Blame libselinux/src/checkAccess.c
|
Chris PeBenito |
473ea7 |
#include <unistd.h>
|
|
Chris PeBenito |
473ea7 |
#include <sys/types.h>
|
|
Chris PeBenito |
473ea7 |
#include <stdlib.h>
|
|
Chris PeBenito |
473ea7 |
#include <errno.h>
|
|
Chris PeBenito |
473ea7 |
#include "selinux_internal.h"
|
|
Chris PeBenito |
473ea7 |
#include <selinux/flask.h>
|
|
Chris PeBenito |
473ea7 |
#include <selinux/av_permissions.h>
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
int selinux_check_passwd_access(access_vector_t requested) {
|
|
Chris PeBenito |
473ea7 |
int status=-1;
|
|
Chris PeBenito |
473ea7 |
security_context_t user_context;
|
|
Chris PeBenito |
473ea7 |
if (is_selinux_enabled() == 0)
|
|
Chris PeBenito |
473ea7 |
return 0;
|
|
Chris PeBenito |
473ea7 |
if( getprevcon_raw(&user_context)==0 ) {
|
|
Chris PeBenito |
473ea7 |
struct av_decision avd;
|
|
Chris PeBenito |
473ea7 |
int retval = security_compute_av_raw(user_context,
|
|
Chris PeBenito |
473ea7 |
user_context,
|
|
Chris PeBenito |
473ea7 |
SECCLASS_PASSWD,
|
|
Chris PeBenito |
473ea7 |
requested,
|
|
Chris PeBenito |
473ea7 |
&avd);
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
if ((retval == 0) &&
|
|
Chris PeBenito |
473ea7 |
((requested & avd.allowed) == requested)) {
|
|
Chris PeBenito |
473ea7 |
status=0;
|
|
Chris PeBenito |
473ea7 |
}
|
|
Chris PeBenito |
473ea7 |
freecon(user_context);
|
|
Chris PeBenito |
473ea7 |
}
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
if (status != 0 && security_getenforce()==0)
|
|
Chris PeBenito |
473ea7 |
status=0;
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
return status;
|
|
Chris PeBenito |
473ea7 |
}
|
|
Chris PeBenito |
473ea7 |
hidden_def(selinux_check_passwd_access)
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
int checkPasswdAccess(access_vector_t requested) {
|
|
Chris PeBenito |
473ea7 |
return selinux_check_passwd_access(requested);
|
|
Chris PeBenito |
473ea7 |
}
|