return buf[0] == '1';
}
-int smack_new_label_from_self(char **label)
+ssize_t smack_get_self_label(char *buf, size_t count)
{
- char *result;
int fd;
int ret;
- result = calloc(LABEL_LEN + 1, 1);
- if (result == NULL)
- return -1;
-
fd = open(SELF_LABEL_FILE, O_RDONLY);
- if (fd < 0) {
- free(result);
+ if (fd < 0)
return -1;
- }
- ret = read(fd, result, LABEL_LEN);
+ ret = read(fd, buf, count);
close(fd);
- if (ret < 0) {
- free(result);
+ if (ret < 0)
+ return -1;
+
+ return count;
+}
+
+int smack_set_self_label(char *label)
+{
+ int fd;
+
+ fd = open(SELF_LABEL_FILE, O_WRONLY);
+ if (fd < 0)
+ return -1;
+
+ if (write(fd, label, strlen(label)) < 0) {
+ close(fd);
return -1;
}
- *label = result;
+ close(fd);
return 0;
}
return 0;
}
-int smack_set_self_label(char *label)
-{
- int fd;
-
- fd = open(SELF_LABEL_FILE, O_WRONLY);
- if (fd < 0)
- return -1;
-
- if (write(fd, label, strlen(label)) < 0) {
- close(fd);
- return -1;
- }
-
- close(fd);
- return 0;
-}
-
static int accesses_apply(struct smack_accesses *handle, int clear)
{
char buf[LOAD_LEN + 1];
smack_accesses_add;
smack_accesses_add_from_file;
smack_have_access;
- smack_new_label_from_self;
+ smack_get_self_label;
+ smack_set_self_label;
smack_new_label_from_socket;
local:
*;
#ifndef SMACK_H
#define SMACK_H
+#include <sys/types.h>
+
/*!
* Handle to a in-memory representation of set of Smack rules.
*/
/*!
* Get the label that is associated with the callers process.
- * Caller is responsible of freeing the returned label.
*
- * @param label returned label
- * @return 0 on success and negative value on failure.
+ * @param buf character buffer where label is read
+ * @param count length of the buffer
+ * @return label length on success and negative value on failure.
*/
-int smack_new_label_from_self(char **label);
+ssize_t smack_get_self_label(char *buf, size_t count);
+
+/*!
+ * Set the label that is associated with the callers process.
+ *
+ * @param label new label for callers process
+ */
+int smack_set_self_label(char *label);
/*!
* Get the label that is associated with a peer on the other end of an
*/
int smack_new_label_from_socket(int fd, char **label);
-/*!
- * Set Smack label for callers process. Requires CAP_MAC_ADMIN.
- *
- * @param label new label for callers process
- */
-int smack_set_self_label(char *label);
-
#ifdef __cplusplus
}
#endif
#include <string.h>
#define SMACKFS_MAGIC 0x43415d53
-#define LABEL_LEN 23
#define CAT_MAX_COUNT 240
#define CAT_MAX_VALUE 63
#define LEVEL_MAX 255
#ifndef COMMON_H
#define COMMON_H
+#define LABEL_LEN 23
#define SMACKFS_MNT "/smack"
#define ACCESSES_PATH "/etc/smack/accesses"
#define ACCESSES_D_PATH "/etc/smack/accesses.d"
#define CIPSO_PATH "/etc/smack/cipso"
#define CIPSO_D_PATH "/etc/smack/cipso.d"
-
int clear(void);
int is_smackfs_mounted(void);
int apply_rules(const char *path, int clear);
#include <sys/smack.h>
#include <stdio.h>
#include <stdlib.h>
+#include "common.h"
int main(int argc, char **argv)
{
- char *label = NULL;
+ char label[LABEL_LEN + 1];
+ int len;
- if (smack_new_label_from_self(&label)) {
- perror("smack_new_label_from_self");
+ len = smack_get_self_label(label, LABEL_LEN);
+ if (len < 0) {
+ perror("smack_get_self_label");
return EXIT_FAILURE;
}
+ label[len] = '\0';
+
printf("%s", label);
- free(label);
return EXIT_SUCCESS;
}