1*00c7fec1SAndroid Build Coastguard Worker /*
2*00c7fec1SAndroid Build Coastguard Worker * Copyright (C) 2019 The Android Open Source Project
3*00c7fec1SAndroid Build Coastguard Worker *
4*00c7fec1SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*00c7fec1SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*00c7fec1SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*00c7fec1SAndroid Build Coastguard Worker *
8*00c7fec1SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*00c7fec1SAndroid Build Coastguard Worker *
10*00c7fec1SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*00c7fec1SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*00c7fec1SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*00c7fec1SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*00c7fec1SAndroid Build Coastguard Worker * limitations under the License.
15*00c7fec1SAndroid Build Coastguard Worker */
16*00c7fec1SAndroid Build Coastguard Worker
17*00c7fec1SAndroid Build Coastguard Worker #include "selabel.h"
18*00c7fec1SAndroid Build Coastguard Worker
19*00c7fec1SAndroid Build Coastguard Worker #include <selinux/android.h>
20*00c7fec1SAndroid Build Coastguard Worker
21*00c7fec1SAndroid Build Coastguard Worker namespace android {
22*00c7fec1SAndroid Build Coastguard Worker namespace init {
23*00c7fec1SAndroid Build Coastguard Worker
24*00c7fec1SAndroid Build Coastguard Worker namespace {
25*00c7fec1SAndroid Build Coastguard Worker
26*00c7fec1SAndroid Build Coastguard Worker selabel_handle* sehandle = nullptr;
27*00c7fec1SAndroid Build Coastguard Worker }
28*00c7fec1SAndroid Build Coastguard Worker
29*00c7fec1SAndroid Build Coastguard Worker // selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
30*00c7fec1SAndroid Build Coastguard Worker // its value. selinux_android_restorecon() also needs an sehandle for file context look up. It
31*00c7fec1SAndroid Build Coastguard Worker // will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
32*00c7fec1SAndroid Build Coastguard Worker // one, thus eliminating an extra call to selinux_android_file_context_handle().
SelabelInitialize()33*00c7fec1SAndroid Build Coastguard Worker void SelabelInitialize() {
34*00c7fec1SAndroid Build Coastguard Worker sehandle = selinux_android_file_context_handle();
35*00c7fec1SAndroid Build Coastguard Worker selinux_android_set_sehandle(sehandle);
36*00c7fec1SAndroid Build Coastguard Worker }
37*00c7fec1SAndroid Build Coastguard Worker
38*00c7fec1SAndroid Build Coastguard Worker // A C++ wrapper around selabel_lookup() using the cached sehandle.
39*00c7fec1SAndroid Build Coastguard Worker // If sehandle is null, this returns success with an empty context.
SelabelLookupFileContext(const std::string & key,int type,std::string * result)40*00c7fec1SAndroid Build Coastguard Worker bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
41*00c7fec1SAndroid Build Coastguard Worker result->clear();
42*00c7fec1SAndroid Build Coastguard Worker
43*00c7fec1SAndroid Build Coastguard Worker if (!sehandle) return true;
44*00c7fec1SAndroid Build Coastguard Worker
45*00c7fec1SAndroid Build Coastguard Worker char* context;
46*00c7fec1SAndroid Build Coastguard Worker if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
47*00c7fec1SAndroid Build Coastguard Worker return false;
48*00c7fec1SAndroid Build Coastguard Worker }
49*00c7fec1SAndroid Build Coastguard Worker *result = context;
50*00c7fec1SAndroid Build Coastguard Worker free(context);
51*00c7fec1SAndroid Build Coastguard Worker return true;
52*00c7fec1SAndroid Build Coastguard Worker }
53*00c7fec1SAndroid Build Coastguard Worker
54*00c7fec1SAndroid Build Coastguard Worker // A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
55*00c7fec1SAndroid Build Coastguard Worker // If sehandle is null, this returns success with an empty context.
SelabelLookupFileContextBestMatch(const std::string & key,const std::vector<std::string> & aliases,int type,std::string * result)56*00c7fec1SAndroid Build Coastguard Worker bool SelabelLookupFileContextBestMatch(const std::string& key,
57*00c7fec1SAndroid Build Coastguard Worker const std::vector<std::string>& aliases, int type,
58*00c7fec1SAndroid Build Coastguard Worker std::string* result) {
59*00c7fec1SAndroid Build Coastguard Worker result->clear();
60*00c7fec1SAndroid Build Coastguard Worker
61*00c7fec1SAndroid Build Coastguard Worker if (!sehandle) return true;
62*00c7fec1SAndroid Build Coastguard Worker
63*00c7fec1SAndroid Build Coastguard Worker std::vector<const char*> c_aliases;
64*00c7fec1SAndroid Build Coastguard Worker for (const auto& alias : aliases) {
65*00c7fec1SAndroid Build Coastguard Worker c_aliases.emplace_back(alias.c_str());
66*00c7fec1SAndroid Build Coastguard Worker }
67*00c7fec1SAndroid Build Coastguard Worker c_aliases.emplace_back(nullptr);
68*00c7fec1SAndroid Build Coastguard Worker
69*00c7fec1SAndroid Build Coastguard Worker char* context;
70*00c7fec1SAndroid Build Coastguard Worker if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
71*00c7fec1SAndroid Build Coastguard Worker return false;
72*00c7fec1SAndroid Build Coastguard Worker }
73*00c7fec1SAndroid Build Coastguard Worker *result = context;
74*00c7fec1SAndroid Build Coastguard Worker free(context);
75*00c7fec1SAndroid Build Coastguard Worker return true;
76*00c7fec1SAndroid Build Coastguard Worker }
77*00c7fec1SAndroid Build Coastguard Worker
78*00c7fec1SAndroid Build Coastguard Worker } // namespace init
79*00c7fec1SAndroid Build Coastguard Worker } // namespace android
80