1 #include <unistd.h>
2 #include <sys/types.h>
3 #include <fcntl.h>
4 #include <stdlib.h>
5 #include <stdio.h>
6 #include <errno.h>
7 #include <string.h>
8 #include "selinux_internal.h"
9 #include "policy.h"
10 #include <limits.h>
11
security_canonicalize_context_raw(const char * con,char ** canoncon)12 int security_canonicalize_context_raw(const char * con,
13 char ** canoncon)
14 {
15 char path[PATH_MAX];
16 char *buf;
17 size_t size;
18 int fd, ret;
19
20 if (!selinux_mnt) {
21 errno = ENOENT;
22 return -1;
23 }
24
25 snprintf(path, sizeof path, "%s/context", selinux_mnt);
26 fd = open(path, O_RDWR | O_CLOEXEC);
27 if (fd < 0)
28 return -1;
29
30 size = selinux_page_size;
31 buf = malloc(size);
32 if (!buf) {
33 ret = -1;
34 goto out;
35 }
36 strncpy(buf, con, size);
37
38 ret = write(fd, buf, strlen(buf) + 1);
39 if (ret < 0)
40 goto out2;
41
42 memset(buf, 0, size);
43 ret = read(fd, buf, size - 1);
44 if (ret < 0 && errno == EINVAL) {
45 /* Fall back to the original context for kernels
46 that do not support the extended interface. */
47 strncpy(buf, con, size);
48 }
49
50 *canoncon = strdup(buf);
51 if (!(*canoncon)) {
52 ret = -1;
53 goto out2;
54 }
55 ret = 0;
56 out2:
57 free(buf);
58 out:
59 close(fd);
60 return ret;
61 }
62
63
security_canonicalize_context(const char * con,char ** canoncon)64 int security_canonicalize_context(const char * con,
65 char ** canoncon)
66 {
67 int ret;
68 char * rcon;
69 char * rcanoncon;
70
71 if (selinux_trans_to_raw_context(con, &rcon))
72 return -1;
73
74 ret = security_canonicalize_context_raw(rcon, &rcanoncon);
75
76 freecon(rcon);
77 if (!ret) {
78 ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
79 freecon(rcanoncon);
80 }
81
82 return ret;
83 }
84
85