AM_CPPFLAGS = \
-DSYSCONFDIR=\""$(sysconfdir)"\" \
-DUDEV_PREFIX=\""$(udev_prefix)"\" \
- -D_LIBUDEV_COMPILATION
+ -D_LIBUDEV_COMPILATION \
+ -UUSE_SELINUX
ata_id_SOURCES = \
ata_id.c \
../../udev/udev_utils.c \
../../udev/udev_utils_string.c
+if USE_SELINUX
+ata_id_LDADD = \
+ $(SELINUX_LIBS)
+endif
+
dist_man_MANS = \
ata_id.8
distclean-local:
rm -f Makefile.in
-
../../udev/udev_utils.c \
../../udev/udev_utils_string.c
+if USE_SELINUX
+cdrom_id_LDADD = \
+ $(SELINUX_LIBS)
+endif
+
dist_man_MANS = \
cdrom_id.8
distclean-local:
rm -f Makefile.in
-
../../udev/udev_utils.c \
../../udev/udev_utils_string.c
+if USE_SELINUX
+edd_id_LDADD = \
+ $(SELINUX_LIBS)
+endif
+
dist_man_MANS = \
edd_id.8
distclean-local:
rm -f Makefile.in
-
../../udev/udev_utils.c \
../../udev/udev_utils_string.c \
../../udev/udev_utils_file.c
-if USE_SELINUX
-create_floppy_devices_SOURCES += \
- ../../udev/udev_selinux.c
+if USE_SELINUX
create_floppy_devices_LDADD = \
$(SELINUX_LIBS)
endif
distclean-local:
rm -f Makefile.in
-
#include <grp.h>
#include "../../udev/udev.h"
-#include "../../udev/udev_selinux.h"
static char *table[] = {
"", "d360", "h1200", "u360", "u720", "h360", "h720",
if (type == 0)
return 0;
- selinux_init(udev);
-
i = 0;
while (table_sup[type][i]) {
sprintf(node, "%s%s", dev, table[table_sup[type][i]]);
printf("%s b %d %d %d\n", node, mode, major, minor);
if (create_nodes) {
unlink(node);
- selinux_setfscreatecon(udev, node, NULL, S_IFBLK | mode);
+ udev_selinux_setfscreatecon(udev, node, S_IFBLK | mode);
mknod(node, S_IFBLK | mode, makedev(major,minor));
- selinux_resetfscreatecon(udev);
+ udev_selinux_resetfscreatecon(udev);
chown(node, uid, gid);
chmod(node, S_IFBLK | mode);
}
i++;
}
- selinux_exit(udev);
udev_unref(udev);
exit:
return 0;
../../udev/udev_utils.c \
../../udev/udev_utils_string.c
+if USE_SELINUX
+fstab_import_LDADD = \
+ $(SELINUX_LIBS)
+endif
+
distclean-local:
rm -f Makefile.in
../../udev/udev_utils.c \
../../udev/udev_utils_string.c
+if USE_SELINUX
+scsi_id_LDADD = \
+ $(SELINUX_LIBS)
+endif
+
dist_sysconf_DATA = \
scsi_id.config
../../udev/udev_utils.c \
../../udev/udev_utils_string.c
+if USE_SELINUX
+usb_id_LDADD = \
+ $(SELINUX_LIBS)
+endif
+
distclean-local:
rm -f Makefile.in
vol_id_LDADD = \
lib/libvolume_id.la
+if USE_SELINUX
+vol_id_LDADD += \
+ $(SELINUX_LIBS)
+endif
+
dist_man_MANS = \
vol_id.8
logging.h \
udev.h \
udev_rules.h \
- udev_selinux.h \
udev_sysdeps.h \
udev_db.c \
udev_device.c \
lib/libudev-utils.c \
lib/libudev-ctrl.c
-
if USE_SELINUX
-common_files += \
- udev_selinux.c
-
common_ldadd += \
$(SELINUX_LIBS)
endif
../udev_db.c \
../udev_sysdeps.c
-if USE_SELINUX
-libudev_la_SOURCES += \
- ../udev_selinux.c
-endif
-
libudev_la_LDFLAGS = \
-version-info $(LIBUDEV_LT_CURRENT):$(LIBUDEV_LT_REVISION):$(LIBUDEV_LT_AGE) \
-export-symbols $(top_srcdir)/udev/lib/exported_symbols
#include <errno.h>
#include <string.h>
#include <ctype.h>
+#ifdef USE_SELINUX
+#include <selinux/selinux.h>
+#endif
#include "libudev.h"
#include "libudev-private.h"
char *dev_path;
char *rules_path;
int log_priority;
+#ifdef USE_SELINUX
+ int selinux_enabled;
+ security_context_t selinux_prev_scontext;
+#endif
int run:1;
};
vfprintf(stderr, format, args);
}
+static void selinux_init(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ /*
+ * record the present security context, for file-creation
+ * restoration creation purposes.
+ */
+ udev->selinux_enabled = (is_selinux_enabled() > 0);
+ if (udev->selinux_enabled) {
+ matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
+ if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
+ err(udev, "getfscreatecon failed\n");
+ udev->selinux_prev_scontext = NULL;
+ }
+ }
+#endif
+}
+
+static void selinux_exit(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ freecon(udev->selinux_prev_scontext);
+ udev->selinux_prev_scontext = NULL;
+ }
+#endif
+}
+
+void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ security_context_t scontext = NULL;
+
+ if (matchpathcon(file, mode, &scontext) < 0) {
+ err(udev, "matchpathcon(%s) failed\n", file);
+ return;
+ }
+ if (lsetfilecon(file, scontext) < 0)
+ err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
+ freecon(scontext);
+ }
+#endif
+}
+
+void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ security_context_t scontext = NULL;
+
+ if (matchpathcon(file, mode, &scontext) < 0) {
+ err(udev, "matchpathcon(%s) failed\n", file);
+ return;
+ }
+ if (setfscreatecon(scontext) < 0)
+ err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
+ freecon(scontext);
+ }
+#endif
+}
+
+void udev_selinux_resetfscreatecon(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ if (setfscreatecon(udev->selinux_prev_scontext) < 0)
+ err(udev, "setfscreatecon failed: %s\n", strerror(errno));
+ }
+#endif
+}
+
/**
* udev_new:
*
return NULL;
memset(udev, 0x00, (sizeof(struct udev)));
+ selinux_init(udev);
sysfs_init();
-
- /* defaults */
udev->refcount = 1;
udev->log_fn = log_stderr;
udev->log_priority = LOG_ERR;
if (udev->refcount > 0)
return;
sysfs_cleanup();
+ selinux_exit(udev);
free(udev->dev_path);
free(udev->sys_path);
free(udev->rules_path);
extern void udev_set_log_priority(struct udev *udev, int priority);
extern const char *udev_get_sys_path(struct udev *udev);
extern const char *udev_get_dev_path(struct udev *udev);
+extern void udev_selinux_resetfscreatecon(struct udev *udev);
+extern void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode);
+extern void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode);
struct udev_device;
extern struct udev_device *udev_device_new_from_devpath(struct udev *udev, const char *devpath);
#include "udev.h"
#include "udev_rules.h"
-#include "udev_selinux.h"
static void asmlinkage sig_handler(int signum)
{
if (udev == NULL)
exit(1);
dbg(udev, "version %s\n", VERSION);
- selinux_init(udev);
/* set signal handlers */
memset(&act, 0x00, sizeof(act));
fail:
udev_rules_cleanup(&rules);
sysfs_cleanup();
- selinux_exit(udev);
exit:
udev_unref(udev);
if (retval != 0)
/*
* Copyright (C) 2003 Greg Kroah-Hartman <greg@kroah.com>
- * Copyright (C) 2003-2006 Kay Sievers <kay.sievers@vrfy.org>
+ * Copyright (C) 2003-2008 Kay Sievers <kay.sievers@vrfy.org>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
#include <sys/types.h>
#include "udev.h"
-#include "udev_selinux.h"
-
static size_t devpath_to_db_path(struct udev *udev, const char *devpath, char *filename, size_t len)
{
!udevice->partitions && !udevice->ignore_remove) {
int ret;
dbg(udevice->udev, "nothing interesting to store, create symlink\n");
- selinux_setfscreatecon(udevice->udev, filename, NULL, S_IFLNK);
+ udev_selinux_setfscreatecon(udevice->udev, filename, S_IFLNK);
ret = symlink(udevice->name, filename);
- selinux_resetfscreatecon(udevice->udev);
+ udev_selinux_resetfscreatecon(udevice->udev);
if (ret != 0) {
err(udevice->udev, "unable to create db link '%s': %s\n", filename, strerror(errno));
return -1;
#include "udev.h"
#include "udev_rules.h"
-#include "udev_selinux.h"
#define TMP_FILE_EXT ".udev-tmp"
if (((stats.st_mode & S_IFMT) == (mode & S_IFMT)) && (stats.st_rdev == devt)) {
info(udevice->udev, "preserve file '%s', because it has correct dev_t\n", file);
preserve = 1;
- selinux_setfilecon(udevice->udev, file, udevice->dev->kernel, mode);
+ udev_selinux_lsetfilecon(udevice->udev, file, mode);
} else {
info(udevice->udev, "atomically replace existing file '%s'\n", file);
strlcpy(file_tmp, file, sizeof(file_tmp));
strlcat(file_tmp, TMP_FILE_EXT, sizeof(file_tmp));
unlink(file_tmp);
- selinux_setfscreatecon(udevice->udev, file_tmp, udevice->dev->kernel, mode);
+ udev_selinux_setfscreatecon(udevice->udev, file_tmp, mode);
err = mknod(file_tmp, mode, devt);
- selinux_resetfscreatecon(udevice->udev);
+ udev_selinux_resetfscreatecon(udevice->udev);
if (err != 0) {
err(udevice->udev, "mknod(%s, %#o, %u, %u) failed: %s\n",
file_tmp, mode, major(devt), minor(devt), strerror(errno));
}
} else {
info(udevice->udev, "mknod(%s, %#o, (%u,%u))\n", file, mode, major(devt), minor(devt));
- selinux_setfscreatecon(udevice->udev, file, udevice->dev->kernel, mode);
+ udev_selinux_setfscreatecon(udevice->udev, file, mode);
err = mknod(file, mode, devt);
- selinux_resetfscreatecon(udevice->udev);
+ udev_selinux_resetfscreatecon(udevice->udev);
if (err != 0) {
err(udevice->udev, "mknod(%s, %#o, (%u,%u) failed: %s\n",
file, mode, major(devt), minor(devt), strerror(errno));
buf[len] = '\0';
if (strcmp(target, buf) == 0) {
info(udevice->udev, "preserve already existing symlink '%s' to '%s'\n", slink, target);
- selinux_setfilecon(udevice->udev, slink, NULL, S_IFLNK);
+ udev_selinux_lsetfilecon(udevice->udev, slink, S_IFLNK);
goto exit;
}
}
}
} else {
info(udevice->udev, "creating symlink '%s' to '%s'\n", slink, target);
- selinux_setfscreatecon(udevice->udev, slink, NULL, S_IFLNK);
+ udev_selinux_setfscreatecon(udevice->udev, slink, S_IFLNK);
retval = symlink(target, slink);
- selinux_resetfscreatecon(udevice->udev);
+ udev_selinux_resetfscreatecon(udevice->udev);
if (retval == 0)
goto exit;
}
strlcpy(slink_tmp, slink, sizeof(slink_tmp));
strlcat(slink_tmp, TMP_FILE_EXT, sizeof(slink_tmp));
unlink(slink_tmp);
- selinux_setfscreatecon(udevice->udev, slink, NULL, S_IFLNK);
+ udev_selinux_setfscreatecon(udevice->udev, slink, S_IFLNK);
retval = symlink(target, slink_tmp);
- selinux_resetfscreatecon(udevice->udev);
+ udev_selinux_resetfscreatecon(udevice->udev);
if (retval != 0) {
err(udevice->udev, "symlink(%s, %s) failed: %s\n", target, slink_tmp, strerror(errno));
goto exit;
#include "udev.h"
#include "udev_rules.h"
-#include "udev_selinux.h"
extern char **environ;
#include "udev.h"
#include "udev_rules.h"
-#include "udev_selinux.h"
void udev_rules_iter_init(struct udev_rules_iter *iter, struct udev_rules *rules)
strlcat(filename, "/.udev/rules.d", sizeof(filename));
if (stat(filename, &statbuf) != 0) {
create_path(udev, filename);
- selinux_setfscreatecon(udev, filename, NULL, S_IFDIR|0755);
+ udev_selinux_setfscreatecon(udev, filename, S_IFDIR|0755);
mkdir(filename, 0755);
- selinux_resetfscreatecon(udev);
+ udev_selinux_resetfscreatecon(udev);
}
add_matching_files(udev, &sort_list, filename, ".rules");
+++ /dev/null
-/*
- * Copyright (C) 2004 Daniel Walsh
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- */
-
-#include "config.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <stddef.h>
-#include <unistd.h>
-#include <string.h>
-#include <fcntl.h>
-#include <ctype.h>
-#include <limits.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <selinux/selinux.h>
-
-#include "udev.h"
-#include "udev_selinux.h"
-
-static security_context_t prev_scontext = NULL;
-
-static int is_selinux_running(struct udev *udev)
-{
- static int selinux_enabled = -1;
-
- if (selinux_enabled == -1)
- selinux_enabled = (is_selinux_enabled() > 0);
-
- dbg(udev, "selinux=%i\n", selinux_enabled);
- return selinux_enabled;
-}
-
-static char *get_media(struct udev *udev, const char *devname, int mode)
-{
- FILE *fp;
- char procfile[PATH_MAX];
- char mediabuf[256];
- int size;
- char *media = NULL;
-
- if (!(mode & S_IFBLK))
- return NULL;
-
- snprintf(procfile, PATH_MAX, "/proc/ide/%s/media", devname);
- procfile[PATH_MAX-1] = '\0';
-
- fp = fopen(procfile, "r");
- if (!fp)
- goto out;
-
- if (fgets(mediabuf, sizeof(mediabuf), fp) == NULL)
- goto close_out;
-
- size = strlen(mediabuf);
- while (size-- > 0) {
- if (isspace(mediabuf[size])) {
- mediabuf[size] = '\0';
- } else {
- break;
- }
- }
-
- media = strdup(mediabuf);
- info(udev, "selinux_get_media(%s)='%s'\n", devname, media);
-
-close_out:
- fclose(fp);
-out:
- return media;
-}
-
-void selinux_setfilecon(struct udev *udev, const char *file, const char *devname, unsigned int mode)
-{
- if (is_selinux_running(udev)) {
- security_context_t scontext = NULL;
- char *media;
- int ret = -1;
-
- if (devname) {
- media = get_media(udev, devname, mode);
- if (media) {
- ret = matchmediacon(media, &scontext);
- free(media);
- }
- }
-
- if (ret < 0)
- if (matchpathcon(file, mode, &scontext) < 0) {
- err(udev, "matchpathcon(%s) failed\n", file);
- return;
- }
-
- if (lsetfilecon(file, scontext) < 0)
- err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
-
- freecon(scontext);
- }
-}
-
-void selinux_setfscreatecon(struct udev *udev, const char *file, const char *devname, unsigned int mode)
-{
- if (is_selinux_running(udev)) {
- security_context_t scontext = NULL;
- char *media;
- int ret = -1;
-
- if (devname) {
- media = get_media(udev, devname, mode);
- if (media) {
- ret = matchmediacon(media, &scontext);
- free(media);
- }
- }
-
- if (ret < 0)
- if (matchpathcon(file, mode, &scontext) < 0) {
- err(udev, "matchpathcon(%s) failed\n", file);
- return;
- }
-
- if (setfscreatecon(scontext) < 0)
- err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
-
- freecon(scontext);
- }
-}
-
-void selinux_resetfscreatecon(struct udev *udev)
-{
- if (is_selinux_running(udev)) {
- if (setfscreatecon(prev_scontext) < 0)
- err(udev, "setfscreatecon failed: %s\n", strerror(errno));
- }
-}
-
-void selinux_init(struct udev *udev)
-{
- /*
- * record the present security context, for file-creation
- * restoration creation purposes.
- */
- if (is_selinux_running(udev)) {
- if (!udev_get_dev_path(udev)[0])
- err(udev, "selinux_init: udev_root not set\n");
- matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
- if (getfscreatecon(&prev_scontext) < 0) {
- err(udev, "getfscreatecon failed\n");
- prev_scontext = NULL;
- }
- }
-}
-
-void selinux_exit(struct udev *udev)
-{
- if (is_selinux_running(udev) && prev_scontext) {
- freecon(prev_scontext);
- prev_scontext = NULL;
- }
-}
+++ /dev/null
-/*
- * Copyright (C) 2004 Daniel Walsh
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- */
-#ifndef _UDEV_SELINUX_H
-#define _UDEV_SELINUX_H
-
-#ifdef USE_SELINUX
-extern void selinux_setfilecon(struct udev *udev, const char *file, const char *devname, unsigned int mode);
-extern void selinux_setfscreatecon(struct udev *udev, const char *file, const char *devname, unsigned int mode);
-extern void selinux_resetfscreatecon(struct udev *udev);
-extern void selinux_init(struct udev *udev);
-extern void selinux_exit(struct udev *udev);
-#else
-static inline void selinux_setfilecon(struct udev *udev, const char *file, const char *devname, unsigned int mode) {}
-static inline void selinux_setfscreatecon(struct udev *udev, const char *file, const char *devname, unsigned int mode) {}
-static inline void selinux_resetfscreatecon(struct udev *udev) {}
-static inline void selinux_init(struct udev *udev) {}
-static inline void selinux_exit(struct udev *udev) {}
-#endif
-
-#endif
#include <sys/mman.h>
#include "udev.h"
-#include "udev_selinux.h"
int create_path(struct udev *udev, const char *path)
{
return -1;
dbg(udev, "mkdir '%s'\n", p);
- selinux_setfscreatecon(udev, p, NULL, S_IFDIR|0755);
+ udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755);
ret = mkdir(p, 0755);
- selinux_resetfscreatecon(udev);
+ udev_selinux_resetfscreatecon(udev);
if (ret == 0)
return 0;
#include "udev.h"
#include "udev_rules.h"
-#include "udev_selinux.h"
#define UDEVD_PRIORITY -4
#define UDEV_PRIORITY -2
unlink(filename_failed);
delete_path(msg->udev, filename_failed);
create_path(msg->udev, filename);
- selinux_setfscreatecon(msg->udev, filename, NULL, S_IFLNK);
+ udev_selinux_setfscreatecon(msg->udev, filename, S_IFLNK);
symlink(msg->devpath, filename);
- selinux_resetfscreatecon(msg->udev);
+ udev_selinux_resetfscreatecon(msg->udev);
break;
case EVENT_FINISHED:
if (msg->devpath_old != NULL) {
logging_init("udevd");
udev_set_log_fn(udev, log_fn);
-
- selinux_init(udev);
dbg(udev, "version %s\n", VERSION);
while (1) {
exit:
udev_rules_cleanup(&rules);
sysfs_cleanup();
- selinux_exit(udev);
if (signal_pipe[READ_END] >= 0)
close(signal_pipe[READ_END]);
projects / systemd / commitdiff