libselinux: support context validation on file_contexts.bin
If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then
we should validate contexts in the same manner as with file_contexts.
Change-Id: I08c1ba91c694c5483aa838833ff9d704aceca235
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/src/label_file.c b/src/label_file.c
index f6ea169..f710ab4 100644
--- a/src/label_file.c
+++ b/src/label_file.c
@@ -301,6 +301,14 @@
}
spec->lr.ctx_raw = str_buf;
+ if (strcmp(spec->lr.ctx_raw, "<<none>>") && rec->validating) {
+ if (selabel_validate(rec, &spec->lr) < 0) {
+ selinux_log(SELINUX_ERROR,
+ "%s: context %s is invalid\n", mmap_path, spec->lr.ctx_raw);
+ goto err;
+ }
+ }
+
/* Process regex string */
rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t));
if (rc < 0 || !entry_len) {