7 #if defined(WITH_SELINUX) 8 #include <selinux/selinux.h> 9 #if defined(__LCLINT__) 11 extern void freecon( security_context_t con)
14 extern int getfilecon(
const char *path, security_context_t *con)
16 extern int lgetfilecon(
const char *path, security_context_t *con)
18 extern int fgetfilecon(
int fd, security_context_t *con)
21 extern int setfilecon(
const char *path, security_context_t con)
24 extern int lsetfilecon(
const char *path, security_context_t con)
27 extern int fsetfilecon(
int fd, security_context_t con)
31 extern int getcon( security_context_t *con)
33 extern int getexeccon( security_context_t *con)
35 extern int setexeccon(security_context_t con)
39 extern int security_check_context(security_context_t con)
42 extern int security_getenforce(
void)
46 extern int is_selinux_enabled(
void)
53 #define _RPMSX_INTERNAL 72 #if defined(WITH_SELINUX) 77 sx->fn =
_free(sx->fn);
89 if (_rpmsxPool == NULL) {
104 #if defined(WITH_SELINUX) 106 fn = selinux_file_context_path();
108 set_matchpathcon_flags(sx->flags);
111 rc = matchpathcon_init(sx->fn);
114 sx->fn =
_free(sx->fn);
137 #if defined(WITH_SELINUX) 138 static int oneshot = 0;
141 rc = is_selinux_enabled();
143 fprintf(stderr,
"<-- %s(%p) rc %d\n", __FUNCTION__, sx, rc);
153 const char * scon = NULL;
155 if (sx == NULL) sx =
rpmsxI();
157 #if defined(WITH_SELINUX) 159 static char nocon[] =
"";
160 int rc = matchpathcon(fn, mode, (security_context_t *)&scon);
167 fprintf(stderr,
"<-- %s(%p,%s,0%o) \"%s\"\n", __FUNCTION__, sx, fn, mode, scon);
173 const char * scon = NULL;
175 if (sx == NULL) sx =
rpmsxI();
178 fprintf(stderr,
"--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn);
180 #if defined(WITH_SELINUX) 182 security_context_t _con = NULL;
183 int rc = getfilecon(fn, &_con);
184 if (rc > 0 && _con != NULL)
185 scon = (
const char *) _con;
192 fprintf(stderr,
"<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon);
201 if (sx == NULL) sx =
rpmsxI();
204 fprintf(stderr,
"--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn);
206 #if defined(WITH_SELINUX) 208 security_context_t _con = (security_context_t)
210 rc = setfilecon(fn, _con);
219 fprintf(stderr,
"<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc);
225 const char * scon = NULL;
227 if (sx == NULL) sx =
rpmsxI();
230 fprintf(stderr,
"--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn);
232 #if defined(WITH_SELINUX) 234 security_context_t _con = NULL;
235 int rc = lgetfilecon(fn, &_con);
236 if (rc > 0 && _con != NULL)
237 scon = (
const char *) _con;
244 fprintf(stderr,
"<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon);
253 if (sx == NULL) sx =
rpmsxI();
256 fprintf(stderr,
"--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn);
258 #if defined(WITH_SELINUX) 260 security_context_t _con = (security_context_t)
262 rc = lsetfilecon(fn, _con);
271 fprintf(stderr,
"<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc);
279 if (sx == NULL) sx =
rpmsxI();
282 fprintf(stderr,
"--> %s(%p,%d,%p)\n", __FUNCTION__, sx, verified, argv);
284 #if defined(WITH_SELINUX) 285 rc = rpm_execcon(verified, argv[0], (
char *
const *)argv,
environ);
289 fprintf(stderr,
"<-- %s(%p,%d,%p) rc %d\n", __FUNCTION__, sx, verified, argv, rc);
static rpmsx rpmsxGetPool(rpmioPool pool)
const char * rpmsxGetfilecon(rpmsx sx, const char *fn)
Get security context for a file.
int rpmsxLsetfilecon(rpmsx sx, const char *fn, mode_t mode, const char *scon)
char * xstrdup(const char *str)
char * rpmGetPath(const char *path,...)
Return (malloc'ed) expanded, canonicalized, file path.
const char * rpmsxLgetfilecon(rpmsx sx, const char *fn)
int rpmsxEnabled(rpmsx sx)
Return SELinux enabled state.
Yet Another syslog(3) API clone.
static const char * _rpmsxI_fn
rpmioItem rpmioGetPool(rpmioPool pool, size_t size)
Get unused item from pool, or alloc a new item.
static void rpmsxFini(void *_sx)
static rpmsx rpmsxI(void)
int rpmsxExec(rpmsx sx, int verified, const char **argv)
Execute a package scriptlet within SELinux context.
rpmsx rpmsxLink(rpmsx sx)
Reference a SELinux wrapper instance.
rpmioPool rpmioNewPool(const char *name, size_t size, int limit, int flags, char *(*dbg)(void *item), void(*init)(void *item), void(*fini)(void *item))
Create a memory pool.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
rpmsx rpmsxNew(const char *fn, unsigned int flags)
Create and load a SELinux wrapper.
int rpmsxSetfilecon(rpmsx sx, const char *fn, mode_t mode, const char *scon)
Set security context for a file.
const char * rpmsxMatch(rpmsx sx, const char *fn, mode_t mode)
Return security context for a file.