Home | History | Annotate | Download | only in src 
      1 #include <unistd.h>
      2 #include <sys/types.h>
      3 #include <fcntl.h>
      4 #include <stdlib.h>
      5 #include <stdio.h>
      6 #include <errno.h>
      7 #include <string.h>
      8 #include <limits.h>
      9 #include "selinux_internal.h"
     10 #include "policy.h"
     11 #include "mapping.h"
     12 
     13 int security_compute_av(const security_context_t scon,
     14 			const security_context_t tcon,
     15 			security_class_t tclass,
     16 			access_vector_t requested,
     17 			struct av_decision *avd)
     18 {
     19 	char path[PATH_MAX];
     20 	char *buf;
     21 	size_t len;
     22 	int fd, ret;
     23 
     24 	if (!selinux_mnt) {
     25 		errno = ENOENT;
     26 		return -1;
     27 	}
     28 
     29 	snprintf(path, sizeof path, "%s/access", selinux_mnt);
     30 	fd = open(path, O_RDWR);
     31 	if (fd < 0)
     32 		return -1;
     33 
     34 	len = selinux_page_size;
     35 	buf = malloc(len);
     36 	if (!buf) {
     37 		ret = -1;
     38 		goto out;
     39 	}
     40 
     41 	snprintf(buf, len, "%s %s %hu %x", scon, tcon,
     42 		 unmap_class(tclass), unmap_perm(tclass, requested));
     43 
     44 	ret = write(fd, buf, strlen(buf));
     45 	if (ret < 0)
     46 		goto out2;
     47 
     48 	memset(buf, 0, len);
     49 	ret = read(fd, buf, len - 1);
     50 	if (ret < 0)
     51 		goto out2;
     52 
     53 	ret = sscanf(buf, "%x %x %x %x %u %x",
     54 		     &avd->allowed, &avd->decided,
     55 		     &avd->auditallow, &avd->auditdeny,
     56 		     &avd->seqno, &avd->flags);
     57 	if (ret < 5) {
     58 		ret = -1;
     59 		goto out2;
     60 	} else if (ret < 6)
     61 		avd->flags = 0;
     62 
     63 	map_decision(tclass, avd);
     64 
     65 	ret = 0;
     66       out2:
     67 	free(buf);
     68       out:
     69 	close(fd);
     70 	return ret;
     71 }
     72 
     73