  * Returns 0 on success, -1 on failure.</a>
<a name="190"><span class="lineNum">     190 </span>                :            :  */</a>
<a name="191"><span class="lineNum">     191 </span>                :            : int</a>
<a name="192"><span class="lineNum">     192 </span>                :<span class="lineCov">      88338 : selinux_getfilecon(struct tcb *tcp, const char *path, char **result)</span></a>
<a name="193"><span class="lineNum">     193 </span>                :            : {</a>
<a name="194"><span class="lineNum">     194 </span>        [<span class="branchCov" title="Branch 0 was taken 652 times"> + </span><span class="branchCov" title="Branch 1 was taken 87686 times"> + </span>]:<span class="lineCov">      88338 :         if (number_set_array_is_empty(secontext_set, 0))</span></a>
<a name="195"><span class="lineNum">     195 </span>                :            :                 return -1;</a>
<a name="196"><span class="lineNum">     196 </span>                :            : </a>
<a name="197"><span class="lineNum">     197 </span>                :<span class="lineCov">        652 :         int proc_pid = get_proc_pid(tcp->pid);</span></a>
<a name="198"><span class="lineNum">     198 </span>        [<span class="branchCov" title="Branch 0 was taken 652 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">        652 :         if (!proc_pid)</span></a>
<a name="199"><span class="lineNum">     199 </span>                :            :                 return -1;</a>
<a name="200"><span class="lineNum">     200 </span>                :            : </a>
<a name="201"><span class="lineNum">     201 </span>                :<span class="lineCov">        652 :         int rc = -1;</span></a>
<a name="202"><span class="lineNum">     202 </span>                :<span class="lineCov">        652 :         char fname[PATH_MAX];</span></a>
<a name="203"><span class="lineNum">     203 </span>                :            : </a>
<a name="204"><span class="lineNum">     204 </span>        [<span class="branchCov" title="Branch 0 was taken 28 times"> + </span><span class="branchCov" title="Branch 1 was taken 624 times"> + </span>]:<span class="lineCov">        652 :         if (path[0] == '/')</span></a>
<a name="205"><span class="lineNum">     205 </span>                :<span class="lineCov">         28 :                 rc = snprintf(fname, sizeof(fname), "/proc/%u/root%s",</span></a>
<a name="206"><span class="lineNum">     206 </span>                :            :                                proc_pid, path);</a>
<a name="207"><span class="lineNum">     207 </span>        [<span class="branchCov" title="Branch 0 was taken 212 times"> + </span><span class="branchCov" title="Branch 1 was taken 412 times"> + </span>]:<span class="lineCov">        624 :         else if (tcp->last_dirfd == AT_FDCWD)</span></a>
<a name="208"><span class="lineNum">     208 </span>                :<span class="lineCov">        212 :                 rc = snprintf(fname, sizeof(fname), "/proc/%u/cwd/%s",</span></a>
<a name="209"><span class="lineNum">     209 </span>                :            :                                proc_pid, path);</a>
<a name="210"><span class="lineNum">     210 </span>        [<span class="branchCov" title="Branch 0 was taken 84 times"> + </span><span class="branchCov" title="Branch 1 was taken 328 times"> + </span>]:<span class="lineCov">        412 :         else if (tcp->last_dirfd >= 0 )</span></a>
<a name="211"><span class="lineNum">     211 </span>                :<span class="lineCov">         84 :                 rc = snprintf(fname, sizeof(fname), "/proc/%u/fd/%u/%s",</span></a>
<a name="212"><span class="lineNum">     212 </span>                :            :                                proc_pid, tcp->last_dirfd, path);</a>
<a name="213"><span class="lineNum">     213 </span>                :            : </a>
<a name="214"><span class="lineNum">     214 </span>        [<span class="branchCov" title="Branch 0 was taken 324 times"> + </span><span class="branchCov" title="Branch 1 was taken 328 times"> + </span>]:<span class="lineCov">        652 :         if ((unsigned int) rc >= sizeof(fname))</span></a>
<a name="215"><span class="lineNum">     215 </span>                :            :                 return -1;</a>
<a name="216"><span class="lineNum">     216 </span>                :            : </a>
<a name="217"><span class="lineNum">     217 </span>                :<span class="lineCov">        324 :         char *secontext;</span></a>
<a name="218"><span class="lineNum">     218 </span>                :<span class="lineCov">        324 :         rc = getcontext(getfilecon(fname, &secontext), &secontext, result);</span></a>
<a name="219"><span class="lineNum">     219 </span>  [<span class="branchCov" title="Branch 0 was taken 184 times"> + </span><span class="branchCov" title="Branch 1 was taken 140 times"> + </span><span class="branchCov" title="Branch 2 was taken 92 times"> + </span><span class="branchCov" title="Branch 3 was taken 92 times"> + </span>]:<span class="lineCov">        324 :         if (rc == -1 || !is_number_in_set(SECONTEXT_MISMATCH, secontext_set))</span></a>
<a name="220"><span class="lineNum">     220 </span>                :<span class="lineCov">        232 :                 return rc;</span></a>
<a name="221"><span class="lineNum">     221 </span>                :            : </a>
<a name="222"><span class="lineNum">     222 </span>                :            :         /*</a>
<a name="223"><span class="lineNum">     223 </span>                :            :          * We need to fully resolve the path, because selabel_lookup() doesn't</a>
<a name="224"><span class="lineNum">     224 </span>                :            :          * resolve anything. Using realpath() is the only solution here to make</a>
<a name="225"><span class="lineNum">     225 </span>                :            :          * sure the path is canonicalized.</a>
<a name="226"><span class="lineNum">     226 </span>                :            :          */</a>
<a name="227"><span class="lineNum">     227 </span>                :            : </a>
<a name="228"><span class="lineNum">     228 </span>                :<span class="lineCov">         92 :         char *resolved = realpath(fname, NULL);</span></a>
<a name="229"><span class="lineNum">     229 </span>        [<span class="branchCov" title="Branch 0 was taken 92 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">         92 :         if (!resolved)</span></a>
<a name="230"><span class="lineNum">     230 </span>                :            :                 return -1;</a>
<a name="231"><span class="lineNum">     231 </span>                :            : </a>
<a name="232"><span class="lineNum">     232 </span>                :<span class="lineCov">         92 :         char *expected;</span></a>
<a name="233"><span class="lineNum">     233 </span>                :<span class="lineCov">         92 :         rc = get_expected_filecontext(resolved, &expected);</span></a>
<a name="234"><span class="lineNum">     234 </span>                :<span class="lineCov">         92 :         free(resolved);</span></a>
<a name="235"><span class="lineNum">     235 </span>        [<span class="branchCov" title="Branch 0 was taken 92 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov">         92 :         if (rc == -1)</span></a>
<a name="236"><span class="lineNum">     236 </span>                :            :                 return 0;</a>
<a name="237"><span class="lineNum">     237 </span>        [<span class="branchCov" title="Branch 0 was taken 72 times"> + </span><span class="branchCov" title="Branch 1 was taken 20 times"> + </span>]:<span class="lineCov">         92 :         if (strcmp(expected, *result) == 0) {</span></a>
<a name="238"><span class="lineNum">     238 </span>                :<span class="lineCov">         72 :                 free(expected);</span></a>
<a name="239"><span class="lineNum">     239 </span>                :<span class="lineCov">         72 :                 return 0;</span></a>
<a name="240"><span class="lineNum">     240 </span>                :            :         }</a>
<a name="241"><span class="lineNum">     241 </span>                :<span class="lineCov">         20 :         char *final_result = xasprintf("%s!!%s", *result, expected);</span></a>
<a name="242"><span class="lineNum">     242 </span>                :<span class="lineCov">         20 :         free(*result);</span></a>
<a name="243"><span class="lineNum">     243 </span>                :<span class="lineCov">         20 :         free(expected);</span></a>
<a name="244"><span class="lineNum">     244 </span>                :<span class="lineCov">         20 :         *result = final_result;</span></a>
<a name="245"><span class="lineNum">     245 </span>                :<span class="lineCov">         20 :         return 0;</span></a>
<a name="246"><span class="lineNum">     246 </span>                :            : }</a>
</pre>
      </td>
    </tr>
  </table>
  <br>

  <table width="100%" border=0 cellspacing=0 cellpadding=0>
    <tr><td class="ruler"><img src="../glass.png" width=3 height=3 alt=""></td></tr>
    <tr><td class="versionInfo">Generated by: <a href="http://ltp.sourceforge.net/coverage/lcov.php" target="_parent">LCOV version 1.14</a></td></tr>
  </table>
  <br>

</body>
</html>