int smack_accesses_add_modify(struct smack_accesses *handle,
const char *subject,
const char *object,
const char *allow_access_type,
const char *deny_access_type)
{
struct smack_rule *rule = NULL;
if (smack_label_length(subject) < 0 ||
smack_label_length(object) < 0)
return -1;
rule = calloc(sizeof(struct smack_rule), 1);
if (rule == NULL)
return -1;
strcpy(rule->subject, subject);
strcpy(rule->object, object);
parse_access_type(allow_access_type, rule->allow_access_type);
parse_access_type(deny_access_type, rule->deny_access_type);
rule->is_modify = 1;
if (handle->first == NULL) {
handle->first = handle->last = rule;
} else {
handle->last->next = rule;
handle->last = rule;
}
return 0;
}
int smack_set_label_for_file(int fd,
const char *xattr,
const char *label)
{
int len;
int ret;
len = (int)smack_label_length(label);
if (len < 0)
return -2;
ret = fsetxattr(fd, xattr, label, len, 0);
return ret;
}
int smack_set_label_for_path(const char *path,
const char *xattr,
int follow,
const char *label)
{
int len;
int ret;
len = (int)smack_label_length(label);
if (len < 0)
return -2;
ret = follow ?
setxattr(path, xattr, label, len, 0) :
lsetxattr(path, xattr, label, len, 0);
return ret;
}
int smack_set_label_for_self(const char *label)
{
int len;
int fd;
int ret;
len = smack_label_length(label);
if (len < 0)
return -1;
fd = open(SELF_LABEL_FILE, O_WRONLY);
if (fd < 0)
return -1;
ret = write(fd, label, len);
close(fd);
return (ret < 0) ? -1 : 0;
}
int smack_revoke_subject(const char *subject)
{
int ret;
int fd;
int len;
char path[PATH_MAX];
len = smack_label_length(subject);
if (len < 0)
return -1;
snprintf(path, sizeof path, "%s/revoke-subject", smackfs_mnt);
fd = open(path, O_WRONLY);
if (fd < 0)
return -1;
ret = write(fd, subject, len);
close(fd);
return (ret < 0) ? -1 : 0;
}
int smack_cipso_add_from_file(struct smack_cipso *cipso, int fd)
{
struct cipso_mapping *mapping = NULL;
FILE *file = NULL;
char buf[BUF_SIZE];
char *label, *level, *cat, *ptr;
long int val;
int i;
int newfd;
newfd = dup(fd);
if (newfd == -1)
return -1;
file = fdopen(newfd, "r");
if (file == NULL) {
close(newfd);
return -1;
}
while (fgets(buf, BUF_SIZE, file) != NULL) {
mapping = calloc(sizeof(struct cipso_mapping), 1);
if (mapping == NULL)
goto err_out;
label = strtok_r(buf, " \t\n", &ptr);
level = strtok_r(NULL, " \t\n", &ptr);
cat = strtok_r(NULL, " \t\n", &ptr);
if (smack_label_length(label) < 0 || level == NULL)
goto err_out;
strcpy(mapping->label, label);
errno = 0;
val = strtol(level, NULL, 10);
if (errno)
goto err_out;
if (val < 0 || val > LEVEL_MAX)
goto err_out;
mapping->level = val;
for (i = 0; i < CAT_MAX_COUNT && cat != NULL; i++) {
errno = 0;
val = strtol(cat, NULL, 10);
if (errno)
goto err_out;
if (val < 0 || val > CAT_MAX_VALUE)
goto err_out;
mapping->cats[i] = val;
cat = strtok_r(NULL, " \t\n", &ptr);
}
mapping->ncats = i;
if (cipso->first == NULL) {
cipso->first = cipso->last = mapping;
} else {
cipso->last->next = mapping;
cipso->last = mapping;
}
}
if (ferror(file))
goto err_out;
fclose(file);
return 0;
err_out:
fclose(file);
free(mapping);
return -1;
}
