diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-10-23 18:06:51 +0200 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-10-25 18:32:53 -0400 |
commit | 65e7a7fcba7e5aeb0bb1521070d7bc0547663975 (patch) | |
tree | 46e6af44228140e7df583da028bb39c17d06d23c /src/shared/smack-util.c | |
parent | 00772eaeba4662181fc86fa842ff8521ccade88a (diff) |
smack: rework smack APIs a bit
a) always return negative errno error codes
b) always become a noop if smack is off
c) always take a NULL label as a request to remove it
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Diffstat (limited to 'src/shared/smack-util.c')
-rw-r--r-- | src/shared/smack-util.c | 67 |
1 files changed, 53 insertions, 14 deletions
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index e06feb42c3..34f9c68733 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -38,54 +38,86 @@ bool mac_smack_use(void) { #else return false; #endif - } int mac_smack_apply(const char *path, const char *label) { + int r = 0; + + assert(path); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; if (label) - return setxattr(path, "security.SMACK64", label, strlen(label), 0); + r = setxattr(path, "security.SMACK64", label, strlen(label), 0); else - return lremovexattr(path, "security.SMACK64"); -#else - return 0; + r = lremovexattr(path, "security.SMACK64"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_apply_fd(int fd, const char *label) { + int r = 0; + + assert(fd >= 0); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; - return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0); -#else - return 0; + if (label) + r = fsetxattr(fd, "security.SMACK64", label, strlen(label), 0); + else + r = fremovexattr(fd, "security.SMACK64"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_apply_ip_out_fd(int fd, const char *label) { + int r = 0; + + assert(fd >= 0); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; - return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0); -#else - return 0; + if (label) + r = fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0); + else + r = fremovexattr(fd, "security.SMACK64IPOUT"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_apply_ip_in_fd(int fd, const char *label) { + int r = 0; + + assert(fd >= 0); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; - return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0); -#else - return 0; + if (label) + r = fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0); + else + r = fremovexattr(fd, "security.SMACK64IPIN"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_fix(const char *path) { @@ -94,6 +126,13 @@ int mac_smack_fix(const char *path) { #ifdef HAVE_SMACK struct stat sb; const char *label; +#endif + + assert(path); + +#ifdef HAVE_SMACK + if (!mac_smack_use()) + return 0; /* * Path must be in /dev and must exist |