147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <unistd.h> 247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <sys/types.h> 347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <stdlib.h> 447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <errno.h> 547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include "selinux_internal.h" 647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <selinux/avc.h> 747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstatic pthread_once_t once = PTHREAD_ONCE_INIT; 947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstatic int selinux_enabled; 1047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstatic void avc_init_once(void) 1247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner{ 1347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner selinux_enabled = is_selinux_enabled(); 1447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner if (selinux_enabled == 1) 1547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner avc_open(NULL, 0); 1647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner} 1747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerint selinux_check_access(const char * scon, const char * tcon, const char *class, const char *perm, void *aux) { 1947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int status = -1; 2047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int rc = -1; 2147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_id_t scon_id; 2247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_id_t tcon_id; 2347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_class_t sclass; 2447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t av; 2547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner __selinux_once(once, avc_init_once); 2747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner if (selinux_enabled != 1) 2947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner return 0; 3047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner if ((rc = avc_context_to_sid(scon, &scon_id)) < 0) return rc; 3247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner if ((rc = avc_context_to_sid(tcon, &tcon_id)) < 0) return rc; 3447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner if ((sclass = string_to_security_class(class)) == 0) return status; 3647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner if ((av = string_to_av_perm(sclass, perm)) == 0) return status; 3847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner return avc_has_perm (scon_id, tcon_id, sclass, av, NULL, aux); 4047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner} 4147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 42