1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
18 #include <selinux/context.h>
19 #include <selinux/label.h>
20 #include <selinux/selinux.h>
23 #include "alloc-util.h"
24 //#include "fd-util.h"
27 #include "path-util.h"
28 #include "selinux-util.h"
29 //#include "stdio-util.h"
30 #include "time-util.h"
34 DEFINE_TRIVIAL_CLEANUP_FUNC(char*, freecon);
35 DEFINE_TRIVIAL_CLEANUP_FUNC(context_t, context_free);
37 #define _cleanup_freecon_ _cleanup_(freeconp)
38 #define _cleanup_context_free_ _cleanup_(context_freep)
40 static int cached_use = -1;
41 static struct selabel_handle *label_hnd = NULL;
43 #define log_enforcing(...) log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG, __VA_ARGS__)
44 #define log_enforcing_errno(r, ...) log_full_errno(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG, r, __VA_ARGS__)
47 bool mac_selinux_use(void) {
50 cached_use = is_selinux_enabled() > 0;
58 void mac_selinux_retest(void) {
64 int mac_selinux_init(void) {
68 usec_t before_timestamp, after_timestamp;
69 struct mallinfo before_mallinfo, after_mallinfo;
74 if (!mac_selinux_use())
77 before_mallinfo = mallinfo();
78 before_timestamp = now(CLOCK_MONOTONIC);
80 label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
82 log_enforcing("Failed to initialize SELinux context: %m");
83 r = security_getenforce() == 1 ? -errno : 0;
85 char timespan[FORMAT_TIMESPAN_MAX];
88 after_timestamp = now(CLOCK_MONOTONIC);
89 after_mallinfo = mallinfo();
91 l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0;
93 log_debug("Successfully loaded SELinux database in %s, size on heap is %iK.",
94 format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0),
102 void mac_selinux_finish(void) {
108 selabel_close(label_hnd);
113 int mac_selinux_fix(const char *path, LabelFixFlags flags) {
116 char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
117 _cleanup_freecon_ char* fcon = NULL;
118 _cleanup_close_ int fd = -1;
124 /* if mac_selinux_init() wasn't called before we are a NOOP */
128 /* Open the file as O_PATH, to pin it while we determine and adjust the label */
129 fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH);
131 if ((flags & LABEL_IGNORE_ENOENT) && errno == ENOENT)
137 if (fstat(fd, &st) < 0)
140 if (selabel_lookup_raw(label_hnd, &fcon, path, st.st_mode) < 0) {
143 /* If there's no label to set, then exit without warning */
150 xsprintf(procfs_path, "/proc/self/fd/%i", fd);
151 if (setfilecon_raw(procfs_path, fcon) < 0) {
152 _cleanup_freecon_ char *oldcon = NULL;
156 /* If the FS doesn't support labels, then exit without warning */
157 if (r == -EOPNOTSUPP)
160 /* It the FS is read-only and we were told to ignore failures caused by that, suppress error */
161 if (r == -EROFS && (flags & LABEL_IGNORE_EROFS))
164 /* If the old label is identical to the new one, suppress any kind of error */
165 if (getfilecon_raw(procfs_path, &oldcon) >= 0 && streq(fcon, oldcon))
174 log_enforcing_errno(r, "Unable to fix SELinux security context of %s: %m", path);
175 if (security_getenforce() == 1)
182 #if 0 /// UNNEDED by elogind
183 int mac_selinux_apply(const char *path, const char *label) {
186 if (!mac_selinux_use())
192 if (setfilecon(path, label) < 0) {
193 log_enforcing("Failed to set SELinux security context %s on path %s: %m", label, path);
194 if (security_getenforce() > 0)
201 int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
205 _cleanup_freecon_ char *mycon = NULL, *fcon = NULL;
206 security_class_t sclass;
211 if (!mac_selinux_use())
214 r = getcon_raw(&mycon);
218 r = getfilecon_raw(exe, &fcon);
222 sclass = string_to_security_class("process");
223 r = security_compute_create_raw(mycon, fcon, sclass, label);
231 int mac_selinux_get_our_label(char **label) {
237 if (!mac_selinux_use())
240 r = getcon_raw(label);
248 int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label) {
252 _cleanup_freecon_ char *mycon = NULL, *peercon = NULL, *fcon = NULL;
253 _cleanup_context_free_ context_t pcon = NULL, bcon = NULL;
254 security_class_t sclass;
255 const char *range = NULL;
257 assert(socket_fd >= 0);
261 if (!mac_selinux_use())
264 r = getcon_raw(&mycon);
268 r = getpeercon_raw(socket_fd, &peercon);
273 /* If there is no context set for next exec let's use context
274 of target executable */
275 r = getfilecon_raw(exe, &fcon);
280 bcon = context_new(mycon);
284 pcon = context_new(peercon);
288 range = context_range_get(pcon);
292 r = context_range_set(bcon, range);
297 mycon = strdup(context_str(bcon));
301 sclass = string_to_security_class("process");
302 r = security_compute_create_raw(mycon, fcon, sclass, label);
310 char* mac_selinux_free(char *label) {
316 if (!mac_selinux_use())
327 int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
330 _cleanup_freecon_ char *filecon = NULL;
338 if (path_is_absolute(path))
339 r = selabel_lookup_raw(label_hnd, &filecon, path, mode);
341 _cleanup_free_ char *newpath = NULL;
343 r = path_make_absolute_cwd(path, &newpath);
347 r = selabel_lookup_raw(label_hnd, &filecon, newpath, mode);
351 /* No context specified by the policy? Proceed without setting it. */
355 log_enforcing("Failed to determine SELinux security context for %s: %m", path);
357 if (setfscreatecon_raw(filecon) >= 0)
358 return 0; /* Success! */
360 log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path);
363 if (security_getenforce() > 0)
370 void mac_selinux_create_file_clear(void) {
375 if (!mac_selinux_use())
378 setfscreatecon_raw(NULL);
382 #if 0 /// UNNEEDED by elogind
383 int mac_selinux_create_socket_prepare(const char *label) {
386 if (!mac_selinux_use())
391 if (setsockcreatecon(label) < 0) {
392 log_enforcing("Failed to set SELinux security context %s for sockets: %m", label);
394 if (security_getenforce() == 1)
402 void mac_selinux_create_socket_clear(void) {
407 if (!mac_selinux_use())
410 setsockcreatecon_raw(NULL);
414 int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
416 /* Binds a socket and label its file system object according to the SELinux policy */
419 _cleanup_freecon_ char *fcon = NULL;
420 const struct sockaddr_un *un;
421 bool context_changed = false;
427 assert(addrlen >= sizeof(sa_family_t));
432 /* Filter out non-local sockets */
433 if (addr->sa_family != AF_UNIX)
436 /* Filter out anonymous sockets */
437 if (addrlen < offsetof(struct sockaddr_un, sun_path) + 1)
440 /* Filter out abstract namespace sockets */
441 un = (const struct sockaddr_un*) addr;
442 if (un->sun_path[0] == 0)
445 path = strndupa(un->sun_path, addrlen - offsetof(struct sockaddr_un, sun_path));
447 if (path_is_absolute(path))
448 r = selabel_lookup_raw(label_hnd, &fcon, path, S_IFSOCK);
450 _cleanup_free_ char *newpath = NULL;
452 r = path_make_absolute_cwd(path, &newpath);
456 r = selabel_lookup_raw(label_hnd, &fcon, newpath, S_IFSOCK);
460 /* No context specified by the policy? Proceed without setting it */
464 log_enforcing("Failed to determine SELinux security context for %s: %m", path);
465 if (security_getenforce() > 0)
469 if (setfscreatecon_raw(fcon) < 0) {
470 log_enforcing("Failed to set SELinux security context %s for %s: %m", fcon, path);
471 if (security_getenforce() > 0)
474 context_changed = true;
477 r = bind(fd, addr, addrlen) < 0 ? -errno : 0;
480 setfscreatecon_raw(NULL);
486 if (bind(fd, addr, addrlen) < 0)