4 * Copyright (C) 2004 Daniel Walsh
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 675 Mass Ave, Cambridge, MA 02139, USA.
31 #include <selinux/selinux.h>
33 #include "udev_selinux.h"
36 static security_context_t prev_scontext
= NULL
;
38 static int is_selinux_running(void)
40 static int selinux_enabled
= -1;
42 if (selinux_enabled
== -1)
43 selinux_enabled
= (is_selinux_enabled() > 0);
45 dbg("selinux=%i", selinux_enabled
);
46 return selinux_enabled
;
49 static char *get_media(const char *devname
, int mode
)
52 char procfile
[PATH_MAX
];
57 if (!(mode
&& S_IFBLK
))
60 snprintf(procfile
, PATH_MAX
, "/proc/ide/%s/media", devname
);
61 procfile
[PATH_MAX
-1] = '\0';
63 fp
= fopen(procfile
, "r");
67 if (fgets(mediabuf
, sizeof(mediabuf
), fp
) == NULL
)
70 size
= strlen(mediabuf
);
72 if (isspace(mediabuf
[size
])) {
73 mediabuf
[size
] = '\0';
79 media
= strdup(mediabuf
);
80 info("selinux_get_media(%s)='%s'\n", devname
, media
);
88 void selinux_setfilecon(const char *file
, const char *devname
, unsigned int mode
)
90 if (is_selinux_running()) {
91 security_context_t scontext
= NULL
;
95 media
= get_media(devname
, mode
);
97 ret
= matchmediacon(media
, &scontext
);
102 if (matchpathcon(file
, mode
, &scontext
) < 0) {
103 dbg("matchpathcon(%s) failed\n", file
);
107 if (setfilecon(file
, scontext
) < 0)
108 dbg("setfilecon %s failed with error '%s'", file
, strerror(errno
));
114 void selinux_setfscreatecon(const char *file
, const char *devname
, unsigned int mode
)
116 if (is_selinux_running()) {
117 security_context_t scontext
= NULL
;
121 media
= get_media(devname
, mode
);
123 ret
= matchmediacon(media
, &scontext
);
128 if (matchpathcon(file
, mode
, &scontext
) < 0) {
129 dbg("matchpathcon(%s) failed\n", file
);
133 if (setfscreatecon(scontext
) < 0)
134 dbg("setfscreatecon %s failed with error '%s'", file
, strerror(errno
));
140 void selinux_resetfscreatecon(void)
142 if (is_selinux_running()) {
143 if (setfscreatecon(prev_scontext
) < 0)
144 dbg("setfscreatecon %s failed with error '%s'", file
, strerror(errno
));
148 void selinux_init(void)
151 * record the present security context, for file-creation
152 * restoration creation purposes.
154 if (is_selinux_running()) {
155 if (getfscreatecon(&prev_scontext
) < 0) {
156 dbg("getfscreatecon failed\n");
157 prev_scontext
= NULL
;
162 void selinux_exit(void)
164 if (is_selinux_running() && prev_scontext
) {
165 freecon(prev_scontext
);
166 prev_scontext
= NULL
;