diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2023-04-10 20:33:51 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2023-04-11 20:55:13 +0300 |
| commit | f514cfe6aa8b50c60c61e3f23ec3ac174661fd6b (patch) | |
| tree | d57ff56c2b44823076ab90e5d33ddb071704d5d7 | |
| parent | 5de1b74127fde2b7de625587643c7c7d37e95c92 (diff) | |
| download | apk-tools-f514cfe6aa8b50c60c61e3f23ec3ac174661fd6b.tar.gz apk-tools-f514cfe6aa8b50c60c61e3f23ec3ac174661fd6b.tar.bz2 apk-tools-f514cfe6aa8b50c60c61e3f23ec3ac174661fd6b.tar.xz apk-tools-f514cfe6aa8b50c60c61e3f23ec3ac174661fd6b.zip | |
audit: report errors as 'e'
| -rw-r--r-- | doc/apk-audit.8.scd | 2 | ||||
| -rw-r--r-- | src/app_audit.c | 18 |
2 files changed, 12 insertions, 8 deletions
diff --git a/doc/apk-audit.8.scd b/doc/apk-audit.8.scd index 0e638bf..70bd667 100644 --- a/doc/apk-audit.8.scd +++ b/doc/apk-audit.8.scd @@ -28,6 +28,8 @@ then the affected path. The changes detected are: : Directory added | D : Directory added (with non-listed files/subdirs) +| e +: error occured during audit (e.g. no permissions to read file) | M : File metadata changed (uid, gid, or mode) | m diff --git a/src/app_audit.c b/src/app_audit.c index 997899b..52dbc73 100644 --- a/src/app_audit.c +++ b/src/app_audit.c @@ -125,15 +125,14 @@ static int audit_file(struct audit_ctx *actx, struct apk_file_info fi; int rv = 0; - if (dbf == NULL) - return 'A'; + if (!dbf) return 'A'; if (apk_fileinfo_get(dirfd, name, APK_FI_NOFOLLOW | APK_FI_XATTR_CSUM(dbf->acl->xattr_csum.type ?: APK_CHECKSUM_DEFAULT) | APK_FI_CSUM(dbf->csum.type), &fi, &db->atoms) != 0) - return -EPERM; + return 'e'; if (dbf->csum.type != APK_CHECKSUM_NONE && apk_checksum_compare(&fi.csum, &dbf->csum) != 0) @@ -221,16 +220,23 @@ static int audit_directory_tree_item(void *ctx, int dirfd, const char *name) struct audit_ctx *actx = atctx->actx; struct apk_database *db = atctx->db; struct apk_db_dir *dir = atctx->dir, *child = NULL; + struct apk_db_file *dbf; struct apk_file_info fi; int reason = 0; if (bdir.len + bent.len + 1 >= sizeof(atctx->path)) return 0; - if (apk_fileinfo_get(dirfd, name, APK_FI_NOFOLLOW, &fi, &db->atoms) < 0) return 0; memcpy(&atctx->path[atctx->pathlen], bent.ptr, bent.len); atctx->pathlen += bent.len; bfull = APK_BLOB_PTR_LEN(atctx->path, atctx->pathlen); + if (apk_fileinfo_get(dirfd, name, APK_FI_NOFOLLOW, &fi, &db->atoms) < 0) { + dbf = apk_db_file_query(db, bdir, bent); + if (dbf) dbf->audited = 1; + report_audit(actx, 'e', bfull, dbf ? dbf->diri->pkg : NULL); + goto done; + } + if (S_ISDIR(fi.mode)) { int recurse = TRUE; @@ -254,8 +260,6 @@ static int audit_directory_tree_item(void *ctx, int dirfd, const char *name) } reason = audit_directory(actx, db, child, &fi); - if (reason < 0) - goto done; recurse_check: atctx->path[atctx->pathlen++] = '/'; @@ -271,7 +275,6 @@ recurse_check: bfull.len--; atctx->pathlen--; } else { - struct apk_db_file *dbf; int protect_mode = determine_file_protect_mode(dir, name); dbf = apk_db_file_query(db, bdir, bent); @@ -324,7 +327,6 @@ recurse_check: goto done; } if (!reason) reason = audit_file(actx, db, dbf, dirfd, name); - if (reason < 0) goto done; report_audit(actx, reason, bfull, dbf ? dbf->diri->pkg : NULL); } |