label: rearrange mandatory access control(MAC) apis

move label apis to selinux-util.ch or smack-util.ch appropriately.

1 files changed, 43 insertions, 2 deletions

diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 8f83562bf6..04ee217d2f 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -21,10 +21,10 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include <unistd.h>
-#include <string.h>
 #include <sys/xattr.h>
 
+#include "util.h"
+#include "path-util.h"
 #include "smack-util.h"
 
 bool use_smack(void) {
@@ -87,3 +87,44 @@ int smack_label_ip_in_fd(int fd, const char *label) {
         return 0;
 #endif
 }
+
+int smack_relabel_in_dev(const char *path) {
+        int r = 0;
+
+#ifdef HAVE_SMACK
+        struct stat sb;
+        const char *label;
+
+        /*
+         * Path must be in /dev and must exist
+         */
+        if (!path_startswith(path, "/dev"))
+                return 0;
+
+        r = lstat(path, &sb);
+        if (r < 0)
+                return -errno;
+
+        /*
+         * Label directories and character devices "*".
+         * Label symlinks "_".
+         * Don't change anything else.
+         */
+        if (S_ISDIR(sb.st_mode))
+                label = SMACK_STAR_LABEL;
+        else if (S_ISLNK(sb.st_mode))
+                label = SMACK_FLOOR_LABEL;
+        else if (S_ISCHR(sb.st_mode))
+                label = SMACK_STAR_LABEL;
+        else
+                return 0;
+
+        r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
+        if (r < 0) {
+                log_error("Smack relabeling \"%s\" %m", path);
+                return -errno;
+        }
+#endif
+
+        return r;
+}