1 /*
2 * User-supplied callbacks and default implementations.
3 * Class and permission mappings.
4 */
5
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <stdarg.h>
9 #include <errno.h>
10 #include <selinux/selinux.h>
11 #include "callbacks.h"
12
13 /* default implementations */
14 static int __attribute__ ((format(printf, 2, 3)))
default_selinux_log(int type,const char * fmt,...)15 default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
16 {
17 int rc;
18 va_list ap;
19 va_start(ap, fmt);
20 rc = vfprintf(stderr, fmt, ap);
21 va_end(ap);
22 return rc;
23 }
24
25 static int
default_selinux_audit(void * ptr,security_class_t cls,char * buf,size_t len)26 default_selinux_audit(void *ptr __attribute__((unused)),
27 security_class_t cls __attribute__((unused)),
28 char *buf __attribute__((unused)),
29 size_t len __attribute__((unused)))
30 {
31 return 0;
32 }
33
34 static int
default_selinux_validate(char ** ctx)35 default_selinux_validate(char **ctx)
36 {
37 #ifndef BUILD_HOST
38 return security_check_context(*ctx);
39 #else
40 (void) ctx;
41 return 0;
42 #endif
43 }
44
45 static int
default_selinux_setenforce(int enforcing)46 default_selinux_setenforce(int enforcing __attribute__((unused)))
47 {
48 return 0;
49 }
50
51 static int
default_selinux_policyload(int seqno)52 default_selinux_policyload(int seqno __attribute__((unused)))
53 {
54 return 0;
55 }
56
57 /* callback pointers */
58 int __attribute__ ((format(printf, 2, 3)))
59 (*selinux_log)(int, const char *, ...) =
60 default_selinux_log;
61
62 int
63 (*selinux_audit) (void *, security_class_t, char *, size_t) =
64 default_selinux_audit;
65
66 int
67 (*selinux_validate)(char **ctx) =
68 default_selinux_validate;
69
70 int
71 (*selinux_netlink_setenforce) (int enforcing) =
72 default_selinux_setenforce;
73
74 int
75 (*selinux_netlink_policyload) (int seqno) =
76 default_selinux_policyload;
77
78 /* callback setting function */
79 void
selinux_set_callback(int type,union selinux_callback cb)80 selinux_set_callback(int type, union selinux_callback cb)
81 {
82 switch (type) {
83 case SELINUX_CB_LOG:
84 selinux_log = cb.func_log;
85 break;
86 case SELINUX_CB_AUDIT:
87 selinux_audit = cb.func_audit;
88 break;
89 case SELINUX_CB_VALIDATE:
90 selinux_validate = cb.func_validate;
91 break;
92 case SELINUX_CB_SETENFORCE:
93 selinux_netlink_setenforce = cb.func_setenforce;
94 break;
95 case SELINUX_CB_POLICYLOAD:
96 selinux_netlink_policyload = cb.func_policyload;
97 break;
98 }
99 }
100
101 /* callback getting function */
102 union selinux_callback
selinux_get_callback(int type)103 selinux_get_callback(int type)
104 {
105 union selinux_callback cb;
106
107 switch (type) {
108 case SELINUX_CB_LOG:
109 cb.func_log = selinux_log;
110 break;
111 case SELINUX_CB_AUDIT:
112 cb.func_audit = selinux_audit;
113 break;
114 case SELINUX_CB_VALIDATE:
115 cb.func_validate = selinux_validate;
116 break;
117 case SELINUX_CB_SETENFORCE:
118 cb.func_setenforce = selinux_netlink_setenforce;
119 break;
120 case SELINUX_CB_POLICYLOAD:
121 cb.func_policyload = selinux_netlink_policyload;
122 break;
123 default:
124 memset(&cb, 0, sizeof(cb));
125 errno = EINVAL;
126 break;
127 }
128 return cb;
129 }
130