we’ll need to distinguish these for sarge/etch as well
[alioth/jupp.git] / selinux.c
1 #include "config.h"
2
3 __RCSID("$MirOS: contrib/code/jupp/selinux.c,v 1.8 2017/12/02 02:07:31 tg Exp $");
4
5 #if defined(HAVE_SELINUX_HDR) && defined(HAVE_SELINUX_FUN)
6 #define WITH_SELINUX
7 #else
8 #undef WITH_SELINUX
9 #endif
10
11 /*
12  * Example code to show how to copy the security context from one file to
13  * another.
14  */
15 #ifdef WITH_SELINUX
16 #include <selinux/selinux.h>
17 static int selinux_enabled = -1;
18 #include <err.h>
19 #include <errno.h>
20 #include <string.h>
21 #endif
22
23 int
24 copy_security_context(const char *from_file, const char *to_file)
25 {
26         int status = 0;
27 #ifdef WITH_SELINUX
28         security_context_t from_context;
29         security_context_t to_context;
30
31         if (selinux_enabled == -1)
32                 selinux_enabled = (is_selinux_enabled() > 0);
33
34         if (!selinux_enabled)
35                 return 0;
36
37         if (getfilecon(from_file, &from_context) < 0) {
38                 /*
39                  * If the filesystem doesn't support extended
40                  * attributes, the original had no special security
41                  * context and the target cannot have one either.
42                  */
43                 if (errno == EOPNOTSUPP)
44                         return 0;
45
46                 warn("Could not get security context for %s",
47                       from_file);
48                 return 1;
49         }
50
51         if (getfilecon(to_file, &to_context) < 0) {
52 #ifdef _
53                 MSG_PUTS(_("\nCould not get security context for "));
54                 msg_outtrans(to_file);
55                 msg_putchar('\n');
56 #else
57                 warn("Could not get security context for %s",
58                     to_file);
59 #endif
60                 freecon(from_context);
61                 return 1;
62         }
63
64         if (strcmp(from_context, to_context) != 0) {
65                 if (setfilecon(to_file, from_context) < 0) {
66                         warn(
67                               "Could not set security context for %s",
68                               to_file);
69                         status = 1;
70                 }
71         }
72
73         freecon(to_context);
74         freecon(from_context);
75 #endif
76         return status;
77 }
78
79 int
80 match_default_security_context(const char *from_file)
81 {
82 #ifdef WITH_SELINUX
83         security_context_t scontext;
84
85         if (selinux_enabled == -1)
86                 selinux_enabled = (is_selinux_enabled() > 0);
87
88         if (!selinux_enabled)
89                 return 0;
90
91         if (getfilecon(from_file, &scontext) < 0) {
92                 /*
93                  * If the filesystem doesn't support extended
94                  * attributes, the original had no special security
95                  * context and the target cannot have one either.
96                  */
97                 if (errno == EOPNOTSUPP)
98                         return 0;
99
100                 warn("Could not get security context for %s",
101                       from_file);
102                 return 1;
103         }
104
105         if (setfscreatecon(scontext) < 0) {
106                 warn(
107                       "Could not set default security context for %s",
108                       from_file);
109                 freecon(scontext);
110                 return 1;
111         }
112         freecon(scontext);
113 #endif
114         return 0;
115 }
116
117
118 int
119 reset_default_security_context(void)
120 {
121 #ifdef WITH_SELINUX
122         if (selinux_enabled == -1)
123                 selinux_enabled = (is_selinux_enabled() > 0);
124
125         if (!selinux_enabled)
126                 return 0;
127
128         if (setfscreatecon(0) < 0) {
129                 warn("Could not reset default security context");
130                 return 1;
131         }
132 #endif
133         return 0;
134 }
135
136
137 int
138 output_security_context(char *from_file)
139 {
140 #ifdef WITH_SELINUX
141         security_context_t scontext;
142
143         if (selinux_enabled == -1)
144                 selinux_enabled = (is_selinux_enabled() > 0);
145         if (!selinux_enabled)
146                 return 0;
147
148         if (getfilecon(from_file, &scontext) < 0) {
149                 /*
150                  * If the filesystem doesn't support extended
151                  * attributes, the original had no special security
152                  * context and the target cannot have one either.
153                  */
154                 if (errno == EOPNOTSUPP)
155                         return 0;
156
157                 warn("Could not get security context for %s",
158                       from_file);
159                 return 1;
160         }
161
162         fprintf(stderr, "%s Security Context %s", from_file, scontext);
163         freecon(scontext);
164 #endif
165         return 0;
166 }