Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / libselinux / fae1cf59f83fbca62f40b11638632076a288e85d / . / src / checkAccess.c
blob: f5b3a873a0724abb6de139418960c7baa382910f [file] [log] [blame]
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]1#include <unistd.h>
2#include <sys/types.h>
3#include <stdlib.h>
4#include <errno.h>
5#include "selinux_internal.h"
6#include <selinux/avc.h>
7
8static pthread_once_t once = PTHREAD_ONCE_INIT;
9
10static void avc_init_once(void)
11{
12 avc_open(NULL, 0);
13}
14
15int selinux_check_access(const security_context_t scon, const security_context_t tcon, const char *class, const char *perm, void *aux) {
16 int status = -1;
17 int rc = -1;
18 security_id_t scon_id;
19 security_id_t tcon_id;
20 security_class_t sclass;
21 access_vector_t av;
22
23 if (is_selinux_enabled() == 0)
24 return 0;
25
26 __selinux_once(once, avc_init_once);
27
28 if ((rc = avc_context_to_sid(scon, &scon_id)) < 0) return rc;
29
30 if ((rc = avc_context_to_sid(tcon, &tcon_id)) < 0) return rc;
31
32 if ((sclass = string_to_security_class(class)) == 0) return status;
33
34 if ((av = string_to_av_perm(sclass, perm)) == 0) return status;
35
36 return avc_has_perm (scon_id, tcon_id, sclass, av, NULL, aux);
37}
38