int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject, const char *object, const char *allow_access_type, const char *deny_access_type) { struct smack_rule *rule = NULL; if (smack_label_length(subject) < 0 || smack_label_length(object) < 0) return -1; rule = calloc(sizeof(struct smack_rule), 1); if (rule == NULL) return -1; strcpy(rule->subject, subject); strcpy(rule->object, object); parse_access_type(allow_access_type, rule->allow_access_type); parse_access_type(deny_access_type, rule->deny_access_type); rule->is_modify = 1; if (handle->first == NULL) { handle->first = handle->last = rule; } else { handle->last->next = rule; handle->last = rule; } return 0; }
int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject, const char *object, const char *allow_access_type, const char *deny_access_type) { struct smack_rule *rule = NULL; if (strnlen(subject, SMACK_LABEL_LEN + 1) > SMACK_LABEL_LEN || strnlen(object, SMACK_LABEL_LEN + 1) > SMACK_LABEL_LEN) { errno = ERANGE; return -1; } rule = calloc(sizeof(struct smack_rule), 1); if (rule == NULL) return -1; strcpy(rule->subject, subject); strcpy(rule->object, object); parse_access_type(allow_access_type, rule->allow_access_type); parse_access_type(deny_access_type, rule->deny_access_type); rule->is_modify = 1; if (handle->first == NULL) { handle->first = handle->last = rule; } else { handle->last->next = rule; handle->last = rule; } return 0; }
int smack_accesses_add(struct smack_accesses *handle, const char *subject, const char *object, const char *access_type) { struct smack_rule *rule = NULL; rule = calloc(sizeof(struct smack_rule), 1); if (rule == NULL) return -1; if (get_label(rule->subject, subject) < 0 || get_label(rule->object, object) < 0) { free(rule); return -1; } parse_access_type(access_type, rule->access_type); if (handle->first == NULL) { handle->first = handle->last = rule; } else { handle->last->next = rule; handle->last = rule; } return 0; }
int smack_have_access(const char *subject, const char *object, const char *access_type) { char buf[LOAD_LEN + 1]; char access_type_k[ACC_LEN + 1]; int ret; int fd; int access2 = 1; char path[PATH_MAX]; if (!smackfs_mnt) { errno = EFAULT; return -1; } snprintf(path, sizeof path, "%s/access2", smackfs_mnt); fd = open(path, O_RDWR); if (fd < 0) { if (errno != ENOENT) return -1; snprintf(path, sizeof path, "%s/access", smackfs_mnt); fd = open(path, O_RDWR); if (fd < 0) return -1; access2 = 0; } parse_access_type(access_type, access_type_k); if (access2) ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT, subject, object, access_type_k); else ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT, subject, object, access_type_k); if (ret < 0) { close(fd); return -1; } ret = write(fd, buf, strlen(buf)); if (ret < 0) { close(fd); return -1; } ret = read(fd, buf, 1); close(fd); if (ret < 0) return -1; return buf[0] == '1'; }