1 #include <unistd.h> 2 #include <sys/types.h> 3 #include <stdlib.h> 4 #include <errno.h> 5 #include "selinux_internal.h" 6 #include <selinux/avc.h> 7 8 static pthread_once_t once = PTHREAD_ONCE_INIT; 9 static int selinux_enabled; 10 11 static void avc_init_once(void) 12 { 13 selinux_enabled = is_selinux_enabled(); 14 if (selinux_enabled == 1) 15 avc_open(NULL, 0); 16 } 17 18 int selinux_check_access(const security_context_t scon, const security_context_t tcon, const char *class, const char *perm, void *aux) { 19 int status = -1; 20 int rc = -1; 21 security_id_t scon_id; 22 security_id_t tcon_id; 23 security_class_t sclass; 24 access_vector_t av; 25 26 __selinux_once(once, avc_init_once); 27 28 if (selinux_enabled != 1) 29 return 0; 30 31 if ((rc = avc_context_to_sid(scon, &scon_id)) < 0) return rc; 32 33 if ((rc = avc_context_to_sid(tcon, &tcon_id)) < 0) return rc; 34 35 if ((sclass = string_to_security_class(class)) == 0) return status; 36 37 if ((av = string_to_av_perm(sclass, perm)) == 0) return status; 38 39 return avc_has_perm (scon_id, tcon_id, sclass, av, NULL, aux); 40 } 41 42
