blob: 6c2c5a88a2fc66be0181e36e66ed7fce5048fe7a [file] [log] [blame]
#include <sys/syscall.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include "selinux_internal.h"
#include "policy.h"
#ifdef HOST
static pid_t gettid(void)
{
return syscall(__NR_gettid);
}
#endif
static int getprocattrcon(security_context_t * context,
pid_t pid, const char *attr)
{
char *path, *buf;
size_t size;
int fd, rc;
ssize_t ret;
pid_t tid;
int errno_hold;
if (pid > 0)
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
else {
tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
}
if (rc < 0)
return -1;
fd = open(path, O_RDONLY);
free(path);
if (fd < 0)
return -1;
size = selinux_page_size;
buf = malloc(size);
if (!buf) {
ret = -1;
goto out;
}
memset(buf, 0, size);
do {
ret = read(fd, buf, size - 1);
} while (ret < 0 && errno == EINTR);
if (ret < 0)
goto out2;
if (ret == 0) {
*context = NULL;
goto out2;
}
*context = strdup(buf);
if (!(*context)) {
ret = -1;
goto out2;
}
ret = 0;
out2:
free(buf);
out:
errno_hold = errno;
close(fd);
errno = errno_hold;
return ret;
}
static int setprocattrcon(security_context_t context,
pid_t pid, const char *attr)
{
char *path;
int fd, rc;
pid_t tid;
ssize_t ret;
int errno_hold;
if (pid > 0)
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
else {
tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
}
if (rc < 0)
return -1;
fd = open(path, O_RDWR);
free(path);
if (fd < 0)
return -1;
if (context)
do {
ret = write(fd, context, strlen(context) + 1);
} while (ret < 0 && errno == EINTR);
else
do {
ret = write(fd, NULL, 0); /* clear */
} while (ret < 0 && errno == EINTR);
errno_hold = errno;
close(fd);
errno = errno_hold;
if (ret < 0)
return -1;
else
return 0;
}
#define getselfattr_def(fn, attr) \
int get##fn(security_context_t *c) \
{ \
return getprocattrcon(c, 0, #attr); \
}
#define setselfattr_def(fn, attr) \
int set##fn(const security_context_t c) \
{ \
return setprocattrcon(c, 0, #attr); \
}
#define all_selfattr_def(fn, attr) \
getselfattr_def(fn, attr) \
setselfattr_def(fn, attr)
#define getpidattr_def(fn, attr) \
int get##fn(pid_t pid, security_context_t *c) \
{ \
return getprocattrcon(c, pid, #attr); \
}
all_selfattr_def(con, current)
getpidattr_def(pidcon, current)
getselfattr_def(prevcon, prev)
all_selfattr_def(execcon, exec)
all_selfattr_def(fscreatecon, fscreate)
all_selfattr_def(sockcreatecon, sockcreate)
all_selfattr_def(keycreatecon, keycreate)
hidden_def(getcon_raw)
hidden_def(getcon)
hidden_def(getexeccon_raw)
hidden_def(getfilecon_raw)
hidden_def(getfilecon)
hidden_def(getfscreatecon_raw)
hidden_def(getkeycreatecon_raw)
hidden_def(getpeercon_raw)
hidden_def(getpidcon_raw)
hidden_def(getprevcon_raw)
hidden_def(getprevcon)
hidden_def(getsockcreatecon_raw)
hidden_def(setcon_raw)
hidden_def(setexeccon_raw)
hidden_def(setexeccon)
hidden_def(setfilecon_raw)
hidden_def(setfscreatecon_raw)
hidden_def(setkeycreatecon_raw)
hidden_def(setsockcreatecon_raw)