Blame - src/label.c - platform/external/libselinux

blob: fb8c266775c1ed83ba40bbc31da0695392d201b8 [file] [log] [blame]

Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	1	/*
				2	* Generalized labeling frontend for userspace object managers.
				3	*
				4	* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
				5	*/
				6
				7	#include <sys/types.h>
				8	#include <ctype.h>
				9	#include <errno.h>
				10	#include <stdio.h>
				11	#include <stdlib.h>
				12	#include <string.h>
				13	#include <selinux/selinux.h>
				14	#include "callbacks.h"
				15	#include "label_internal.h"
				16
				17	#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
				18
				19	typedef int (selabel_initfunc)(struct selabel_handle rec,
Stephen Smalley	a2e47cd	2012-06-11 13:35:34 -0400	[diff] [blame]	20	const struct selinux_opt *opts,
				21	unsigned nopts);
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	22
				23	static selabel_initfunc initfuncs[] = {
				24	&selabel_file_init,
Stephen Smalley	35b0108	2012-04-04 10:06:13 -0400	[diff] [blame]	25	NULL,
				26	NULL,
				27	NULL,
				28	&selabel_property_init,
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	29	};
				30
				31	/*
				32	* Validation functions
				33	*/
				34
Stephen Smalley	a2e47cd	2012-06-11 13:35:34 -0400	[diff] [blame]	35	static inline int selabel_is_validate_set(const struct selinux_opt *opts,
				36	unsigned n)
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	37	{
				38	while (n--)
				39	if (opts[n].type == SELABEL_OPT_VALIDATE)
				40	return !!opts[n].value;
				41
				42	return 0;
				43	}
				44
				45	int selabel_validate(struct selabel_handle *rec,
				46	struct selabel_lookup_rec *contexts)
				47	{
				48	int rc = 0;
				49
				50	if (!rec->validating \|\| contexts->validated)
				51	goto out;
				52
				53	rc = selinux_validate(&contexts->ctx_raw);
				54	if (rc < 0)
				55	goto out;
				56
				57	contexts->validated = 1;
				58	out:
				59	return rc;
				60	}
				61
				62	/*
				63	* Public API
				64	*/
				65
				66	struct selabel_handle *selabel_open(unsigned int backend,
Stephen Smalley	a2e47cd	2012-06-11 13:35:34 -0400	[diff] [blame]	67	const struct selinux_opt *opts,
				68	unsigned nopts)
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	69	{
				70	struct selabel_handle *rec = NULL;
				71
				72	if (backend >= ARRAY_SIZE(initfuncs)) {
				73	errno = EINVAL;
				74	goto out;
				75	}
				76
Stephen Smalley	35b0108	2012-04-04 10:06:13 -0400	[diff] [blame]	77	if (initfuncs[backend] == NULL)
				78	goto out;
				79
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	80	rec = (struct selabel_handle )malloc(sizeof(rec));
				81	if (!rec)
				82	goto out;
				83
				84	memset(rec, 0, sizeof(*rec));
				85	rec->backend = backend;
				86	rec->validating = selabel_is_validate_set(opts, nopts);
				87
				88	if ((*initfuncs[backend])(rec, opts, nopts)) {
William Roberts	0f520fa	2015-10-22 12:26:01 -0700	[diff] [blame]	89	free(rec->spec_file);
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	90	free(rec);
				91	rec = NULL;
				92	}
				93
				94	out:
				95	return rec;
				96	}
				97
				98	static struct selabel_lookup_rec *
Nick Kralevich	b1ae15a	2013-07-11 17:35:53 -0700	[diff] [blame]	99	selabel_lookup_common(struct selabel_handle *rec,
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	100	const char *key, int type)
				101	{
				102	struct selabel_lookup_rec *lr;
				103	lr = rec->func_lookup(rec, key, type);
				104	if (!lr)
				105	return NULL;
				106
				107	return lr;
				108	}
				109
Stephen Smalley	ab40ea9	2014-02-19 09:16:17 -0500	[diff] [blame]	110	int selabel_lookup(struct selabel_handle rec, char *con,
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	111	const char *key, int type)
				112	{
				113	struct selabel_lookup_rec *lr;
				114
Nick Kralevich	b1ae15a	2013-07-11 17:35:53 -0700	[diff] [blame]	115	lr = selabel_lookup_common(rec, key, type);
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	116	if (!lr)
				117	return -1;
				118
				119	*con = strdup(lr->ctx_raw);
				120	return *con ? 0 : -1;
				121	}
				122
Stephen Smalley	0e7340f	2014-04-30 15:13:30 -0700	[diff] [blame]	123	bool selabel_partial_match(struct selabel_handle rec, const char key)
				124	{
				125	if (!rec->func_partial_match) {
				126	/*
				127	* If the label backend does not support partial matching,
				128	* then assume a match is possible.
				129	*/
				130	return true;
				131	}
				132	return rec->func_partial_match(rec, key);
				133	}
				134
Stephen Smalley	be7f5e8	2014-06-12 12:21:13 -0400	[diff] [blame]	135	int selabel_lookup_best_match(struct selabel_handle rec, char *con,
				136	const char key, const char *aliases, int type)
				137	{
				138	struct selabel_lookup_rec *lr;
				139
				140	if (!rec->func_lookup_best_match) {
				141	errno = ENOTSUP;
				142	return -1;
				143	}
				144
				145	lr = rec->func_lookup_best_match(rec, key, aliases, type);
				146	if (!lr)
				147	return -1;
				148
				149	*con = strdup(lr->ctx_raw);
				150	return *con ? 0 : -1;
				151	}
				152
Stephen Smalley	8b40b9c	2015-08-05 11:35:23 -0400	[diff] [blame]	153	enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
				154	struct selabel_handle *h2)
				155	{
				156	if (!h1->func_cmp \|\| h1->func_cmp != h2->func_cmp)
				157	return SELABEL_INCOMPARABLE;
				158
				159	return h1->func_cmp(h1, h2);
				160	}
				161
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	162	void selabel_close(struct selabel_handle *rec)
				163	{
				164	rec->func_close(rec);
William Roberts	0f520fa	2015-10-22 12:26:01 -0700	[diff] [blame]	165	free(rec->spec_file);
Stephen Smalley	f074036	2012-01-04 12:30:47 -0500	[diff] [blame]	166	free(rec);
				167	}
				168
				169	void selabel_stats(struct selabel_handle *rec)
				170	{
				171	rec->func_stats(rec);
				172	}