Home Explore Help
Sign In
NitoTV
/
dpkg
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: libmissing
Branches Tags
dpkg
/
lib
/
compat
/
selinux.c

selinux.c 1.9 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. /*
    2. 

  2.  * libcompat - system compatibility library
    3. 

  3.  *
    4. 

  4.  * Based on code from libselinux, Public Domain.
    5. 

  5.  * Copyright © 2014 Guillem Jover <guillem@debian.org>
    6. 

  6.  *
    7. 

  7.  * This is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * This is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
    19. 

  19.  */
    20. 

  20. 

  21. #include <config.h>
    22. 

  22. 

  23. #include <string.h>
    24. 

  24. #include <stdlib.h>
    25. 

  25. 

  26. #include <selinux/selinux.h>
    27. 

  27. #include <selinux/context.h>
    28. 

  28. 

  29. #include "compat.h"
    30. 

  30. 

  31. int
    32. 

  32. setexecfilecon(const char *filename, const char *fallback)
    33. 

  33. {
    34. 

  34. 	int rc;
    35. 

  35. 

  36. 	security_context_t curcon = NULL, newcon = NULL, filecon = NULL;
    37. 

  37. 	security_class_t seclass;
    38. 

  38. 	context_t tmpcon = NULL;
    39. 

  39. 

  40. 	if (is_selinux_enabled() < 1)
    41. 

  41. 		return 0;
    42. 

  42. 

  43. 	rc = getcon(&curcon);
    44. 

  44. 	if (rc < 0)
    45. 

  45. 		goto out;
    46. 

  46. 

  47. 	rc = getfilecon(filename, &filecon);
    48. 

  48. 	if (rc < 0)
    49. 

  49. 		goto out;
    50. 

  50. 

  51. 	seclass = string_to_security_class("process");
    52. 

  52. 	if (seclass == 0)
    53. 

  53. 		goto out;
    54. 

  54. 

  55. 	rc = security_compute_create(curcon, filecon, seclass, &newcon);
    56. 

  56. 	if (rc < 0)
    57. 

  57. 		goto out;
    58. 

  58. 

  59. 	if (strcmp(curcon, newcon) == 0) {
    60. 

  60. 		/* No default transition, use fallback for now. */
    61. 

  61. 		rc = -1;
    62. 

  62. 		tmpcon = context_new(curcon);
    63. 

  63. 		if (tmpcon == NULL)
    64. 

  64. 			goto out;
    65. 

  65. 		if (context_type_set(tmpcon, fallback))
    66. 

  66. 			goto out;
    67. 

  67. 		freecon(newcon);
    68. 

  68. 		newcon = strdup(context_str(tmpcon));
    69. 

  69. 		if (newcon == NULL)
    70. 

  70. 			goto out;
    71. 

  71. 	}
    72. 

  72. 

  73. 	rc = setexeccon(newcon);
    74. 

  74. 

  75. out:
    76. 

  76. 	if (rc < 0 && security_getenforce() == 0)
    77. 

  77. 		rc = 0;
    78. 

  78. 

  79. 	context_free(tmpcon);
    80. 

  80. 	freecon(newcon);
    81. 

  81. 	freecon(curcon);
    82. 

  82. 	freecon(filecon);
    83. 

  83. 

  84. 	return rc;
    85. 

  85. }
    86. 

  86.