From: Jarkko Sakkinen Date: Mon, 15 Nov 2010 15:45:22 +0000 (-0800) Subject: smack_set_smackexec_to_file() X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f5adec27ca3813d8a8fe0d8212bdab8e30d1d7d0;p=framework%2Fsecurity%2Fsmack.git smack_set_smackexec_to_file() --- diff --git a/src/smack.c b/src/smack.c index 462fc1f..af514f1 100644 --- a/src/smack.c +++ b/src/smack.c @@ -36,6 +36,7 @@ #define SMACK_ACC_LEN 4 #define SMACK64 "security.SMACK64" +#define SMACK64EXEC "security.SMACK64EXEC" #define SMACK64_LEN 23 #define SMACK_PROC_PATH "/proc/%d/attr/current" @@ -396,6 +397,52 @@ int smack_get_smack_from_proc(int pid, char **smack) return *smack != NULL ? 0 : - 1; } +int smack_set_smackexec_to_file(const char *path, const char *smack, int flags) +{ + size_t size; + int ret; + + size = strlen(smack); + if (size > SMACK64_LEN) + return -1; + + if ((flags & SMACK_XATTR_SYMLINK) == 0) + ret = setxattr(path, SMACK64EXEC, smack, size, 0); + else + ret = lsetxattr(path, SMACK64EXEC, smack, size, 0); + + return ret; +} + +int smack_get_smackexec_from_file(const char *path, char **smack, int flags) +{ + ssize_t ret; + char *buf; + + if ((flags & SMACK_XATTR_SYMLINK) == 0) + ret = getxattr(path, SMACK64EXEC, NULL, 0); + else + ret = lgetxattr(path, SMACK64EXEC, NULL, 0); + + if (ret < 0) + return -1; + + buf = malloc(ret + 1); + + if ((flags & SMACK_XATTR_SYMLINK) == 0) + ret = getxattr(path, SMACK64EXEC, buf, ret); + else + ret = lgetxattr(path, SMACK64EXEC, buf, ret); + + if (ret < 0) { + free(buf); + return -1; + } + + buf[ret] = '\0'; + *smack = buf; + return 0; +} static int update_rule(struct smack_subject **subjects, const char *subject_str, diff --git a/src/smack.h b/src/smack.h index 0c6d561..5ae8b55 100644 --- a/src/smack.h +++ b/src/smack.h @@ -204,6 +204,30 @@ extern int smack_get_smack_from_file(const char *path, char **smack, */ extern int smack_get_smack_from_proc(int pid, char **smack); +/*! + * Set SMACK64EXEC security attribute for a given path. + * + * @param path path to a file + * @param smack new value + * @param flags set flags + * @return 0 on success + */ +extern int smack_set_smackexec_to_file(const char *path, const char *smack, + int flags); + +/*! + * Get SMACK64EXEC security attribute for a given path. + * Allocated memory must be freed by the caller. + * + * @param path path to a file + * @param smack current value + * @param flags set flags + * @return 0 on success + */ +extern int smack_get_smackexec_from_file(const char *path, char **smack, + int flags); + + #ifdef __cplusplus } #endif diff --git a/tests/check_smack.c b/tests/check_smack.c index 7570fa8..a70fa5d 100644 --- a/tests/check_smack.c +++ b/tests/check_smack.c @@ -225,6 +225,29 @@ START_TEST(test_set_smack_to_file_symlink) } END_TEST +START_TEST(test_set_smackexec_to_file) +{ + FILE *file; + int rc; + char *smack; + + file = fopen("set_smack-dummy.txt", "w"); + fprintf(file, "dummy\n"); + fclose(file); + + rc = smack_set_smackexec_to_file("set_smack-dummy.txt", "Apple", 0); + fail_unless(rc == 0, "Failed to set SMACK64EXEC"); + + rc = smack_get_smackexec_from_file("set_smack-dummy.txt", &smack, 0); + fail_unless(rc == 0, "Failed to get SMACK64EXEC"); + + rc = strcmp(smack, "Apple"); + fail_unless(rc == 0, "smack %s not equal to Apple", smack); + + free(smack); +} +END_TEST + Suite *ruleset_suite (void) { Suite *s; @@ -248,6 +271,7 @@ Suite *ruleset_suite (void) tc_core = tcase_create("Security attributes"); tcase_add_test(tc_core, test_set_smack_to_file); tcase_add_test(tc_core, test_set_smack_to_file_symlink); + tcase_add_test(tc_core, test_set_smackexec_to_file); suite_add_tcase(s, tc_core); return s;