]>
Commit | Line | Data |
---|---|---|
9825617b HH |
1 | #ifndef SELINUX_H |
2 | #define SELINUX_H | |
3 | ||
4 | #ifndef USE_SELINUX | |
5 | ||
8f2f874a | 6 | static inline void selinux_setfilecon(char *file, unsigned int mode) {} |
9825617b HH |
7 | static inline void selinux_setfscreatecon(char *file, unsigned int mode) {} |
8 | static inline void selinux_init(void) {} | |
9 | static inline void selinux_restore(void) {} | |
10 | ||
11 | #else | |
12 | ||
13 | #include <selinux/selinux.h> | |
14 | #include <stdio.h> | |
15 | #include <limits.h> | |
16 | #include <ctype.h> | |
17 | ||
9825617b HH |
18 | static int selinux_enabled=-1; |
19 | static security_context_t prev_scontext=NULL; | |
20 | ||
8f2f874a GKH |
21 | static inline int is_selinux_running(void) |
22 | { | |
23 | if (selinux_enabled == -1) | |
24 | return selinux_enabled = is_selinux_enabled() > 0; | |
9825617b HH |
25 | return selinux_enabled; |
26 | } | |
27 | ||
28 | static inline int selinux_get_media(char *path, int mode, char **media) | |
29 | { | |
8f2f874a GKH |
30 | FILE *fp; |
31 | char buf[PATH_MAX]; | |
32 | char mediabuf[PATH_MAX]; | |
33 | ||
34 | *media = NULL; | |
35 | if (!(mode && S_IFBLK)) { | |
36 | return -1; | |
37 | } | |
38 | snprintf(buf,sizeof(buf), "/proc/ide/%s/media", basename(path)); | |
39 | fp=fopen(buf,"r"); | |
40 | if (fp) { | |
41 | if (fgets(mediabuf,sizeof(mediabuf), fp)) { | |
42 | int size = strlen(mediabuf); | |
43 | while (size-- > 0) { | |
44 | if (isspace(mediabuf[size])) { | |
45 | mediabuf[size]='\0'; | |
46 | } else { | |
47 | break; | |
48 | } | |
49 | } | |
50 | *media = strdup(mediabuf); | |
51 | info("selinux_get_media(%s)->%s \n", path, *media); | |
52 | } | |
53 | fclose(fp); | |
54 | return 0; | |
55 | } else { | |
56 | return -1; | |
57 | } | |
9825617b HH |
58 | } |
59 | ||
8f2f874a GKH |
60 | static inline void selinux_setfilecon(char *file, unsigned int mode) |
61 | { | |
9825617b HH |
62 | if (is_selinux_running()) { |
63 | security_context_t scontext=NULL; | |
64 | char *media; | |
65 | int ret=selinux_get_media(file, mode, &media); | |
8f2f874a | 66 | if (ret == 0) { |
9825617b HH |
67 | ret = matchmediacon(media, &scontext); |
68 | free(media); | |
69 | } | |
8f2f874a | 70 | if (ret == -1) |
9825617b HH |
71 | if (matchpathcon(file, mode, &scontext) < 0) { |
72 | dbg("matchpathcon(%s) failed\n", file); | |
73 | return; | |
74 | } | |
75 | if (setfilecon(file, scontext) < 0) | |
76 | dbg("setfiles %s failed with error '%s'", | |
77 | file, strerror(errno)); | |
78 | freecon(scontext); | |
79 | } | |
80 | } | |
81 | ||
8f2f874a GKH |
82 | static inline void selinux_setfscreatecon(char *file, unsigned int mode) |
83 | { | |
9825617b HH |
84 | int retval = 0; |
85 | security_context_t scontext=NULL; | |
86 | ||
87 | if (is_selinux_running()) { | |
88 | char *media; | |
8f2f874a GKH |
89 | int ret = selinux_get_media(file, mode, &media); |
90 | ||
91 | if (ret == 0) { | |
9825617b HH |
92 | ret = matchmediacon(media, &scontext); |
93 | free(media); | |
94 | } | |
95 | ||
8f2f874a | 96 | if (ret == -1) |
9825617b HH |
97 | if (matchpathcon(file, mode, &scontext) < 0) { |
98 | dbg("matchpathcon(%s) failed\n", file); | |
99 | return; | |
100 | } | |
101 | ||
8f2f874a | 102 | retval = setfscreatecon(scontext); |
9825617b HH |
103 | if (retval < 0) |
104 | dbg("setfiles %s failed with error '%s'", | |
105 | file, strerror(errno)); | |
106 | freecon(scontext); | |
107 | } | |
108 | } | |
8f2f874a GKH |
109 | |
110 | static inline void selinux_init(void) | |
111 | { | |
112 | /* | |
113 | * record the present security context, for file-creation | |
9825617b | 114 | * restoration creation purposes. |
9825617b | 115 | */ |
8f2f874a | 116 | if (is_selinux_running()) { |
9825617b HH |
117 | if (getfscreatecon(&prev_scontext) < 0) { |
118 | dbg("getfscreatecon failed\n"); | |
119 | } | |
8f2f874a | 120 | prev_scontext = NULL; |
9825617b HH |
121 | } |
122 | } | |
8f2f874a GKH |
123 | |
124 | static inline void selinux_restore(void) | |
125 | { | |
9825617b HH |
126 | if (is_selinux_running()) { |
127 | /* reset the file create context to its former glory */ | |
8f2f874a | 128 | if (setfscreatecon(prev_scontext) < 0) |
9825617b HH |
129 | dbg("setfscreatecon failed\n"); |
130 | if (prev_scontext) { | |
131 | freecon(prev_scontext); | |
8f2f874a | 132 | prev_scontext = NULL; |
9825617b HH |
133 | } |
134 | } | |
135 | } | |
8f2f874a | 136 | |
9825617b | 137 | #endif /* USE_SELINUX */ |
8f2f874a | 138 | |
9825617b | 139 | #endif /* SELINUX_H */ |