- Add is_customizable_types function call

2005-01-12 14:37:21 +00:00 · 2005-01-12 14:37:21 +00:00 · ae6f77c9ad
commit ae6f77c9ad
parent dffd9eaafd
2 changed files with 158 additions and 10 deletions
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -1,10 +1,152 @@
--- libselinux-1.19.3/utils/avcstat.c.rhat	2004-12-03 14:40:34.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.20.1/include/selinux/selinux.h
-+++ libselinux-1.19.3/utils/avcstat.c	2004-12-27 06:48:49.000000000 -0500
+--- nsalibselinux/include/selinux/selinux.h	2004-12-03 14:40:05.000000000 -0500
-@@ -166,6 +166,7 @@
+++ libselinux-1.20.1/include/selinux/selinux.h	2005-01-10 17:30:01.615342019 -0500
- 			       "hits", "misses", "allocs", "reclaims", "frees");
+@@ -226,6 +226,7 @@
 extern const char *selinux_media_context_path(void);
 extern const char *selinux_contexts_path(void);
 extern const char *selinux_booleans_path(void);
 +extern const char *selinux_customizable_types_path(void);
- 		memset(&tot, 0, sizeof(tot));
+ /* Check a permission in the passwd class.
-+		memset(&last, 0, sizeof(last));
+    Return 0 if granted or -1 otherwise. */
@@ -242,6 +243,10 @@
 		       const char *filename, 
 		       char *const argv[], char *const envp[]);
- 		while ((line = strtok(NULL, "\n"))) {
+/* Returns whether a file context is customizable, and should not 
- 			struct avc_cache_stats tmp;
+   be relabeled . */
 +extern int is_context_customizable (security_context_t scontext);
 +
 #ifdef __cplusplus
 }
 #endif
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-1.20.1/man/man3/is_context_customizable.3
 --- nsalibselinux/man/man3/is_context_customizable.3	1969-12-31 19:00:00.000000000 -0500
 +++ libselinux-1.20.1/man/man3/is_context_customizable.3	2005-01-10 17:30:01.617341793 -0500
@@ -0,0 +1,22 @@
 +.TH "is_context_customizable" "3" "10 January 2005" "dwalsh@redhat.com" "SELinux API documentation"
 +.SH "NAME"
 +is_context_customizable \- check whether context type is customizable by the administrator.
 +.SH "SYNOPSIS"
 +.B #include <selinux/selinux.h>
 +.sp
 +.B int is_context_customizable(security_context_t scon);
 +
 +.SH "DESCRIPTION"
 +.B is_context_customizable
 +.br
 +This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file.  A customizable type is a file context type that
 +administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
 +
 + 
 +.SH "RETURN VALUE"
 +returns 1 if security context is customizable or 0 if it is not. 
 +returns -1 on error
 +
 +.SH "FILE"
 +/etc/selinux/SELINUXTYPE/context/customizable_types
 +
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.20.1/src/file_path_suffixes.h
 --- nsalibselinux/src/file_path_suffixes.h	2004-10-20 16:31:36.000000000 -0400
 +++ libselinux-1.20.1/src/file_path_suffixes.h	2005-01-10 17:30:01.618341680 -0500
@@ -9,3 +9,4 @@
 S_(BOOLEANS, "/booleans")
 S_(MEDIA_CONTEXTS, "/contexts/files/media")
 S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
 +S_(CUSTOMIZABLE_TYPES, "/contexts/customizable_types")
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/is_customizable_type.c libselinux-1.20.1/src/is_customizable_type.c
 --- nsalibselinux/src/is_customizable_type.c	1969-12-31 19:00:00.000000000 -0500
 +++ libselinux-1.20.1/src/is_customizable_type.c	2005-01-10 17:47:59.567648626 -0500
@@ -0,0 +1,68 @@
 +#include <unistd.h>
 +#include <errno.h>
 +#include <stdio.h>
 +#include <stdlib.h>
 +#include <string.h>
 +#include <ctype.h>
 +#include <pwd.h>
 +#include <selinux/selinux.h>
 +
 +static int get_customizable_type_list (security_context_t **retlist)
 +{
 +	FILE *fp;
 +	char buf[4097];
 +	int ctr=0, i;
 +	security_context_t *list=NULL;
 +
 +	fp = fopen(selinux_customizable_types_path(), "r");
 +	if (!fp)
 +		return -1;
 +
 +	while (fgets_unlocked(buf, 4096, fp)) {
 +		ctr++;
 +	}
 +	rewind(fp);
 +	if (ctr) {
 +		list=(security_context_t *) calloc(sizeof(security_context_t *), ctr+1);
 +		if (list) {
 +		  i=0;
 +		  while (fgets_unlocked(buf, 4096, fp)) {
 +		    buf[strlen(buf)-1]=0;
 +		    list[i++]=(security_context_t) strdup(buf);
 +		    if (i>ctr) { 
 +		      /* Should never happen */
 +		      free(list);
 +		      list=NULL;
 +		      break;
 +		    }
 +		  }
 +		}
 +	}
 +	fclose(fp);
 +	if (!list)
 +		return -1;
 +	*retlist=list;
 +	return 0;
 +}
 +
 +static security_context_t *customizable_list=NULL;
 +
 +int is_context_customizable (security_context_t scontext) {
 +  int i;
 +  char *ptr;
 +  if (! customizable_list) {
 +    if (get_customizable_type_list(&customizable_list)!=0) 
 +      return -1;
 +  }
 +  
 +  ptr=strrchr(scontext, ':');
 +  if (ptr) {
 +	  ptr++;
 +  } else {
 +	  ptr=scontext;
 +  }
 +  for (i = 0; customizable_list[i]; i++) {
 +    if (strcmp(customizable_list[i],ptr) == 0) return 1;
 +  }
 +  return 0;
 +}
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.20.1/src/selinux_config.c
 --- nsalibselinux/src/selinux_config.c	2004-10-20 16:31:36.000000000 -0400
 +++ libselinux-1.20.1/src/selinux_config.c	2005-01-10 17:30:01.838316846 -0500
@@ -26,7 +26,8 @@
 #define BOOLEANS          7
 #define MEDIA_CONTEXTS    8
 #define REMOVABLE_CONTEXT 9
 -#define NEL               10
 +#define CUSTOMIZABLE_TYPES    10
 +#define NEL               11
 /* New layout is relative to SELINUXDIR/policytype. */
 static char *file_paths[NEL];
@@ -211,6 +212,10 @@
   return get_path(MEDIA_CONTEXTS);
 }
 +const char *selinux_customizable_types_path() {
 +  return get_path(CUSTOMIZABLE_TYPES);
 +}
 +
 const char *selinux_contexts_path() {
   return get_path(CONTEXTS_DIR);
 }
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,10 +1,12 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.20.1
-Release: 1
+Release: 2
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
 Patch: libselinux-rhat.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
 %description
@ -33,6 +35,7 @@ needed for developing SELinux applications.
 %prep
 %setup -q
 %patch -p1 -b .rhat
 %build
 make CFLAGS="-g %{optflags}"
@ -83,6 +86,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man8/*
 %changelog
 * Wed Jan 12 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-2
 - Add is_customizable_types function call
 * Fri Jan 7 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-1
 - Update to latest from upstream
 	* Just changing version number to match upstream