From ac7b0dbd5a18d2c57a942ca14ac856b8047425ff Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Tue, 15 Feb 2022 10:43:13 +0200 Subject: [PATCH] Pass file descriptor to file prepare plugin hook, use when possible Sadly the thing that allegedly makes things better mostly just makes things more complicated as symlinks can't be opened, so we'll now have to deal with both cases in plugins too. To make matters worse, most APIs out there support either an fd or a path, but very few support the *at() style dirfd + basename approach so plugins are stuck with absolute paths for now. This is of course a plugin API/ABI change too. --- lib/rpmplugin.h | 2 +- lib/rpmplugins.c | 4 ++-- lib/rpmplugins.h | 3 ++- plugins/ima.c | 9 +++++++-- plugins/selinux.c | 13 ++++++++----- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h index fd81aec8d..fab4b3e83 100644 --- a/lib/rpmplugin.h +++ b/lib/rpmplugin.h @@ -57,7 +57,7 @@ typedef rpmRC (*plugin_fsm_file_post_func)(rpmPlugin plugin, rpmfi fi, const char* path, mode_t file_mode, rpmFsmOp op, int res); typedef rpmRC (*plugin_fsm_file_prepare_func)(rpmPlugin plugin, rpmfi fi, - const char* path, + int fd, const char* path, const char *dest, mode_t file_mode, rpmFsmOp op); diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c index 65e684e84..923084b78 100644 --- a/lib/rpmplugins.c +++ b/lib/rpmplugins.c @@ -384,7 +384,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path, } rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi, - const char *path, const char *dest, + int fd, const char *path, const char *dest, mode_t file_mode, rpmFsmOp op) { plugin_fsm_file_prepare_func hookFunc; @@ -394,7 +394,7 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi, for (i = 0; i < plugins->count; i++) { rpmPlugin plugin = plugins->plugins[i]; RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare); - if (hookFunc && hookFunc(plugin, fi, path, dest, file_mode, op) == RPMRC_FAIL) { + if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) { rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name); rc = RPMRC_FAIL; } diff --git a/lib/rpmplugins.h b/lib/rpmplugins.h index 39762c376..ddf5d7048 100644 --- a/lib/rpmplugins.h +++ b/lib/rpmplugins.h @@ -156,6 +156,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path, * permissions etc, but before committing file to destination path. * @param plugins plugins structure * @param fi file info iterator (or NULL) + * @param fd file descriptor (or -1 if not available) * @param path file object current path * @param dest file object destination path * @param mode file object mode @@ -164,7 +165,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path, */ RPM_GNUC_INTERNAL rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi, - const char *path, const char *dest, + int fd, const char *path, const char *dest, mode_t mode, rpmFsmOp op); #ifdef __cplusplus diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c index 7ac44f0d0..1ff50c30f 100644 --- a/plugins/fapolicyd.c +++ b/plugins/fapolicyd.c @@ -145,7 +145,8 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name, } static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, - const char *path, const char *dest, + int fd, const char *path, + const char *dest, mode_t file_mode, rpmFsmOp op) { /* not ready */ --- a/plugins/ima.c 2020-04-28 14:50:11.835399269 +0200 +++ b/plugins/ima.c 2023-12-13 11:19:58.835948660 +0100 @@ -39,7 +39,7 @@ return (memcmp(fsig, &zero_hdr, sizeof(zero_hdr)) == 0); } -static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, +static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd, const char *path, const char *dest, mode_t file_mode, rpmFsmOp op) @@ -63,8 +63,14 @@ fsig = rpmfiFSignature(fi, &len); if (fsig && (check_zero_hdr(fsig, len) == 0)) { - if (lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0) < 0) { - rpmlog(RPMLOG_ERR, + int xx; + if (fd >= 0) + xx = fsetxattr(fd, XATTR_NAME_IMA, fsig, len, 0); + else + xx = lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0); + if (xx < 0) { + int is_err = errno != EOPNOTSUPP; + rpmlog(is_err?RPMLOG_ERR:RPMLOG_DEBUG, "ima: could not apply signature on '%s': %s\n", path, strerror(errno)); rc = RPMRC_FAIL; --- a/plugins/selinux.c 2023-12-13 11:21:54.935009141 +0100 +++ b/plugins/selinux.c 2023-12-13 11:22:23.172510285 +0100 @@ -149,7 +149,7 @@ return rc; } -static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, +static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd, const char *path, const char *dest, mode_t file_mode, rpmFsmOp op) { @@ -159,14 +159,17 @@ if (sehandle && !XFA_SKIPPING(action)) { security_context_t scon = NULL; if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) { - int conrc = lsetfilecon(path, scon); + int conrc; + if (fd >= 0) + conrc = fsetfilecon(fd, scon); + else + conrc = lsetfilecon(path, scon); if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP)) rc = RPMRC_OK; - rpmlog((rc != RPMRC_OK) ? RPMLOG_ERR : RPMLOG_DEBUG, - "lsetfilecon: (%s, %s) %s\n", - path, scon, (conrc < 0 ? strerror(errno) : "")); + rpmlog((rc != RPMRC_OK) ? RPMLOG_ERR : RPMLOG_DEBUG, "lsetfilecon: (%d %s, %s) %s\n", + fd, path, scon, (conrc < 0 ? strerror(errno) : "")); freecon(scon); } else {