#include "xattr-util.h"
#if ENABLE_SMACK
+
+#define SMACK_FLOOR_LABEL "_"
+#define SMACK_STAR_LABEL "*"
+
bool mac_smack_use(void) {
static int cached_use = -1;
[SMACK_ATTR_IPOUT] = "security.SMACK64IPOUT",
};
-DEFINE_STRING_TABLE_LOOKUP(smack_attr, SmackAttr);
-
-int mac_smack_read(const char *path, SmackAttr attr, char **label) {
- assert(path);
- assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
- assert(label);
-
- if (!mac_smack_use())
- return 0;
-
- return getxattr_malloc(path, smack_attr_to_string(attr), label);
-}
-
-int mac_smack_read_fd(int fd, SmackAttr attr, char **label) {
- assert(fd >= 0);
- assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
- assert(label);
-
- if (!mac_smack_use())
- return 0;
-
- return fgetxattr_malloc(fd, smack_attr_to_string(attr), label);
-}
-
-int mac_smack_apply_at(int dir_fd, const char *path, SmackAttr attr, const char *label) {
- _cleanup_close_ int fd = -EBADF;
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(smack_attr, SmackAttr);
- assert(path);
+int mac_smack_read_at(int fd, const char *path, SmackAttr attr, char **ret) {
+ assert(fd >= 0 || fd == AT_FDCWD);
assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
+ assert(ret);
- if (!mac_smack_use())
+ if (!mac_smack_use()) {
+ *ret = NULL;
return 0;
+ }
- fd = openat(dir_fd, path, O_PATH|O_CLOEXEC|O_NOFOLLOW);
- if (fd < 0)
- return -errno;
-
- return mac_smack_apply_fd(fd, attr, label);
+ return getxattr_at_malloc(fd, path, smack_attr_to_string(attr), /* at_flags = */ 0, ret);
}
-int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
- int r;
-
- assert(fd >= 0);
+int mac_smack_apply_at(int fd, const char *path, SmackAttr attr, const char *label) {
+ assert(fd >= 0 || fd == AT_FDCWD);
assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
if (!mac_smack_use())
return 0;
- if (label)
- r = setxattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr), label, strlen(label), 0);
- else
- r = removexattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr));
- if (r < 0)
- return -errno;
+ if (!label)
+ return xremovexattr(fd, path, /* at_flags = */ 0, smack_attr_to_string(attr));
- return 0;
+ return xsetxattr(fd, path, /* at_flags = */ 0, smack_attr_to_string(attr), label);
}
int mac_smack_apply_pid(pid_t pid, const char *label) {
const char *p;
- int r;
+ assert(pid >= 0);
assert(label);
if (!mac_smack_use())
return 0;
p = procfs_file_alloca(pid, "attr/current");
- r = write_string_file(p, label, WRITE_STRING_FILE_DISABLE_BUFFER);
- if (r < 0)
- return r;
-
- return r;
+ return write_string_file(p, label, WRITE_STRING_FILE_DISABLE_BUFFER);
}
static int smack_fix_fd(
else
return 0;
- if (setxattr(FORMAT_PROC_FD_PATH(fd), "security.SMACK64", label, strlen(label), 0) < 0) {
+ r = xsetxattr(fd, /* path = */ NULL, AT_EMPTY_PATH, "security.SMACK64", label);
+ if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) /* If the FS doesn't support labels, then exit without warning */
+ return 0;
+ if (r == -EROFS && FLAGS_SET(flags, LABEL_IGNORE_EROFS)) /* If the FS is read-only and we were told
+ to ignore failures caused by that,
+ suppress error */
+ return 0;
+ if (r < 0) {
+ /* If the old label is identical to the new one, suppress any kind of error */
_cleanup_free_ char *old_label = NULL;
- r = -errno;
-
- /* If the FS doesn't support labels, then exit without warning */
- if (ERRNO_IS_NOT_SUPPORTED(r))
- return 0;
-
- /* It the FS is read-only and we were told to ignore failures caused by that, suppress error */
- if (r == -EROFS && (flags & LABEL_IGNORE_EROFS))
- return 0;
-
- /* If the old label is identical to the new one, suppress any kind of error */
- if (lgetxattr_malloc(FORMAT_PROC_FD_PATH(fd), "security.SMACK64", &old_label) >= 0 &&
+ if (fgetxattr_malloc(fd, "security.SMACK64", &old_label) >= 0 &&
streq(old_label, label))
return 0;
- return log_debug_errno(r, "Unable to fix SMACK label of %s: %m", label_path);
+ return log_debug_errno(r, "Unable to fix SMACK label of '%s': %m", label_path);
}
return 0;
_cleanup_free_ char *p = NULL;
int r, inode_fd;
- assert(atfd >= 0 || atfd == AT_FDCWD);
- assert(atfd >= 0 || inode_path);
+ assert(atfd >= 0 || (atfd == AT_FDCWD && inode_path));
if (!mac_smack_use())
return 0;
if (inode_path) {
opened_fd = openat(atfd, inode_path, O_NOFOLLOW|O_CLOEXEC|O_PATH);
if (opened_fd < 0) {
- if ((flags & LABEL_IGNORE_ENOENT) && errno == ENOENT)
+ if (errno == ENOENT && FLAGS_SET(flags, LABEL_IGNORE_ENOENT))
return 0;
return -errno;
}
int mac_smack_copy(const char *dest, const char *src) {
- int r;
_cleanup_free_ char *label = NULL;
+ int r;
assert(dest);
assert(src);
return r;
}
-
-#else
-bool mac_smack_use(void) {
- return false;
-}
-
-int mac_smack_read(const char *path, SmackAttr attr, char **label) {
- return -EOPNOTSUPP;
-}
-
-int mac_smack_read_fd(int fd, SmackAttr attr, char **label) {
- return -EOPNOTSUPP;
-}
-
-int mac_smack_apply_at(int dir_fd, const char *path, SmackAttr attr, const char *label) {
- return 0;
-}
-
-int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
- return 0;
-}
-
-int mac_smack_apply_pid(pid_t pid, const char *label) {
- return 0;
-}
-
-int mac_smack_fix_full(int atfd, const char *inode_path, const char *label_path, LabelFixFlags flags) {
- return 0;
-}
-
-int mac_smack_copy(const char *dest, const char *src) {
- return 0;
-}
#endif
int renameat_and_apply_smack_floor_label(int fdf, const char *from, int fdt, const char *to) {
#include "label-util.h"
#include "macro.h"
-#define SMACK_FLOOR_LABEL "_"
-#define SMACK_STAR_LABEL "*"
-
typedef enum SmackAttr {
SMACK_ATTR_ACCESS,
SMACK_ATTR_EXEC,
_SMACK_ATTR_INVALID = -EINVAL,
} SmackAttr;
+#if ENABLE_SMACK
bool mac_smack_use(void);
-int mac_smack_init(void);
+
+int mac_smack_read_at(int fd, const char *path, SmackAttr attr, char **ret);
+int mac_smack_apply_at(int fd, const char *path, SmackAttr attr, const char *label);
+
+int mac_smack_apply_pid(pid_t pid, const char *label);
+int mac_smack_copy(const char *dest, const char *src);
int mac_smack_fix_full(int atfd, const char *inode_path, const char *label_path, LabelFixFlags flags);
-static inline int mac_smack_fix(const char *path, LabelFixFlags flags) {
- return mac_smack_fix_full(AT_FDCWD, path, path, flags);
+#else
+static inline bool mac_smack_use(void) {
+ return false;
+}
+
+static inline int mac_smack_read_at(int fd, const char *path, SmackAttr attr, char **ret) {
+ return -EOPNOTSUPP;
+}
+
+static inline int mac_smack_apply_at(int fd, const char *path, SmackAttr attr, const char *label) {
+ return 0;
+}
+
+static inline int mac_smack_apply_pid(pid_t pid, const char *label) {
+ return 0;
+}
+
+static inline int mac_smack_copy(const char *dest, const char *src) {
+ return 0;
+}
+
+static inline int mac_smack_fix_full(int atfd, const char *inode_path, const char *label_path, LabelFixFlags flags) {
+ return 0;
+}
+#endif
+
+int mac_smack_init(void);
+
+static inline int mac_smack_read(const char *path, SmackAttr attr, char **ret) {
+ return mac_smack_read_at(AT_FDCWD, path, attr, ret);
+}
+static inline int mac_smack_read_fd(int fd, SmackAttr attr, char **ret) {
+ return mac_smack_read_at(fd, NULL, attr, ret);
}
-const char* smack_attr_to_string(SmackAttr i) _const_;
-SmackAttr smack_attr_from_string(const char *s) _pure_;
-int mac_smack_read(const char *path, SmackAttr attr, char **label);
-int mac_smack_read_fd(int fd, SmackAttr attr, char **label);
-int mac_smack_apply_at(int dir_fd, const char *path, SmackAttr attr, const char *label);
static inline int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
return mac_smack_apply_at(AT_FDCWD, path, attr, label);
}
-int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
-int mac_smack_apply_pid(pid_t pid, const char *label);
-int mac_smack_copy(const char *dest, const char *src);
+static inline int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
+ return mac_smack_apply_at(fd, NULL, attr, label);
+}
+
+static inline int mac_smack_fix(const char *path, LabelFixFlags flags) {
+ return mac_smack_fix_full(AT_FDCWD, path, path, flags);
+}
int renameat_and_apply_smack_floor_label(int fdf, const char *from, int fdt, const char *to);
static inline int rename_and_apply_smack_floor_label(const char *from, const char *to) {
projects / thirdparty / systemd.git / commitdiff
