aboutsummaryrefslogtreecommitdiff
path: root/lib/lsm.h
blob: b16138a4b34d7bc2d18f2bb93ec1844e651f7707 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/* lsm.h - header file for lib directory
 *
 * Copyright 2015 Rob Landley <rob@landley.net>
 */

#if CFG_TOYBOX_SELINUX
#include <selinux/selinux.h>
#else
#define is_selinux_enabled() 0
#define getcon(...) (-1)
#define getfilecon(...) (-1)
#define lgetfilecon(...) (-1)
#define fgetfilecon(...) (-1)
#define setfilecon(...) (-1)
#define lsetfilecon(...) (-1)
#define fsetfilecon(...) (-1)
#endif

#if CFG_TOYBOX_SMACK
#include <sys/smack.h>
#include <sys/xattr.h>
#include <linux/xattr.h>
#else
#define XATTR_NAME_SMACK 0
//ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
#define smack_smackfs_path(...) (-1)
#define smack_new_label_from_self(...) (-1)
#define smack_new_label_from_path(...) (-1)
#define smack_new_label_from_file(...) (-1)
#define smack_set_label_for_path(...) (-1)
#define smack_set_label_for_file(...) (-1)
#endif

// This turns into "return 0" when no LSM and lets code optimize out.
static inline int lsm_enabled(void)
{
  if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
  else return is_selinux_enabled() == 1;
}

// Fetch this process's lsm context
static inline char *lsm_context(void)
{
  int ok = 0;
  char *result;

  if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
  else ok = getcon(&result) == 0;

  return ok ? result : strdup("?");
}

static inline int lsm_set_context(char *filename, char *context)
{
  if (CFG_TOYBOX_SMACK)
    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
  else return setfilecon(filename, context);
}

static inline int lsm_lset_context(char *filename, char *context)
{
  if (CFG_TOYBOX_SMACK)
    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
  else return lsetfilecon(filename, context);
}

static inline int lsm_fset_context(int file, char *context)
{
  if (CFG_TOYBOX_SMACK)
    return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
  else return fsetfilecon(file, context);
}


// returns -1 in case of error or else the length of the context */
// context can be NULL to get the length only */
static inline int lsm_get_context(char *filename, char **context)
{
  if (CFG_TOYBOX_SMACK)
    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
  else return getfilecon(filename, context);
}

static inline int lsm_lget_context(char *filename, char **context)
{
  if (CFG_TOYBOX_SMACK)
    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
  else return lgetfilecon(filename, context);
}

static inline int lsm_fget_context(int file, char **context)
{
  if (CFG_TOYBOX_SMACK)
    return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
  return fgetfilecon(file, context);
}