void selinux_access_free(void) { if (!initialized) return; avc_destroy(); initialized = false; }
/* Clean up the AVC before exiting. */ void nscd_avc_destroy (void) { avc_destroy (); #ifdef HAVE_LIBAUDIT audit_close (audit_fd); #endif }
void mac_selinux_access_free(void) { #ifdef HAVE_SELINUX if (!initialized) return; avc_destroy(); initialized = false; #endif }
void mselinux_fini(selinux_engine_t *se) { if (!se->config.selinux) return; if (se->thread > 0) { pthread_kill(se->thread, SIGKILL); pthread_join(se->thread, NULL); } avc_destroy(); }
bool mselinux_init(selinux_engine_t *se) { union selinux_callback selinux_cb; if (!se->config.selinux) return true; /* * Is the platform support SELinux? */ if (is_selinux_enabled() == 1) { se->info.features[se->info.num_features++].feature = ENGINE_FEATURE_ACCESS_CONTROL; } else { se->config.selinux = false; return true; } /* * Memcached callback */ se->server.callback->register_callback((ENGINE_HANDLE *)se, ON_CONNECT, mselinux_on_connect, se); /* * Set up userspace access vector */ if (avc_init(NULL, NULL, &avc_log_cb, NULL, &avc_lock_cb) < 0) return false; selinux_cb.func_policyload = mavc_cb_policyload; selinux_set_callback(SELINUX_CB_POLICYLOAD, selinux_cb); mavc_cb_policyload(0); if (pthread_create(&se->thread, NULL, mavc_netlink_worker, NULL) != 0) { avc_destroy(); return false; } return true; }
/* Function must be called once to initialize the SELinux AVC environment. Sets up callbacks. If you want to cleanup memory you should need to call selinux_access_finish. */ static int access_init(void) { int r = 0; if (avc_open(NULL, 0)) return log_error_errno(errno, "avc_open() failed: %m"); selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) audit_callback); selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) log_callback); if (security_getenforce() < 0){ r = -errno; avc_destroy(); } return r; }
/* Function must be called once to initialize the SELinux AVC environment. Sets up callbacks. If you want to cleanup memory you should need to call selinux_access_finish. */ static int access_init(void) { int r; if (avc_open(NULL, 0)) { log_error("avc_open() failed: %m"); return -errno; } selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) audit_callback); selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) log_callback); if (security_getenforce() >= 0) return 0; r = -errno; avc_destroy(); return r; }