int security_compute_create_name(const char * scon,
const char * tcon,
security_class_t tclass,
const char *objname,
char ** newcon)
{
int ret;
char * rscon;
char * rtcon;
char * rnewcon;
if (selinux_trans_to_raw_context(scon, &rscon))
return -1;
if (selinux_trans_to_raw_context(tcon, &rtcon)) {
freecon(rscon);
return -1;
}
ret = security_compute_create_name_raw(rscon, rtcon, tclass,
objname, &rnewcon);
freecon(rscon);
freecon(rtcon);
if (!ret) {
ret = selinux_raw_to_trans_context(rnewcon, newcon);
freecon(rnewcon);
}
return ret;
}
int security_compute_member(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon)
{
int ret;
char * rscon;
char * rtcon;
char * rnewcon;
if (selinux_trans_to_raw_context(scon, &rscon))
return -1;
if (selinux_trans_to_raw_context(tcon, &rtcon)) {
freecon(rscon);
return -1;
}
ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
freecon(rscon);
freecon(rtcon);
if (!ret) {
if (selinux_raw_to_trans_context(rnewcon, newcon)) {
*newcon = NULL;
ret = -1;
}
freecon(rnewcon);
}
return ret;
}
/* Send audit message */
static
int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context,
security_context_t selected_context)
{
int rc=0;
#ifdef HAVE_LIBAUDIT
char *msg = NULL;
int audit_fd = audit_open();
security_context_t default_raw=NULL;
security_context_t selected_raw=NULL;
rc = -1;
if (audit_fd < 0) {
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
errno == EAFNOSUPPORT)
return 0; /* No audit support in kernel */
pam_syslog(pamh, LOG_ERR, "Error connecting to audit system.");
return rc;
}
if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
pam_syslog(pamh, LOG_ERR, "Error translating default context.");
default_raw = NULL;
}
if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
selected_raw = NULL;
}
if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
default_raw ? default_raw : (default_context ? default_context : "?"),
selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
goto out;
}
if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
msg, NULL, NULL, NULL, success) <= 0) {
pam_syslog(pamh, LOG_ERR, "Error sending audit message.");
goto out;
}
rc = 0;
out:
free(msg);
freecon(default_raw);
freecon(selected_raw);
close(audit_fd);
#else
pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success);
#endif
return rc;
}
/* translates SELinux context from human to raw format and
* appends it to the mount extra options.
*
* returns -1 on error and 0 on success
*/
static int
append_context(const char *optname, char *optdata, char **extra_opts)
{
security_context_t raw = NULL;
char *data = NULL;
if (is_selinux_enabled() != 1)
/* ignore the option if we running without selinux */
return 0;
if (optdata == NULL || *optdata == '\0' || optname == NULL)
return -1;
/* TODO: use strip_quotes() for all mount options? */
data = *optdata == '"' ? strip_quotes(optdata) : optdata;
if (selinux_trans_to_raw_context(
(security_context_t) data, &raw) == -1 ||
raw == NULL)
return -1;
if (verbose)
printf(_("%s: translated %s '%s' to '%s'\n"),
progname, optname, data, (char *) raw);
*extra_opts = append_opt(*extra_opts, optname, NULL);
*extra_opts = xstrconcat4(*extra_opts, "\"", (char *) raw, "\"");
freecon(raw);
return 0;
}
Datum
sepgsql_mcstrans_in(PG_FUNCTION_ARGS)
{
text *label = PG_GETARG_TEXT_P(0);
char *raw_label;
char *result;
if (!sepgsql_is_enabled())
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("sepgsql is not enabled")));
if (selinux_trans_to_raw_context(text_to_cstring(label),
&raw_label) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: could not translate security label: %m")));
PG_TRY();
{
result = pstrdup(raw_label);
}
PG_CATCH();
{
freecon(raw_label);
PG_RE_THROW();
}
PG_END_TRY();
freecon(raw_label);
PG_RETURN_TEXT_P(cstring_to_text(result));
}
int setfilecon(const char *path, const security_context_t context)
{
int ret;
security_context_t rcontext;
if (selinux_trans_to_raw_context(context, &rcontext))
return -1;
ret = setfilecon_raw(path, rcontext);
freecon(rcontext);
return ret;
}
int security_check_context(const security_context_t con)
{
int ret;
security_context_t rcon;
if (selinux_trans_to_raw_context(con, &rcon))
return -1;
ret = security_check_context_raw(rcon);
freecon(rcon);
return ret;
}
int security_compute_av_flags(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd)
{
char * rscon;
char * rtcon;
int ret;
if (selinux_trans_to_raw_context(scon, &rscon))
return -1;
if (selinux_trans_to_raw_context(tcon, &rtcon)) {
freecon(rscon);
return -1;
}
ret = security_compute_av_flags_raw(rscon, rtcon, tclass,
requested, avd);
freecon(rscon);
freecon(rtcon);
return ret;
}
int security_canonicalize_context(const char * con,
char ** canoncon)
{
int ret;
char * rcon;
char * rcanoncon;
if (selinux_trans_to_raw_context(con, &rcon))
return -1;
ret = security_canonicalize_context_raw(rcon, &rcanoncon);
freecon(rcon);
if (!ret) {
ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
freecon(rcanoncon);
}
return ret;
}
static security_context_t get_scon(void)
{
static char dummy_NIL[1] = "";
security_context_t con = NULL;
int ret = -1;
int raw = TRUE;
switch (opts->from_type) {
case OPTS_FROM_ARG:
if (!(con = strdup(opts->f.arg)))
err(EXIT_FAILURE,
" Couldn't allocate security context");
raw = !opts->disp_raw; /* always do conversion */
break;
case OPTS_FROM_STDIN:
{
char buf[4096] = "";
char *ptr = buf;
while (!*ptr) {
if (!(ptr = fgets(buf, sizeof(buf), stdin)))
err(EXIT_FAILURE,
" Couldn't read security context");
ptr += strspn(ptr, " \n\t");
ptr[strcspn(ptr, " \n\t")] = 0;
}
if (!(con = strdup(ptr)))
err(EXIT_FAILURE,
" Couldn't allocate security context");
raw = !opts->disp_raw; /* always do conversion */
break;
}
case OPTS_FROM_CUR:
ret = getcon_raw(&con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get current security context");
break;
case OPTS_FROM_CUREXE:
ret = getexeccon_raw(&con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get current exec security context");
if (!con)
con = strdup(dummy_NIL);
break;
case OPTS_FROM_CURFS:
ret = getfscreatecon_raw(&con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get current fs security context");
if (!con)
con = strdup(dummy_NIL);
break;
case OPTS_FROM_CURKEY:
ret = getkeycreatecon_raw(&con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get current key security context");
if (!con)
con = strdup(dummy_NIL);
break;
case OPTS_FROM_PROC:
ret = getpidcon_raw(opts->f.pid, &con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get security context for pid %lu",
(unsigned long)opts->f.pid);
break;
case OPTS_FROM_PROCEXE:
ret = my_getpidexeccon_raw(opts->f.pid, &con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get security context for pid %lu",
(unsigned long)opts->f.pid);
if (!con)
con = strdup(dummy_NIL);
break;
case OPTS_FROM_PROCFS:
ret = my_getpidfscreatecon_raw(opts->f.pid, &con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get security context for pid %lu",
(unsigned long)opts->f.pid);
if (!con)
con = strdup(dummy_NIL);
/* disabled -- override with normal context ...
{
opts->from_type = OPTS_FROM_PROC;
return (get_scon());
} */
break;
case OPTS_FROM_PROCKEY:
ret = my_getpidkeycreatecon_raw(opts->f.pid, &con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get security context for pid %lu",
(unsigned long)opts->f.pid);
if (!con)
con = strdup(dummy_NIL);
break;
case OPTS_FROM_FILE:
ret = getfilecon_raw(opts->f.file, &con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get security context for file %s",
opts->f.file);
break;
case OPTS_FROM_LINK:
ret = lgetfilecon_raw(opts->f.link, &con);
if (ret == -1)
err(EXIT_FAILURE,
" Couldn't get security context for symlink %s",
opts->f.link);
break;
default:
assert(FALSE);
}
if (opts->disp_raw != raw) {
security_context_t ncon = NULL;
if (opts->disp_raw)
selinux_trans_to_raw_context(con, &ncon);
else
selinux_raw_to_trans_context(con, &ncon);
freecon(con);
con = ncon;
}
return (con);
}
/*
* do_set_domain
* It tries to replace the domain/range of the current context.
*/
static int
do_set_domain(security_context_t old_context, char *domain, server_rec *s)
{
security_context_t new_context;
security_context_t raw_context;
context_t context;
char *range;
/*
* Compute the new security context
*/
context = context_new(old_context);
if (!context) {
ap_log_error(APLOG_MARK, APLOG_ERR, errno, s,
"SELinux: context_new(\"%s\") failed",
old_context);
return -1;
}
range = strchr(domain, ':');
if (range)
*range++ = '\0';
if (domain && strcmp(domain, "*") != 0)
context_type_set(context, domain);
if (range && strcmp(range, "*") != 0)
context_range_set(context, range);
if (range)
*--range = ':'; /* fixup */
new_context = context_str(context);
if (!new_context) {
ap_log_error(APLOG_MARK, APLOG_ERR, errno, s,
"SELinux: context_str(\"%s:%s:%s:%s\") failed",
context_user_get(context),
context_role_get(context),
context_type_get(context),
context_range_get(context));
context_free(context);
return -1;
}
/*
* If old_context == new_context, we don't need to do anything
*/
if (selinux_trans_to_raw_context(new_context, &raw_context) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, errno, s,
"SELinux: selinux_trans_to_raw_context(\"%s\") failed",
new_context);
context_free(context);
return -1;
}
context_free(context);
if (!strcmp(old_context, raw_context)) {
freecon(raw_context);
return 1;
}
if (setcon_raw(raw_context) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, errno, s,
"SELinux: setcon_raw(\"%s\") failed",
raw_context);
freecon(raw_context);
return -1;
}
freecon(raw_context);
return 0;
}
