1/* lsm.h - header file for lib directory 2 * 3 * Copyright 2015 Rob Landley <rob@landley.net> 4 */ 5 6#if CFG_TOYBOX_SELINUX 7#include <selinux/selinux.h> 8#else 9#define is_selinux_enabled() 0 10#define setfscreatecon(...) (-1) 11#define getcon(...) (-1) 12#define getfilecon(...) (-1) 13#define lgetfilecon(...) (-1) 14#define fgetfilecon(...) (-1) 15#define setfilecon(...) (-1) 16#define lsetfilecon(...) (-1) 17#define fsetfilecon(...) (-1) 18#endif 19 20#if CFG_TOYBOX_SMACK 21#include <sys/smack.h> 22#include <linux/xattr.h> 23#else 24#ifndef XATTR_NAME_SMACK 25#define XATTR_NAME_SMACK 0 26#endif 27#define smack_smackfs_path(...) (-1) 28#define smack_new_label_from_self(...) (-1) 29#define smack_new_label_from_path(...) (-1) 30#define smack_new_label_from_file(...) (-1) 31#define smack_set_label_for_self(...) (-1) 32#define smack_set_label_for_path(...) (-1) 33#define smack_set_label_for_file(...) (-1) 34#endif 35 36// This turns into "return 0" when no LSM and lets code optimize out. 37static inline int lsm_enabled(void) 38{ 39 if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path(); 40 else return is_selinux_enabled() == 1; 41} 42 43static inline char *lsm_name(void) 44{ 45 if (CFG_TOYBOX_SMACK) return "Smack"; 46 if (CFG_TOYBOX_SELINUX) return "SELinux"; 47 48 return "LSM"; 49} 50 51// Fetch this process's lsm context 52static inline char *lsm_context(void) 53{ 54 int ok = 0; 55 char *result = 0; 56 57 if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0; 58 else ok = getcon(&result) == 0; 59 60 return ok ? result : strdup("?"); 61} 62 63// Set default label to apply to newly created stuff (NULL to clear it) 64static inline int lsm_set_create(char *context) 65{ 66 if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context); 67 else return setfscreatecon(context); 68} 69 70// Label a file, following symlinks 71static inline int lsm_set_context(char *filename, char *context) 72{ 73 if (CFG_TOYBOX_SMACK) 74 return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context); 75 else return setfilecon(filename, context); 76} 77 78// Label a file, don't follow symlinks 79static inline int lsm_lset_context(char *filename, char *context) 80{ 81 if (CFG_TOYBOX_SMACK) 82 return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context); 83 else return lsetfilecon(filename, context); 84} 85 86// Label a file by filehandle 87static inline int lsm_fset_context(int file, char *context) 88{ 89 if (CFG_TOYBOX_SMACK) 90 return smack_set_label_for_file(file, XATTR_NAME_SMACK, context); 91 else return fsetfilecon(file, context); 92} 93 94// returns -1 in case of error or else the length of the context */ 95// context can be NULL to get the length only */ 96static inline int lsm_get_context(char *filename, char **context) 97{ 98 if (CFG_TOYBOX_SMACK) 99 return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context); 100 else return getfilecon(filename, context); 101} 102 103static inline int lsm_lget_context(char *filename, char **context) 104{ 105 if (CFG_TOYBOX_SMACK) 106 return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context); 107 else return lgetfilecon(filename, context); 108} 109 110static inline int lsm_fget_context(int file, char **context) 111{ 112 if (CFG_TOYBOX_SMACK) 113 return smack_new_label_from_file(file, XATTR_NAME_SMACK, context); 114 return fgetfilecon(file, context); 115} 116