[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    [PATCH] mdev - add SELinux support
From:       Amadeusz Sławiński <amade () asmblr ! net>
Date:       2014-01-21 0:07:56
Message-ID: 1390262876-3219-2-git-send-email-amade () asmblr ! net
[Download RAW message or body]

Add support for relabeling files. Files created or modified by mdev
should now have correct SELinux labels.

It sets file creation context, however if it detects that file exists it
just restores context.

Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
---
 util-linux/mdev.c | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/util-linux/mdev.c b/util-linux/mdev.c
index e80b58f..8ecc122 100644
--- a/util-linux/mdev.c
+++ b/util-linux/mdev.c
@@ -552,6 +552,9 @@ static void make_device(char *device_name, char *path, int operation)
 {
 	int major, minor, type, len;
 	char *path_end = path + strlen(path);
+#if ENABLE_SELINUX
+	int selinux_enabled = is_selinux_enabled();
+#endif
 
 	/* Try to read major/minor string.  Note that the kernel puts \n after
 	 * the data, so we don't need to worry about null terminating the string
@@ -741,6 +744,11 @@ static void make_device(char *device_name, char *path, int operation)
 
 		if (operation == OP_add && major >= 0) {
 			char *slash = strrchr(node_name, '/');
+#if ENABLE_SELINUX
+			security_context_t scontext = NULL;
+			char *node_path;
+			int have_context = 0;
+#endif
 			if (slash) {
 				*slash = '\0';
 				mkdir_recursive(node_name);
@@ -757,8 +765,33 @@ static void make_device(char *device_name, char *path, int operation)
 					node_name, major, minor, rule->mode | type
 				);
 			}
-			if (mknod(node_name, rule->mode | type, makedev(major, minor)) && errno != EEXIST)
-				bb_perror_msg("can't create '%s'", node_name);
+#if ENABLE_SELINUX
+			if (selinux_enabled) {
+				node_path = xasprintf("/dev/%s", node_name);
+				have_context = (matchpathcon(node_path, rule->mode | type, &scontext) == 0);
+				if (have_context)
+					setfscreatecon(scontext);
+			}
+#endif
+			if (mknod(node_name, rule->mode | type, makedev(major, minor))) {
+				if (errno == EEXIST) {
+#if ENABLE_SELINUX
+					if (selinux_enabled && have_context)
+						setfilecon(node_path, scontext);
+#endif
+				} else
+					bb_perror_msg("can't create '%s'", node_name);
+			}
+
+#if ENABLE_SELINUX
+			if (selinux_enabled) {
+				if (have_context)
+					freecon(scontext);
+				setfscreatecon(NULL);
+				free(node_path);
+			}
+#endif
+
 			if (ENABLE_FEATURE_MDEV_CONF) {
 				chmod(node_name, rule->mode);
 				chown(node_name, rule->ugid.uid, rule->ugid.gid);
-- 
1.8.5.3

_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]