diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/core/execute.c | 2 | ||||
-rw-r--r-- | src/core/main.c | 4 | ||||
-rw-r--r-- | src/core/namespace.c | 4 | ||||
-rw-r--r-- | src/core/selinux-setup.c | 4 | ||||
-rw-r--r-- | src/core/socket.c | 26 | ||||
-rw-r--r-- | src/hostname/hostnamed.c | 2 | ||||
-rw-r--r-- | src/locale/localed.c | 2 | ||||
-rw-r--r-- | src/login/logind-dbus.c | 2 | ||||
-rw-r--r-- | src/resolve/resolved.c | 2 | ||||
-rw-r--r-- | src/shared/dev-setup.c | 4 | ||||
-rw-r--r-- | src/shared/fileio-label.c | 12 | ||||
-rw-r--r-- | src/shared/label.c | 4 | ||||
-rw-r--r-- | src/shared/mkdir-label.c | 4 | ||||
-rw-r--r-- | src/shared/selinux-util.c | 28 | ||||
-rw-r--r-- | src/shared/selinux-util.h | 34 | ||||
-rw-r--r-- | src/shared/smack-util.c | 10 | ||||
-rw-r--r-- | src/shared/smack-util.h | 10 | ||||
-rw-r--r-- | src/shared/socket-label.c | 6 | ||||
-rw-r--r-- | src/sysusers/sysusers.c | 2 | ||||
-rw-r--r-- | src/test/test-udev.c | 4 | ||||
-rw-r--r-- | src/timedate/timedated.c | 2 | ||||
-rw-r--r-- | src/tmpfiles/tmpfiles.c | 32 | ||||
-rw-r--r-- | src/udev/udev-node.c | 14 | ||||
-rw-r--r-- | src/udev/udevadm.c | 4 | ||||
-rw-r--r-- | src/udev/udevd.c | 4 | ||||
-rw-r--r-- | src/update-done/update-done.c | 6 |
26 files changed, 114 insertions, 114 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index f535b4778a..caff2c6b5c 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1681,7 +1681,7 @@ static int exec_child(ExecCommand *command, if (params->selinux_context_net && socket_fd >= 0) { _cleanup_free_ char *label = NULL; - err = label_get_child_mls_label(socket_fd, command->path, &label); + err = mac_selinux_get_child_mls_label(socket_fd, command->path, &label); if (err < 0) { *error = EXIT_SELINUX_CONTEXT; return err; diff --git a/src/core/main.c b/src/core/main.c index 0388f46c36..95597deaf2 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1308,7 +1308,7 @@ int main(int argc, char *argv[]) { dual_timestamp_get(&security_finish_timestamp); } - if (label_init(NULL) < 0) + if (mac_selinux_init(NULL) < 0) goto finish; if (!skip_setup) { @@ -1830,7 +1830,7 @@ finish: free(arg_start_timeout_reboot_arg); arg_start_timeout_reboot_arg = NULL; - label_finish(); + mac_selinux_finish(); if (reexecute) { const char **args; diff --git a/src/core/namespace.c b/src/core/namespace.c index ab03aebf5b..6dd7a4f25e 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -225,9 +225,9 @@ static int mount_dev(BindMount *m) { goto fail; } - label_context_set(d, st.st_mode); + mac_selinux_context_set(d, st.st_mode); r = mknod(dn, st.st_mode, st.st_rdev); - label_context_clear(); + mac_selinux_context_clear(); if (r < 0) { r = -errno; diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c index b419a2710a..8be97fc417 100644 --- a/src/core/selinux-setup.c +++ b/src/core/selinux-setup.c @@ -87,7 +87,7 @@ int selinux_setup(bool *loaded_policy) { retest_selinux(); /* Transition to the new context */ - r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label); + r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label); if (r < 0 || label == NULL) { log_open(); log_error("Failed to compute init label, ignoring."); @@ -98,7 +98,7 @@ int selinux_setup(bool *loaded_policy) { if (r < 0) log_error("Failed to transition into init label '%s', ignoring.", label); - label_free(label); + mac_selinux_free(label); } after_load = now(CLOCK_MONOTONIC); diff --git a/src/core/socket.c b/src/core/socket.c index 00d5fd1192..fce1695f07 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -921,12 +921,12 @@ static void socket_apply_socket_options(Socket *s, int fd) { } if (s->smack_ip_in) - if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0) - log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m"); + if (mac_smack_set_ip_in_fd(fd, s->smack_ip_in) < 0) + log_error_unit(UNIT(s)->id, "mac_smack_set_ip_in_fd: %m"); if (s->smack_ip_out) - if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0) - log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m"); + if (mac_smack_set_ip_out_fd(fd, s->smack_ip_out) < 0) + log_error_unit(UNIT(s)->id, "mac_smack_set_ip_out_fd: %m"); } static void socket_apply_fifo_options(Socket *s, int fd) { @@ -939,8 +939,8 @@ static void socket_apply_fifo_options(Socket *s, int fd) { "F_SETPIPE_SZ: %m"); if (s->smack) - if (smack_label_fd(fd, s->smack) < 0) - log_error_unit(UNIT(s)->id, "smack_label_fd: %m"); + if (mac_smack_set_fd(fd, s->smack) < 0) + log_error_unit(UNIT(s)->id, "mac_smack_set_fd: %m"); } static int fifo_address_create( @@ -958,7 +958,7 @@ static int fifo_address_create( mkdir_parents_label(path, directory_mode); - r = label_context_set(path, S_IFIFO); + r = mac_selinux_context_set(path, S_IFIFO); if (r < 0) goto fail; @@ -981,7 +981,7 @@ static int fifo_address_create( goto fail; } - label_context_clear(); + mac_selinux_context_clear(); if (fstat(fd, &st) < 0) { r = -errno; @@ -1001,7 +1001,7 @@ static int fifo_address_create( return 0; fail: - label_context_clear(); + mac_selinux_context_clear(); safe_close(fd); return r; @@ -1131,7 +1131,7 @@ static int socket_open_fds(Socket *s) { if (p->type == SOCKET_SOCKET) { if (!know_label && s->selinux_context_from_net) { - r = label_get_our_label(&label); + r = mac_selinux_get_our_label(&label); if (r < 0) return r; know_label = true; @@ -1143,7 +1143,7 @@ static int socket_open_fds(Socket *s) { if (UNIT_ISSET(s->service) && SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) { - r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label); + r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label); if (r < 0 && r != -EPERM) return r; } @@ -1204,12 +1204,12 @@ static int socket_open_fds(Socket *s) { assert_not_reached("Unknown port type"); } - label_free(label); + mac_selinux_free(label); return 0; rollback: socket_close_fds(s); - label_free(label); + mac_selinux_free(label); return r; } diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index b6b5d524c5..0cffb5f683 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -684,7 +684,7 @@ int main(int argc, char *argv[]) { log_open(); umask(0022); - label_init("/etc"); + mac_selinux_init("/etc"); if (argc != 1) { log_error("This program takes no arguments."); diff --git a/src/locale/localed.c b/src/locale/localed.c index 1d5be715ba..552ffdf87a 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -1141,7 +1141,7 @@ int main(int argc, char *argv[]) { log_open(); umask(0022); - label_init("/etc"); + mac_selinux_init("/etc"); if (argc != 1) { log_error("This program takes no arguments."); diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 0b2b7b5afe..f18d21055a 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1143,7 +1143,7 @@ static int attach_device(Manager *m, const char *seat, const char *sysfs) { return -ENOMEM; mkdir_p_label("/etc/udev/rules.d", 0755); - label_init("/etc"); + mac_selinux_init("/etc"); r = write_string_file_atomic_label(file, rule); if (r < 0) return r; diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index abd6314fb3..7d258c9470 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -47,7 +47,7 @@ int main(int argc, char *argv[]) { umask(0022); - r = label_init(NULL); + r = mac_selinux_init(NULL); if (r < 0) { log_error("SELinux setup failed: %s", strerror(-r)); goto finish; diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c index 1a565d5470..96934a9fad 100644 --- a/src/shared/dev-setup.c +++ b/src/shared/dev-setup.c @@ -38,14 +38,14 @@ static int symlink_and_label(const char *old_path, const char *new_path) { assert(old_path); assert(new_path); - r = label_context_set(new_path, S_IFLNK); + r = mac_selinux_context_set(new_path, S_IFLNK); if (r < 0) return r; if (symlink(old_path, new_path) < 0) r = -errno; - label_context_clear(); + mac_selinux_context_clear(); return r; } diff --git a/src/shared/fileio-label.c b/src/shared/fileio-label.c index d5ce24c0d9..b117c32cf2 100644 --- a/src/shared/fileio-label.c +++ b/src/shared/fileio-label.c @@ -30,13 +30,13 @@ int write_string_file_atomic_label(const char *fn, const char *line) { int r; - r = label_context_set(fn, S_IFREG); + r = mac_selinux_context_set(fn, S_IFREG); if (r < 0) return r; r = write_string_file_atomic(fn, line); - label_context_clear(); + mac_selinux_context_clear(); return r; } @@ -44,13 +44,13 @@ int write_string_file_atomic_label(const char *fn, const char *line) { int write_env_file_label(const char *fname, char **l) { int r; - r = label_context_set(fname, S_IFREG); + r = mac_selinux_context_set(fname, S_IFREG); if (r < 0) return r; r = write_env_file(fname, l); - label_context_clear(); + mac_selinux_context_clear(); return r; } @@ -59,13 +59,13 @@ int fopen_temporary_label(const char *target, const char *path, FILE **f, char **temp_path) { int r; - r = label_context_set(target, S_IFREG); + r = mac_selinux_context_set(target, S_IFREG); if (r < 0) return r; r = fopen_temporary(path, f, temp_path); - label_context_clear(); + mac_selinux_context_clear(); return r; } diff --git a/src/shared/label.c b/src/shared/label.c index b48a4ff6f8..bee9635731 100644 --- a/src/shared/label.c +++ b/src/shared/label.c @@ -26,13 +26,13 @@ int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { int r = 0; if (use_selinux()) { - r = label_fix_selinux(path, ignore_enoent, ignore_erofs); + r = mac_selinux_fix(path, ignore_enoent, ignore_erofs); if (r < 0) return r; } if (use_smack()) { - r = smack_relabel_in_dev(path); + r = mac_smack_relabel_in_dev(path); if (r < 0) return r; } diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c index c41045e5b5..89af392819 100644 --- a/src/shared/mkdir-label.c +++ b/src/shared/mkdir-label.c @@ -36,7 +36,7 @@ static int label_mkdir(const char *path, mode_t mode) { int r; if (use_selinux()) { - r = label_mkdir_selinux(path, mode); + r = mac_selinux_mkdir(path, mode); if (r < 0) return r; } @@ -46,7 +46,7 @@ static int label_mkdir(const char *path, mode_t mode) { if (r < 0 && errno != EEXIST) return -errno; - r = smack_relabel_in_dev(path); + r = mac_smack_relabel_in_dev(path); if (r < 0) return r; } diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c index 05ed61c6dc..a277dad357 100644 --- a/src/shared/selinux-util.c +++ b/src/shared/selinux-util.c @@ -61,7 +61,7 @@ void retest_selinux(void) { #endif } -int label_init(const char *prefix) { +int mac_selinux_init(const char *prefix) { int r = 0; #ifdef HAVE_SELINUX @@ -108,7 +108,7 @@ int label_init(const char *prefix) { return r; } -int label_fix_selinux(const char *path, bool ignore_enoent, bool ignore_erofs) { +int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { int r = 0; #ifdef HAVE_SELINUX @@ -153,7 +153,7 @@ int label_fix_selinux(const char *path, bool ignore_enoent, bool ignore_erofs) { return r; } -void label_finish(void) { +void mac_selinux_finish(void) { #ifdef HAVE_SELINUX if (!use_selinux()) @@ -164,7 +164,7 @@ void label_finish(void) { #endif } -int label_get_create_label_from_exe(const char *exe, char **label) { +int mac_selinux_get_create_label_from_exe(const char *exe, char **label) { int r = 0; @@ -201,7 +201,7 @@ fail: return r; } -int label_get_our_label(char **label) { +int mac_selinux_get_our_label(char **label) { int r = -EOPNOTSUPP; #ifdef HAVE_SELINUX @@ -217,7 +217,7 @@ int label_get_our_label(char **label) { return r; } -int label_get_child_mls_label(int socket_fd, const char *exe, char **label) { +int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, char **label) { int r = -EOPNOTSUPP; #ifdef HAVE_SELINUX @@ -309,7 +309,7 @@ out: return r; } -int label_context_set(const char *path, mode_t mode) { +int mac_selinux_context_set(const char *path, mode_t mode) { int r = 0; #ifdef HAVE_SELINUX @@ -338,7 +338,7 @@ int label_context_set(const char *path, mode_t mode) { return r; } -int label_socket_set(const char *label) { +int mac_selinux_socket_set(const char *label) { #ifdef HAVE_SELINUX if (!use_selinux()) @@ -356,7 +356,7 @@ int label_socket_set(const char *label) { return 0; } -void label_context_clear(void) { +void mac_selinux_context_clear(void) { #ifdef HAVE_SELINUX PROTECT_ERRNO; @@ -368,7 +368,7 @@ void label_context_clear(void) { #endif } -void label_socket_clear(void) { +void mac_selinux_socket_clear(void) { #ifdef HAVE_SELINUX PROTECT_ERRNO; @@ -380,7 +380,7 @@ void label_socket_clear(void) { #endif } -void label_free(const char *label) { +void mac_selinux_free(const char *label) { #ifdef HAVE_SELINUX if (!use_selinux()) @@ -390,7 +390,7 @@ void label_free(const char *label) { #endif } -int label_mkdir_selinux(const char *path, mode_t mode) { +int mac_selinux_mkdir(const char *path, mode_t mode) { int r = 0; #ifdef HAVE_SELINUX @@ -436,7 +436,7 @@ finish: return r; } -int label_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { +int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { /* Binds a socket and label its file system object according to the SELinux policy */ @@ -507,7 +507,7 @@ skipped: return bind(fd, addr, addrlen) < 0 ? -errno : 0; } -int label_apply(const char *path, const char *label) { +int mac_selinux_apply(const char *path, const char *label) { int r = 0; #ifdef HAVE_SELINUX diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h index bdde8f5a24..b23a77950b 100644 --- a/src/shared/selinux-util.h +++ b/src/shared/selinux-util.h @@ -28,27 +28,27 @@ bool use_selinux(void); void retest_selinux(void); -int label_init(const char *prefix); -int label_fix_selinux(const char *path, bool ignore_enoent, bool ignore_erofs); -void label_finish(void); +int mac_selinux_init(const char *prefix); +int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs); +void mac_selinux_finish(void); -int label_socket_set(const char *label); -void label_socket_clear(void); +int mac_selinux_socket_set(const char *label); +void mac_selinux_socket_clear(void); -int label_context_set(const char *path, mode_t mode); -void label_context_clear(void); +int mac_selinux_context_set(const char *path, mode_t mode); +void mac_selinux_context_clear(void); -void label_free(const char *label); -int label_mkdir_selinux(const char *path, mode_t mode); +void mac_selinux_free(const char *label); +int mac_selinux_mkdir(const char *path, mode_t mode); -int label_get_create_label_from_exe(const char *exe, char **label); -int label_get_our_label(char **label); -int label_get_child_mls_label(int socket_fd, const char *exec, char **label); +int mac_selinux_get_create_label_from_exe(const char *exe, char **label); +int mac_selinux_get_our_label(char **label); +int mac_selinux_get_child_mls_label(int socket_fd, const char *exec, char **label); -int label_bind(int fd, const struct sockaddr *addr, socklen_t addrlen); +int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen); -int label_apply(const char *path, const char *label); +int mac_selinux_apply(const char *path, const char *label); -int label_write_one_line_file_atomic(const char *fn, const char *line); -int label_write_env_file(const char *fname, char **l); -int label_fopen_temporary(const char *path, FILE **_f, char **_temp_path); +int mac_selinux_write_one_line_file_atomic(const char *fn, const char *line); +int mac_selinux_write_env_file(const char *fname, char **l); +int mac_selinux_label_fopen_temporary(const char *path, FILE **_f, char **_temp_path); diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index 04ee217d2f..33e1cd849e 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -41,7 +41,7 @@ bool use_smack(void) { } -int smack_label_path(const char *path, const char *label) { +int mac_smack_set_path(const char *path, const char *label) { #ifdef HAVE_SMACK if (!use_smack()) return 0; @@ -55,7 +55,7 @@ int smack_label_path(const char *path, const char *label) { #endif } -int smack_label_fd(int fd, const char *label) { +int mac_smack_set_fd(int fd, const char *label) { #ifdef HAVE_SMACK if (!use_smack()) return 0; @@ -66,7 +66,7 @@ int smack_label_fd(int fd, const char *label) { #endif } -int smack_label_ip_out_fd(int fd, const char *label) { +int mac_smack_set_ip_out_fd(int fd, const char *label) { #ifdef HAVE_SMACK if (!use_smack()) return 0; @@ -77,7 +77,7 @@ int smack_label_ip_out_fd(int fd, const char *label) { #endif } -int smack_label_ip_in_fd(int fd, const char *label) { +int mac_smack_set_ip_in_fd(int fd, const char *label) { #ifdef HAVE_SMACK if (!use_smack()) return 0; @@ -88,7 +88,7 @@ int smack_label_ip_in_fd(int fd, const char *label) { #endif } -int smack_relabel_in_dev(const char *path) { +int mac_smack_relabel_in_dev(const char *path) { int r = 0; #ifdef HAVE_SMACK diff --git a/src/shared/smack-util.h b/src/shared/smack-util.h index 87d64346ba..91b141ad7d 100644 --- a/src/shared/smack-util.h +++ b/src/shared/smack-util.h @@ -30,8 +30,8 @@ bool use_smack(void); -int smack_label_path(const char *path, const char *label); -int smack_label_fd(int fd, const char *label); -int smack_label_ip_in_fd(int fd, const char *label); -int smack_label_ip_out_fd(int fd, const char *label); -int smack_relabel_in_dev(const char *path); +int mac_smack_set_path(const char *path, const char *label); +int mac_smack_set_fd(int fd, const char *label); +int mac_smack_set_ip_in_fd(int fd, const char *label); +int mac_smack_set_ip_out_fd(int fd, const char *label); +int mac_smack_relabel_in_dev(const char *path); diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index bd3ceefb93..6f9aeeea5d 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -64,7 +64,7 @@ int socket_address_listen( return -EAFNOSUPPORT; if (label) { - r = label_socket_set(label); + r = mac_selinux_socket_set(label); if (r < 0) return r; } @@ -73,7 +73,7 @@ int socket_address_listen( r = fd < 0 ? -errno : 0; if (label) - label_socket_clear(); + mac_selinux_socket_clear(); if (r < 0) return r; @@ -119,7 +119,7 @@ int socket_address_listen( /* Include the original umask in our mask */ umask(~socket_mode | old_mask); - r = label_bind(fd, &a->sockaddr.sa, a->size); + r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size); if (r < 0 && errno == EADDRINUSE) { /* Unlink and try again */ diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 4203b3e017..9b9be96a0a 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1835,7 +1835,7 @@ int main(int argc, char *argv[]) { umask(0022); - r = label_init(NULL); + r = mac_selinux_init(NULL); if (r < 0) { log_error("SELinux setup failed: %s", strerror(-r)); goto finish; diff --git a/src/test/test-udev.c b/src/test/test-udev.c index f368c3f333..8a51473419 100644 --- a/src/test/test-udev.c +++ b/src/test/test-udev.c @@ -99,7 +99,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; log_debug("version %s", VERSION); - label_init("/dev"); + mac_selinux_init("/dev"); sigprocmask(SIG_SETMASK, NULL, &sigmask_orig); @@ -158,7 +158,7 @@ int main(int argc, char *argv[]) { out: if (event != NULL && event->fd_signal >= 0) close(event->fd_signal); - label_finish(); + mac_selinux_finish(); return err ? EXIT_FAILURE : EXIT_SUCCESS; } diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c index fa3f947eaa..8880812b49 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@ -176,7 +176,7 @@ static int context_write_data_local_rtc(Context *c) { } } - label_init("/etc"); + mac_selinux_init("/etc"); return write_string_file_atomic_label("/etc/adjtime", w); } diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 8108b43042..28c395bb00 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -509,9 +509,9 @@ static int write_one_file(Item *i, const char *path) { i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC|O_NOFOLLOW : 0; RUN_WITH_UMASK(0000) { - label_context_set(path, S_IFREG); + mac_selinux_context_set(path, S_IFREG); fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode); - label_context_clear(); + mac_selinux_context_clear(); } if (fd < 0) { @@ -743,9 +743,9 @@ static int create_item(Item *i) { case CREATE_FIFO: RUN_WITH_UMASK(0000) { - label_context_set(i->path, S_IFIFO); + mac_selinux_context_set(i->path, S_IFIFO); r = mkfifo(i->path, i->mode); - label_context_clear(); + mac_selinux_context_clear(); } if (r < 0) { @@ -764,9 +764,9 @@ static int create_item(Item *i) { if (i->force) { RUN_WITH_UMASK(0000) { - label_context_set(i->path, S_IFIFO); + mac_selinux_context_set(i->path, S_IFIFO); r = mkfifo_atomic(i->path, i->mode); - label_context_clear(); + mac_selinux_context_clear(); } if (r < 0) { @@ -788,9 +788,9 @@ static int create_item(Item *i) { case CREATE_SYMLINK: - label_context_set(i->path, S_IFLNK); + mac_selinux_context_set(i->path, S_IFLNK); r = symlink(i->argument, i->path); - label_context_clear(); + mac_selinux_context_clear(); if (r < 0) { _cleanup_free_ char *x = NULL; @@ -804,9 +804,9 @@ static int create_item(Item *i) { if (r < 0 || !streq(i->argument, x)) { if (i->force) { - label_context_set(i->path, S_IFLNK); + mac_selinux_context_set(i->path, S_IFLNK); r = symlink_atomic(i->argument, i->path); - label_context_clear(); + mac_selinux_context_clear(); if (r < 0) { log_error("symlink(%s, %s) failed: %s", i->argument, i->path, strerror(-r)); @@ -838,9 +838,9 @@ static int create_item(Item *i) { file_type = i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR; RUN_WITH_UMASK(0000) { - label_context_set(i->path, file_type); + mac_selinux_context_set(i->path, file_type); r = mknod(i->path, i->mode | file_type, i->major_minor); - label_context_clear(); + mac_selinux_context_clear(); } if (r < 0) { @@ -865,9 +865,9 @@ static int create_item(Item *i) { if (i->force) { RUN_WITH_UMASK(0000) { - label_context_set(i->path, file_type); + mac_selinux_context_set(i->path, file_type); r = mknod_atomic(i->path, i->mode | file_type, i->major_minor); - label_context_clear(); + mac_selinux_context_clear(); } if (r < 0) { @@ -1610,7 +1610,7 @@ int main(int argc, char *argv[]) { umask(0022); - label_init(NULL); + mac_selinux_init(NULL); items = hashmap_new(&string_hash_ops); globs = hashmap_new(&string_hash_ops); @@ -1670,7 +1670,7 @@ finish: set_free_free(unix_sockets); - label_finish(); + mac_selinux_finish(); return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c index 8ef788954d..3982ef9215 100644 --- a/src/udev/udev-node.c +++ b/src/udev/udev-node.c @@ -88,11 +88,11 @@ static int node_symlink(struct udev_device *dev, const char *node, const char *s err = mkdir_parents_label(slink, 0755); if (err != 0 && err != -ENOENT) break; - label_context_set(slink, S_IFLNK); + mac_selinux_context_set(slink, S_IFLNK); err = symlink(target, slink); if (err != 0) err = -errno; - label_context_clear(); + mac_selinux_context_clear(); } while (err == -ENOENT); if (err == 0) goto exit; @@ -105,11 +105,11 @@ static int node_symlink(struct udev_device *dev, const char *node, const char *s err = mkdir_parents_label(slink_tmp, 0755); if (err != 0 && err != -ENOENT) break; - label_context_set(slink_tmp, S_IFLNK); + mac_selinux_context_set(slink_tmp, S_IFLNK); err = symlink(target, slink_tmp); if (err != 0) err = -errno; - label_context_clear(); + mac_selinux_context_clear(); } while (err == -ENOENT); if (err != 0) { log_error("symlink '%s' '%s' failed: %m", target, slink_tmp); @@ -300,14 +300,14 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, if (streq(name, "selinux")) { selinux = true; - if (label_apply(devnode, label) < 0) + if (mac_selinux_apply(devnode, label) < 0) log_error("SECLABEL: failed to set SELinux label '%s'", label); else log_debug("SECLABEL: set SELinux label '%s'", label); } else if (streq(name, "smack")) { smack = true; - if (smack_label_path(devnode, label) < 0) + if (mac_smack_set_path(devnode, label) < 0) log_error("SECLABEL: failed to set SMACK label '%s'", label); else log_debug("SECLABEL: set SMACK label '%s'", label); @@ -320,7 +320,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, if (!selinux) label_fix(devnode, true, false); if (!smack) - smack_label_path(devnode, NULL); + mac_smack_set_path(devnode, NULL); } /* always update timestamp when we re-use the node, like on media change events */ diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c index df546dd823..7026c50d2b 100644 --- a/src/udev/udevadm.c +++ b/src/udev/udevadm.c @@ -99,7 +99,7 @@ int main(int argc, char *argv[]) { log_parse_environment(); log_open(); udev_set_log_fn(udev, udev_main_log); - label_init("/dev"); + mac_selinux_init("/dev"); while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0) switch (c) { @@ -137,7 +137,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "%s: missing or unknown command\n", program_invocation_short_name); rc = 2; out: - label_finish(); + mac_selinux_finish(); udev_unref(udev); log_close(); return rc; diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 29ccb518e6..2e6c71352f 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -1139,7 +1139,7 @@ int main(int argc, char *argv[]) { goto exit; } - r = label_init("/dev"); + r = mac_selinux_init("/dev"); if (r < 0) { log_error("could not initialize labelling: %s", strerror(-r)); goto exit; @@ -1542,7 +1542,7 @@ exit_daemonize: udev_monitor_unref(monitor); udev_ctrl_connection_unref(ctrl_conn); udev_ctrl_unref(udev_ctrl); - label_finish(); + mac_selinux_finish(); udev_unref(udev); log_close(); return rc; diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c index db106b5ab4..d48e4f76d5 100644 --- a/src/update-done/update-done.c +++ b/src/update-done/update-done.c @@ -61,7 +61,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) { /* The timestamp file doesn't exist yet? Then let's create it. */ - r = label_context_set(path, S_IFREG); + r = mac_selinux_context_set(path, S_IFREG); if (r < 0) { log_error("Failed to set SELinux context for %s: %s", path, strerror(-r)); @@ -69,7 +69,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) { } fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644); - label_context_clear(); + mac_selinux_context_clear(); if (fd < 0) { @@ -112,7 +112,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - r = label_init(NULL); + r = mac_selinux_init(NULL); if (r < 0) { log_error("SELinux setup failed: %s", strerror(-r)); goto finish; |