summaryrefslogtreecommitdiffstats
path: root/lib/getfilecon.c
blob: a35a001b19eb1cc7d60f667f74b9ce69ccb97c5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/* wrap getfilecon, lgetfilecon, and fgetfilecon
   Copyright (C) 2009-2020 Free Software Foundation, Inc.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3, or (at your option)
   any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, see <https://www.gnu.org/licenses/>.  */

/* written by Jim Meyering */

#include <config.h>

#include <selinux/selinux.h>

#include <sys/types.h>
#include <errno.h>
#include <string.h>

/* FIXME: remove this once there is an errno-gnu module
   that guarantees the definition of ENODATA.  */
#ifndef ENODATA
# define ENODATA ENOTSUP
#endif

#undef getfilecon
#undef lgetfilecon
#undef fgetfilecon
int getfilecon (char const *file, security_context_t *con);
int lgetfilecon (char const *file, security_context_t *con);
int fgetfilecon (int fd, security_context_t *con);

/* getfilecon, lgetfilecon, and fgetfilecon can all misbehave, be it
   via an old version of libselinux where these would return 0 and set the
   result context to NULL, or via a modern kernel+lib operating on a file
   from a disk whose attributes were set by a kernel from around 2006.
   In that latter case, the functions return a length of 10 for the
   "unlabeled" context.  Map both failures to a return value of -1, and
   set errno to ENOTSUP in the first case, and ENODATA in the latter.  */

static int
map_to_failure (int ret, security_context_t *con)
{
  if (ret == 0)
    {
      errno = ENOTSUP;
      return -1;
    }

  if (ret == 10 && strcmp (*con, "unlabeled") == 0)
    {
      freecon (*con);
      *con = NULL;
      errno = ENODATA;
      return -1;
    }

  return ret;
}

int
rpl_getfilecon (char const *file, security_context_t *con)
{
  int ret = getfilecon (file, con);
  return map_to_failure (ret, con);
}

int
rpl_lgetfilecon (char const *file, security_context_t *con)
{
  int ret = lgetfilecon (file, con);
  return map_to_failure (ret, con);
}

int
rpl_fgetfilecon (int fd, security_context_t *con)
{
  int ret = fgetfilecon (fd, con);
  return map_to_failure (ret, con);
}