maint: fix const correctness warnings with security_context_t

The security_context_t type was always an artificial separation
from a standard char* string, and various libselinux using code
assumed both were synonymous.  In addition, prior to libselinux 2.3
function declarations were incorrect wrt constness of this type.
Here we replace security_context_t with char*, and also
provide a wrapper function to cater for the const issue on
older libselinux.

* src/system.h (se_const): A new function to avoid and identify
the const issue on older libselinux.
* src/copy.c: s/security_context_t/char */.
* src/cp.c: Likewise.
* src/id.c: Likewise.
* src/install.c: Likewise.
* src/ls.c: Likewise.
* src/mkdir.c: Likewise.
* src/mkfifo.c: Likewise.
* src/mknod.c: Likewise.
* src/runcon.c: Likewise.
* src/selinux.c: Likewise.
* tests/cp/no-ctx.sh: Likewise.
* src/chcon.c: Likesize.

13 files changed, 43 insertions, 35 deletions

diff --git a/src/chcon.c b/src/chcon.c
index 6940cf54e..e253a4639 100644
--- a/src/chcon.c
+++ b/src/chcon.c
@@ -91,7 +91,7 @@ static struct option const long_options[] =
    setting any portions selected via the global variables, specified_user,
    specified_role, etc.  */
 static int
-compute_context_from_mask (security_context_t context, context_t *ret)
+compute_context_from_mask (char const *context, context_t *ret)
 {
   bool ok = true;
   context_t new_context = context_new (context);
@@ -140,9 +140,9 @@ compute_context_from_mask (security_context_t context, context_t *ret)
 static int
 change_file_context (int fd, char const *file)
 {
-  security_context_t file_context = NULL;
+  char *file_context = NULL;
   context_t context IF_LINT (= NULL);
-  security_context_t context_string;
+  char const * context_string;
   int errors = 0;
 
   if (specified_context == NULL)
@@ -181,8 +181,8 @@ change_file_context (int fd, char const *file)
   if (file_context == NULL || ! STREQ (context_string, file_context))
     {
       int fail = (affect_symlink_referent
-                  ?  setfileconat (fd, file, context_string)
-                  : lsetfileconat (fd, file, context_string));
+                  ?  setfileconat (fd, file, se_const (context_string))
+                  : lsetfileconat (fd, file, se_const (context_string)));
 
       if (fail)
         {
@@ -409,8 +409,6 @@ one takes effect.\n\
 int
 main (int argc, char **argv)
 {
-  security_context_t ref_context = NULL;
-
   /* Bit flags that control how fts works.  */
   int bit_flags = FTS_PHYSICAL;
 
@@ -542,6 +540,8 @@ main (int argc, char **argv)
 
   if (reference_file)
     {
+      char *ref_context = NULL;
+
       if (getfilecon (reference_file, &ref_context) < 0)
         error (EXIT_FAILURE, errno, _("failed to get security context of %s"),
                quote (reference_file));
@@ -556,7 +556,7 @@ main (int argc, char **argv)
   else
     {
       specified_context = argv[optind++];
-      if (security_check_context (specified_context) < 0)
+      if (security_check_context (se_const (specified_context)) < 0)
         error (EXIT_FAILURE, errno, _("invalid context: %s"),
                quotearg_colon (specified_context));
     }
diff --git a/src/copy.c b/src/copy.c
index eee918a81..26d5bdd29 100644
--- a/src/copy.c
+++ b/src/copy.c
@@ -779,7 +779,7 @@ set_process_security_ctx (char const *src_name, char const *dst_name,
       /* Set the default context for the process to match the source.  */
       bool all_errors = !x->data_copy_required || x->require_preserve_context;
       bool some_errors = !all_errors && !x->reduce_diagnostics;
-      security_context_t con;
+      char *con;
 
       if (0 <= lgetfilecon (src_name, &con))
         {
diff --git a/src/cp.c b/src/cp.c
index a2541161e..99cafa7f5 100644
--- a/src/cp.c
+++ b/src/cp.c
@@ -926,7 +926,7 @@ main (int argc, char **argv)
   bool copy_contents = false;
   char *target_directory = NULL;
   bool no_target_directory = false;
-  security_context_t scontext = NULL;
+  char const *scontext = NULL;
 
   initialize_main (&argc, &argv);
   set_program_name (argv[0]);
@@ -1196,7 +1196,7 @@ main (int argc, char **argv)
        if (scontext)
          restorecon (dst_path, 0, true);
    */
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext && setfscreatecon (se_const (scontext)) < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));
diff --git a/src/id.c b/src/id.c
index f46bb41b5..ccd1e879a 100644
--- a/src/id.c
+++ b/src/id.c
@@ -58,7 +58,7 @@ static bool ok = true;
 
 /* The SELinux context.  Start with a known invalid value so print_full_info
    knows when 'context' has not been set to a meaningful value.  */
-static security_context_t context = NULL;
+static char *context = NULL;
 
 static struct option const longopts[] =
 {
@@ -220,7 +220,7 @@ main (int argc, char **argv)
       /* Report failure only if --context (-Z) was explicitly requested.  */
       if ((selinux_enabled && getcon (&context) && just_context)
           || (smack_enabled
-              && smack_new_label_from_self ((char **) &context) < 0
+              && smack_new_label_from_self (&context) < 0
               && just_context))
         error (EXIT_FAILURE, 0, _("can't get process context"));
     }
diff --git a/src/install.c b/src/install.c
index e7de260c6..c3424227b 100644
--- a/src/install.c
+++ b/src/install.c
@@ -218,8 +218,8 @@ need_copy (const char *src_name, const char *dest_name,
   /* compare SELinux context if preserving */
   if (selinux_enabled && x->preserve_security_context)
     {
-      security_context_t file_scontext = NULL;
-      security_context_t to_scontext = NULL;
+      char *file_scontext = NULL;
+      char *to_scontext = NULL;
       bool scontext_match;
 
       if (getfilecon (src_name, &file_scontext) == -1)
@@ -312,7 +312,7 @@ static void
 setdefaultfilecon (char const *file)
 {
   struct stat st;
-  security_context_t scontext = NULL;
+  char *scontext = NULL;
   static bool first_call = true;
 
   if (selinux_enabled != 1)
@@ -786,7 +786,7 @@ main (int argc, char **argv)
   int n_files;
   char **file;
   bool strip_program_specified = false;
-  security_context_t scontext = NULL;
+  char const *scontext = NULL;
   /* set iff kernel has extra selinux system calls */
   selinux_enabled = (0 < is_selinux_enabled ());
 
@@ -943,7 +943,7 @@ main (int argc, char **argv)
     error (EXIT_FAILURE, 0,
            _("cannot set target context and preserve it"));
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext && setfscreatecon (se_const (scontext)) < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));
diff --git a/src/ls.c b/src/ls.c
index 54c6705f1..cd5996eb9 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -208,7 +208,7 @@ struct fileinfo
     mode_t linkmode;
 
     /* security context.  */
-    security_context_t scontext;
+    char *scontext;
 
     bool stat_ok;
 
diff --git a/src/mkdir.c b/src/mkdir.c
index 04367ebf6..eb9693cc9 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -200,7 +200,7 @@ main (int argc, char **argv)
 {
   const char *specified_mode = NULL;
   int optc;
-  security_context_t scontext = NULL;
+  char const *scontext = NULL;
   struct mkdir_options options;
 
   options.make_ancestor_function = NULL;
@@ -272,7 +272,7 @@ main (int argc, char **argv)
       if (is_smack_enabled ())
         ret = smack_set_label_for_self (scontext);
       else
-        ret = setfscreatecon (scontext);
+        ret = setfscreatecon (se_const (scontext));
 
       if (ret < 0)
         error (EXIT_FAILURE, errno,
diff --git a/src/mkfifo.c b/src/mkfifo.c
index 5a52d6a22..415ae562f 100644
--- a/src/mkfifo.c
+++ b/src/mkfifo.c
@@ -79,7 +79,7 @@ main (int argc, char **argv)
   char const *specified_mode = NULL;
   int exit_status = EXIT_SUCCESS;
   int optc;
-  security_context_t scontext = NULL;
+  char const *scontext = NULL;
   bool set_security_context = false;
 
   initialize_main (&argc, &argv);
@@ -136,7 +136,7 @@ main (int argc, char **argv)
       if (is_smack_enabled ())
         ret = smack_set_label_for_self (scontext);
       else
-        ret = setfscreatecon (scontext);
+        ret = setfscreatecon (se_const (scontext));
 
       if (ret < 0)
         error (EXIT_FAILURE, errno,
diff --git a/src/mknod.c b/src/mknod.c
index 6e6709492..8f547e9c6 100644
--- a/src/mknod.c
+++ b/src/mknod.c
@@ -96,7 +96,7 @@ main (int argc, char **argv)
   int optc;
   int expected_operands;
   mode_t node_type;
-  security_context_t scontext = NULL;
+  char const *scontext = NULL;
   bool set_security_context = false;
 
   initialize_main (&argc, &argv);
@@ -192,7 +192,7 @@ main (int argc, char **argv)
       if (is_smack_enabled ())
         ret = smack_set_label_for_self (scontext);
       else
-        ret = setfscreatecon (scontext);
+        ret = setfscreatecon (se_const (scontext));
 
       if (ret < 0)
         error (EXIT_FAILURE, errno,
diff --git a/src/runcon.c b/src/runcon.c
index 78ba79b74..14ccc3d58 100644
--- a/src/runcon.c
+++ b/src/runcon.c
@@ -115,9 +115,9 @@ main (int argc, char **argv)
   char *user = NULL;
   char *type = NULL;
   char *context = NULL;
-  security_context_t cur_context = NULL;
-  security_context_t file_context = NULL;
-  security_context_t new_context = NULL;
+  char *cur_context = NULL;
+  char *file_context = NULL;
+  char *new_context = NULL;
   bool compute_trans = false;
 
   context_t con;
diff --git a/src/selinux.c b/src/selinux.c
index 016db1626..ae454f8a3 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -72,10 +72,10 @@ mode_to_security_class (mode_t m)
 */
 
 static int
-computecon (char const *path, mode_t mode, security_context_t * con)
+computecon (char const *path, mode_t mode, char **con)
 {
-  security_context_t scon = NULL;
-  security_context_t tcon = NULL;
+  char *scon = NULL;
+  char *tcon = NULL;
   security_class_t tclass;
   int rc = -1;
 
@@ -111,7 +111,8 @@ int
 defaultcon (char const *path, mode_t mode)
 {
   int rc = -1;
-  security_context_t scon = NULL, tcon = NULL;
+  char *scon = NULL;
+  char *tcon = NULL;
   context_t scontext = 0, tcontext = 0;
   const char *contype;
   char *constr;
@@ -182,7 +183,8 @@ restorecon_private (char const *path, bool local)
 {
   int rc = -1;
   struct stat sb;
-  security_context_t scon = NULL, tcon = NULL;
+  char *scon = NULL;
+  char *tcon = NULL;
   context_t scontext = 0, tcontext = 0;
   const char *contype;
   char *constr;
diff --git a/src/system.h b/src/system.h
index f295ad1c2..162446c11 100644
--- a/src/system.h
+++ b/src/system.h
@@ -657,3 +657,9 @@ stzncpy (char *restrict dest, char const *restrict src, size_t len)
 #ifndef ARRAY_CARDINALITY
 # define ARRAY_CARDINALITY(Array) (sizeof (Array) / sizeof *(Array))
 #endif
+
+/* Avoid const warnings by casting to more portable type.
+   This is to cater for the incorrect const function declarations
+   in selinux.h before libselinux-2.3 (May 2014).
+   When version >= 2.3 is ubiquitous remove this function.  */
+static inline char * se_const (char const * sctx) { return (char *) sctx; }
diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh
index 059c84f80..8b1328a47 100755
--- a/tests/cp/no-ctx.sh
+++ b/tests/cp/no-ctx.sh
@@ -30,7 +30,7 @@ cat > k.c <<'EOF' || framework_failure_
 #include <selinux/selinux.h>
 #include <errno.h>
 
-int getfilecon (const char *path, security_context_t *con)
+int getfilecon (const char *path, char **con)
 {
   /* Leave a marker so we can identify if the function was intercepted.  */
   fclose(fopen("preloaded", "w"));
@@ -39,7 +39,7 @@ int getfilecon (const char *path, security_context_t *con)
   return -1;
 }
 
-int lgetfilecon (const char *path, security_context_t *con)
+int lgetfilecon (const char *path, char **con)
 { return getfilecon (path, con); }
 EOF