static int
SELinuxInitialize(void)
{
char *ptr = NULL;
int fd = 0;
fd = open(selinux_virtual_domain_context_path(), O_RDONLY);
if (fd < 0) {
virReportSystemError(errno,
_("cannot open SELinux virtual domain context file '%s'"),
selinux_virtual_domain_context_path());
return -1;
}
if (saferead(fd, default_domain_context, sizeof(default_domain_context)) < 0) {
virReportSystemError(errno,
_("cannot read SELinux virtual domain context file %s"),
selinux_virtual_domain_context_path());
VIR_FORCE_CLOSE(fd);
return -1;
}
VIR_FORCE_CLOSE(fd);
ptr = strchrnul(default_domain_context, '\n');
*ptr = '\0';
if ((fd = open(selinux_virtual_image_context_path(), O_RDONLY)) < 0) {
virReportSystemError(errno,
_("cannot open SELinux virtual image context file %s"),
selinux_virtual_image_context_path());
return -1;
}
if (saferead(fd, default_image_context, sizeof(default_image_context)) < 0) {
virReportSystemError(errno,
_("cannot read SELinux virtual image context file %s"),
selinux_virtual_image_context_path());
VIR_FORCE_CLOSE(fd);
return -1;
}
VIR_FORCE_CLOSE(fd);
ptr = strchrnul(default_image_context, '\n');
if (*ptr == '\n') {
*ptr = '\0';
strcpy(default_content_context, ptr+1);
ptr = strchrnul(default_content_context, '\n');
if (*ptr == '\n')
*ptr = '\0';
}
return 0;
}
static int
SELinuxQEMUInitialize(virSecurityManagerPtr mgr)
{
char *ptr;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
if (virFileReadAll(selinux_virtual_domain_context_path(), MAX_CONTEXT, &(data->domain_context)) < 0) {
virReportSystemError(errno,
_("cannot read SELinux virtual domain context file '%s'"),
selinux_virtual_domain_context_path());
goto error;
}
ptr = strchrnul(data->domain_context, '\n');
if (ptr)
*ptr = '\0';
if (virFileReadAll(selinux_virtual_image_context_path(), 2*MAX_CONTEXT, &(data->file_context)) < 0) {
virReportSystemError(errno,
_("cannot read SELinux virtual image context file %s"),
selinux_virtual_image_context_path());
goto error;
}
ptr = strchrnul(data->file_context, '\n');
if (ptr && *ptr == '\n') {
*ptr = '\0';
data->content_context = strdup(ptr+1);
if (!data->content_context) {
virReportOOMError();
goto error;
}
ptr = strchrnul(data->content_context, '\n');
if (ptr && *ptr == '\n')
*ptr = '\0';
}
return 0;
error:
VIR_FREE(data->domain_context);
VIR_FREE(data->file_context);
VIR_FREE(data->content_context);
return -1;
}
/* Gets the default context for virtualization processes and populates
* the data_t structure accordingly.
*/
static int
get_default_contexts (data_t *data)
{
int ret = 0;
ret = read_single_context (data->domain_context,
selinux_virtual_domain_context_path (),
sizeof (data->domain_context));
if (ret != 0) {
syslog (LOG_CRIT, "read single failed. ret: %d", ret);
return ret;
}
return 0;
}
static JSBool
rpmsx_getprop(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
{
void * ptr = JS_GetInstancePrivate(cx, obj, &rpmsxClass, NULL);
jsint tiny = JSVAL_TO_INT(id);
#if defined(WITH_SELINUX)
security_context_t con = NULL;
#endif
/* XXX the class has ptr == NULL, instances have ptr != NULL. */
if (ptr == NULL)
return JS_TRUE;
switch (tiny) {
case _DEBUG:
*vp = INT_TO_JSVAL(_debug);
break;
#if defined(WITH_SELINUX)
case _CURRENT: *vp = _GET_CON(!getcon(&con)); break;
case _PID: *vp = _GET_CON(!getpidcon(getpid(), &con)); break;
case _PPID: *vp = _GET_CON(!getpidcon(getppid(), &con)); break;
case _PREV: *vp = _GET_CON(!getprevcon(&con)); break;
case _EXEC: *vp = _GET_CON(!getexeccon(&con)); break;
case _FSCREATE: *vp = _GET_CON(!getfscreatecon(&con)); break;
case _KEYCREATE: *vp = _GET_CON(!getkeycreatecon(&con)); break;
case _SOCKCREATE: *vp = _GET_CON(!getsockcreatecon(&con)); break;
case _ENFORCE: *vp = INT_TO_JSVAL(security_getenforce()); break;
case _DENY: *vp = INT_TO_JSVAL(security_deny_unknown()); break;
case _POLICYVERS: *vp = INT_TO_JSVAL(security_policyvers()); break;
case _ENABLED: *vp = INT_TO_JSVAL(is_selinux_enabled()); break;
case _MLSENABLED: *vp = INT_TO_JSVAL(is_selinux_mls_enabled()); break;
#ifdef NOTYET
case _BOOLS: *vp = ; break;
#endif
case _ROOT: *vp = _GET_STR(selinux_policy_root()); break;
case _BINARY: *vp = _GET_STR(selinux_binary_policy_path()); break;
case _FAILSAFE: *vp = _GET_STR(selinux_failsafe_context_path());break;
case _REMOVABLE: *vp = _GET_STR(selinux_removable_context_path());break;
case _DEFAULT: *vp = _GET_STR(selinux_default_context_path()); break;
case _USER: *vp = _GET_STR(selinux_user_contexts_path()); break;
case _FCON: *vp = _GET_STR(selinux_file_context_path()); break;
case _FCONHOME: *vp = _GET_STR(selinux_file_context_homedir_path());break;
case _FCONLOCAL: *vp = _GET_STR(selinux_file_context_local_path());break;
case _FCONSUBS: *vp = _GET_STR(selinux_file_context_subs_path());break;
case _HOMEDIR: *vp = _GET_STR(selinux_homedir_context_path()); break;
case _MEDIA: *vp = _GET_STR(selinux_media_context_path()); break;
case _VIRTDOMAIN: *vp = _GET_STR(selinux_virtual_domain_context_path());break;
case _VIRTIMAGE: *vp = _GET_STR(selinux_virtual_image_context_path());break;
case _X: *vp = _GET_STR(selinux_x_context_path()); break;
case _CONTEXTS: *vp = _GET_STR(selinux_contexts_path()); break;
case _SECURETTY: *vp = _GET_STR(selinux_securetty_types_path()); break;
case _BOOLEANS: *vp = _GET_STR(selinux_booleans_path()); break;
case _CUSTOMTYPES: *vp = _GET_STR(selinux_customizable_types_path());break;
case _USERS: *vp = _GET_STR(selinux_users_path()); break;
case _USERSCONF: *vp = _GET_STR(selinux_usersconf_path()); break;
case _XLATIONS: *vp = _GET_STR(selinux_translations_path()); break;
case _COLORS: *vp = _GET_STR(selinux_colors_path()); break;
case _NETFILTER: *vp = _GET_STR(selinux_netfilter_context_path());break;
case _PATH: *vp = _GET_STR(selinux_path()); break;
#endif
default:
break;
}
#if defined(WITH_SELINUX)
if (con) {
freecon(con);
con = NULL;
}
#endif
return JS_TRUE;
}
