rpms / selinux-policy

Clone
Source Code
GIT

Blame libselinux/src/rpm.c

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   f9d771d2992077af2604a9b6db614424323da030
  2.   libselinux
  3.   src
  4.   rpm.c
Blob History Raw
Chris PeBenito 473ea7 
#include <unistd.h>
Chris PeBenito 473ea7 
#include <fcntl.h>
Chris PeBenito 473ea7 
#include <string.h>
Chris PeBenito 473ea7 
#include <selinux/flask.h>
Chris PeBenito 473ea7 
#include "selinux_internal.h"
Chris PeBenito 473ea7 
#include "context_internal.h"
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
int rpm_execcon(unsigned int verified __attribute__((unused)),
Chris PeBenito 473ea7 
		const char *filename,
Chris PeBenito 473ea7 
		char *const argv[], char *const envp[])
Chris PeBenito 473ea7 
{
Chris PeBenito 473ea7 
	security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
Chris PeBenito 473ea7 
	context_t con = NULL;
Chris PeBenito 473ea7 
	int rc;
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	if (is_selinux_enabled() < 1)
Chris PeBenito 473ea7 
		return execve(filename, argv, envp);
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	rc = getcon(&mycon);
Chris PeBenito 473ea7 
	if (rc < 0)
Chris PeBenito 473ea7 
		goto out;
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	rc = getfilecon(filename, &fcon);
Chris PeBenito 473ea7 
	if (rc < 0)
Chris PeBenito 473ea7 
		goto out;
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	rc = security_compute_create(mycon, fcon, SECCLASS_PROCESS, &newcon);
Chris PeBenito 473ea7 
	if (rc < 0)
Chris PeBenito 473ea7 
		goto out;
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	if (!strcmp(mycon, newcon)) {
Chris PeBenito 473ea7 
		/* No default transition, use rpm_script_t for now. */
Chris PeBenito 473ea7 
		con = context_new(mycon);
Chris PeBenito 473ea7 
		if (!con)
Chris PeBenito 473ea7 
			goto out;
Chris PeBenito 473ea7 
		if (context_type_set(con, "rpm_script_t"))
Chris PeBenito 473ea7 
			goto out;
Chris PeBenito 473ea7 
		freecon(newcon);
Chris PeBenito 473ea7 
		newcon = strdup(context_str(con));
Chris PeBenito 473ea7 
		if (!newcon)
Chris PeBenito 473ea7 
			goto out;
Chris PeBenito 473ea7 
	}
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	rc = setexeccon(newcon);
Chris PeBenito 473ea7 
	if (rc < 0)
Chris PeBenito 473ea7 
		goto out;
Chris PeBenito 473ea7 
	rc = execve(filename, argv, envp);
Chris PeBenito 473ea7 
out:
Chris PeBenito 473ea7 
	context_free(con);
Chris PeBenito 473ea7 
	freecon(newcon);
Chris PeBenito 473ea7 
	freecon(fcon);
Chris PeBenito 473ea7 
	freecon(mycon);
Chris PeBenito 473ea7 
	return rc < 0 ? rc : 0;
Chris PeBenito 473ea7 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation