summaryrefslogtreecommitdiff
path: root/src/shared/smack-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-10-23 18:06:51 +0200
committerAnthony G. Basile <blueness@gentoo.org>2014-10-25 18:32:53 -0400
commit65e7a7fcba7e5aeb0bb1521070d7bc0547663975 (patch)
tree46e6af44228140e7df583da028bb39c17d06d23c /src/shared/smack-util.c
parent00772eaeba4662181fc86fa842ff8521ccade88a (diff)
smack: rework smack APIs a bit
a) always return negative errno error codes b) always become a noop if smack is off c) always take a NULL label as a request to remove it Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Diffstat (limited to 'src/shared/smack-util.c')
-rw-r--r--src/shared/smack-util.c67
1 files changed, 53 insertions, 14 deletions
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index e06feb42c3..34f9c68733 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -38,54 +38,86 @@ bool mac_smack_use(void) {
#else
return false;
#endif
-
}
int mac_smack_apply(const char *path, const char *label) {
+ int r = 0;
+
+ assert(path);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
if (label)
- return setxattr(path, "security.SMACK64", label, strlen(label), 0);
+ r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
else
- return lremovexattr(path, "security.SMACK64");
-#else
- return 0;
+ r = lremovexattr(path, "security.SMACK64");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_apply_fd(int fd, const char *label) {
+ int r = 0;
+
+ assert(fd >= 0);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
-#else
- return 0;
+ if (label)
+ r = fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
+ else
+ r = fremovexattr(fd, "security.SMACK64");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_apply_ip_out_fd(int fd, const char *label) {
+ int r = 0;
+
+ assert(fd >= 0);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
-#else
- return 0;
+ if (label)
+ r = fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
+ else
+ r = fremovexattr(fd, "security.SMACK64IPOUT");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_apply_ip_in_fd(int fd, const char *label) {
+ int r = 0;
+
+ assert(fd >= 0);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
-#else
- return 0;
+ if (label)
+ r = fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
+ else
+ r = fremovexattr(fd, "security.SMACK64IPIN");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_fix(const char *path) {
@@ -94,6 +126,13 @@ int mac_smack_fix(const char *path) {
#ifdef HAVE_SMACK
struct stat sb;
const char *label;
+#endif
+
+ assert(path);
+
+#ifdef HAVE_SMACK
+ if (!mac_smack_use())
+ return 0;
/*
* Path must be in /dev and must exist