1#include <unistd.h> 2#include <fcntl.h> 3#include <string.h> 4#include "selinux_internal.h" 5#include "context_internal.h" 6 7int setexecfilecon(const char *filename, const char *fallback_type) 8{ 9 char * mycon = NULL, *fcon = NULL, *newcon = NULL; 10 context_t con = NULL; 11 int rc = 0; 12 13 if (is_selinux_enabled() < 1) 14 return 0; 15 16 rc = getcon(&mycon); 17 if (rc < 0) 18 goto out; 19 20 rc = getfilecon(filename, &fcon); 21 if (rc < 0) 22 goto out; 23 24 rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &newcon); 25 if (rc < 0) 26 goto out; 27 28 if (!strcmp(mycon, newcon)) { 29 /* No default transition, use fallback_type for now. */ 30 rc = -1; 31 con = context_new(mycon); 32 if (!con) 33 goto out; 34 if (context_type_set(con, fallback_type)) 35 goto out; 36 freecon(newcon); 37 newcon = strdup(context_str(con)); 38 if (!newcon) 39 goto out; 40 } 41 42 rc = setexeccon(newcon); 43 if (rc < 0) 44 goto out; 45 out: 46 47 if (rc < 0 && security_getenforce() == 0) 48 rc = 0; 49 50 context_free(con); 51 freecon(newcon); 52 freecon(fcon); 53 freecon(mycon); 54 return rc < 0 ? rc : 0; 55} 56 57#ifndef DISABLE_RPM 58int rpm_execcon(unsigned int verified __attribute__ ((unused)), 59 const char *filename, char *const argv[], char *const envp[]) 60{ 61 int rc; 62 63 rc = setexecfilecon(filename, "rpm_script_t"); 64 if (rc < 0) 65 return rc; 66 67 return execve(filename, argv, envp); 68} 69#endif 70