[Selinux-commits] SF.net SVN: selinux: [2479] trunk/libselinux

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2479
          http://svn.sourceforge.net/selinux/?rev=2479&view=rev
Author:   ewalsh
Date:     2007-06-20 11:31:12 -0700 (Wed, 20 Jun 2007)

Log Message:
-----------
This is a labeling API that provides a common way to map from various
string namespaces into security contexts.

Changes from the third version: remove handle typedef, includes patch
for setfiles, rebases matchpathcon code to use new interface, includes
X backend, fixes setfiles -c, rolls in callback interface patch.

This version of the patchset simplifies the lookup model down to
(string,number) to context.  There are no void pointers or variadic
functions which was one of the objections to the previous patchsets.
A lot of the file contexts stuff such as the inode tracking support
has also been dropped with the understanding that this stuff should
be in the setfiles code, not libselinux.  This is a pure lookup
interface only.

This patchset includes 3 backends, for file contexts, media contexts
and X.  Future work would include libsemanage interfaces for
managing the data the way the file contexts data is currently done.

This patch includes the new callback interface.

Signed-off-by: Eamon Walsh <ew...@ty...>
Acked-by: Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/libselinux/include/selinux/selinux.h

Added Paths:
-----------
    trunk/libselinux/src/callbacks.c
    trunk/libselinux/src/callbacks.h

Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================

--- trunk/libselinux/include/selinux/selinux.h	2007-06-20 16:57:15 UTC (rev 2478)
+++ trunk/libselinux/include/selinux/selinux.h	2007-06-20 18:31:12 UTC (rev 2479)
@@ -132,6 +132,37 @@
 	unsigned int seqno;
 };
 
+/* Structure for passing options, used by AVC and label subsystems */
+struct selinux_opt {
+	int type;
+	const char *value;
+};
+
+/* Callback facilities */
+union selinux_callback {
+	/* log the printf-style format and arguments,
+	   with the type code indicating the type of message */
+	int (*func_log) (int type, const char *fmt, ...);
+	/* store a string representation of auditdata (corresponding
+	   to the given security class) into msgbuf. */
+	int (*func_audit) (void *auditdata, security_class_t cls,
+			   char *msgbuf, size_t msgbufsize);
+	/* validate the supplied context, modifying if necessary */
+	int (*func_validate) (security_context_t *ctx);
+};
+
+#define SELINUX_CB_LOG		0
+#define SELINUX_CB_AUDIT	1
+#define SELINUX_CB_VALIDATE	2
+
+extern void selinux_set_callback(int type, union selinux_callback cb);
+
+	/* Logging type codes, passed to the logging callback */
+#define SELINUX_ERROR	        0
+#define SELINUX_WARNING		1
+#define SELINUX_INFO		2
+#define SELINUX_AVC		3
+
 /* Compute an access decision. */
 extern int security_compute_av(security_context_t scon,
 			       security_context_t tcon,

Added: trunk/libselinux/src/callbacks.c
===================================================================
--- trunk/libselinux/src/callbacks.c	                        (rev 0)
+++ trunk/libselinux/src/callbacks.c	2007-06-20 18:31:12 UTC (rev 2479)
@@ -0,0 +1,67 @@
+/*
+ * User-supplied callbacks and default implementations.
+ * Class and permission mappings.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <selinux/selinux.h>
+#include "callbacks.h"
+
+/* default implementations */
+static int __attribute__ ((format(printf, 2, 3)))
+default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
+{
+	int rc;
+	va_list ap;
+	va_start(ap, fmt);
+	rc = vfprintf(stderr, fmt, ap);
+	va_end(ap);
+	return rc;
+}
+
+static int
+default_selinux_audit(void *ptr __attribute__((unused)),
+		      security_class_t cls __attribute__((unused)),
+		      char *buf __attribute__((unused)),
+		      size_t len __attribute__((unused)))
+{
+	return 0;
+}
+
+static int
+default_selinux_validate(security_context_t *ctx)
+{
+	return security_check_context(*ctx);
+}
+
+/* callback pointers */
+int __attribute__ ((format(printf, 2, 3)))
+(*selinux_log)(int, const char *, ...) =
+	default_selinux_log;
+
+int
+(*selinux_audit) (void *, security_class_t, char *, size_t) =
+	default_selinux_audit;
+
+int
+(*selinux_validate)(security_context_t *ctx) =
+	default_selinux_validate;
+
+/* callback setting function */
+void
+selinux_set_callback(int type, union selinux_callback cb)
+{
+	switch (type) {
+	case SELINUX_CB_LOG:
+		selinux_log = cb.func_log;
+		break;
+	case SELINUX_CB_AUDIT:
+		selinux_audit = cb.func_audit;
+		break;
+	case SELINUX_CB_VALIDATE:
+		selinux_validate = cb.func_validate;
+		break;
+	}
+}

Added: trunk/libselinux/src/callbacks.h
===================================================================
--- trunk/libselinux/src/callbacks.h	                        (rev 0)
+++ trunk/libselinux/src/callbacks.h	2007-06-20 18:31:12 UTC (rev 2479)
@@ -0,0 +1,24 @@
+/*
+ * This file describes the callbacks passed to selinux_init() and available
+ * for use from the library code.  They all have default implementations.
+ */
+#ifndef _SELINUX_CALLBACKS_H_
+#define _SELINUX_CALLBACKS_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/selinux.h>
+#include "dso.h"
+
+/* callback pointers */
+extern int __attribute__ ((format(printf, 2, 3)))
+(*selinux_log) (int type, const char *, ...) hidden;
+
+extern int
+(*selinux_audit) (void *, security_class_t, char *, size_t) hidden;
+
+extern int
+(*selinux_validate)(security_context_t *ctx) hidden;
+
+#endif				/* _SELINUX_CALLBACKS_H_ */


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


