libselinux: deprecate security_compute_user(), update man pages

commit 1f89c4e787 ("libselinux: Eliminate use of security_compute_user()") eliminated the use of security_compute_user() by get_ordered_context_list(). Deprecate all use of security_compute_user() by updating the headers and man pages and logging a warning message on any calls to it. Remove the example utility that called the interface. While here, also fix the documentation of correct usage of the user argument to these interfaces. Fixes: https://github.com/SELinuxProject/selinux/issues/70 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Petr Lautrbach <plautrba@redhat.com>
2024-12-11 13:26:01 +00:00 · 2020-02-20 10:40:19 -05:00 · 2020-02-20 10:40:19 -05:00 · a41dfeb55d
commit a41dfeb55d
parent ee4b20ca10
5 changed files with 31 additions and 47 deletions
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@ -246,8 +246,12 @@ extern int security_compute_member_raw(const char * scon,
 				       security_class_t tclass,
 				       char ** newcon);

-/* Compute the set of reachable user contexts and set *con to refer to 
-   the NULL-terminated array of contexts.  Caller must free via freeconary. */
+/*
+ * Compute the set of reachable user contexts and set *con to refer to
+ * the NULL-terminated array of contexts.  Caller must free via freeconary.
+ * These interfaces are deprecated.  Use get_ordered_context_list() or
+ * one of its variant interfaces instead.
+ */
 extern int security_compute_user(const char * scon,
 				 const char *username,
 				 char *** con);
--- a/libselinux/man/man3/get_ordered_context_list.3
+++ b/libselinux/man/man3/get_ordered_context_list.3
@ -26,14 +26,28 @@ get_ordered_context_list, get_ordered_context_list_with_level, get_default_conte
 .BI "int get_default_type(const char *" role ", char **" type );
 .
 .SH "DESCRIPTION"
+
+This family of functions can be used to obtain either a prioritized list of
+all reachable security contexts for a given SELinux user or a single default
+(highest priority) context for a given SELinux user for use by login-like
+programs.  These functions takes a SELinux user identity that must
+be defined in the SELinux policy as their input, not a Linux username.
+Most callers should typically first call
+.BR getseuserbyname(3)
+to look up the SELinux user identity and level for a given
+Linux username and then invoke one of
+.BR get_ordered_context_list_with_level ()
+or
+.BR get_default_context_with_level ()
+with the returned SELinux user and level as inputs.
+
 .BR get_ordered_context_list ()
-invokes the 
-.BR security_compute_user (3)
-function to obtain the list of contexts for the specified
+obtains the list of contexts for the specified
+SELinux
 .I user
-that are reachable from the specified
+identity that are reachable from the specified
 .I fromcon
-context.  The function then orders the resulting list based on the global
+context based on the global
 .I \%/etc/selinux/{SELINUXTYPE}/contexts/default_contexts
 file and the per-user
 .I \%/etc/selinux/{SELINUXTYPE}/contexts/users/<username>
--- a/libselinux/man/man3/security_compute_av.3
+++ b/libselinux/man/man3/security_compute_av.3
@ -134,8 +134,9 @@ instance.

 .BR security_compute_user ()
 is used to determine the set of user contexts that can be reached from a
-source context. It is mainly used by
-.BR get_ordered_context_list (3).
+source context. This function is deprecated; use
+.BR get_ordered_context_list (3)
+instead.

 .BR security_validatetrans ()
 is used to determine if a transition from scon to newcon using tcon as the object
--- a/libselinux/src/compute_user.c
+++ b/libselinux/src/compute_user.c
@ -8,6 +8,7 @@
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
+#include "callbacks.h"

 int security_compute_user_raw(const char * scon,
 			      const char *user, char *** con)
@ -24,6 +25,8 @@ int security_compute_user_raw(const char * scon,
 		return -1;
 	}

+	selinux_log(SELINUX_WARNING, "Direct use of security_compute_user() is deprecated, switch to get_ordered_context_list()\n");
+
 	snprintf(path, sizeof path, "%s/user", selinux_mnt);
 	fd = open(path, O_RDWR | O_CLOEXEC);
 	if (fd < 0)
--- a/libselinux/utils/compute_user.c
+++ b/libselinux/utils/compute_user.c
@ -1,38 +0,0 @@
-#include <unistd.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <string.h>
-#include <ctype.h>
-#include <selinux/selinux.h>
-
-int main(int argc, char **argv)
-{
-	char **buf, **ptr;
-	int ret;
-
-	if (argc != 3) {
-		fprintf(stderr, "usage:  %s context user\n", argv[0]);
-		exit(1);
-	}
-
-	ret = security_compute_user(argv[1], argv[2], &buf);
-	if (ret < 0) {
-		fprintf(stderr, "%s:  security_compute_user(%s,%s) failed\n",
-			argv[0], argv[1], argv[2]);
-		exit(2);
-	}
-
-	if (!buf[0]) {
-		printf("none\n");
-		exit(EXIT_SUCCESS);
-	}
-
-	for (ptr = buf; *ptr; ptr++) {
-		printf("%s\n", *ptr);
-	}
-	freeconary(buf);
-	exit(EXIT_SUCCESS);
-}