chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
edd_id: move persistent rules to its own file
[elogind.git]
/
udev_selinux.c
diff --git
a/udev_selinux.c
b/udev_selinux.c
index 72381f0d0d450e19d97d9019084efe308c9fde01..1ad6e8ad122f51985601cbfc80ab0ada61120cce 100644
(file)
--- a/
udev_selinux.c
+++ b/
udev_selinux.c
@@
-1,6
+1,4
@@
/*
/*
- * udev_selinux.h
- *
* Copyright (C) 2004 Daniel Walsh
*
* This program is free software; you can redistribute it and/or modify it
* Copyright (C) 2004 Daniel Walsh
*
* This program is free software; you can redistribute it and/or modify it
@@
-14,7
+12,7
@@
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
- *
675 Mass Ave, Cambridge, MA 02139
, USA.
+ *
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
, USA.
*
*/
*
*/
@@
-30,8
+28,8
@@
#include <errno.h>
#include <selinux/selinux.h>
#include <errno.h>
#include <selinux/selinux.h>
+#include "udev.h"
#include "udev_selinux.h"
#include "udev_selinux.h"
-#include "logging.h"
static security_context_t prev_scontext = NULL;
static security_context_t prev_scontext = NULL;
@@
-54,7
+52,7
@@
static char *get_media(const char *devname, int mode)
int size;
char *media = NULL;
int size;
char *media = NULL;
- if (!(mode &
&
S_IFBLK))
+ if (!(mode & S_IFBLK))
return NULL;
snprintf(procfile, PATH_MAX, "/proc/ide/%s/media", devname);
return NULL;
snprintf(procfile, PATH_MAX, "/proc/ide/%s/media", devname);
@@
-77,7
+75,7
@@
static char *get_media(const char *devname, int mode)
}
media = strdup(mediabuf);
}
media = strdup(mediabuf);
- info("selinux_get_media(%s)='%s'
\n
", devname, media);
+ info("selinux_get_media(%s)='%s'", devname, media);
close_out:
fclose(fp);
close_out:
fclose(fp);
@@
-92,20
+90,22
@@
void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
char *media;
int ret = -1;
char *media;
int ret = -1;
- media = get_media(devname, mode);
- if (media) {
- ret = matchmediacon(media, &scontext);
- free(media);
+ if (devname) {
+ media = get_media(devname, mode);
+ if (media) {
+ ret = matchmediacon(media, &scontext);
+ free(media);
+ }
}
if (ret < 0)
if (matchpathcon(file, mode, &scontext) < 0) {
}
if (ret < 0)
if (matchpathcon(file, mode, &scontext) < 0) {
-
dbg("matchpathcon(%s) failed\n
", file);
+
err("matchpathcon(%s) failed
", file);
return;
}
return;
}
- if (setfilecon(file, scontext) < 0)
-
dbg("setfiles %s failed with error '%s'
", file, strerror(errno));
+ if (
l
setfilecon(file, scontext) < 0)
+
err("setfilecon %s failed: %s
", file, strerror(errno));
freecon(scontext);
}
freecon(scontext);
}
@@
-118,25
+118,35
@@
void selinux_setfscreatecon(const char *file, const char *devname, unsigned int
char *media;
int ret = -1;
char *media;
int ret = -1;
- media = get_media(devname, mode);
- if (media) {
- ret = matchmediacon(media, &scontext);
- free(media);
+ if (devname) {
+ media = get_media(devname, mode);
+ if (media) {
+ ret = matchmediacon(media, &scontext);
+ free(media);
+ }
}
if (ret < 0)
if (matchpathcon(file, mode, &scontext) < 0) {
}
if (ret < 0)
if (matchpathcon(file, mode, &scontext) < 0) {
-
dbg("matchpathcon(%s) failed\n
", file);
+
err("matchpathcon(%s) failed
", file);
return;
}
if (setfscreatecon(scontext) < 0)
return;
}
if (setfscreatecon(scontext) < 0)
-
dbg("setfiles %s failed with error '%s'
", file, strerror(errno));
+
err("setfscreatecon %s failed: %s
", file, strerror(errno));
freecon(scontext);
}
}
freecon(scontext);
}
}
+void selinux_resetfscreatecon(void)
+{
+ if (is_selinux_running()) {
+ if (setfscreatecon(prev_scontext) < 0)
+ err("setfscreatecon failed: %s", strerror(errno));
+ }
+}
+
void selinux_init(void)
{
/*
void selinux_init(void)
{
/*
@@
-144,23
+154,20
@@
void selinux_init(void)
* restoration creation purposes.
*/
if (is_selinux_running()) {
* restoration creation purposes.
*/
if (is_selinux_running()) {
- if (getfscreatecon(&prev_scontext) < 0)
- dbg("getfscreatecon failed\n");
-
- prev_scontext = NULL;
+ if (!udev_root[0])
+ err("selinux_init: udev_root not set");
+ matchpathcon_init_prefix(NULL, udev_root);
+ if (getfscreatecon(&prev_scontext) < 0) {
+ err("getfscreatecon failed");
+ prev_scontext = NULL;
+ }
}
}
}
}
-void selinux_
restore
(void)
+void selinux_
exit
(void)
{
{
- if (is_selinux_running()) {
- /* reset the file create context to its former glory */
- if (setfscreatecon(prev_scontext) < 0)
- dbg("setfscreatecon failed\n");
-
- if (prev_scontext) {
- freecon(prev_scontext);
- prev_scontext = NULL;
- }
+ if (is_selinux_running() && prev_scontext) {
+ freecon(prev_scontext);
+ prev_scontext = NULL;
}
}
}
}