toybox/lib/lsm.h
<<
>>
Prefs 
   1/* lsm.h - header file for lib directory
   2 *
   3 * Copyright 2015 Rob Landley <rob@landley.net>
   4 */
   5
   6#include <sys/xattr.h>
   7
   8#if CFG_TOYBOX_SELINUX
   9#include <selinux/selinux.h>
  10#else
  11#define is_selinux_enabled() 0
  12#define setfscreatecon(...) (-1)
  13#define getcon(...) (-1)
  14#define getfilecon(...) (-1)
  15#define lgetfilecon(...) (-1)
  16#define fgetfilecon(...) (-1)
  17#define setfilecon(...) (-1)
  18#define lsetfilecon(...) (-1)
  19#define fsetfilecon(...) (-1)
  20#endif
  21
  22#if CFG_TOYBOX_SMACK
  23#include <sys/smack.h>
  24#include <linux/xattr.h>
  25#else
  26#ifndef XATTR_NAME_SMACK
  27#define XATTR_NAME_SMACK 0
  28#endif
  29//ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
  30#define smack_smackfs_path(...) (-1)
  31#define smack_new_label_from_self(...) (-1)
  32#define smack_new_label_from_path(...) (-1)
  33#define smack_new_label_from_file(...) (-1)
  34#define smack_set_label_for_self(...) (-1)
  35#define smack_set_label_for_path(...) (-1)
  36#define smack_set_label_for_file(...) (-1)
  37#endif
  38
  39// This turns into "return 0" when no LSM and lets code optimize out.
  40static inline int lsm_enabled(void)
  41{
  42  if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
  43  else return is_selinux_enabled() == 1;
  44}
  45
  46static inline char *lsm_name(void)
  47{
  48  if (CFG_TOYBOX_SMACK) return "Smack";
  49  if (CFG_TOYBOX_SELINUX) return "SELinux";
  50
  51  return "LSM";
  52}
  53
  54// Fetch this process's lsm context
  55static inline char *lsm_context(void)
  56{
  57  int ok = 0;
  58  char *result = 0;
  59
  60  if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
  61  else ok = getcon(&result) == 0;
  62
  63  return ok ? result : strdup("?");
  64}
  65
  66// Set default label to apply to newly created stuff (NULL to clear it)
  67static inline int lsm_set_create(char *context)
  68{
  69  if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context);
  70  else return setfscreatecon(context);
  71}
  72
  73// Label a file, following symlinks
  74static inline int lsm_set_context(char *filename, char *context)
  75{
  76  if (CFG_TOYBOX_SMACK)
  77    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
  78  else return setfilecon(filename, context);
  79}
  80
  81// Label a file, don't follow symlinks
  82static inline int lsm_lset_context(char *filename, char *context)
  83{
  84  if (CFG_TOYBOX_SMACK)
  85    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
  86  else return lsetfilecon(filename, context);
  87}
  88
  89// Label a file by filehandle
  90static inline int lsm_fset_context(int file, char *context)
  91{
  92  if (CFG_TOYBOX_SMACK)
  93    return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
  94  else return fsetfilecon(file, context);
  95}
  96
  97// returns -1 in case of error or else the length of the context */
  98// context can be NULL to get the length only */
  99static inline int lsm_get_context(char *filename, char **context)
 100{
 101  if (CFG_TOYBOX_SMACK)
 102    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
 103  else return getfilecon(filename, context);
 104}
 105
 106static inline int lsm_lget_context(char *filename, char **context)
 107{
 108  if (CFG_TOYBOX_SMACK)
 109    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
 110  else return lgetfilecon(filename, context);
 111}
 112
 113static inline int lsm_fget_context(int file, char **context)
 114{
 115  if (CFG_TOYBOX_SMACK)
 116    return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
 117  return fgetfilecon(file, context);
 118}
 119
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.