summaryrefslogtreecommitdiff
path: root/src/shared/smack-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-10-23 18:06:51 +0200
committerLennart Poettering <lennart@poettering.net>2014-10-23 21:36:56 +0200
commitd53e386db62ee7f03e7d493ae0e6db7a31a5d811 (patch)
tree450feb73621298ac0a380fecb1ad0e361b77e042 /src/shared/smack-util.c
parentc80d766c8072dd0be311dcd31c17f9719775be44 (diff)
smack: rework smack APIs a bit
a) always return negative errno error codes b) always become a noop if smack is off c) always take a NULL label as a request to remove it
Diffstat (limited to 'src/shared/smack-util.c')
-rw-r--r--src/shared/smack-util.c67
1 files changed, 53 insertions, 14 deletions
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 7726d69b0f..4a94922a43 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -38,54 +38,86 @@ bool mac_smack_use(void) {
#else
return false;
#endif
-
}
int mac_smack_apply(const char *path, const char *label) {
+ int r = 0;
+
+ assert(path);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
if (label)
- return setxattr(path, "security.SMACK64", label, strlen(label), 0);
+ r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
else
- return lremovexattr(path, "security.SMACK64");
-#else
- return 0;
+ r = lremovexattr(path, "security.SMACK64");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_apply_fd(int fd, const char *label) {
+ int r = 0;
+
+ assert(fd >= 0);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
-#else
- return 0;
+ if (label)
+ r = fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
+ else
+ r = fremovexattr(fd, "security.SMACK64");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_apply_ip_out_fd(int fd, const char *label) {
+ int r = 0;
+
+ assert(fd >= 0);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
-#else
- return 0;
+ if (label)
+ r = fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
+ else
+ r = fremovexattr(fd, "security.SMACK64IPOUT");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_apply_ip_in_fd(int fd, const char *label) {
+ int r = 0;
+
+ assert(fd >= 0);
+
#ifdef HAVE_SMACK
if (!mac_smack_use())
return 0;
- return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
-#else
- return 0;
+ if (label)
+ r = fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
+ else
+ r = fremovexattr(fd, "security.SMACK64IPIN");
+ if (r < 0)
+ return -errno;
#endif
+
+ return r;
}
int mac_smack_fix(const char *path) {
@@ -94,6 +126,13 @@ int mac_smack_fix(const char *path) {
#ifdef HAVE_SMACK
struct stat sb;
const char *label;
+#endif
+
+ assert(path);
+
+#ifdef HAVE_SMACK
+ if (!mac_smack_use())
+ return 0;
/*
* Path must be in /dev and must exist