]>
git.ipfire.org Git - thirdparty/util-linux.git/blob - lib/selinux-utils.c
2 * No copyright is claimed. This code is in the public domain; do with
5 * Written by Karel Zak <kzak@redhat.com> [January 2021]
7 #include <selinux/context.h>
8 #include <selinux/selinux.h>
9 #include <selinux/label.h>
12 #include <sys/types.h>
15 #include "selinux-utils.h"
17 /* set the SELinux security context used for _creating_ a new file system object
19 * returns 0 on success,
22 int ul_setfscreatecon_from_file(char *orig_file
)
24 if (is_selinux_enabled() > 0) {
25 char *scontext
= NULL
;
27 if (getfilecon(orig_file
, &scontext
) < 0)
29 if (setfscreatecon(scontext
) < 0) {
38 /* returns 1 if user has access to @class and @perm ("passwd", "chfn")
40 * or 0 if has no access -- in this case sets @user_cxt to user-context
42 int ul_selinux_has_access(const char *classstr
, const char *perm
, char **user_cxt
)
50 if (getprevcon(&user
) != 0)
53 rc
= selinux_check_access(user
, user
, classstr
, perm
, NULL
);
54 if (rc
!= 0 && user_cxt
)
59 return rc
== 0 ? 1 : 0;
62 /* Gets the default context for @path and @st_mode.
64 * returns 0 on success,
67 int ul_selinux_get_default_context(const char *path
, int st_mode
, char **cxt
)
69 struct selabel_handle
*hnd
;
70 struct selinux_opt options
[SELABEL_NOPT
] = {};
75 hnd
= selabel_open(SELABEL_CTX_FILE
, options
, SELABEL_NOPT
);
79 if (selabel_lookup(hnd
, cxt
, path
, st_mode
) != 0)