#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
-#include <ftw.h>
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
#include <sys/smack.h>
-#define SMACK_MAGIC 0x43415d53
-
-static int apply_cipso_cb(const char *fpath, const struct stat *sb,
- int typeflag, struct FTW *ftwbuf);
+typedef int (*add_func)(void *smack, int fd);
int clear(void)
{
- int fd;
int ret;
const char * smack_mnt;
char path[PATH_MAX];
return -1;
snprintf(path, sizeof path, "%s/load2", smack_mnt);
- fd = open(path, O_RDONLY);
- if (fd < 0) {
- fprintf(stderr, "open() failed for '%s' : %s\n", path,
- strerror(errno));
- return -1;
- }
-
- ret = apply_rules_file(path, fd, 1);
- close(fd);
+ ret = apply_rules(path, 1);
return ret;
}
-int apply_rules(const char *path, int clear)
+static int apply_path(const char *path, void *smack, add_func func)
{
- struct smack_accesses *rules = NULL;
DIR *dir;
struct dirent *dent;
int dfd;
int fd;
int ret = 0;
- if (smack_accesses_new(&rules)) {
- fprintf(stderr, "Out of memory.\n");
- return -1;
+ if (path == NULL) {
+ ret = func(smack, STDIN_FILENO);
+ if (ret < 0)
+ fputs("Reading from STDIN failed.\n", stderr);
+ return ret;
}
dir = opendir(path);
break;
}
- ret = smack_accesses_add_from_file(rules, fd);
+ ret = func(smack, fd);
close(fd);
if (ret < 0) {
- fprintf(stderr, "Reading rules from '%s' failed.\n",
+ fprintf(stderr, "Reading from '%s' failed.\n",
path);
break;
}
}
- if (clear) {
- ret = smack_accesses_clear(rules);
- if (ret)
- fputs("Clearing rules failed.\n", stderr);
- } else {
- ret = smack_accesses_apply(rules);
- if (ret)
- fputs("Applying rules failed.\n", stderr);
- }
-
- smack_accesses_free(rules);
closedir(dir);
return ret;
}
return -1;
}
- ret = apply_rules_file(path, fd, clear);
+ ret = func(smack, fd);
+ if (ret < 0)
+ fprintf(stderr, "Reading from '%s' failed.\n", path);
close(fd);
return ret;
}
-int apply_cipso(const char *path)
+int apply_rules(const char *path, int clear)
{
- struct stat sbuf;
- int fd;
+ struct smack_accesses *rules = NULL;
int ret;
- if (stat(path, &sbuf)) {
- fprintf(stderr, "stat() failed for '%s' : %s\n", path,
- strerror(errno));
- return -1;
- }
-
- if (S_ISDIR(sbuf.st_mode))
- return nftw(path, apply_cipso_cb, 1, FTW_PHYS|FTW_ACTIONRETVAL);
-
- fd = open(path, O_RDONLY);
- if (fd < 0) {
- fprintf(stderr, "open() failed for '%s' : %s\n", path,
- strerror(errno));
+ if (smack_accesses_new(&rules)) {
+ fputs("Out of memory.\n", stderr);
return -1;
}
- ret = apply_cipso_file(path, fd);
- close(fd);
- return ret;
-}
-
-int apply_rules_file(const char *path, int fd, int clear)
-{
- struct smack_accesses *rules = NULL;
- int ret = 0;
-
- if (smack_accesses_new(&rules))
- return -1;
-
- if (smack_accesses_add_from_file(rules, fd)) {
+ ret = apply_path(path, rules, (add_func) smack_accesses_add_from_file);
+ if (ret) {
smack_accesses_free(rules);
- if (path)
- fprintf(stderr, "Reading rules from '%s' failed.\n",
- path);
- else
- fputs("Reading rules from STDIN failed.\n", stderr);
- return -1;
+ return ret;
}
if (clear) {
}
smack_accesses_free(rules);
- return ret;
+ return 0;
}
-int apply_cipso_file(const char *path, int fd)
+int apply_cipso(const char *path)
{
struct smack_cipso *cipso = NULL;
int ret;
ret = smack_cipso_new(&cipso);
- if (ret)
+ if (ret) {
+ fputs("Out of memory.\n", stderr);
return -1;
+ }
- ret = smack_cipso_add_from_file(cipso, fd);
+ ret = apply_path(path, cipso, (add_func) smack_cipso_add_from_file);
if (ret) {
- if (path)
- fprintf(stderr, "Reading CIPSO from '%s' failed.\n",
- path);
- else
- fputs("Reading CIPSO from STDIN failed.\n",
- stderr);
smack_cipso_free(cipso);
- return -1;
+ return ret;
}
ret = smack_cipso_apply(cipso);
return 0;
}
-
-static int apply_cipso_cb(const char *fpath, const struct stat *sb,
- int typeflag, struct FTW *ftwbuf)
-{
- int fd;
- int ret;
-
- if (typeflag == FTW_D)
- return ftwbuf->level ? FTW_SKIP_SUBTREE : FTW_CONTINUE;
- else if (typeflag != FTW_F)
- return FTW_STOP;
-
- fd = open(fpath, O_RDONLY);
- if (fd < 0) {
- fprintf(stderr, "open() failed for '%s' : %s\n", fpath,
- strerror(errno));
- return -1;
- }
-
- ret = apply_cipso_file(fpath, fd) ? FTW_STOP : FTW_CONTINUE;
- close(fd);
- return ret;
-}
projects / framework / security / smack.git / commitdiff