diff options
author | Tavian Barnes <tavianator@tavianator.com> | 2024-04-10 10:04:07 -0400 |
---|---|---|
committer | Tavian Barnes <tavianator@tavianator.com> | 2024-04-10 13:15:49 -0400 |
commit | c0cbaab04b3d37a1786f04018eb6226359291031 (patch) | |
tree | 0a55e6cb25fd791686e9e7bb07258cc540df3858 | |
parent | 9f90d09fcf58269dc09bad90b360d46c374e56e9 (diff) | |
download | bfs-c0cbaab04b3d37a1786f04018eb6226359291031.tar.xz |
fsade: Add libselinux wrappers
-rw-r--r-- | src/fsade.c | 33 | ||||
-rw-r--r-- | src/fsade.h | 17 |
2 files changed, 50 insertions, 0 deletions
diff --git a/src/fsade.c b/src/fsade.c index ee17416..0810c7f 100644 --- a/src/fsade.c +++ b/src/fsade.c @@ -22,6 +22,10 @@ # include <sys/capability.h> #endif +#if BFS_CAN_CHECK_CONTEXT +# include <selinux/selinux.h> +#endif + #if BFS_USE_SYS_EXTATTR_H # include <sys/extattr.h> #elif BFS_USE_SYS_XATTR_H @@ -414,3 +418,32 @@ int bfs_check_xattr_named(const struct BFTW *ftwbuf, const char *name) { } #endif + +char *bfs_getfilecon(const struct BFTW *ftwbuf) { +#if BFS_CAN_CHECK_CONTEXT + const char *path = fake_at(ftwbuf); + + char *con; + int ret; + if (ftwbuf->type == BFS_LNK) { + ret = lgetfilecon(path, &con); + } else { + ret = getfilecon(path, &con); + } + + if (ret >= 0) { + return con; + } else { + return NULL; + } +#else + errno = ENOTSUP; + return NULL; +#endif +} + +void bfs_freecon(char *con) { +#if BFS_CAN_CHECK_CONTEXT + freecon(con); +#endif +} diff --git a/src/fsade.h b/src/fsade.h index 413938d..1f1dbfc 100644 --- a/src/fsade.h +++ b/src/fsade.h @@ -20,6 +20,8 @@ # endif #endif +#define BFS_CAN_CHECK_CONTEXT BFS_USE_LIBSELINUX + #define BFS_CAN_CHECK_XATTRS (BFS_USE_SYS_EXTATTR_H || BFS_USE_SYS_XATTR_H) struct BFTW; @@ -66,4 +68,19 @@ int bfs_check_xattrs(const struct BFTW *ftwbuf); */ int bfs_check_xattr_named(const struct BFTW *ftwbuf, const char *name); +/** + * Get a file's SELinux context + * + * @param ftwbuf + * The file to check. + * @return + * The file's SELinux context, or NULL on failure. + */ +char *bfs_getfilecon(const struct BFTW *ftwbuf); + +/** + * Free a bfs_getfilecon() result. + */ +void bfs_freecon(char *con); + #endif // BFS_FSADE_H |