1 /* 2 * User-supplied callbacks and default implementations. 3 * Class and permission mappings. 4 */ 5 6 #include <stdio.h> 7 #include <stdlib.h> 8 #include <stdarg.h> 9 #include <errno.h> 10 #include <selinux/selinux.h> 11 #include "callbacks.h" 12 13 /* default implementations */ 14 static int __attribute__ ((format(printf, 2, 3))) 15 default_selinux_log(int type __attribute__((unused)), const char *fmt, ...) 16 { 17 int rc; 18 va_list ap; 19 va_start(ap, fmt); 20 rc = vfprintf(stderr, fmt, ap); 21 va_end(ap); 22 return rc; 23 } 24 25 static int 26 default_selinux_audit(void *ptr __attribute__((unused)), 27 security_class_t cls __attribute__((unused)), 28 char *buf __attribute__((unused)), 29 size_t len __attribute__((unused))) 30 { 31 return 0; 32 } 33 34 static int 35 default_selinux_validate(char **ctx) 36 { 37 #ifndef BUILD_HOST 38 return security_check_context(*ctx); 39 #else 40 (void) ctx; 41 return 0; 42 #endif 43 } 44 45 static int 46 default_selinux_setenforce(int enforcing __attribute__((unused))) 47 { 48 return 0; 49 } 50 51 static int 52 default_selinux_policyload(int seqno __attribute__((unused))) 53 { 54 return 0; 55 } 56 57 /* callback pointers */ 58 int __attribute__ ((format(printf, 2, 3))) 59 (*selinux_log)(int, const char *, ...) = 60 default_selinux_log; 61 62 int 63 (*selinux_audit) (void *, security_class_t, char *, size_t) = 64 default_selinux_audit; 65 66 int 67 (*selinux_validate)(char **ctx) = 68 default_selinux_validate; 69 70 int 71 (*selinux_netlink_setenforce) (int enforcing) = 72 default_selinux_setenforce; 73 74 int 75 (*selinux_netlink_policyload) (int seqno) = 76 default_selinux_policyload; 77 78 /* callback setting function */ 79 void 80 selinux_set_callback(int type, union selinux_callback cb) 81 { 82 switch (type) { 83 case SELINUX_CB_LOG: 84 selinux_log = cb.func_log; 85 break; 86 case SELINUX_CB_AUDIT: 87 selinux_audit = cb.func_audit; 88 break; 89 case SELINUX_CB_VALIDATE: 90 selinux_validate = cb.func_validate; 91 break; 92 case SELINUX_CB_SETENFORCE: 93 selinux_netlink_setenforce = cb.func_setenforce; 94 break; 95 case SELINUX_CB_POLICYLOAD: 96 selinux_netlink_policyload = cb.func_policyload; 97 break; 98 } 99 } 100 101 /* callback getting function */ 102 union selinux_callback 103 selinux_get_callback(int type) 104 { 105 union selinux_callback cb; 106 107 switch (type) { 108 case SELINUX_CB_LOG: 109 cb.func_log = selinux_log; 110 break; 111 case SELINUX_CB_AUDIT: 112 cb.func_audit = selinux_audit; 113 break; 114 case SELINUX_CB_VALIDATE: 115 cb.func_validate = selinux_validate; 116 break; 117 case SELINUX_CB_SETENFORCE: 118 cb.func_setenforce = selinux_netlink_setenforce; 119 break; 120 case SELINUX_CB_POLICYLOAD: 121 cb.func_policyload = selinux_netlink_policyload; 122 break; 123 default: 124 memset(&cb, 0, sizeof(cb)); 125 errno = EINVAL; 126 break; 127 } 128 return cb; 129 } 130