initial import from svn trunk revision 2950

1 files changed, 47 insertions, 0 deletions

diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
new file mode 100644
index 00000000..c1982c73
--- /dev/null
+++ b/libselinux/src/checkAccess.c
@@ -0,0 +1,47 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+
+int selinux_check_passwd_access(access_vector_t requested)
+{
+	int status = -1;
+	security_context_t user_context;
+	if (is_selinux_enabled() == 0)
+		return 0;
+	if (getprevcon_raw(&user_context) == 0) {
+		security_class_t passwd_class;
+		struct av_decision avd;
+		int retval;
+
+		passwd_class = string_to_security_class("passwd");
+		if (passwd_class == 0)
+			return 0;
+
+		retval = security_compute_av_raw(user_context,
+						     user_context,
+						     passwd_class,
+						     requested,
+						     &avd);
+
+		if ((retval == 0) && ((requested & avd.allowed) == requested)) {
+			status = 0;
+		}
+		freecon(user_context);
+	}
+
+	if (status != 0 && security_getenforce() == 0)
+		status = 0;
+
+	return status;
+}
+
+hidden_def(selinux_check_passwd_access)
+
+int checkPasswdAccess(access_vector_t requested)
+{
+	return selinux_check_passwd_access(requested);
+}