16cd6a6acSopenharmony_ci/* 26cd6a6acSopenharmony_ci * User-supplied callbacks and default implementations. 36cd6a6acSopenharmony_ci * Class and permission mappings. 46cd6a6acSopenharmony_ci */ 56cd6a6acSopenharmony_ci 66cd6a6acSopenharmony_ci#include <stdio.h> 76cd6a6acSopenharmony_ci#include <stdlib.h> 86cd6a6acSopenharmony_ci#include <stdarg.h> 96cd6a6acSopenharmony_ci#include <errno.h> 106cd6a6acSopenharmony_ci#include <selinux/selinux.h> 116cd6a6acSopenharmony_ci#include "callbacks.h" 126cd6a6acSopenharmony_ci 136cd6a6acSopenharmony_cipthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER; 146cd6a6acSopenharmony_ci 156cd6a6acSopenharmony_ci/* default implementations */ 166cd6a6acSopenharmony_cistatic int __attribute__ ((format(printf, 2, 3))) 176cd6a6acSopenharmony_cidefault_selinux_log(int type __attribute__((unused)), const char *fmt, ...) 186cd6a6acSopenharmony_ci{ 196cd6a6acSopenharmony_ci int rc; 206cd6a6acSopenharmony_ci va_list ap; 216cd6a6acSopenharmony_ci va_start(ap, fmt); 226cd6a6acSopenharmony_ci rc = vfprintf(stderr, fmt, ap); 236cd6a6acSopenharmony_ci va_end(ap); 246cd6a6acSopenharmony_ci return rc; 256cd6a6acSopenharmony_ci} 266cd6a6acSopenharmony_ci 276cd6a6acSopenharmony_cistatic int 286cd6a6acSopenharmony_cidefault_selinux_audit(void *ptr __attribute__((unused)), 296cd6a6acSopenharmony_ci security_class_t cls __attribute__((unused)), 306cd6a6acSopenharmony_ci char *buf __attribute__((unused)), 316cd6a6acSopenharmony_ci size_t len __attribute__((unused))) 326cd6a6acSopenharmony_ci{ 336cd6a6acSopenharmony_ci return 0; 346cd6a6acSopenharmony_ci} 356cd6a6acSopenharmony_ci 366cd6a6acSopenharmony_cistatic int 376cd6a6acSopenharmony_cidefault_selinux_validate(char **ctx) 386cd6a6acSopenharmony_ci{ 396cd6a6acSopenharmony_ci#ifndef BUILD_HOST 406cd6a6acSopenharmony_ci return security_check_context(*ctx); 416cd6a6acSopenharmony_ci#else 426cd6a6acSopenharmony_ci (void) ctx; 436cd6a6acSopenharmony_ci return 0; 446cd6a6acSopenharmony_ci#endif 456cd6a6acSopenharmony_ci} 466cd6a6acSopenharmony_ci 476cd6a6acSopenharmony_cistatic int 486cd6a6acSopenharmony_cidefault_selinux_setenforce(int enforcing __attribute__((unused))) 496cd6a6acSopenharmony_ci{ 506cd6a6acSopenharmony_ci return 0; 516cd6a6acSopenharmony_ci} 526cd6a6acSopenharmony_ci 536cd6a6acSopenharmony_cistatic int 546cd6a6acSopenharmony_cidefault_selinux_policyload(int seqno __attribute__((unused))) 556cd6a6acSopenharmony_ci{ 566cd6a6acSopenharmony_ci return 0; 576cd6a6acSopenharmony_ci} 586cd6a6acSopenharmony_ci 596cd6a6acSopenharmony_ci/* callback pointers */ 606cd6a6acSopenharmony_ciint __attribute__ ((format(printf, 2, 3))) 616cd6a6acSopenharmony_ci(*selinux_log_direct)(int, const char *, ...) = 626cd6a6acSopenharmony_ci default_selinux_log; 636cd6a6acSopenharmony_ci 646cd6a6acSopenharmony_ciint 656cd6a6acSopenharmony_ci(*selinux_audit) (void *, security_class_t, char *, size_t) = 666cd6a6acSopenharmony_ci default_selinux_audit; 676cd6a6acSopenharmony_ci 686cd6a6acSopenharmony_ciint 696cd6a6acSopenharmony_ci(*selinux_validate)(char **ctx) = 706cd6a6acSopenharmony_ci default_selinux_validate; 716cd6a6acSopenharmony_ci 726cd6a6acSopenharmony_ciint 736cd6a6acSopenharmony_ci(*selinux_netlink_setenforce) (int enforcing) = 746cd6a6acSopenharmony_ci default_selinux_setenforce; 756cd6a6acSopenharmony_ci 766cd6a6acSopenharmony_ciint 776cd6a6acSopenharmony_ci(*selinux_netlink_policyload) (int seqno) = 786cd6a6acSopenharmony_ci default_selinux_policyload; 796cd6a6acSopenharmony_ci 806cd6a6acSopenharmony_ci/* callback setting function */ 816cd6a6acSopenharmony_civoid 826cd6a6acSopenharmony_ciselinux_set_callback(int type, union selinux_callback cb) 836cd6a6acSopenharmony_ci{ 846cd6a6acSopenharmony_ci switch (type) { 856cd6a6acSopenharmony_ci case SELINUX_CB_LOG: 866cd6a6acSopenharmony_ci selinux_log_direct = cb.func_log; 876cd6a6acSopenharmony_ci break; 886cd6a6acSopenharmony_ci case SELINUX_CB_AUDIT: 896cd6a6acSopenharmony_ci selinux_audit = cb.func_audit; 906cd6a6acSopenharmony_ci break; 916cd6a6acSopenharmony_ci case SELINUX_CB_VALIDATE: 926cd6a6acSopenharmony_ci selinux_validate = cb.func_validate; 936cd6a6acSopenharmony_ci break; 946cd6a6acSopenharmony_ci case SELINUX_CB_SETENFORCE: 956cd6a6acSopenharmony_ci selinux_netlink_setenforce = cb.func_setenforce; 966cd6a6acSopenharmony_ci break; 976cd6a6acSopenharmony_ci case SELINUX_CB_POLICYLOAD: 986cd6a6acSopenharmony_ci selinux_netlink_policyload = cb.func_policyload; 996cd6a6acSopenharmony_ci break; 1006cd6a6acSopenharmony_ci } 1016cd6a6acSopenharmony_ci} 1026cd6a6acSopenharmony_ci 1036cd6a6acSopenharmony_ci/* callback getting function */ 1046cd6a6acSopenharmony_ciunion selinux_callback 1056cd6a6acSopenharmony_ciselinux_get_callback(int type) 1066cd6a6acSopenharmony_ci{ 1076cd6a6acSopenharmony_ci union selinux_callback cb; 1086cd6a6acSopenharmony_ci 1096cd6a6acSopenharmony_ci switch (type) { 1106cd6a6acSopenharmony_ci case SELINUX_CB_LOG: 1116cd6a6acSopenharmony_ci cb.func_log = selinux_log_direct; 1126cd6a6acSopenharmony_ci break; 1136cd6a6acSopenharmony_ci case SELINUX_CB_AUDIT: 1146cd6a6acSopenharmony_ci cb.func_audit = selinux_audit; 1156cd6a6acSopenharmony_ci break; 1166cd6a6acSopenharmony_ci case SELINUX_CB_VALIDATE: 1176cd6a6acSopenharmony_ci cb.func_validate = selinux_validate; 1186cd6a6acSopenharmony_ci break; 1196cd6a6acSopenharmony_ci case SELINUX_CB_SETENFORCE: 1206cd6a6acSopenharmony_ci cb.func_setenforce = selinux_netlink_setenforce; 1216cd6a6acSopenharmony_ci break; 1226cd6a6acSopenharmony_ci case SELINUX_CB_POLICYLOAD: 1236cd6a6acSopenharmony_ci cb.func_policyload = selinux_netlink_policyload; 1246cd6a6acSopenharmony_ci break; 1256cd6a6acSopenharmony_ci default: 1266cd6a6acSopenharmony_ci memset(&cb, 0, sizeof(cb)); 1276cd6a6acSopenharmony_ci errno = EINVAL; 1286cd6a6acSopenharmony_ci break; 1296cd6a6acSopenharmony_ci } 1306cd6a6acSopenharmony_ci return cb; 1316cd6a6acSopenharmony_ci} 132