diff options
| author | Kay Sievers <kay.sievers@vrfy.org> | 2008-10-02 18:48:40 +0200 | 
|---|---|---|
| committer | Kay Sievers <kay.sievers@vrfy.org> | 2008-10-02 18:48:40 +0200 | 
| commit | e598c5738c2dc85a3e93c3f68cd88e8eea51215b (patch) | |
| tree | 82cd862d3cb5b71cc6cfa355f461e3b1d7289f75 /udev/udev_selinux.c | |
| parent | 033e9f8cde5a7feec1334888aec69def99c945b5 (diff) | |
libudev: get rid of selinux
"Hello world!" linked against libselinux parses /proc/mounts and
whatever else on startup, even when the lib is not needed at all.
Not funny! Get rid of that thing where it's not absolutely needed.
Diffstat (limited to 'udev/udev_selinux.c')
| -rw-r--r-- | udev/udev_selinux.c | 99 | 
1 files changed, 99 insertions, 0 deletions
| diff --git a/udev/udev_selinux.c b/udev/udev_selinux.c new file mode 100644 index 0000000000..499f53c916 --- /dev/null +++ b/udev/udev_selinux.c @@ -0,0 +1,99 @@ +/* + * libudev - interface to udev device information + * + * Copyright (C) 2008 Kay Sievers <kay.sievers@vrfy.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program.  If not, see <http://www.gnu.org/licenses/>. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stddef.h> +#include <stdarg.h> +#include <unistd.h> + +#include "udev.h" + +#ifndef USE_SELINUX +void selinux_init(struct udev *udev) {} +void selinux_exit(struct udev *udev) {} +void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode) {} +void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode) {} +void udev_selinux_resetfscreatecon(struct udev *udev) {} +#else +#include <selinux/selinux.h> + +static int selinux_enabled; +security_context_t selinux_prev_scontext; + +void selinux_init(struct udev *udev) +{ +	/* record the present security context */ +	selinux_enabled = (is_selinux_enabled() > 0); +	info(udev, "selinux=%i\n", selinux_enabled); +	if (!selinux_enabled) +		return; +	matchpathcon_init_prefix(NULL, udev_get_dev_path(udev)); +	if (getfscreatecon(&selinux_prev_scontext) < 0) { +		err(udev, "getfscreatecon failed\n"); +		selinux_prev_scontext = NULL; +	} +} + +void selinux_exit(struct udev *udev) +{ +	if (!selinux_enabled) +		return; +	freecon(selinux_prev_scontext); +	selinux_prev_scontext = NULL; +} + +void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode) +{ +	security_context_t scontext = NULL; + +	if (!selinux_enabled) +		return; +	if (matchpathcon(file, mode, &scontext) < 0) { +		err(udev, "matchpathcon(%s) failed\n", file); +		return; +	}  +	if (lsetfilecon(file, scontext) < 0) +		err(udev, "setfilecon %s failed: %m\n", file); +	freecon(scontext); +} + +void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode) +{ +	security_context_t scontext = NULL; + +	if (!selinux_enabled) +		return; +	if (matchpathcon(file, mode, &scontext) < 0) { +		err(udev, "matchpathcon(%s) failed\n", file); +		return; +	} +	if (setfscreatecon(scontext) < 0) +		err(udev, "setfscreatecon %s failed: %m\n", file); +	freecon(scontext); +} + +void udev_selinux_resetfscreatecon(struct udev *udev) +{ +	if (!selinux_enabled) +		return; +	if (setfscreatecon(selinux_prev_scontext) < 0) +		err(udev, "setfscreatecon failed: %m\n"); +} +#endif | 
