int security_compute_create_name(const char * scon, const char * tcon, security_class_t tclass, const char *objname, char ** newcon) { int ret; char * rscon; char * rtcon; char * rnewcon; if (selinux_trans_to_raw_context(scon, &rscon)) return -1; if (selinux_trans_to_raw_context(tcon, &rtcon)) { freecon(rscon); return -1; } ret = security_compute_create_name_raw(rscon, rtcon, tclass, objname, &rnewcon); freecon(rscon); freecon(rtcon); if (!ret) { ret = selinux_raw_to_trans_context(rnewcon, newcon); freecon(rnewcon); } return ret; }
Datum sepgsql_mcstrans_out(PG_FUNCTION_ARGS) { text *label = PG_GETARG_TEXT_P(0); char *qual_label; char *result; if (!sepgsql_is_enabled()) ereport(ERROR, (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), errmsg("sepgsql is not currently enabled"))); if (selinux_raw_to_trans_context(text_to_cstring(label), &qual_label) < 0) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("SELinux: could not translate security label: %m"))); PG_TRY(); { result = pstrdup(qual_label); } PG_CATCH(); { freecon(qual_label); PG_RE_THROW(); } PG_END_TRY(); freecon(qual_label); PG_RETURN_TEXT_P(cstring_to_text(result)); }
int security_compute_member(const char * scon, const char * tcon, security_class_t tclass, char ** newcon) { int ret; char * rscon; char * rtcon; char * rnewcon; if (selinux_trans_to_raw_context(scon, &rscon)) return -1; if (selinux_trans_to_raw_context(tcon, &rtcon)) { freecon(rscon); return -1; } ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon); freecon(rscon); freecon(rtcon); if (!ret) { if (selinux_raw_to_trans_context(rnewcon, newcon)) { *newcon = NULL; ret = -1; } freecon(rnewcon); } return ret; }
int security_get_initial_context(const char * name, char ** con) { int ret; char * rcon; ret = security_get_initial_context_raw(name, &rcon); if (!ret) { ret = selinux_raw_to_trans_context(rcon, con); freecon(rcon); } return ret; }
static int selabel_fini(struct selabel_handle *rec, struct selabel_lookup_rec *lr, int translating) { if (compat_validate(rec, lr, rec->spec_file, 0)) return -1; if (translating && !lr->ctx_trans && selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans)) return -1; return 0; }
int lgetfilecon(const char *path, char ** context) { int ret; char * rcontext; *context = NULL; ret = lgetfilecon_raw(path, &rcontext); if (ret > 0) { ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); } if (ret >= 0 && *context) return strlen(*context) + 1; return ret; }
int fgetfilecon(int fd, security_context_t * context) { security_context_t rcontext; int ret; *context = NULL; ret = fgetfilecon_raw(fd, &rcontext); if (ret > 0) { ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); } if (ret >= 0 && *context) return strlen(*context) + 1; return ret; }
int security_canonicalize_context(const char * con, char ** canoncon) { int ret; char * rcon; char * rcanoncon; if (selinux_trans_to_raw_context(con, &rcon)) return -1; ret = security_canonicalize_context_raw(rcon, &rcanoncon); freecon(rcon); if (!ret) { ret = selinux_raw_to_trans_context(rcanoncon, canoncon); freecon(rcanoncon); } return ret; }
static struct selabel_lookup_rec * selabel_lookup_common(struct selabel_handle *rec, int translating, const char *key, int type) { struct selabel_lookup_rec *lr; char *ptr = NULL; char *dptr = NULL; if (key == NULL) { errno = EINVAL; return NULL; } ptr = selabel_sub(rec->subs, key); if (ptr) { dptr = selabel_sub(rec->dist_subs, ptr); if (dptr) { free(ptr); ptr = dptr; } } else { ptr = selabel_sub(rec->dist_subs, key); } if (ptr) { lr = rec->func_lookup(rec, ptr, type); free(ptr); } else { lr = rec->func_lookup(rec, key, type); } if (!lr) return NULL; if (compat_validate(rec, lr, rec->spec_file, 0)) return NULL; if (translating && !lr->ctx_trans && selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans)) return NULL; return lr; }
static security_context_t get_scon(void) { static char dummy_NIL[1] = ""; security_context_t con = NULL; int ret = -1; int raw = TRUE; switch (opts->from_type) { case OPTS_FROM_ARG: if (!(con = strdup(opts->f.arg))) err(EXIT_FAILURE, " Couldn't allocate security context"); raw = !opts->disp_raw; /* always do conversion */ break; case OPTS_FROM_STDIN: { char buf[4096] = ""; char *ptr = buf; while (!*ptr) { if (!(ptr = fgets(buf, sizeof(buf), stdin))) err(EXIT_FAILURE, " Couldn't read security context"); ptr += strspn(ptr, " \n\t"); ptr[strcspn(ptr, " \n\t")] = 0; } if (!(con = strdup(ptr))) err(EXIT_FAILURE, " Couldn't allocate security context"); raw = !opts->disp_raw; /* always do conversion */ break; } case OPTS_FROM_CUR: ret = getcon_raw(&con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get current security context"); break; case OPTS_FROM_CUREXE: ret = getexeccon_raw(&con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get current exec security context"); if (!con) con = strdup(dummy_NIL); break; case OPTS_FROM_CURFS: ret = getfscreatecon_raw(&con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get current fs security context"); if (!con) con = strdup(dummy_NIL); break; case OPTS_FROM_CURKEY: ret = getkeycreatecon_raw(&con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get current key security context"); if (!con) con = strdup(dummy_NIL); break; case OPTS_FROM_PROC: ret = getpidcon_raw(opts->f.pid, &con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get security context for pid %lu", (unsigned long)opts->f.pid); break; case OPTS_FROM_PROCEXE: ret = my_getpidexeccon_raw(opts->f.pid, &con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get security context for pid %lu", (unsigned long)opts->f.pid); if (!con) con = strdup(dummy_NIL); break; case OPTS_FROM_PROCFS: ret = my_getpidfscreatecon_raw(opts->f.pid, &con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get security context for pid %lu", (unsigned long)opts->f.pid); if (!con) con = strdup(dummy_NIL); /* disabled -- override with normal context ... { opts->from_type = OPTS_FROM_PROC; return (get_scon()); } */ break; case OPTS_FROM_PROCKEY: ret = my_getpidkeycreatecon_raw(opts->f.pid, &con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get security context for pid %lu", (unsigned long)opts->f.pid); if (!con) con = strdup(dummy_NIL); break; case OPTS_FROM_FILE: ret = getfilecon_raw(opts->f.file, &con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get security context for file %s", opts->f.file); break; case OPTS_FROM_LINK: ret = lgetfilecon_raw(opts->f.link, &con); if (ret == -1) err(EXIT_FAILURE, " Couldn't get security context for symlink %s", opts->f.link); break; default: assert(FALSE); } if (opts->disp_raw != raw) { security_context_t ncon = NULL; if (opts->disp_raw) selinux_trans_to_raw_context(con, &ncon); else selinux_raw_to_trans_context(con, &ncon); freecon(con); con = ncon; } return (con); }