[thirdparty/systemd.git] / selinux.h

#ifndef SELINUX_H
#define SELINUX_H

#ifndef USE_SELINUX

static inline void selinux_setfilecon(char *file, unsigned int mode) {}
static inline void selinux_setfscreatecon(char *file, unsigned int mode) {}
static inline void selinux_init(void) {}
static inline void selinux_restore(void) {}

#else

#include <selinux/selinux.h>
#include <stdio.h>
#include <limits.h>
#include <ctype.h>

static int selinux_enabled=-1;
static security_context_t prev_scontext=NULL;

static inline int is_selinux_running(void)
{
	if (selinux_enabled == -1) 
		return selinux_enabled = is_selinux_enabled() > 0;
	return selinux_enabled;
}

static inline int selinux_get_media(char *path, int mode, char **media)
{
	FILE *fp;
	char buf[PATH_MAX];
	char mediabuf[PATH_MAX];

	*media = NULL;
	if (!(mode && S_IFBLK)) {
		return -1;
	}
	snprintf(buf,sizeof(buf), "/proc/ide/%s/media", basename(path));
	fp=fopen(buf,"r");
	if (fp) {
		if (fgets(mediabuf,sizeof(mediabuf), fp)) {
			int size = strlen(mediabuf);
			while (size-- > 0) {
				if (isspace(mediabuf[size])) {
					mediabuf[size]='\0';
				} else {
					break;
				}
			}
			*media = strdup(mediabuf);
			info("selinux_get_media(%s)->%s \n", path, *media);
		}
		fclose(fp);
		return 0;
	} else {
		return -1;
	}
}

static inline void selinux_setfilecon(char *file, unsigned int mode)
{
	if (is_selinux_running()) {
		security_context_t scontext=NULL;
		char *media;
		int ret=selinux_get_media(file, mode, &media);
		if (ret == 0) {
			ret = matchmediacon(media, &scontext);
			free(media);
		} 
		if (ret == -1)
			if (matchpathcon(file, mode, &scontext) < 0) {
				dbg("matchpathcon(%s) failed\n", file);
				return;
			} 
		if (setfilecon(file, scontext) < 0)
			dbg("setfiles %s failed with error '%s'",
			    file, strerror(errno));
		freecon(scontext);
	}
}

static inline void selinux_setfscreatecon(char *file, unsigned int mode)
{
	int retval = 0;
	security_context_t scontext=NULL;

	if (is_selinux_running()) {
		char *media;
		int ret = selinux_get_media(file, mode, &media);

		if (ret == 0) {
			ret = matchmediacon(media, &scontext);
			free(media);
		} 

		if (ret == -1) 
			if (matchpathcon(file, mode, &scontext) < 0) {
				dbg("matchpathcon(%s) failed\n", file);
				return;
			} 

		retval = setfscreatecon(scontext);
		if (retval < 0)
			dbg("setfiles %s failed with error '%s'",
			    file, strerror(errno));
		freecon(scontext);
	}
}

static inline void selinux_init(void)
{
	/* 
	 * record the present security context, for file-creation
	 * restoration creation purposes.
	 */
	if (is_selinux_running()) {
		if (getfscreatecon(&prev_scontext) < 0) {
			dbg("getfscreatecon failed\n");
		}
		prev_scontext = NULL;
	}
}

static inline void selinux_restore(void)
{
	if (is_selinux_running()) {
		/* reset the file create context to its former glory */
		if (setfscreatecon(prev_scontext) < 0)
			dbg("setfscreatecon failed\n");
		if (prev_scontext) {
			freecon(prev_scontext);
			prev_scontext = NULL;
		}
	}
}

#endif /* USE_SELINUX */

#endif /* SELINUX_H */
Commit	Line	Data
9825617b HH	1	#ifndef SELINUX_H
	2	#define SELINUX_H
	3
	4	#ifndef USE_SELINUX
	5
8f2f874a	6	static inline void selinux_setfilecon(char *file, unsigned int mode) {}
9825617b HH	7	static inline void selinux_setfscreatecon(char *file, unsigned int mode) {}
	8	static inline void selinux_init(void) {}
	9	static inline void selinux_restore(void) {}
	10
	11	#else
	12
	13	#include <selinux/selinux.h>
	14	#include <stdio.h>
	15	#include <limits.h>
	16	#include <ctype.h>
	17
9825617b HH	18	static int selinux_enabled=-1;
	19	static security_context_t prev_scontext=NULL;
	20
8f2f874a GKH	21	static inline int is_selinux_running(void)
	22	{
	23	if (selinux_enabled == -1)
	24	return selinux_enabled = is_selinux_enabled() > 0;
9825617b HH	25	return selinux_enabled;
	26	}
	27
	28	static inline int selinux_get_media(char path, int mode, char *media)
	29	{
8f2f874a GKH	30	FILE *fp;
	31	char buf[PATH_MAX];
	32	char mediabuf[PATH_MAX];
	33
	34	*media = NULL;
	35	if (!(mode && S_IFBLK)) {
	36	return -1;
	37	}
	38	snprintf(buf,sizeof(buf), "/proc/ide/%s/media", basename(path));
	39	fp=fopen(buf,"r");
	40	if (fp) {
	41	if (fgets(mediabuf,sizeof(mediabuf), fp)) {
	42	int size = strlen(mediabuf);
	43	while (size-- > 0) {
	44	if (isspace(mediabuf[size])) {
	45	mediabuf[size]='\0';
	46	} else {
	47	break;
	48	}
	49	}
	50	*media = strdup(mediabuf);
	51	info("selinux_get_media(%s)->%s \n", path, *media);
	52	}
	53	fclose(fp);
	54	return 0;
	55	} else {
	56	return -1;
	57	}
9825617b HH	58	}
9825617b HH	59
8f2f874a GKH	60	static inline void selinux_setfilecon(char *file, unsigned int mode)
8f2f874a GKH	61	{
9825617b HH	62	if (is_selinux_running()) {
	63	security_context_t scontext=NULL;
	64	char *media;
	65	int ret=selinux_get_media(file, mode, &media);
8f2f874a	66	if (ret == 0) {
9825617b HH	67	ret = matchmediacon(media, &scontext);
	68	free(media);
	69	}
8f2f874a	70	if (ret == -1)
9825617b HH	71	if (matchpathcon(file, mode, &scontext) < 0) {
	72	dbg("matchpathcon(%s) failed\n", file);
	73	return;
	74	}
	75	if (setfilecon(file, scontext) < 0)
	76	dbg("setfiles %s failed with error '%s'",
	77	file, strerror(errno));
	78	freecon(scontext);
	79	}
	80	}
	81
8f2f874a GKH	82	static inline void selinux_setfscreatecon(char *file, unsigned int mode)
8f2f874a GKH	83	{
9825617b HH	84	int retval = 0;
	85	security_context_t scontext=NULL;
	86
	87	if (is_selinux_running()) {
	88	char *media;
8f2f874a GKH	89	int ret = selinux_get_media(file, mode, &media);
	90
	91	if (ret == 0) {
9825617b HH	92	ret = matchmediacon(media, &scontext);
	93	free(media);
	94	}
	95
8f2f874a	96	if (ret == -1)
9825617b HH	97	if (matchpathcon(file, mode, &scontext) < 0) {
	98	dbg("matchpathcon(%s) failed\n", file);
	99	return;
	100	}
	101
8f2f874a	102	retval = setfscreatecon(scontext);
9825617b HH	103	if (retval < 0)
	104	dbg("setfiles %s failed with error '%s'",
	105	file, strerror(errno));
	106	freecon(scontext);
	107	}
	108	}
8f2f874a GKH	109
	110	static inline void selinux_init(void)
	111	{
	112	/*
	113	* record the present security context, for file-creation
9825617b	114	* restoration creation purposes.
9825617b	115	*/
8f2f874a	116	if (is_selinux_running()) {
9825617b HH	117	if (getfscreatecon(&prev_scontext) < 0) {
	118	dbg("getfscreatecon failed\n");
	119	}
8f2f874a	120	prev_scontext = NULL;
9825617b HH	121	}
9825617b HH	122	}
8f2f874a GKH	123
	124	static inline void selinux_restore(void)
	125	{
9825617b HH	126	if (is_selinux_running()) {
9825617b HH	127	/* reset the file create context to its former glory */
8f2f874a	128	if (setfscreatecon(prev_scontext) < 0)
9825617b HH	129	dbg("setfscreatecon failed\n");
	130	if (prev_scontext) {
	131	freecon(prev_scontext);
8f2f874a	132	prev_scontext = NULL;
9825617b HH	133	}
	134	}
	135	}
8f2f874a	136
9825617b	137	#endif /* USE_SELINUX */
8f2f874a	138
9825617b	139	#endif /* SELINUX_H */