libsmack header file.
#include <unistd.h>
#include <limits.h>
-#define LABEL_LEN 255
#define ACC_LEN 5
-#define LOAD_LEN (2 * (LABEL_LEN + 1) + ACC_LEN)
+#define LOAD_LEN (2 * (SMACK_LABEL_LEN + 1) + ACC_LEN)
#define LEVEL_MAX 255
#define NUM_LEN 4
#define BUF_SIZE 512
#define CAT_MAX_COUNT 240
#define CAT_MAX_VALUE 63
-#define CIPSO_POS(i) (LABEL_LEN + 1 + NUM_LEN + NUM_LEN + i * NUM_LEN)
+#define CIPSO_POS(i) (SMACK_LABEL_LEN + 1 + NUM_LEN + NUM_LEN + i * NUM_LEN)
#define CIPSO_MAX_SIZE CIPSO_POS(CAT_MAX_COUNT)
#define CIPSO_NUM_LEN_STR "%-4d"
extern char *smack_mnt;
struct smack_rule {
- char subject[LABEL_LEN + 1];
- char object[LABEL_LEN + 1];
+ char subject[SMACK_LABEL_LEN + 1];
+ char object[SMACK_LABEL_LEN + 1];
int access_code;
struct smack_rule *next;
};
};
struct cipso_mapping {
- char label[LABEL_LEN + 1];
+ char label[SMACK_LABEL_LEN + 1];
int cats[CAT_MAX_VALUE];
int ncats;
int level;
if (rule == NULL)
return -1;
- strncpy(rule->subject, subject, LABEL_LEN + 1);
- strncpy(rule->object, object, LABEL_LEN + 1);
+ strncpy(rule->subject, subject, SMACK_LABEL_LEN + 1);
+ strncpy(rule->object, object, SMACK_LABEL_LEN + 1);
rule->access_code = access_type_to_int(access_type);
if (handle->first == NULL) {
level = strtok_r(NULL, " \t\n", &ptr);
cat = strtok_r(NULL, " \t\n", &ptr);
if (label == NULL || cat == NULL || level == NULL ||
- strlen(label) > LABEL_LEN) {
+ strlen(label) > SMACK_LABEL_LEN) {
errno = EINVAL;
goto err_out;
}
for (m = cipso->first; m != NULL; m = m->next) {
sprintf(buf, "%s ", m->label);
- sprintf(&buf[LABEL_LEN + 1], CIPSO_NUM_LEN_STR, m->level);
- sprintf(&buf[LABEL_LEN + 1 + NUM_LEN], CIPSO_NUM_LEN_STR, m->ncats);
+ sprintf(&buf[SMACK_LABEL_LEN + 1], CIPSO_NUM_LEN_STR, m->level);
+ sprintf(&buf[SMACK_LABEL_LEN + 1 + NUM_LEN], CIPSO_NUM_LEN_STR, m->ncats);
for (i = 0; i < m->ncats; i++)
sprintf(&buf[CIPSO_POS(i)], CIPSO_NUM_LEN_STR, m->cats[i]);
int fd;
int ret;
- result = calloc(LABEL_LEN + 1, 1);
+ result = calloc(SMACK_LABEL_LEN + 1, 1);
if (result == NULL)
return -1;
return -1;
}
- ret = read(fd, result, LABEL_LEN);
+ ret = read(fd, result, SMACK_LABEL_LEN);
close(fd);
if (ret < 0) {
free(result);
*
* Copyright (C) 2010 Nokia Corporation
* Copyright (C) 2011 Intel Corporation
+ * Copyright (C) 2012 Samsung Electronics Co.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
*
* Authors:
* Jarkko Sakkinen <jarkko.sakkinen@intel.com>
+ * Rafal Krypa <r.krypa@samsung.com>
*/
/*!
#include <sys/types.h>
/*!
+ * Maximum length of a smack label, excluding terminating null character.
+ */
+#define SMACK_LABEL_LEN 255
+
+/*!
* Handle to a in-memory representation of set of Smack rules.
*/
struct smack_accesses;
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/xattr.h>
+#include <sys/smack.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#define LSIZE 255
static inline int leads(char *in, char *lead)
{
int rc;
int argi;
int transmute = 0;
- char buffer[LSIZE + 1];
+ char buffer[SMACK_LABEL_LEN + 1];
char *access = NULL;
char *mm = NULL;
char *execute = NULL;
fprintf(stderr, "No files specified.\n");
exit(1);
}
- if (access != NULL && strlen(access) > LSIZE) {
+ if (access != NULL && strlen(access) > SMACK_LABEL_LEN) {
fprintf(stderr, "Access label \"%s\" exceeds %d characters.\n",
- access, LSIZE);
+ access, SMACK_LABEL_LEN);
exit(1);
}
- if (mm != NULL && strlen(mm) > LSIZE) {
+ if (mm != NULL && strlen(mm) > SMACK_LABEL_LEN) {
fprintf(stderr, "mmap label \"%s\" exceeds %d characters.\n",
- mm, LSIZE);
+ mm, SMACK_LABEL_LEN);
exit(1);
}
- if (execute != NULL && strlen(execute) > LSIZE) {
+ if (execute != NULL && strlen(execute) > SMACK_LABEL_LEN) {
fprintf(stderr, "execute label \"%s\" exceeds %d characters.\n",
- execute, LSIZE);
+ execute, SMACK_LABEL_LEN);
exit(1);
}
for (; argi < argc; argi++) {
execute == NULL && !transmute) {
printf("%s", argv[argi]);
rc = lgetxattr(argv[argi], "security.SMACK64",
- buffer, LSIZE + 1);
+ buffer, SMACK_LABEL_LEN + 1);
if (rc > 0) {
buffer[rc] = '\0';
printf(" access=\"%s\"", buffer);
}
rc = lgetxattr(argv[argi], "security.SMACK64EXEC",
- buffer, LSIZE + 1);
+ buffer, SMACK_LABEL_LEN + 1);
if (rc > 0) {
buffer[rc] = '\0';
printf(" execute=\"%s\"", buffer);
}
rc = lgetxattr(argv[argi], "security.SMACK64MMAP",
- buffer, LSIZE + 1);
+ buffer, SMACK_LABEL_LEN + 1);
if (rc > 0) {
buffer[rc] = '\0';
printf(" mmap=\"%s\"", buffer);
}
rc = lgetxattr(argv[argi], "security.SMACK64TRANSMUTE",
- buffer, LSIZE + 1);
+ buffer, SMACK_LABEL_LEN + 1);
if (rc > 0) {
buffer[rc] = '\0';
printf(" transmute=\"%s\"", buffer);
#ifndef COMMON_H
#define COMMON_H
-#define LABEL_LEN 255
#define ACCESSES_D_PATH "/etc/smack/accesses.d"
#define CIPSO_D_PATH "/etc/smack/cipso.d"