diff options
Diffstat (limited to 'udev/lib')
| -rw-r--r-- | udev/lib/Makefile.am | 5 | ||||
| -rw-r--r-- | udev/lib/libudev.c | 83 | ||||
| -rw-r--r-- | udev/lib/libudev.h | 3 |
3 files changed, 84 insertions, 7 deletions
diff --git a/udev/lib/Makefile.am b/udev/lib/Makefile.am index 630888d3d9..95dd46e92f 100644 --- a/udev/lib/Makefile.am +++ b/udev/lib/Makefile.am @@ -38,11 +38,6 @@ libudev_la_SOURCES =\ ../udev_db.c \ ../udev_sysdeps.c -if USE_SELINUX -libudev_la_SOURCES += \ - ../udev_selinux.c -endif - libudev_la_LDFLAGS = \ -version-info $(LIBUDEV_LT_CURRENT):$(LIBUDEV_LT_REVISION):$(LIBUDEV_LT_AGE) \ -export-symbols $(top_srcdir)/udev/lib/exported_symbols diff --git a/udev/lib/libudev.c b/udev/lib/libudev.c index 09e1bec1bf..4e258bd2ce 100644 --- a/udev/lib/libudev.c +++ b/udev/lib/libudev.c @@ -27,6 +27,9 @@ #include <errno.h> #include <string.h> #include <ctype.h> +#ifdef USE_SELINUX +#include <selinux/selinux.h> +#endif #include "libudev.h" #include "libudev-private.h" @@ -41,6 +44,10 @@ struct udev { char *dev_path; char *rules_path; int log_priority; +#ifdef USE_SELINUX + int selinux_enabled; + security_context_t selinux_prev_scontext; +#endif int run:1; }; @@ -66,6 +73,78 @@ static void log_stderr(struct udev *udev, vfprintf(stderr, format, args); } +static void selinux_init(struct udev *udev) +{ +#ifdef USE_SELINUX + /* + * record the present security context, for file-creation + * restoration creation purposes. + */ + udev->selinux_enabled = (is_selinux_enabled() > 0); + if (udev->selinux_enabled) { + matchpathcon_init_prefix(NULL, udev_get_dev_path(udev)); + if (getfscreatecon(&udev->selinux_prev_scontext) < 0) { + err(udev, "getfscreatecon failed\n"); + udev->selinux_prev_scontext = NULL; + } + } +#endif +} + +static void selinux_exit(struct udev *udev) +{ +#ifdef USE_SELINUX + if (udev->selinux_enabled) { + freecon(udev->selinux_prev_scontext); + udev->selinux_prev_scontext = NULL; + } +#endif +} + +void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode) +{ +#ifdef USE_SELINUX + if (udev->selinux_enabled) { + security_context_t scontext = NULL; + + if (matchpathcon(file, mode, &scontext) < 0) { + err(udev, "matchpathcon(%s) failed\n", file); + return; + } + if (lsetfilecon(file, scontext) < 0) + err(udev, "setfilecon %s failed: %s\n", file, strerror(errno)); + freecon(scontext); + } +#endif +} + +void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode) +{ +#ifdef USE_SELINUX + if (udev->selinux_enabled) { + security_context_t scontext = NULL; + + if (matchpathcon(file, mode, &scontext) < 0) { + err(udev, "matchpathcon(%s) failed\n", file); + return; + } + if (setfscreatecon(scontext) < 0) + err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno)); + freecon(scontext); + } +#endif +} + +void udev_selinux_resetfscreatecon(struct udev *udev) +{ +#ifdef USE_SELINUX + if (udev->selinux_enabled) { + if (setfscreatecon(udev->selinux_prev_scontext) < 0) + err(udev, "setfscreatecon failed: %s\n", strerror(errno)); + } +#endif +} + /** * udev_new: * @@ -88,9 +167,8 @@ struct udev *udev_new(void) return NULL; memset(udev, 0x00, (sizeof(struct udev))); + selinux_init(udev); sysfs_init(); - - /* defaults */ udev->refcount = 1; udev->log_fn = log_stderr; udev->log_priority = LOG_ERR; @@ -270,6 +348,7 @@ void udev_unref(struct udev *udev) if (udev->refcount > 0) return; sysfs_cleanup(); + selinux_exit(udev); free(udev->dev_path); free(udev->sys_path); free(udev->rules_path); diff --git a/udev/lib/libudev.h b/udev/lib/libudev.h index 2fd990f92e..e1eed568f9 100644 --- a/udev/lib/libudev.h +++ b/udev/lib/libudev.h @@ -40,6 +40,9 @@ extern int udev_get_log_priority(struct udev *udev); extern void udev_set_log_priority(struct udev *udev, int priority); extern const char *udev_get_sys_path(struct udev *udev); extern const char *udev_get_dev_path(struct udev *udev); +extern void udev_selinux_resetfscreatecon(struct udev *udev); +extern void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode); +extern void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode); struct udev_device; extern struct udev_device *udev_device_new_from_devpath(struct udev *udev, const char *devpath); |