1 /*
2 * User-supplied callbacks and default implementations.
3 * Class and permission mappings.
4 */
5
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <stdarg.h>
9 #include <errno.h>
10 #include <selinux/selinux.h>
11 #include "callbacks.h"
12
13 /* default implementations */
14 static int __attribute__ ((format(printf, 2, 3)))
default_selinux_log(int type,const char * fmt,...)15 default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
16 {
17 int rc;
18 va_list ap;
19 if (is_selinux_enabled() == 0) return 0;
20 va_start(ap, fmt);
21 rc = vfprintf(stderr, fmt, ap);
22 va_end(ap);
23 return rc;
24 }
25
26 static int
default_selinux_audit(void * ptr,security_class_t cls,char * buf,size_t len)27 default_selinux_audit(void *ptr __attribute__((unused)),
28 security_class_t cls __attribute__((unused)),
29 char *buf __attribute__((unused)),
30 size_t len __attribute__((unused)))
31 {
32 return 0;
33 }
34
35 static int
default_selinux_validate(char ** ctx)36 default_selinux_validate(char **ctx)
37 {
38 return security_check_context(*ctx);
39 }
40
41 static int
default_selinux_setenforce(int enforcing)42 default_selinux_setenforce(int enforcing __attribute__((unused)))
43 {
44 return 0;
45 }
46
47 static int
default_selinux_policyload(int seqno)48 default_selinux_policyload(int seqno __attribute__((unused)))
49 {
50 return 0;
51 }
52
53 /* callback pointers */
54 int __attribute__ ((format(printf, 2, 3)))
55 (*selinux_log)(int, const char *, ...) =
56 default_selinux_log;
57
58 int
59 (*selinux_audit) (void *, security_class_t, char *, size_t) =
60 default_selinux_audit;
61
62 int
63 (*selinux_validate)(char **ctx) =
64 default_selinux_validate;
65
66 int
67 (*selinux_netlink_setenforce) (int enforcing) =
68 default_selinux_setenforce;
69
70 int
71 (*selinux_netlink_policyload) (int seqno) =
72 default_selinux_policyload;
73
74 /* callback setting function */
75 void
selinux_set_callback(int type,union selinux_callback cb)76 selinux_set_callback(int type, union selinux_callback cb)
77 {
78 switch (type) {
79 case SELINUX_CB_LOG:
80 selinux_log = cb.func_log;
81 break;
82 case SELINUX_CB_AUDIT:
83 selinux_audit = cb.func_audit;
84 break;
85 case SELINUX_CB_VALIDATE:
86 selinux_validate = cb.func_validate;
87 break;
88 case SELINUX_CB_SETENFORCE:
89 selinux_netlink_setenforce = cb.func_setenforce;
90 break;
91 case SELINUX_CB_POLICYLOAD:
92 selinux_netlink_policyload = cb.func_policyload;
93 break;
94 }
95 }
96
97 /* callback getting function */
98 union selinux_callback
selinux_get_callback(int type)99 selinux_get_callback(int type)
100 {
101 union selinux_callback cb;
102
103 switch (type) {
104 case SELINUX_CB_LOG:
105 cb.func_log = selinux_log;
106 break;
107 case SELINUX_CB_AUDIT:
108 cb.func_audit = selinux_audit;
109 break;
110 case SELINUX_CB_VALIDATE:
111 cb.func_validate = selinux_validate;
112 break;
113 case SELINUX_CB_SETENFORCE:
114 cb.func_setenforce = selinux_netlink_setenforce;
115 break;
116 case SELINUX_CB_POLICYLOAD:
117 cb.func_policyload = selinux_netlink_policyload;
118 break;
119 default:
120 memset(&cb, 0, sizeof(cb));
121 errno = EINVAL;
122 break;
123 }
124 return cb;
125 }
126