From fc0f4d602429d5080df86af68e9aafa593572962 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Nov 2021 15:13:37 +0100
Subject: selinux: make mac_selinux_create_file_prepare() at wrapper around
 _at()

Let's make sure mac_selinux_create_file_prepare_at() works fine with
AT_FDCWD, and then make mac_selinux_create_file_prepare() just a inline
wrapper around it.
---
 src/shared/selinux-util.c | 38 +++++++++++---------------------------
 src/shared/selinux-util.h |  5 ++++-
 2 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index 5745fe09a2..a1359a5bfd 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -497,25 +497,30 @@ static int selinux_create_file_prepare_abspath(const char *abspath, mode_t mode)
 }
 #endif
 
-int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode) {
+int mac_selinux_create_file_prepare_at(
+                int dir_fd,
+                const char *path,
+                mode_t mode) {
+
 #if HAVE_SELINUX
         _cleanup_free_ char *abspath = NULL;
         int r;
 
-        assert(path);
+        if (dir_fd < 0 && dir_fd != AT_FDCWD)
+                return -EBADF;
 
         if (!label_hnd)
                 return 0;
 
-        if (!path_is_absolute(path)) {
-                if (dirfd == AT_FDCWD)
+        if (isempty(path) || !path_is_absolute(path)) {
+                if (dir_fd == AT_FDCWD)
                         r = safe_getcwd(&abspath);
                 else
-                        r = fd_get_path(dirfd, &abspath);
+                        r = fd_get_path(dir_fd, &abspath);
                 if (r < 0)
                         return r;
 
-                if (!path_extend(&abspath, path))
+                if (!isempty(path) && !path_extend(&abspath, path))
                         return -ENOMEM;
 
                 path = abspath;
@@ -527,27 +532,6 @@ int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode)
 #endif
 }
 
-int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
-#if HAVE_SELINUX
-        int r;
-
-        _cleanup_free_ char *abspath = NULL;
-
-        assert(path);
-
-        if (!label_hnd)
-                return 0;
-
-        r = path_make_absolute_cwd(path, &abspath);
-        if (r < 0)
-                return r;
-
-        return selinux_create_file_prepare_abspath(abspath, mode);
-#else
-        return 0;
-#endif
-}
-
 int mac_selinux_create_file_prepare_label(const char *path, const char *label) {
 #if HAVE_SELINUX
 
diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h
index 4147a3ad50..a9ddbfc653 100644
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
+#include <fcntl.h>
 #include <stdbool.h>
 #include <sys/socket.h>
 #include <sys/types.h>
@@ -41,8 +42,10 @@ int mac_selinux_get_our_label(char **label);
 int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label);
 char* mac_selinux_free(char *label);
 
-int mac_selinux_create_file_prepare(const char *path, mode_t mode);
 int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode);
+static inline int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
+        return mac_selinux_create_file_prepare_at(AT_FDCWD, path, mode);
+}
 int mac_selinux_create_file_prepare_label(const char *path, const char *label);
 void mac_selinux_create_file_clear(void);
 
-- 
cgit v1.2.1