static void *
mavc_netlink_worker(void *data)
{
int sockfd;
fprintf(stderr, "%s: worker thread was launched\n", __FUNCTION__);
sockfd = avc_netlink_acquire_fd();
avc_netlink_loop();
avc_netlink_release_fd();
fprintf(stderr, "%s: worker thread was terminated\n", __FUNCTION__);
return NULL;
}
/*
* selinux_status_open
*
* It tries to open and mmap kernel status page (/selinux/status).
* Since Linux 2.6.37 or later supports this feature, we may run
* fallback routine using a netlink socket on older kernels, if
* the supplied `fallback' is not zero.
* It returns 0 on success, or -1 on error.
*/
int selinux_status_open(int fallback)
{
int fd;
char path[PATH_MAX];
long pagesize;
if (!selinux_mnt) {
errno = ENOENT;
return -1;
}
pagesize = sysconf(_SC_PAGESIZE);
if (pagesize < 0)
return -1;
snprintf(path, sizeof(path), "%s/status", selinux_mnt);
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd < 0)
goto error;
selinux_status = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd, 0);
if (selinux_status == MAP_FAILED) {
close(fd);
goto error;
}
selinux_status_fd = fd;
last_seqno = (uint32_t)(-1);
return 0;
error:
/*
* If caller wants fallback routine, we try to provide
* an equivalent functionality using existing netlink
* socket, although it needs system call invocation to
* receive event notification.
*/
if (fallback && avc_netlink_open(0) == 0) {
union selinux_callback cb;
/* register my callbacks */
cb.func_setenforce = fallback_cb_setenforce;
selinux_set_callback(SELINUX_CB_SETENFORCE, cb);
cb.func_policyload = fallback_cb_policyload;
selinux_set_callback(SELINUX_CB_POLICYLOAD, cb);
/* mark as fallback mode */
selinux_status = MAP_FAILED;
selinux_status_fd = avc_netlink_acquire_fd();
last_seqno = (uint32_t)(-1);
fallback_sequence = 0;
fallback_enforcing = security_getenforce();
fallback_policyload = 0;
return 1;
}
selinux_status = NULL;
return -1;
}
