changeset 11787:c51247a03b74

selinux-at: new module Initially written for coreutils, this module will soon be used by findutils, too. * MODULES.html.sh [Misc]: Add selinux-at. * lib/selinux-at.h: New file, from coreutils. * lib/selinux-at.c: Likewise. * modules/selinux-at: Likewise. (License): Change from LGPL to GPL, since it depends on the GPL'd openat module.
author Jim Meyering <meyering@redhat.com>
date Thu, 06 Aug 2009 14:15:23 +0200
parents 51e19b43ff65
children 8d6e2578c4fb
files ChangeLog MODULES.html.sh lib/selinux-at.c lib/selinux-at.h modules/selinux-at
diffstat 5 files changed, 154 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2009-08-06  Jim Meyering  <meyering@redhat.com>
 
+	selinux-at: new module
+	Initially written for coreutils, this module will soon be
+	used by findutils, too.
+	* MODULES.html.sh [Misc]: Add selinux-at.
+	* lib/selinux-at.h: New file, from coreutils.
+	* lib/selinux-at.c: Likewise.
+	* modules/selinux-at: Likewise.
+	(License): Change from LGPL to GPL, since it depends
+	on the GPL'd openat module.
+
 	doc: update README
 	* README: Remove references to cogito.
 	Remove cvs-repo-updating instructions from 2007.
--- a/MODULES.html.sh
+++ b/MODULES.html.sh
@@ -3114,6 +3114,7 @@
   func_module quote
   func_module readutmp
   func_module random_r
+  func_module selinux-at
   func_module sysexits
   func_module u64
   func_module verror
new file mode 100644
--- /dev/null
+++ b/lib/selinux-at.c
@@ -0,0 +1,88 @@
+/* openat-style fd-relative functions for SE Linux
+   Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+/* written by Jim Meyering */
+
+#include <config.h>
+
+#include "selinux-at.h"
+#include "openat.h"
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */
+#include "save-cwd.h"
+
+#include "openat-priv.h"
+
+#define AT_FUNC_NAME getfileconat
+#define AT_FUNC_F1 getfilecon
+#define AT_FUNC_F2 getfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+#define AT_FUNC_NAME lgetfileconat
+#define AT_FUNC_F1 lgetfilecon
+#define AT_FUNC_F2 lgetfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+#define AT_FUNC_NAME setfileconat
+#define AT_FUNC_F1 setfilecon
+#define AT_FUNC_F2 setfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+#define AT_FUNC_NAME lsetfileconat
+#define AT_FUNC_F1 lsetfilecon
+#define AT_FUNC_F2 lsetfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
new file mode 100644
--- /dev/null
+++ b/lib/selinux-at.h
@@ -0,0 +1,23 @@
+/* Prototypes for openat-style fd-relative SELinux functions
+   Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+
+int  getfileconat (int fd, char const *file, security_context_t *con);
+int lgetfileconat (int fd, char const *file, security_context_t *con);
+int  setfileconat (int fd, char const *file, security_context_t con);
+int lsetfileconat (int fd, char const *file, security_context_t con);
new file mode 100644
--- /dev/null
+++ b/modules/selinux-at
@@ -0,0 +1,32 @@
+Description:
+openat-style fd-relative functions for SE Linux
+
+Files:
+lib/selinux-at.c
+lib/selinux-at.h
+
+Depends-on:
+openat
+selinux-h
+
+configure.ac:
+AC_CHECK_HEADERS([selinux/flask.h])
+AC_LIBOBJ([selinux-at])
+gl_save_LIBS=$LIBS
+  LIB_SELINUX=
+  AC_SEARCH_LIBS([setfilecon], [selinux],
+                 [test "$ac_cv_search_setfilecon" = "none required" ||
+                  LIB_SELINUX=$ac_cv_search_setfilecon])
+  AC_SUBST(LIB_SELINUX)
+LIBS=$gl_save_LIBS
+
+Makefile.am:
+
+Include:
+selinux-at.h
+
+License:
+GPL
+
+Maintainer:
+Jim Meyering