Logo Search packages:      
Sourcecode: joe version File versions  Download package

selinux.c

/*
 * Example code to show how to copy the security context from one file to
 * another.
 */
#include "types.h"

#ifdef WITH_SELINUX
#include <selinux/selinux.h>
static int selinux_enabled = -1;
#endif

int
copy_security_context(const char *from_file, const char *to_file)
{
      int status = 0;
#ifdef WITH_SELINUX
      security_context_t from_context;
      security_context_t to_context;

      if (selinux_enabled == -1)
            selinux_enabled = (is_selinux_enabled() > 0);

      if (!selinux_enabled)
            return 0;

      if (getfilecon(from_file, &from_context) < 0) {
            /*
             * If the filesystem doesn't support extended
             * attributes, the original had no special security
             * context and the target cannot have one either.
             */
            if (errno == EOPNOTSUPP)
                  return 0;

            error(0, errno, (char *)joe_gettext(_("Could not get security context for %s")),
                  from_file);
            return 1;
      }

      if (getfilecon(to_file, &to_context) < 0) {
            MSG_PUTS(_(joe_gettext(_("\nCould not get security context for "))));
            msg_outtrans(to_file);
            msg_putchar('\n');
            freecon(from_context);
            return 1;
      }

      if (zcmp(from_context, to_context) != 0) {
            if (setfilecon(to_file, from_context) < 0) {
                  error(0, errno,
                        (char *)joe_gettext(_("Could not set security context for %s")),
                        to_file);
                  status = 1;
            }
      }

      freecon(to_context);
      freecon(from_context);
#endif
      return status;
}

int
match_default_security_context(const char *from_file)
{
#ifdef WITH_SELINUX
      security_context_t scontext;

      if (selinux_enabled == -1)
            selinux_enabled = (is_selinux_enabled() > 0);

      if (!selinux_enabled)
            return 0;

      if (getfilecon(from_file, &scontext) < 0) {
            /*
             * If the filesystem doesn't support extended
             * attributes, the original had no special security
             * context and the target cannot have one either.
             */
            if (errno == EOPNOTSUPP)
                  return 0;

            error(0, errno, (char *)joe_gettext(_("Could not get security context for %s")),
                  from_file);
            return 1;
      }

      if (setfscreatecon(scontext) < 0) {
            error(0, errno,
                  (char *)joe_gettext(_("Could not set default security context for %s")),
                  from_file);
            freecon(scontext);
            return 1;
      }
      freecon(scontext);
#endif
      return 0;
}


int
reset_default_security_context()
{
#ifdef WITH_SELINUX
      if (selinux_enabled == -1)
            selinux_enabled = (is_selinux_enabled() > 0);

      if (!selinux_enabled)
            return 0;

      if (setfscreatecon(0) < 0) {
            error(0, errno, (char *)joe_gettext(_("Could not reset default security context")));
            return 1;
      }
#endif
      return 0;
}


int
output_security_context(char *from_file)
{
#ifdef WITH_SELINUX
      security_context_t scontext;

      if (selinux_enabled == -1)
            selinux_enabled = (is_selinux_enabled() > 0);
      if (!selinux_enabled)
            return 0;

      if (getfilecon(from_file, &scontext) < 0) {
            /*
             * If the filesystem doesn't support extended
             * attributes, the original had no special security
             * context and the target cannot have one either.
             */
            if (errno == EOPNOTSUPP)
                  return 0;
            
            error(0, errno,(char *)joe_gettext(_("Could not get security context for %s")),
                  from_file);
            return 1;
      }

      error(0, 0, (char *)joe_gettext(_("%s Security Context %s")), from_file, scontext);
      freecon(scontext);
#endif
      return 0;
}

#if 0

/*
  Test program compile using the following command
  cc -o t t.c -DWITH_SELINUX -DTEST -lselinux
 */

#include <stdio.h>
#include <stdlib.h>
main(int argc, char **argv)
{

      printf("%d: %s\n", argc, argv[1]);
      if (argc == 3) {
            copy_security_context(argv[1], argv[2]);
            output_security_context(argv[2]);
      }
      if (argc == 2) {
            FILE *fd;
            char *temp;
            match_default_security_context(argv[1]);
            mkstemp(temp);
            printf("temp=%s", temp);
            fd = fopen(temp, "w");
            fclose(fd);
            output_security_context(temp);
            reset_default_security_context();
      }
}
#endif

Generated by  Doxygen 1.6.0   Back to index