Stephen Smalley | f074036 | 2012-01-04 12:30:47 -0500 | [diff] [blame] | 1 | #include <unistd.h> |
| 2 | #include <sys/types.h> |
| 3 | #include <stdlib.h> |
| 4 | #include <errno.h> |
| 5 | #include "selinux_internal.h" |
| 6 | #include <selinux/avc.h> |
| 7 | |
| 8 | static pthread_once_t once = PTHREAD_ONCE_INIT; |
| 9 | |
| 10 | static void avc_init_once(void) |
| 11 | { |
| 12 | avc_open(NULL, 0); |
| 13 | } |
| 14 | |
| 15 | int selinux_check_access(const security_context_t scon, const security_context_t tcon, const char *class, const char *perm, void *aux) { |
| 16 | int status = -1; |
| 17 | int rc = -1; |
| 18 | security_id_t scon_id; |
| 19 | security_id_t tcon_id; |
| 20 | security_class_t sclass; |
| 21 | access_vector_t av; |
| 22 | |
| 23 | if (is_selinux_enabled() == 0) |
| 24 | return 0; |
| 25 | |
| 26 | __selinux_once(once, avc_init_once); |
| 27 | |
| 28 | if ((rc = avc_context_to_sid(scon, &scon_id)) < 0) return rc; |
| 29 | |
| 30 | if ((rc = avc_context_to_sid(tcon, &tcon_id)) < 0) return rc; |
| 31 | |
| 32 | if ((sclass = string_to_security_class(class)) == 0) return status; |
| 33 | |
| 34 | if ((av = string_to_av_perm(sclass, perm)) == 0) return status; |
| 35 | |
| 36 | return avc_has_perm (scon_id, tcon_id, sclass, av, NULL, aux); |
| 37 | } |
| 38 | |