X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=udev%2Flib%2Flibudev.c;h=c2c5025b9eb0d170e7e6536771a967862bccadc3;hp=5a00f44de91a11bb62e949257472dc53b659253a;hb=13ddea815496b32bd0ae0a648cdc50af28d69bb1;hpb=7d563a17f3967890331daf08d43f2f005418139b

diff --git a/udev/lib/libudev.c b/udev/lib/libudev.c
index 5a00f44de..c2c5025b9 100644
--- a/udev/lib/libudev.c
+++ b/udev/lib/libudev.c
@@ -17,8 +17,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "config.h"
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <stddef.h>
@@ -27,21 +25,29 @@
 #include <errno.h>
 #include <string.h>
 #include <ctype.h>
+#ifdef USE_SELINUX
+#include <selinux/selinux.h>
+#endif
 
 #include "libudev.h"
 #include "libudev-private.h"
-#include "../udev.h"
 
 struct udev {
 	int refcount;
 	void (*log_fn)(struct udev *udev,
 		       int priority, const char *file, int line, const char *fn,
 		       const char *format, va_list args);
+	void *userdata;
 	char *sys_path;
 	char *dev_path;
 	char *rules_path;
 	int log_priority;
-	int run:1;
+#ifdef USE_SELINUX
+	int selinux_initialized;
+	int selinux_enabled;
+	security_context_t selinux_prev_scontext;
+#endif
+	int run;
 };
 
 void udev_log(struct udev *udev,
@@ -66,6 +72,102 @@ static void log_stderr(struct udev *udev,
 	vfprintf(stderr, format, args);
 }
 
+static void selinux_init(struct udev *udev)
+{
+#ifdef USE_SELINUX
+	/*
+	 * record the present security context, for file-creation
+	 * restoration creation purposes.
+	 */
+	udev->selinux_enabled = (is_selinux_enabled() > 0);
+	info(udev, "selinux=%i\n", udev->selinux_enabled);
+	if (udev->selinux_enabled) {
+		matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
+		if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
+			err(udev, "getfscreatecon failed\n");
+			udev->selinux_prev_scontext = NULL;
+		}
+	}
+	udev->selinux_initialized = 1;
+#endif
+}
+
+void *udev_get_userdata(struct udev *udev)
+{
+	if (udev == NULL)
+		return NULL;
+	return udev->userdata;
+}
+
+void udev_set_userdata(struct udev *udev, void *userdata)
+{
+	if (udev == NULL)
+		return;
+	udev->userdata = userdata;
+}
+
+static void selinux_exit(struct udev *udev)
+{
+#ifdef USE_SELINUX
+	if (!udev->selinux_initialized)
+		return;
+	if (udev->selinux_enabled) {
+		freecon(udev->selinux_prev_scontext);
+		udev->selinux_prev_scontext = NULL;
+	}
+#endif
+}
+
+void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+	if (!udev->selinux_initialized)
+		selinux_init(udev);
+	if (udev->selinux_enabled) {
+		security_context_t scontext = NULL;
+
+		if (matchpathcon(file, mode, &scontext) < 0) {
+			err(udev, "matchpathcon(%s) failed\n", file);
+			return;
+		} 
+		if (lsetfilecon(file, scontext) < 0)
+			err(udev, "setfilecon %s failed: %m\n", file);
+		freecon(scontext);
+	}
+#endif
+}
+
+void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+	if (!udev->selinux_initialized)
+		selinux_init(udev);
+	if (udev->selinux_enabled) {
+		security_context_t scontext = NULL;
+
+		if (matchpathcon(file, mode, &scontext) < 0) {
+			err(udev, "matchpathcon(%s) failed\n", file);
+			return;
+		}
+		if (setfscreatecon(scontext) < 0)
+			err(udev, "setfscreatecon %s failed: %m\n", file);
+		freecon(scontext);
+	}
+#endif
+}
+
+void udev_selinux_resetfscreatecon(struct udev *udev)
+{
+#ifdef USE_SELINUX
+	if (!udev->selinux_initialized)
+		selinux_init(udev);
+	if (udev->selinux_enabled) {
+		if (setfscreatecon(udev->selinux_prev_scontext) < 0)
+			err(udev, "setfscreatecon failed: %m\n");
+	}
+#endif
+}
+
 /**
  * udev_new:
  *
@@ -87,11 +189,6 @@ struct udev *udev_new(void)
 	if (udev == NULL)
 		return NULL;
 	memset(udev, 0x00, (sizeof(struct udev)));
-
-	sysfs_init();
-
-	/* defaults */
-	config_file = NULL;
 	udev->refcount = 1;
 	udev->log_fn = log_stderr;
 	udev->log_priority = LOG_ERR;
@@ -99,8 +196,9 @@ struct udev *udev_new(void)
 	udev->dev_path = strdup(UDEV_PREFIX "/dev");
 	udev->sys_path = strdup("/sys");
 	config_file = strdup(SYSCONFDIR "/udev/udev.conf");
-
-	if (udev->dev_path == NULL || udev->sys_path == NULL)
+	if (udev->dev_path == NULL ||
+	    udev->sys_path == NULL ||
+	    config_file == NULL)
 		goto err;
 
 	/* settings by environment and config file */
@@ -108,24 +206,24 @@ struct udev *udev_new(void)
 	if (env != NULL) {
 		free(udev->sys_path);
 		udev->sys_path = strdup(env);
-		remove_trailing_chars(udev->sys_path, '/');
+		util_remove_trailing_chars(udev->sys_path, '/');
 	}
 
 	env = getenv("UDEV_RUN");
-	if (env != NULL && !string_is_true(env))
+	if (env != NULL && strcmp(env, "0") == 0)
 		udev->run = 0;
 
 	env = getenv("UDEV_CONFIG_FILE");
 	if (env != NULL) {
 		free(config_file);
 		config_file = strdup(env);
-		remove_trailing_chars(config_file, '/');
+		util_remove_trailing_chars(config_file, '/');
 	}
 	if (config_file == NULL)
 		goto err;
 	f = fopen(config_file, "r");
 	if (f != NULL) {
-		char line[LINE_SIZE];
+		char line[UTIL_LINE_SIZE];
 		int line_nr = 0;
 
 		while (fgets(line, sizeof(line), f)) {
@@ -187,48 +285,49 @@ struct udev *udev_new(void)
 			}
 
 			if (strcasecmp(key, "udev_log") == 0) {
-				udev->log_priority = log_priority(val);
+				udev->log_priority = util_log_priority(val);
 				continue;
 			}
 			if (strcasecmp(key, "udev_root") == 0) {
 				free(udev->dev_path);
 				udev->dev_path = strdup(val);
-				remove_trailing_chars(udev->dev_path, '/');
+				util_remove_trailing_chars(udev->dev_path, '/');
 				continue;
 			}
 			if (strcasecmp(key, "udev_rules") == 0) {
 				free(udev->rules_path);
 				udev->rules_path = strdup(val);
-				remove_trailing_chars(udev->rules_path, '/');
+				util_remove_trailing_chars(udev->rules_path, '/');
 				continue;
 			}
 		}
 		fclose(f);
 	}
-	free(config_file);
 
 	env = getenv("UDEV_ROOT");
 	if (env != NULL) {
 		free(udev->dev_path);
 		udev->dev_path = strdup(env);
-		remove_trailing_chars(udev->dev_path, '/');
+		util_remove_trailing_chars(udev->dev_path, '/');
 	}
 
 	env = getenv("UDEV_LOG");
 	if (env != NULL)
-		udev->log_priority = log_priority(env);
+		udev->log_priority = util_log_priority(env);
 
 	if (udev->dev_path == NULL || udev->sys_path == NULL)
 		goto err;
-
 	info(udev, "context %p created\n", udev);
 	info(udev, "log_priority=%d\n", udev->log_priority);
+	info(udev, "config_file='%s'\n", config_file);
 	info(udev, "dev_path='%s'\n", udev->dev_path);
+	info(udev, "sys_path='%s'\n", udev->sys_path);
 	if (udev->rules_path != NULL)
 		info(udev, "rules_path='%s'\n", udev->rules_path);
-
+	free(config_file);
 	return udev;
 err:
+	free(config_file);
 	err(udev, "context creation failed\n");
 	udev_unref(udev);
 	return NULL;
@@ -265,9 +364,10 @@ void udev_unref(struct udev *udev)
 	udev->refcount--;
 	if (udev->refcount > 0)
 		return;
-	sysfs_cleanup();
+	selinux_exit(udev);
 	free(udev->dev_path);
 	free(udev->sys_path);
+	free(udev->rules_path);
 	info(udev, "context %p released\n", udev);
 	free(udev);
 }
@@ -277,8 +377,7 @@ void udev_unref(struct udev *udev)
  * @udev: udev library context
  * @log_fn: function to be called for logging messages
  *
- * The built-in logging, which writes to stderr if the
- * LIBUDEV_DEBUG environment variable is set, can be
+ * The built-in logging, which writes to stderr, it can be
  * overridden by a custom function, to plug log messages
  * into the users logging functionality.
  *