1#include <sys/syscall.h> 2#include <unistd.h> 3#include <fcntl.h> 4#include <string.h> 5#include <stdlib.h> 6#include <stdio.h> 7#include <errno.h> 8#include "selinux_internal.h" 9#include "policy.h" 10 11#ifdef HOST 12static pid_t gettid(void) 13{ 14 return syscall(__NR_gettid); 15} 16#endif 17 18static int getprocattrcon(security_context_t * context, 19 pid_t pid, const char *attr) 20{ 21 char *path, *buf; 22 size_t size; 23 int fd, rc; 24 ssize_t ret; 25 pid_t tid; 26 int errno_hold; 27 28 if (pid > 0) 29 rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); 30 else { 31 tid = gettid(); 32 rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); 33 } 34 if (rc < 0) 35 return -1; 36 37 fd = open(path, O_RDONLY); 38 free(path); 39 if (fd < 0) 40 return -1; 41 42 size = selinux_page_size; 43 buf = malloc(size); 44 if (!buf) { 45 ret = -1; 46 goto out; 47 } 48 memset(buf, 0, size); 49 50 do { 51 ret = read(fd, buf, size - 1); 52 } while (ret < 0 && errno == EINTR); 53 if (ret < 0) 54 goto out2; 55 56 if (ret == 0) { 57 *context = NULL; 58 goto out2; 59 } 60 61 *context = strdup(buf); 62 if (!(*context)) { 63 ret = -1; 64 goto out2; 65 } 66 ret = 0; 67 out2: 68 free(buf); 69 out: 70 errno_hold = errno; 71 close(fd); 72 errno = errno_hold; 73 return ret; 74} 75 76static int setprocattrcon(security_context_t context, 77 pid_t pid, const char *attr) 78{ 79 char *path; 80 int fd, rc; 81 pid_t tid; 82 ssize_t ret; 83 int errno_hold; 84 85 if (pid > 0) 86 rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); 87 else { 88 tid = gettid(); 89 rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); 90 } 91 if (rc < 0) 92 return -1; 93 94 fd = open(path, O_RDWR); 95 free(path); 96 if (fd < 0) 97 return -1; 98 if (context) 99 do { 100 ret = write(fd, context, strlen(context) + 1); 101 } while (ret < 0 && errno == EINTR); 102 else 103 do { 104 ret = write(fd, NULL, 0); /* clear */ 105 } while (ret < 0 && errno == EINTR); 106 errno_hold = errno; 107 close(fd); 108 errno = errno_hold; 109 if (ret < 0) 110 return -1; 111 else 112 return 0; 113} 114 115#define getselfattr_def(fn, attr) \ 116 int get##fn(security_context_t *c) \ 117 { \ 118 return getprocattrcon(c, 0, #attr); \ 119 } 120 121#define setselfattr_def(fn, attr) \ 122 int set##fn(const security_context_t c) \ 123 { \ 124 return setprocattrcon(c, 0, #attr); \ 125 } 126 127#define all_selfattr_def(fn, attr) \ 128 getselfattr_def(fn, attr) \ 129 setselfattr_def(fn, attr) 130 131#define getpidattr_def(fn, attr) \ 132 int get##fn(pid_t pid, security_context_t *c) \ 133 { \ 134 return getprocattrcon(c, pid, #attr); \ 135 } 136 137all_selfattr_def(con, current) 138 getpidattr_def(pidcon, current) 139 getselfattr_def(prevcon, prev) 140 all_selfattr_def(execcon, exec) 141 all_selfattr_def(fscreatecon, fscreate) 142 all_selfattr_def(sockcreatecon, sockcreate) 143 all_selfattr_def(keycreatecon, keycreate) 144 145 hidden_def(getcon_raw) 146 hidden_def(getcon) 147 hidden_def(getexeccon_raw) 148 hidden_def(getfilecon_raw) 149 hidden_def(getfilecon) 150 hidden_def(getfscreatecon_raw) 151 hidden_def(getkeycreatecon_raw) 152 hidden_def(getpeercon_raw) 153 hidden_def(getpidcon_raw) 154 hidden_def(getprevcon_raw) 155 hidden_def(getprevcon) 156 hidden_def(getsockcreatecon_raw) 157 hidden_def(setcon_raw) 158 hidden_def(setexeccon_raw) 159 hidden_def(setexeccon) 160 hidden_def(setfilecon_raw) 161 hidden_def(setfscreatecon_raw) 162 hidden_def(setkeycreatecon_raw) 163 hidden_def(setsockcreatecon_raw) 164