systemd/libudev/libudev-selinux-private.c

/*
 * libudev - interface to udev device information
 *
 * Copyright (C) 2008 Kay Sievers <kay.sievers@vrfy.org>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 */

#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdarg.h>
#include <unistd.h>
#include <selinux/selinux.h>

#include "libudev.h"
#include "libudev-private.h"

static int selinux_enabled;
security_context_t selinux_prev_scontext;

void udev_selinux_init(struct udev *udev)
{
	/* record the present security context */
	selinux_enabled = (is_selinux_enabled() > 0);
	info(udev, "selinux=%i\n", selinux_enabled);
	if (!selinux_enabled)
		return;
	matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
	if (getfscreatecon(&selinux_prev_scontext) < 0) {
		err(udev, "getfscreatecon failed\n");
		selinux_prev_scontext = NULL;
	}
}

void udev_selinux_exit(struct udev *udev)
{
	if (!selinux_enabled)
		return;
	freecon(selinux_prev_scontext);
	selinux_prev_scontext = NULL;
}

void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
{
	security_context_t scontext = NULL;

	if (!selinux_enabled)
		return;
	if (matchpathcon(file, mode, &scontext) < 0) {
		err(udev, "matchpathcon(%s) failed\n", file);
		return;
	}
	if (lsetfilecon(file, scontext) < 0)
		err(udev, "setfilecon %s failed: %m\n", file);
	freecon(scontext);
}

void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
{
	security_context_t scontext = NULL;

	if (!selinux_enabled)
		return;

	if (matchpathcon(file, mode, &scontext) < 0) {
		err(udev, "matchpathcon(%s) failed\n", file);
		return;
	}
	if (setfscreatecon(scontext) < 0)
		err(udev, "setfscreatecon %s failed: %m\n", file);
	freecon(scontext);
}

void udev_selinux_resetfscreatecon(struct udev *udev)
{
	if (!selinux_enabled)
		return;
	if (setfscreatecon(selinux_prev_scontext) < 0)
		err(udev, "setfscreatecon failed: %m\n");
}

void udev_selinux_setfscreateconat(struct udev *udev, int dfd, const char *file, unsigned int mode)
{
	char filename[UTIL_PATH_SIZE];

	if (!selinux_enabled)
		return;

	/* resolve relative filename */
	if (file[0] != '/') {
		char procfd[UTIL_PATH_SIZE];
		char target[UTIL_PATH_SIZE];
		ssize_t len;

		snprintf(procfd, sizeof(procfd), "/proc/%u/fd/%u", getpid(), dfd);
		len = readlink(procfd, target, sizeof(target));
		if (len <= 0 || len == sizeof(target))
			return;
		target[len] = '\0';

		util_strscpyl(filename, sizeof(filename), target, "/", file, NULL);
		file = filename;
	}
	udev_selinux_setfscreatecon(udev, file, mode);
}
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`/*`
move common stuff from udev/ to private parts of libudev/ 2009-06-10 01:05:25 +04:00			`* libudev - interface to udev device information`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`*`
move common stuff from udev/ to private parts of libudev/ 2009-06-10 01:05:25 +04:00			`* Copyright (C) 2008 Kay Sievers <kay.sievers@vrfy.org>`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`*`
move common stuff from udev/ to private parts of libudev/ 2009-06-10 01:05:25 +04:00			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU Lesser General Public`
			`* License as published by the Free Software Foundation; either`
			`* version 2.1 of the License, or (at your option) any later version.`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`*/`

			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <stddef.h>`
			`#include <stdarg.h>`
			`#include <unistd.h>`
move selinux noops to udev.h 2008-10-03 16:49:29 +04:00			`#include <selinux/selinux.h>`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00
move common stuff from udev/ to private parts of libudev/ 2009-06-10 01:05:25 +04:00			`#include "libudev.h"`
			`#include "libudev-private.h"`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00
			`static int selinux_enabled;`
			`security_context_t selinux_prev_scontext;`

selinux_init(udev) -> udev_selinux_init(udev) 2008-10-18 21:30:42 +04:00			`void udev_selinux_init(struct udev *udev)`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`{`
			`/* record the present security context */`
			`selinux_enabled = (is_selinux_enabled() > 0);`
			`info(udev, "selinux=%i\n", selinux_enabled);`
			`if (!selinux_enabled)`
			`return;`
			`matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));`
			`if (getfscreatecon(&selinux_prev_scontext) < 0) {`
			`err(udev, "getfscreatecon failed\n");`
			`selinux_prev_scontext = NULL;`
			`}`
			`}`

selinux_init(udev) -> udev_selinux_init(udev) 2008-10-18 21:30:42 +04:00			`void udev_selinux_exit(struct udev *udev)`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`{`
			`if (!selinux_enabled)`
			`return;`
			`freecon(selinux_prev_scontext);`
			`selinux_prev_scontext = NULL;`
			`}`

			`void udev_selinux_lsetfilecon(struct udev udev, const char file, unsigned int mode)`
			`{`
			`security_context_t scontext = NULL;`

			`if (!selinux_enabled)`
			`return;`
			`if (matchpathcon(file, mode, &scontext) < 0) {`
			`err(udev, "matchpathcon(%s) failed\n", file);`
			`return;`
udevd: create standard symlinks and handle /lib/udev/devices 2010-05-20 11:04:26 +04:00			`}`
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`if (lsetfilecon(file, scontext) < 0)`
			`err(udev, "setfilecon %s failed: %m\n", file);`
			`freecon(scontext);`
			`}`

			`void udev_selinux_setfscreatecon(struct udev udev, const char file, unsigned int mode)`
			`{`
			`security_context_t scontext = NULL;`

			`if (!selinux_enabled)`
			`return;`
udevd: create standard symlinks and handle /lib/udev/devices 2010-05-20 11:04:26 +04:00
libudev: get rid of selinux "Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed. 2008-10-02 20:48:40 +04:00			`if (matchpathcon(file, mode, &scontext) < 0) {`
			`err(udev, "matchpathcon(%s) failed\n", file);`
			`return;`
			`}`
			`if (setfscreatecon(scontext) < 0)`
			`err(udev, "setfscreatecon %s failed: %m\n", file);`
			`freecon(scontext);`
			`}`

			`void udev_selinux_resetfscreatecon(struct udev *udev)`
			`{`
			`if (!selinux_enabled)`
			`return;`
			`if (setfscreatecon(selinux_prev_scontext) < 0)`
			`err(udev, "setfscreatecon failed: %m\n");`
			`}`
udevd: create standard symlinks and handle /lib/udev/devices 2010-05-20 11:04:26 +04:00
udev: fix compile warning CC udev/udevd.o In file included from udev/udev.h:27, from udev/udevd.c:47: ./libudev/libudev-private.h: In function ‘udev_selinux_setfscreateconat’: ./libudev/libudev-private.h:230: warning: declaration of ‘dirfd’ shadows a global declaration /usr/include/dirent.h:224: warning: shadowed declaration is here Signed-off-by: Yin Kangkai <kangkai.yin@intel.com> Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com> 2010-08-06 11:08:51 +04:00			`void udev_selinux_setfscreateconat(struct udev udev, int dfd, const char file, unsigned int mode)`
udevd: create standard symlinks and handle /lib/udev/devices 2010-05-20 11:04:26 +04:00			`{`
			`char filename[UTIL_PATH_SIZE];`

			`if (!selinux_enabled)`
			`return;`

			`/* resolve relative filename */`
			`if (file[0] != '/') {`
			`char procfd[UTIL_PATH_SIZE];`
			`char target[UTIL_PATH_SIZE];`
			`ssize_t len;`

fix broken "compile warning fix" 2010-08-10 10:07:28 +04:00			`snprintf(procfd, sizeof(procfd), "/proc/%u/fd/%u", getpid(), dfd);`
udevd: create standard symlinks and handle /lib/udev/devices 2010-05-20 11:04:26 +04:00			`len = readlink(procfd, target, sizeof(target));`
			`if (len <= 0 \|\| len == sizeof(target))`
			`return;`
			`target[len] = '\0';`

			`util_strscpyl(filename, sizeof(filename), target, "/", file, NULL);`
			`file = filename;`
			`}`
			`udev_selinux_setfscreatecon(udev, file, mode);`
			`}`