aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/lsm.h96
-rw-r--r--lib/portability.h25
2 files changed, 100 insertions, 21 deletions
diff --git a/lib/lsm.h b/lib/lsm.h
new file mode 100644
index 00000000..b16138a4
--- /dev/null
+++ b/lib/lsm.h
@@ -0,0 +1,96 @@
+/* lsm.h - header file for lib directory
+ *
+ * Copyright 2015 Rob Landley <rob@landley.net>
+ */
+
+#if CFG_TOYBOX_SELINUX
+#include <selinux/selinux.h>
+#else
+#define is_selinux_enabled() 0
+#define getcon(...) (-1)
+#define getfilecon(...) (-1)
+#define lgetfilecon(...) (-1)
+#define fgetfilecon(...) (-1)
+#define setfilecon(...) (-1)
+#define lsetfilecon(...) (-1)
+#define fsetfilecon(...) (-1)
+#endif
+
+#if CFG_TOYBOX_SMACK
+#include <sys/smack.h>
+#include <sys/xattr.h>
+#include <linux/xattr.h>
+#else
+#define XATTR_NAME_SMACK 0
+//ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
+#define smack_smackfs_path(...) (-1)
+#define smack_new_label_from_self(...) (-1)
+#define smack_new_label_from_path(...) (-1)
+#define smack_new_label_from_file(...) (-1)
+#define smack_set_label_for_path(...) (-1)
+#define smack_set_label_for_file(...) (-1)
+#endif
+
+// This turns into "return 0" when no LSM and lets code optimize out.
+static inline int lsm_enabled(void)
+{
+ if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
+ else return is_selinux_enabled() == 1;
+}
+
+// Fetch this process's lsm context
+static inline char *lsm_context(void)
+{
+ int ok = 0;
+ char *result;
+
+ if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
+ else ok = getcon(&result) == 0;
+
+ return ok ? result : strdup("?");
+}
+
+static inline int lsm_set_context(char *filename, char *context)
+{
+ if (CFG_TOYBOX_SMACK)
+ return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
+ else return setfilecon(filename, context);
+}
+
+static inline int lsm_lset_context(char *filename, char *context)
+{
+ if (CFG_TOYBOX_SMACK)
+ return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
+ else return lsetfilecon(filename, context);
+}
+
+static inline int lsm_fset_context(int file, char *context)
+{
+ if (CFG_TOYBOX_SMACK)
+ return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
+ else return fsetfilecon(file, context);
+}
+
+
+// returns -1 in case of error or else the length of the context */
+// context can be NULL to get the length only */
+static inline int lsm_get_context(char *filename, char **context)
+{
+ if (CFG_TOYBOX_SMACK)
+ return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
+ else return getfilecon(filename, context);
+}
+
+static inline int lsm_lget_context(char *filename, char **context)
+{
+ if (CFG_TOYBOX_SMACK)
+ return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
+ else return lgetfilecon(filename, context);
+}
+
+static inline int lsm_fget_context(int file, char **context)
+{
+ if (CFG_TOYBOX_SMACK)
+ return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
+ return fgetfilecon(file, context);
+}
diff --git a/lib/portability.h b/lib/portability.h
index aa1ee488..f83cab60 100644
--- a/lib/portability.h
+++ b/lib/portability.h
@@ -225,6 +225,10 @@ ssize_t getline(char **lineptr, size_t *n, FILE *stream);
#define O_NOFOLLOW 0
#endif
+#ifndef O_NOATIME
+#define O_NOATIME 01000000
+#endif
+
#ifndef O_CLOEXEC
#define O_CLOEXEC 02000000
#endif
@@ -247,24 +251,3 @@ pid_t xfork(void);
//#define strncpy(...) @@strncpyisbadmmkay@@
//#define strncat(...) @@strncatisbadmmkay@@
-#if CFG_TOYBOX_SELINUX
-#include <selinux/selinux.h>
-#else
-#define is_selinux_enabled() 0
-int getcon(void* con);
-#endif
-
-#if CFG_TOYBOX_SMACK
-#include <sys/smack.h>
-#include <sys/xattr.h>
-#include <linux/xattr.h>
-#else
-#define smack_new_label_from_path(...) (-1)
-#define smack_set_label_for_path(...) (-1)
-#define smack_set_label_for_self(...) (-1)
-#define XATTR_NAME_SMACK ""
-#define SMACK_LABEL_LEN (1) /* for just ? */
-
-ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
-#endif
-