<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>LCOV - strace-5.15.0.11.7c5c-dirty - src/secontext.c</title>
<link rel="stylesheet" type="text/css" href="../gcov.css">
</head>
<body>
<table width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><td class="title">LCOV - code coverage report</td></tr>
<tr><td class="ruler"><img src="../glass.png" width=3 height=3 alt=""></td></tr>
<tr>
<td width="100%">
<table cellpadding=1 border=0 width="100%">
<tr>
<td width="10%" class="headerItem">Current view:</td>
<td width="35%" class="headerValue"><a href="../index.html">top level</a> - <a href="index.html">src</a> - secontext.c<span style="font-size: 80%;"> (source / <a href="secontext.c.func-sort-c.html">functions</a>)</span></td>
<td width="5%"></td>
<td width="15%"></td>
<td width="10%" class="headerCovTableHead">Hit</td>
<td width="10%" class="headerCovTableHead">Total</td>
<td width="15%" class="headerCovTableHead">Coverage</td>
</tr>
<tr>
<td class="headerItem">Test:</td>
<td class="headerValue">strace-5.15.0.11.7c5c-dirty</td>
<td></td>
<td class="headerItem">Lines:</td>
<td class="headerCovTableEntry">102</td>
<td class="headerCovTableEntry">105</td>
<td class="headerCovTableEntryHi">97.14 %</td>
</tr>
<tr>
<td class="headerItem">Date:</td>
<td class="headerValue">2021-12-29 11:55:56</td>
<td></td>
<td class="headerItem">Functions:</td>
<td class="headerCovTableEntry">7</td>
<td class="headerCovTableEntry">7</td>
<td class="headerCovTableEntryHi">100.00 %</td>
</tr>
<tr>
<td class="headerItem">Legend:</td>
<td class="headerValueLeg"> Lines:
<span class="coverLegendCov">hit</span>
<span class="coverLegendNoCov">not hit</span>
| Branches:
<span class="coverLegendCov">+</span> taken
<span class="coverLegendNoCov">-</span> not taken
<span class="coverLegendNoCov">#</span> not executed
</td>
<td></td>
<td class="headerItem">Branches:</td>
<td class="headerCovTableEntry">54</td>
<td class="headerCovTableEntry">66</td>
<td class="headerCovTableEntryMed">81.82 %</td>
</tr>
<tr><td><img src="../glass.png" width=3 height=3 alt=""></td></tr>
</table>
</td>
</tr>
<tr><td class="ruler"><img src="../glass.png" width=3 height=3 alt=""></td></tr>
</table>
<table cellpadding=0 cellspacing=0 border=0>
<tr>
<td><br></td>
</tr>
<tr>
<td>
<pre class="sourceHeading"> Branch data Line data Source code</pre>
<pre class="source">
<a name="1"><span class="lineNum"> 1 </span> : : /*</a>
<a name="2"><span class="lineNum"> 2 </span> : : * Copyright (c) 2020-2021 The strace developers.</a>
<a name="3"><span class="lineNum"> 3 </span> : : * All rights reserved.</a>
<a name="4"><span class="lineNum"> 4 </span> : : *</a>
<a name="5"><span class="lineNum"> 5 </span> : : * SPDX-License-Identifier: LGPL-2.1-or-later</a>
<a name="6"><span class="lineNum"> 6 </span> : : */</a>
<a name="7"><span class="lineNum"> 7 </span> : : </a>
<a name="8"><span class="lineNum"> 8 </span> : : #include "defs.h"</a>
<a name="9"><span class="lineNum"> 9 </span> : : #include "filter.h"</a>
<a name="10"><span class="lineNum"> 10 </span> : : #include "number_set.h"</a>
<a name="11"><span class="lineNum"> 11 </span> : : </a>
<a name="12"><span class="lineNum"> 12 </span> : : #include <stdlib.h></a>
<a name="13"><span class="lineNum"> 13 </span> : : #include <fcntl.h></a>
<a name="14"><span class="lineNum"> 14 </span> : : #include <limits.h></a>
<a name="15"><span class="lineNum"> 15 </span> : : #include <selinux/selinux.h></a>
<a name="16"><span class="lineNum"> 16 </span> : : #include <selinux/label.h></a>
<a name="17"><span class="lineNum"> 17 </span> : : #include <sys/types.h></a>
<a name="18"><span class="lineNum"> 18 </span> : : #include <sys/stat.h></a>
<a name="19"><span class="lineNum"> 19 </span> : : #include <unistd.h></a>
<a name="20"><span class="lineNum"> 20 </span> : : </a>
<a name="21"><span class="lineNum"> 21 </span> : : #include "secontext.h"</a>
<a name="22"><span class="lineNum"> 22 </span> : : #include "xmalloc.h"</a>
<a name="23"><span class="lineNum"> 23 </span> : : #include "xstring.h"</a>
<a name="24"><span class="lineNum"> 24 </span> : : </a>
<a name="25"><span class="lineNum"> 25 </span> : : struct number_set *secontext_set;</a>
<a name="26"><span class="lineNum"> 26 </span> : : </a>
<a name="27"><span class="lineNum"> 27 </span> : : static int</a>
<a name="28"><span class="lineNum"> 28 </span> :<span class="lineCov"> 120 : secontextstr_to_uint(const char *s)</span></a>
<a name="29"><span class="lineNum"> 29 </span> : : {</a>
<a name="30"><span class="lineNum"> 30 </span> :<span class="lineCov"> 120 : static const struct xlat_data secontext_strs[] = {</span></a>
<a name="31"><span class="lineNum"> 31 </span> : : { SECONTEXT_FULL, "full" },</a>
<a name="32"><span class="lineNum"> 32 </span> : : { SECONTEXT_MISMATCH, "mismatch" },</a>
<a name="33"><span class="lineNum"> 33 </span> : : };</a>
<a name="34"><span class="lineNum"> 34 </span> : : </a>
<a name="35"><span class="lineNum"> 35 </span> :<span class="lineCov"> 120 : return (int) find_arg_val(s, secontext_strs, -1ULL, -1ULL);</span></a>
<a name="36"><span class="lineNum"> 36 </span> : : }</a>
<a name="37"><span class="lineNum"> 37 </span> : : </a>
<a name="38"><span class="lineNum"> 38 </span> : : void</a>
<a name="39"><span class="lineNum"> 39 </span> :<span class="lineCov"> 23911 : qualify_secontext(const char *const str)</span></a>
<a name="40"><span class="lineNum"> 40 </span> : : {</a>
<a name="41"><span class="lineNum"> 41 </span> [<span class="branchCov" title="Branch 0 was taken 23834 times"> + </span><span class="branchCov" title="Branch 1 was taken 77 times"> + </span>]:<span class="lineCov"> 23911 : if (!secontext_set)</span></a>
<a name="42"><span class="lineNum"> 42 </span> :<span class="lineCov"> 23834 : secontext_set = alloc_number_set_array(1);</span></a>
<a name="43"><span class="lineNum"> 43 </span> :<span class="lineCov"> 23911 : qualify_tokens(str, secontext_set, secontextstr_to_uint,</span></a>
<a name="44"><span class="lineNum"> 44 </span> : : "secontext");</a>
<a name="45"><span class="lineNum"> 45 </span> :<span class="lineCov"> 23895 : }</span></a>
<a name="46"><span class="lineNum"> 46 </span> : : </a>
<a name="47"><span class="lineNum"> 47 </span> : : static int</a>
<a name="48"><span class="lineNum"> 48 </span> :<span class="lineCov"> 1347 : getcontext(int rc, char **secontext, char **result)</span></a>
<a name="49"><span class="lineNum"> 49 </span> : : {</a>
<a name="50"><span class="lineNum"> 50 </span> [<span class="branchCov" title="Branch 0 was taken 1147 times"> + </span><span class="branchCov" title="Branch 1 was taken 200 times"> + </span>]:<span class="lineCov"> 1347 : if (rc < 0)</span></a>
<a name="51"><span class="lineNum"> 51 </span> : : return rc;</a>
<a name="52"><span class="lineNum"> 52 </span> : : </a>
<a name="53"><span class="lineNum"> 53 </span> :<span class="lineCov"> 1147 : *result = NULL;</span></a>
<a name="54"><span class="lineNum"> 54 </span> [<span class="branchCov" title="Branch 0 was taken 572 times"> + </span><span class="branchCov" title="Branch 1 was taken 575 times"> + </span>]:<span class="lineCov"> 1147 : if (!is_number_in_set(SECONTEXT_FULL, secontext_set)) {</span></a>
<a name="55"><span class="lineNum"> 55 </span> :<span class="lineCov"> 572 : char *saveptr = NULL;</span></a>
<a name="56"><span class="lineNum"> 56 </span> :<span class="lineCov"> 572 : char *secontext_copy = xstrdup(*secontext);</span></a>
<a name="57"><span class="lineNum"> 57 </span> :<span class="lineCov"> 572 : const char *token;</span></a>
<a name="58"><span class="lineNum"> 58 </span> :<span class="lineCov"> 572 : unsigned int i;</span></a>
<a name="59"><span class="lineNum"> 59 </span> : : </a>
<a name="60"><span class="lineNum"> 60 </span> : : /*</a>
<a name="61"><span class="lineNum"> 61 </span> : : * We only want to keep the type (3rd field, ':' separator).</a>
<a name="62"><span class="lineNum"> 62 </span> : : */</a>
<a name="63"><span class="lineNum"> 63 </span> :<span class="lineCov"> 572 : for (token = strtok_r(secontext_copy, ":", &saveptr), i = 0;</span></a>
<a name="64"><span class="lineNum"> 64 </span> [<span class="branchCov" title="Branch 0 was taken 1716 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 1716 : token; token = strtok_r(NULL, ":", &saveptr), i++) {</span></a>
<a name="65"><span class="lineNum"> 65 </span> [<span class="branchCov" title="Branch 0 was taken 572 times"> + </span><span class="branchCov" title="Branch 1 was taken 1144 times"> + </span>]:<span class="lineCov"> 1716 : if (i == 2) {</span></a>
<a name="66"><span class="lineNum"> 66 </span> :<span class="lineCov"> 572 : *result = xstrdup(token);</span></a>
<a name="67"><span class="lineNum"> 67 </span> :<span class="lineCov"> 572 : break;</span></a>
<a name="68"><span class="lineNum"> 68 </span> : : }</a>
<a name="69"><span class="lineNum"> 69 </span> : : }</a>
<a name="70"><span class="lineNum"> 70 </span> :<span class="lineCov"> 572 : free(secontext_copy);</span></a>
<a name="71"><span class="lineNum"> 71 </span> : : }</a>
<a name="72"><span class="lineNum"> 72 </span> : : </a>
<a name="73"><span class="lineNum"> 73 </span> [<span class="branchCov" title="Branch 0 was taken 575 times"> + </span><span class="branchCov" title="Branch 1 was taken 572 times"> + </span>]:<span class="lineCov"> 1147 : if (*result == NULL) {</span></a>
<a name="74"><span class="lineNum"> 74 </span> : : /*</a>
<a name="75"><span class="lineNum"> 75 </span> : : * On the CI at least, the context may have a trailing \n,</a>
<a name="76"><span class="lineNum"> 76 </span> : : * let's remove it just in case.</a>
<a name="77"><span class="lineNum"> 77 </span> : : */</a>
<a name="78"><span class="lineNum"> 78 </span> :<span class="lineCov"> 575 : size_t len = strlen(*secontext);</span></a>
<a name="79"><span class="lineNum"> 79 </span> [<span class="branchCov" title="Branch 0 was taken 575 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 575 : for (; len > 0; --len) {</span></a>
<a name="80"><span class="lineNum"> 80 </span> [<span class="branchNoCov" title="Branch 0 was not taken"> - </span><span class="branchCov" title="Branch 1 was taken 575 times"> + </span>]:<span class="lineCov"> 575 : if ((*secontext)[len - 1] != '\n')</span></a>
<a name="81"><span class="lineNum"> 81 </span> : : break;</a>
<a name="82"><span class="lineNum"> 82 </span> : : }</a>
<a name="83"><span class="lineNum"> 83 </span> :<span class="lineCov"> 575 : *result = xstrndup(*secontext, len);</span></a>
<a name="84"><span class="lineNum"> 84 </span> : : }</a>
<a name="85"><span class="lineNum"> 85 </span> :<span class="lineCov"> 1147 : freecon(*secontext);</span></a>
<a name="86"><span class="lineNum"> 86 </span> :<span class="lineCov"> 1147 : return 0;</span></a>
<a name="87"><span class="lineNum"> 87 </span> : : }</a>
<a name="88"><span class="lineNum"> 88 </span> : : </a>
<a name="89"><span class="lineNum"> 89 </span> : : static int</a>
<a name="90"><span class="lineNum"> 90 </span> :<span class="lineCov"> 168 : get_expected_filecontext(const char *realpath, char **result)</span></a>
<a name="91"><span class="lineNum"> 91 </span> : : {</a>
<a name="92"><span class="lineNum"> 92 </span> :<span class="lineCov"> 168 : static struct selabel_handle *hdl = NULL;</span></a>
<a name="93"><span class="lineNum"> 93 </span> :<span class="lineCov"> 168 : static bool disabled = false;</span></a>
<a name="94"><span class="lineNum"> 94 </span> : : </a>
<a name="95"><span class="lineNum"> 95 </span> [<span class="branchCov" title="Branch 0 was taken 168 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 168 : if (disabled)</span></a>
<a name="96"><span class="lineNum"> 96 </span> : : return -1;</a>
<a name="97"><span class="lineNum"> 97 </span> : : </a>
<a name="98"><span class="lineNum"> 98 </span> [<span class="branchCov" title="Branch 0 was taken 30 times"> + </span><span class="branchCov" title="Branch 1 was taken 138 times"> + </span>]:<span class="lineCov"> 168 : if (!hdl) {</span></a>
<a name="99"><span class="lineNum"> 99 </span> :<span class="lineCov"> 30 : hdl = selabel_open(SELABEL_CTX_FILE, NULL, 0);</span></a>
<a name="100"><span class="lineNum"> 100 </span> [<span class="branchNoCov" title="Branch 0 was not taken"> - </span><span class="branchCov" title="Branch 1 was taken 30 times"> + </span>]:<span class="lineCov"> 30 : if (!hdl) {</span></a>
<a name="101"><span class="lineNum"> 101 </span> :<span class="lineNoCov"> 0 : perror_msg("could not open SELinux database, disabling "</span></a>
<a name="102"><span class="lineNum"> 102 </span> : : "context mismatch checking");</a>
<a name="103"><span class="lineNum"> 103 </span> :<span class="lineNoCov"> 0 : disabled = true;</span></a>
<a name="104"><span class="lineNum"> 104 </span> :<span class="lineNoCov"> 0 : return -1;</span></a>
<a name="105"><span class="lineNum"> 105 </span> : : }</a>
<a name="106"><span class="lineNum"> 106 </span> : : }</a>
<a name="107"><span class="lineNum"> 107 </span> : : </a>
<a name="108"><span class="lineNum"> 108 </span> :<span class="lineCov"> 168 : struct stat statbuf;</span></a>
<a name="109"><span class="lineNum"> 109 </span> [<span class="branchCov" title="Branch 0 was taken 155 times"> + </span><span class="branchCov" title="Branch 1 was taken 13 times"> + </span>]:<span class="lineCov"> 168 : if (stat(realpath, &statbuf) == -1) {</span></a>
<a name="110"><span class="lineNum"> 110 </span> : : return -1;</a>
<a name="111"><span class="lineNum"> 111 </span> : : }</a>
<a name="112"><span class="lineNum"> 112 </span> : : </a>
<a name="113"><span class="lineNum"> 113 </span> :<span class="lineCov"> 155 : char *secontext;</span></a>
<a name="114"><span class="lineNum"> 114 </span> :<span class="lineCov"> 310 : int rc = getcontext(selabel_lookup(hdl, &secontext, realpath,</span></a>
<a name="115"><span class="lineNum"> 115 </span> :<span class="lineCov"> 155 : statbuf.st_mode),</span></a>
<a name="116"><span class="lineNum"> 116 </span> : : &secontext, result);</a>
<a name="117"><span class="lineNum"> 117 </span> :<span class="lineCov"> 155 : return rc;</span></a>
<a name="118"><span class="lineNum"> 118 </span> : : }</a>
<a name="119"><span class="lineNum"> 119 </span> : : </a>
<a name="120"><span class="lineNum"> 120 </span> : : /*</a>
<a name="121"><span class="lineNum"> 121 </span> : : * Retrieves the SELinux context of the given PID (extracted from the tcb).</a>
<a name="122"><span class="lineNum"> 122 </span> : : * Memory must be freed.</a>
<a name="123"><span class="lineNum"> 123 </span> : : * Returns 0 on success, -1 on failure.</a>
<a name="124"><span class="lineNum"> 124 </span> : : */</a>
<a name="125"><span class="lineNum"> 125 </span> : : int</a>
<a name="126"><span class="lineNum"> 126 </span> :<span class="lineCov"> 1158333 : selinux_getpidcon(struct tcb *tcp, char **result)</span></a>
<a name="127"><span class="lineNum"> 127 </span> : : {</a>
<a name="128"><span class="lineNum"> 128 </span> [<span class="branchCov" title="Branch 0 was taken 716 times"> + </span><span class="branchCov" title="Branch 1 was taken 1157617 times"> + </span>]:<span class="lineCov"> 1158333 : if (number_set_array_is_empty(secontext_set, 0))</span></a>
<a name="129"><span class="lineNum"> 129 </span> : : return -1;</a>
<a name="130"><span class="lineNum"> 130 </span> : : </a>
<a name="131"><span class="lineNum"> 131 </span> :<span class="lineCov"> 716 : int proc_pid = get_proc_pid(tcp->pid);</span></a>
<a name="132"><span class="lineNum"> 132 </span> [<span class="branchCov" title="Branch 0 was taken 716 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 716 : if (!proc_pid)</span></a>
<a name="133"><span class="lineNum"> 133 </span> : : return -1;</a>
<a name="134"><span class="lineNum"> 134 </span> : : </a>
<a name="135"><span class="lineNum"> 135 </span> :<span class="lineCov"> 716 : char *secontext;</span></a>
<a name="136"><span class="lineNum"> 136 </span> :<span class="lineCov"> 716 : return getcontext(getpidcon(proc_pid, &secontext), &secontext, result);</span></a>
<a name="137"><span class="lineNum"> 137 </span> : : }</a>
<a name="138"><span class="lineNum"> 138 </span> : : </a>
<a name="139"><span class="lineNum"> 139 </span> : : /*</a>
<a name="140"><span class="lineNum"> 140 </span> : : * Retrieves the SELinux context of the given pid and descriptor.</a>
<a name="141"><span class="lineNum"> 141 </span> : : * Memory must be freed.</a>
<a name="142"><span class="lineNum"> 142 </span> : : * Returns 0 on success, -1 on failure.</a>
<a name="143"><span class="lineNum"> 143 </span> : : */</a>
<a name="144"><span class="lineNum"> 144 </span> : : int</a>
<a name="145"><span class="lineNum"> 145 </span> :<span class="lineCov"> 807366 : selinux_getfdcon(pid_t pid, int fd, char **result)</span></a>
<a name="146"><span class="lineNum"> 146 </span> : : {</a>
<a name="147"><span class="lineNum"> 147 </span> [<span class="branchCov" title="Branch 0 was taken 508 times"> + </span><span class="branchCov" title="Branch 1 was taken 806858 times"> + </span><span class="branchCov" title="Branch 2 was taken 152 times"> + </span><span class="branchCov" title="Branch 3 was taken 356 times"> + </span>]:<span class="lineCov"> 807366 : if (number_set_array_is_empty(secontext_set, 0) || pid <= 0 || fd < 0)</span></a>
<a name="148"><span class="lineNum"> 148 </span> : : return -1;</a>
<a name="149"><span class="lineNum"> 149 </span> : : </a>
<a name="150"><span class="lineNum"> 150 </span> :<span class="lineCov"> 152 : int proc_pid = get_proc_pid(pid);</span></a>
<a name="151"><span class="lineNum"> 151 </span> [<span class="branchCov" title="Branch 0 was taken 152 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 152 : if (!proc_pid)</span></a>
<a name="152"><span class="lineNum"> 152 </span> : : return -1;</a>
<a name="153"><span class="lineNum"> 153 </span> : : </a>
<a name="154"><span class="lineNum"> 154 </span> :<span class="lineCov"> 152 : char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];</span></a>
<a name="155"><span class="lineNum"> 155 </span> :<span class="lineCov"> 152 : xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);</span></a>
<a name="156"><span class="lineNum"> 156 </span> : : </a>
<a name="157"><span class="lineNum"> 157 </span> :<span class="lineCov"> 152 : char *secontext;</span></a>
<a name="158"><span class="lineNum"> 158 </span> :<span class="lineCov"> 152 : int rc = getcontext(getfilecon(linkpath, &secontext), &secontext, result);</span></a>
<a name="159"><span class="lineNum"> 159 </span> [<span class="branchCov" title="Branch 0 was taken 152 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span><span class="branchCov" title="Branch 2 was taken 76 times"> + </span><span class="branchCov" title="Branch 3 was taken 76 times"> + </span>]:<span class="lineCov"> 152 : if (rc == -1 || !is_number_in_set(SECONTEXT_MISMATCH, secontext_set))</span></a>
<a name="160"><span class="lineNum"> 160 </span> :<span class="lineCov"> 76 : return rc;</span></a>
<a name="161"><span class="lineNum"> 161 </span> : : </a>
<a name="162"><span class="lineNum"> 162 </span> : : /*</a>
<a name="163"><span class="lineNum"> 163 </span> : : * We need to resolve the path, because selabel_lookup() doesn't</a>
<a name="164"><span class="lineNum"> 164 </span> : : * resolve anything. Using readlink() is sufficient here.</a>
<a name="165"><span class="lineNum"> 165 </span> : : */</a>
<a name="166"><span class="lineNum"> 166 </span> : : </a>
<a name="167"><span class="lineNum"> 167 </span> :<span class="lineCov"> 76 : char buf[PATH_MAX];</span></a>
<a name="168"><span class="lineNum"> 168 </span> :<span class="lineCov"> 76 : ssize_t n = readlink(linkpath, buf, sizeof(buf));</span></a>
<a name="169"><span class="lineNum"> 169 </span> [<span class="branchCov" title="Branch 0 was taken 76 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 76 : if ((size_t) n >= sizeof(buf))</span></a>
<a name="170"><span class="lineNum"> 170 </span> : : return 0;</a>
<a name="171"><span class="lineNum"> 171 </span> : : </a>
<a name="172"><span class="lineNum"> 172 </span> :<span class="lineCov"> 76 : char *expected;</span></a>
<a name="173"><span class="lineNum"> 173 </span> [<span class="branchCov" title="Branch 0 was taken 63 times"> + </span><span class="branchCov" title="Branch 1 was taken 13 times"> + </span>]:<span class="lineCov"> 76 : if (get_expected_filecontext(buf, &expected) == -1)</span></a>
<a name="174"><span class="lineNum"> 174 </span> : : return 0;</a>
<a name="175"><span class="lineNum"> 175 </span> [<span class="branchCov" title="Branch 0 was taken 49 times"> + </span><span class="branchCov" title="Branch 1 was taken 14 times"> + </span>]:<span class="lineCov"> 63 : if (strcmp(expected, *result) == 0) {</span></a>
<a name="176"><span class="lineNum"> 176 </span> :<span class="lineCov"> 49 : free(expected);</span></a>
<a name="177"><span class="lineNum"> 177 </span> :<span class="lineCov"> 49 : return 0;</span></a>
<a name="178"><span class="lineNum"> 178 </span> : : }</a>
<a name="179"><span class="lineNum"> 179 </span> :<span class="lineCov"> 14 : char *final_result = xasprintf("%s!!%s", *result, expected);</span></a>
<a name="180"><span class="lineNum"> 180 </span> :<span class="lineCov"> 14 : free(*result);</span></a>
<a name="181"><span class="lineNum"> 181 </span> :<span class="lineCov"> 14 : free(expected);</span></a>
<a name="182"><span class="lineNum"> 182 </span> :<span class="lineCov"> 14 : *result = final_result;</span></a>
<a name="183"><span class="lineNum"> 183 </span> :<span class="lineCov"> 14 : return 0;</span></a>
<a name="184"><span class="lineNum"> 184 </span> : : }</a>
<a name="185"><span class="lineNum"> 185 </span> : : </a>
<a name="186"><span class="lineNum"> 186 </span> : : /*</a>
<a name="187"><span class="lineNum"> 187 </span> : : * Retrieves the SELinux context of the given path.</a>
<a name="188"><span class="lineNum"> 188 </span> : : * Memory must be freed.</a>
<a name="189"><span class="lineNum"> 189 </span> : : * Returns 0 on success, -1 on failure.</a>
<a name="190"><span class="lineNum"> 190 </span> : : */</a>
<a name="191"><span class="lineNum"> 191 </span> : : int</a>
<a name="192"><span class="lineNum"> 192 </span> :<span class="lineCov"> 88338 : selinux_getfilecon(struct tcb *tcp, const char *path, char **result)</span></a>
<a name="193"><span class="lineNum"> 193 </span> : : {</a>
<a name="194"><span class="lineNum"> 194 </span> [<span class="branchCov" title="Branch 0 was taken 652 times"> + </span><span class="branchCov" title="Branch 1 was taken 87686 times"> + </span>]:<span class="lineCov"> 88338 : if (number_set_array_is_empty(secontext_set, 0))</span></a>
<a name="195"><span class="lineNum"> 195 </span> : : return -1;</a>
<a name="196"><span class="lineNum"> 196 </span> : : </a>
<a name="197"><span class="lineNum"> 197 </span> :<span class="lineCov"> 652 : int proc_pid = get_proc_pid(tcp->pid);</span></a>
<a name="198"><span class="lineNum"> 198 </span> [<span class="branchCov" title="Branch 0 was taken 652 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 652 : if (!proc_pid)</span></a>
<a name="199"><span class="lineNum"> 199 </span> : : return -1;</a>
<a name="200"><span class="lineNum"> 200 </span> : : </a>
<a name="201"><span class="lineNum"> 201 </span> :<span class="lineCov"> 652 : int rc = -1;</span></a>
<a name="202"><span class="lineNum"> 202 </span> :<span class="lineCov"> 652 : char fname[PATH_MAX];</span></a>
<a name="203"><span class="lineNum"> 203 </span> : : </a>
<a name="204"><span class="lineNum"> 204 </span> [<span class="branchCov" title="Branch 0 was taken 28 times"> + </span><span class="branchCov" title="Branch 1 was taken 624 times"> + </span>]:<span class="lineCov"> 652 : if (path[0] == '/')</span></a>
<a name="205"><span class="lineNum"> 205 </span> :<span class="lineCov"> 28 : rc = snprintf(fname, sizeof(fname), "/proc/%u/root%s",</span></a>
<a name="206"><span class="lineNum"> 206 </span> : : proc_pid, path);</a>
<a name="207"><span class="lineNum"> 207 </span> [<span class="branchCov" title="Branch 0 was taken 212 times"> + </span><span class="branchCov" title="Branch 1 was taken 412 times"> + </span>]:<span class="lineCov"> 624 : else if (tcp->last_dirfd == AT_FDCWD)</span></a>
<a name="208"><span class="lineNum"> 208 </span> :<span class="lineCov"> 212 : rc = snprintf(fname, sizeof(fname), "/proc/%u/cwd/%s",</span></a>
<a name="209"><span class="lineNum"> 209 </span> : : proc_pid, path);</a>
<a name="210"><span class="lineNum"> 210 </span> [<span class="branchCov" title="Branch 0 was taken 84 times"> + </span><span class="branchCov" title="Branch 1 was taken 328 times"> + </span>]:<span class="lineCov"> 412 : else if (tcp->last_dirfd >= 0 )</span></a>
<a name="211"><span class="lineNum"> 211 </span> :<span class="lineCov"> 84 : rc = snprintf(fname, sizeof(fname), "/proc/%u/fd/%u/%s",</span></a>
<a name="212"><span class="lineNum"> 212 </span> : : proc_pid, tcp->last_dirfd, path);</a>
<a name="213"><span class="lineNum"> 213 </span> : : </a>
<a name="214"><span class="lineNum"> 214 </span> [<span class="branchCov" title="Branch 0 was taken 324 times"> + </span><span class="branchCov" title="Branch 1 was taken 328 times"> + </span>]:<span class="lineCov"> 652 : if ((unsigned int) rc >= sizeof(fname))</span></a>
<a name="215"><span class="lineNum"> 215 </span> : : return -1;</a>
<a name="216"><span class="lineNum"> 216 </span> : : </a>
<a name="217"><span class="lineNum"> 217 </span> :<span class="lineCov"> 324 : char *secontext;</span></a>
<a name="218"><span class="lineNum"> 218 </span> :<span class="lineCov"> 324 : rc = getcontext(getfilecon(fname, &secontext), &secontext, result);</span></a>
<a name="219"><span class="lineNum"> 219 </span> [<span class="branchCov" title="Branch 0 was taken 184 times"> + </span><span class="branchCov" title="Branch 1 was taken 140 times"> + </span><span class="branchCov" title="Branch 2 was taken 92 times"> + </span><span class="branchCov" title="Branch 3 was taken 92 times"> + </span>]:<span class="lineCov"> 324 : if (rc == -1 || !is_number_in_set(SECONTEXT_MISMATCH, secontext_set))</span></a>
<a name="220"><span class="lineNum"> 220 </span> :<span class="lineCov"> 232 : return rc;</span></a>
<a name="221"><span class="lineNum"> 221 </span> : : </a>
<a name="222"><span class="lineNum"> 222 </span> : : /*</a>
<a name="223"><span class="lineNum"> 223 </span> : : * We need to fully resolve the path, because selabel_lookup() doesn't</a>
<a name="224"><span class="lineNum"> 224 </span> : : * resolve anything. Using realpath() is the only solution here to make</a>
<a name="225"><span class="lineNum"> 225 </span> : : * sure the path is canonicalized.</a>
<a name="226"><span class="lineNum"> 226 </span> : : */</a>
<a name="227"><span class="lineNum"> 227 </span> : : </a>
<a name="228"><span class="lineNum"> 228 </span> :<span class="lineCov"> 92 : char *resolved = realpath(fname, NULL);</span></a>
<a name="229"><span class="lineNum"> 229 </span> [<span class="branchCov" title="Branch 0 was taken 92 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 92 : if (!resolved)</span></a>
<a name="230"><span class="lineNum"> 230 </span> : : return -1;</a>
<a name="231"><span class="lineNum"> 231 </span> : : </a>
<a name="232"><span class="lineNum"> 232 </span> :<span class="lineCov"> 92 : char *expected;</span></a>
<a name="233"><span class="lineNum"> 233 </span> :<span class="lineCov"> 92 : rc = get_expected_filecontext(resolved, &expected);</span></a>
<a name="234"><span class="lineNum"> 234 </span> :<span class="lineCov"> 92 : free(resolved);</span></a>
<a name="235"><span class="lineNum"> 235 </span> [<span class="branchCov" title="Branch 0 was taken 92 times"> + </span><span class="branchNoCov" title="Branch 1 was not taken"> - </span>]:<span class="lineCov"> 92 : if (rc == -1)</span></a>
<a name="236"><span class="lineNum"> 236 </span> : : return 0;</a>
<a name="237"><span class="lineNum"> 237 </span> [<span class="branchCov" title="Branch 0 was taken 72 times"> + </span><span class="branchCov" title="Branch 1 was taken 20 times"> + </span>]:<span class="lineCov"> 92 : if (strcmp(expected, *result) == 0) {</span></a>
<a name="238"><span class="lineNum"> 238 </span> :<span class="lineCov"> 72 : free(expected);</span></a>
<a name="239"><span class="lineNum"> 239 </span> :<span class="lineCov"> 72 : return 0;</span></a>
<a name="240"><span class="lineNum"> 240 </span> : : }</a>
<a name="241"><span class="lineNum"> 241 </span> :<span class="lineCov"> 20 : char *final_result = xasprintf("%s!!%s", *result, expected);</span></a>
<a name="242"><span class="lineNum"> 242 </span> :<span class="lineCov"> 20 : free(*result);</span></a>
<a name="243"><span class="lineNum"> 243 </span> :<span class="lineCov"> 20 : free(expected);</span></a>
<a name="244"><span class="lineNum"> 244 </span> :<span class="lineCov"> 20 : *result = final_result;</span></a>
<a name="245"><span class="lineNum"> 245 </span> :<span class="lineCov"> 20 : return 0;</span></a>
<a name="246"><span class="lineNum"> 246 </span> : : }</a>
</pre>
</td>
</tr>
</table>
<br>
<table width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><td class="ruler"><img src="../glass.png" width=3 height=3 alt=""></td></tr>
<tr><td class="versionInfo">Generated by: <a href="http://ltp.sourceforge.net/coverage/lcov.php" target="_parent">LCOV version 1.14</a></td></tr>
</table>
<br>
</body>
</html>