[PATCH 47/84] libselinux: mode_to_security_class: interface to

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Tue, 22 Jan 2013 09:50:59 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlD+p1IACgkQrlYvE4MpobORGgCfdRSRIsClVvqaIUhYt05zFowK
FQUAni1tVeQBJ0tdaRtAmIhJOwUQOeiH
=IVPw
-----END PGP SIGNATURE-----
>From 07cc9127917faed8076f4d481ff81bdbc660cfe1 Mon Sep 17 00:00:00 2001
From: rhatdan <dwalsh@xxxxxxxxxx>
Date: Wed, 17 Oct 2012 15:28:49 -0400
Subject: [PATCH 47/84] libselinux: mode_to_security_class: interface to
 translate a mode_t in to a security class

coreutils needs to be able to take a statbuf and ask permissions
questions.  This gives us the interface to translate that statbuf mode_t
into a security class which can be used.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 libselinux/include/selinux/selinux.h           |  2 ++
 libselinux/man/man3/mode_to_security_class.3   |  1 +
 libselinux/man/man3/security_class_to_string.3 | 10 +++++++++-
 libselinux/src/stringrep.c                     | 21 +++++++++++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 libselinux/man/man3/mode_to_security_class.3

diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 85b0cfc..aba6e33 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -360,6 +360,8 @@ extern int selinux_set_mapping(struct security_class_mapping *map);
 
 /* Common helpers */
 
+/* Convert between mode and security class values */
+extern security_class_t mode_to_security_class(mode_t mode);
 /* Convert between security class values and string names */
 extern security_class_t string_to_security_class(const char *name);
 extern const char *security_class_to_string(security_class_t cls);
diff --git a/libselinux/man/man3/mode_to_security_class.3 b/libselinux/man/man3/mode_to_security_class.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/mode_to_security_class.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3
index 140737e..e82e1d8 100644
--- a/libselinux/man/man3/security_class_to_string.3
+++ b/libselinux/man/man3/security_class_to_string.3
@@ -3,7 +3,7 @@
 .\" Author: Eamon Walsh (ewalsh@xxxxxxxxxxxxx) 2007
 .TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation"
 .SH "NAME"
-security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string \- convert
+security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string, mode_to_security_class \- convert
 between SELinux class and permission values and string names.
 
 print_access_vector \- display an access vector in human-readable form. 
@@ -21,6 +21,8 @@ print_access_vector \- display an access vector in human-readable form.
 .sp
 .BI "security_class_t string_to_security_class(const char *" name ");"
 .sp
+.BI "security_class_t mode_to_security_class(mode_t " mode ");"
+.sp
 .BI "access_vector_t string_to_av_perm(security_class_t " tclass ", const char *" name ");"
 .sp
 .BI "void print_access_vector(security_class_t " tclass ", access_vector_t " av ");"
@@ -53,6 +55,11 @@ returns the class value corresponding to the string name
 .IR name ,
 or zero if no such class exists.
 
+.B mode_to_security_class
+returns the class value corresponding to the specified 
+.IR mode ,
+or zero if no such class exists.
+
 .B string_to_av_perm
 returns the access vector bit corresponding to the string name
 .I name
@@ -88,3 +95,4 @@ Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
 .BR selinux (8),
 .BR getcon (3),
 .BR getfilecon (3)
+.BR stat (3)
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
index 176ac34..082778e 100644
--- a/libselinux/src/stringrep.c
+++ b/libselinux/src/stringrep.c
@@ -436,6 +436,27 @@ security_class_t string_to_security_class(const char *s)
 	return map_class(node->value);
 }
 
+security_class_t mode_to_security_class(mode_t m) {
+
+	if (S_ISREG(m))
+		return string_to_security_class("file");
+	if (S_ISDIR(m))
+		return string_to_security_class("dir");
+	if (S_ISCHR(m))
+		return string_to_security_class("chr_file");
+	if (S_ISBLK(m))
+		return string_to_security_class("blk_file");
+	if (S_ISFIFO(m))
+		return string_to_security_class("fifo_file");
+	if (S_ISLNK(m))
+		return string_to_security_class("lnk_file");
+	if (S_ISSOCK(m))
+		return string_to_security_class("sock_file");
+
+	errno=EINVAL;
+	return 0;
+}
+
 access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
 {
 	struct discover_class_node *node;
-- 
1.8.1





