security: rework selinux, smack, ima, apparmor detection logic

[elogind.git] / src / udev / udev-node.c

diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 74c19539ab7e1da4dfc8d45b9d4c73be92b4c5c0..c5d629d1ce1793127e845e0c96fb3202a3a4fb15 100644 (file)
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -32,6 +32,7 @@
 #include <attr/xattr.h>
 #endif
 
+#include "smack-util.h"
 #include "udev.h"
 
 static int node_symlink(struct udev_device *dev, const char *node, const char *slink)
@@ -305,11 +306,13 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
 
                         if (streq(name, "selinux")) {
                                 selinux = true;
-                                /* FIXME: hook up libselinux */
-                                log_error("SECLABEL: failed to set selinux label '%s'", label);
+                                if (label_apply(devnode, label) < 0)
+                                        log_error("SECLABEL: failed to set SELinux label '%s'", label);
+                                else
+                                        log_debug("SECLABEL: set SELinux label '%s'", label);
 
 #ifdef HAVE_SMACK
-                        } else if (streq(name, "smack")) {
+                        } else if (streq(name, "smack") && use_smack()) {
                                 smack = true;
                                 if (lsetxattr(devnode, "security.SMACK64", label, strlen(label), 0) < 0)
                                         log_error("SECLABEL: failed to set SMACK label '%s'", label);
@@ -325,7 +328,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
                 if (!selinux)
                         label_fix(devnode, true, false);
 #ifdef HAVE_SMACK
-                if (!smack)
+                if (!smack && use_smack())
                         lremovexattr(devnode, "security.SMACK64");
 #endif
         }