From 4cd157cbbddb8dab2c5515aedeb300ea2a99907e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 17 Mar 2010 15:47:56 +0100 Subject: [PATCH 1/2] Move SELinux related functions into its own module Fix whitespace errors --- src/Makefile.am | 1 + src/tools/files.c | 57 --------------------------------- src/tools/selinux.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++ src/tools/tools_util.h | 7 ++-- 4 files changed, 86 insertions(+), 60 deletions(-) create mode 100644 src/tools/selinux.c diff --git a/src/Makefile.am b/src/Makefile.am index c3b1fe7be9592befedc3483e905ef93722c8b5b5..e5c12df8cf0b1d987d0f965c9b9db07872b51b09 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -247,6 +247,7 @@ SSSD_TOOLS_OBJ = \ tools/sss_sync_ops.c \ tools/tools_util.c \ tools/files.c \ + tools/selinux.c \ tools/nscd.c SSSD_RESOLV_OBJ = \ diff --git a/src/tools/files.c b/src/tools/files.c index 90920b6cf7a3e2590e3e41ed842f5c7a2ab4c6af..b3b516ea466565af6977d4b07bf0cbc877f891ce 100644 --- a/src/tools/files.c +++ b/src/tools/files.c @@ -66,10 +66,6 @@ #include "util/util.h" #include "tools/tools_util.h" -#ifdef HAVE_SELINUX -#include -#endif - int copy_tree(const char *src_root, const char *dst_root, uid_t uid, gid_t gid); @@ -79,59 +75,6 @@ struct copy_ctx { dev_t src_dev; }; -#ifdef HAVE_SELINUX -/* - * selinux_file_context - Set the security context before any file or - * directory creation. - * - * selinux_file_context () should be called before any creation of file, - * symlink, directory, ... - * - * Callers may have to Reset SELinux to create files with default - * contexts: - * reset_selinux_file_context(); - */ -int selinux_file_context(const char *dst_name) -{ - security_context_t scontext = NULL; - - if (is_selinux_enabled() == 1) { - /* Get the default security context for this file */ - if (matchpathcon(dst_name, 0, &scontext) < 0) { - if (security_getenforce () != 0) { - return 1; - } - } - /* Set the security context for the next created file */ - if (setfscreatecon(scontext) < 0) { - if (security_getenforce() != 0) { - return 1; - } - } - freecon(scontext); - } - - return 0; -} - -int reset_selinux_file_context(void) -{ - setfscreatecon(NULL); - return EOK; -} - -#else /* HAVE_SELINUX */ -int selinux_file_context(const char *dst_name) -{ - return EOK; -} - -int reset_selinux_file_context(void) -{ - return EOK; -} -#endif /* HAVE_SELINUX */ - /* wrapper in order not to create a temporary context in * every iteration */ static int remove_tree_with_ctx(TALLOC_CTX *mem_ctx, diff --git a/src/tools/selinux.c b/src/tools/selinux.c new file mode 100644 index 0000000000000000000000000000000000000000..9fa660c62511779e36cefefe76a81fed78c52820 --- /dev/null +++ b/src/tools/selinux.c @@ -0,0 +1,81 @@ +/* + SSSD + + selinux.c + + Copyright (C) Jakub Hrozek 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "config.h" + +#ifdef HAVE_SELINUX +#include +#endif + +#include "util/util.h" + +#ifdef HAVE_SELINUX +/* + * selinux_file_context - Set the security context before any file or + * directory creation. + * + * selinux_file_context () should be called before any creation of file, + * symlink, directory, ... + * + * Callers may have to Reset SELinux to create files with default + * contexts: + * reset_selinux_file_context(); + */ +int selinux_file_context(const char *dst_name) +{ + security_context_t scontext = NULL; + + if (is_selinux_enabled() == 1) { + /* Get the default security context for this file */ + if (matchpathcon(dst_name, 0, &scontext) < 0) { + if (security_getenforce () != 0) { + return 1; + } + } + /* Set the security context for the next created file */ + if (setfscreatecon(scontext) < 0) { + if (security_getenforce() != 0) { + return 1; + } + } + freecon(scontext); + } + + return 0; +} + +int reset_selinux_file_context(void) +{ + setfscreatecon(NULL); + return EOK; +} + +#else /* HAVE_SELINUX */ +int selinux_file_context(const char *dst_name) +{ + return EOK; +} + +int reset_selinux_file_context(void) +{ + return EOK; +} +#endif /* HAVE_SELINUX */ diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h index fccec1469e812520d6dffc3d523aa56f1eaa512a..2ac18535b182cc1336eeb06b37c53793ff9d254d 100644 --- a/src/tools/tools_util.h +++ b/src/tools/tools_util.h @@ -104,9 +104,6 @@ int copy_tree(const char *src_root, const char *dst_root, uid_t uid, gid_t gid); -int selinux_file_context(const char *dst_name); -int reset_selinux_file_context(void); - /* from nscd.c */ enum nscd_db { NSCD_DB_PASSWD, @@ -115,4 +112,8 @@ enum nscd_db { int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db); +/* from selinux.c */ +int selinux_file_context(const char *dst_name); +int reset_selinux_file_context(void); + #endif /* __TOOLS_UTIL_H__ */ -- 1.6.6.1