2b22a6909d
Closes #325 Add a new subid_init() function which can be used to specify the stream on which error messages should be printed. (If you want to get fancy you can redirect that to memory :) If subid_init() is not called, use stderr. If NULL is passed, then /dev/null will be used. This patch also fixes up the 'Prog', which previously had to be defined by any program linking against libsubid. Now, by default in libsubid it will show (subid). Once subid_init() is called, it will use the first variable passed to subid_init(). Signed-off-by: Serge Hallyn <serge@hallyn.com>
227 lines
6.1 KiB
C
227 lines
6.1 KiB
C
/*
|
|
* Copyright (c) 2011 , Peter Vrabec <pvrabec@redhat.com>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. The name of the copyright holders or contributors may not be used to
|
|
* endorse or promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#ifdef WITH_SELINUX
|
|
|
|
#include <stdio.h>
|
|
#include "defines.h"
|
|
|
|
#include <selinux/selinux.h>
|
|
#include <selinux/label.h>
|
|
#include "prototypes.h"
|
|
|
|
static bool selinux_checked = false;
|
|
static bool selinux_enabled;
|
|
static /*@null@*/struct selabel_handle *selabel_hnd = NULL;
|
|
|
|
static void cleanup(void)
|
|
{
|
|
if (selabel_hnd) {
|
|
selabel_close(selabel_hnd);
|
|
selabel_hnd = NULL;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* set_selinux_file_context - Set the security context before any file or
|
|
* directory creation.
|
|
*
|
|
* set_selinux_file_context () should be called before any creation
|
|
* of file, symlink, directory, ...
|
|
*
|
|
* Callers may have to Reset SELinux to create files with default
|
|
* contexts with reset_selinux_file_context
|
|
*/
|
|
int set_selinux_file_context (const char *dst_name, mode_t mode)
|
|
{
|
|
if (!selinux_checked) {
|
|
selinux_enabled = is_selinux_enabled () > 0;
|
|
selinux_checked = true;
|
|
}
|
|
|
|
if (selinux_enabled) {
|
|
/* Get the default security context for this file */
|
|
|
|
/*@null@*/char *fcontext_raw = NULL;
|
|
int r;
|
|
|
|
if (selabel_hnd == NULL) {
|
|
selabel_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
|
if (selabel_hnd == NULL) {
|
|
return security_getenforce () != 0;
|
|
}
|
|
(void) atexit(cleanup);
|
|
}
|
|
|
|
r = selabel_lookup_raw(selabel_hnd, &fcontext_raw, dst_name, mode);
|
|
if (r < 0) {
|
|
/* No context specified for the searched path */
|
|
if (errno == ENOENT) {
|
|
return 0;
|
|
}
|
|
|
|
return security_getenforce () != 0;
|
|
}
|
|
|
|
/* Set the security context for the next created file */
|
|
r = setfscreatecon_raw (fcontext_raw);
|
|
freecon (fcontext_raw);
|
|
if (r < 0) {
|
|
return security_getenforce () != 0;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* reset_selinux_file_context - Reset the security context to the default
|
|
* policy behavior
|
|
*
|
|
* reset_selinux_file_context () should be called after the context
|
|
* was changed with set_selinux_file_context ()
|
|
*/
|
|
int reset_selinux_file_context (void)
|
|
{
|
|
if (!selinux_checked) {
|
|
selinux_enabled = is_selinux_enabled () > 0;
|
|
selinux_checked = true;
|
|
}
|
|
if (selinux_enabled) {
|
|
if (setfscreatecon_raw (NULL) != 0) {
|
|
return security_getenforce () != 0;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Log callback for libselinux internal error reporting.
|
|
*/
|
|
__attribute__((__format__ (printf, 2, 3)))
|
|
static int selinux_log_cb (int type, const char *fmt, ...) {
|
|
va_list ap;
|
|
char *buf;
|
|
int r;
|
|
#ifdef WITH_AUDIT
|
|
static int selinux_audit_fd = -2;
|
|
#endif
|
|
|
|
va_start (ap, fmt);
|
|
r = vasprintf (&buf, fmt, ap);
|
|
va_end (ap);
|
|
|
|
if (r < 0) {
|
|
return 0;
|
|
}
|
|
|
|
#ifdef WITH_AUDIT
|
|
if (-2 == selinux_audit_fd) {
|
|
selinux_audit_fd = audit_open ();
|
|
|
|
if (-1 == selinux_audit_fd) {
|
|
/* You get these only when the kernel doesn't have
|
|
* audit compiled in. */
|
|
if ( (errno != EINVAL)
|
|
&& (errno != EPROTONOSUPPORT)
|
|
&& (errno != EAFNOSUPPORT)) {
|
|
|
|
(void) fputs (_("Cannot open audit interface.\n"),
|
|
shadow_logfd);
|
|
SYSLOG ((LOG_WARN, "Cannot open audit interface."));
|
|
}
|
|
}
|
|
}
|
|
|
|
if (-1 != selinux_audit_fd) {
|
|
if (SELINUX_AVC == type) {
|
|
if (audit_log_user_avc_message (selinux_audit_fd,
|
|
AUDIT_USER_AVC, buf, NULL, NULL,
|
|
NULL, 0) > 0) {
|
|
goto skip_syslog;
|
|
}
|
|
} else if (SELINUX_ERROR == type) {
|
|
if (audit_log_user_avc_message (selinux_audit_fd,
|
|
AUDIT_USER_SELINUX_ERR, buf, NULL, NULL,
|
|
NULL, 0) > 0) {
|
|
goto skip_syslog;
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
|
|
SYSLOG ((LOG_WARN, "libselinux: %s", buf));
|
|
|
|
skip_syslog:
|
|
free (buf);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* check_selinux_permit - Check whether SELinux grants the given
|
|
* operation
|
|
*
|
|
* Parameter is the SELinux permission name, e.g. rootok
|
|
*
|
|
* Returns 0 when permission is granted
|
|
* or something failed but running in
|
|
* permissive mode
|
|
*/
|
|
int check_selinux_permit (const char *perm_name)
|
|
{
|
|
char *user_context_raw;
|
|
int r;
|
|
|
|
if (0 == is_selinux_enabled ()) {
|
|
return 0;
|
|
}
|
|
|
|
selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) selinux_log_cb);
|
|
|
|
if (getprevcon_raw (&user_context_raw) != 0) {
|
|
fprintf (shadow_logfd,
|
|
_("%s: can not get previous SELinux process context: %s\n"),
|
|
Prog, strerror (errno));
|
|
SYSLOG ((LOG_WARN,
|
|
"can not get previous SELinux process context: %s",
|
|
strerror (errno)));
|
|
return (security_getenforce () != 0);
|
|
}
|
|
|
|
r = selinux_check_access (user_context_raw, user_context_raw, "passwd", perm_name, NULL);
|
|
freecon (user_context_raw);
|
|
return r;
|
|
}
|
|
|
|
#else /* !WITH_SELINUX */
|
|
extern int errno; /* warning: ANSI C forbids an empty source file */
|
|
#endif /* !WITH_SELINUX */
|