2 * This file is part of libsmack.
4 * Copyright (C) 2011 Intel Corporation
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public License
8 * version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
22 * Brian McGillion <brian.mcgillion@intel.com>
26 #include <sys/types.h>
32 #include <sys/smack.h>
39 #define SMACK_MAGIC 0x43415d53
41 static int apply_rules_cb(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf);
42 static int apply_cipso_cb(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf);
44 int is_smackfs_mounted(void)
48 const char * smack_mnt;
50 smack_mnt = smack_smackfs_path();
57 ret = statfs(smack_mnt, &sfs);
58 } while (ret < 0 && errno == EINTR);
63 if (sfs.f_type == SMACK_MAGIC)
73 const char * smack_mnt;
76 smack_mnt = smack_smackfs_path();
82 if (is_smackfs_mounted() != 1)
85 snprintf(path, sizeof path, "%s/load2", smack_mnt);
86 fd = open(path, O_RDONLY);
90 ret = apply_rules_file(fd, 1);
95 int apply_rules(const char *path, int clear)
102 if (stat(path, &sbuf))
105 if (S_ISDIR(sbuf.st_mode))
106 return nftw(path, apply_rules_cb, 1, FTW_PHYS|FTW_ACTIONRETVAL);
108 fd = open(path, O_RDONLY);
112 ret = apply_rules_file(fd, clear);
117 int apply_cipso(const char *path)
124 if (stat(path, &sbuf))
127 if (S_ISDIR(sbuf.st_mode))
128 return nftw(path, apply_cipso_cb, 1, FTW_PHYS|FTW_ACTIONRETVAL);
130 fd = open(path, O_RDONLY);
134 ret = apply_cipso_file(fd);
139 int apply_rules_file(int fd, int clear)
141 struct smack_accesses *rules = NULL;
144 if (smack_accesses_new(&rules))
147 if (smack_accesses_add_from_file(rules, fd)) {
148 smack_accesses_free(rules);
153 ret = smack_accesses_apply(rules);
155 ret = smack_accesses_clear(rules);
157 smack_accesses_free(rules);
162 int apply_cipso_file(int fd)
164 struct smack_cipso *cipso = NULL;
167 cipso = smack_cipso_new(fd);
171 ret = smack_cipso_apply(cipso);
172 smack_cipso_free(cipso);
179 static int apply_rules_cb(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf)
184 if (typeflag == FTW_D)
185 return ftwbuf->level ? FTW_SKIP_SUBTREE : FTW_CONTINUE;
186 else if (typeflag != FTW_F)
189 fd = open(fpath, O_RDONLY);
193 ret = apply_rules_file(fd, 0) ? FTW_STOP : FTW_CONTINUE;
198 static int apply_cipso_cb(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf)
203 if (typeflag == FTW_D)
204 return ftwbuf->level ? FTW_SKIP_SUBTREE : FTW_CONTINUE;
205 else if (typeflag != FTW_F)
208 fd = open(fpath, O_RDONLY);
212 ret = apply_rules_file(fd, 0) ? FTW_STOP : FTW_CONTINUE;