Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / selinux / 93e557cab6deeec09a9dc3294dba2a830ce27587 / . / libselinux / src / setexecfilecon.c
blob: e72ba0d9888015aeab6acf988eedb8247b9e5701 [file] [log] [blame]
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]1#include <unistd.h>
2#include <fcntl.h>
3#include <string.h>
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]4#include "selinux_internal.h"
5#include "context_internal.h"
6
Guillem Jovera2737332012-11-20 16:27:55 +0100[diff] [blame]7int setexecfilecon(const char *filename, const char *fallback_type)
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]8{
Stephen Smalley9eb9c932014-02-19 09:16:17 -0500[diff] [blame]9 char * mycon = NULL, *fcon = NULL, *newcon = NULL;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]10 context_t con = NULL;
11 int rc = 0;
12
13 if (is_selinux_enabled() < 1)
Guillem Jovera2737332012-11-20 16:27:55 +0100[diff] [blame]14 return 0;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]15
16 rc = getcon(&mycon);
17 if (rc < 0)
18 goto out;
19
20 rc = getfilecon(filename, &fcon);
21 if (rc < 0)
22 goto out;
23
Stephen Smalley76913d82014-07-09 13:25:56 -0400[diff] [blame]24 rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &newcon);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]25 if (rc < 0)
26 goto out;
27
28 if (!strcmp(mycon, newcon)) {
Guillem Jovera2737332012-11-20 16:27:55 +0100[diff] [blame]29 /* No default transition, use fallback_type for now. */
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]30 rc = -1;
31 con = context_new(mycon);
32 if (!con)
33 goto out;
Guillem Jovera2737332012-11-20 16:27:55 +0100[diff] [blame]34 if (context_type_set(con, fallback_type))
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]35 goto out;
36 freecon(newcon);
37 newcon = strdup(context_str(con));
38 if (!newcon)
39 goto out;
40 rc = 0;
41 }
42
43 rc = setexeccon(newcon);
44 if (rc < 0)
45 goto out;
46 out:
47
Guillem Jovera2737332012-11-20 16:27:55 +0100[diff] [blame]48 if (rc < 0 && security_getenforce() == 0)
49 rc = 0;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]50
51 context_free(con);
52 freecon(newcon);
53 freecon(fcon);
54 freecon(mycon);
55 return rc < 0 ? rc : 0;
56}
Guillem Jovera2737332012-11-20 16:27:55 +0100[diff] [blame]57
58#ifndef DISABLE_RPM
59int rpm_execcon(unsigned int verified __attribute__ ((unused)),
60 const char *filename, char *const argv[], char *const envp[])
61{
62 int rc;
63
64 rc = setexecfilecon(filename, "rpm_script_t");
65 if (rc < 0)
66 return rc;
67
68 return execve(filename, argv, envp);
69}
70#endif