From 2d0512cf2c11bb59f8fd55fd995e348467c2d80c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 15 Oct 2024 12:47:48 -0400 Subject: [PATCH 1/2] lsm: Add tests for xattrs_have_selinux Prep for a refactoring. Signed-off-by: Colin Walters --- lib/src/lsm.rs | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/src/lsm.rs b/lib/src/lsm.rs index af0306658..9f390b8c1 100644 --- a/lib/src/lsm.rs +++ b/lib/src/lsm.rs @@ -419,3 +419,19 @@ where f(w) }) } + +#[cfg(test)] +mod tests { + use super::*; + use gio::glib::Variant; + + #[test] + fn test_selinux_xattr() { + let notfound: &[&[(&[u8], &[u8])]] = &[&[], &[(b"foo", b"bar")]]; + for case in notfound { + assert!(!xattrs_have_selinux(&Variant::from(case))); + } + let found: &[(&[u8], &[u8])] = &[(b"foo", b"bar"), (SELINUX_XATTR, b"foo_t")]; + assert!(xattrs_have_selinux(&Variant::from(found))); + } +} From abf7eae82ab57fb7ec5fef31dafd2b9b7b25f993 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 15 Oct 2024 12:48:15 -0400 Subject: [PATCH 2/2] Drop gvariant dependency It isn't an actively maintained crate and our usage is tiny and not performance sensitive enough to warrant the zero-copy it entails. Just motivated by doing a pass over our dependencies. Signed-off-by: Colin Walters --- Cargo.lock | 1 - lib/Cargo.toml | 1 - lib/src/lsm.rs | 14 ++++++-------- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index eaea58bd0..a28eaf122 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -177,7 +177,6 @@ dependencies = [ "clap", "clap_mangen", "fn-error-context", - "gvariant", "hex", "indicatif", "indoc", diff --git a/lib/Cargo.toml b/lib/Cargo.toml index e553c9294..4289e0802 100644 --- a/lib/Cargo.toml +++ b/lib/Cargo.toml @@ -26,7 +26,6 @@ clap_mangen = { version = "0.2.20", optional = true } cap-std-ext = { workspace = true, features = ["fs_utf8"] } hex = "^0.4.3" fn-error-context = { workspace = true } -gvariant = "0.5.0" indicatif = "0.17.8" libc = { workspace = true } liboverdrop = "0.1.0" diff --git a/lib/src/lsm.rs b/lib/src/lsm.rs index 9f390b8c1..d801a8f88 100644 --- a/lib/src/lsm.rs +++ b/lib/src/lsm.rs @@ -19,8 +19,6 @@ use cap_std_ext::cap_std::fs::{Metadata, MetadataExt}; #[cfg(feature = "install")] use cap_std_ext::dirext::CapStdExtDirExt; use fn_error_context::context; -#[cfg(feature = "install")] -use gvariant::{aligned_bytes::TryAsAligned, Marker, Structure}; use ostree_ext::gio; use ostree_ext::ostree; use rustix::fd::AsFd; @@ -177,12 +175,12 @@ pub(crate) fn selinux_set_permissive(permissive: bool) -> Result<()> { #[cfg(feature = "install")] /// Check if the ostree-formatted extended attributes include a security.selinux value. pub(crate) fn xattrs_have_selinux(xattrs: &ostree::glib::Variant) -> bool { - let v = xattrs.data_as_bytes(); - let v = v.try_as_aligned().unwrap(); - let v = gvariant::gv!("a(ayay)").cast(v); - for xattr in v.iter() { - let k = xattr.to_tuple().0; - if k == SELINUX_XATTR { + let n = xattrs.n_children(); + for i in 0..n { + let child = xattrs.child_value(i); + let key = child.child_value(0); + let key = key.data_as_bytes(); + if key == SELINUX_XATTR { return true; } }