7 #if defined(WITH_SELINUX)
8 #include <selinux/selinux.h>
9 #if defined(__LCLINT__)
11 extern void freecon( security_context_t con)
14 extern int getfilecon(
const char *
path, security_context_t *con)
16 extern int lgetfilecon(
const char *
path, security_context_t *con)
18 extern int fgetfilecon(
int fd, security_context_t *con)
21 extern int setfilecon(
const char *
path, security_context_t con)
24 extern int lsetfilecon(
const char *
path, security_context_t con)
27 extern int fsetfilecon(
int fd, security_context_t con)
31 extern int getcon( security_context_t *con)
33 extern int getexeccon( security_context_t *con)
35 extern int setexeccon(security_context_t con)
39 extern int security_check_context(security_context_t con)
42 extern int security_getenforce(
void)
46 extern int is_selinux_enabled(
void)
53 #define _RPMSX_INTERNAL
72 #if defined(WITH_SELINUX)
77 sx->fn =
_free(sx->fn);
89 if (_rpmsxPool ==
NULL) {
104 #if defined(WITH_SELINUX)
106 fn = selinux_file_context_path();
108 set_matchpathcon_flags(sx->flags);
111 rc = matchpathcon_init(sx->fn);
114 sx->fn =
_free(sx->fn);
137 #if defined(WITH_SELINUX)
138 static int oneshot = 0;
141 rc = is_selinux_enabled();
143 fprintf(stderr,
"<-- %s(%p) rc %d\n", __FUNCTION__, sx, rc);
153 const char * scon =
NULL;
157 #if defined(WITH_SELINUX)
159 static char nocon[] =
"";
160 int rc = matchpathcon(fn, mode, (security_context_t *)&scon);
167 fprintf(stderr,
"<-- %s(%p,%s,0%o) \"%s\"\n", __FUNCTION__, sx, fn, mode, scon);
173 const char * scon =
NULL;
178 fprintf(stderr,
"--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn);
180 #if defined(WITH_SELINUX)
182 security_context_t _con =
NULL;
183 int rc = getfilecon(fn, &_con);
184 if (rc > 0 && _con !=
NULL)
185 scon = (
const char *) _con;
192 fprintf(stderr,
"<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon);
204 fprintf(stderr,
"--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn);
206 #if defined(WITH_SELINUX)
208 security_context_t _con = (security_context_t)
210 rc = setfilecon(fn, _con);
219 fprintf(stderr,
"<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc);
225 const char * scon =
NULL;
230 fprintf(stderr,
"--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn);
232 #if defined(WITH_SELINUX)
234 security_context_t _con =
NULL;
235 int rc = lgetfilecon(fn, &_con);
236 if (rc > 0 && _con !=
NULL)
237 scon = (
const char *) _con;
244 fprintf(stderr,
"<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon);
256 fprintf(stderr,
"--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn);
258 #if defined(WITH_SELINUX)
260 security_context_t _con = (security_context_t)
262 rc = lsetfilecon(fn, _con);
271 fprintf(stderr,
"<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc);
282 fprintf(stderr,
"--> %s(%p,%d,%p)\n", __FUNCTION__, sx, verified, argv);
284 #if defined(WITH_SELINUX)
285 rc = rpm_execcon(verified, argv[0], (
char *
const *)argv,
environ);
289 fprintf(stderr,
"<-- %s(%p,%d,%p) rc %d\n", __FUNCTION__, sx, verified, argv, rc);
static rpmsx rpmsxGetPool(rpmioPool pool)
const char * rpmsxGetfilecon(rpmsx sx, const char *fn)
Get security context for a file.
int rpmsxLsetfilecon(rpmsx sx, const char *fn, mode_t mode, const char *scon)
char * xstrdup(const char *str)
char * rpmGetPath(const char *path,...)
Return (malloc'ed) expanded, canonicalized, file path.
const char * rpmsxLgetfilecon(rpmsx sx, const char *fn)
int rpmsxEnabled(rpmsx sx)
Return SELinux enabled state.
static PyObject *char * mode
Yet Another syslog(3) API clone.
static const char * _rpmsxI_fn
rpmioItem rpmioGetPool(rpmioPool pool, size_t size)
Get unused item from pool, or alloc a new item.
fprintf(stderr,"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, rsactx, sig, sigp)
static void rpmsxFini(void *_sx)
static rpmsx rpmsxI(void)
int rpmsxExec(rpmsx sx, int verified, const char **argv)
Execute a package scriptlet within SELinux context.
rpmsx rpmsxLink(rpmsx sx)
Reference a SELinux wrapper instance.
return strcmp(ame->name, bme->name)
rpmioPool rpmioNewPool(const char *name, size_t size, int limit, int flags, char *(*dbg)(void *item), void(*init)(void *item), void(*fini)(void *item))
Create a memory pool.
rpmsx rpmsxNew(const char *fn, unsigned int flags)
Create and load a SELinux wrapper.
int rpmsxSetfilecon(rpmsx sx, const char *fn, mode_t mode, const char *scon)
Set security context for a file.
const char * rpmsxMatch(rpmsx sx, const char *fn, mode_t mode)
Return security context for a file.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.