From fdf7dbaf3f4ec5010624affde5738a437318c389 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Fri, 12 Nov 2010 21:10:38 -0800 Subject: [PATCH] smack_set_proc_smack() --- src/smack.c | 29 +++++++++++++++++++++++++++-- src/smack.h | 13 +++++++++++-- tests/check_smack.c | 8 ++++---- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/src/smack.c b/src/smack.c index 02c2000..2aa3a7f 100644 --- a/src/smack.c +++ b/src/smack.c @@ -36,6 +36,9 @@ #define SMACK64 "security.SMACK64" #define SMACK64_LEN 23 +#define SMACK_PROC_PATH "/proc/%d/attr/current" +#define LINE_BUFFER_SIZE 255 + struct smack_object { char object[SMACK64_LEN + 1]; unsigned ac; @@ -229,7 +232,7 @@ int smack_have_access_rule(smack_ruleset_t handle, const char *subject, return ((o->ac & ac) == ac); } -int smack_set_smack(const char *path, const char *smack) +int smack_set_file_smack(const char *path, const char *smack) { size_t size; int ret; @@ -243,7 +246,7 @@ int smack_set_smack(const char *path, const char *smack) return ret; } -int smack_get_smack(const char *path, char **smack) +int smack_get_file_smack(const char *path, char **smack) { ssize_t ret; char *buf; @@ -264,6 +267,28 @@ int smack_get_smack(const char *path, char **smack) return 0; } +int smack_get_proc_smack(int pid, char **smack) +{ + char buf[LINE_BUFFER_SIZE]; + FILE *file; + + snprintf(buf, LINE_BUFFER_SIZE, SMACK_PROC_PATH, pid); + + file = fopen(buf, "r"); + if (file == NULL) + return -1; + + if (fgets(buf, LINE_BUFFER_SIZE, file) == NULL) { + fclose(file); + return -1; + } + + fclose(file); + *smack = strdup(buf); + return *smack != NULL ? 0 : - 1; +} + + static int update_rule(struct smack_ruleset *handle, const char *subject_str, const char *object_str, unsigned ac) diff --git a/src/smack.h b/src/smack.h index c490607..39f96cc 100644 --- a/src/smack.h +++ b/src/smack.h @@ -142,7 +142,7 @@ extern int smack_have_access_rule(smack_ruleset_t handle, const char *subject, * @param smack new value * @return 0 on success */ -extern int smack_set_smack(const char *path, const char *smack); +extern int smack_set_file_smack(const char *path, const char *smack); /*! * Get SMACK64 security attribute for a given path. Follows symbolic links. @@ -152,7 +152,16 @@ extern int smack_set_smack(const char *path, const char *smack); * @param smack current value * @return 0 on success */ -extern int smack_get_smack(const char *path, char **smack); +extern int smack_get_file_smack(const char *path, char **smack); + +/*! + * Get SMACK64 security attribute for a given pid. + * + * @param pid pid of a process + * @param smack current value + * @return 0 on success + */ +extern int smack_get_proc_smack(int pid, char **smack); #ifdef __cplusplus } diff --git a/tests/check_smack.c b/tests/check_smack.c index 3e117f8..9666d4e 100644 --- a/tests/check_smack.c +++ b/tests/check_smack.c @@ -166,7 +166,7 @@ START_TEST(test_have_access_removed_rule) } END_TEST -START_TEST(test_set_smack) +START_TEST(test_set_file_smack) { FILE *file; int rc; @@ -176,10 +176,10 @@ START_TEST(test_set_smack) fprintf(file, "dummy\n"); fclose(file); - rc = smack_set_smack("set_smack-dummy.txt", "Apple"); + rc = smack_set_file_smack("set_smack-dummy.txt", "Apple"); fail_unless(rc == 0, "Failed to set SMACK64"); - rc = smack_get_smack("set_smack-dummy.txt", &smack); + rc = smack_get_file_smack("set_smack-dummy.txt", &smack); fail_unless(rc == 0, "Failed to get SMACK64"); rc = strcmp(smack, "Apple"); @@ -210,7 +210,7 @@ Suite *ruleset_suite (void) /* tc_core = tcase_create("Security attributes"); - tcase_add_test(tc_core, test_set_smack); + tcase_add_test(tc_core, test_set_file_smack); suite_add_tcase(s, tc_core); */ -- 2.7.4