Merge pull request #860 from walyong/smack_v11

Smack v11: set only the default smack process label if the command path has no execute label

1 files changed, 20 insertions, 4 deletions

diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h
index 50f55b1f4b..1052cecf4c 100644
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@@ -25,12 +25,28 @@
 
 #include <stdbool.h>
 
+#include "macro.h"
+
+typedef enum SmackAttr {
+        SMACK_ATTR_ACCESS = 0,
+        SMACK_ATTR_EXEC = 1,
+        SMACK_ATTR_MMAP = 2,
+        SMACK_ATTR_TRANSMUTE = 3,
+        SMACK_ATTR_IPIN = 4,
+        SMACK_ATTR_IPOUT = 5,
+        _SMACK_ATTR_MAX,
+        _SMACK_ATTR_INVALID = -1,
+} SmackAttr;
+
 bool mac_smack_use(void);
 
 int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
 
-int mac_smack_apply(const char *path, const char *label);
-int mac_smack_apply_fd(int fd, const char *label);
+const char* smack_attr_to_string(SmackAttr i) _const_;
+SmackAttr smack_attr_from_string(const char *s) _pure_;
+int mac_smack_read(const char *path, SmackAttr attr, char **label);
+int mac_smack_read_fd(int fd, SmackAttr attr, char **label);
+int mac_smack_apply(const char *path, SmackAttr attr, const char *label);
+int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
+
 int mac_smack_apply_pid(pid_t pid, const char *label);
-int mac_smack_apply_ip_in_fd(int fd, const char *label);
-int mac_smack_apply_ip_out_fd(int fd, const char *label);