summaryrefslogtreecommitdiff
path: root/src/basic
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-09-23 19:55:49 +0200
committerLennart Poettering <lennart@poettering.net>2015-09-29 21:55:51 +0200
commit710a6b5017ba23fde6713f55340db5390ea27cec (patch)
tree34d5c96acc0439f898624a47a9dbfb12d21e957c /src/basic
parente8da24a642c78d55f5287011db70d7cd95bf3b2b (diff)
selinux: add _cleanup_ concepts to SELinux label allocation
Diffstat (limited to 'src/basic')
-rw-r--r--src/basic/selinux-util.c10
-rw-r--r--src/basic/selinux-util.h6
2 files changed, 13 insertions, 3 deletions
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index a39a0f775a..747e6f4dbb 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -295,14 +295,20 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
return r;
}
-void mac_selinux_free(char *label) {
+char* mac_selinux_free(char *label) {
#ifdef HAVE_SELINUX
+ if (!label)
+ return NULL;
+
if (!mac_selinux_use())
- return;
+ return NULL;
+
freecon((security_context_t) label);
#endif
+
+ return NULL;
}
int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
index 8467185291..2afcaec183 100644
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -24,6 +24,8 @@
#include <sys/socket.h>
#include <stdbool.h>
+#include "macro.h"
+
bool mac_selinux_use(void);
void mac_selinux_retest(void);
@@ -36,7 +38,7 @@ int mac_selinux_apply(const char *path, const char *label);
int mac_selinux_get_create_label_from_exe(const char *exe, char **label);
int mac_selinux_get_our_label(char **label);
int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label);
-void mac_selinux_free(char *label);
+char* mac_selinux_free(char *label);
int mac_selinux_create_file_prepare(const char *path, mode_t mode);
void mac_selinux_create_file_clear(void);
@@ -45,3 +47,5 @@ int mac_selinux_create_socket_prepare(const char *label);
void mac_selinux_create_socket_clear(void);
int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen);
+
+DEFINE_TRIVIAL_CLEANUP_FUNC(char*, mac_selinux_free);