1 /* lsm.h - header file for lib directory 2 * 3 * Copyright 2015 Rob Landley <rob (at) landley.net> 4 */ 5 6 #if CFG_TOYBOX_SELINUX 7 #include <selinux/selinux.h> 8 #else 9 #define is_selinux_enabled() 0 10 #define setfscreatecon(...) (-1) 11 #define getcon(...) (-1) 12 #define getfilecon(...) (-1) 13 #define lgetfilecon(...) (-1) 14 #define fgetfilecon(...) (-1) 15 #define setfilecon(...) (-1) 16 #define lsetfilecon(...) (-1) 17 #define fsetfilecon(...) (-1) 18 #endif 19 20 #if CFG_TOYBOX_SMACK 21 #include <sys/smack.h> 22 #include <linux/xattr.h> 23 #else 24 #ifndef XATTR_NAME_SMACK 25 #define XATTR_NAME_SMACK 0 26 #endif 27 //ssize_t fgetxattr (int fd, char *name, void *value, size_t size); 28 #define smack_smackfs_path(...) (-1) 29 #define smack_new_label_from_self(...) (-1) 30 #define smack_new_label_from_path(...) (-1) 31 #define smack_new_label_from_file(...) (-1) 32 #define smack_set_label_for_self(...) (-1) 33 #define smack_set_label_for_path(...) (-1) 34 #define smack_set_label_for_file(...) (-1) 35 #endif 36 37 // This turns into "return 0" when no LSM and lets code optimize out. 38 static inline int lsm_enabled(void) 39 { 40 if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path(); 41 else return is_selinux_enabled() == 1; 42 } 43 44 static inline char *lsm_name(void) 45 { 46 if (CFG_TOYBOX_SMACK) return "Smack"; 47 if (CFG_TOYBOX_SELINUX) return "SELinux"; 48 49 return "LSM"; 50 } 51 52 // Fetch this process's lsm context 53 static inline char *lsm_context(void) 54 { 55 int ok = 0; 56 char *result = 0; 57 58 if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0; 59 else ok = getcon(&result) == 0; 60 61 return ok ? result : strdup("?"); 62 } 63 64 // Set default label to apply to newly created stuff (NULL to clear it) 65 static inline int lsm_set_create(char *context) 66 { 67 if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context); 68 else return setfscreatecon(context); 69 } 70 71 // Label a file, following symlinks 72 static inline int lsm_set_context(char *filename, char *context) 73 { 74 if (CFG_TOYBOX_SMACK) 75 return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context); 76 else return setfilecon(filename, context); 77 } 78 79 // Label a file, don't follow symlinks 80 static inline int lsm_lset_context(char *filename, char *context) 81 { 82 if (CFG_TOYBOX_SMACK) 83 return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context); 84 else return lsetfilecon(filename, context); 85 } 86 87 // Label a file by filehandle 88 static inline int lsm_fset_context(int file, char *context) 89 { 90 if (CFG_TOYBOX_SMACK) 91 return smack_set_label_for_file(file, XATTR_NAME_SMACK, context); 92 else return fsetfilecon(file, context); 93 } 94 95 // returns -1 in case of error or else the length of the context */ 96 // context can be NULL to get the length only */ 97 static inline int lsm_get_context(char *filename, char **context) 98 { 99 if (CFG_TOYBOX_SMACK) 100 return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context); 101 else return getfilecon(filename, context); 102 } 103 104 static inline int lsm_lget_context(char *filename, char **context) 105 { 106 if (CFG_TOYBOX_SMACK) 107 return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context); 108 else return lgetfilecon(filename, context); 109 } 110 111 static inline int lsm_fget_context(int file, char **context) 112 { 113 if (CFG_TOYBOX_SMACK) 114 return smack_new_label_from_file(file, XATTR_NAME_SMACK, context); 115 return fgetfilecon(file, context); 116 } 117