Line data    Source code

       1             : /*
       2             :    SSSD
       3             : 
       4             :    selinux.c
       5             : 
       6             :    Copyright (C) Jakub Hrozek <jhrozek@redhat.com>        2010
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             :    You should have received a copy of the GNU General Public License
      19             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      20             : */
      21             : 
      22             : #include "config.h"
      23             : 
      24             : #include <stdio.h>
      25             : 
      26             : #ifdef HAVE_SELINUX
      27             : #include <selinux/selinux.h>
      28             : #endif
      29             : 
      30             : #include "tools/tools_util.h"
      31             : 
      32             : #ifdef HAVE_SELINUX
      33             : /*
      34             :  * selinux_file_context - Set the security context before any file or
      35             :  *                        directory creation.
      36             :  *
      37             :  *  selinux_file_context () should be called before any creation of file,
      38             :  *  symlink, directory, ...
      39             :  *
      40             :  *  Callers may have to Reset SELinux to create files with default
      41             :  *  contexts:
      42             :  *      reset_selinux_file_context();
      43             :  */
      44           4 : int selinux_file_context(const char *dst_name)
      45             : {
      46           4 :     security_context_t scontext = NULL;
      47             : 
      48           4 :     if (is_selinux_enabled() == 1) {
      49             :         /* Get the default security context for this file */
      50           4 :         if (matchpathcon(dst_name, 0, &scontext) < 0) {
      51           4 :             if (security_getenforce () != 0) {
      52           4 :                 return 1;
      53             :             }
      54             :         }
      55             :         /* Set the security context for the next created file */
      56           0 :         if (setfscreatecon(scontext) < 0) {
      57           0 :             if (security_getenforce() != 0) {
      58           0 :                 return 1;
      59             :             }
      60             :         }
      61           0 :         freecon(scontext);
      62             :     }
      63             : 
      64           0 :     return 0;
      65             : }
      66             : 
      67           3 : int reset_selinux_file_context(void)
      68             : {
      69           3 :     setfscreatecon(NULL);
      70           3 :     return EOK;
      71             : }
      72             : 
      73             : #else   /* HAVE_SELINUX */
      74             : int selinux_file_context(const char *dst_name)
      75             : {
      76             :     return EOK;
      77             : }
      78             : 
      79             : int reset_selinux_file_context(void)
      80             : {
      81             :     return EOK;
      82             : }
      83             : #endif  /* HAVE_SELINUX */