From: Ivan Kruglov <mail@ikruglov.com>
Date: Thu, 3 Jul 2025 11:53:23 +0000 (-0700)
Subject: selinux-util: mac_selinux_get_peer_label()
X-Git-Tag: v258-rc1~106^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=204e3cb6c831524c0caa754745280884f264529b;p=thirdparty%2Fsystemd.git

selinux-util: mac_selinux_get_peer_label()
---

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index baf5dc5c4a4..439494f82b5 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -471,6 +471,32 @@ int mac_selinux_get_our_label(char **ret_label) {
 #endif
 }
 
+int mac_selinux_get_peer_label(int socket_fd, char **ret_label) {
+        assert(socket_fd >= 0);
+        assert(ret_label);
+
+#if HAVE_SELINUX
+        int r;
+
+        r = selinux_init(/* force= */ false);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return -EOPNOTSUPP;
+
+        _cleanup_freecon_ char *con = NULL;
+        if (getpeercon_raw(socket_fd, &con) < 0)
+                return -errno;
+        if (!con)
+                return -EOPNOTSUPP;
+
+        *ret_label = TAKE_PTR(con);
+        return 0;
+#else
+        return -EOPNOTSUPP;
+#endif
+}
+
 int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **ret_label) {
 #if HAVE_SELINUX
         _cleanup_freecon_ char *mycon = NULL, *peercon = NULL, *fcon = NULL;
diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h
index a9180c4c996..1ba1ad1407b 100644
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -35,6 +35,7 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label);
 
 int mac_selinux_get_create_label_from_exe(const char *exe, char **ret_label);
 int mac_selinux_get_our_label(char **ret_label);
+int mac_selinux_get_peer_label(int socket_fd, char **ret_label);
 int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **ret_label);
 
 int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode);
diff --git a/src/test/test-selinux.c b/src/test/test-selinux.c
index e51b3a283b1..93e30896b7e 100644
--- a/src/test/test-selinux.c
+++ b/src/test/test-selinux.c
@@ -53,7 +53,7 @@ static void test_cleanup(void) {
 }
 
 static void test_misc(const char* fname) {
-        _cleanup_freecon_ char *label = NULL, *label2 = NULL, *label3 = NULL;
+        _cleanup_freecon_ char *label = NULL, *label2 = NULL, *label3 = NULL, *label4 = NULL;
         int r;
         _cleanup_close_ int fd = -EBADF;
 
@@ -73,6 +73,10 @@ static void test_misc(const char* fname) {
         r = mac_selinux_get_child_mls_label(fd, fname, label2, &label3);
         log_info_errno(r, "mac_selinux_get_child_mls_label → %d, \"%s\" (%m)",
                        r, strnull(label3));
+
+        r = mac_selinux_get_peer_label(fd, &label4);
+        log_info_errno(r, "mac_selinux_get_peer_label → %d, \"%s\" (%m)",
+                       r, strnull(label4));
 }
 
 static void test_create_file_prepare(const char* fname) {