1f074036424618c130dacb3464465a8b40bffef5Stephen Smalley#include <unistd.h> 2f074036424618c130dacb3464465a8b40bffef5Stephen Smalley#include <sys/types.h> 3f074036424618c130dacb3464465a8b40bffef5Stephen Smalley#include <stdlib.h> 4f074036424618c130dacb3464465a8b40bffef5Stephen Smalley#include <errno.h> 5f074036424618c130dacb3464465a8b40bffef5Stephen Smalley#include "selinux_internal.h" 6f074036424618c130dacb3464465a8b40bffef5Stephen Smalley#include <selinux/avc.h> 7f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 8f074036424618c130dacb3464465a8b40bffef5Stephen Smalleystatic pthread_once_t once = PTHREAD_ONCE_INIT; 98aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalleystatic int selinux_enabled; 10f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 11f074036424618c130dacb3464465a8b40bffef5Stephen Smalleystatic void avc_init_once(void) 12f074036424618c130dacb3464465a8b40bffef5Stephen Smalley{ 138aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalley selinux_enabled = is_selinux_enabled(); 148aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalley if (selinux_enabled == 1) 158aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalley avc_open(NULL, 0); 16f074036424618c130dacb3464465a8b40bffef5Stephen Smalley} 17f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 18ab40ea9bfd71b50138f1482c4764a65ac17d8cafStephen Smalleyint selinux_check_access(const char * scon, const char * tcon, const char *class, const char *perm, void *aux) { 19f074036424618c130dacb3464465a8b40bffef5Stephen Smalley int status = -1; 20f074036424618c130dacb3464465a8b40bffef5Stephen Smalley int rc = -1; 21f074036424618c130dacb3464465a8b40bffef5Stephen Smalley security_id_t scon_id; 22f074036424618c130dacb3464465a8b40bffef5Stephen Smalley security_id_t tcon_id; 23f074036424618c130dacb3464465a8b40bffef5Stephen Smalley security_class_t sclass; 24f074036424618c130dacb3464465a8b40bffef5Stephen Smalley access_vector_t av; 25f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 26f074036424618c130dacb3464465a8b40bffef5Stephen Smalley __selinux_once(once, avc_init_once); 27f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 288aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalley if (selinux_enabled != 1) 298aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalley return 0; 308aeb5c5fd002c09d32f3151c17c645b85d1bb8e5Stephen Smalley 31f074036424618c130dacb3464465a8b40bffef5Stephen Smalley if ((rc = avc_context_to_sid(scon, &scon_id)) < 0) return rc; 32f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 33f074036424618c130dacb3464465a8b40bffef5Stephen Smalley if ((rc = avc_context_to_sid(tcon, &tcon_id)) < 0) return rc; 34f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 35f074036424618c130dacb3464465a8b40bffef5Stephen Smalley if ((sclass = string_to_security_class(class)) == 0) return status; 36f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 37f074036424618c130dacb3464465a8b40bffef5Stephen Smalley if ((av = string_to_av_perm(sclass, perm)) == 0) return status; 38f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 39f074036424618c130dacb3464465a8b40bffef5Stephen Smalley return avc_has_perm (scon_id, tcon_id, sclass, av, NULL, aux); 40f074036424618c130dacb3464465a8b40bffef5Stephen Smalley} 41f074036424618c130dacb3464465a8b40bffef5Stephen Smalley 42