rpm 5.3.12
|
00001 00005 #include "system.h" 00006 00007 #if defined(WITH_SELINUX) 00008 #include <selinux/selinux.h> 00009 #if defined(__LCLINT__) 00010 /*@-incondefs@*/ 00011 extern void freecon(/*@only@*/ security_context_t con) 00012 /*@modifies con @*/; 00013 00014 extern int getfilecon(const char *path, /*@out@*/ security_context_t *con) 00015 /*@modifies *con @*/; 00016 extern int lgetfilecon(const char *path, /*@out@*/ security_context_t *con) 00017 /*@modifies *con @*/; 00018 extern int fgetfilecon(int fd, /*@out@*/ security_context_t *con) 00019 /*@modifies *con @*/; 00020 00021 extern int setfilecon(const char *path, security_context_t con) 00022 /*@globals fileSystem @*/ 00023 /*@modifies fileSystem @*/; 00024 extern int lsetfilecon(const char *path, security_context_t con) 00025 /*@globals fileSystem @*/ 00026 /*@modifies fileSystem @*/; 00027 extern int fsetfilecon(int fd, security_context_t con) 00028 /*@globals fileSystem @*/ 00029 /*@modifies fileSystem @*/; 00030 00031 extern int getcon(/*@out@*/ security_context_t *con) 00032 /*@modifies *con @*/; 00033 extern int getexeccon(/*@out@*/ security_context_t *con) 00034 /*@modifies *con @*/; 00035 extern int setexeccon(security_context_t con) 00036 /*@globals fileSystem @*/ 00037 /*@modifies fileSystem @*/; 00038 00039 extern int security_check_context(security_context_t con) 00040 /*@globals fileSystem @*/ 00041 /*@modifies fileSystem @*/; 00042 extern int security_getenforce(void) 00043 /*@globals fileSystem @*/ 00044 /*@modifies fileSystem @*/; 00045 00046 extern int is_selinux_enabled(void) 00047 /*@globals fileSystem @*/ 00048 /*@modifies fileSystem @*/; 00049 /*@=incondefs@*/ 00050 #endif 00051 #endif 00052 00053 #define _RPMSX_INTERNAL 00054 #include <rpmsx.h> 00055 #include <rpmlog.h> 00056 #include <rpmmacro.h> 00057 00058 #include "debug.h" 00059 00060 /*@unchecked@*/ 00061 int _rpmsx_debug = 0; 00062 00063 /*@unchecked@*/ /*@relnull@*/ 00064 rpmsx _rpmsxI = NULL; 00065 00066 static void rpmsxFini(void * _sx) 00067 /*@globals fileSystem @*/ 00068 /*@modifies *_sx, fileSystem @*/ 00069 { 00070 rpmsx sx = _sx; 00071 00072 #if defined(WITH_SELINUX) 00073 if (sx->fn) 00074 matchpathcon_fini(); 00075 #endif 00076 sx->flags = 0; 00077 sx->fn = _free(sx->fn); 00078 } 00079 00080 /*@unchecked@*/ /*@only@*/ /*@null@*/ 00081 rpmioPool _rpmsxPool = NULL; 00082 00083 static rpmsx rpmsxGetPool(/*@null@*/ rpmioPool pool) 00084 /*@globals _rpmsxPool, fileSystem @*/ 00085 /*@modifies pool, _rpmsxPool, fileSystem @*/ 00086 { 00087 rpmsx sx; 00088 00089 if (_rpmsxPool == NULL) { 00090 _rpmsxPool = rpmioNewPool("sx", sizeof(*sx), -1, _rpmsx_debug, 00091 NULL, NULL, rpmsxFini); 00092 pool = _rpmsxPool; 00093 } 00094 return (rpmsx) rpmioGetPool(pool, sizeof(*sx)); 00095 } 00096 00097 rpmsx rpmsxNew(const char * fn, unsigned int flags) 00098 { 00099 rpmsx sx = rpmsxGetPool(_rpmsxPool); 00100 00101 sx->fn = NULL; 00102 sx->flags = flags; 00103 00104 #if defined(WITH_SELINUX) 00105 if (fn == NULL) 00106 fn = selinux_file_context_path(); 00107 if (sx->flags) 00108 set_matchpathcon_flags(sx->flags); 00109 { int rc; 00110 sx->fn = rpmGetPath(fn, NULL); 00111 rc = matchpathcon_init(sx->fn); 00112 /* If matchpathcon_init fails, turn off SELinux functionality. */ 00113 if (rc < 0) 00114 sx->fn = _free(sx->fn); 00115 } 00116 #endif 00117 return rpmsxLink(sx); 00118 } 00119 00120 /*@unchecked@*/ /*@null@*/ 00121 static const char * _rpmsxI_fn; 00122 /*@unchecked@*/ 00123 static int _rpmsxI_flags; 00124 00125 static rpmsx rpmsxI(void) 00126 /*@globals _rpmsxI @*/ 00127 /*@modifies _rpmsxI @*/ 00128 { 00129 if (_rpmsxI == NULL) 00130 _rpmsxI = rpmsxNew(_rpmsxI_fn, _rpmsxI_flags); 00131 return _rpmsxI; 00132 } 00133 00134 int rpmsxEnabled(/*@null@*/ rpmsx sx) 00135 { 00136 static int rc = 0; 00137 #if defined(WITH_SELINUX) 00138 static int oneshot = 0; 00139 00140 if (!oneshot) { 00141 rc = is_selinux_enabled(); 00142 if (_rpmsx_debug) 00143 fprintf(stderr, "<-- %s(%p) rc %d\n", __FUNCTION__, sx, rc); 00144 oneshot++; 00145 } 00146 #endif 00147 00148 return rc; 00149 } 00150 00151 const char * rpmsxMatch(rpmsx sx, const char *fn, mode_t mode) 00152 { 00153 const char * scon = NULL; 00154 00155 if (sx == NULL) sx = rpmsxI(); 00156 00157 #if defined(WITH_SELINUX) 00158 if (sx->fn) { 00159 static char nocon[] = ""; 00160 int rc = matchpathcon(fn, mode, (security_context_t *)&scon); 00161 if (rc < 0) 00162 scon = xstrdup(nocon); 00163 } 00164 #endif 00165 00166 if (_rpmsx_debug < 0 || (_rpmsx_debug > 0 && scon != NULL && *scon != '\0' &&strcmp("(null)", scon))) 00167 fprintf(stderr, "<-- %s(%p,%s,0%o) \"%s\"\n", __FUNCTION__, sx, fn, mode, scon); 00168 return scon; 00169 } 00170 00171 const char * rpmsxGetfilecon(rpmsx sx, const char *fn) 00172 { 00173 const char * scon = NULL; 00174 00175 if (sx == NULL) sx = rpmsxI(); 00176 00177 if (_rpmsx_debug) 00178 fprintf(stderr, "--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn); 00179 00180 #if defined(WITH_SELINUX) 00181 if (sx->fn && fn) { 00182 security_context_t _con = NULL; 00183 int rc = getfilecon(fn, &_con); 00184 if (rc > 0 && _con != NULL) 00185 scon = (const char *) _con; 00186 else 00187 freecon(_con); 00188 } 00189 #endif 00190 00191 if (_rpmsx_debug) 00192 fprintf(stderr, "<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon); 00193 return scon; 00194 } 00195 00196 int rpmsxSetfilecon(rpmsx sx, const char *fn, mode_t mode, 00197 const char * scon) 00198 { 00199 int rc = 0; 00200 00201 if (sx == NULL) sx = rpmsxI(); 00202 00203 if (_rpmsx_debug) 00204 fprintf(stderr, "--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn); 00205 00206 #if defined(WITH_SELINUX) 00207 if (sx->fn) { 00208 security_context_t _con = (security_context_t) 00209 (scon ? scon : rpmsxMatch(sx, fn, mode)); 00210 rc = setfilecon(fn, _con); 00211 if (scon == NULL) { /* XXX free lazy rpmsxMatch() string */ 00212 freecon(_con); 00213 _con = NULL; 00214 } 00215 } 00216 #endif 00217 00218 if (_rpmsx_debug) 00219 fprintf(stderr, "<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc); 00220 return rc; 00221 } 00222 00223 const char * rpmsxLgetfilecon(rpmsx sx, const char *fn) 00224 { 00225 const char * scon = NULL; 00226 00227 if (sx == NULL) sx = rpmsxI(); 00228 00229 if (_rpmsx_debug) 00230 fprintf(stderr, "--> %s(%p,%s) sxfn %s\n", __FUNCTION__, sx, fn, sx->fn); 00231 00232 #if defined(WITH_SELINUX) 00233 if (sx->fn && fn) { 00234 security_context_t _con = NULL; 00235 int rc = lgetfilecon(fn, &_con); 00236 if (rc > 0 && _con != NULL) 00237 scon = (const char *) _con; 00238 else 00239 freecon(_con); 00240 } 00241 #endif 00242 00243 if (_rpmsx_debug) 00244 fprintf(stderr, "<-- %s(%p,%s) scon %s\n", __FUNCTION__, sx, fn, scon); 00245 return scon; 00246 } 00247 00248 int rpmsxLsetfilecon(rpmsx sx, const char *fn, mode_t mode, 00249 const char * scon) 00250 { 00251 int rc = 0; 00252 00253 if (sx == NULL) sx = rpmsxI(); 00254 00255 if (_rpmsx_debug) 00256 fprintf(stderr, "--> %s(%p,%s,0%o,%s) sxfn %s\n", __FUNCTION__, sx, fn, mode, scon, sx->fn); 00257 00258 #if defined(WITH_SELINUX) 00259 if (sx->fn) { 00260 security_context_t _con = (security_context_t) 00261 (scon ? scon : rpmsxMatch(sx, fn, mode)); 00262 rc = lsetfilecon(fn, _con); 00263 if (scon == NULL) { /* XXX free lazy rpmsxMatch() string */ 00264 freecon(_con); 00265 _con = NULL; 00266 } 00267 } 00268 #endif 00269 00270 if (_rpmsx_debug) 00271 fprintf(stderr, "<-- %s(%p,%s,0%o,%s) rc %d\n", __FUNCTION__, sx, fn, mode, scon, rc); 00272 return rc; 00273 } 00274 00275 int rpmsxExec(rpmsx sx, int verified, const char ** argv) 00276 { 00277 int rc = -1; 00278 00279 if (sx == NULL) sx = rpmsxI(); 00280 00281 if (_rpmsx_debug) 00282 fprintf(stderr, "--> %s(%p,%d,%p)\n", __FUNCTION__, sx, verified, argv); 00283 00284 #if defined(WITH_SELINUX) 00285 rc = rpm_execcon(verified, argv[0], (char *const *)argv, environ); 00286 #endif 00287 00288 if (_rpmsx_debug) 00289 fprintf(stderr, "<-- %s(%p,%d,%p) rc %d\n", __FUNCTION__, sx, verified, argv, rc); 00290 return rc; 00291 }