Incorporate Manoj's NMU:

* NMU to update SELinux patch, bringing it in line with current selinux releases. The patch for this NMU is simply the Bug#394795 patch, and no other changes. (closes: #394795)
author: Colin Watson <cjwatson@debian.org> 2006-10-27 10:42:44 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-10-27 10:42:44 +0000
commit: be6478d45d2d5c57bc30ca83d14b7b1ef6ed5ce6 (patch)
tree: 974beeb4ed8e9271133bbef823fb1ee14abf5262 /selinux.c
parent: bb9d3d577f24525d3d6835c15b35b89a33aa4b25 (diff)
1 files changed, 67 insertions, 83 deletions
diff --git a/selinux.c b/selinux.c
index 6625c71d8..2811a9b80 100644
--- a/selinux.c
+++ b/selinux.c
@@ -1,10 +1,8 @@
 #include "includes.h"
 #include "auth.h"
 #include "log.h"
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
 #include <selinux/flask.h>
 #include <selinux/context.h>
@@ -13,99 +11,85 @@
 extern Authctxt *the_authctxt;
-static security_context_t
+static const security_context_t 
 selinux_get_user_context(const char *name)
 {
-        security_context_t user_context = NULL;
+        security_context_t user_context=NULL;
-        char *role = NULL;
+        char *role=NULL;
-        int ret = 0;
+        int ret = -1;
+        char *seuser=NULL;
-        if (the_authctxt)
+        char *level=NULL;
-                role = the_authctxt->role;
-        if (role != NULL && role[0])
+        if (the_authctxt) 
-                ret = get_default_context_with_role(name, role, NULL,
+          role=the_authctxt->role;
-                    &user_context);
+        if (getseuserbyname(name, &seuser, &level)==0) {
-        else
+          if (role != NULL && role[0])
-                ret = get_default_context(name, NULL, &user_context);
+            ret=get_default_context_with_rolelevel(seuser, role, level,NULL,
-        if (ret < 0) {
+                                                   &user_context);
-                if (security_getenforce() > 0)
+          else
-                        fatal("Failed to get default security context for %s.",
+            ret=get_default_context_with_level(seuser, level, NULL,&user_context);
-                            name);
+        }
-                else
+        if ( ret < 0 ) {
-                        error("Failed to get default security context for %s. "
+          if (security_getenforce() > 0)
-                            "Continuing in permissive mode",
+            fatal("Failed to get default security context for %s.",
-                            name);
+                  name);
+          else
+            error("Failed to get default security context for %s."
+                  "Continuing in permissive mode",
+                  name);
        }
        return user_context;
 }
-void
+void 
 setup_selinux_pty(const char *name, const char *tty)
 {
-        security_context_t new_tty_context, user_context, old_tty_context;
+  if (is_selinux_enabled() > 0) {
+    security_context_t new_tty_context=NULL, user_context=NULL, old_tty_context=NULL;
-        if (is_selinux_enabled() <= 0)
-                return;
+    user_context=selinux_get_user_context(name);
-        new_tty_context = old_tty_context = NULL;
+    if (getfilecon(tty, &old_tty_context) < 0) {
-        user_context = selinux_get_user_context(name);
+      error("getfilecon(%.100s) failed: %.100s",
+            tty, strerror(errno));
-        if (getfilecon(tty, &old_tty_context) < 0) {
+    } else {
-                error("getfilecon(%.100s) failed: %.100s",
+      if (security_compute_relabel(user_context,old_tty_context,
-                    tty, strerror(errno));
+                                   SECCLASS_CHR_FILE, &new_tty_context) != 0) {
-        } else {
+        error("security_compute_relabel(%.100s) failed: "
-                if (security_compute_relabel(user_context, old_tty_context,
+              "%.100s", tty, strerror(errno));
-                    SECCLASS_CHR_FILE, &new_tty_context) != 0) {
+      } else {
-                        error("security_compute_relabel(%.100s) failed: "
+        if (setfilecon (tty, new_tty_context) != 0)
-                            "%.100s", tty, strerror(errno));
+          error("setfilecon(%.100s, %s) failed: %.100s",
-                } else {
+                tty, new_tty_context, strerror(errno));
-                        if (setfilecon(tty, new_tty_context) != 0)
+        freecon(new_tty_context);
-                                error("setfilecon(%.100s, %s) failed: %.100s",
+      }
-                                    tty, new_tty_context, strerror(errno));
+      freecon(old_tty_context);
-                        freecon(new_tty_context);
+    }
-                }
+    if (user_context) {
-                freecon(old_tty_context);
+      freecon(user_context);
-        }
+    }
-        if (user_context)
+  }
-                freecon(user_context);
-}
-void
-setup_selinux_exec_context(const char *name)
-{
-        security_context_t user_context;
-        if (is_selinux_enabled() <= 0)
-                return;
-        user_context = selinux_get_user_context(name);
-        if (setexeccon(user_context)) {
-                if (security_getenforce() > 0)
-                        fatal("Failed to set exec security context %s for %s.",
-                            user_context, name);
-                else
-                        error("Failed to set exec security context %s for %s. "
-                            "Continuing in permissive mode",
-                            user_context, name);
-        }
-        if (user_context)
-                freecon(user_context);
 }
-#else /* WITH_SELINUX */
+void 
+setup_selinux_exec_context(char *name)
-void
-setup_selinux_pty(const char *name, const char *tty)
 {
-        (void) name;
-        (void) tty;
-}
-void
+  if (is_selinux_enabled() > 0) {
-setup_selinux_exec_context(const char *name)
+    security_context_t user_context=selinux_get_user_context(name);
-{
+    if (setexeccon(user_context)) {
-        (void) name;
+      if (security_getenforce() > 0)
+        fatal("Failed to set exec security context %s for %s.",
+              user_context, name);
+      else
+        error("Failed to set exec security context %s for %s. "
+              "Continuing in permissive mode",
+              user_context, name);
+    }
+    if (user_context) {
+      freecon(user_context);
+    }
+  }
 }
 #endif /* WITH_SELINUX */
author	Colin Watson <cjwatson@debian.org>	2006-10-27 10:42:44 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-10-27 10:42:44 +0000
commit	be6478d45d2d5c57bc30ca83d14b7b1ef6ed5ce6 (patch)
tree	974beeb4ed8e9271133bbef823fb1ee14abf5262 /selinux.c
parent	bb9d3d577f24525d3d6835c15b35b89a33aa4b25 (diff)

diff --git a/selinux.c b/selinux.c index 6625c71d8..2811a9b80 100644 --- a/selinux.c +++ b/selinux.c
@@ -1,10 +1,8 @@
1	#include "includes.h"	1	#include "includes.h"
2
3	#include "auth.h"	2	#include "auth.h"
4	#include "log.h"	3	#include "log.h"
5		4
6	#ifdef WITH_SELINUX	5	#ifdef WITH_SELINUX
7
8	#include <selinux/selinux.h>	6	#include <selinux/selinux.h>
9	#include <selinux/flask.h>	7	#include <selinux/flask.h>
10	#include <selinux/context.h>	8	#include <selinux/context.h>
@@ -13,99 +11,85 @@
13		11
14	extern Authctxt *the_authctxt;	12	extern Authctxt *the_authctxt;
15		13
16	static security_context_t	14	static const security_context_t
17	selinux_get_user_context(const char *name)	15	selinux_get_user_context(const char *name)
18	{	16	{
19	security_context_t user_context = NULL;	17	security_context_t user_context=NULL;
20	char *role = NULL;	18	char *role=NULL;
21	int ret = 0;	19	int ret = -1;
22		20	char *seuser=NULL;
23	if (the_authctxt)	21	char *level=NULL;
24	role = the_authctxt->role;	22
25	if (role != NULL && role[0])	23	if (the_authctxt)
26	ret = get_default_context_with_role(name, role, NULL,	24	role=the_authctxt->role;
27	&user_context);	25	if (getseuserbyname(name, &seuser, &level)==0) {
28	else	26	if (role != NULL && role[0])
29	ret = get_default_context(name, NULL, &user_context);	27	ret=get_default_context_with_rolelevel(seuser, role, level,NULL,
30	if (ret < 0) {	28	&user_context);
31	if (security_getenforce() > 0)	29	else
32	fatal("Failed to get default security context for %s.",	30	ret=get_default_context_with_level(seuser, level, NULL,&user_context);
33	name);	31	}
34	else	32	if ( ret < 0 ) {
35	error("Failed to get default security context for %s. "	33	if (security_getenforce() > 0)
36	"Continuing in permissive mode",	34	fatal("Failed to get default security context for %s.",
37	name);	35	name);
		36	else
		37	error("Failed to get default security context for %s."
		38	"Continuing in permissive mode",
		39	name);
38	}	40	}
39	return user_context;	41	return user_context;
40	}	42	}
41		43
42	void	44	void
43	setup_selinux_pty(const char name, const char tty)	45	setup_selinux_pty(const char name, const char tty)
44	{	46	{
45	security_context_t new_tty_context, user_context, old_tty_context;	47	if (is_selinux_enabled() > 0) {
46		48	security_context_t new_tty_context=NULL, user_context=NULL, old_tty_context=NULL;
47	if (is_selinux_enabled() <= 0)	49
48	return;	50	user_context=selinux_get_user_context(name);
49		51
50	new_tty_context = old_tty_context = NULL;	52	if (getfilecon(tty, &old_tty_context) < 0) {
51	user_context = selinux_get_user_context(name);	53	error("getfilecon(%.100s) failed: %.100s",
52		54	tty, strerror(errno));
53	if (getfilecon(tty, &old_tty_context) < 0) {	55	} else {
54	error("getfilecon(%.100s) failed: %.100s",	56	if (security_compute_relabel(user_context,old_tty_context,
55	tty, strerror(errno));	57	SECCLASS_CHR_FILE, &new_tty_context) != 0) {
56	} else {	58	error("security_compute_relabel(%.100s) failed: "
57	if (security_compute_relabel(user_context, old_tty_context,	59	"%.100s", tty, strerror(errno));
58	SECCLASS_CHR_FILE, &new_tty_context) != 0) {	60	} else {
59	error("security_compute_relabel(%.100s) failed: "	61	if (setfilecon (tty, new_tty_context) != 0)
60	"%.100s", tty, strerror(errno));	62	error("setfilecon(%.100s, %s) failed: %.100s",
61	} else {	63	tty, new_tty_context, strerror(errno));
62	if (setfilecon(tty, new_tty_context) != 0)	64	freecon(new_tty_context);
63	error("setfilecon(%.100s, %s) failed: %.100s",	65	}
64	tty, new_tty_context, strerror(errno));	66	freecon(old_tty_context);
65	freecon(new_tty_context);	67	}
66	}	68	if (user_context) {
67	freecon(old_tty_context);	69	freecon(user_context);
68	}	70	}
69	if (user_context)	71	}
70	freecon(user_context);
71	}
72
73	void
74	setup_selinux_exec_context(const char *name)
75	{
76	security_context_t user_context;
77
78	if (is_selinux_enabled() <= 0)
79	return;
80
81	user_context = selinux_get_user_context(name);
82
83	if (setexeccon(user_context)) {
84	if (security_getenforce() > 0)
85	fatal("Failed to set exec security context %s for %s.",
86	user_context, name);
87	else
88	error("Failed to set exec security context %s for %s. "
89	"Continuing in permissive mode",
90	user_context, name);
91	}
92	if (user_context)
93	freecon(user_context);
94	}	72	}
95		73
96	#else /* WITH_SELINUX */	74	void
97		75	setup_selinux_exec_context(char *name)
98	void
99	setup_selinux_pty(const char name, const char tty)
100	{	76	{
101	(void) name;
102	(void) tty;
103	}
104		77
105	void	78	if (is_selinux_enabled() > 0) {
106	setup_selinux_exec_context(const char *name)	79	security_context_t user_context=selinux_get_user_context(name);
107	{	80	if (setexeccon(user_context)) {
108	(void) name;	81	if (security_getenforce() > 0)
		82	fatal("Failed to set exec security context %s for %s.",
		83	user_context, name);
		84	else
		85	error("Failed to set exec security context %s for %s. "
		86	"Continuing in permissive mode",
		87	user_context, name);
		88	}
		89	if (user_context) {
		90	freecon(user_context);
		91	}
		92	}
109	}	93	}
110		94
111	#endif /* WITH_SELINUX */	95	#endif /* WITH_SELINUX */