int security_compute_member_raw(const char * scon, const char * tcon, security_class_t tclass, char ** newcon) { char path[PATH_MAX]; char *buf; size_t size; int fd, ret; if (!selinux_mnt) { errno = ENOENT; return -1; } if ((! scon) || (! tcon)) { errno=EINVAL; return -1; } snprintf(path, sizeof path, "%s/member", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) return -1; size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; goto out; } snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass)); ret = write(fd, buf, strlen(buf)); if (ret < 0) goto out2; memset(buf, 0, size); ret = read(fd, buf, size - 1); if (ret < 0) goto out2; *newcon = strdup(buf); if (!(*newcon)) { ret = -1; goto out2; } ret = 0; out2: free(buf); out: close(fd); return ret; }
const char *security_class_to_string(security_class_t tclass) { struct discover_class_node *node; tclass = unmap_class(tclass); node = get_class_cache_entry_value(tclass); if (node) return node->name; return NULL; }
access_vector_t string_to_av_perm(security_class_t tclass, const char *s) { struct discover_class_node *node; security_class_t kclass = unmap_class(tclass); node = get_class_cache_entry_value(kclass); if (node != NULL) { size_t i; for (i=0; i<MAXVECTORS && node->perms[i] != NULL; i++) if (strcmp(node->perms[i],s) == 0) return map_perm(tclass, 1<<i); } errno = EINVAL; return 0; }
const char *security_av_perm_to_string(security_class_t tclass, access_vector_t av) { struct discover_class_node *node; size_t i; av = unmap_perm(tclass, av); tclass = unmap_class(tclass); node = get_class_cache_entry_value(tclass); if (av && node) for (i = 0; i<MAXVECTORS; i++) if ((1<<i) & av) return node->perms[i]; return NULL; }
int security_compute_av_flags_raw(const char * scon, const char * tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd) { char path[PATH_MAX]; char *buf; size_t len; int fd, ret; if (!selinux_mnt) { errno = ENOENT; return -1; } snprintf(path, sizeof path, "%s/access", selinux_mnt); fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; len = selinux_page_size; buf = malloc(len); if (!buf) { ret = -1; goto out; } snprintf(buf, len, "%s %s %hu %x", scon, tcon, unmap_class(tclass), unmap_perm(tclass, requested)); ret = write(fd, buf, strlen(buf)); if (ret < 0) goto out2; memset(buf, 0, len); ret = read(fd, buf, len - 1); if (ret < 0) goto out2; ret = sscanf(buf, "%x %x %x %x %u %x", &avd->allowed, &avd->decided, &avd->auditallow, &avd->auditdeny, &avd->seqno, &avd->flags); if (ret < 5) { ret = -1; goto out2; } else if (ret < 6) avd->flags = 0; /* If tclass invalid, kernel sets avd according to deny_unknown flag */ if (tclass != 0) map_decision(tclass, avd); ret = 0; out2: free(buf); out: close(fd); return ret; }