1 /* lsm.h - header file for lib directory 2 * 3 * Copyright 2015 Rob Landley <rob (at) landley.net> 4 */ 5 6 #include <sys/xattr.h> 7 8 #if CFG_TOYBOX_SELINUX 9 #include <selinux/selinux.h> 10 #else 11 #define is_selinux_enabled() 0 12 #define setfscreatecon(...) (-1) 13 #define getcon(...) (-1) 14 #define getfilecon(...) (-1) 15 #define lgetfilecon(...) (-1) 16 #define fgetfilecon(...) (-1) 17 #define setfilecon(...) (-1) 18 #define lsetfilecon(...) (-1) 19 #define fsetfilecon(...) (-1) 20 #endif 21 22 #if CFG_TOYBOX_SMACK 23 #include <sys/smack.h> 24 #include <linux/xattr.h> 25 #else 26 #ifndef XATTR_NAME_SMACK 27 #define XATTR_NAME_SMACK 0 28 #endif 29 //ssize_t fgetxattr (int fd, char *name, void *value, size_t size); 30 #define smack_smackfs_path(...) (-1) 31 #define smack_new_label_from_self(...) (-1) 32 #define smack_new_label_from_path(...) (-1) 33 #define smack_new_label_from_file(...) (-1) 34 #define smack_set_label_for_self(...) (-1) 35 #define smack_set_label_for_path(...) (-1) 36 #define smack_set_label_for_file(...) (-1) 37 #endif 38 39 // This turns into "return 0" when no LSM and lets code optimize out. 40 static inline int lsm_enabled(void) 41 { 42 if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path(); 43 else return is_selinux_enabled() == 1; 44 } 45 46 static inline char *lsm_name(void) 47 { 48 if (CFG_TOYBOX_SMACK) return "Smack"; 49 if (CFG_TOYBOX_SELINUX) return "SELinux"; 50 51 return "LSM"; 52 } 53 54 // Fetch this process's lsm context 55 static inline char *lsm_context(void) 56 { 57 int ok = 0; 58 char *result; 59 60 if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0; 61 else ok = getcon(&result) == 0; 62 63 return ok ? result : strdup("?"); 64 } 65 66 // Set default label to apply to newly created stuff (NULL to clear it) 67 static inline int lsm_set_create(char *context) 68 { 69 if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context); 70 else return setfscreatecon(context); 71 } 72 73 // Label a file, following symlinks 74 static inline int lsm_set_context(char *filename, char *context) 75 { 76 if (CFG_TOYBOX_SMACK) 77 return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context); 78 else return setfilecon(filename, context); 79 } 80 81 // Label a file, don't follow symlinks 82 static inline int lsm_lset_context(char *filename, char *context) 83 { 84 if (CFG_TOYBOX_SMACK) 85 return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context); 86 else return lsetfilecon(filename, context); 87 } 88 89 // Label a file by filehandle 90 static inline int lsm_fset_context(int file, char *context) 91 { 92 if (CFG_TOYBOX_SMACK) 93 return smack_set_label_for_file(file, XATTR_NAME_SMACK, context); 94 else return fsetfilecon(file, context); 95 } 96 97 // returns -1 in case of error or else the length of the context */ 98 // context can be NULL to get the length only */ 99 static inline int lsm_get_context(char *filename, char **context) 100 { 101 if (CFG_TOYBOX_SMACK) 102 return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context); 103 else return getfilecon(filename, context); 104 } 105 106 static inline int lsm_lget_context(char *filename, char **context) 107 { 108 if (CFG_TOYBOX_SMACK) 109 return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context); 110 else return lgetfilecon(filename, context); 111 } 112 113 static inline int lsm_fget_context(int file, char **context) 114 { 115 if (CFG_TOYBOX_SMACK) 116 return smack_new_label_from_file(file, XATTR_NAME_SMACK, context); 117 return fgetfilecon(file, context); 118 } 119