diff options
Diffstat (limited to 'selinux.c')
-rw-r--r-- | selinux.c | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/selinux.c b/selinux.c deleted file mode 100644 index 2811a9b80..000000000 --- a/selinux.c +++ /dev/null | |||
@@ -1,95 +0,0 @@ | |||
1 | #include "includes.h" | ||
2 | #include "auth.h" | ||
3 | #include "log.h" | ||
4 | |||
5 | #ifdef WITH_SELINUX | ||
6 | #include <selinux/selinux.h> | ||
7 | #include <selinux/flask.h> | ||
8 | #include <selinux/context.h> | ||
9 | #include <selinux/get_context_list.h> | ||
10 | #include <selinux/get_default_type.h> | ||
11 | |||
12 | extern Authctxt *the_authctxt; | ||
13 | |||
14 | static const security_context_t | ||
15 | selinux_get_user_context(const char *name) | ||
16 | { | ||
17 | security_context_t user_context=NULL; | ||
18 | char *role=NULL; | ||
19 | int ret = -1; | ||
20 | char *seuser=NULL; | ||
21 | char *level=NULL; | ||
22 | |||
23 | if (the_authctxt) | ||
24 | role=the_authctxt->role; | ||
25 | if (getseuserbyname(name, &seuser, &level)==0) { | ||
26 | if (role != NULL && role[0]) | ||
27 | ret=get_default_context_with_rolelevel(seuser, role, level,NULL, | ||
28 | &user_context); | ||
29 | else | ||
30 | ret=get_default_context_with_level(seuser, level, NULL,&user_context); | ||
31 | } | ||
32 | if ( ret < 0 ) { | ||
33 | if (security_getenforce() > 0) | ||
34 | fatal("Failed to get default security context for %s.", | ||
35 | name); | ||
36 | else | ||
37 | error("Failed to get default security context for %s." | ||
38 | "Continuing in permissive mode", | ||
39 | name); | ||
40 | } | ||
41 | return user_context; | ||
42 | } | ||
43 | |||
44 | void | ||
45 | setup_selinux_pty(const char *name, const char *tty) | ||
46 | { | ||
47 | if (is_selinux_enabled() > 0) { | ||
48 | security_context_t new_tty_context=NULL, user_context=NULL, old_tty_context=NULL; | ||
49 | |||
50 | user_context=selinux_get_user_context(name); | ||
51 | |||
52 | if (getfilecon(tty, &old_tty_context) < 0) { | ||
53 | error("getfilecon(%.100s) failed: %.100s", | ||
54 | tty, strerror(errno)); | ||
55 | } else { | ||
56 | if (security_compute_relabel(user_context,old_tty_context, | ||
57 | SECCLASS_CHR_FILE, &new_tty_context) != 0) { | ||
58 | error("security_compute_relabel(%.100s) failed: " | ||
59 | "%.100s", tty, strerror(errno)); | ||
60 | } else { | ||
61 | if (setfilecon (tty, new_tty_context) != 0) | ||
62 | error("setfilecon(%.100s, %s) failed: %.100s", | ||
63 | tty, new_tty_context, strerror(errno)); | ||
64 | freecon(new_tty_context); | ||
65 | } | ||
66 | freecon(old_tty_context); | ||
67 | } | ||
68 | if (user_context) { | ||
69 | freecon(user_context); | ||
70 | } | ||
71 | } | ||
72 | } | ||
73 | |||
74 | void | ||
75 | setup_selinux_exec_context(char *name) | ||
76 | { | ||
77 | |||
78 | if (is_selinux_enabled() > 0) { | ||
79 | security_context_t user_context=selinux_get_user_context(name); | ||
80 | if (setexeccon(user_context)) { | ||
81 | if (security_getenforce() > 0) | ||
82 | fatal("Failed to set exec security context %s for %s.", | ||
83 | user_context, name); | ||
84 | else | ||
85 | error("Failed to set exec security context %s for %s. " | ||
86 | "Continuing in permissive mode", | ||
87 | user_context, name); | ||
88 | } | ||
89 | if (user_context) { | ||
90 | freecon(user_context); | ||
91 | } | ||
92 | } | ||
93 | } | ||
94 | |||
95 | #endif /* WITH_SELINUX */ | ||