1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
* selinux.c
*
* Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
*/
#include "mkfs.h"
#define XATTR_NAME_SELINUX "security.selinux"
#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0"
#ifdef WITH_SELINUX
int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr,
tree_node_t *node, const char *path)
{
char *context = NULL;
int ret;
if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
context = strdup(XATTR_VALUE_SELINUX);
if (context == NULL)
goto fail;
}
ret = sqfs_xattr_writer_add(xwr, XATTR_NAME_SELINUX,
context, strlen(context));
free(context);
if (ret)
fputs("Error relabeling tree node\n", stderr);
return ret;
fail:
perror("relabeling files");
return -1;
}
void *selinux_open_context_file(const char *filename)
{
struct selabel_handle *sehnd;
struct selinux_opt seopts[] = {
{ SELABEL_OPT_PATH, filename },
};
sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
if (sehnd == NULL)
perror(filename);
return sehnd;
}
void selinux_close_context_file(void *sehnd)
{
selabel_close(sehnd);
}
#else
int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr,
tree_node_t *node, const char *path)
{
(void)sehnd; (void)xwr; (void)node; (void)path;
fputs("Built without SELinux support, cannot add SELinux labels\n",
stderr);
return -1;
}
void *selinux_open_context_file(const char *filename)
{
(void)filename;
fputs("Built without SELinux support, cannot open contexts file\n",
stderr);
return NULL;
}
void selinux_close_context_file(void *sehnd)
{
(void)sehnd;
}
#endif
|
