#define SMACK_ACC_LEN 4
#define SMACK64 "security.SMACK64"
+#define SMACK64EXEC "security.SMACK64EXEC"
#define SMACK64_LEN 23
#define SMACK_PROC_PATH "/proc/%d/attr/current"
return *smack != NULL ? 0 : - 1;
}
+int smack_set_smackexec_to_file(const char *path, const char *smack, int flags)
+{
+ size_t size;
+ int ret;
+
+ size = strlen(smack);
+ if (size > SMACK64_LEN)
+ return -1;
+
+ if ((flags & SMACK_XATTR_SYMLINK) == 0)
+ ret = setxattr(path, SMACK64EXEC, smack, size, 0);
+ else
+ ret = lsetxattr(path, SMACK64EXEC, smack, size, 0);
+
+ return ret;
+}
+
+int smack_get_smackexec_from_file(const char *path, char **smack, int flags)
+{
+ ssize_t ret;
+ char *buf;
+
+ if ((flags & SMACK_XATTR_SYMLINK) == 0)
+ ret = getxattr(path, SMACK64EXEC, NULL, 0);
+ else
+ ret = lgetxattr(path, SMACK64EXEC, NULL, 0);
+
+ if (ret < 0)
+ return -1;
+
+ buf = malloc(ret + 1);
+
+ if ((flags & SMACK_XATTR_SYMLINK) == 0)
+ ret = getxattr(path, SMACK64EXEC, buf, ret);
+ else
+ ret = lgetxattr(path, SMACK64EXEC, buf, ret);
+
+ if (ret < 0) {
+ free(buf);
+ return -1;
+ }
+
+ buf[ret] = '\0';
+ *smack = buf;
+ return 0;
+}
static int update_rule(struct smack_subject **subjects,
const char *subject_str,
*/
extern int smack_get_smack_from_proc(int pid, char **smack);
+/*!
+ * Set SMACK64EXEC security attribute for a given path.
+ *
+ * @param path path to a file
+ * @param smack new value
+ * @param flags set flags
+ * @return 0 on success
+ */
+extern int smack_set_smackexec_to_file(const char *path, const char *smack,
+ int flags);
+
+/*!
+ * Get SMACK64EXEC security attribute for a given path.
+ * Allocated memory must be freed by the caller.
+ *
+ * @param path path to a file
+ * @param smack current value
+ * @param flags set flags
+ * @return 0 on success
+ */
+extern int smack_get_smackexec_from_file(const char *path, char **smack,
+ int flags);
+
+
#ifdef __cplusplus
}
#endif
}
END_TEST
+START_TEST(test_set_smackexec_to_file)
+{
+ FILE *file;
+ int rc;
+ char *smack;
+
+ file = fopen("set_smack-dummy.txt", "w");
+ fprintf(file, "dummy\n");
+ fclose(file);
+
+ rc = smack_set_smackexec_to_file("set_smack-dummy.txt", "Apple", 0);
+ fail_unless(rc == 0, "Failed to set SMACK64EXEC");
+
+ rc = smack_get_smackexec_from_file("set_smack-dummy.txt", &smack, 0);
+ fail_unless(rc == 0, "Failed to get SMACK64EXEC");
+
+ rc = strcmp(smack, "Apple");
+ fail_unless(rc == 0, "smack %s not equal to Apple", smack);
+
+ free(smack);
+}
+END_TEST
+
Suite *ruleset_suite (void)
{
Suite *s;
tc_core = tcase_create("Security attributes");
tcase_add_test(tc_core, test_set_smack_to_file);
tcase_add_test(tc_core, test_set_smack_to_file_symlink);
+ tcase_add_test(tc_core, test_set_smackexec_to_file);
suite_add_tcase(s, tc_core);
return s;