Blob Blame Raw
--- /dev/null	2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/src/selinux_config.c	2004-05-26 15:03:15.506622384 -0400
@@ -0,0 +1,119 @@
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#define SELINUXDIR "/etc/selinux/"
+#define SELINUXDEFAULT "targeted"
+#define SELINUXTYPETAG "SELINUXTYPE="
+#define SELINUXTAG "SELINUX="
+
+static char *file_context=NULL;
+static char *default_type=NULL;
+static char *default_policy=NULL;
+static char *default_context=NULL;
+static char *failsafe_context=NULL;
+
+int selinux_getenforcemode(int *enforce) {
+  int ret=-1;
+  FILE *cfg = fopen("/etc/sysconfig/selinux","r");
+  char buf[4097];
+  int len=sizeof(SELINUXTAG)-1;
+  if (cfg) {
+    while (fgets(buf, 4096, cfg)) {
+      if (strncmp(buf,SELINUXTAG,len))
+	continue;
+      if (!strncmp(buf+len,"enforcing",sizeof("enforcing")-1)) {
+	*enforce = 1;
+	ret=0;
+	break;
+      } else if (!strncmp(buf+len,"permissive",sizeof("permissive")-1)) {
+	*enforce = 0;
+	ret=0;
+	break;
+      } else if (!strncmp(buf+len,"disabled",sizeof("disabled")-1)) {
+	*enforce = -1;
+	ret=0;
+	break;
+      }
+    }
+    fclose(cfg);
+  }
+  return ret;
+}
+
+static char *selinux_policyroot = NULL;
+
+static void init_selinux_policyroot(void) __attribute__ ((constructor));
+
+static void init_selinux_policyroot(void)
+{
+  char *type=SELINUXDEFAULT;
+  int i=0, len=sizeof(SELINUXTYPETAG)-1;
+  char buf[4097];
+  FILE *cfg;
+  if (selinux_policyroot) return;
+  cfg = fopen("/etc/sysconfig/selinux","r");
+  if (cfg) {
+    while (fgets(buf, 4096, cfg)) {
+      if (strncmp(buf,SELINUXTYPETAG,len))
+	continue;
+      type=buf+len;
+    }
+    fclose(cfg);
+  }
+  i=strlen(type)-1;
+  while ((i>=0) && 
+	 (isspace(type[i]) || iscntrl(type[i]))) {
+    type[i]=0;
+    i--;
+  }
+  len=sizeof(SELINUXDIR) + strlen(type);
+  selinux_policyroot=malloc(len);
+  snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
+}
+
+char *selinux_default_type_path() {
+  if (!default_type) {
+    default_type=malloc(PATH_MAX);
+    snprintf(default_type, PATH_MAX, "%s/contexts/default_type", selinux_policyroot);
+  }
+  return default_type;
+}
+
+char *selinux_policy_root() {
+  return selinux_policyroot;
+}
+
+char *selinux_default_context_path() {
+  if (!default_context) {
+    default_context=malloc(PATH_MAX);
+    snprintf(default_context, PATH_MAX, "%s/contexts/default_contexts", selinux_policyroot);
+  }
+  return default_context;
+}
+
+char *selinux_failsafe_context_path() {
+  if (!failsafe_context) {
+    failsafe_context=malloc(PATH_MAX);
+    snprintf(failsafe_context, PATH_MAX, "%s/contexts/failsafe_contexts", selinux_policyroot);
+  }
+  return failsafe_context;
+}
+
+char *selinux_binary_policy_path() {
+  if (!default_policy) {
+    default_policy=malloc(PATH_MAX);
+    snprintf(default_policy, PATH_MAX, "%s/policy/policy", selinux_policyroot);
+  }
+  return default_policy;
+}
+
+char *selinux_file_context_path() {
+  if (!file_context) {
+    file_context=malloc(PATH_MAX);
+    snprintf(file_context, PATH_MAX-1, "%s/contexts/file_contexts", selinux_policyroot);
+  }
+  return file_context;
+}
--- libselinux-1.13/src/matchpathcon.c.rhat	2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/src/matchpathcon.c	2004-05-26 14:36:00.588167768 -0400
@@ -196,7 +196,7 @@
 	spec_t *spec_copy;
 
 	/* Open the specification file. */
-	if ((fp = fopen(FILECONTEXTS, "r")) == NULL)
+	if ((fp = fopen(selinux_file_context_path(), "r")) == NULL)
 		return -1;
 
 	/* 
--- libselinux-1.13/src/get_context_list.c.rhat	2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/src/get_context_list.c	2004-05-26 14:36:00.591167312 -0400
@@ -255,7 +255,7 @@
     }
     else if (which == SYSTEMPRIORITY)
     {
-        config_file = fopen (_DEFCONTEXT_PATH, "r");
+        config_file = fopen (selinux_default_context_path(), "r");
     }
     else
     {
@@ -390,7 +390,7 @@
 	size_t plen, nlen;
 	int rc;
 
-	fp = fopen(_FAILSAFECONTEXT_PATH, "r");
+	fp = fopen(selinux_failsafe_context_path(), "r");
 	if (!fp)
 		return -1;
 
--- libselinux-1.13/src/get_default_type.c.rhat	2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/src/get_default_type.c	2004-05-26 14:36:00.593167008 -0400
@@ -10,7 +10,7 @@
 {
   FILE* fp=NULL;
     
-  fp = fopen (_DEFTYPE_PATH, "r");
+  fp = fopen (selinux_default_type_path(), "r");
   if (!fp)
 	  return -1;
 
--- libselinux-1.13/include/selinux/get_default_type.h.rhat	2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/include/selinux/get_default_type.h	2004-05-26 14:37:35.995663624 -0400
@@ -5,7 +5,7 @@
 #ifndef _SELINUX_GET_DEFAULT_TYPE_H_
 #define _SELINUX_GET_DEFAULT_TYPE_H_
 
-#define _DEFTYPE_PATH "/etc/security/default_type"
+char *selinux_default_type_path();
 
 /* Get the default type (domain) for 'role' and set 'type' to refer to it.
    Caller must free via free().
--- libselinux-1.13/include/selinux/selinux.h.rhat	2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/include/selinux/selinux.h	2004-05-26 15:06:05.799733896 -0400
@@ -72,12 +72,6 @@
 
 /* Wrappers for the selinuxfs (policy) API. */
 
-/* Mount point for selinuxfs. */
-#define SELINUXMNT "/selinux/"
-
-/* Default pathname for policy configuration, without version number. */
-#define SELINUXPOLICY "/etc/security/selinux/policy"
-
 typedef unsigned int access_vector_t;
 typedef unsigned short security_class_t;
 
@@ -168,4 +162,22 @@
 		 mode_t mode,
 		 security_context_t *con);
 
+/*
+  selinux_getenforcemode reads the /etc/sysconfig/selinux file and determines 
+  whether the machine should be started in enforcing (1), permissive (0) or 
+  disabled (-1) mode.
+ */
+int selinux_getenforcemode(int *enforce);
+
+/*
+  selinux_policy_root is set within the init_selinux_policyroot constructor 
+  which reads the /etc/sysconfig/selinux file and determines 
+  where the compiled policy file and contexts files exist.
+ */
+char *selinux_policy_root();
+char *selinux_binary_policy_path();
+char *selinux_failsafe_context_path();
+char *selinux_default_context_path();
+char *selinux_file_context_path();
+
 #endif
--- libselinux-1.13/include/selinux/get_context_list.h.rhat	2004-05-25 08:52:21.000000000 -0400
+++ libselinux-1.13/include/selinux/get_context_list.h	2004-05-26 14:36:00.595166704 -0400
@@ -3,8 +3,6 @@
 
 #include <selinux/selinux.h>
 
-#define _DEFCONTEXT_PATH "/etc/security/default_contexts"
-#define _FAILSAFECONTEXT_PATH "/etc/security/failsafe_context"
 #define SELINUX_DEFAULTUSER "user_u"
 
 /* Get an ordered list of authorized security contexts for a user session
--- /dev/null	2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/man/man3/selinux_policyroot.3	2004-05-26 14:36:00.596166552 -0400
@@ -0,0 +1,17 @@
+.TH "selinux_policyroot" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+selinux_policyroot \- return the path of the SELinux policy files for this machine.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B char *selinux_policyroot();
+.br
+
+.SH "DESCRIPTION"
+.B selinux_policyroot
+Reads the contents of the /etc/sysconfig/selinux file to determine which policy files should be used for this machine.
+.SH "RETURN VALUE"
+On success, returns a directory path containing the SELinux policy files.
+On failure, NULL is returned.
+
+
--- /dev/null	2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/man/man3/selinux_getenforcemode.3	2004-05-26 14:36:00.597166400 -0400
@@ -0,0 +1,22 @@
+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+selinux_getenforcemode \- get the enforcing state of SE Linux
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int selinux_getenforcemode(int *enforce);
+.br
+
+.SH "DESCRIPTION"
+.B selinux_getenforcemode
+Reads the contents of the /etc/sysconfig/selinux file to determine how the 
+system was setup to run SELinux.
+.br
+Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
+Sets the value of enforce to 0 if SELinux should be run in permissive mode.
+Sets the value of enforce to -1 if SELinux should be disabled.
+.SH "RETURN VALUE"
+On success, zero is returned.
+On failure, -1 is returned.
+
+
--- /dev/null	2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/utils/getenforcemode.c	2004-05-26 14:36:00.598166248 -0400
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc __attribute__ ((unused)), char **argv) 
+{
+	int ret;
+	int enforce;
+	ret = selinux_getenforcemode(&enforce);
+	if (ret) {
+		fprintf(stderr, "%s:  selinux_getenforcemode() failed\n", argv[0]);
+		exit(2);
+	}
+
+	switch(enforce) {
+	case 1:
+	  printf("Enforcing\n");
+	  break;
+
+	case 0:
+	  printf("Permissive\n");
+	  break;
+
+	case -1:
+	  printf("Disabled\n");
+	  break;
+
+	}
+	exit(0);
+}
--- /dev/null	2004-02-23 16:02:56.000000000 -0500
+++ libselinux-1.13/utils/selinuxconfig.c	2004-05-26 15:05:07.827547008 -0400
@@ -0,0 +1,17 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+#include <selinux/get_default_type.h>
+
+int main(int argc __attribute__ ((unused)), char **argv) 
+{
+	printf("policypath=\"%s\"\n", selinux_policy_root());
+	printf("default_type_path=\"%s\"\n", selinux_default_type_path());
+	printf("default_context_path=\"%s\"\n", selinux_default_context_path());
+	printf("default_failsafe_context_path=\"%s\"\n", selinux_failsafe_context_path());
+	printf("binary_policy_path=\"%s\"\n", selinux_binary_policy_path());
+	printf("file_contexts_path=\"%s\"\n", selinux_file_context_path());
+	exit(0);
+
+}