1/* 2 * User-supplied callbacks and default implementations. 3 * Class and permission mappings. 4 */ 5 6#include <stdio.h> 7#include <stdlib.h> 8#include <stdarg.h> 9#include <errno.h> 10#include <selinux/selinux.h> 11#include "callbacks.h" 12 13/* default implementations */ 14static int __attribute__ ((format(printf, 2, 3))) 15default_selinux_log(int type __attribute__((unused)), const char *fmt, ...) 16{ 17 int rc; 18 va_list ap; 19 va_start(ap, fmt); 20 rc = vfprintf(stderr, fmt, ap); 21 va_end(ap); 22 return rc; 23} 24 25static int 26default_selinux_audit(void *ptr __attribute__((unused)), 27 security_class_t cls __attribute__((unused)), 28 char *buf __attribute__((unused)), 29 size_t len __attribute__((unused))) 30{ 31 return 0; 32} 33 34static int 35default_selinux_validate(char **ctx) 36{ 37 return security_check_context(*ctx); 38} 39 40static int 41default_selinux_setenforce(int enforcing __attribute__((unused))) 42{ 43 return 0; 44} 45 46static int 47default_selinux_policyload(int seqno __attribute__((unused))) 48{ 49 return 0; 50} 51 52/* callback pointers */ 53int __attribute__ ((format(printf, 2, 3))) 54(*selinux_log)(int, const char *, ...) = 55 default_selinux_log; 56 57int 58(*selinux_audit) (void *, security_class_t, char *, size_t) = 59 default_selinux_audit; 60 61int 62(*selinux_validate)(char **ctx) = 63 default_selinux_validate; 64 65int 66(*selinux_netlink_setenforce) (int enforcing) = 67 default_selinux_setenforce; 68 69int 70(*selinux_netlink_policyload) (int seqno) = 71 default_selinux_policyload; 72 73/* callback setting function */ 74void 75selinux_set_callback(int type, union selinux_callback cb) 76{ 77 switch (type) { 78 case SELINUX_CB_LOG: 79 selinux_log = cb.func_log; 80 break; 81 case SELINUX_CB_AUDIT: 82 selinux_audit = cb.func_audit; 83 break; 84 case SELINUX_CB_VALIDATE: 85 selinux_validate = cb.func_validate; 86 break; 87 case SELINUX_CB_SETENFORCE: 88 selinux_netlink_setenforce = cb.func_setenforce; 89 break; 90 case SELINUX_CB_POLICYLOAD: 91 selinux_netlink_policyload = cb.func_policyload; 92 break; 93 } 94} 95 96/* callback getting function */ 97union selinux_callback 98selinux_get_callback(int type) 99{ 100 union selinux_callback cb; 101 102 switch (type) { 103 case SELINUX_CB_LOG: 104 cb.func_log = selinux_log; 105 break; 106 case SELINUX_CB_AUDIT: 107 cb.func_audit = selinux_audit; 108 break; 109 case SELINUX_CB_VALIDATE: 110 cb.func_validate = selinux_validate; 111 break; 112 case SELINUX_CB_SETENFORCE: 113 cb.func_setenforce = selinux_netlink_setenforce; 114 break; 115 case SELINUX_CB_POLICYLOAD: 116 cb.func_policyload = selinux_netlink_policyload; 117 break; 118 default: 119 memset(&cb, 0, sizeof(cb)); 120 errno = EINVAL; 121 break; 122 } 123 return cb; 124} 125