-#include <selinux/selinux.h>
-#include <selinux/label.h>
-
-static struct selabel_handle *label_hnd = NULL;
-
-#endif
-#ifdef HAVE_SMACK
-#include <sys/xattr.h>
-#include <string.h>
-#define FLOOR_LABEL "_"
-#define STAR_LABEL "*"
-
-static void smack_relabel_in_dev(const char *path) {
- struct stat sb;
- const char *label;
- int r;
-
- /*
- * Path must be in /dev and must exist
- */
- if (!path_equal(path, "/dev") &&
- !path_startswith(path, "/dev"))
- return;
-
- r = lstat(path, &sb);
- if (r < 0)
- return;
-
- /*
- * Label directories and character devices "*".
- * Label symlinks "_".
- * Don't change anything else.
- */
- if (S_ISDIR(sb.st_mode))
- label = STAR_LABEL;
- else if (S_ISLNK(sb.st_mode))
- label = FLOOR_LABEL;
- else if (S_ISCHR(sb.st_mode))
- label = STAR_LABEL;
- else
- return;
-
- r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
- if (r < 0)
- log_error("Smack relabeling \"%s\" %s", path, strerror(errno));
- return;
-}
-#endif
-
-int label_init(const char *prefix) {
- int r = 0;
-
-#ifdef HAVE_SELINUX
- usec_t before_timestamp, after_timestamp;
- struct mallinfo before_mallinfo, after_mallinfo;
-
- if (!use_selinux())
- return 0;
-
- if (label_hnd)
- return 0;
-
- before_mallinfo = mallinfo();
- before_timestamp = now(CLOCK_MONOTONIC);
-
- if (prefix) {
- struct selinux_opt options[] = {
- { .type = SELABEL_OPT_SUBSET, .value = prefix },
- };
-
- label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
- } else
- label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-
- if (!label_hnd) {
- log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
- "Failed to initialize SELinux context: %m");
- r = security_getenforce() == 1 ? -errno : 0;
- } else {
- char timespan[FORMAT_TIMESPAN_MAX];
- int l;
-
- after_timestamp = now(CLOCK_MONOTONIC);
- after_mallinfo = mallinfo();
-
- l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0;
-
- log_debug("Successfully loaded SELinux database in %s, size on heap is %iK.",
- format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0),
- (l+1023)/1024);
- }
-#endif
-
- return r;
-}