mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
libudev: add selinux
This commit is contained in:
parent
6b12bdb624
commit
4f4b12c203
@ -5,7 +5,8 @@ udevhome_PROGRAMS = \
|
||||
AM_CPPFLAGS = \
|
||||
-DSYSCONFDIR=\""$(sysconfdir)"\" \
|
||||
-DUDEV_PREFIX=\""$(udev_prefix)"\" \
|
||||
-D_LIBUDEV_COMPILATION
|
||||
-D_LIBUDEV_COMPILATION \
|
||||
-UUSE_SELINUX
|
||||
|
||||
ata_id_SOURCES = \
|
||||
ata_id.c \
|
||||
@ -16,9 +17,13 @@ ata_id_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c
|
||||
|
||||
if USE_SELINUX
|
||||
ata_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
ata_id.8
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
@ -20,9 +20,13 @@ cdrom_id_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c
|
||||
|
||||
if USE_SELINUX
|
||||
cdrom_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
cdrom_id.8
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
@ -20,9 +20,13 @@ edd_id_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c
|
||||
|
||||
if USE_SELINUX
|
||||
edd_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
edd_id.8
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
@ -16,10 +16,8 @@ create_floppy_devices_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c \
|
||||
../../udev/udev_utils_file.c
|
||||
if USE_SELINUX
|
||||
create_floppy_devices_SOURCES += \
|
||||
../../udev/udev_selinux.c
|
||||
|
||||
if USE_SELINUX
|
||||
create_floppy_devices_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
@ -29,4 +27,3 @@ dist_man_MANS = \
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
@ -25,7 +25,6 @@
|
||||
#include <grp.h>
|
||||
|
||||
#include "../../udev/udev.h"
|
||||
#include "../../udev/udev_selinux.h"
|
||||
|
||||
static char *table[] = {
|
||||
"", "d360", "h1200", "u360", "u720", "h360", "h720",
|
||||
@ -145,8 +144,6 @@ int main(int argc, char **argv)
|
||||
if (type == 0)
|
||||
return 0;
|
||||
|
||||
selinux_init(udev);
|
||||
|
||||
i = 0;
|
||||
while (table_sup[type][i]) {
|
||||
sprintf(node, "%s%s", dev, table[table_sup[type][i]]);
|
||||
@ -155,16 +152,15 @@ int main(int argc, char **argv)
|
||||
printf("%s b %d %d %d\n", node, mode, major, minor);
|
||||
if (create_nodes) {
|
||||
unlink(node);
|
||||
selinux_setfscreatecon(udev, node, NULL, S_IFBLK | mode);
|
||||
udev_selinux_setfscreatecon(udev, node, S_IFBLK | mode);
|
||||
mknod(node, S_IFBLK | mode, makedev(major,minor));
|
||||
selinux_resetfscreatecon(udev);
|
||||
udev_selinux_resetfscreatecon(udev);
|
||||
chown(node, uid, gid);
|
||||
chmod(node, S_IFBLK | mode);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
|
||||
selinux_exit(udev);
|
||||
udev_unref(udev);
|
||||
exit:
|
||||
return 0;
|
||||
|
@ -20,6 +20,11 @@ fstab_import_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c
|
||||
|
||||
if USE_SELINUX
|
||||
fstab_import_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
@ -20,6 +20,11 @@ scsi_id_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c
|
||||
|
||||
if USE_SELINUX
|
||||
scsi_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_sysconf_DATA = \
|
||||
scsi_id.config
|
||||
|
||||
|
@ -16,6 +16,11 @@ usb_id_SOURCES = \
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_utils_string.c
|
||||
|
||||
if USE_SELINUX
|
||||
usb_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
@ -22,6 +22,11 @@ vol_id_SOURCES = \
|
||||
vol_id_LDADD = \
|
||||
lib/libvolume_id.la
|
||||
|
||||
if USE_SELINUX
|
||||
vol_id_LDADD += \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
vol_id.8
|
||||
|
||||
|
@ -20,7 +20,6 @@ common_files = \
|
||||
logging.h \
|
||||
udev.h \
|
||||
udev_rules.h \
|
||||
udev_selinux.h \
|
||||
udev_sysdeps.h \
|
||||
udev_db.c \
|
||||
udev_device.c \
|
||||
@ -41,11 +40,7 @@ common_files = \
|
||||
lib/libudev-utils.c \
|
||||
lib/libudev-ctrl.c
|
||||
|
||||
|
||||
if USE_SELINUX
|
||||
common_files += \
|
||||
udev_selinux.c
|
||||
|
||||
common_ldadd += \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
@ -38,11 +38,6 @@ libudev_la_SOURCES =\
|
||||
../udev_db.c \
|
||||
../udev_sysdeps.c
|
||||
|
||||
if USE_SELINUX
|
||||
libudev_la_SOURCES += \
|
||||
../udev_selinux.c
|
||||
endif
|
||||
|
||||
libudev_la_LDFLAGS = \
|
||||
-version-info $(LIBUDEV_LT_CURRENT):$(LIBUDEV_LT_REVISION):$(LIBUDEV_LT_AGE) \
|
||||
-export-symbols $(top_srcdir)/udev/lib/exported_symbols
|
||||
|
@ -27,6 +27,9 @@
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#ifdef USE_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
|
||||
#include "libudev.h"
|
||||
#include "libudev-private.h"
|
||||
@ -41,6 +44,10 @@ struct udev {
|
||||
char *dev_path;
|
||||
char *rules_path;
|
||||
int log_priority;
|
||||
#ifdef USE_SELINUX
|
||||
int selinux_enabled;
|
||||
security_context_t selinux_prev_scontext;
|
||||
#endif
|
||||
int run:1;
|
||||
};
|
||||
|
||||
@ -66,6 +73,78 @@ static void log_stderr(struct udev *udev,
|
||||
vfprintf(stderr, format, args);
|
||||
}
|
||||
|
||||
static void selinux_init(struct udev *udev)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
/*
|
||||
* record the present security context, for file-creation
|
||||
* restoration creation purposes.
|
||||
*/
|
||||
udev->selinux_enabled = (is_selinux_enabled() > 0);
|
||||
if (udev->selinux_enabled) {
|
||||
matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
|
||||
if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
|
||||
err(udev, "getfscreatecon failed\n");
|
||||
udev->selinux_prev_scontext = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static void selinux_exit(struct udev *udev)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (udev->selinux_enabled) {
|
||||
freecon(udev->selinux_prev_scontext);
|
||||
udev->selinux_prev_scontext = NULL;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (udev->selinux_enabled) {
|
||||
security_context_t scontext = NULL;
|
||||
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
if (lsetfilecon(file, scontext) < 0)
|
||||
err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
|
||||
freecon(scontext);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (udev->selinux_enabled) {
|
||||
security_context_t scontext = NULL;
|
||||
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
if (setfscreatecon(scontext) < 0)
|
||||
err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
|
||||
freecon(scontext);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void udev_selinux_resetfscreatecon(struct udev *udev)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (udev->selinux_enabled) {
|
||||
if (setfscreatecon(udev->selinux_prev_scontext) < 0)
|
||||
err(udev, "setfscreatecon failed: %s\n", strerror(errno));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
* udev_new:
|
||||
*
|
||||
@ -88,9 +167,8 @@ struct udev *udev_new(void)
|
||||
return NULL;
|
||||
memset(udev, 0x00, (sizeof(struct udev)));
|
||||
|
||||
selinux_init(udev);
|
||||
sysfs_init();
|
||||
|
||||
/* defaults */
|
||||
udev->refcount = 1;
|
||||
udev->log_fn = log_stderr;
|
||||
udev->log_priority = LOG_ERR;
|
||||
@ -270,6 +348,7 @@ void udev_unref(struct udev *udev)
|
||||
if (udev->refcount > 0)
|
||||
return;
|
||||
sysfs_cleanup();
|
||||
selinux_exit(udev);
|
||||
free(udev->dev_path);
|
||||
free(udev->sys_path);
|
||||
free(udev->rules_path);
|
||||
|
@ -40,6 +40,9 @@ extern int udev_get_log_priority(struct udev *udev);
|
||||
extern void udev_set_log_priority(struct udev *udev, int priority);
|
||||
extern const char *udev_get_sys_path(struct udev *udev);
|
||||
extern const char *udev_get_dev_path(struct udev *udev);
|
||||
extern void udev_selinux_resetfscreatecon(struct udev *udev);
|
||||
extern void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode);
|
||||
extern void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode);
|
||||
|
||||
struct udev_device;
|
||||
extern struct udev_device *udev_device_new_from_devpath(struct udev *udev, const char *devpath);
|
||||
|
@ -33,7 +33,6 @@
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_rules.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
static void asmlinkage sig_handler(int signum)
|
||||
{
|
||||
@ -63,7 +62,6 @@ int main(int argc, char *argv[])
|
||||
if (udev == NULL)
|
||||
exit(1);
|
||||
dbg(udev, "version %s\n", VERSION);
|
||||
selinux_init(udev);
|
||||
|
||||
/* set signal handlers */
|
||||
memset(&act, 0x00, sizeof(act));
|
||||
@ -135,7 +133,6 @@ int main(int argc, char *argv[])
|
||||
fail:
|
||||
udev_rules_cleanup(&rules);
|
||||
sysfs_cleanup();
|
||||
selinux_exit(udev);
|
||||
exit:
|
||||
udev_unref(udev);
|
||||
if (retval != 0)
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2003 Greg Kroah-Hartman <greg@kroah.com>
|
||||
* Copyright (C) 2003-2006 Kay Sievers <kay.sievers@vrfy.org>
|
||||
* Copyright (C) 2003-2008 Kay Sievers <kay.sievers@vrfy.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -31,8 +31,6 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
|
||||
static size_t devpath_to_db_path(struct udev *udev, const char *devpath, char *filename, size_t len)
|
||||
{
|
||||
@ -147,9 +145,9 @@ int udev_db_add_device(struct udevice *udevice)
|
||||
!udevice->partitions && !udevice->ignore_remove) {
|
||||
int ret;
|
||||
dbg(udevice->udev, "nothing interesting to store, create symlink\n");
|
||||
selinux_setfscreatecon(udevice->udev, filename, NULL, S_IFLNK);
|
||||
udev_selinux_setfscreatecon(udevice->udev, filename, S_IFLNK);
|
||||
ret = symlink(udevice->name, filename);
|
||||
selinux_resetfscreatecon(udevice->udev);
|
||||
udev_selinux_resetfscreatecon(udevice->udev);
|
||||
if (ret != 0) {
|
||||
err(udevice->udev, "unable to create db link '%s': %s\n", filename, strerror(errno));
|
||||
return -1;
|
||||
|
@ -31,7 +31,6 @@
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_rules.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
#define TMP_FILE_EXT ".udev-tmp"
|
||||
|
||||
@ -51,15 +50,15 @@ int udev_node_mknod(struct udevice *udevice, const char *file, dev_t devt, mode_
|
||||
if (((stats.st_mode & S_IFMT) == (mode & S_IFMT)) && (stats.st_rdev == devt)) {
|
||||
info(udevice->udev, "preserve file '%s', because it has correct dev_t\n", file);
|
||||
preserve = 1;
|
||||
selinux_setfilecon(udevice->udev, file, udevice->dev->kernel, mode);
|
||||
udev_selinux_lsetfilecon(udevice->udev, file, mode);
|
||||
} else {
|
||||
info(udevice->udev, "atomically replace existing file '%s'\n", file);
|
||||
strlcpy(file_tmp, file, sizeof(file_tmp));
|
||||
strlcat(file_tmp, TMP_FILE_EXT, sizeof(file_tmp));
|
||||
unlink(file_tmp);
|
||||
selinux_setfscreatecon(udevice->udev, file_tmp, udevice->dev->kernel, mode);
|
||||
udev_selinux_setfscreatecon(udevice->udev, file_tmp, mode);
|
||||
err = mknod(file_tmp, mode, devt);
|
||||
selinux_resetfscreatecon(udevice->udev);
|
||||
udev_selinux_resetfscreatecon(udevice->udev);
|
||||
if (err != 0) {
|
||||
err(udevice->udev, "mknod(%s, %#o, %u, %u) failed: %s\n",
|
||||
file_tmp, mode, major(devt), minor(devt), strerror(errno));
|
||||
@ -73,9 +72,9 @@ int udev_node_mknod(struct udevice *udevice, const char *file, dev_t devt, mode_
|
||||
}
|
||||
} else {
|
||||
info(udevice->udev, "mknod(%s, %#o, (%u,%u))\n", file, mode, major(devt), minor(devt));
|
||||
selinux_setfscreatecon(udevice->udev, file, udevice->dev->kernel, mode);
|
||||
udev_selinux_setfscreatecon(udevice->udev, file, mode);
|
||||
err = mknod(file, mode, devt);
|
||||
selinux_resetfscreatecon(udevice->udev);
|
||||
udev_selinux_resetfscreatecon(udevice->udev);
|
||||
if (err != 0) {
|
||||
err(udevice->udev, "mknod(%s, %#o, (%u,%u) failed: %s\n",
|
||||
file, mode, major(devt), minor(devt), strerror(errno));
|
||||
@ -151,16 +150,16 @@ static int node_symlink(struct udevice *udevice, const char *node, const char *s
|
||||
buf[len] = '\0';
|
||||
if (strcmp(target, buf) == 0) {
|
||||
info(udevice->udev, "preserve already existing symlink '%s' to '%s'\n", slink, target);
|
||||
selinux_setfilecon(udevice->udev, slink, NULL, S_IFLNK);
|
||||
udev_selinux_lsetfilecon(udevice->udev, slink, S_IFLNK);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
info(udevice->udev, "creating symlink '%s' to '%s'\n", slink, target);
|
||||
selinux_setfscreatecon(udevice->udev, slink, NULL, S_IFLNK);
|
||||
udev_selinux_setfscreatecon(udevice->udev, slink, S_IFLNK);
|
||||
retval = symlink(target, slink);
|
||||
selinux_resetfscreatecon(udevice->udev);
|
||||
udev_selinux_resetfscreatecon(udevice->udev);
|
||||
if (retval == 0)
|
||||
goto exit;
|
||||
}
|
||||
@ -169,9 +168,9 @@ static int node_symlink(struct udevice *udevice, const char *node, const char *s
|
||||
strlcpy(slink_tmp, slink, sizeof(slink_tmp));
|
||||
strlcat(slink_tmp, TMP_FILE_EXT, sizeof(slink_tmp));
|
||||
unlink(slink_tmp);
|
||||
selinux_setfscreatecon(udevice->udev, slink, NULL, S_IFLNK);
|
||||
udev_selinux_setfscreatecon(udevice->udev, slink, S_IFLNK);
|
||||
retval = symlink(target, slink_tmp);
|
||||
selinux_resetfscreatecon(udevice->udev);
|
||||
udev_selinux_resetfscreatecon(udevice->udev);
|
||||
if (retval != 0) {
|
||||
err(udevice->udev, "symlink(%s, %s) failed: %s\n", target, slink_tmp, strerror(errno));
|
||||
goto exit;
|
||||
|
@ -35,7 +35,6 @@
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_rules.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
extern char **environ;
|
||||
|
||||
|
@ -30,7 +30,6 @@
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_rules.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
|
||||
void udev_rules_iter_init(struct udev_rules_iter *iter, struct udev_rules *rules)
|
||||
@ -756,9 +755,9 @@ int udev_rules_init(struct udev *udev, struct udev_rules *rules, int resolve_nam
|
||||
strlcat(filename, "/.udev/rules.d", sizeof(filename));
|
||||
if (stat(filename, &statbuf) != 0) {
|
||||
create_path(udev, filename);
|
||||
selinux_setfscreatecon(udev, filename, NULL, S_IFDIR|0755);
|
||||
udev_selinux_setfscreatecon(udev, filename, S_IFDIR|0755);
|
||||
mkdir(filename, 0755);
|
||||
selinux_resetfscreatecon(udev);
|
||||
udev_selinux_resetfscreatecon(udev);
|
||||
}
|
||||
add_matching_files(udev, &sort_list, filename, ".rules");
|
||||
|
||||
|
@ -1,175 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2004 Daniel Walsh
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <stddef.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <fcntl.h>
|
||||
#include <ctype.h>
|
||||
#include <limits.h>
|
||||
#include <errno.h>
|
||||
#include <sys/stat.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
static security_context_t prev_scontext = NULL;
|
||||
|
||||
static int is_selinux_running(struct udev *udev)
|
||||
{
|
||||
static int selinux_enabled = -1;
|
||||
|
||||
if (selinux_enabled == -1)
|
||||
selinux_enabled = (is_selinux_enabled() > 0);
|
||||
|
||||
dbg(udev, "selinux=%i\n", selinux_enabled);
|
||||
return selinux_enabled;
|
||||
}
|
||||
|
||||
static char *get_media(struct udev *udev, const char *devname, int mode)
|
||||
{
|
||||
FILE *fp;
|
||||
char procfile[PATH_MAX];
|
||||
char mediabuf[256];
|
||||
int size;
|
||||
char *media = NULL;
|
||||
|
||||
if (!(mode & S_IFBLK))
|
||||
return NULL;
|
||||
|
||||
snprintf(procfile, PATH_MAX, "/proc/ide/%s/media", devname);
|
||||
procfile[PATH_MAX-1] = '\0';
|
||||
|
||||
fp = fopen(procfile, "r");
|
||||
if (!fp)
|
||||
goto out;
|
||||
|
||||
if (fgets(mediabuf, sizeof(mediabuf), fp) == NULL)
|
||||
goto close_out;
|
||||
|
||||
size = strlen(mediabuf);
|
||||
while (size-- > 0) {
|
||||
if (isspace(mediabuf[size])) {
|
||||
mediabuf[size] = '\0';
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
media = strdup(mediabuf);
|
||||
info(udev, "selinux_get_media(%s)='%s'\n", devname, media);
|
||||
|
||||
close_out:
|
||||
fclose(fp);
|
||||
out:
|
||||
return media;
|
||||
}
|
||||
|
||||
void selinux_setfilecon(struct udev *udev, const char *file, const char *devname, unsigned int mode)
|
||||
{
|
||||
if (is_selinux_running(udev)) {
|
||||
security_context_t scontext = NULL;
|
||||
char *media;
|
||||
int ret = -1;
|
||||
|
||||
if (devname) {
|
||||
media = get_media(udev, devname, mode);
|
||||
if (media) {
|
||||
ret = matchmediacon(media, &scontext);
|
||||
free(media);
|
||||
}
|
||||
}
|
||||
|
||||
if (ret < 0)
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
|
||||
if (lsetfilecon(file, scontext) < 0)
|
||||
err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
|
||||
|
||||
freecon(scontext);
|
||||
}
|
||||
}
|
||||
|
||||
void selinux_setfscreatecon(struct udev *udev, const char *file, const char *devname, unsigned int mode)
|
||||
{
|
||||
if (is_selinux_running(udev)) {
|
||||
security_context_t scontext = NULL;
|
||||
char *media;
|
||||
int ret = -1;
|
||||
|
||||
if (devname) {
|
||||
media = get_media(udev, devname, mode);
|
||||
if (media) {
|
||||
ret = matchmediacon(media, &scontext);
|
||||
free(media);
|
||||
}
|
||||
}
|
||||
|
||||
if (ret < 0)
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
|
||||
if (setfscreatecon(scontext) < 0)
|
||||
err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
|
||||
|
||||
freecon(scontext);
|
||||
}
|
||||
}
|
||||
|
||||
void selinux_resetfscreatecon(struct udev *udev)
|
||||
{
|
||||
if (is_selinux_running(udev)) {
|
||||
if (setfscreatecon(prev_scontext) < 0)
|
||||
err(udev, "setfscreatecon failed: %s\n", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
void selinux_init(struct udev *udev)
|
||||
{
|
||||
/*
|
||||
* record the present security context, for file-creation
|
||||
* restoration creation purposes.
|
||||
*/
|
||||
if (is_selinux_running(udev)) {
|
||||
if (!udev_get_dev_path(udev)[0])
|
||||
err(udev, "selinux_init: udev_root not set\n");
|
||||
matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
|
||||
if (getfscreatecon(&prev_scontext) < 0) {
|
||||
err(udev, "getfscreatecon failed\n");
|
||||
prev_scontext = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void selinux_exit(struct udev *udev)
|
||||
{
|
||||
if (is_selinux_running(udev) && prev_scontext) {
|
||||
freecon(prev_scontext);
|
||||
prev_scontext = NULL;
|
||||
}
|
||||
}
|
@ -1,35 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2004 Daniel Walsh
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
*/
|
||||
#ifndef _UDEV_SELINUX_H
|
||||
#define _UDEV_SELINUX_H
|
||||
|
||||
#ifdef USE_SELINUX
|
||||
extern void selinux_setfilecon(struct udev *udev, const char *file, const char *devname, unsigned int mode);
|
||||
extern void selinux_setfscreatecon(struct udev *udev, const char *file, const char *devname, unsigned int mode);
|
||||
extern void selinux_resetfscreatecon(struct udev *udev);
|
||||
extern void selinux_init(struct udev *udev);
|
||||
extern void selinux_exit(struct udev *udev);
|
||||
#else
|
||||
static inline void selinux_setfilecon(struct udev *udev, const char *file, const char *devname, unsigned int mode) {}
|
||||
static inline void selinux_setfscreatecon(struct udev *udev, const char *file, const char *devname, unsigned int mode) {}
|
||||
static inline void selinux_resetfscreatecon(struct udev *udev) {}
|
||||
static inline void selinux_init(struct udev *udev) {}
|
||||
static inline void selinux_exit(struct udev *udev) {}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -30,7 +30,6 @@
|
||||
#include <sys/mman.h>
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
int create_path(struct udev *udev, const char *path)
|
||||
{
|
||||
@ -56,9 +55,9 @@ int create_path(struct udev *udev, const char *path)
|
||||
return -1;
|
||||
|
||||
dbg(udev, "mkdir '%s'\n", p);
|
||||
selinux_setfscreatecon(udev, p, NULL, S_IFDIR|0755);
|
||||
udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755);
|
||||
ret = mkdir(p, 0755);
|
||||
selinux_resetfscreatecon(udev);
|
||||
udev_selinux_resetfscreatecon(udev);
|
||||
if (ret == 0)
|
||||
return 0;
|
||||
|
||||
|
@ -47,7 +47,6 @@
|
||||
|
||||
#include "udev.h"
|
||||
#include "udev_rules.h"
|
||||
#include "udev_selinux.h"
|
||||
|
||||
#define UDEVD_PRIORITY -4
|
||||
#define UDEV_PRIORITY -2
|
||||
@ -189,9 +188,9 @@ static void export_event_state(struct udevd_uevent_msg *msg, enum event_state st
|
||||
unlink(filename_failed);
|
||||
delete_path(msg->udev, filename_failed);
|
||||
create_path(msg->udev, filename);
|
||||
selinux_setfscreatecon(msg->udev, filename, NULL, S_IFLNK);
|
||||
udev_selinux_setfscreatecon(msg->udev, filename, S_IFLNK);
|
||||
symlink(msg->devpath, filename);
|
||||
selinux_resetfscreatecon(msg->udev);
|
||||
udev_selinux_resetfscreatecon(msg->udev);
|
||||
break;
|
||||
case EVENT_FINISHED:
|
||||
if (msg->devpath_old != NULL) {
|
||||
@ -804,8 +803,6 @@ int main(int argc, char *argv[])
|
||||
|
||||
logging_init("udevd");
|
||||
udev_set_log_fn(udev, log_fn);
|
||||
|
||||
selinux_init(udev);
|
||||
dbg(udev, "version %s\n", VERSION);
|
||||
|
||||
while (1) {
|
||||
@ -1107,7 +1104,6 @@ int main(int argc, char *argv[])
|
||||
exit:
|
||||
udev_rules_cleanup(&rules);
|
||||
sysfs_cleanup();
|
||||
selinux_exit(udev);
|
||||
|
||||
if (signal_pipe[READ_END] >= 0)
|
||||
close(signal_pipe[READ_END]);
|
||||
|
Loading…
Reference in New Issue
Block a user