/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
 * selinux.c
 *
 * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
 */
#include "mkfs.h"

#define XATTR_NAME_SELINUX "security.selinux"
#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0"

#ifdef WITH_SELINUX
int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr,
			 tree_node_t *node, const char *path)
{
	char *context = NULL;
	int ret;

	if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
		context = strdup(XATTR_VALUE_SELINUX);
		if (context == NULL)
			goto fail;
	}

	ret = sqfs_xattr_writer_add(xwr, XATTR_NAME_SELINUX,
				    context, strlen(context));
	free(context);

	if (ret)
		sqfs_perror(node->name, "storing SELinux xattr", ret);

	return ret;
fail:
	perror("relabeling files");
	return -1;
}

void *selinux_open_context_file(const char *filename)
{
	struct selabel_handle *sehnd;
	struct selinux_opt seopts[] = {
		{ SELABEL_OPT_PATH, filename },
	};

	sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
	if (sehnd == NULL)
		perror(filename);

	return sehnd;
}

void selinux_close_context_file(void *sehnd)
{
	selabel_close(sehnd);
}
#else
int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr,
			 tree_node_t *node, const char *path)
{
	(void)sehnd; (void)xwr; (void)node; (void)path;
	fputs("Built without SELinux support, cannot add SELinux labels\n",
	      stderr);
	return -1;
}

void *selinux_open_context_file(const char *filename)
{
	(void)filename;
	fputs("Built without SELinux support, cannot open contexts file\n",
	      stderr);
	return NULL;
}

void selinux_close_context_file(void *sehnd)
{
	(void)sehnd;
}
#endif