libsmack: add function for setting current process label.

diff --git a/debian/libsmack1.symbols b/debian/libsmack1.symbols
index f506ae0..10eff14 100644 (file)
--- a/debian/libsmack1.symbols
+++ b/debian/libsmack1.symbols
@@ -11,3 +11,4 @@ libsmack.so.1 libsmack1 #MINVER#
  smack_new_label_from_self@LIBSMACK 1.0
  smack_new_label_from_socket@LIBSMACK 1.0
  smack_revoke_subject@LIBSMACK 1.0
+ smack_set_label_for_self@LIBSMACK 1.0

diff --git a/doc/Makefile.am b/doc/Makefile.am
index bcf212b..2093995 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -31,6 +31,7 @@ man_MANS = smackaccess.1 \
           smack_have_access.3 \
           smack_new_label_from_self.3 \
           smack_new_label_from_socket.3 \
+          smack_set_label_for_self.3 \
           smack_revoke_subject.3 \
           chsmack.8 \
           smackcipso.8 \

diff --git a/doc/smack_have_access.3 b/doc/smack_have_access.3
index e1d8936..fadd374 100644 (file)
--- a/doc/smack_have_access.3
+++ b/doc/smack_have_access.3
@@ -1,6 +1,7 @@
 '\" t
 .\" This file is part of libsmack
 .\" Copyright (C) 2012 Intel Corporation
+.\" Copyright (C) 2012 Samsung Electronics Co.
 .\"
 .\" This library is free software; you can redistribute it and/or
 .\" modify it under the terms of the GNU Lesser General Public License
@@ -18,8 +19,9 @@
 .\"
 .\" Author:
 .\" Brian McGillion <brian.mcgillion@intel.com>
+.\" Rafal Krypa <r.krypa@samsung.com>
 .\"
-.TH "SMACK_HAVE_ACCESS" "3" "02/05/2012" "Libsmack 1\&.0"
+.TH "SMACK_HAVE_ACCESS" "3" "06/20/2012" "Libsmack 1\&.0"
 .SH NAME
 smack_have_access, smack_new_label_from_self, smack_new_label_from_socket \- Userspace interaction with Smack
 .SH SYNOPSIS
@@ -29,6 +31,8 @@ smack_have_access, smack_new_label_from_self, smack_new_label_from_socket \- Use
 .br
 .BI "int smack_new_label_from_self(char **" label ");"
 .br
+.BI "int smack_set_label_for_self(char **" label ");"
+.br
 .BI "int smack_new_label_from_socket(int " fd ", char **" label ");"
 .sp
 .SH DESCRIPTION
@@ -59,6 +63,11 @@ to this upon return.  It is the responsibility of the caller to free
 .I label
 when it is no longer required.
 .PP
+.BR smack_set_label_for_self ()
+sets the context of the current process to
+.IR label .
+The calling process must have the CAP_MAC_ADMIN capability.
+.PP
 .BR smack_new_label_from_socket ()
 takes the file descriptor,
 .IR "fd" ,

diff --git a/doc/smack_set_label_for_self.3 b/doc/smack_set_label_for_self.3
new file mode 100644 (file)
index 0000000..5040587
--- /dev/null
+++ b/doc/smack_set_label_for_self.3
@@ -0,0 +1 @@
+.so man3/smack_have_access.3

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index 4604e6d..dfeffa4 100644 (file)
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -495,6 +495,26 @@ int smack_new_label_from_socket(int fd, char **label)
        return 0;
 }
 
+int smack_set_label_for_self(const char *label)
+{
+       int len;
+       int fd;
+       int ret;
+
+       len = strnlen(label, SMACK_LABEL_LEN + 1);
+       if (len > SMACK_LABEL_LEN)
+               return -1;
+
+       fd = open(SELF_LABEL_FILE, O_WRONLY);
+       if (fd < 0)
+               return -1;
+
+       ret = write(fd, label, len);
+       close(fd);
+
+       return (ret < 0) ? -1 : 0;
+}
+
 int smack_revoke_subject(const char *subject)
 {
        int ret;

diff --git a/libsmack/libsmack.sym b/libsmack/libsmack.sym
index ecf14b2..a8b0ab4 100644 (file)
--- a/libsmack/libsmack.sym
+++ b/libsmack/libsmack.sym
@@ -14,6 +14,7 @@ global:
        smack_smackfs_path;
        smack_new_label_from_self;
        smack_new_label_from_socket;
+       smack_set_label_for_self;
        smack_revoke_subject;
 local:
        *;

diff --git a/libsmack/sys/smack.h b/libsmack/sys/smack.h
index de4aef2..70c0224 100644 (file)
--- a/libsmack/sys/smack.h
+++ b/libsmack/sys/smack.h
@@ -156,6 +156,15 @@ int smack_new_label_from_self(char **label);
 int smack_new_label_from_socket(int fd, char **label);
 
 /*!
+ * Set the label associated with the callers process.
+ * Caller must be run by privileged user to succeed.
+ *
+ * @param label to set
+ * @return 0 on success and negative value on failure.
+ */
+int smack_set_label_for_self(const char *label);
+
+/*!
  * Revoke all rules for a subject label.
  *
  * @param subject subject to revoke