-D_DEFAULT_CONFIGURATION_FILE=\"$(CONFPATH)\" \
-D_DB_PATH=\"$(DB_PATH)\" \
-D_BUXTON_SOCKET=\"$(BUXTON_SOCKET)\" \
- -D_SMACK_LOAD_FILE=\"$(SMACK_LOAD_FILE)\"
+ -D_SMACK_LOAD_FILE=\"$(SMACK_LOAD_FILE)\" \
+ -D_SMACK_PERMISSIVE=\"$(SMACK_PERMISSIVE)\"
AM_LDFLAGS = \
-rdynamic
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SMACK_LOAD_FILE = @SMACK_LOAD_FILE@
+SMACK_PERMISSIVE = @SMACK_PERMISSIVE@
STRIP = @STRIP@
SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@
SYSTEMD_LIBS = @SYSTEMD_LIBS@
-D_DEFAULT_CONFIGURATION_FILE=\"$(CONFPATH)\" \
-D_DB_PATH=\"$(DB_PATH)\" \
-D_BUXTON_SOCKET=\"$(BUXTON_SOCKET)\" \
- -D_SMACK_LOAD_FILE=\"$(SMACK_LOAD_FILE)\"
+ -D_SMACK_LOAD_FILE=\"$(SMACK_LOAD_FILE)\" \
+ -D_SMACK_PERMISSIVE=\"$(SMACK_PERMISSIVE)\"
AM_LDFLAGS = \
-rdynamic
MANPAGE_TRUE
DEBUG_FALSE
DEBUG_TRUE
+SMACK_PERMISSIVE
SMACK_LOAD_FILE
BUXTON_SOCKET
DB_PATH
with_db_path
with_socket_path
with_smack_load_file
+with_smack_permissive
enable_debug
enable_manpages
enable_coverage
path to buxton socket file
--with-smack-load-file=SMACKLOADFILE
path to smack load2 file
+ --with-smack-permissive=SMACKPERMISSIVE
+ path to smack permissive file
Some influential environment variables:
CC C compiler command
SMACK_LOAD_FILE="${smack_load_file}"
+
+# Check whether --with-smack-permissive was given.
+if test "${with_smack_permissive+set}" = set; then :
+ withval=$with_smack_permissive; smack_permissive=${withval}
+else
+ smack_permissive="/sys/fs/smackfs/permissive"
+fi
+
+SMACK_PERMISSIVE="${smack_permissive}"
+
+
# Check whether --enable-debug was given.
if test "${enable_debug+set}" = set; then :
enableval=$enable_debug;
SMACK_LOAD_FILE="${smack_load_file}"
AC_SUBST(SMACK_LOAD_FILE)
+AC_ARG_WITH([smack-permissive], AS_HELP_STRING([--with-smack-permissive=SMACKPERMISSIVE],
+ [path to smack permissive file]), [smack_permissive=${withval}],
+ [smack_permissive="/sys/fs/smackfs/permissive"])
+SMACK_PERMISSIVE="${smack_permissive}"
+AC_SUBST(SMACK_PERMISSIVE)
+
AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug], [enable debug mode @<:@default=no@:>@]),
[], [enable_debug=no])
AS_IF([test "x$enable_debug" = "xyes"],
static Hashmap *_smackrules = NULL;
/* set to true unless Smack support is not detected by the daemon */
static bool have_smack = true;
+static bool permissive;
#define smack_check() do { if (!have_smack) { return true; } } while (0);
return have_smack;
}
+static bool buxton_get_permissive_mode(void)
+{
+ FILE *fp;
+ int d;
+ int r;
+
+ fp = fopen(buxton_smack_permissive(), "r");
+ if (!fp)
+ return false;
+
+ r = fscanf(fp, "%d\n", &d);
+ fclose(fp);
+
+ if (r != 1)
+ return false;
+
+ buxton_log("Smack permissive mode %s\n", d ? "On" : "Off");
+
+ return !!d;
+}
+
bool buxton_cache_smack_rules(void)
{
smack_check();
goto end;
}
+ permissive = buxton_get_permissive_mode();
+
load_file = fopen(buxton_smack_load_file(), "r");
if (!load_file) {
buxton_debug("Subject: %s\n", subject->value);
buxton_debug("Object: %s\n", object->value);
+ /* permissive mode */
+ if (permissive)
+ return true;
+
/* check the builtin Smack rules first */
if (streq(subject->value, "*")) {
return false;
buxton_log("inotify_add_watch(): %m\n");
return -1;
}
+
+ /* If permissive mode is supported */
+ inotify_add_watch(fd, buxton_smack_permissive(), IN_CLOSE_WRITE);
+
return fd;
}
"BUXTON_MODULE_DIR",
"BUXTON_DB_PATH",
"BUXTON_SMACK_LOAD_FILE",
- "BUXTON_BUXTON_SOCKET"
+ "BUXTON_BUXTON_SOCKET",
+ "BUXTON_SMACK_PERMISSIVE"
};
/**
"ModuleDirectory",
"DatabasePath",
"SmackLoadFile",
- "SocketPath"
+ "SocketPath",
+ "SmackPermissive"
};
static const char *COMPILE_DEFAULT[CONFIG_MAX] = {
_MODULE_DIRECTORY,
_DB_PATH,
_SMACK_LOAD_FILE,
- _BUXTON_SOCKET
+ _BUXTON_SOCKET,
+ _SMACK_PERMISSIVE
};
/**
return (const char*)conf.keys[CONFIG_SMACK_LOAD_FILE];
}
+const char* buxton_smack_permissive(void)
+{
+ initialize();
+ return (const char*)conf.keys[CONFIG_SMACK_PERMISSIVE];
+}
+
const char* buxton_socket(void)
{
initialize();
CONFIG_DB_PATH,
CONFIG_SMACK_LOAD_FILE,
CONFIG_BUXTON_SOCKET,
+ CONFIG_SMACK_PERMISSIVE,
CONFIG_MAX
} ConfigKey;
/**
* @internal
+ * @brief Get the path of the smack permissive.
+ *
+ *
+ * @return the path of the smack permissive file. Do not free this pointer.
+ * It belongs to configurator.
+ */
+const char *buxton_smack_permissive(void)
+ __attribute__((warn_unused_result));
+
+/**
+ * @internal
* @brief Get the path of the buxton socket.
*
*