From: Rafal Krypa Date: Wed, 12 Dec 2012 18:32:01 +0000 (+0100) Subject: libsmack: add function for setting current process label. X-Git-Tag: accepted/trunk/20130108.195935~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=02d03be3d9fd7bd15f08bd1e6ba2ab9c6686d95e;p=platform%2Fupstream%2Fsmack.git libsmack: add function for setting current process label. --- diff --git a/debian/libsmack1.symbols b/debian/libsmack1.symbols index f506ae0..10eff14 100644 --- a/debian/libsmack1.symbols +++ b/debian/libsmack1.symbols @@ -11,3 +11,4 @@ libsmack.so.1 libsmack1 #MINVER# smack_new_label_from_self@LIBSMACK 1.0 smack_new_label_from_socket@LIBSMACK 1.0 smack_revoke_subject@LIBSMACK 1.0 + smack_set_label_for_self@LIBSMACK 1.0 diff --git a/doc/Makefile.am b/doc/Makefile.am index bcf212b..2093995 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -31,6 +31,7 @@ man_MANS = smackaccess.1 \ smack_have_access.3 \ smack_new_label_from_self.3 \ smack_new_label_from_socket.3 \ + smack_set_label_for_self.3 \ smack_revoke_subject.3 \ chsmack.8 \ smackcipso.8 \ diff --git a/doc/smack_have_access.3 b/doc/smack_have_access.3 index e1d8936..fadd374 100644 --- a/doc/smack_have_access.3 +++ b/doc/smack_have_access.3 @@ -1,6 +1,7 @@ '\" t .\" This file is part of libsmack .\" Copyright (C) 2012 Intel Corporation +.\" Copyright (C) 2012 Samsung Electronics Co. .\" .\" This library is free software; you can redistribute it and/or .\" modify it under the terms of the GNU Lesser General Public License @@ -18,8 +19,9 @@ .\" .\" Author: .\" Brian McGillion +.\" Rafal Krypa .\" -.TH "SMACK_HAVE_ACCESS" "3" "02/05/2012" "Libsmack 1\&.0" +.TH "SMACK_HAVE_ACCESS" "3" "06/20/2012" "Libsmack 1\&.0" .SH NAME smack_have_access, smack_new_label_from_self, smack_new_label_from_socket \- Userspace interaction with Smack .SH SYNOPSIS @@ -29,6 +31,8 @@ smack_have_access, smack_new_label_from_self, smack_new_label_from_socket \- Use .br .BI "int smack_new_label_from_self(char **" label ");" .br +.BI "int smack_set_label_for_self(char **" label ");" +.br .BI "int smack_new_label_from_socket(int " fd ", char **" label ");" .sp .SH DESCRIPTION @@ -59,6 +63,11 @@ to this upon return. It is the responsibility of the caller to free .I label when it is no longer required. .PP +.BR smack_set_label_for_self () +sets the context of the current process to +.IR label . +The calling process must have the CAP_MAC_ADMIN capability. +.PP .BR smack_new_label_from_socket () takes the file descriptor, .IR "fd" , diff --git a/doc/smack_set_label_for_self.3 b/doc/smack_set_label_for_self.3 new file mode 100644 index 0000000..5040587 --- /dev/null +++ b/doc/smack_set_label_for_self.3 @@ -0,0 +1 @@ +.so man3/smack_have_access.3 diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c index 4604e6d..dfeffa4 100644 --- a/libsmack/libsmack.c +++ b/libsmack/libsmack.c @@ -495,6 +495,26 @@ int smack_new_label_from_socket(int fd, char **label) return 0; } +int smack_set_label_for_self(const char *label) +{ + int len; + int fd; + int ret; + + len = strnlen(label, SMACK_LABEL_LEN + 1); + if (len > SMACK_LABEL_LEN) + return -1; + + fd = open(SELF_LABEL_FILE, O_WRONLY); + if (fd < 0) + return -1; + + ret = write(fd, label, len); + close(fd); + + return (ret < 0) ? -1 : 0; +} + int smack_revoke_subject(const char *subject) { int ret; diff --git a/libsmack/libsmack.sym b/libsmack/libsmack.sym index ecf14b2..a8b0ab4 100644 --- a/libsmack/libsmack.sym +++ b/libsmack/libsmack.sym @@ -14,6 +14,7 @@ global: smack_smackfs_path; smack_new_label_from_self; smack_new_label_from_socket; + smack_set_label_for_self; smack_revoke_subject; local: *; diff --git a/libsmack/sys/smack.h b/libsmack/sys/smack.h index de4aef2..70c0224 100644 --- a/libsmack/sys/smack.h +++ b/libsmack/sys/smack.h @@ -156,6 +156,15 @@ int smack_new_label_from_self(char **label); int smack_new_label_from_socket(int fd, char **label); /*! + * Set the label associated with the callers process. + * Caller must be run by privileged user to succeed. + * + * @param label to set + * @return 0 on success and negative value on failure. + */ +int smack_set_label_for_self(const char *label); + +/*! * Revoke all rules for a subject label. * * @param subject subject to revoke