1/* 2 * User-supplied callbacks and default implementations. 3 * Class and permission mappings. 4 */ 5 6#include <stdio.h> 7#include <stdlib.h> 8#include <stdarg.h> 9#include <errno.h> 10#include <selinux/selinux.h> 11#include "callbacks.h" 12 13/* default implementations */ 14static int __attribute__ ((format(printf, 2, 3))) 15default_selinux_log(int type __attribute__((unused)), const char *fmt, ...) 16{ 17 int rc; 18 va_list ap; 19 if (is_selinux_enabled() == 0) return 0; 20 va_start(ap, fmt); 21 rc = vfprintf(stderr, fmt, ap); 22 va_end(ap); 23 return rc; 24} 25 26static int 27default_selinux_audit(void *ptr __attribute__((unused)), 28 security_class_t cls __attribute__((unused)), 29 char *buf __attribute__((unused)), 30 size_t len __attribute__((unused))) 31{ 32 return 0; 33} 34 35static int 36default_selinux_validate(char **ctx) 37{ 38 return security_check_context(*ctx); 39} 40 41static int 42default_selinux_setenforce(int enforcing __attribute__((unused))) 43{ 44 return 0; 45} 46 47static int 48default_selinux_policyload(int seqno __attribute__((unused))) 49{ 50 return 0; 51} 52 53/* callback pointers */ 54int __attribute__ ((format(printf, 2, 3))) 55(*selinux_log)(int, const char *, ...) = 56 default_selinux_log; 57 58int 59(*selinux_audit) (void *, security_class_t, char *, size_t) = 60 default_selinux_audit; 61 62int 63(*selinux_validate)(char **ctx) = 64 default_selinux_validate; 65 66int 67(*selinux_netlink_setenforce) (int enforcing) = 68 default_selinux_setenforce; 69 70int 71(*selinux_netlink_policyload) (int seqno) = 72 default_selinux_policyload; 73 74/* callback setting function */ 75void 76selinux_set_callback(int type, union selinux_callback cb) 77{ 78 switch (type) { 79 case SELINUX_CB_LOG: 80 selinux_log = cb.func_log; 81 break; 82 case SELINUX_CB_AUDIT: 83 selinux_audit = cb.func_audit; 84 break; 85 case SELINUX_CB_VALIDATE: 86 selinux_validate = cb.func_validate; 87 break; 88 case SELINUX_CB_SETENFORCE: 89 selinux_netlink_setenforce = cb.func_setenforce; 90 break; 91 case SELINUX_CB_POLICYLOAD: 92 selinux_netlink_policyload = cb.func_policyload; 93 break; 94 } 95} 96 97/* callback getting function */ 98union selinux_callback 99selinux_get_callback(int type) 100{ 101 union selinux_callback cb; 102 103 switch (type) { 104 case SELINUX_CB_LOG: 105 cb.func_log = selinux_log; 106 break; 107 case SELINUX_CB_AUDIT: 108 cb.func_audit = selinux_audit; 109 break; 110 case SELINUX_CB_VALIDATE: 111 cb.func_validate = selinux_validate; 112 break; 113 case SELINUX_CB_SETENFORCE: 114 cb.func_setenforce = selinux_netlink_setenforce; 115 break; 116 case SELINUX_CB_POLICYLOAD: 117 cb.func_policyload = selinux_netlink_policyload; 118 break; 119 default: 120 memset(&cb, 0, sizeof(cb)); 121 errno = EINVAL; 122 break; 123 } 124 return cb; 125} 126