1 /* lsm.h - header file for lib directory
2  *
3  * Copyright 2015 Rob Landley <rob@landley.net>
4  */
5 
6 #include <sys/xattr.h>
7 
8 #if CFG_TOYBOX_SELINUX
9 #include <selinux/selinux.h>
10 #else
11 #define is_selinux_enabled() 0
12 #define setfscreatecon(...) (-1)
13 #define getcon(...) (-1)
14 #define getfilecon(...) (-1)
15 #define lgetfilecon(...) (-1)
16 #define fgetfilecon(...) (-1)
17 #define setfilecon(...) (-1)
18 #define lsetfilecon(...) (-1)
19 #define fsetfilecon(...) (-1)
20 #endif
21 
22 #if CFG_TOYBOX_SMACK
23 #include <sys/smack.h>
24 #include <linux/xattr.h>
25 #else
26 #ifndef XATTR_NAME_SMACK
27 #define XATTR_NAME_SMACK 0
28 #endif
29 //ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
30 #define smack_smackfs_path(...) (-1)
31 #define smack_new_label_from_self(...) (-1)
32 #define smack_new_label_from_path(...) (-1)
33 #define smack_new_label_from_file(...) (-1)
34 #define smack_set_label_for_self(...) (-1)
35 #define smack_set_label_for_path(...) (-1)
36 #define smack_set_label_for_file(...) (-1)
37 #endif
38 
39 // This turns into "return 0" when no LSM and lets code optimize out.
lsm_enabled(void)40 static inline int lsm_enabled(void)
41 {
42   if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
43   else return is_selinux_enabled() == 1;
44 }
45 
lsm_name(void)46 static inline char *lsm_name(void)
47 {
48   if (CFG_TOYBOX_SMACK) return "Smack";
49   if (CFG_TOYBOX_SELINUX) return "SELinux";
50 
51   return "LSM";
52 }
53 
54 // Fetch this process's lsm context
lsm_context(void)55 static inline char *lsm_context(void)
56 {
57   int ok = 0;
58   char *result;
59 
60   if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
61   else ok = getcon(&result) == 0;
62 
63   return ok ? result : strdup("?");
64 }
65 
66 // Set default label to apply to newly created stuff (NULL to clear it)
lsm_set_create(char * context)67 static inline int lsm_set_create(char *context)
68 {
69   if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context);
70   else return setfscreatecon(context);
71 }
72 
73 // Label a file, following symlinks
lsm_set_context(char * filename,char * context)74 static inline int lsm_set_context(char *filename, char *context)
75 {
76   if (CFG_TOYBOX_SMACK)
77     return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
78   else return setfilecon(filename, context);
79 }
80 
81 // Label a file, don't follow symlinks
lsm_lset_context(char * filename,char * context)82 static inline int lsm_lset_context(char *filename, char *context)
83 {
84   if (CFG_TOYBOX_SMACK)
85     return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
86   else return lsetfilecon(filename, context);
87 }
88 
89 // Label a file by filehandle
lsm_fset_context(int file,char * context)90 static inline int lsm_fset_context(int file, char *context)
91 {
92   if (CFG_TOYBOX_SMACK)
93     return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
94   else return fsetfilecon(file, context);
95 }
96 
97 // returns -1 in case of error or else the length of the context */
98 // context can be NULL to get the length only */
lsm_get_context(char * filename,char ** context)99 static inline int lsm_get_context(char *filename, char **context)
100 {
101   if (CFG_TOYBOX_SMACK)
102     return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
103   else return getfilecon(filename, context);
104 }
105 
lsm_lget_context(char * filename,char ** context)106 static inline int lsm_lget_context(char *filename, char **context)
107 {
108   if (CFG_TOYBOX_SMACK)
109     return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
110   else return lgetfilecon(filename, context);
111 }
112 
lsm_fget_context(int file,char ** context)113 static inline int lsm_fget_context(int file, char **context)
114 {
115   if (CFG_TOYBOX_SMACK)
116     return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
117   return fgetfilecon(file, context);
118 }
119