[thirdparty/systemd.git] / src / shared / label-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>
#include <sys/stat.h>
#include <unistd.h>

#include "btrfs-util.h"
#include "fs-util.h"
#include "label.h"
#include "label-util.h"
#include "macro.h"
#include "selinux-util.h"
#include "smack-util.h"

int label_fix_full(
                int atfd,
                const char *inode_path, /* path of inode to apply label to */
                const char *label_path, /* path to use as database lookup key in label database (typically same as inode_path, but not always) */
                LabelFixFlags flags) {

        int r, q;

        if (atfd < 0 && atfd != AT_FDCWD)
                return -EBADF;

        if (!inode_path && atfd < 0) /* We need at least one of atfd and an inode path */
                return -EINVAL;

        /* If both atfd and inode_path are specified, we take the specified path relative to atfd which must be an fd to a dir.
         *
         * If only atfd is specified (and inode_path is NULL), we'll operated on the inode the atfd refers to.
         *
         * If atfd is AT_FDCWD then we'll operate on the inode the path refers to.
         */

        r = mac_selinux_fix_full(atfd, inode_path, label_path, flags);
        q = mac_smack_fix_full(atfd, inode_path, label_path, flags);
        if (r < 0)
                return r;
        if (q < 0)
                return q;

        return 0;
}

int symlink_label(const char *old_path, const char *new_path) {
        int r;

        assert(old_path);
        assert(new_path);

        r = mac_selinux_create_file_prepare(new_path, S_IFLNK);
        if (r < 0)
                return r;

        r = RET_NERRNO(symlink(old_path, new_path));
        mac_selinux_create_file_clear();

        if (r < 0)
                return r;

        return mac_smack_fix(new_path, 0);
}

int symlink_atomic_full_label(const char *from, const char *to, bool make_relative) {
        int r;

        assert(from);
        assert(to);

        r = mac_selinux_create_file_prepare(to, S_IFLNK);
        if (r < 0)
                return r;

        r = symlinkat_atomic_full(from, AT_FDCWD, to, make_relative);
        mac_selinux_create_file_clear();

        if (r < 0)
                return r;

        return mac_smack_fix(to, 0);
}

int mknod_label(const char *pathname, mode_t mode, dev_t dev) {
        int r;

        assert(pathname);

        r = mac_selinux_create_file_prepare(pathname, mode);
        if (r < 0)
                return r;

        r = RET_NERRNO(mknod(pathname, mode, dev));
        mac_selinux_create_file_clear();

        if (r < 0)
                return r;

        return mac_smack_fix(pathname, 0);
}

int btrfs_subvol_make_label(const char *path) {
        int r;

        assert(path);

        r = mac_selinux_create_file_prepare(path, S_IFDIR);
        if (r < 0)
                return r;

        r = btrfs_subvol_make(AT_FDCWD, path);
        mac_selinux_create_file_clear();

        if (r < 0)
                return r;

        return mac_smack_fix(path, 0);
}

static int init_internal(bool lazy) {
        int r;

        assert(!(mac_selinux_use() && mac_smack_use()));

        if (lazy)
                r = mac_selinux_init_lazy();
        else
                r = mac_selinux_init();
        if (r < 0)
                return r;

        return mac_smack_init();
}

int mac_init_lazy(void) {
        return init_internal(/* lazy=*/ true);
}

int mac_init(void) {
        return init_internal(/* lazy=*/ false);
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
e51bc1a2	2
11c3a366 TA	3	#include <errno.h>
	4	#include <sys/stat.h>
	5	#include <unistd.h>
	6
de2e28d8	7	#include "btrfs-util.h"
a3f5fd96	8	#include "fs-util.h"
a452c807	9	#include "label.h"
0690160e	10	#include "label-util.h"
93cc7779	11	#include "macro.h"
d7b8eec7 LP	12	#include "selinux-util.h"
d7b8eec7 LP	13	#include "smack-util.h"
b9c1bc28	14
03bc11d1 LP	15	int label_fix_full(
	16	int atfd,
	17	const char inode_path, / path of inode to apply label to */
	18	const char label_path, / path to use as database lookup key in label database (typically same as inode_path, but not always) */
	19	LabelFixFlags flags) {
	20
5dfc5461	21	int r, q;
b9c1bc28	22
03bc11d1 LP	23	if (atfd < 0 && atfd != AT_FDCWD)
	24	return -EBADF;
	25
	26	if (!inode_path && atfd < 0) /* We need at least one of atfd and an inode path */
	27	return -EINVAL;
	28
	29	/* If both atfd and inode_path are specified, we take the specified path relative to atfd which must be an fd to a dir.
	30	*
	31	* If only atfd is specified (and inode_path is NULL), we'll operated on the inode the atfd refers to.
	32	*
	33	* If atfd is AT_FDCWD then we'll operate on the inode the path refers to.
	34	*/
b9c1bc28	35
03bc11d1 LP	36	r = mac_selinux_fix_full(atfd, inode_path, label_path, flags);
03bc11d1 LP	37	q = mac_smack_fix_full(atfd, inode_path, label_path, flags);
5dfc5461 LP	38	if (r < 0)
	39	return r;
	40	if (q < 0)
	41	return q;
e51bc1a2	42
5dfc5461	43	return 0;
e51bc1a2	44	}
c34255bd	45
c34255bd LP	46	int symlink_label(const char old_path, const char new_path) {
	47	int r;
	48
	49	assert(old_path);
	50	assert(new_path);
	51
	52	r = mac_selinux_create_file_prepare(new_path, S_IFLNK);
	53	if (r < 0)
	54	return r;
	55
7c248223	56	r = RET_NERRNO(symlink(old_path, new_path));
c34255bd LP	57	mac_selinux_create_file_clear();
	58
	59	if (r < 0)
	60	return r;
	61
08c84981	62	return mac_smack_fix(new_path, 0);
c34255bd	63	}
de2e28d8	64
590d8100	65	int symlink_atomic_full_label(const char from, const char to, bool make_relative) {
a3f5fd96 CG	66	int r;
	67
	68	assert(from);
	69	assert(to);
	70
	71	r = mac_selinux_create_file_prepare(to, S_IFLNK);
	72	if (r < 0)
	73	return r;
	74
da9dd029	75	r = symlinkat_atomic_full(from, AT_FDCWD, to, make_relative);
a3f5fd96 CG	76	mac_selinux_create_file_clear();
	77
	78	if (r < 0)
	79	return r;
	80
	81	return mac_smack_fix(to, 0);
	82	}
	83
7a3e4dc3 CG	84	int mknod_label(const char *pathname, mode_t mode, dev_t dev) {
	85	int r;
	86
	87	assert(pathname);
	88
	89	r = mac_selinux_create_file_prepare(pathname, mode);
	90	if (r < 0)
	91	return r;
	92
7c248223	93	r = RET_NERRNO(mknod(pathname, mode, dev));
7a3e4dc3 CG	94	mac_selinux_create_file_clear();
	95
	96	if (r < 0)
	97	return r;
	98
	99	return mac_smack_fix(pathname, 0);
	100	}
	101
de2e28d8 ZJS	102	int btrfs_subvol_make_label(const char *path) {
	103	int r;
	104
	105	assert(path);
	106
	107	r = mac_selinux_create_file_prepare(path, S_IFDIR);
	108	if (r < 0)
	109	return r;
	110
e54c79cc	111	r = btrfs_subvol_make(AT_FDCWD, path);
de2e28d8 ZJS	112	mac_selinux_create_file_clear();
	113
	114	if (r < 0)
	115	return r;
	116
08c84981	117	return mac_smack_fix(path, 0);
de2e28d8	118	}
a452c807	119
0617da2e	120	static int init_internal(bool lazy) {
a452c807 DDM	121	int r;
	122
	123	assert(!(mac_selinux_use() && mac_smack_use()));
	124
0617da2e LB	125	if (lazy)
	126	r = mac_selinux_init_lazy();
	127	else
	128	r = mac_selinux_init();
a452c807 DDM	129	if (r < 0)
	130	return r;
	131
	132	return mac_smack_init();
	133	}
0617da2e LB	134
	135	int mac_init_lazy(void) {
	136	return init_internal(/* lazy=*/ true);
	137	}
	138
	139	int mac_init(void) {
	140	return init_internal(/* lazy=*/ false);
	141	}