2004-10-06 10:39:05 +04:00
# ifndef SELINUX_H
# define SELINUX_H
# ifndef USE_SELINUX
2004-10-06 10:49:50 +04:00
static inline void selinux_setfilecon ( char * file , unsigned int mode ) { }
2004-10-06 10:39:05 +04:00
static inline void selinux_setfscreatecon ( char * file , unsigned int mode ) { }
static inline void selinux_init ( void ) { }
static inline void selinux_restore ( void ) { }
# else
# include <selinux/selinux.h>
# include <stdio.h>
# include <limits.h>
# include <ctype.h>
static int selinux_enabled = - 1 ;
static security_context_t prev_scontext = NULL ;
2004-10-06 10:49:50 +04:00
static inline int is_selinux_running ( void )
{
if ( selinux_enabled = = - 1 )
return selinux_enabled = is_selinux_enabled ( ) > 0 ;
2004-10-06 10:39:05 +04:00
return selinux_enabled ;
}
static inline int selinux_get_media ( char * path , int mode , char * * media )
{
2004-10-06 10:49:50 +04:00
FILE * fp ;
char buf [ PATH_MAX ] ;
char mediabuf [ PATH_MAX ] ;
* media = NULL ;
if ( ! ( mode & & S_IFBLK ) ) {
return - 1 ;
}
snprintf ( buf , sizeof ( buf ) , " /proc/ide/%s/media " , basename ( path ) ) ;
fp = fopen ( buf , " r " ) ;
if ( fp ) {
if ( fgets ( mediabuf , sizeof ( mediabuf ) , fp ) ) {
int size = strlen ( mediabuf ) ;
while ( size - - > 0 ) {
if ( isspace ( mediabuf [ size ] ) ) {
mediabuf [ size ] = ' \0 ' ;
} else {
break ;
}
}
* media = strdup ( mediabuf ) ;
info ( " selinux_get_media(%s)->%s \n " , path , * media ) ;
}
fclose ( fp ) ;
return 0 ;
} else {
return - 1 ;
}
2004-10-06 10:39:05 +04:00
}
2004-10-06 10:49:50 +04:00
static inline void selinux_setfilecon ( char * file , unsigned int mode )
{
2004-10-06 10:39:05 +04:00
if ( is_selinux_running ( ) ) {
security_context_t scontext = NULL ;
char * media ;
int ret = selinux_get_media ( file , mode , & media ) ;
2004-10-06 10:49:50 +04:00
if ( ret = = 0 ) {
2004-10-06 10:39:05 +04:00
ret = matchmediacon ( media , & scontext ) ;
free ( media ) ;
}
2004-10-06 10:49:50 +04:00
if ( ret = = - 1 )
2004-10-06 10:39:05 +04:00
if ( matchpathcon ( file , mode , & scontext ) < 0 ) {
dbg ( " matchpathcon(%s) failed \n " , file ) ;
return ;
}
if ( setfilecon ( file , scontext ) < 0 )
dbg ( " setfiles %s failed with error '%s' " ,
file , strerror ( errno ) ) ;
freecon ( scontext ) ;
}
}
2004-10-06 10:49:50 +04:00
static inline void selinux_setfscreatecon ( char * file , unsigned int mode )
{
2004-10-06 10:39:05 +04:00
int retval = 0 ;
security_context_t scontext = NULL ;
if ( is_selinux_running ( ) ) {
char * media ;
2004-10-06 10:49:50 +04:00
int ret = selinux_get_media ( file , mode , & media ) ;
if ( ret = = 0 ) {
2004-10-06 10:39:05 +04:00
ret = matchmediacon ( media , & scontext ) ;
free ( media ) ;
}
2004-10-06 10:49:50 +04:00
if ( ret = = - 1 )
2004-10-06 10:39:05 +04:00
if ( matchpathcon ( file , mode , & scontext ) < 0 ) {
dbg ( " matchpathcon(%s) failed \n " , file ) ;
return ;
}
2004-10-06 10:49:50 +04:00
retval = setfscreatecon ( scontext ) ;
2004-10-06 10:39:05 +04:00
if ( retval < 0 )
dbg ( " setfiles %s failed with error '%s' " ,
file , strerror ( errno ) ) ;
freecon ( scontext ) ;
}
}
2004-10-06 10:49:50 +04:00
static inline void selinux_init ( void )
{
/*
* record the present security context , for file - creation
2004-10-06 10:39:05 +04:00
* restoration creation purposes .
*/
2004-10-06 10:49:50 +04:00
if ( is_selinux_running ( ) ) {
2004-10-06 10:39:05 +04:00
if ( getfscreatecon ( & prev_scontext ) < 0 ) {
dbg ( " getfscreatecon failed \n " ) ;
}
2004-10-06 10:49:50 +04:00
prev_scontext = NULL ;
2004-10-06 10:39:05 +04:00
}
}
2004-10-06 10:49:50 +04:00
static inline void selinux_restore ( void )
{
2004-10-06 10:39:05 +04:00
if ( is_selinux_running ( ) ) {
/* reset the file create context to its former glory */
2004-10-06 10:49:50 +04:00
if ( setfscreatecon ( prev_scontext ) < 0 )
2004-10-06 10:39:05 +04:00
dbg ( " setfscreatecon failed \n " ) ;
if ( prev_scontext ) {
freecon ( prev_scontext ) ;
2004-10-06 10:49:50 +04:00
prev_scontext = NULL ;
2004-10-06 10:39:05 +04:00
}
}
}
2004-10-06 10:49:50 +04:00
2004-10-06 10:39:05 +04:00
# endif /* USE_SELINUX */
2004-10-06 10:49:50 +04:00
2004-10-06 10:39:05 +04:00
# endif /* SELINUX_H */