diff options
| -rw-r--r-- | libselinux/include/selinux/selinux.h | 1 | ||||
| -rw-r--r-- | libselinux/src/booleans.c | 158 | ||||
| -rw-r--r-- | libselinux/src/file_path_suffixes.h | 1 | ||||
| -rw-r--r-- | libselinux/src/selinux_config.c | 9 | ||||
| -rw-r--r-- | libselinux/src/selinux_internal.h | 1 |
5 files changed, 137 insertions, 33 deletions
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 32020399..3487a1cd 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -507,6 +507,7 @@ extern const char *selinux_x_context_path(void); extern const char *selinux_sepgsql_context_path(void); extern const char *selinux_contexts_path(void); extern const char *selinux_securetty_types_path(void); +extern const char *selinux_booleans_subs_path(void); extern const char *selinux_booleans_path(void); extern const char *selinux_customizable_types_path(void); extern const char *selinux_users_path(void); diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index 15100433..5998552e 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -5,6 +5,7 @@ * Dan Walsh <dwalsh@redhat.com> - Added security_load_booleans(). */ +#include <assert.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> @@ -86,44 +87,146 @@ int security_get_boolean_names(char ***names, int *len) } hidden_def(security_get_boolean_names) + +static char *bool_sub(const char *name) +{ + char *sub = NULL; + char *line_buf = NULL; + size_t line_len; + FILE *cfg; + + if (!name) + return NULL; + + cfg = fopen(selinux_booleans_subs_path(), "r"); + if (!cfg) + goto out; + + while (getline(&line_buf, &line_len, cfg) != -1) { + char *ptr; + char *src = line_buf; + char *dst; + + while (*src && isspace(*src)) + src++; + if (!*src) + continue; + if (src[0] == '#') + continue; + + ptr = src; + while (*ptr && !isspace(*ptr)) + ptr++; + *ptr++ = '\0'; + if (strcmp(src, name) != 0) + continue; + + dst = ptr; + while (*dst && isspace(*dst)) + dst++; + if (!*dst) + continue; + ptr=dst; + while (*ptr && !isspace(*ptr)) + ptr++; + *ptr='\0'; + + sub = strdup(dst); + + break; + } + + free(line_buf); + fclose(cfg); +out: + if (!sub) + sub = strdup(name); + return sub; +} + +static int bool_open(const char *name, int flag) { + char *fname = NULL; + char *alt_name = NULL; + int len; + int fd = -1; + int ret; + char *ptr; + + if (!name) { + errno = EINVAL; + return -1; + } + + /* note the 'sizeof' gets us enough room for the '\0' */ + len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); + fname = malloc(sizeof(char) * len); + if (!fname) + return -1; + + ret = snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); + if (ret < 0) + goto out; + assert(ret < len); + + fd = open(fname, flag); + if (fd >= 0 || errno != ENOENT) + goto out; + + alt_name = bool_sub(name); + if (!alt_name) + goto out; + + /* note the 'sizeof' gets us enough room for the '\0' */ + len = strlen(alt_name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); + ptr = realloc(fname, len); + if (!ptr) + goto out; + fname = ptr; + + ret = snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, alt_name); + if (ret < 0) + goto out; + assert(ret < len); + + fd = open(fname, flag); +out: + free(fname); + free(alt_name); + + return fd; +} + #define STRBUF_SIZE 3 static int get_bool_value(const char *name, char **buf) { int fd, len; - char *fname = NULL; + int errno_tmp; if (!selinux_mnt) { errno = ENOENT; return -1; } - *buf = (char *)malloc(sizeof(char) * (STRBUF_SIZE + 1)); + *buf = malloc(sizeof(char) * (STRBUF_SIZE + 1)); if (!*buf) - goto out; - (*buf)[STRBUF_SIZE] = 0; + return -1; - len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); - fname = (char *)malloc(sizeof(char) * len); - if (!fname) - goto out; - snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); + (*buf)[STRBUF_SIZE] = 0; - fd = open(fname, O_RDONLY); + fd = bool_open(name, O_RDONLY); if (fd < 0) - goto out; + goto out_err; len = read(fd, *buf, STRBUF_SIZE); + errno_tmp = errno; close(fd); + errno = errno_tmp; if (len != STRBUF_SIZE) - goto out; + goto out_err; - free(fname); return 0; - out: - if (*buf) - free(*buf); - if (fname) - free(fname); +out_err: + free(*buf); return -1; } @@ -164,8 +267,8 @@ hidden_def(security_get_boolean_active) int security_set_boolean(const char *name, int value) { - int fd, ret, len; - char buf[2], *fname; + int fd, ret; + char buf[2]; if (!selinux_mnt) { errno = ENOENT; @@ -176,17 +279,9 @@ int security_set_boolean(const char *name, int value) return -1; } - len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); - fname = (char *)malloc(sizeof(char) * len); - if (!fname) + fd = bool_open(name, O_WRONLY); + if (fd < 0) return -1; - snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); - - fd = open(fname, O_WRONLY); - if (fd < 0) { - ret = -1; - goto out; - } if (value) buf[0] = '1'; @@ -196,8 +291,7 @@ int security_set_boolean(const char *name, int value) ret = write(fd, buf, 2); close(fd); - out: - free(fname); + if (ret > 0) return 0; else diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h index fe9aadac..825f295a 100644 --- a/libselinux/src/file_path_suffixes.h +++ b/libselinux/src/file_path_suffixes.h @@ -26,3 +26,4 @@ S_(BINPOLICY, "/policy/policy") S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist") S_(SEPGSQL_CONTEXTS, "/contexts/sepgsql_contexts") + S_(BOOLEAN_SUBS, "/booleans.subs") diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index a9d0ce00..296f357b 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -47,7 +47,8 @@ #define SEPGSQL_CONTEXTS 24 #define FILE_CONTEXT_SUBS_DIST 25 #define LXC_CONTEXTS 26 -#define NEL 27 +#define BOOLEAN_SUBS 27 +#define NEL 28 /* Part of one-time lazy init */ static pthread_once_t once = PTHREAD_ONCE_INIT; @@ -426,6 +427,12 @@ const char *selinux_lxc_contexts_path(void) hidden_def(selinux_lxc_contexts_path) +const char * selinux_booleans_subs_path(void) { + return get_path(BOOLEAN_SUBS); +} + +hidden_def(selinux_booleans_subs_path) + const char * selinux_file_context_subs_path(void) { return get_path(FILE_CONTEXT_SUBS); } diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h index ab80dba6..c89a1303 100644 --- a/libselinux/src/selinux_internal.h +++ b/libselinux/src/selinux_internal.h @@ -60,6 +60,7 @@ hidden_proto(selinux_mkload_policy) hidden_proto(security_setenforce) hidden_proto(security_deny_unknown) hidden_proto(selinux_binary_policy_path) + hidden_proto(selinux_booleans_subs_path) hidden_proto(selinux_default_context_path) hidden_proto(selinux_securetty_types_path) hidden_proto(selinux_failsafe_context_path) |