smack_set_smackexec_to_file()

diff --git a/src/smack.c b/src/smack.c
index 462fc1f..af514f1 100644 (file)
--- a/src/smack.c
+++ b/src/smack.c
@@ -36,6 +36,7 @@
 #define SMACK_ACC_LEN 4
 
 #define SMACK64 "security.SMACK64"
+#define SMACK64EXEC "security.SMACK64EXEC"
 #define SMACK64_LEN 23
 
 #define SMACK_PROC_PATH "/proc/%d/attr/current"
@@ -396,6 +397,52 @@ int smack_get_smack_from_proc(int pid, char **smack)
        return *smack != NULL ? 0 : - 1;
 }
 
+int smack_set_smackexec_to_file(const char *path, const char *smack, int flags)
+{
+       size_t size;
+       int ret;
+
+       size = strlen(smack);
+       if (size > SMACK64_LEN)
+               return -1;
+
+       if ((flags & SMACK_XATTR_SYMLINK) == 0)
+               ret = setxattr(path, SMACK64EXEC, smack, size, 0);
+       else
+               ret = lsetxattr(path, SMACK64EXEC, smack, size, 0);
+
+       return ret;
+}
+
+int smack_get_smackexec_from_file(const char *path, char **smack, int flags)
+{
+       ssize_t ret;
+       char *buf;
+
+       if ((flags & SMACK_XATTR_SYMLINK) == 0)
+               ret = getxattr(path, SMACK64EXEC, NULL, 0);
+       else
+               ret = lgetxattr(path, SMACK64EXEC, NULL, 0);
+
+       if (ret < 0)
+               return -1;
+
+       buf = malloc(ret + 1);
+
+       if ((flags & SMACK_XATTR_SYMLINK) == 0)
+               ret = getxattr(path, SMACK64EXEC, buf, ret);
+       else
+               ret = lgetxattr(path, SMACK64EXEC, buf, ret);
+
+       if (ret < 0) {
+               free(buf);
+               return -1;
+       }
+
+       buf[ret] = '\0';
+       *smack = buf;
+       return 0;
+}
 
 static int update_rule(struct smack_subject **subjects,
                       const char *subject_str,

diff --git a/src/smack.h b/src/smack.h
index 0c6d561..5ae8b55 100644 (file)
--- a/src/smack.h
+++ b/src/smack.h
@@ -204,6 +204,30 @@ extern int smack_get_smack_from_file(const char *path, char **smack,
  */
 extern int smack_get_smack_from_proc(int pid, char **smack);
 
+/*!
+ * Set SMACK64EXEC security attribute for a given path.
+ *
+ * @param path path to a file
+ * @param smack new value
+ * @param flags set flags
+ * @return 0 on success
+ */
+extern int smack_set_smackexec_to_file(const char *path, const char *smack,
+                                      int flags);
+
+/*!
+ * Get SMACK64EXEC security attribute for a given path.
+ * Allocated memory must be freed by the caller.
+ *
+ * @param path path to a file
+ * @param smack current value
+ * @param flags set flags
+ * @return 0 on success
+ */
+extern int smack_get_smackexec_from_file(const char *path, char **smack,
+                                        int flags);
+
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/tests/check_smack.c b/tests/check_smack.c
index 7570fa8..a70fa5d 100644 (file)
--- a/tests/check_smack.c
+++ b/tests/check_smack.c
@@ -225,6 +225,29 @@ START_TEST(test_set_smack_to_file_symlink)
 }
 END_TEST
 
+START_TEST(test_set_smackexec_to_file)
+{
+       FILE *file;
+       int rc;
+       char *smack;
+
+       file = fopen("set_smack-dummy.txt", "w");
+       fprintf(file, "dummy\n");
+       fclose(file);
+
+       rc = smack_set_smackexec_to_file("set_smack-dummy.txt", "Apple", 0);
+       fail_unless(rc == 0, "Failed to set SMACK64EXEC");
+
+       rc = smack_get_smackexec_from_file("set_smack-dummy.txt", &smack, 0);
+       fail_unless(rc == 0, "Failed to get SMACK64EXEC");
+
+       rc = strcmp(smack, "Apple");
+       fail_unless(rc == 0, "smack %s not equal to Apple", smack);
+
+       free(smack);
+}
+END_TEST
+
 Suite *ruleset_suite (void)
 {
        Suite *s;
@@ -248,6 +271,7 @@ Suite *ruleset_suite (void)
        tc_core = tcase_create("Security attributes");
        tcase_add_test(tc_core, test_set_smack_to_file);
        tcase_add_test(tc_core, test_set_smack_to_file_symlink);
+       tcase_add_test(tc_core, test_set_smackexec_to_file);
        suite_add_tcase(s, tc_core);
 
        return s;