From f47b9c90fe3dd26479e3b7ff7c82095e9500e1ce Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Mon, 20 May 2013 19:50:25 -0700 Subject: [PATCH] Finalized cipso API. Aligned cipso API with accesses API so that they have same style. Added documenation comments for cipso API. Signed-off-by: Jarkko Sakkinen --- libsmack/libsmack.c | 121 ++++++++++++++++++++++++++------------------------ libsmack/libsmack.sym | 7 +-- libsmack/sys/smack.h | 28 +++++++++++- utils/common.c | 10 ++++- 4 files changed, 102 insertions(+), 64 deletions(-) diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c index cec540c..f023b94 100644 --- a/libsmack/libsmack.c +++ b/libsmack/libsmack.c @@ -325,6 +325,19 @@ int smack_have_access(const char *subject, const char *object, return buf[0] == '1'; } + +int smack_cipso_new(struct smack_cipso **cipso) +{ + struct smack_cipso *result; + + result = calloc(sizeof(struct smack_cipso), 1); + if (result == NULL) + return -1; + + *cipso = result; + return 0; +} + void smack_cipso_free(struct smack_cipso *cipso) { if (cipso == NULL) @@ -340,9 +353,53 @@ void smack_cipso_free(struct smack_cipso *cipso) } } -struct smack_cipso *smack_cipso_new(int fd) +int smack_cipso_apply(struct smack_cipso *cipso) +{ + struct cipso_mapping *m = NULL; + char buf[CIPSO_MAX_SIZE]; + int fd; + int i; + char path[PATH_MAX]; + int offset=0; + + if (!smack_mnt) { + errno = EFAULT; + return -1; + } + + snprintf(path, sizeof path, "%s/cipso2", smack_mnt); + fd = open(path, O_WRONLY); + if (fd < 0) + return -1; + + memset(buf,0,CIPSO_MAX_SIZE); + for (m = cipso->first; m != NULL; m = m->next) { + snprintf(buf, SMACK_LABEL_LEN + 1, "%s", m->label); + offset += strlen(buf) + 1; + + sprintf(&buf[offset], CIPSO_NUM_LEN_STR, m->level); + offset += NUM_LEN; + + sprintf(&buf[offset], CIPSO_NUM_LEN_STR, m->ncats); + offset += NUM_LEN; + + for (i = 0; i < m->ncats; i++){ + sprintf(&buf[offset], CIPSO_NUM_LEN_STR, m->cats[i]); + offset += NUM_LEN; + } + + if (write(fd, buf, offset) < 0) { + close(fd); + return -1; + } + } + + close(fd); + return 0; +} + +int smack_cipso_add_from_file(struct smack_cipso *cipso, int fd) { - struct smack_cipso *cipso = NULL; struct cipso_mapping *mapping = NULL; FILE *file = NULL; char buf[BUF_SIZE]; @@ -353,18 +410,12 @@ struct smack_cipso *smack_cipso_new(int fd) newfd = dup(fd); if (newfd == -1) - return NULL; + return -1; file = fdopen(newfd, "r"); if (file == NULL) { close(newfd); - return NULL; - } - - cipso = calloc(sizeof(struct smack_cipso ), 1); - if (cipso == NULL) { - fclose(file); - return NULL; + return -1; } while (fgets(buf, BUF_SIZE, file) != NULL) { @@ -425,12 +476,11 @@ struct smack_cipso *smack_cipso_new(int fd) goto err_out; fclose(file); - return cipso; + return 0; err_out: fclose(file); - smack_cipso_free(cipso); free(mapping); - return NULL; + return -1; } const char *smack_smackfs_path(void) @@ -438,51 +488,6 @@ const char *smack_smackfs_path(void) return smack_mnt; } -int smack_cipso_apply(struct smack_cipso *cipso) -{ - struct cipso_mapping *m = NULL; - char buf[CIPSO_MAX_SIZE]; - int fd; - int i; - char path[PATH_MAX]; - int offset=0; - - if (!smack_mnt) { - errno = EFAULT; - return -1; - } - - snprintf(path, sizeof path, "%s/cipso2", smack_mnt); - fd = open(path, O_WRONLY); - if (fd < 0) - return -1; - - memset(buf,0,CIPSO_MAX_SIZE); - for (m = cipso->first; m != NULL; m = m->next) { - snprintf(buf, SMACK_LABEL_LEN + 1, "%s", m->label); - offset += strlen(buf) + 1; - - sprintf(&buf[offset], CIPSO_NUM_LEN_STR, m->level); - offset += NUM_LEN; - - sprintf(&buf[offset], CIPSO_NUM_LEN_STR, m->ncats); - offset += NUM_LEN; - - for (i = 0; i < m->ncats; i++){ - sprintf(&buf[offset], CIPSO_NUM_LEN_STR, m->cats[i]); - offset += NUM_LEN; - } - - if (write(fd, buf, offset) < 0) { - close(fd); - return -1; - } - } - - close(fd); - return 0; -} - int smack_new_label_from_self(char **label) { char *result; diff --git a/libsmack/libsmack.sym b/libsmack/libsmack.sym index 1d34243..716de5d 100644 --- a/libsmack/libsmack.sym +++ b/libsmack/libsmack.sym @@ -9,9 +9,10 @@ global: smack_accesses_add_modify; smack_accesses_add_from_file; smack_have_access; - smack_cipso_free; - smack_cipso_new; - smack_cipso_apply; + smack_cipso_free; + smack_cipso_new; + smack_cipso_apply; + smack_cipso_add_from_file; smack_smackfs_path; smack_new_label_from_self; smack_new_label_from_socket; diff --git a/libsmack/sys/smack.h b/libsmack/sys/smack.h index 212ef99..3bb73f7 100644 --- a/libsmack/sys/smack.h +++ b/libsmack/sys/smack.h @@ -142,13 +142,39 @@ int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd); int smack_have_access(const char *subject, const char *object, const char *access_type); -struct smack_cipso *smack_cipso_new(int fd); +/*! + * Creates a new empty smack_cipso instance. + * + * @param cipso created instance + * @return 0 on success and negative value on failure. + */ +int smack_cipso_new(struct smack_cipso **cipso); +/*! + * Destroy a struct smack_cipso *instance. + * + * @param handle handle to a struct smack_cipso *instance + */ void smack_cipso_free(struct smack_cipso *cipso); +/*! + * Write rules to kernel. + * + * @param handle handle to a rules + * @return 0 on success and negative value on failure. + */ int smack_cipso_apply(struct smack_cipso *cipso); /*! + * Add rules from file. + * + * @param cipso instance + * @param fd file descriptor + * @return 0 on success and negative value on failure. + */ +int smack_cipso_add_from_file(struct smack_cipso *cipso, int fd); + +/*! * Get the smackfs directory. */ const char *smack_smackfs_path(void); diff --git a/utils/common.c b/utils/common.c index 2f51815..9fd84e6 100644 --- a/utils/common.c +++ b/utils/common.c @@ -164,9 +164,15 @@ int apply_cipso_file(int fd) struct smack_cipso *cipso = NULL; int ret; - cipso = smack_cipso_new(fd); - if (cipso == NULL) + ret = smack_cipso_new(&cipso); + if (ret) + return -1; + + ret = smack_cipso_add_from_file(cipso, fd); + if (ret) { + smack_cipso_free(cipso); return -1; + } ret = smack_cipso_apply(cipso); smack_cipso_free(cipso); -- 2.7.4