toybox/lib/lsm.h
<<
>>
Prefs 
   1/* lsm.h - header file for lib directory
   2 *
   3 * Copyright 2015 Rob Landley <rob@landley.net>
   4 */
   5
   6#if CFG_TOYBOX_SELINUX
   7#include <selinux/selinux.h>
   8#else
   9#define is_selinux_enabled() 0
  10#define setfscreatecon(...) (-1)
  11#define getcon(...) (-1)
  12#define getfilecon(...) (-1)
  13#define lgetfilecon(...) (-1)
  14#define fgetfilecon(...) (-1)
  15#define setfilecon(...) (-1)
  16#define lsetfilecon(...) (-1)
  17#define fsetfilecon(...) (-1)
  18#endif
  19
  20#if CFG_TOYBOX_SMACK
  21#include <sys/smack.h>
  22#include <linux/xattr.h>
  23#else
  24#ifndef XATTR_NAME_SMACK
  25#define XATTR_NAME_SMACK 0
  26#endif
  27//ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
  28#define smack_smackfs_path(...) (-1)
  29#define smack_new_label_from_self(...) (-1)
  30#define smack_new_label_from_path(...) (-1)
  31#define smack_new_label_from_file(...) (-1)
  32#define smack_set_label_for_self(...) (-1)
  33#define smack_set_label_for_path(...) (-1)
  34#define smack_set_label_for_file(...) (-1)
  35#endif
  36
  37// This turns into "return 0" when no LSM and lets code optimize out.
  38static inline int lsm_enabled(void)
  39{
  40  if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
  41  else return is_selinux_enabled() == 1;
  42}
  43
  44static inline char *lsm_name(void)
  45{
  46  if (CFG_TOYBOX_SMACK) return "Smack";
  47  if (CFG_TOYBOX_SELINUX) return "SELinux";
  48
  49  return "LSM";
  50}
  51
  52// Fetch this process's lsm context
  53static inline char *lsm_context(void)
  54{
  55  int ok = 0;
  56  char *result = 0;
  57
  58  if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
  59  else ok = getcon(&result) == 0;
  60
  61  return ok ? result : strdup("?");
  62}
  63
  64// Set default label to apply to newly created stuff (NULL to clear it)
  65static inline int lsm_set_create(char *context)
  66{
  67  if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context);
  68  else return setfscreatecon(context);
  69}
  70
  71// Label a file, following symlinks
  72static inline int lsm_set_context(char *filename, char *context)
  73{
  74  if (CFG_TOYBOX_SMACK)
  75    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
  76  else return setfilecon(filename, context);
  77}
  78
  79// Label a file, don't follow symlinks
  80static inline int lsm_lset_context(char *filename, char *context)
  81{
  82  if (CFG_TOYBOX_SMACK)
  83    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
  84  else return lsetfilecon(filename, context);
  85}
  86
  87// Label a file by filehandle
  88static inline int lsm_fset_context(int file, char *context)
  89{
  90  if (CFG_TOYBOX_SMACK)
  91    return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
  92  else return fsetfilecon(file, context);
  93}
  94
  95// returns -1 in case of error or else the length of the context */
  96// context can be NULL to get the length only */
  97static inline int lsm_get_context(char *filename, char **context)
  98{
  99  if (CFG_TOYBOX_SMACK)
 100    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
 101  else return getfilecon(filename, context);
 102}
 103
 104static inline int lsm_lget_context(char *filename, char **context)
 105{
 106  if (CFG_TOYBOX_SMACK)
 107    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
 108  else return lgetfilecon(filename, context);
 109}
 110
 111static inline int lsm_fget_context(int file, char **context)
 112{
 113  if (CFG_TOYBOX_SMACK)
 114    return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
 115  return fgetfilecon(file, context);
 116}
 117
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.