Merge remote-tracking branch 'toybox/master' into HEAD am: 37852b74a7 am: 6e78ae7824

[android-x86/external-toybox.git] / lib / lsm.h

diff --git a/lib/lsm.h b/lib/lsm.h
index b16138a..e21d424 100644 (file)
--- a/lib/lsm.h
+++ b/lib/lsm.h
@@ -3,10 +3,13 @@
  * Copyright 2015 Rob Landley <rob@landley.net>
  */
 
+#include <sys/xattr.h>
+
 #if CFG_TOYBOX_SELINUX
 #include <selinux/selinux.h>
 #else
 #define is_selinux_enabled() 0
+#define setfscreatecon(...) (-1)
 #define getcon(...) (-1)
 #define getfilecon(...) (-1)
 #define lgetfilecon(...) (-1)
@@ -18,15 +21,17 @@
 
 #if CFG_TOYBOX_SMACK
 #include <sys/smack.h>
-#include <sys/xattr.h>
 #include <linux/xattr.h>
 #else
+#ifndef XATTR_NAME_SMACK
 #define XATTR_NAME_SMACK 0
+#endif
 //ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
 #define smack_smackfs_path(...) (-1)
 #define smack_new_label_from_self(...) (-1)
 #define smack_new_label_from_path(...) (-1)
 #define smack_new_label_from_file(...) (-1)
+#define smack_set_label_for_self(...) (-1)
 #define smack_set_label_for_path(...) (-1)
 #define smack_set_label_for_file(...) (-1)
 #endif
@@ -38,6 +43,14 @@ static inline int lsm_enabled(void)
   else return is_selinux_enabled() == 1;
 }
 
+static inline char *lsm_name(void)
+{
+  if (CFG_TOYBOX_SMACK) return "Smack";
+  if (CFG_TOYBOX_SELINUX) return "SELinux";
+
+  return "LSM";
+}
+
 // Fetch this process's lsm context
 static inline char *lsm_context(void)
 {
@@ -50,6 +63,14 @@ static inline char *lsm_context(void)
   return ok ? result : strdup("?");
 }
 
+// Set default label to apply to newly created stuff (NULL to clear it)
+static inline int lsm_set_create(char *context)
+{
+  if (CFG_TOYBOX_SMACK) return smack_set_label_for_self(context);
+  else return setfscreatecon(context);
+}
+
+// Label a file, following symlinks
 static inline int lsm_set_context(char *filename, char *context)
 {
   if (CFG_TOYBOX_SMACK)
@@ -57,6 +78,7 @@ static inline int lsm_set_context(char *filename, char *context)
   else return setfilecon(filename, context);
 }
 
+// Label a file, don't follow symlinks
 static inline int lsm_lset_context(char *filename, char *context)
 {
   if (CFG_TOYBOX_SMACK)
@@ -64,6 +86,7 @@ static inline int lsm_lset_context(char *filename, char *context)
   else return lsetfilecon(filename, context);
 }
 
+// Label a file by filehandle
 static inline int lsm_fset_context(int file, char *context)
 {
   if (CFG_TOYBOX_SMACK)
@@ -71,7 +94,6 @@ static inline int lsm_fset_context(int file, char *context)
   else return fsetfilecon(file, context);
 }
 
-
 // returns -1 in case of error or else the length of the context */
 // context can be NULL to get the length only */
 static inline int lsm_get_context(char *filename, char **context)