src/shared/smack-util.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2013 Intel Corporation
   7
   8   Author: Auke Kok <auke-jan.h.kok@intel.com>
   9
  10   systemd is free software; you can redistribute it and/or modify it
  11   under the terms of the GNU Lesser General Public License as published by
  12   the Free Software Foundation; either version 2.1 of the License, or
  13   (at your option) any later version.
  14
  15   systemd is distributed in the hope that it will be useful, but
  16   WITHOUT ANY WARRANTY; without even the implied warranty of
  17   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18   Lesser General Public License for more details.
  19
  20   You should have received a copy of the GNU Lesser General Public License
  21   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  22 ***/
  23
  24 #include <unistd.h>
  25 #include <string.h>
  26 #ifdef HAVE_XATTR
  27 #include <attr/xattr.h>
  28 #endif
  29
  30 #include "smack-util.h"
  31
  32 bool use_smack(void) {
  33 #ifdef HAVE_SMACK
  34         static int use_smack_cached = -1;
  35
  36         if (use_smack_cached < 0)
  37                 use_smack_cached = access("/sys/fs/smackfs/", F_OK) >= 0;
  38
  39         return use_smack_cached;
  40 #else
  41         return false;
  42 #endif
  43
  44 }
  45
  46 int smack_label_path(const char *path, const char *label) {
  47 #ifdef HAVE_SMACK
  48         if (!use_smack())
  49                 return 0;
  50
  51         if (label)
  52                 return setxattr(path, "security.SMACK64", label, strlen(label), 0);
  53         else
  54                 return lremovexattr(path, "security.SMACK64");
  55 #else
  56         return 0;
  57 #endif
  58 }
  59
  60 int smack_label_fd(int fd, const char *label) {
  61 #ifdef HAVE_SMACK
  62         if (!use_smack())
  63                 return 0;
  64
  65         return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
  66 #else
  67         return 0;
  68 #endif
  69 }
  70
  71 int smack_label_ip_out_fd(int fd, const char *label) {
  72 #ifdef HAVE_SMACK
  73         if (!use_smack())
  74                 return 0;
  75
  76         return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
  77 #else
  78         return 0;
  79 #endif
  80 }
  81
  82 int smack_label_ip_in_fd(int fd, const char *label) {
  83 #ifdef HAVE_SMACK
  84         if (!use_smack())
  85                 return 0;
  86
  87         return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
  88 #else
  89         return 0;
  90 #endif
  91 }