diff options
author | Karel Zak | 2006-12-07 00:26:14 +0100 |
---|---|---|
committer | Karel Zak | 2006-12-07 00:26:14 +0100 |
commit | d03dd60840f0a08464d5266539ad356aefe24b03 (patch) | |
tree | 0a9ad240a7a88eb6b11b152974a7a51a0df79b75 /login-utils/selinux_utils.c | |
parent | Imported from util-linux-2.12pre tarball. (diff) | |
download | kernel-qcow2-util-linux-d03dd60840f0a08464d5266539ad356aefe24b03.tar.gz kernel-qcow2-util-linux-d03dd60840f0a08464d5266539ad356aefe24b03.tar.xz kernel-qcow2-util-linux-d03dd60840f0a08464d5266539ad356aefe24b03.zip |
Imported from util-linux-2.12a tarball.
Diffstat (limited to 'login-utils/selinux_utils.c')
-rw-r--r-- | login-utils/selinux_utils.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/login-utils/selinux_utils.c b/login-utils/selinux_utils.c new file mode 100644 index 000000000..3711a632c --- /dev/null +++ b/login-utils/selinux_utils.c @@ -0,0 +1,55 @@ +#ifdef WITH_SELINUX +#include <sys/types.h> +#include <stdio.h> +#include <selinux/selinux.h> +#include <selinux/flask.h> +#include <selinux/av_permissions.h> +#include <selinux/context.h> +#include "selinux_utils.h" + +int checkAccess(char *chuser, int access) { + int status=-1; + security_context_t user_context; + char *user=NULL; + if( getprevcon(&user_context)==0 ) { + context_t c=context_new(user_context); + user=context_user_get(c); + if (strcmp(chuser, user) == 0) { + status=0; + } else { + struct av_decision avd; + int retval = security_compute_av(user_context, + user_context, + SECCLASS_PASSWD, + access, + &avd); + + if ((retval == 0) && + ((access & avd.allowed) == access)) { + status=0; + } + } + context_free(c); + freecon(user_context); + } + return status; +} + +int setupDefaultContext(char *orig_file) { + if (is_selinux_enabled()) { + security_context_t scontext; + + if (getfilecon(orig_file,&scontext)<0) { + return 1; + } + + if (setfscreatecon(scontext) < 0) + { + freecon(scontext); + return 1; + } + freecon(scontext); + } + return 0; +} +#endif |