libselinux: support file_contexts.bin without file_contexts

Change the label_file backend in libselinux to support systems that only have file_contexts.bin files installed and do not ship a file_contexts file at all. Only fail if neither file can be loaded. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2025-02-08 12:26:50 +00:00 · 2015-08-04 11:26:11 -04:00 · 2015-08-04 11:26:11 -04:00 · 0454b7ac2c
commit 0454b7ac2c
parent 509e60775d
1 changed files with 21 additions and 9 deletions
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@ -418,21 +418,32 @@ static int process_file(const char *path, const char *suffix,
 	}

 	/* Open the specification file. */
-	if ((fp = fopen(path, "r")) == NULL)
-		return -1;
-	__fsetlocking(fp, FSETLOCKING_BYCALLER);
+	fp = fopen(path, "r");
+	if (fp) {
+		__fsetlocking(fp, FSETLOCKING_BYCALLER);

-	if (fstat(fileno(fp), &sb) < 0)
-		return -1;
-	if (!S_ISREG(sb.st_mode)) {
-		errno = EINVAL;
-		return -1;
+		if (fstat(fileno(fp), &sb) < 0)
+			return -1;
+		if (!S_ISREG(sb.st_mode)) {
+			errno = EINVAL;
+			return -1;
+		}
+	} else {
+		/*
+		 * Text file does not exist, so clear the timestamp
+		 * so that we will always pass the timestamp comparison
+		 * with the bin file in load_mmap().
+		 */
+		sb.st_mtime = 0;
 	}

 	rc = load_mmap(rec, path, &sb);
 	if (rc == 0)
 		goto out;

+	if (!fp)
+		return -1; /* no text or bin file */
+
 	/*
 	 * Then do detailed validation of the input and fill the spec array
 	 */
@ -446,7 +457,8 @@ static int process_file(const char *path, const char *suffix,

 out:
 	free(line_buf);
-	fclose(fp);
+	if (fp)
+		fclose(fp);
 	return rc;
 }