libselinux/libselinux-rhat.patch
cvsdist f9343ddbdd auto-import changelog data from libselinux-1.13-1.src.rpm
Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
- add man patch
Fri May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update with latest from NSA
2004-09-09 07:42:46 +00:00

324 lines
9.5 KiB
Diff

--- /dev/null 2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/src/selinux_config.c 2004-05-26 15:03:15.506622384 -0400
@@ -0,0 +1,119 @@
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#define SELINUXDIR "/etc/selinux/"
+#define SELINUXDEFAULT "targeted"
+#define SELINUXTYPETAG "SELINUXTYPE="
+#define SELINUXTAG "SELINUX="
+
+static char *file_context=NULL;
+static char *default_type=NULL;
+static char *default_policy=NULL;
+static char *default_context=NULL;
+static char *failsafe_context=NULL;
+
+int selinux_getenforcemode(int *enforce) {
+ int ret=-1;
+ FILE *cfg = fopen("/etc/sysconfig/selinux","r");
+ char buf[4097];
+ int len=sizeof(SELINUXTAG)-1;
+ if (cfg) {
+ while (fgets(buf, 4096, cfg)) {
+ if (strncmp(buf,SELINUXTAG,len))
+ continue;
+ if (!strncmp(buf+len,"enforcing",sizeof("enforcing")-1)) {
+ *enforce = 1;
+ ret=0;
+ break;
+ } else if (!strncmp(buf+len,"permissive",sizeof("permissive")-1)) {
+ *enforce = 0;
+ ret=0;
+ break;
+ } else if (!strncmp(buf+len,"disabled",sizeof("disabled")-1)) {
+ *enforce = -1;
+ ret=0;
+ break;
+ }
+ }
+ fclose(cfg);
+ }
+ return ret;
+}
+
+static char *selinux_policyroot = NULL;
+
+static void init_selinux_policyroot(void) __attribute__ ((constructor));
+
+static void init_selinux_policyroot(void)
+{
+ char *type=SELINUXDEFAULT;
+ int i=0, len=sizeof(SELINUXTYPETAG)-1;
+ char buf[4097];
+ FILE *cfg;
+ if (selinux_policyroot) return;
+ cfg = fopen("/etc/sysconfig/selinux","r");
+ if (cfg) {
+ while (fgets(buf, 4096, cfg)) {
+ if (strncmp(buf,SELINUXTYPETAG,len))
+ continue;
+ type=buf+len;
+ }
+ fclose(cfg);
+ }
+ i=strlen(type)-1;
+ while ((i>=0) &&
+ (isspace(type[i]) || iscntrl(type[i]))) {
+ type[i]=0;
+ i--;
+ }
+ len=sizeof(SELINUXDIR) + strlen(type);
+ selinux_policyroot=malloc(len);
+ snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
+}
+
+char *selinux_default_type_path() {
+ if (!default_type) {
+ default_type=malloc(PATH_MAX);
+ snprintf(default_type, PATH_MAX, "%s/contexts/default_type", selinux_policyroot);
+ }
+ return default_type;
+}
+
+char *selinux_policy_root() {
+ return selinux_policyroot;
+}
+
+char *selinux_default_context_path() {
+ if (!default_context) {
+ default_context=malloc(PATH_MAX);
+ snprintf(default_context, PATH_MAX, "%s/contexts/default_contexts", selinux_policyroot);
+ }
+ return default_context;
+}
+
+char *selinux_failsafe_context_path() {
+ if (!failsafe_context) {
+ failsafe_context=malloc(PATH_MAX);
+ snprintf(failsafe_context, PATH_MAX, "%s/contexts/failsafe_contexts", selinux_policyroot);
+ }
+ return failsafe_context;
+}
+
+char *selinux_binary_policy_path() {
+ if (!default_policy) {
+ default_policy=malloc(PATH_MAX);
+ snprintf(default_policy, PATH_MAX, "%s/policy/policy", selinux_policyroot);
+ }
+ return default_policy;
+}
+
+char *selinux_file_context_path() {
+ if (!file_context) {
+ file_context=malloc(PATH_MAX);
+ snprintf(file_context, PATH_MAX-1, "%s/contexts/file_contexts", selinux_policyroot);
+ }
+ return file_context;
+}
--- libselinux-1.13/src/matchpathcon.c.rhat 2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/src/matchpathcon.c 2004-05-26 14:36:00.588167768 -0400
@@ -196,7 +196,7 @@
spec_t *spec_copy;
/* Open the specification file. */
- if ((fp = fopen(FILECONTEXTS, "r")) == NULL)
+ if ((fp = fopen(selinux_file_context_path(), "r")) == NULL)
return -1;
/*
--- libselinux-1.13/src/get_context_list.c.rhat 2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/src/get_context_list.c 2004-05-26 14:36:00.591167312 -0400
@@ -255,7 +255,7 @@
}
else if (which == SYSTEMPRIORITY)
{
- config_file = fopen (_DEFCONTEXT_PATH, "r");
+ config_file = fopen (selinux_default_context_path(), "r");
}
else
{
@@ -390,7 +390,7 @@
size_t plen, nlen;
int rc;
- fp = fopen(_FAILSAFECONTEXT_PATH, "r");
+ fp = fopen(selinux_failsafe_context_path(), "r");
if (!fp)
return -1;
--- libselinux-1.13/src/get_default_type.c.rhat 2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/src/get_default_type.c 2004-05-26 14:36:00.593167008 -0400
@@ -10,7 +10,7 @@
{
FILE* fp=NULL;
- fp = fopen (_DEFTYPE_PATH, "r");
+ fp = fopen (selinux_default_type_path(), "r");
if (!fp)
return -1;
--- libselinux-1.13/include/selinux/get_default_type.h.rhat 2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/include/selinux/get_default_type.h 2004-05-26 14:37:35.995663624 -0400
@@ -5,7 +5,7 @@
#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
#define _SELINUX_GET_DEFAULT_TYPE_H_
-#define _DEFTYPE_PATH "/etc/security/default_type"
+char *selinux_default_type_path();
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
Caller must free via free().
--- libselinux-1.13/include/selinux/selinux.h.rhat 2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/include/selinux/selinux.h 2004-05-26 15:06:05.799733896 -0400
@@ -72,12 +72,6 @@
/* Wrappers for the selinuxfs (policy) API. */
-/* Mount point for selinuxfs. */
-#define SELINUXMNT "/selinux/"
-
-/* Default pathname for policy configuration, without version number. */
-#define SELINUXPOLICY "/etc/security/selinux/policy"
-
typedef unsigned int access_vector_t;
typedef unsigned short security_class_t;
@@ -168,4 +162,22 @@
mode_t mode,
security_context_t *con);
+/*
+ selinux_getenforcemode reads the /etc/sysconfig/selinux file and determines
+ whether the machine should be started in enforcing (1), permissive (0) or
+ disabled (-1) mode.
+ */
+int selinux_getenforcemode(int *enforce);
+
+/*
+ selinux_policy_root is set within the init_selinux_policyroot constructor
+ which reads the /etc/sysconfig/selinux file and determines
+ where the compiled policy file and contexts files exist.
+ */
+char *selinux_policy_root();
+char *selinux_binary_policy_path();
+char *selinux_failsafe_context_path();
+char *selinux_default_context_path();
+char *selinux_file_context_path();
+
#endif
--- libselinux-1.13/include/selinux/get_context_list.h.rhat 2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/include/selinux/get_context_list.h 2004-05-26 14:36:00.595166704 -0400
@@ -3,8 +3,6 @@
#include <selinux/selinux.h>
-#define _DEFCONTEXT_PATH "/etc/security/default_contexts"
-#define _FAILSAFECONTEXT_PATH "/etc/security/failsafe_context"
#define SELINUX_DEFAULTUSER "user_u"
/* Get an ordered list of authorized security contexts for a user session
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/man/man3/selinux_policyroot.3 2004-05-26 14:36:00.596166552 -0400
@@ -0,0 +1,17 @@
+.TH "selinux_policyroot" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+selinux_policyroot \- return the path of the SELinux policy files for this machine.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B char *selinux_policyroot();
+.br
+
+.SH "DESCRIPTION"
+.B selinux_policyroot
+Reads the contents of the /etc/sysconfig/selinux file to determine which policy files should be used for this machine.
+.SH "RETURN VALUE"
+On success, returns a directory path containing the SELinux policy files.
+On failure, NULL is returned.
+
+
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/man/man3/selinux_getenforcemode.3 2004-05-26 14:36:00.597166400 -0400
@@ -0,0 +1,22 @@
+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+selinux_getenforcemode \- get the enforcing state of SE Linux
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int selinux_getenforcemode(int *enforce);
+.br
+
+.SH "DESCRIPTION"
+.B selinux_getenforcemode
+Reads the contents of the /etc/sysconfig/selinux file to determine how the
+system was setup to run SELinux.
+.br
+Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
+Sets the value of enforce to 0 if SELinux should be run in permissive mode.
+Sets the value of enforce to -1 if SELinux should be disabled.
+.SH "RETURN VALUE"
+On success, zero is returned.
+On failure, -1 is returned.
+
+
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/utils/getenforcemode.c 2004-05-26 14:36:00.598166248 -0400
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc __attribute__ ((unused)), char **argv)
+{
+ int ret;
+ int enforce;
+ ret = selinux_getenforcemode(&enforce);
+ if (ret) {
+ fprintf(stderr, "%s: selinux_getenforcemode() failed\n", argv[0]);
+ exit(2);
+ }
+
+ switch(enforce) {
+ case 1:
+ printf("Enforcing\n");
+ break;
+
+ case 0:
+ printf("Permissive\n");
+ break;
+
+ case -1:
+ printf("Disabled\n");
+ break;
+
+ }
+ exit(0);
+}
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/utils/selinuxconfig.c 2004-05-26 15:05:07.827547008 -0400
@@ -0,0 +1,17 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+#include <selinux/get_default_type.h>
+
+int main(int argc __attribute__ ((unused)), char **argv)
+{
+ printf("policypath=\"%s\"\n", selinux_policy_root());
+ printf("default_type_path=\"%s\"\n", selinux_default_type_path());
+ printf("default_context_path=\"%s\"\n", selinux_default_context_path());
+ printf("default_failsafe_context_path=\"%s\"\n", selinux_failsafe_context_path());
+ printf("binary_policy_path=\"%s\"\n", selinux_binary_policy_path());
+ printf("file_contexts_path=\"%s\"\n", selinux_file_context_path());
+ exit(0);
+
+}