| #include <sys/types.h> |
| #include <stdio.h> |
| #include <string.h> |
| #include <selinux/selinux.h> |
| #include <selinux/flask.h> |
| #include <selinux/av_permissions.h> |
| #include <selinux/context.h> |
| #include "selinux_utils.h" |
| |
| int checkAccess(char *chuser, int access) { |
| int status=-1; |
| security_context_t user_context; |
| const char *user=NULL; |
| if( getprevcon(&user_context)==0 ) { |
| context_t c=context_new(user_context); |
| user=context_user_get(c); |
| if (strcmp(chuser, user) == 0) { |
| status=0; |
| } else { |
| struct av_decision avd; |
| int retval = security_compute_av(user_context, |
| user_context, |
| SECCLASS_PASSWD, |
| access, |
| &avd); |
| |
| if ((retval == 0) && |
| ((access & avd.allowed) == access)) { |
| status=0; |
| } |
| } |
| context_free(c); |
| freecon(user_context); |
| } |
| return status; |
| } |
| |
| int setupDefaultContext(char *orig_file) { |
| if (is_selinux_enabled() > 0) { |
| security_context_t scontext; |
| |
| if (getfilecon(orig_file,&scontext)<0) { |
| return 1; |
| } |
| |
| if (setfscreatecon(scontext) < 0) |
| { |
| freecon(scontext); |
| return 1; |
| } |
| freecon(scontext); |
| } |
| return 0; |
| } |