Home | History | Annotate | Download | only in src 
      1 /*
      2  * User-supplied callbacks and default implementations.
      3  * Class and permission mappings.
      4  */
      5 
      6 #include <stdio.h>
      7 #include <stdlib.h>
      8 #include <stdarg.h>
      9 #include <errno.h>
     10 #include <selinux/selinux.h>
     11 #include "callbacks.h"
     12 
     13 /* default implementations */
     14 static int __attribute__ ((format(printf, 2, 3)))
     15 default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
     16 {
     17 	int rc;
     18 	va_list ap;
     19 	va_start(ap, fmt);
     20 	rc = vfprintf(stderr, fmt, ap);
     21 	va_end(ap);
     22 	return rc;
     23 }
     24 
     25 static int
     26 default_selinux_audit(void *ptr __attribute__((unused)),
     27 		      security_class_t cls __attribute__((unused)),
     28 		      char *buf __attribute__((unused)),
     29 		      size_t len __attribute__((unused)))
     30 {
     31 	return 0;
     32 }
     33 
     34 static int
     35 default_selinux_validate(char **ctx)
     36 {
     37 #ifndef BUILD_HOST
     38 	return security_check_context(*ctx);
     39 #else
     40 	(void) ctx;
     41 	return 0;
     42 #endif
     43 }
     44 
     45 static int
     46 default_selinux_setenforce(int enforcing __attribute__((unused)))
     47 {
     48 	return 0;
     49 }
     50 
     51 static int
     52 default_selinux_policyload(int seqno __attribute__((unused)))
     53 {
     54 	return 0;
     55 }
     56 
     57 /* callback pointers */
     58 int __attribute__ ((format(printf, 2, 3)))
     59 (*selinux_log)(int, const char *, ...) =
     60 	default_selinux_log;
     61 
     62 int
     63 (*selinux_audit) (void *, security_class_t, char *, size_t) =
     64 	default_selinux_audit;
     65 
     66 int
     67 (*selinux_validate)(char **ctx) =
     68 	default_selinux_validate;
     69 
     70 int
     71 (*selinux_netlink_setenforce) (int enforcing) =
     72 	default_selinux_setenforce;
     73 
     74 int
     75 (*selinux_netlink_policyload) (int seqno) =
     76 	default_selinux_policyload;
     77 
     78 /* callback setting function */
     79 void
     80 selinux_set_callback(int type, union selinux_callback cb)
     81 {
     82 	switch (type) {
     83 	case SELINUX_CB_LOG:
     84 		selinux_log = cb.func_log;
     85 		break;
     86 	case SELINUX_CB_AUDIT:
     87 		selinux_audit = cb.func_audit;
     88 		break;
     89 	case SELINUX_CB_VALIDATE:
     90 		selinux_validate = cb.func_validate;
     91 		break;
     92 	case SELINUX_CB_SETENFORCE:
     93 		selinux_netlink_setenforce = cb.func_setenforce;
     94 		break;
     95 	case SELINUX_CB_POLICYLOAD:
     96 		selinux_netlink_policyload = cb.func_policyload;
     97 		break;
     98 	}
     99 }
    100 
    101 /* callback getting function */
    102 union selinux_callback
    103 selinux_get_callback(int type)
    104 {
    105 	union selinux_callback cb;
    106 
    107 	switch (type) {
    108 	case SELINUX_CB_LOG:
    109 		cb.func_log = selinux_log;
    110 		break;
    111 	case SELINUX_CB_AUDIT:
    112 		cb.func_audit = selinux_audit;
    113 		break;
    114 	case SELINUX_CB_VALIDATE:
    115 		cb.func_validate = selinux_validate;
    116 		break;
    117 	case SELINUX_CB_SETENFORCE:
    118 		cb.func_setenforce = selinux_netlink_setenforce;
    119 		break;
    120 	case SELINUX_CB_POLICYLOAD:
    121 		cb.func_policyload = selinux_netlink_policyload;
    122 		break;
    123 	default:
    124 		memset(&cb, 0, sizeof(cb));
    125 		errno = EINVAL;
    126 		break;
    127 	}
    128 	return cb;
    129 }
    130