diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2015-04-08 10:25:44 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2015-04-08 10:27:49 +0300 |
| commit | 83ab02230115eab725bf92f111f4a3f2a41db5b1 (patch) | |
| tree | 546b0f9a8ceb1aefc3b36ef000f3354784c13dbd /src/audit.c | |
| parent | 944eae4b27d039608dd72b1d7b3ed015c20bdcc0 (diff) | |
| download | apk-tools-83ab02230115eab725bf92f111f4a3f2a41db5b1.tar.gz apk-tools-83ab02230115eab725bf92f111f4a3f2a41db5b1.tar.bz2 apk-tools-83ab02230115eab725bf92f111f4a3f2a41db5b1.tar.xz apk-tools-83ab02230115eab725bf92f111f4a3f2a41db5b1.zip | |
audit xattrs
ref #3027
Diffstat (limited to 'src/audit.c')
| -rw-r--r-- | src/audit.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/audit.c b/src/audit.c index 3bc525b..cb295b8 100644 --- a/src/audit.c +++ b/src/audit.c @@ -93,30 +93,36 @@ static int audit_file(struct audit_ctx *actx, int dirfd, const char *name) { struct apk_file_info fi; + int rv = 0; if (dbf == NULL) return 'A'; dbf->audited = 1; - if (apk_fileinfo_get(dirfd, name, APK_FI_NOFOLLOW | dbf->csum.type, &fi) != 0) + if (apk_fileinfo_get(dirfd, name, + APK_FI_NOFOLLOW | + APK_FI_XATTR_CSUM(dbf->acl->xattr_csum.type ?: APK_CHECKSUM_DEFAULT) | + APK_FI_CSUM(dbf->csum.type), + &fi) != 0) return -EPERM; if (dbf->csum.type != APK_CHECKSUM_NONE && apk_checksum_compare(&fi.csum, &dbf->csum) != 0) - return 'U'; - - if (S_ISLNK(fi.mode) && dbf->csum.type == APK_CHECKSUM_NONE) - return 'U'; - - if (actx->check_permissions) { + rv = 'U'; + else if (apk_checksum_compare(&fi.xattr_csum, &dbf->acl->xattr_csum) != 0) + rv = 'X'; + else if (S_ISLNK(fi.mode) && dbf->csum.type == APK_CHECKSUM_NONE) + rv = 'U'; + else if (actx->check_permissions) { if ((fi.mode & 07777) != (dbf->acl->mode & 07777)) - return 'M'; - if (fi.uid != dbf->acl->uid || fi.gid != dbf->acl->gid) - return 'M'; + rv = 'M'; + else if (fi.uid != dbf->acl->uid || fi.gid != dbf->acl->gid) + rv = 'M'; } + apk_fileinfo_free(&fi); - return 0; + return rv; } static int audit_directory(struct audit_ctx *actx, |