#include <stdint.h>
#include <limits.h>
-/*
- * * smackfs magic number
- * */
-#define SMACK_MAGIC 0x43415d53 /* "SMAC" */
-
-/* smack file system type */
-#define SMACKFS "smackfs"
+#define SMACK_MAGIC 0x43415d53 /* "SMAC" */
+#define SMACKFS "smackfs"
+#define SMACKFSMNT "/sys/fs/smackfs/"
+#define OLDSMACKFSMNT "/smack"
-#define SMACKFSMNT "/sys/fs/smackfs/"
-#define OLDSMACKFSMNT "/smack"
+char *smackfs_mnt = NULL;
-char *smack_mnt = NULL;
-
-void set_smackmnt(const char *mnt)
-{
- smack_mnt = strdup(mnt);
-}
-
-/* Verify the mount point for smack file system has a smackfs.
- * If the file system:
- * Exist,
- * Is mounted with an smack file system,
- * The file system is read/write
- * then set this as the default file system.
- */
-static int verify_smackmnt(const char *mnt)
+static int verify_smackfs_mnt(const char *mnt)
{
struct statfs sfbuf;
int rc;
struct statvfs vfsbuf;
rc = statvfs(mnt, &vfsbuf);
if (rc == 0) {
- if (!(vfsbuf.f_flag & ST_RDONLY)) {
- set_smackmnt(mnt);
- }
+ if (!(vfsbuf.f_flag & ST_RDONLY))
+ smackfs_mnt = strdup(mnt);
return 0;
}
}
return -1;
}
-int smackfs_exists(void)
+static int smackfs_exists(void)
{
int exists = 0;
FILE *fp = NULL;
size_t len;
ssize_t num;
+ /* Fail as SmackFS would exist since we are checking mounts after
+ * this.
+ */
fp = fopen("/proc/filesystems", "r");
if (!fp)
- return 1; /* Fail as if it exists */
+ return 1;
__fsetlocking(fp, FSETLOCKING_BYCALLER);
size_t len;
ssize_t num;
- if (smack_mnt)
+ if (smackfs_mnt)
return;
- if (verify_smackmnt(SMACKFSMNT) == 0)
+ if (verify_smackfs_mnt(SMACKFSMNT) == 0)
return;
- if (verify_smackmnt(OLDSMACKFSMNT) == 0)
+ if (verify_smackfs_mnt(OLDSMACKFSMNT) == 0)
return;
- /* Drop back to detecting it the long way. */
if (!smackfs_exists())
goto out;
- /* At this point, the usual spot doesn't have an smackfs so
- * we look around for it */
fp = fopen("/proc/mounts", "r");
if (!fp)
goto out;
}
}
- /* If we found something, dup it */
if (num > 0)
- verify_smackmnt(p);
+ verify_smackfs_mnt(p);
- out:
+out:
free(buf);
if (fp)
fclose(fp);
void fini_smackmnt(void)
{
- free(smack_mnt);
- smack_mnt = NULL;
+ free(smackfs_mnt);
+ smackfs_mnt = NULL;
}
static void init_lib(void) __attribute__ ((constructor));
#define READ_BUF_SIZE LOAD_LEN + 1
#define SELF_LABEL_FILE "/proc/self/attr/current"
-extern char *smack_mnt;
+extern char *smackfs_mnt;
struct smack_rule {
char subject[SMACK_LABEL_LEN + 1];
int access2 = 1;
char path[PATH_MAX];
- if (!smack_mnt) {
+ if (!smackfs_mnt) {
errno = EFAULT;
return -1;
}
- snprintf(path, sizeof path, "%s/access2", smack_mnt);
+ snprintf(path, sizeof path, "%s/access2", smackfs_mnt);
fd = open(path, O_RDWR);
if (fd < 0) {
if (errno != ENOENT)
return -1;
- snprintf(path, sizeof path, "%s/access", smack_mnt);
+ snprintf(path, sizeof path, "%s/access", smackfs_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
return -1;
char path[PATH_MAX];
int offset=0;
- if (!smack_mnt) {
+ if (!smackfs_mnt) {
errno = EFAULT;
return -1;
}
- snprintf(path, sizeof path, "%s/cipso2", smack_mnt);
+ snprintf(path, sizeof path, "%s/cipso2", smackfs_mnt);
fd = open(path, O_WRONLY);
if (fd < 0)
return -1;
const char *smack_smackfs_path(void)
{
- return smack_mnt;
+ return smackfs_mnt;
}
ssize_t smack_new_label_from_self(char **label)
if (len > SMACK_LABEL_LEN)
return -1;
- snprintf(path, sizeof path, "%s/revoke-subject", smack_mnt);
+ snprintf(path, sizeof path, "%s/revoke-subject", smackfs_mnt);
fd = open(path, O_WRONLY);
if (fd < 0)
return -1;
int load2 = 1;
char path[PATH_MAX];
- if (!smack_mnt) {
+ if (!smackfs_mnt) {
errno = EFAULT;
return -1;
}
- snprintf(path, sizeof path, "%s/load2", smack_mnt);
+ snprintf(path, sizeof path, "%s/load2", smackfs_mnt);
load_fd = open(path, O_WRONLY);
if (load_fd < 0) {
if (errno != ENOENT)
return -1;
/* fallback */
- snprintf(path, sizeof path, "%s/load", smack_mnt);
+ snprintf(path, sizeof path, "%s/load", smackfs_mnt);
load_fd = open(path, O_WRONLY);
/* Try to continue if the file doesn't exist, we might not need it. */
if (load_fd < 0 && errno != ENOENT)
load2 = 0;
}
- snprintf(path, sizeof path, "%s/change-rule", smack_mnt);
+ snprintf(path, sizeof path, "%s/change-rule", smackfs_mnt);
change_fd = open(path, O_WRONLY);
/* Try to continue if the file doesn't exist, we might not need it. */
if (change_fd < 0 && errno != ENOENT) {
projects / framework / security / smack.git / commitdiff