#include <errno.h>
#include <string.h>
#include <ctype.h>
+#ifdef USE_SELINUX
+#include <selinux/selinux.h>
+#endif
#include "libudev.h"
#include "libudev-private.h"
char *dev_path;
char *rules_path;
int log_priority;
- int run:1;
+#ifdef USE_SELINUX
+ int selinux_enabled;
+ security_context_t selinux_prev_scontext;
+#endif
+ int run;
};
void udev_log(struct udev *udev,
vfprintf(stderr, format, args);
}
+static void selinux_init(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ /*
+ * record the present security context, for file-creation
+ * restoration creation purposes.
+ */
+ udev->selinux_enabled = (is_selinux_enabled() > 0);
+ info(udev, "selinux=%i\n", udev->selinux_enabled);
+ if (udev->selinux_enabled) {
+ matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
+ if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
+ err(udev, "getfscreatecon failed\n");
+ udev->selinux_prev_scontext = NULL;
+ }
+ }
+#endif
+}
+
+static void selinux_exit(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ freecon(udev->selinux_prev_scontext);
+ udev->selinux_prev_scontext = NULL;
+ }
+#endif
+}
+
+void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ security_context_t scontext = NULL;
+
+ if (matchpathcon(file, mode, &scontext) < 0) {
+ err(udev, "matchpathcon(%s) failed\n", file);
+ return;
+ }
+ if (lsetfilecon(file, scontext) < 0)
+ err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
+ freecon(scontext);
+ }
+#endif
+}
+
+void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ security_context_t scontext = NULL;
+
+ if (matchpathcon(file, mode, &scontext) < 0) {
+ err(udev, "matchpathcon(%s) failed\n", file);
+ return;
+ }
+ if (setfscreatecon(scontext) < 0)
+ err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
+ freecon(scontext);
+ }
+#endif
+}
+
+void udev_selinux_resetfscreatecon(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ if (setfscreatecon(udev->selinux_prev_scontext) < 0)
+ err(udev, "setfscreatecon failed: %s\n", strerror(errno));
+ }
+#endif
+}
+
/**
* udev_new:
*
if (udev == NULL)
return NULL;
memset(udev, 0x00, (sizeof(struct udev)));
-
- sysfs_init();
-
- /* defaults */
udev->refcount = 1;
udev->log_fn = log_stderr;
udev->log_priority = LOG_ERR;
udev->dev_path = strdup(UDEV_PREFIX "/dev");
udev->sys_path = strdup("/sys");
config_file = strdup(SYSCONFDIR "/udev/udev.conf");
-
if (udev->dev_path == NULL ||
udev->sys_path == NULL ||
config_file == NULL)
if (udev->dev_path == NULL || udev->sys_path == NULL)
goto err;
-
+ selinux_init(udev);
info(udev, "context %p created\n", udev);
info(udev, "log_priority=%d\n", udev->log_priority);
info(udev, "config_file='%s'\n", config_file);
info(udev, "sys_path='%s'\n", udev->sys_path);
if (udev->rules_path != NULL)
info(udev, "rules_path='%s'\n", udev->rules_path);
-
free(config_file);
return udev;
err:
udev->refcount--;
if (udev->refcount > 0)
return;
- sysfs_cleanup();
+ selinux_exit(udev);
free(udev->dev_path);
free(udev->sys_path);
free(udev->rules_path);
~ianmdlvl / elogind.git / blobdiff