diff options
author | Karel Zak | 2016-06-14 13:15:44 +0200 |
---|---|---|
committer | Karel Zak | 2016-06-14 13:38:13 +0200 |
commit | dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb (patch) | |
tree | dede936a90a0ad071a24783c7ec4a77db8041116 /login-utils/selinux_utils.c | |
parent | build-sys: remove global dependence between widechar and ncursesw (diff) | |
download | kernel-qcow2-util-linux-dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb.tar.gz kernel-qcow2-util-linux-dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb.tar.xz kernel-qcow2-util-linux-dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb.zip |
chfn: chsh: use selinux_check_passwd_access()
* selinux/av_permissions.h and magic constants are deprecated, the
recommended solution is to use string_to_security_class() and
string_to_av_perm() to get access vector
* it also seems that selinux_check_passwd_access() does exactly the
same as our checkAccess(), let's use it.
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/selinux_utils.c')
-rw-r--r-- | login-utils/selinux_utils.c | 30 |
1 files changed, 4 insertions, 26 deletions
diff --git a/login-utils/selinux_utils.c b/login-utils/selinux_utils.c index e709d0030..dfd696f3e 100644 --- a/login-utils/selinux_utils.c +++ b/login-utils/selinux_utils.c @@ -1,6 +1,4 @@ -#include <selinux/av_permissions.h> #include <selinux/context.h> -#include <selinux/flask.h> #include <selinux/selinux.h> #include <stdio.h> #include <string.h> @@ -8,31 +6,11 @@ #include "selinux_utils.h" -int checkAccess(char *chuser, int access) +access_vector_t get_access_vector(const char *tclass, const char *op) { - int status = -1; - security_context_t user_context; - const char *user = NULL; - if (getprevcon(&user_context) == 0) { - context_t c = context_new(user_context); - user = context_user_get(c); - if (strcmp(chuser, user) == 0) { - status = 0; - } else { - struct av_decision avd; - int retval = security_compute_av(user_context, - user_context, - SECCLASS_PASSWD, - access, - &avd); - if ((retval == 0) && - ((access & avd.allowed) == (unsigned)access)) - status = 0; - } - context_free(c); - freecon(user_context); - } - return status; + security_class_t tc = string_to_security_class(tclass); + + return tc ? string_to_av_perm(tc, op) : 0; } int setupDefaultContext(char *orig_file) |