98a597a060
Merged setrans client support from Dan Walsh. This removes use of libsetrans. Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. Merged swig typemap fixes from Glauber de Oliveira Costa.
1328 lines
33 KiB
Diff
1328 lines
33 KiB
Diff
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.30.3/include/selinux/setrans.h
|
|
--- nsalibselinux/include/selinux/setrans.h 1969-12-31 19:00:00.000000000 -0500
|
|
+++ libselinux-1.30.3/include/selinux/setrans.h 2006-05-03 09:25:00.000000000 -0400
|
|
@@ -0,0 +1,32 @@
|
|
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
|
|
+
|
|
+#ifndef _SETRANS_H
|
|
+#define _SETRANS_H
|
|
+
|
|
+#ifdef __cplusplus
|
|
+extern "C" {
|
|
+#endif
|
|
+
|
|
+/* This must be called once, prior to calling any other
|
|
+ translation function.
|
|
+ Returns nonzero if translations cannot be performed,
|
|
+ or 0 otherwise. */
|
|
+int init_context_translations(void);
|
|
+
|
|
+/* Perform context translation.
|
|
+ Caller must free the resulting context.
|
|
+ Returns nonzero if error or 0 otherwise. */
|
|
+int translate_context(const char *, char **);
|
|
+int untranslate_context(const char *, char **);
|
|
+
|
|
+#ifdef __cplusplus
|
|
+}
|
|
+#endif
|
|
+
|
|
+#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
|
|
+
|
|
+#define SETRANS_INIT 1
|
|
+#define RAW_TO_TRANS_CONTEXT 2
|
|
+#define TRANS_TO_RAW_CONTEXT 3
|
|
+
|
|
+#endif /* _SETRANS_H */
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c libselinux-1.30.3/src/canonicalize_context.c
|
|
--- nsalibselinux/src/canonicalize_context.c 2005-11-08 09:34:17.000000000 -0500
|
|
+++ libselinux-1.30.3/src/canonicalize_context.c 2006-05-03 11:00:33.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
#include <limits.h>
|
|
@@ -23,7 +22,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -64,22 +63,16 @@
|
|
security_context_t rcon = con;
|
|
security_context_t rcanoncon;
|
|
|
|
- if (context_translations && trans_to_raw_context(con, &rcon))
|
|
+
|
|
+ if (selinux_trans_to_raw_context(con, &rcon))
|
|
return -1;
|
|
|
|
ret = security_canonicalize_context_raw(rcon, &rcanoncon);
|
|
|
|
- if (context_translations) {
|
|
- freecon(rcon);
|
|
- if (!ret) {
|
|
- if (raw_to_trans_context(rcanoncon, canoncon)) {
|
|
- *canoncon = NULL;
|
|
- ret = -1;
|
|
- }
|
|
- freecon(rcanoncon);
|
|
- }
|
|
- } else if (!ret) {
|
|
- *canoncon = rcanoncon;
|
|
+ freecon(rcon);
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
|
|
+ freecon(rcanoncon);
|
|
}
|
|
|
|
return ret;
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.30.3/src/check_context.c
|
|
--- nsalibselinux/src/check_context.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/check_context.c 2006-05-03 10:59:57.000000000 -0400
|
|
@@ -32,13 +32,12 @@
|
|
int ret;
|
|
security_context_t rcon = con;
|
|
|
|
- if (context_translations && trans_to_raw_context(con, &rcon))
|
|
+ if (selinux_trans_to_raw_context(con, &rcon))
|
|
return -1;
|
|
|
|
ret = security_check_context_raw(rcon);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcon);
|
|
+ freecon(rcon);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.30.3/src/compute_av.c
|
|
--- nsalibselinux/src/compute_av.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/compute_av.c 2006-05-03 11:00:48.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
#include <limits.h>
|
|
@@ -26,7 +25,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- len = PAGE_SIZE;
|
|
+ len = selinux_page_size;
|
|
buf = malloc(len);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -70,21 +69,17 @@
|
|
security_context_t rscon = scon;
|
|
security_context_t rtcon = tcon;
|
|
|
|
- if (context_translations) {
|
|
- if (trans_to_raw_context(scon, &rscon))
|
|
- return -1;
|
|
- if (trans_to_raw_context(tcon, &rtcon)) {
|
|
- freecon(rscon);
|
|
- return -1;
|
|
- }
|
|
+ if (selinux_trans_to_raw_context(scon, &rscon))
|
|
+ return -1;
|
|
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
|
|
+ freecon(rscon);
|
|
+ return -1;
|
|
}
|
|
|
|
ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
|
|
|
|
- if (context_translations) {
|
|
- freecon(rscon);
|
|
- freecon(rtcon);
|
|
- }
|
|
+ freecon(rscon);
|
|
+ freecon(rtcon);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.30.3/src/compute_create.c
|
|
--- nsalibselinux/src/compute_create.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/compute_create.c 2006-05-03 11:04:26.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
#include <limits.h>
|
|
@@ -25,7 +24,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -66,29 +65,21 @@
|
|
security_context_t rtcon = tcon;
|
|
security_context_t rnewcon;
|
|
|
|
- if (context_translations) {
|
|
- if (trans_to_raw_context(scon, &rscon))
|
|
- return -1;
|
|
- if (trans_to_raw_context(tcon, &rtcon)) {
|
|
- freecon(rscon);
|
|
- return -1;
|
|
- }
|
|
+ if (selinux_trans_to_raw_context(scon, &rscon))
|
|
+ return -1;
|
|
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
|
|
+ freecon(rscon);
|
|
+ return -1;
|
|
}
|
|
|
|
ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon);
|
|
|
|
- if (context_translations) {
|
|
- freecon(rscon);
|
|
- freecon(rtcon);
|
|
- if (!ret) {
|
|
- if (raw_to_trans_context(rnewcon, newcon)) {
|
|
- *newcon = NULL;
|
|
- ret = -1;
|
|
- }
|
|
- freecon(rnewcon);
|
|
- }
|
|
- } else if (!ret)
|
|
- *newcon = rnewcon;
|
|
+ freecon(rscon);
|
|
+ freecon(rtcon);
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rnewcon, newcon);
|
|
+ freecon(rnewcon);
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.30.3/src/compute_member.c
|
|
--- nsalibselinux/src/compute_member.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/compute_member.c 2006-05-03 11:01:44.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
#include <limits.h>
|
|
@@ -25,7 +24,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -66,29 +65,24 @@
|
|
security_context_t rtcon = tcon;
|
|
security_context_t rnewcon;
|
|
|
|
- if (context_translations) {
|
|
- if (trans_to_raw_context(scon, &rscon))
|
|
- return -1;
|
|
- if (trans_to_raw_context(tcon, &rtcon)) {
|
|
- freecon(rscon);
|
|
- return -1;
|
|
- }
|
|
+ if (selinux_trans_to_raw_context(scon, &rscon))
|
|
+ return -1;
|
|
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
|
|
+ freecon(rscon);
|
|
+ return -1;
|
|
}
|
|
|
|
ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
|
|
|
|
- if (context_translations) {
|
|
- freecon(rscon);
|
|
- freecon(rtcon);
|
|
- if (!ret) {
|
|
- if (raw_to_trans_context(rnewcon, newcon)) {
|
|
- *newcon = NULL;
|
|
- ret = -1;
|
|
- }
|
|
- freecon(rnewcon);
|
|
+ freecon(rscon);
|
|
+ freecon(rtcon);
|
|
+ if (!ret) {
|
|
+ if (selinux_raw_to_trans_context(rnewcon, newcon)) {
|
|
+ *newcon = NULL;
|
|
+ ret = -1;
|
|
}
|
|
- } else if (!ret)
|
|
- *newcon = rnewcon;
|
|
+ freecon(rnewcon);
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.30.3/src/compute_relabel.c
|
|
--- nsalibselinux/src/compute_relabel.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/compute_relabel.c 2006-05-03 11:04:30.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
#include <limits.h>
|
|
@@ -25,7 +24,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -66,29 +65,21 @@
|
|
security_context_t rtcon = tcon;
|
|
security_context_t rnewcon;
|
|
|
|
- if (context_translations) {
|
|
- if (trans_to_raw_context(scon, &rscon))
|
|
- return -1;
|
|
- if (trans_to_raw_context(tcon, &rtcon)) {
|
|
- freecon(rscon);
|
|
- return -1;
|
|
- }
|
|
+ if (selinux_trans_to_raw_context(scon, &rscon))
|
|
+ return -1;
|
|
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
|
|
+ freecon(rscon);
|
|
+ return -1;
|
|
}
|
|
|
|
ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
|
|
|
|
- if (context_translations) {
|
|
- freecon(rscon);
|
|
- freecon(rtcon);
|
|
- if (!ret) {
|
|
- if (raw_to_trans_context(rnewcon, newcon)) {
|
|
- *newcon = NULL;
|
|
- ret = -1;
|
|
- }
|
|
- freecon(rnewcon);
|
|
- }
|
|
- } else if (!ret)
|
|
- *newcon = rnewcon;
|
|
+ freecon(rscon);
|
|
+ freecon(rtcon);
|
|
+ if (!ret) {
|
|
+ ret=selinux_raw_to_trans_context(rnewcon, newcon);
|
|
+ freecon(rnewcon);
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.30.3/src/compute_user.c
|
|
--- nsalibselinux/src/compute_user.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/compute_user.c 2006-05-03 11:02:16.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
#include <limits.h>
|
|
@@ -26,7 +25,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -82,24 +81,22 @@
|
|
int ret;
|
|
security_context_t rscon = scon;
|
|
|
|
- if (context_translations && trans_to_raw_context(scon, &rscon))
|
|
+ if (selinux_trans_to_raw_context(scon, &rscon))
|
|
return -1;
|
|
|
|
ret = security_compute_user_raw(rscon, user, con);
|
|
|
|
- if (context_translations) {
|
|
- freecon(rscon);
|
|
- if (!ret) {
|
|
- security_context_t *ptr, tmpcon;
|
|
- for (ptr = *con; *ptr; ptr++) {
|
|
- if (raw_to_trans_context(*ptr, &tmpcon)) {
|
|
- freeconary(*con);
|
|
- *con = NULL;
|
|
- return -1;
|
|
- }
|
|
- freecon(*ptr);
|
|
- *ptr = tmpcon;
|
|
+ freecon(rscon);
|
|
+ if (!ret) {
|
|
+ security_context_t *ptr, tmpcon;
|
|
+ for (ptr = *con; *ptr; ptr++) {
|
|
+ if (selinux_raw_to_trans_context(*ptr, &tmpcon)) {
|
|
+ freeconary(*con);
|
|
+ *con = NULL;
|
|
+ return -1;
|
|
}
|
|
+ freecon(*ptr);
|
|
+ *ptr = tmpcon;
|
|
}
|
|
}
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30.3/src/enabled.c
|
|
--- nsalibselinux/src/enabled.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/enabled.c 2006-05-02 14:48:35.000000000 -0400
|
|
@@ -5,7 +5,6 @@
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
#include <limits.h>
|
|
-#include <asm/page.h>
|
|
#include <stdio.h>
|
|
#include "policy.h"
|
|
|
|
@@ -22,7 +21,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
enabled = -1;
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.3/src/fgetfilecon.c
|
|
--- nsalibselinux/src/fgetfilecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/fgetfilecon.c 2006-05-03 10:55:46.000000000 -0400
|
|
@@ -52,14 +52,10 @@
|
|
|
|
ret = fgetfilecon_raw(fd, &rcontext);
|
|
|
|
- if (context_translations && ret > 0) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (ret > 0) {
|
|
+ ret=selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (ret > 0)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.30.3/src/fsetfilecon.c
|
|
--- nsalibselinux/src/fsetfilecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/fsetfilecon.c 2006-05-03 11:02:20.000000000 -0400
|
|
@@ -18,13 +18,12 @@
|
|
int ret;
|
|
security_context_t rcontext = context;
|
|
|
|
- if (context_translations && trans_to_raw_context(context, &rcontext))
|
|
+ if (selinux_trans_to_raw_context(context, &rcontext))
|
|
return -1;
|
|
|
|
ret = fsetfilecon_raw(fd, rcontext);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcontext);
|
|
+ freecon(rcontext);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30.3/src/getcon.c
|
|
--- nsalibselinux/src/getcon.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getcon.c 2006-05-03 11:02:25.000000000 -0400
|
|
@@ -4,7 +4,6 @@
|
|
#include "selinux_internal.h"
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
-#include <asm/page.h>
|
|
#include "policy.h"
|
|
|
|
int getcon_raw(security_context_t *context)
|
|
@@ -18,7 +17,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -51,14 +50,13 @@
|
|
|
|
ret = getcon_raw(&rcontext);
|
|
|
|
- if (context_translations && !ret) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
+ if (!ret) {
|
|
+ if (selinux_raw_to_trans_context(rcontext, context)) {
|
|
*context = NULL;
|
|
ret = -1;
|
|
}
|
|
freecon(rcontext);
|
|
- } else if (!ret)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.30.3/src/getexeccon.c
|
|
--- nsalibselinux/src/getexeccon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getexeccon.c 2006-05-03 11:04:35.000000000 -0400
|
|
@@ -3,7 +3,6 @@
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
|
|
@@ -18,7 +17,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -56,14 +55,10 @@
|
|
|
|
ret = getexeccon_raw(&rcontext);
|
|
|
|
- if (context_translations && !ret) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (!ret)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.3/src/getfilecon.c
|
|
--- nsalibselinux/src/getfilecon.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getfilecon.c 2006-05-03 10:54:32.000000000 -0400
|
|
@@ -52,14 +52,10 @@
|
|
|
|
ret = getfilecon_raw(path, &rcontext);
|
|
|
|
- if (context_translations && ret > 0) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (ret > 0) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (ret > 0)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.30.3/src/getfscreatecon.c
|
|
--- nsalibselinux/src/getfscreatecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getfscreatecon.c 2006-05-03 11:04:45.000000000 -0400
|
|
@@ -3,7 +3,6 @@
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
|
|
@@ -18,7 +17,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -56,14 +55,10 @@
|
|
|
|
ret = getfscreatecon_raw(&rcontext);
|
|
|
|
- if (context_translations && !ret) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (!ret)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.30.3/src/getpeercon.c
|
|
--- nsalibselinux/src/getpeercon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getpeercon.c 2006-05-03 11:03:09.000000000 -0400
|
|
@@ -51,14 +51,10 @@
|
|
|
|
ret = getpeercon_raw(fd, &rcontext);
|
|
|
|
- if (context_translations && !ret) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (!ret)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.30.3/src/getpidcon.c
|
|
--- nsalibselinux/src/getpidcon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getpidcon.c 2006-05-03 11:03:33.000000000 -0400
|
|
@@ -4,7 +4,6 @@
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
-#include <asm/page.h>
|
|
#include "selinux_internal.h"
|
|
#include "policy.h"
|
|
|
|
@@ -22,7 +21,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -55,14 +54,10 @@
|
|
|
|
ret = getpidcon_raw(pid, &rcontext);
|
|
|
|
- if (context_translations && !ret) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (!ret)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.30.3/src/getprevcon.c
|
|
--- nsalibselinux/src/getprevcon.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/getprevcon.c 2006-05-03 11:03:45.000000000 -0400
|
|
@@ -4,7 +4,6 @@
|
|
#include "selinux_internal.h"
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
-#include <asm/page.h>
|
|
#include "policy.h"
|
|
|
|
int getprevcon_raw(security_context_t *context)
|
|
@@ -18,7 +17,7 @@
|
|
if (fd < 0)
|
|
return -1;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
ret = -1;
|
|
@@ -51,14 +50,10 @@
|
|
|
|
ret = getprevcon_raw(&rcontext);
|
|
|
|
- if (context_translations && !ret) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (!ret) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (!ret)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/src/init.c
|
|
--- nsalibselinux/src/init.c 2005-12-14 14:16:46.000000000 -0500
|
|
+++ libselinux-1.30.3/src/init.c 2006-05-03 10:30:57.000000000 -0400
|
|
@@ -4,15 +4,16 @@
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
#include <ctype.h>
|
|
-#include <asm/page.h>
|
|
#include <stdio.h>
|
|
#include <dlfcn.h>
|
|
+#include <unistd.h>
|
|
|
|
#include "dso.h"
|
|
#include "policy.h"
|
|
#include "selinux_internal.h"
|
|
|
|
char *selinux_mnt = NULL;
|
|
+int selinux_page_size=0;
|
|
|
|
static void init_selinuxmnt(void)
|
|
{
|
|
@@ -27,11 +28,12 @@
|
|
if (!fp)
|
|
return;
|
|
|
|
- size = PAGE_SIZE;
|
|
+ size = selinux_page_size;
|
|
+
|
|
buf = malloc(size);
|
|
if (!buf)
|
|
goto out;
|
|
-
|
|
+
|
|
memset(buf, 0, size);
|
|
|
|
while(( bufp = fgets_unlocked(buf, size, fp)))
|
|
@@ -75,65 +77,15 @@
|
|
}
|
|
hidden_def(set_selinuxmnt)
|
|
|
|
-int context_translations hidden;
|
|
-void *translation_lib_handle hidden;
|
|
-
|
|
-/* from libsetrans.c */
|
|
-extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp);
|
|
-extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp);
|
|
-
|
|
-
|
|
static void init_translations(void)
|
|
{
|
|
-#ifdef SHARED
|
|
- int (*lib_trans_init)(void) = NULL;
|
|
-
|
|
- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
|
|
- if (!translation_lib_handle)
|
|
- return;
|
|
-
|
|
- dlerror();
|
|
-
|
|
- lib_trans_init = dlsym(translation_lib_handle,
|
|
- "init_context_translations");
|
|
- if (dlerror() || lib_trans_init())
|
|
- return;
|
|
-
|
|
- lib_raw_to_trans_context = dlsym(translation_lib_handle,
|
|
- "translate_context");
|
|
- if (dlerror())
|
|
- return;
|
|
-
|
|
- lib_trans_to_raw_context = dlsym(translation_lib_handle,
|
|
- "untranslate_context");
|
|
- if (dlerror())
|
|
- return;
|
|
-
|
|
- context_translations = 1;
|
|
-#endif
|
|
-}
|
|
-
|
|
-static void fini_translations(void)
|
|
-{
|
|
-#ifdef SHARED
|
|
- context_translations = 0;
|
|
- if (translation_lib_handle) {
|
|
- int (*lib_trans_finish)(void) = NULL;
|
|
-
|
|
- lib_trans_finish = dlsym(translation_lib_handle,
|
|
- "finish_context_translations");
|
|
- if (! dlerror())
|
|
- lib_trans_finish();
|
|
-
|
|
- dlclose(translation_lib_handle);
|
|
- translation_lib_handle = NULL;
|
|
- }
|
|
-#endif
|
|
+ init_context_translations();
|
|
}
|
|
|
|
static void init_lib(void) __attribute__ ((constructor));
|
|
static void init_lib(void)
|
|
{
|
|
+ selinux_page_size = sysconf(_SC_PAGE_SIZE);
|
|
init_selinuxmnt();
|
|
init_translations();
|
|
}
|
|
@@ -141,6 +93,5 @@
|
|
static void fini_lib(void) __attribute__ ((destructor));
|
|
static void fini_lib(void)
|
|
{
|
|
- fini_translations();
|
|
fini_selinuxmnt();
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.3/src/lgetfilecon.c
|
|
--- nsalibselinux/src/lgetfilecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/lgetfilecon.c 2006-05-03 10:55:25.000000000 -0400
|
|
@@ -52,14 +52,10 @@
|
|
|
|
ret = lgetfilecon_raw(path, &rcontext);
|
|
|
|
- if (context_translations && ret > 0) {
|
|
- if (raw_to_trans_context(rcontext, context)) {
|
|
- *context = NULL;
|
|
- ret = -1;
|
|
- }
|
|
+ if (ret > 0) {
|
|
+ ret = selinux_raw_to_trans_context(rcontext, context);
|
|
freecon(rcontext);
|
|
- } else if (ret > 0)
|
|
- *context = rcontext;
|
|
+ }
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.30.3/src/lsetfilecon.c
|
|
--- nsalibselinux/src/lsetfilecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/lsetfilecon.c 2006-05-03 11:03:50.000000000 -0400
|
|
@@ -18,13 +18,12 @@
|
|
int ret;
|
|
security_context_t rcontext = context;
|
|
|
|
- if (context_translations && trans_to_raw_context(context, &rcontext))
|
|
+ if (selinux_trans_to_raw_context(context, &rcontext))
|
|
return -1;
|
|
|
|
ret = lsetfilecon_raw(path, rcontext);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcontext);
|
|
+ freecon(rcontext);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.30.3/src/matchmediacon.c
|
|
--- nsalibselinux/src/matchmediacon.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/matchmediacon.c 2006-05-03 11:03:54.000000000 -0400
|
|
@@ -59,13 +59,10 @@
|
|
return -1;
|
|
}
|
|
|
|
- if (context_translations) {
|
|
- if (raw_to_trans_context(ptr2, con)) {
|
|
- *con = NULL;
|
|
- return -1;
|
|
- }
|
|
- } else
|
|
- *con = strdup(ptr2);
|
|
+ if (selinux_raw_to_trans_context(ptr2, con)) {
|
|
+ *con = NULL;
|
|
+ return -1;
|
|
+ }
|
|
|
|
return 0;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.3/src/matchpathcon.c
|
|
--- nsalibselinux/src/matchpathcon.c 2006-04-14 07:21:23.000000000 -0400
|
|
+++ libselinux-1.30.3/src/matchpathcon.c 2006-05-03 11:04:01.000000000 -0400
|
|
@@ -591,19 +591,14 @@
|
|
if (myflags & MATCHPATHCON_NOTRANS)
|
|
goto skip_trans;
|
|
|
|
- if (context_translations) {
|
|
- if (raw_to_trans_context(context, &tmpcon)) {
|
|
- myprintf("%s: line %u has invalid "
|
|
- "context %s\n",
|
|
- path, lineno, context);
|
|
- return 0;
|
|
- }
|
|
- free(context);
|
|
- context = tmpcon;
|
|
- } else {
|
|
- if (STRIP_LEVEL(&context, mls_enabled))
|
|
- return -1;
|
|
+ if (selinux_raw_to_trans_context(context, &tmpcon)) {
|
|
+ myprintf("%s: line %u has invalid "
|
|
+ "context %s\n",
|
|
+ path, lineno, context);
|
|
+ return 0;
|
|
}
|
|
+ free(context);
|
|
+ context = tmpcon;
|
|
|
|
skip_trans:
|
|
if (myflags & MATCHPATHCON_VALIDATE) {
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.3/src/selinux_internal.h
|
|
--- nsalibselinux/src/selinux_internal.h 2005-12-01 10:10:32.000000000 -0500
|
|
+++ libselinux-1.30.3/src/selinux_internal.h 2006-05-03 10:56:53.000000000 -0400
|
|
@@ -65,9 +65,6 @@
|
|
hidden_proto(selinux_translations_path);
|
|
hidden_proto(selinux_getenforcemode);
|
|
|
|
-extern int context_translations hidden;
|
|
-extern int hidden trans_to_raw_context(char *trans, char **rawp);
|
|
-extern int hidden raw_to_trans_context(char *raw, char **transp);
|
|
-
|
|
extern int load_setlocaldefs hidden;
|
|
extern int require_seusers hidden;
|
|
+extern int selinux_page_size hidden;
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.30.3/src/selinuxswig.i
|
|
--- nsalibselinux/src/selinuxswig.i 2006-04-14 07:21:23.000000000 -0400
|
|
+++ libselinux-1.30.3/src/selinuxswig.i 2006-05-02 13:08:05.000000000 -0400
|
|
@@ -28,9 +28,18 @@
|
|
%typemap(in, numinputs=0) security_context_t *(security_context_t temp) {
|
|
$1 = &temp;
|
|
}
|
|
-%typemap(argout) security_context_t * {
|
|
- $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1));
|
|
+%typemap(argout) security_context_t * (char *temp) {
|
|
+ if (*$1)
|
|
+ temp = *$1;
|
|
+ else
|
|
+ temp = "";
|
|
+ $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp));
|
|
+}
|
|
+
|
|
+%typemap(in) security_context_t {
|
|
+ $1 = (security_context_t)PyString_AsString($input);
|
|
}
|
|
+
|
|
%typedef unsigned mode_t;
|
|
|
|
extern int is_selinux_enabled(void);
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.30.3/src/setcon.c
|
|
--- nsalibselinux/src/setcon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/setcon.c 2006-05-03 11:04:05.000000000 -0400
|
|
@@ -32,13 +32,12 @@
|
|
int ret;
|
|
security_context_t rcontext = context;
|
|
|
|
- if (context_translations && trans_to_raw_context(context, &rcontext))
|
|
+ if (selinux_trans_to_raw_context(context, &rcontext))
|
|
return -1;
|
|
|
|
ret = setcon_raw(rcontext);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcontext);
|
|
+ freecon(rcontext);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.30.3/src/setexeccon.c
|
|
--- nsalibselinux/src/setexeccon.c 2005-08-23 13:34:34.000000000 -0400
|
|
+++ libselinux-1.30.3/src/setexeccon.c 2006-05-03 11:04:09.000000000 -0400
|
|
@@ -28,13 +28,12 @@
|
|
int ret;
|
|
security_context_t rcontext = context;
|
|
|
|
- if (context_translations && trans_to_raw_context(context, &rcontext))
|
|
+ if (selinux_trans_to_raw_context(context, &rcontext))
|
|
return -1;
|
|
|
|
ret = setexeccon_raw(rcontext);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcontext);
|
|
+ freecon(rcontext);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.30.3/src/setfilecon.c
|
|
--- nsalibselinux/src/setfilecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/setfilecon.c 2006-05-03 11:04:13.000000000 -0400
|
|
@@ -18,13 +18,12 @@
|
|
int ret;
|
|
security_context_t rcontext = context;
|
|
|
|
- if (context_translations && trans_to_raw_context(context, &rcontext))
|
|
+ if (selinux_trans_to_raw_context(context, &rcontext))
|
|
return -1;
|
|
|
|
ret = setfilecon_raw(path, rcontext);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcontext);
|
|
+ freecon(rcontext);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.30.3/src/setfscreatecon.c
|
|
--- nsalibselinux/src/setfscreatecon.c 2005-08-25 11:32:02.000000000 -0400
|
|
+++ libselinux-1.30.3/src/setfscreatecon.c 2006-05-03 11:04:17.000000000 -0400
|
|
@@ -28,13 +28,12 @@
|
|
int ret;
|
|
security_context_t rcontext = context;
|
|
|
|
- if (context_translations && trans_to_raw_context(context, &rcontext))
|
|
+ if (selinux_trans_to_raw_context(context, &rcontext))
|
|
return -1;
|
|
|
|
ret = setfscreatecon_raw(rcontext);
|
|
|
|
- if (context_translations)
|
|
- freecon(rcontext);
|
|
+ freecon(rcontext);
|
|
|
|
return ret;
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.3/src/setrans_client.c
|
|
--- nsalibselinux/src/setrans_client.c 1969-12-31 19:00:00.000000000 -0500
|
|
+++ libselinux-1.30.3/src/setrans_client.c 2006-05-03 10:56:24.000000000 -0400
|
|
@@ -0,0 +1,246 @@
|
|
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
|
|
+
|
|
+#include <sys/types.h>
|
|
+#include <sys/socket.h>
|
|
+#include <sys/un.h>
|
|
+
|
|
+#include <errno.h>
|
|
+#include <stdlib.h>
|
|
+#include <netdb.h>
|
|
+
|
|
+#include <stdio.h>
|
|
+#include <string.h>
|
|
+#include <ctype.h>
|
|
+#include <unistd.h>
|
|
+#include <selinux/selinux.h>
|
|
+#include "selinux/setrans.h"
|
|
+#include "dso.h"
|
|
+
|
|
+
|
|
+/*
|
|
+ * setransd_open
|
|
+ *
|
|
+ * This function opens a socket to the setransd.
|
|
+ * Returns: on success, a file descriptor ( >= 0 ) to the socket
|
|
+ * on error, a negative value
|
|
+ */
|
|
+static int
|
|
+setransd_open(void)
|
|
+{
|
|
+ struct sockaddr_un addr;
|
|
+ int fd;
|
|
+
|
|
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
|
|
+ if (fd < 0) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ memset(&addr, 0, sizeof(addr));
|
|
+ addr.sun_family = AF_UNIX;
|
|
+ strcpy(addr.sun_path, SETRANS_UNIX_SOCKET);
|
|
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
|
|
+ close(fd);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ return fd;
|
|
+}
|
|
+
|
|
+/* Returns: 0 on success, <0 on failure */
|
|
+static int
|
|
+send_request(int fd, uint32_t function, const char *data1, const char *data2)
|
|
+{
|
|
+ struct iovec req_hdr[4];
|
|
+ uint32_t data1_size;
|
|
+ uint32_t data2_size;
|
|
+ struct iovec req_data[2];
|
|
+ ssize_t count;
|
|
+
|
|
+ if (fd < 0)
|
|
+ return -1;
|
|
+
|
|
+ if (!data1)
|
|
+ data1 = "";
|
|
+ if (!data2)
|
|
+ data2 = "";
|
|
+
|
|
+ data1_size = strlen(data1) + 1;
|
|
+ data2_size = strlen(data2) + 1;
|
|
+
|
|
+ req_hdr[0].iov_base = &function;
|
|
+ req_hdr[0].iov_len = sizeof(function);
|
|
+ req_hdr[1].iov_base = &data1_size;
|
|
+ req_hdr[1].iov_len = sizeof(data1_size);
|
|
+ req_hdr[2].iov_base = &data2_size;
|
|
+ req_hdr[2].iov_len = sizeof(data2_size);
|
|
+
|
|
+ while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR));
|
|
+ if (count != (sizeof(function) + sizeof(data1_size) +
|
|
+ sizeof(data2_size) )) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ req_data[0].iov_base = (char *)data1;
|
|
+ req_data[0].iov_len = data1_size;
|
|
+ req_data[1].iov_base = (char *)data2;
|
|
+ req_data[1].iov_len = data2_size;
|
|
+
|
|
+ while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR));
|
|
+ if (count < 0 || (uint32_t)count != (data1_size + data2_size)) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+/* Returns: 0 on success, <0 on failure */
|
|
+static int
|
|
+receive_response(int fd, uint32_t function, char **outdata, int32_t *ret_val)
|
|
+{
|
|
+ struct iovec resp_hdr[3];
|
|
+ uint32_t func;
|
|
+ uint32_t data_size;
|
|
+ char *data;
|
|
+ struct iovec resp_data;
|
|
+ ssize_t count;
|
|
+
|
|
+ if (fd < 0)
|
|
+ return -1;
|
|
+
|
|
+ resp_hdr[0].iov_base = &func;
|
|
+ resp_hdr[0].iov_len = sizeof(func);
|
|
+ resp_hdr[1].iov_base = &data_size;
|
|
+ resp_hdr[1].iov_len = sizeof(data_size);
|
|
+ resp_hdr[2].iov_base = ret_val;
|
|
+ resp_hdr[2].iov_len = sizeof(*ret_val);
|
|
+
|
|
+ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR));
|
|
+ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (func != function || !data_size) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ data = malloc(data_size);
|
|
+ if (!data) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ resp_data.iov_base = data;
|
|
+ resp_data.iov_len = data_size;
|
|
+
|
|
+ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR));
|
|
+ if (count < 0 || (uint32_t)count != data_size || data[data_size - 1] != '\0') {
|
|
+ free(data);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ *outdata = data;
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int raw_to_trans_context(char *raw, char **transp)
|
|
+{
|
|
+ int ret;
|
|
+ int32_t ret_val;
|
|
+ int fd;
|
|
+
|
|
+ *transp = NULL;
|
|
+
|
|
+ fd = setransd_open();
|
|
+ if (fd < 0)
|
|
+ return fd;
|
|
+
|
|
+ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
|
|
+ if (ret)
|
|
+ goto out;
|
|
+
|
|
+ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
|
|
+ if (ret)
|
|
+ goto out;
|
|
+
|
|
+ ret = ret_val;
|
|
+out:
|
|
+ close(fd);
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+static int trans_to_raw_context(char *trans, char **rawp)
|
|
+{
|
|
+ int ret;
|
|
+ int32_t ret_val;
|
|
+ int fd;
|
|
+
|
|
+ *rawp = NULL;
|
|
+
|
|
+ fd = setransd_open();
|
|
+ if (fd < 0)
|
|
+ return fd;
|
|
+ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
|
|
+ if (ret)
|
|
+ goto out;
|
|
+
|
|
+ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
|
|
+ if (ret)
|
|
+ goto out;
|
|
+
|
|
+ ret = ret_val;
|
|
+out:
|
|
+ close(fd);
|
|
+ return ret_val;
|
|
+}
|
|
+
|
|
+
|
|
+int
|
|
+init_context_translations(void)
|
|
+{
|
|
+ int ret, fd;
|
|
+ int32_t ret_val;
|
|
+ char *out = NULL;
|
|
+
|
|
+ fd = setransd_open();
|
|
+ if (fd < 0)
|
|
+ return fd;
|
|
+
|
|
+ ret = send_request(fd, SETRANS_INIT, NULL, NULL);
|
|
+ if (ret)
|
|
+ goto out;
|
|
+
|
|
+ ret = receive_response(fd, SETRANS_INIT, &out, &ret_val);
|
|
+ free(out);
|
|
+ if (!ret)
|
|
+ ret = ret_val;
|
|
+out:
|
|
+ close(fd);
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+
|
|
+int selinux_trans_to_raw_context(security_context_t trans,
|
|
+ security_context_t *rawp)
|
|
+{
|
|
+ if (!trans) {
|
|
+ *rawp = NULL;
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (trans_to_raw_context(trans, rawp))
|
|
+ *rawp = strdup(trans);
|
|
+ return *rawp ? 0 : -1;
|
|
+}
|
|
+
|
|
+int selinux_raw_to_trans_context(security_context_t raw,
|
|
+ security_context_t *transp)
|
|
+{
|
|
+ if (!raw) {
|
|
+ *transp = NULL;
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (raw_to_trans_context(raw, transp))
|
|
+ *transp = strdup(raw);
|
|
+
|
|
+ return *transp ? 0 : -1;
|
|
+}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.3/src/setrans_internal.h
|
|
--- nsalibselinux/src/setrans_internal.h 1969-12-31 19:00:00.000000000 -0500
|
|
+++ libselinux-1.30.3/src/setrans_internal.h 2006-05-03 09:18:19.000000000 -0400
|
|
@@ -0,0 +1,8 @@
|
|
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
|
|
+
|
|
+#define SETRANS_UNIX_SOCKET "/var/.setrans-unix"
|
|
+
|
|
+#define SETRANS_INIT 1
|
|
+#define RAW_TO_TRANS_CONTEXT 2
|
|
+#define TRANS_TO_RAW_CONTEXT 3
|
|
+
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.30.3/src/trans.c
|
|
--- nsalibselinux/src/trans.c 2005-08-31 12:33:10.000000000 -0400
|
|
+++ libselinux-1.30.3/src/trans.c 1969-12-31 19:00:00.000000000 -0500
|
|
@@ -1,59 +0,0 @@
|
|
-#include "selinux_internal.h"
|
|
-#include <string.h>
|
|
-
|
|
-int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden;
|
|
-int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden;
|
|
-
|
|
-int hidden trans_to_raw_context(char *trans, char **rawp)
|
|
-{
|
|
- *rawp = NULL;
|
|
- if (!trans)
|
|
- return 0;
|
|
-
|
|
- if (trans && lib_trans_to_raw_context(trans, rawp))
|
|
- *rawp = strdup(trans);
|
|
-
|
|
- return *rawp ? 0 : -1;
|
|
-}
|
|
-
|
|
-int selinux_trans_to_raw_context(security_context_t trans,
|
|
- security_context_t *rawp)
|
|
-{
|
|
- if (context_translations)
|
|
- return trans_to_raw_context(trans, rawp);
|
|
-
|
|
- if (!trans) {
|
|
- *rawp = NULL;
|
|
- return 0;
|
|
- }
|
|
-
|
|
- *rawp = strdup(trans);
|
|
- return *rawp ? 0 : -1;
|
|
-}
|
|
-
|
|
-int hidden raw_to_trans_context(char *raw, char **transp)
|
|
-{
|
|
- *transp = NULL;
|
|
- if (!raw)
|
|
- return 0;
|
|
-
|
|
- if (raw && lib_raw_to_trans_context(raw, transp))
|
|
- *transp = strdup(raw);
|
|
-
|
|
- return *transp ? 0 : -1;
|
|
-}
|
|
-
|
|
-int selinux_raw_to_trans_context(security_context_t raw,
|
|
- security_context_t *transp)
|
|
-{
|
|
- if (context_translations)
|
|
- return raw_to_trans_context(raw, transp);
|
|
-
|
|
- if (!raw) {
|
|
- *transp = NULL;
|
|
- return 0;
|
|
- }
|
|
-
|
|
- *transp = strdup(raw);
|
|
- return *transp ? 0 : -1;
|
|
-}
|