[Selinux-commits] SF.net SVN: selinux: [2167] trunk/libselinux

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2167
          http://svn.sourceforge.net/selinux/?rev=2167&view=rev
Author:   ssmalley
Date:     2007-01-11 09:19:04 -0800 (Thu, 11 Jan 2007)

Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libselinux patch to add securetty rewritten with getline and using Lindent
Date: Tue, 09 Jan 2007 10:02:44 -0500

sds:  
- Renamed securetty_contexts to securetty_types for the file name and path function. 
- Changed the return value of selinux_check_securetty_context() to match other check functions, i.e. 0 if a securetty, < 0 otherwise.
- Fixed type on len.

Signed-off-by:  Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/libselinux/ChangeLog
    trunk/libselinux/VERSION
    trunk/libselinux/include/selinux/selinux.h
    trunk/libselinux/man/man3/selinux_binary_policy_path.3
    trunk/libselinux/src/file_path_suffixes.h
    trunk/libselinux/src/selinux_config.c
    trunk/libselinux/src/selinux_internal.h
    trunk/libselinux/utils/matchpathcon.c

Added Paths:
-----------
    trunk/libselinux/man/man3/selinux_check_securetty_context.3
    trunk/libselinux/man/man3/selinux_securetty_types_path.3
    trunk/libselinux/src/selinux_check_securetty_context.c
    trunk/libselinux/utils/selinux_check_securetty_context.c

Modified: trunk/libselinux/ChangeLog
===================================================================

--- trunk/libselinux/ChangeLog	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/ChangeLog	2007-01-11 17:19:04 UTC (rev 2167)
@@ -1,3 +1,6 @@
+1.33.4 2006-01-11
+	* Merged selinux_check_securetty_context() and support from Dan Walsh.
+
 1.33.3 2007-01-04
 	* Merged patch for matchpathcon utility to use file mode information
 	  when available from Dan Walsh.

Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/VERSION	2007-01-11 17:19:04 UTC (rev 2167)
@@ -1 +1 @@
-1.33.3
+1.33.4

Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/include/selinux/selinux.h	2007-01-11 17:19:04 UTC (rev 2167)
@@ -406,6 +406,7 @@
 	extern const char *selinux_homedir_context_path(void);
 	extern const char *selinux_media_context_path(void);
 	extern const char *selinux_contexts_path(void);
+	extern const char *selinux_securetty_types_path(void);
 	extern const char *selinux_booleans_path(void);
 	extern const char *selinux_customizable_types_path(void);
 	extern const char *selinux_users_path(void);
@@ -419,6 +420,11 @@
 	extern int selinux_check_passwd_access(access_vector_t requested);
 	extern int checkPasswdAccess(access_vector_t requested);
 
+/* Check if the tty_context is defined as a securetty
+   Return 0 if secure, < 0 otherwise. */
+	extern int selinux_check_securetty_context(security_context_t
+						   tty_context);
+
 /* Set the path to the selinuxfs mount point explicitly.
    Normally, this is determined automatically during libselinux 
    initialization, but this is not always possible, e.g. for /sbin/init

Modified: trunk/libselinux/man/man3/selinux_binary_policy_path.3
===================================================================
--- trunk/libselinux/man/man3/selinux_binary_policy_path.3	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/man/man3/selinux_binary_policy_path.3	2007-01-11 17:19:04 UTC (rev 2167)
@@ -27,6 +27,8 @@
 .br
 extern const char *selinux_media_context_path(void);
 .br
+extern const char *selinux_securetty_types_path(void);
+.br
 extern const char *selinux_contexts_path(void);
 .br
 extern const char *selinux_booleans_path(void);
@@ -56,6 +58,8 @@
 .sp
 selinux_contexts_path() - directory containing all of the context configuration files
 .sp
+selinux_securetty_types_path() - defines tty types for newrole securettys
+.sp
 selinux_booleans_path() - initial policy boolean settings
 
 .SH AUTHOR	

Added: trunk/libselinux/man/man3/selinux_check_securetty_context.3
===================================================================
--- trunk/libselinux/man/man3/selinux_check_securetty_context.3	                        (rev 0)
+++ trunk/libselinux/man/man3/selinux_check_securetty_context.3	2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1,12 @@
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dw...@re..." "SE Linux API documentation"
+.SH "NAME"
+selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int selinux_check_securetty_context(security_context_t "tty_context );
+
+.SH "DESCRIPTION"
+.B selinux_check_securetty_context
+returns 0 if tty_context is a securetty context
+returns < 0 otherwise. 

Added: trunk/libselinux/man/man3/selinux_securetty_types_path.3
===================================================================
--- trunk/libselinux/man/man3/selinux_securetty_types_path.3	                        (rev 0)
+++ trunk/libselinux/man/man3/selinux_securetty_types_path.3	2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3

Modified: trunk/libselinux/src/file_path_suffixes.h
===================================================================
--- trunk/libselinux/src/file_path_suffixes.h	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/src/file_path_suffixes.h	2007-01-11 17:19:04 UTC (rev 2167)
@@ -7,6 +7,7 @@
     S_(USER_CONTEXTS, "/contexts/users/")
     S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
     S_(DEFAULT_TYPE, "/contexts/default_type")
+    S_(SECURETTY_TYPES, "/contexts/securetty_types")
     S_(BOOLEANS, "/booleans")
     S_(MEDIA_CONTEXTS, "/contexts/files/media")
     S_(REMOVABLE_CONTEXT, "/contexts/removable_context")

Added: trunk/libselinux/src/selinux_check_securetty_context.c
===================================================================
--- trunk/libselinux/src/selinux_check_securetty_context.c	                        (rev 0)
+++ trunk/libselinux/src/selinux_check_securetty_context.c	2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1,53 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+int selinux_check_securetty_context(security_context_t tty_context)
+{
+	char *line = NULL;
+	char *start, *end = NULL;
+	size_t line_len = 0;
+	ssize_t len;
+	int found = -1;
+	FILE *fp;
+	fp = fopen(selinux_securetty_types_path(), "r");
+	if (fp) {
+		context_t con = context_new(tty_context);
+		if (con) {
+			const char *type = context_type_get(con);
+			while ((len = getline(&line, &line_len, fp)) != -1) {
+
+				if (line[len - 1] == '\n')
+					line[len - 1] = 0;
+
+				/* Skip leading whitespace. */
+				start = line;
+				while (*start && isspace(*start))
+					start++;
+				if (!(*start))
+					continue;
+
+				end = start;
+				while (*end && !isspace(*end))
+					end++;
+				if (*end)
+					*end++ = 0;
+				if (!strcmp(type, start)) {
+					found = 0;
+					break;
+				}
+			}
+			free(line);
+			context_free(con);
+		}
+		fclose(fp);
+	}
+
+	return found;
+}
+
+hidden_def(selinux_check_securetty_context)

Modified: trunk/libselinux/src/selinux_config.c
===================================================================
--- trunk/libselinux/src/selinux_config.c	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/src/selinux_config.c	2007-01-11 17:19:04 UTC (rev 2167)
@@ -38,7 +38,8 @@
 #define NETFILTER_CONTEXTS    15
 #define FILE_CONTEXTS_HOMEDIR 16
 #define FILE_CONTEXTS_LOCAL 17
-#define NEL               18
+#define SECURETTY_TYPES   18
+#define NEL               19
 
 /* New layout is relative to SELINUXDIR/policytype. */
 static char *file_paths[NEL];
@@ -299,6 +300,13 @@
 
 hidden_def(selinux_default_context_path)
 
+const char *selinux_securetty_types_path()
+{
+	return get_path(SECURETTY_TYPES);
+}
+
+hidden_def(selinux_securetty_types_path)
+
 const char *selinux_failsafe_context_path()
 {
 	return get_path(FAILSAFE_CONTEXT);

Modified: trunk/libselinux/src/selinux_internal.h
===================================================================
--- trunk/libselinux/src/selinux_internal.h	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/src/selinux_internal.h	2007-01-11 17:19:04 UTC (rev 2167)
@@ -53,6 +53,7 @@
     hidden_proto(security_setenforce)
     hidden_proto(selinux_binary_policy_path)
     hidden_proto(selinux_default_context_path)
+    hidden_proto(selinux_securetty_types_path)
     hidden_proto(selinux_failsafe_context_path)
     hidden_proto(selinux_removable_context_path)
     hidden_proto(selinux_file_context_path)
@@ -66,6 +67,7 @@
     hidden_proto(selinux_media_context_path)
     hidden_proto(selinux_path)
     hidden_proto(selinux_check_passwd_access)
+    hidden_proto(selinux_check_securetty_context)
     hidden_proto(matchpathcon_init_prefix)
     hidden_proto(selinux_users_path)
     hidden_proto(selinux_usersconf_path);

Modified: trunk/libselinux/utils/matchpathcon.c
===================================================================
--- trunk/libselinux/utils/matchpathcon.c	2007-01-09 20:53:31 UTC (rev 2166)
+++ trunk/libselinux/utils/matchpathcon.c	2007-01-11 17:19:04 UTC (rev 2167)
@@ -95,7 +95,7 @@
 		}
 	}
 	for (i = optind; i < argc; i++) {
-		int mode=0;
+		int mode = 0;
 		struct stat buf;
 		if (lstat(argv[i], &buf) == 0)
 			mode = buf.st_mode;
@@ -114,13 +114,15 @@
 				if (rc >= 0) {
 					printf("%s has context %s, should be ",
 					       argv[i], con);
-					error += printmatchpathcon(argv[i], 0, mode);
+					error +=
+					    printmatchpathcon(argv[i], 0, mode);
 					freecon(con);
 				} else {
 					printf
 					    ("actual context unknown: %s, should be ",
 					     strerror(errno));
-					error += printmatchpathcon(argv[i], 0,mode);
+					error +=
+					    printmatchpathcon(argv[i], 0, mode);
 				}
 			}
 		} else {

Added: trunk/libselinux/utils/selinux_check_securetty_context.c
===================================================================
--- trunk/libselinux/utils/selinux_check_securetty_context.c	                        (rev 0)
+++ trunk/libselinux/utils/selinux_check_securetty_context.c	2007-01-11 17:19:04 UTC (rev 2167)
@@ -0,0 +1,35 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+	fprintf(stderr, "usage:  %s tty_context...\n", progname);
+	exit(1);
+}
+
+int main(int argc, char **argv)
+{
+	int i;
+	if (argc < 2)
+		usage(argv[0]);
+
+	for (i = 1; i < argc; i++) {
+		switch (selinux_check_securetty_context(argv[i])) {
+		case 0:
+			printf("%s securetty.\n", argv[i]);
+			break;
+		default:
+			printf("%s not securetty.\n", argv[i]);
+			break;
+		}
+	}
+	return 0;
+}


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


