summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTavian Barnes <tavianator@tavianator.com>2024-04-10 10:04:07 -0400
committerTavian Barnes <tavianator@tavianator.com>2024-04-10 13:15:49 -0400
commitc0cbaab04b3d37a1786f04018eb6226359291031 (patch)
tree0a55e6cb25fd791686e9e7bb07258cc540df3858
parent9f90d09fcf58269dc09bad90b360d46c374e56e9 (diff)
downloadbfs-c0cbaab04b3d37a1786f04018eb6226359291031.tar.xz
fsade: Add libselinux wrappers
-rw-r--r--src/fsade.c33
-rw-r--r--src/fsade.h17
2 files changed, 50 insertions, 0 deletions
diff --git a/src/fsade.c b/src/fsade.c
index ee17416..0810c7f 100644
--- a/src/fsade.c
+++ b/src/fsade.c
@@ -22,6 +22,10 @@
# include <sys/capability.h>
#endif
+#if BFS_CAN_CHECK_CONTEXT
+# include <selinux/selinux.h>
+#endif
+
#if BFS_USE_SYS_EXTATTR_H
# include <sys/extattr.h>
#elif BFS_USE_SYS_XATTR_H
@@ -414,3 +418,32 @@ int bfs_check_xattr_named(const struct BFTW *ftwbuf, const char *name) {
}
#endif
+
+char *bfs_getfilecon(const struct BFTW *ftwbuf) {
+#if BFS_CAN_CHECK_CONTEXT
+ const char *path = fake_at(ftwbuf);
+
+ char *con;
+ int ret;
+ if (ftwbuf->type == BFS_LNK) {
+ ret = lgetfilecon(path, &con);
+ } else {
+ ret = getfilecon(path, &con);
+ }
+
+ if (ret >= 0) {
+ return con;
+ } else {
+ return NULL;
+ }
+#else
+ errno = ENOTSUP;
+ return NULL;
+#endif
+}
+
+void bfs_freecon(char *con) {
+#if BFS_CAN_CHECK_CONTEXT
+ freecon(con);
+#endif
+}
diff --git a/src/fsade.h b/src/fsade.h
index 413938d..1f1dbfc 100644
--- a/src/fsade.h
+++ b/src/fsade.h
@@ -20,6 +20,8 @@
# endif
#endif
+#define BFS_CAN_CHECK_CONTEXT BFS_USE_LIBSELINUX
+
#define BFS_CAN_CHECK_XATTRS (BFS_USE_SYS_EXTATTR_H || BFS_USE_SYS_XATTR_H)
struct BFTW;
@@ -66,4 +68,19 @@ int bfs_check_xattrs(const struct BFTW *ftwbuf);
*/
int bfs_check_xattr_named(const struct BFTW *ftwbuf, const char *name);
+/**
+ * Get a file's SELinux context
+ *
+ * @param ftwbuf
+ * The file to check.
+ * @return
+ * The file's SELinux context, or NULL on failure.
+ */
+char *bfs_getfilecon(const struct BFTW *ftwbuf);
+
+/**
+ * Free a bfs_getfilecon() result.
+ */
+void bfs_freecon(char *con);
+
#endif // BFS_FSADE_H