xref: /aosp_15_r20/external/selinux/libselinux/src/get_initial_context.c (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba) 
1*2d543d20SAndroid Build Coastguard Worker #include <unistd.h>
2*2d543d20SAndroid Build Coastguard Worker #include <sys/types.h>
3*2d543d20SAndroid Build Coastguard Worker #include <fcntl.h>
4*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
5*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
6*2d543d20SAndroid Build Coastguard Worker #include <errno.h>
7*2d543d20SAndroid Build Coastguard Worker #include <string.h>
8*2d543d20SAndroid Build Coastguard Worker #include "selinux_internal.h"
9*2d543d20SAndroid Build Coastguard Worker #include "policy.h"
10*2d543d20SAndroid Build Coastguard Worker #include <limits.h>
11*2d543d20SAndroid Build Coastguard Worker 
12*2d543d20SAndroid Build Coastguard Worker #define SELINUX_INITCON_DIR "/initial_contexts/"
13*2d543d20SAndroid Build Coastguard Worker 
security_get_initial_context_raw(const char * name,char ** con)14*2d543d20SAndroid Build Coastguard Worker int security_get_initial_context_raw(const char * name, char ** con)
15*2d543d20SAndroid Build Coastguard Worker {
16*2d543d20SAndroid Build Coastguard Worker 	char path[PATH_MAX];
17*2d543d20SAndroid Build Coastguard Worker 	char *buf;
18*2d543d20SAndroid Build Coastguard Worker 	size_t size;
19*2d543d20SAndroid Build Coastguard Worker 	int fd, ret;
20*2d543d20SAndroid Build Coastguard Worker 
21*2d543d20SAndroid Build Coastguard Worker 	if (!selinux_mnt) {
22*2d543d20SAndroid Build Coastguard Worker 		errno = ENOENT;
23*2d543d20SAndroid Build Coastguard Worker 		return -1;
24*2d543d20SAndroid Build Coastguard Worker 	}
25*2d543d20SAndroid Build Coastguard Worker 
26*2d543d20SAndroid Build Coastguard Worker 	if (strchr(name, '/')) {
27*2d543d20SAndroid Build Coastguard Worker 		errno = EINVAL;
28*2d543d20SAndroid Build Coastguard Worker 		return -1;
29*2d543d20SAndroid Build Coastguard Worker 	}
30*2d543d20SAndroid Build Coastguard Worker 
31*2d543d20SAndroid Build Coastguard Worker 	ret = snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name);
32*2d543d20SAndroid Build Coastguard Worker 	if (ret < 0 || (size_t)ret >= sizeof path) {
33*2d543d20SAndroid Build Coastguard Worker 		errno = EOVERFLOW;
34*2d543d20SAndroid Build Coastguard Worker 		return -1;
35*2d543d20SAndroid Build Coastguard Worker 	}
36*2d543d20SAndroid Build Coastguard Worker 
37*2d543d20SAndroid Build Coastguard Worker 	fd = open(path, O_RDONLY | O_CLOEXEC);
38*2d543d20SAndroid Build Coastguard Worker 	if (fd < 0)
39*2d543d20SAndroid Build Coastguard Worker 		return -1;
40*2d543d20SAndroid Build Coastguard Worker 
41*2d543d20SAndroid Build Coastguard Worker 	size = selinux_page_size;
42*2d543d20SAndroid Build Coastguard Worker 	buf = malloc(size);
43*2d543d20SAndroid Build Coastguard Worker 	if (!buf) {
44*2d543d20SAndroid Build Coastguard Worker 		ret = -1;
45*2d543d20SAndroid Build Coastguard Worker 		goto out;
46*2d543d20SAndroid Build Coastguard Worker 	}
47*2d543d20SAndroid Build Coastguard Worker 	memset(buf, 0, size);
48*2d543d20SAndroid Build Coastguard Worker 	ret = read(fd, buf, size - 1);
49*2d543d20SAndroid Build Coastguard Worker 	if (ret < 0)
50*2d543d20SAndroid Build Coastguard Worker 		goto out2;
51*2d543d20SAndroid Build Coastguard Worker 
52*2d543d20SAndroid Build Coastguard Worker 	*con = strdup(buf);
53*2d543d20SAndroid Build Coastguard Worker 	if (!(*con)) {
54*2d543d20SAndroid Build Coastguard Worker 		ret = -1;
55*2d543d20SAndroid Build Coastguard Worker 		goto out2;
56*2d543d20SAndroid Build Coastguard Worker 	}
57*2d543d20SAndroid Build Coastguard Worker 	ret = 0;
58*2d543d20SAndroid Build Coastguard Worker       out2:
59*2d543d20SAndroid Build Coastguard Worker 	free(buf);
60*2d543d20SAndroid Build Coastguard Worker       out:
61*2d543d20SAndroid Build Coastguard Worker 	close(fd);
62*2d543d20SAndroid Build Coastguard Worker 	return ret;
63*2d543d20SAndroid Build Coastguard Worker }
64*2d543d20SAndroid Build Coastguard Worker 
65*2d543d20SAndroid Build Coastguard Worker 
security_get_initial_context(const char * name,char ** con)66*2d543d20SAndroid Build Coastguard Worker int security_get_initial_context(const char * name, char ** con)
67*2d543d20SAndroid Build Coastguard Worker {
68*2d543d20SAndroid Build Coastguard Worker 	int ret;
69*2d543d20SAndroid Build Coastguard Worker 	char * rcon;
70*2d543d20SAndroid Build Coastguard Worker 
71*2d543d20SAndroid Build Coastguard Worker 	ret = security_get_initial_context_raw(name, &rcon);
72*2d543d20SAndroid Build Coastguard Worker 	if (!ret) {
73*2d543d20SAndroid Build Coastguard Worker 		ret = selinux_raw_to_trans_context(rcon, con);
74*2d543d20SAndroid Build Coastguard Worker 		freecon(rcon);
75*2d543d20SAndroid Build Coastguard Worker 	}
76*2d543d20SAndroid Build Coastguard Worker 
77*2d543d20SAndroid Build Coastguard Worker 	return ret;
78*2d543d20SAndroid Build Coastguard Worker }
79*2d543d20SAndroid Build Coastguard Worker 
80