Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / libselinux / refs/heads/fp2-sibon / . / src / checkAccess.c
blob: 2fb22d98bfd4b80d0a7090b584cb38535faf013a [file] [log] [blame]
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]1#include <unistd.h>
2#include <sys/types.h>
3#include <stdlib.h>
4#include <errno.h>
5#include "selinux_internal.h"
6#include <selinux/avc.h>
7
8static pthread_once_t once = PTHREAD_ONCE_INIT;
Stephen Smalley8aeb5c52012-09-14 13:55:43 -0400[diff] [blame]9static int selinux_enabled;
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]10
11static void avc_init_once(void)
12{
Stephen Smalley8aeb5c52012-09-14 13:55:43 -0400[diff] [blame]13 selinux_enabled = is_selinux_enabled();
14 if (selinux_enabled == 1)
15 avc_open(NULL, 0);
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]16}
17
Stephen Smalleyab40ea92014-02-19 09:16:17 -0500[diff] [blame]18int selinux_check_access(const char * scon, const char * tcon, const char *class, const char *perm, void *aux) {
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]19 int status = -1;
20 int rc = -1;
21 security_id_t scon_id;
22 security_id_t tcon_id;
23 security_class_t sclass;
24 access_vector_t av;
25
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]26 __selinux_once(once, avc_init_once);
27
Stephen Smalley8aeb5c52012-09-14 13:55:43 -0400[diff] [blame]28 if (selinux_enabled != 1)
29 return 0;
30
Stephen Smalleyf0740362012-01-04 12:30:47 -0500[diff] [blame]31 if ((rc = avc_context_to_sid(scon, &scon_id)) < 0) return rc;
32
33 if ((rc = avc_context_to_sid(tcon, &tcon_id)) < 0) return rc;
34
35 if ((sclass = string_to_security_class(class)) == 0) return status;
36
37 if ((av = string_to_av_perm(sclass, perm)) == 0) return status;
38
39 return avc_has_perm (scon_id, tcon_id, sclass, av, NULL, aux);
40}
41