diff options
| -rw-r--r-- | libselinux/include/selinux/selinux.h | 2 | ||||
| -rw-r--r-- | libselinux/man/man3/mode_to_security_class.3 | 1 | ||||
| -rw-r--r-- | libselinux/man/man3/security_class_to_string.3 | 10 | ||||
| -rw-r--r-- | libselinux/src/stringrep.c | 21 |
4 files changed, 33 insertions, 1 deletions
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 6b9089d4..a4079aaa 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -360,6 +360,8 @@ extern int selinux_set_mapping(struct security_class_mapping *map); /* Common helpers */ +/* Convert between mode and security class values */ +extern security_class_t mode_to_security_class(mode_t mode); /* Convert between security class values and string names */ extern security_class_t string_to_security_class(const char *name); extern const char *security_class_to_string(security_class_t cls); diff --git a/libselinux/man/man3/mode_to_security_class.3 b/libselinux/man/man3/mode_to_security_class.3 new file mode 100644 index 00000000..bda9daf9 --- /dev/null +++ b/libselinux/man/man3/mode_to_security_class.3 @@ -0,0 +1 @@ +.so man3/security_class_to_string.3 diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3 index 140737e1..e82e1d81 100644 --- a/libselinux/man/man3/security_class_to_string.3 +++ b/libselinux/man/man3/security_class_to_string.3 @@ -3,7 +3,7 @@ .\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007 .TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation" .SH "NAME" -security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string \- convert +security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string, mode_to_security_class \- convert between SELinux class and permission values and string names. print_access_vector \- display an access vector in human-readable form. @@ -21,6 +21,8 @@ print_access_vector \- display an access vector in human-readable form. .sp .BI "security_class_t string_to_security_class(const char *" name ");" .sp +.BI "security_class_t mode_to_security_class(mode_t " mode ");" +.sp .BI "access_vector_t string_to_av_perm(security_class_t " tclass ", const char *" name ");" .sp .BI "void print_access_vector(security_class_t " tclass ", access_vector_t " av ");" @@ -53,6 +55,11 @@ returns the class value corresponding to the string name .IR name , or zero if no such class exists. +.B mode_to_security_class +returns the class value corresponding to the specified +.IR mode , +or zero if no such class exists. + .B string_to_av_perm returns the access vector bit corresponding to the string name .I name @@ -88,3 +95,4 @@ Eamon Walsh <ewalsh@tycho.nsa.gov> .BR selinux (8), .BR getcon (3), .BR getfilecon (3) +.BR stat (3) diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c index 176ac34e..082778e5 100644 --- a/libselinux/src/stringrep.c +++ b/libselinux/src/stringrep.c @@ -436,6 +436,27 @@ security_class_t string_to_security_class(const char *s) return map_class(node->value); } +security_class_t mode_to_security_class(mode_t m) { + + if (S_ISREG(m)) + return string_to_security_class("file"); + if (S_ISDIR(m)) + return string_to_security_class("dir"); + if (S_ISCHR(m)) + return string_to_security_class("chr_file"); + if (S_ISBLK(m)) + return string_to_security_class("blk_file"); + if (S_ISFIFO(m)) + return string_to_security_class("fifo_file"); + if (S_ISLNK(m)) + return string_to_security_class("lnk_file"); + if (S_ISSOCK(m)) + return string_to_security_class("sock_file"); + + errno=EINVAL; + return 0; +} + access_vector_t string_to_av_perm(security_class_t tclass, const char *s) { struct discover_class_node *node; |