toybox/lib/lsm.h
<<
>>
Prefs 
   1/* lsm.h - header file for lib directory
   2 *
   3 * Copyright 2015 Rob Landley <rob@landley.net>
   4 */
   5
   6#if CFG_TOYBOX_SELINUX
   7#include <selinux/selinux.h>
   8#else
   9#define is_selinux_enabled() 0
  10#define setfscreatecon(...) (-1)
  11#define getcon(...) (-1)
  12#define getfilecon(...) (-1)
  13#define lgetfilecon(...) (-1)
  14#define fgetfilecon(...) (-1)
  15#define setfilecon(...) (-1)
  16#define lsetfilecon(...) (-1)
  17#define fsetfilecon(...) (-1)
  18#endif
  19
  20#if CFG_TOYBOX_SMACK
  21#include <sys/smack.h>
  22#include <linux/xattr.h>
  23#else
  24#ifndef XATTR_NAME_SMACK
  25#define XATTR_NAME_SMACK 0
  26#endif
  27#define smack_smackfs_path(...) (-1)
  28#define smack_new_label_from_self(...) (-1)
  29#define smack_new_label_from_path(...) (-1)
  30#define smack_new_label_from_file(...) (-1)
  31#define smack_set_label_for_self(...) (-1)
  32#define smack_set_label_for_path(...) (-1)
  33#define smack_set_label_for_file(...) (-1)
  34#endif
  35
  36// This turns into "return 0" when no LSM and lets code optimize out.
  37static inline int lsm_enabled(void)
  38{
  39  if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
  40  else return is_selinux_enabled() == 1;
  41}
  42
  43static inline char *lsm_name(void)
  44{
  45  if (CFG_TOYBOX_SMACK) return "Smack";
  46  if (CFG_TOYBOX_SELINUX) return "SELinux";
  47
  48  return "LSM";
  49}
  50
  51// Fetch this process's lsm context
  52static inline char *lsm_context(void)
  53{
  54  int ok = 0;
  55  char *result = 0;
  56
  57  if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
  58  else ok = getcon(&result) == 0;
  59
  60  return ok ? result : strdup("?");
  61}
  62
  63// Set default label to apply to newly created stuff (NULL to clear it)
  64static inline int lsm_set_create(char *context)
  65{
  66  if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context);
  67  else return setfscreatecon(context);
  68}
  69
  70// Label a file, following symlinks
  71static inline int lsm_set_context(char *filename, char *context)
  72{
  73  if (CFG_TOYBOX_SMACK)
  74    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
  75  else return setfilecon(filename, context);
  76}
  77
  78// Label a file, don't follow symlinks
  79static inline int lsm_lset_context(char *filename, char *context)
  80{
  81  if (CFG_TOYBOX_SMACK)
  82    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
  83  else return lsetfilecon(filename, context);
  84}
  85
  86// Label a file by filehandle
  87static inline int lsm_fset_context(int file, char *context)
  88{
  89  if (CFG_TOYBOX_SMACK)
  90    return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
  91  else return fsetfilecon(file, context);
  92}
  93
  94// returns -1 in case of error or else the length of the context */
  95// context can be NULL to get the length only */
  96static inline int lsm_get_context(char *filename, char **context)
  97{
  98  if (CFG_TOYBOX_SMACK)
  99    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
 100  else return getfilecon(filename, context);
 101}
 102
 103static inline int lsm_lget_context(char *filename, char **context)
 104{
 105  if (CFG_TOYBOX_SMACK)
 106    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
 107  else return lgetfilecon(filename, context);
 108}
 109
 110static inline int lsm_fget_context(int file, char **context)
 111{
 112  if (CFG_TOYBOX_SMACK)
 113    return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
 114  return fgetfilecon(file, context);
 115}
 116
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.