int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject, const char *object, const char *allow_access_type, const char *deny_access_type) { struct smack_rule *rule = NULL; if (smack_label_length(subject) < 0 || smack_label_length(object) < 0) return -1; rule = calloc(sizeof(struct smack_rule), 1); if (rule == NULL) return -1; strcpy(rule->subject, subject); strcpy(rule->object, object); parse_access_type(allow_access_type, rule->allow_access_type); parse_access_type(deny_access_type, rule->deny_access_type); rule->is_modify = 1; if (handle->first == NULL) { handle->first = handle->last = rule; } else { handle->last->next = rule; handle->last = rule; } return 0; }
int smack_set_label_for_file(int fd, const char *xattr, const char *label) { int len; int ret; len = (int)smack_label_length(label); if (len < 0) return -2; ret = fsetxattr(fd, xattr, label, len, 0); return ret; }
int smack_set_label_for_path(const char *path, const char *xattr, int follow, const char *label) { int len; int ret; len = (int)smack_label_length(label); if (len < 0) return -2; ret = follow ? setxattr(path, xattr, label, len, 0) : lsetxattr(path, xattr, label, len, 0); return ret; }
int smack_set_label_for_self(const char *label) { int len; int fd; int ret; len = smack_label_length(label); if (len < 0) return -1; fd = open(SELF_LABEL_FILE, O_WRONLY); if (fd < 0) return -1; ret = write(fd, label, len); close(fd); return (ret < 0) ? -1 : 0; }
int smack_revoke_subject(const char *subject) { int ret; int fd; int len; char path[PATH_MAX]; len = smack_label_length(subject); if (len < 0) return -1; snprintf(path, sizeof path, "%s/revoke-subject", smackfs_mnt); fd = open(path, O_WRONLY); if (fd < 0) return -1; ret = write(fd, subject, len); close(fd); return (ret < 0) ? -1 : 0; }
int smack_cipso_add_from_file(struct smack_cipso *cipso, int fd) { struct cipso_mapping *mapping = NULL; FILE *file = NULL; char buf[BUF_SIZE]; char *label, *level, *cat, *ptr; long int val; int i; int newfd; newfd = dup(fd); if (newfd == -1) return -1; file = fdopen(newfd, "r"); if (file == NULL) { close(newfd); return -1; } while (fgets(buf, BUF_SIZE, file) != NULL) { mapping = calloc(sizeof(struct cipso_mapping), 1); if (mapping == NULL) goto err_out; label = strtok_r(buf, " \t\n", &ptr); level = strtok_r(NULL, " \t\n", &ptr); cat = strtok_r(NULL, " \t\n", &ptr); if (smack_label_length(label) < 0 || level == NULL) goto err_out; strcpy(mapping->label, label); errno = 0; val = strtol(level, NULL, 10); if (errno) goto err_out; if (val < 0 || val > LEVEL_MAX) goto err_out; mapping->level = val; for (i = 0; i < CAT_MAX_COUNT && cat != NULL; i++) { errno = 0; val = strtol(cat, NULL, 10); if (errno) goto err_out; if (val < 0 || val > CAT_MAX_VALUE) goto err_out; mapping->cats[i] = val; cat = strtok_r(NULL, " \t\n", &ptr); } mapping->ncats = i; if (cipso->first == NULL) { cipso->first = cipso->last = mapping; } else { cipso->last->next = mapping; cipso->last = mapping; } } if (ferror(file)) goto err_out; fclose(file); return 0; err_out: fclose(file); free(mapping); return -1; }