X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=udev%2Flib%2Flibudev.c;h=50fe0d1c893cad111ab7b37192ceb3029edfdfbc;hb=6bd1c78a8a3d8f26f50670925934fb39f7aff56f;hp=09e1bec1bfb83e35fa8c4d24cfee796e206b5a81;hpb=a035bf274477689920bcac12792b28de9d35ab6c;p=elogind.git

diff --git a/udev/lib/libudev.c b/udev/lib/libudev.c
index 09e1bec1b..50fe0d1c8 100644
--- a/udev/lib/libudev.c
+++ b/udev/lib/libudev.c
@@ -27,6 +27,9 @@
 #include <errno.h>
 #include <string.h>
 #include <ctype.h>
+#ifdef USE_SELINUX
+#include <selinux/selinux.h>
+#endif
 
 #include "libudev.h"
 #include "libudev-private.h"
@@ -41,7 +44,11 @@ struct udev {
 	char *dev_path;
 	char *rules_path;
 	int log_priority;
-	int run:1;
+#ifdef USE_SELINUX
+	int selinux_enabled;
+	security_context_t selinux_prev_scontext;
+#endif
+	int run;
 };
 
 void udev_log(struct udev *udev,
@@ -66,6 +73,79 @@ static void log_stderr(struct udev *udev,
 	vfprintf(stderr, format, args);
 }
 
+static void selinux_init(struct udev *udev)
+{
+#ifdef USE_SELINUX
+	/*
+	 * record the present security context, for file-creation
+	 * restoration creation purposes.
+	 */
+	udev->selinux_enabled = (is_selinux_enabled() > 0);
+	info(udev, "selinux=%i\n", udev->selinux_enabled);
+	if (udev->selinux_enabled) {
+		matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
+		if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
+			err(udev, "getfscreatecon failed\n");
+			udev->selinux_prev_scontext = NULL;
+		}
+	}
+#endif
+}
+
+static void selinux_exit(struct udev *udev)
+{
+#ifdef USE_SELINUX
+	if (udev->selinux_enabled) {
+		freecon(udev->selinux_prev_scontext);
+		udev->selinux_prev_scontext = NULL;
+	}
+#endif
+}
+
+void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+	if (udev->selinux_enabled) {
+		security_context_t scontext = NULL;
+
+		if (matchpathcon(file, mode, &scontext) < 0) {
+			err(udev, "matchpathcon(%s) failed\n", file);
+			return;
+		} 
+		if (lsetfilecon(file, scontext) < 0)
+			err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
+		freecon(scontext);
+	}
+#endif
+}
+
+void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+	if (udev->selinux_enabled) {
+		security_context_t scontext = NULL;
+
+		if (matchpathcon(file, mode, &scontext) < 0) {
+			err(udev, "matchpathcon(%s) failed\n", file);
+			return;
+		}
+		if (setfscreatecon(scontext) < 0)
+			err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
+		freecon(scontext);
+	}
+#endif
+}
+
+void udev_selinux_resetfscreatecon(struct udev *udev)
+{
+#ifdef USE_SELINUX
+	if (udev->selinux_enabled) {
+		if (setfscreatecon(udev->selinux_prev_scontext) < 0)
+			err(udev, "setfscreatecon failed: %s\n", strerror(errno));
+	}
+#endif
+}
+
 /**
  * udev_new:
  *
@@ -87,10 +167,6 @@ struct udev *udev_new(void)
 	if (udev == NULL)
 		return NULL;
 	memset(udev, 0x00, (sizeof(struct udev)));
-
-	sysfs_init();
-
-	/* defaults */
 	udev->refcount = 1;
 	udev->log_fn = log_stderr;
 	udev->log_priority = LOG_ERR;
@@ -98,7 +174,6 @@ struct udev *udev_new(void)
 	udev->dev_path = strdup(UDEV_PREFIX "/dev");
 	udev->sys_path = strdup("/sys");
 	config_file = strdup(SYSCONFDIR "/udev/udev.conf");
-
 	if (udev->dev_path == NULL ||
 	    udev->sys_path == NULL ||
 	    config_file == NULL)
@@ -221,6 +296,9 @@ struct udev *udev_new(void)
 	if (udev->dev_path == NULL || udev->sys_path == NULL)
 		goto err;
 
+	selinux_init(udev);
+	sysfs_init();
+
 	info(udev, "context %p created\n", udev);
 	info(udev, "log_priority=%d\n", udev->log_priority);
 	info(udev, "config_file='%s'\n", config_file);
@@ -270,6 +348,7 @@ void udev_unref(struct udev *udev)
 	if (udev->refcount > 0)
 		return;
 	sysfs_cleanup();
+	selinux_exit(udev);
 	free(udev->dev_path);
 	free(udev->sys_path);
 	free(udev->rules_path);