diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-10-23 18:06:51 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-10-23 21:36:56 +0200 |
commit | d53e386db62ee7f03e7d493ae0e6db7a31a5d811 (patch) | |
tree | 450feb73621298ac0a380fecb1ad0e361b77e042 /src/shared/smack-util.c | |
parent | c80d766c8072dd0be311dcd31c17f9719775be44 (diff) |
smack: rework smack APIs a bit
a) always return negative errno error codes
b) always become a noop if smack is off
c) always take a NULL label as a request to remove it
Diffstat (limited to 'src/shared/smack-util.c')
-rw-r--r-- | src/shared/smack-util.c | 67 |
1 files changed, 53 insertions, 14 deletions
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index 7726d69b0f..4a94922a43 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -38,54 +38,86 @@ bool mac_smack_use(void) { #else return false; #endif - } int mac_smack_apply(const char *path, const char *label) { + int r = 0; + + assert(path); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; if (label) - return setxattr(path, "security.SMACK64", label, strlen(label), 0); + r = setxattr(path, "security.SMACK64", label, strlen(label), 0); else - return lremovexattr(path, "security.SMACK64"); -#else - return 0; + r = lremovexattr(path, "security.SMACK64"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_apply_fd(int fd, const char *label) { + int r = 0; + + assert(fd >= 0); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; - return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0); -#else - return 0; + if (label) + r = fsetxattr(fd, "security.SMACK64", label, strlen(label), 0); + else + r = fremovexattr(fd, "security.SMACK64"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_apply_ip_out_fd(int fd, const char *label) { + int r = 0; + + assert(fd >= 0); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; - return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0); -#else - return 0; + if (label) + r = fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0); + else + r = fremovexattr(fd, "security.SMACK64IPOUT"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_apply_ip_in_fd(int fd, const char *label) { + int r = 0; + + assert(fd >= 0); + #ifdef HAVE_SMACK if (!mac_smack_use()) return 0; - return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0); -#else - return 0; + if (label) + r = fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0); + else + r = fremovexattr(fd, "security.SMACK64IPIN"); + if (r < 0) + return -errno; #endif + + return r; } int mac_smack_fix(const char *path) { @@ -94,6 +126,13 @@ int mac_smack_fix(const char *path) { #ifdef HAVE_SMACK struct stat sb; const char *label; +#endif + + assert(path); + +#ifdef HAVE_SMACK + if (!mac_smack_use()) + return 0; /* * Path must be in /dev and must exist |