int getseuserbyname(const char *name, char **r_seuser, char **r_level) { FILE *cfg = NULL; size_t size = 0; char *buffer = NULL; int rc; unsigned long lineno = 0; int mls_enabled = is_selinux_mls_enabled(); char *username = NULL; char *seuser = NULL; char *level = NULL; char *groupseuser = NULL; char *grouplevel = NULL; char *defaultseuser = NULL; char *defaultlevel = NULL; gid_t gid = get_default_gid(name); cfg = fopen(selinux_usersconf_path(), "re"); if (!cfg) goto nomatch; __fsetlocking(cfg, FSETLOCKING_BYCALLER); while (getline(&buffer, &size, cfg) > 0) { ++lineno; rc = process_seusers(buffer, &username, &seuser, &level, mls_enabled); if (rc == -1) continue; /* comment, skip */ if (rc == -2) { fprintf(stderr, "%s: error on line %lu, skipping...\n", selinux_usersconf_path(), lineno); continue; } if (!strcmp(username, name)) break; if (username[0] == '%' && !groupseuser && check_group(&username[1], name, gid)) { groupseuser = seuser; grouplevel = level; } else { if (!defaultseuser && !strcmp(username, "__default__")) { defaultseuser = seuser; defaultlevel = level; } else { free(seuser); free(level); } } free(username); username = NULL; seuser = NULL; } free(buffer); fclose(cfg); if (seuser) { free(username); free(defaultseuser); free(defaultlevel); free(groupseuser); free(grouplevel); *r_seuser = seuser; *r_level = level; return 0; } if (groupseuser) { free(defaultseuser); free(defaultlevel); *r_seuser = groupseuser; *r_level = grouplevel; return 0; } if (defaultseuser) { *r_seuser = defaultseuser; *r_level = defaultlevel; return 0; } nomatch: if (require_seusers) return -1; /* Fall back to the Linux username and no level. */ *r_seuser = strdup(name); if (!(*r_seuser)) return -1; *r_level = NULL; return 0; }
static JSBool rpmsx_getprop(JSContext *cx, JSObject *obj, jsid id, jsval *vp) { void * ptr = JS_GetInstancePrivate(cx, obj, &rpmsxClass, NULL); jsint tiny = JSVAL_TO_INT(id); #if defined(WITH_SELINUX) security_context_t con = NULL; #endif /* XXX the class has ptr == NULL, instances have ptr != NULL. */ if (ptr == NULL) return JS_TRUE; switch (tiny) { case _DEBUG: *vp = INT_TO_JSVAL(_debug); break; #if defined(WITH_SELINUX) case _CURRENT: *vp = _GET_CON(!getcon(&con)); break; case _PID: *vp = _GET_CON(!getpidcon(getpid(), &con)); break; case _PPID: *vp = _GET_CON(!getpidcon(getppid(), &con)); break; case _PREV: *vp = _GET_CON(!getprevcon(&con)); break; case _EXEC: *vp = _GET_CON(!getexeccon(&con)); break; case _FSCREATE: *vp = _GET_CON(!getfscreatecon(&con)); break; case _KEYCREATE: *vp = _GET_CON(!getkeycreatecon(&con)); break; case _SOCKCREATE: *vp = _GET_CON(!getsockcreatecon(&con)); break; case _ENFORCE: *vp = INT_TO_JSVAL(security_getenforce()); break; case _DENY: *vp = INT_TO_JSVAL(security_deny_unknown()); break; case _POLICYVERS: *vp = INT_TO_JSVAL(security_policyvers()); break; case _ENABLED: *vp = INT_TO_JSVAL(is_selinux_enabled()); break; case _MLSENABLED: *vp = INT_TO_JSVAL(is_selinux_mls_enabled()); break; #ifdef NOTYET case _BOOLS: *vp = ; break; #endif case _ROOT: *vp = _GET_STR(selinux_policy_root()); break; case _BINARY: *vp = _GET_STR(selinux_binary_policy_path()); break; case _FAILSAFE: *vp = _GET_STR(selinux_failsafe_context_path());break; case _REMOVABLE: *vp = _GET_STR(selinux_removable_context_path());break; case _DEFAULT: *vp = _GET_STR(selinux_default_context_path()); break; case _USER: *vp = _GET_STR(selinux_user_contexts_path()); break; case _FCON: *vp = _GET_STR(selinux_file_context_path()); break; case _FCONHOME: *vp = _GET_STR(selinux_file_context_homedir_path());break; case _FCONLOCAL: *vp = _GET_STR(selinux_file_context_local_path());break; case _FCONSUBS: *vp = _GET_STR(selinux_file_context_subs_path());break; case _HOMEDIR: *vp = _GET_STR(selinux_homedir_context_path()); break; case _MEDIA: *vp = _GET_STR(selinux_media_context_path()); break; case _VIRTDOMAIN: *vp = _GET_STR(selinux_virtual_domain_context_path());break; case _VIRTIMAGE: *vp = _GET_STR(selinux_virtual_image_context_path());break; case _X: *vp = _GET_STR(selinux_x_context_path()); break; case _CONTEXTS: *vp = _GET_STR(selinux_contexts_path()); break; case _SECURETTY: *vp = _GET_STR(selinux_securetty_types_path()); break; case _BOOLEANS: *vp = _GET_STR(selinux_booleans_path()); break; case _CUSTOMTYPES: *vp = _GET_STR(selinux_customizable_types_path());break; case _USERS: *vp = _GET_STR(selinux_users_path()); break; case _USERSCONF: *vp = _GET_STR(selinux_usersconf_path()); break; case _XLATIONS: *vp = _GET_STR(selinux_translations_path()); break; case _COLORS: *vp = _GET_STR(selinux_colors_path()); break; case _NETFILTER: *vp = _GET_STR(selinux_netfilter_context_path());break; case _PATH: *vp = _GET_STR(selinux_path()); break; #endif default: break; } #if defined(WITH_SELINUX) if (con) { freecon(con); con = NULL; } #endif return JS_TRUE; }