source-git / libselinux

Clone
Source Code
GIT

Files

  1.   3feee02724dd32c496b8ed47782cce3fb03ad8e2
  2.   src
  3.   setexecfilecon.c
Blob Blame History Raw 
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include "selinux_internal.h"
#include "context_internal.h"

int setexecfilecon(const char *filename, const char *fallback_type)
{
	char * mycon = NULL, *fcon = NULL, *newcon = NULL;
	context_t con = NULL;
	int rc = 0;

	if (is_selinux_enabled() < 1)
		return 0;

	rc = getcon(&mycon);
	if (rc < 0)
		goto out;

	rc = getfilecon(filename, &fcon);
	if (rc < 0)
		goto out;

	rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &newcon);
	if (rc < 0)
		goto out;

	if (!strcmp(mycon, newcon)) {
		/* No default transition, use fallback_type for now. */
		rc = -1;
		con = context_new(mycon);
		if (!con)
			goto out;
		if (context_type_set(con, fallback_type))
			goto out;
		freecon(newcon);
		newcon = strdup(context_str(con));
		if (!newcon)
			goto out;
		rc = 0;
	}

	rc = setexeccon(newcon);
	if (rc < 0)
		goto out;
      out:

	if (rc < 0 && security_getenforce() == 0)
		rc = 0;

	context_free(con);
	freecon(newcon);
	freecon(fcon);
	freecon(mycon);
	return rc < 0 ? rc : 0;
}

#ifndef DISABLE_RPM
int rpm_execcon(unsigned int verified __attribute__ ((unused)),
		const char *filename, char *const argv[], char *const envp[])
{
	int rc;

	rc = setexecfilecon(filename, "rpm_script_t");
	if (rc < 0)
		return rc;

	return execve(filename, argv, envp);
}
#endif

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation