]>
git.ipfire.org Git - thirdparty/util-linux.git/blob - lib/selinux-utils.c
2 * No copyright is claimed. This code is in the public domain; do with
5 * Written by Karel Zak <kzak@redhat.com> [January 2021]
7 #include <selinux/context.h>
8 #include <selinux/selinux.h>
9 #include <selinux/label.h>
12 #include <sys/types.h>
15 #include "selinux-utils.h"
17 int ul_setfscreatecon_from_file(char *orig_file
)
19 if (is_selinux_enabled() > 0) {
20 char *scontext
= NULL
;
22 if (getfilecon(orig_file
, &scontext
) < 0)
24 if (setfscreatecon(scontext
) < 0) {
33 /* returns 1 if user has access to @class and @perm ("passwd", "chfn")
35 * or 0 if has no access -- in this case sets @user_cxt to user-context
37 int ul_selinux_has_access(const char *classstr
, const char *perm
, char **user_cxt
)
45 if (getprevcon(&user
) != 0)
48 rc
= selinux_check_access(user
, user
, classstr
, perm
, NULL
);
49 if (rc
!= 0 && user_cxt
)
54 return rc
== 0 ? 1 : 0;
57 /* return 0 on success, 0 on error; @cxt returns the default context for @path
58 * and @st_mode (stat())
60 int ul_selinux_get_default_context(const char *path
, int st_mode
, char **cxt
)
62 struct selabel_handle
*hnd
;
63 struct selinux_opt options
[SELABEL_NOPT
] = {};
68 hnd
= selabel_open(SELABEL_CTX_FILE
, options
, SELABEL_NOPT
);
72 if (selabel_lookup(hnd
, cxt
, path
, st_mode
) != 0)