rpm  5.4.14
rpmsx.c
Go to the documentation of this file.
1 
5 #include "system.h"
6 
7 #if defined(WITH_SELINUX)
8 #include <selinux/selinux.h>
9 #if defined(__LCLINT__)
10 /*@-incondefs@*/
11 extern void freecon(/*@only@*/ security_context_t con)
12  /*@modifies con @*/;
13 
14 extern int getfilecon(const char *path, /*@out@*/ security_context_t *con)
15  /*@modifies *con @*/;
16 extern int lgetfilecon(const char *path, /*@out@*/ security_context_t *con)
17  /*@modifies *con @*/;
18 extern int fgetfilecon(int fd, /*@out@*/ security_context_t *con)
19  /*@modifies *con @*/;
20 
21 extern int setfilecon(const char *path, security_context_t con)
22  /*@globals fileSystem @*/
23  /*@modifies fileSystem @*/;
24 extern int lsetfilecon(const char *path, security_context_t con)
25  /*@globals fileSystem @*/
26  /*@modifies fileSystem @*/;
27 extern int fsetfilecon(int fd, security_context_t con)
28  /*@globals fileSystem @*/
29  /*@modifies fileSystem @*/;
30 
31 extern int getcon(/*@out@*/ security_context_t *con)
32  /*@modifies *con @*/;
33 extern int getexeccon(/*@out@*/ security_context_t *con)
34  /*@modifies *con @*/;
35 extern int setexeccon(security_context_t con)
36  /*@globals fileSystem @*/
37  /*@modifies fileSystem @*/;
38 
39 extern int security_check_context(security_context_t con)
40  /*@globals fileSystem @*/
41  /*@modifies fileSystem @*/;
42 extern int security_getenforce(void)
43  /*@globals fileSystem @*/
44  /*@modifies fileSystem @*/;
45 
46 extern int is_selinux_enabled(void)
47  /*@globals fileSystem @*/
48  /*@modifies fileSystem @*/;
49 /*@=incondefs@*/
50 #endif
51 #endif
52 
53 #define _RPMSX_INTERNAL
54 #include <rpmsx.h>
55 #include <rpmlog.h>
56 #include <rpmmacro.h>
57 
58 #include "debug.h"
59 
60 /*@unchecked@*/
61 int _rpmsx_debug = 0;
62 
63 /*@unchecked@*/ /*@relnull@*/
65 
66 static void rpmsxFini(void * _sx)
67  /*@globals fileSystem @*/
68  /*@modifies *_sx, fileSystem @*/
69 {
70  rpmsx sx = (rpmsx) _sx;
71 
72 #if defined(WITH_SELINUX)
73  if (sx->fn)
74  matchpathcon_fini();
75 #endif
76  sx->flags = 0;
77  sx->fn = _free(sx->fn);
78 }
79 
80 /*@unchecked@*/ /*@only@*/ /*@null@*/
82 
83 static rpmsx rpmsxGetPool(/*@null@*/ rpmioPool pool)
84  /*@globals _rpmsxPool, fileSystem @*/
85  /*@modifies pool, _rpmsxPool, fileSystem @*/
86 {
87  rpmsx sx;
88 
89  if (_rpmsxPool == NULL) {
90  _rpmsxPool = rpmioNewPool("sx", sizeof(*sx), -1, _rpmsx_debug,
91  NULL, NULL, rpmsxFini);
92  pool = _rpmsxPool;
93  }
94  return (rpmsx) rpmioGetPool(pool, sizeof(*sx));
95 }
96 
97 rpmsx rpmsxNew(const char * fn, unsigned int flags)
98 {
99  rpmsx sx = rpmsxGetPool(_rpmsxPool);
100 
101  sx->fn = NULL;
102  sx->flags = flags;
103 
104 #if defined(WITH_SELINUX)
105  if (fn == NULL)
106  fn = selinux_file_context_path();
107  if (sx->flags)
108  set_matchpathcon_flags(sx->flags);
109  { int rc;
110  sx->fn = rpmGetPath(fn, NULL);
111  rc = matchpathcon_init(sx->fn);
112  /* If matchpathcon_init fails, turn off SELinux functionality. */
113  if (rc < 0)
114  sx->fn = _free(sx->fn);
115  }
116 #endif
117  return rpmsxLink(sx);
118 }
119 
120 /*@unchecked@*/ /*@null@*/
121 static const char * _rpmsxI_fn;
122 /*@unchecked@*/
123 static int _rpmsxI_flags;
124 
125 static rpmsx rpmsxI(void)
126  /*@globals _rpmsxI @*/
127  /*@modifies _rpmsxI @*/
128 {
129  if (_rpmsxI == NULL)
131  return _rpmsxI;
132 }
133 
134 int rpmsxEnabled(/*@null@*/ rpmsx sx)
135 {
136  static int rc = 0;
137 #if defined(WITH_SELINUX)
138  static int oneshot = 0;
139 
140  if (!oneshot) {
141  rc = is_selinux_enabled();
142 if (_rpmsx_debug)
143 fprintf(stderr, "<-- %s(%p) rc %d\n", __FUNCTION__, sx, rc);
144  oneshot++;
145  }
146 #endif
147 
148  return rc;
149 }
150 
151 const char * rpmsxMatch(rpmsx sx, const char *fn, mode_t mode)
152 {
153  const char * scon = NULL;
154 
155  if (sx == NULL) sx = rpmsxI();
156 
157 #if defined(WITH_SELINUX)
158  if (sx->fn) {
159  static char nocon[] = "";
160  int rc = matchpathcon(fn, mode, (security_context_t *)&scon);
161  if (rc < 0)
162  scon = xstrdup(nocon);
163  }
164 #endif
165 
166 if (_rpmsx_debug < 0 || (_rpmsx_debug > 0 && scon != NULL && *scon != '\0' &&strcmp("(null)", scon)))
167 fprintf(stderr, "<-- %s(%p,%s,0%o) \"%s\"\n", __FUNCTION__, sx, fn, mode, scon);
168  return scon;
169 }
170 
171 const char * rpmsxGetfilecon(rpmsx sx, const char *fn)
172 {
173  const char * scon = NULL;
174 
175  if (sx == NULL) sx = rpmsxI();
176 
177 if (_rpmsx_debug)
178 fprintf(stderr, "--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn);
179 
180 #if defined(WITH_SELINUX)
181  if (sx->fn && fn) {
182  security_context_t _con = NULL;
183  int rc = getfilecon(fn, &_con);
184  if (rc > 0 && _con != NULL)
185  scon = (const char *) _con;
186  else
187  freecon(_con);
188  }
189 #endif
190 
191 if (_rpmsx_debug)
192 fprintf(stderr, "<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon);
193  return scon;
194 }
195 
196 int rpmsxSetfilecon(rpmsx sx, const char *fn, mode_t mode,
197  const char * scon)
198 {
199  int rc = 0;
200 
201  if (sx == NULL) sx = rpmsxI();
202 
203 if (_rpmsx_debug)
204 fprintf(stderr, "--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn);
205 
206 #if defined(WITH_SELINUX)
207  if (sx->fn) {
208  security_context_t _con = (security_context_t)
209  (scon ? scon : rpmsxMatch(sx, fn, mode));
210  rc = setfilecon(fn, _con);
211  if (scon == NULL) { /* XXX free lazy rpmsxMatch() string */
212  freecon(_con);
213  _con = NULL;
214  }
215  }
216 #endif
217 
218 if (_rpmsx_debug)
219 fprintf(stderr, "<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc);
220  return rc;
221 }
222 
223 const char * rpmsxLgetfilecon(rpmsx sx, const char *fn)
224 {
225  const char * scon = NULL;
226 
227  if (sx == NULL) sx = rpmsxI();
228 
229 if (_rpmsx_debug)
230 fprintf(stderr, "--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn);
231 
232 #if defined(WITH_SELINUX)
233  if (sx->fn && fn) {
234  security_context_t _con = NULL;
235  int rc = lgetfilecon(fn, &_con);
236  if (rc > 0 && _con != NULL)
237  scon = (const char *) _con;
238  else
239  freecon(_con);
240  }
241 #endif
242 
243 if (_rpmsx_debug)
244 fprintf(stderr, "<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon);
245  return scon;
246 }
247 
248 int rpmsxLsetfilecon(rpmsx sx, const char *fn, mode_t mode,
249  const char * scon)
250 {
251  int rc = 0;
252 
253  if (sx == NULL) sx = rpmsxI();
254 
255 if (_rpmsx_debug)
256 fprintf(stderr, "--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn);
257 
258 #if defined(WITH_SELINUX)
259  if (sx->fn) {
260  security_context_t _con = (security_context_t)
261  (scon ? scon : rpmsxMatch(sx, fn, mode));
262  rc = lsetfilecon(fn, _con);
263  if (scon == NULL) { /* XXX free lazy rpmsxMatch() string */
264  freecon(_con);
265  _con = NULL;
266  }
267  }
268 #endif
269 
270 if (_rpmsx_debug)
271 fprintf(stderr, "<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc);
272  return rc;
273 }
274 
275 int rpmsxExec(rpmsx sx, int verified, const char ** argv)
276 {
277  int rc = -1;
278 
279  if (sx == NULL) sx = rpmsxI();
280 
281 if (_rpmsx_debug)
282 fprintf(stderr, "--> %s(%p,%d,%p)\n", __FUNCTION__, sx, verified, argv);
283 
284 #if defined(WITH_SELINUX)
285  rc = rpm_execcon(verified, argv[0], (char *const *)argv, environ);
286 #endif
287 
288 if (_rpmsx_debug)
289 fprintf(stderr, "<-- %s(%p,%d,%p) rc %d\n", __FUNCTION__, sx, verified, argv, rc);
290  return rc;
291 }
int _rpmsx_debug
Definition: rpmsx.c:61
static rpmsx rpmsxGetPool(rpmioPool pool)
Definition: rpmsx.c:83
const char * rpmsxGetfilecon(rpmsx sx, const char *fn)
Get security context for a file.
Definition: rpmsx.c:171
int rpmsxLsetfilecon(rpmsx sx, const char *fn, mode_t mode, const char *scon)
Definition: rpmsx.c:248
char * xstrdup(const char *str)
Definition: rpmmalloc.c:321
rpmioPool _rpmsxPool
Definition: rpmsx.c:81
char * rpmGetPath(const char *path,...)
Return (malloc&#39;ed) expanded, canonicalized, file path.
Definition: macro.c:3371
rpmsx _rpmsxI
Definition: rpmsx.c:64
const char * rpmsxLgetfilecon(rpmsx sx, const char *fn)
Definition: rpmsx.c:223
int rc
Definition: poptALL.c:670
char ** environ
int rpmsxEnabled(rpmsx sx)
Return SELinux enabled state.
Definition: rpmsx.c:134
argv
Definition: rpmmtree.c:3679
static PyObject *char * mode
Definition: rpmfd-py.c:115
Yet Another syslog(3) API clone.
static const char * _rpmsxI_fn
Definition: rpmsx.c:121
rpmioItem rpmioGetPool(rpmioPool pool, size_t size)
Get unused item from pool, or alloc a new item.
Definition: rpmmalloc.c:220
fprintf(stderr,"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, rsactx, sig, sigp)
static void rpmsxFini(void *_sx)
Definition: rpmsx.c:66
static rpmsx rpmsxI(void)
Definition: rpmsx.c:125
int rpmsxExec(rpmsx sx, int verified, const char **argv)
Execute a package scriptlet within SELinux context.
Definition: rpmsx.c:275
node fd
Definition: rpmfd-py.c:124
struct rpmsx_s * rpmsx
Definition: rpmsx.h:11
rpmsx rpmsxLink(rpmsx sx)
Reference a SELinux wrapper instance.
return strcmp(ame->name, bme->name)
char * path
Definition: poptALL.c:744
rpmioPool rpmioNewPool(const char *name, size_t size, int limit, int flags, char *(*dbg)(void *item), void(*init)(void *item), void(*fini)(void *item))
Create a memory pool.
Definition: rpmmalloc.c:109
int flags
Definition: fnmatch.c:282
rpmsx rpmsxNew(const char *fn, unsigned int flags)
Create and load a SELinux wrapper.
Definition: rpmsx.c:97
return NULL
Definition: poptALL.c:613
int rpmsxSetfilecon(rpmsx sx, const char *fn, mode_t mode, const char *scon)
Set security context for a file.
Definition: rpmsx.c:196
const char * rpmsxMatch(rpmsx sx, const char *fn, mode_t mode)
Return security context for a file.
Definition: rpmsx.c:151
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Definition: rpmiotypes.h:647
size_t fn
Definition: macro.c:1698
static int _rpmsxI_flags
Definition: rpmsx.c:123