summaryrefslogtreecommitdiff
path: root/mkfs/selinux.c
blob: a4cda71d1a0440a6a373f4aefeb181cc7e9fe860 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
 * selinux.c
 *
 * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
 */
#include "mkfs.h"

#define XATTR_NAME_SELINUX "security.selinux"
#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0"

#ifdef WITH_SELINUX
int selinux_relable_node(void *sehnd, fstree_t *fs,
			 tree_node_t *node, const char *path)
{
	char *context = NULL;
	int ret;

	if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
		context = strdup(XATTR_VALUE_SELINUX);
		if (context == NULL)
			goto fail;
	}

	ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context);
	free(context);
	return ret;
fail:
	perror("relabeling files");
	return -1;
}

void *selinux_open_context_file(const char *filename)
{
	struct selabel_handle *sehnd;
	struct selinux_opt seopts[] = {
		{ SELABEL_OPT_PATH, filename },
	};

	sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
	if (sehnd == NULL)
		perror(filename);

	return sehnd;
}

void selinux_close_context_file(void *sehnd)
{
	selabel_close(sehnd);
}
#else
int selinux_relable_node(void *sehnd, fstree_t *fs,
			 tree_node_t *node, const char *path)
{
	(void)sehnd; (void)fs; (void)node; (void)path;
	fputs("Built without SELinux support, cannot add SELinux labels\n",
	      stderr);
	return -1;
}

void *selinux_open_context_file(const char *filename)
{
	(void)filename;
	fputs("Built without SELinux support, cannot open contexts file\n",
	      stderr);
	return NULL;
}

void selinux_close_context_file(void *sehnd)
{
	(void)sehnd;
}
#endif