16cd6a6acSopenharmony_ci#include <unistd.h> 26cd6a6acSopenharmony_ci#include <sys/types.h> 36cd6a6acSopenharmony_ci#include <fcntl.h> 46cd6a6acSopenharmony_ci#include <stdlib.h> 56cd6a6acSopenharmony_ci#include <errno.h> 66cd6a6acSopenharmony_ci#include <string.h> 76cd6a6acSopenharmony_ci#include "selinux_internal.h" 86cd6a6acSopenharmony_ci#include "policy.h" 96cd6a6acSopenharmony_ci#include <stdio.h> 106cd6a6acSopenharmony_ci#include <limits.h> 116cd6a6acSopenharmony_ci 126cd6a6acSopenharmony_ciint security_deny_unknown(void) 136cd6a6acSopenharmony_ci{ 146cd6a6acSopenharmony_ci int fd, ret, deny_unknown = 0; 156cd6a6acSopenharmony_ci char path[PATH_MAX]; 166cd6a6acSopenharmony_ci char buf[20]; 176cd6a6acSopenharmony_ci 186cd6a6acSopenharmony_ci if (!selinux_mnt) { 196cd6a6acSopenharmony_ci errno = ENOENT; 206cd6a6acSopenharmony_ci return -1; 216cd6a6acSopenharmony_ci } 226cd6a6acSopenharmony_ci 236cd6a6acSopenharmony_ci snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); 246cd6a6acSopenharmony_ci fd = open(path, O_RDONLY | O_CLOEXEC); 256cd6a6acSopenharmony_ci if (fd < 0) 266cd6a6acSopenharmony_ci return -1; 276cd6a6acSopenharmony_ci 286cd6a6acSopenharmony_ci memset(buf, 0, sizeof(buf)); 296cd6a6acSopenharmony_ci ret = read(fd, buf, sizeof(buf) - 1); 306cd6a6acSopenharmony_ci close(fd); 316cd6a6acSopenharmony_ci if (ret < 0) 326cd6a6acSopenharmony_ci return -1; 336cd6a6acSopenharmony_ci 346cd6a6acSopenharmony_ci if (sscanf(buf, "%d", &deny_unknown) != 1) 356cd6a6acSopenharmony_ci return -1; 366cd6a6acSopenharmony_ci 376cd6a6acSopenharmony_ci return deny_unknown; 386cd6a6acSopenharmony_ci} 396cd6a6acSopenharmony_ci 40