libselinux: mode_to_security_class: interface to translate a mode_t in to a security class

coreutils needs to be able to take a statbuf and ask permissions questions. This gives us the interface to translate that statbuf mode_t into a security class which can be used. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-10-17 15:28:49 -04:00 · 2012-10-17 15:28:49 -04:00 · 13b599d7b8
commit 13b599d7b8
parent 067a436cf5
4 changed files with 33 additions and 1 deletions
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@ -360,6 +360,8 @@ extern int selinux_set_mapping(struct security_class_mapping *map);

 /* Common helpers */

+/* Convert between mode and security class values */
+extern security_class_t mode_to_security_class(mode_t mode);
 /* Convert between security class values and string names */
 extern security_class_t string_to_security_class(const char *name);
 extern const char *security_class_to_string(security_class_t cls);
--- a/libselinux/man/man3/mode_to_security_class.3
+++ b/libselinux/man/man3/mode_to_security_class.3
@ -0,0 +1 @@
+.so man3/security_class_to_string.3
--- a/libselinux/man/man3/security_class_to_string.3
+++ b/libselinux/man/man3/security_class_to_string.3
@ -3,7 +3,7 @@
 .\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
 .TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation"
 .SH "NAME"
-security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string \- convert
+security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string, mode_to_security_class \- convert
 between SELinux class and permission values and string names.

 print_access_vector \- display an access vector in human-readable form. 
@ -21,6 +21,8 @@ print_access_vector \- display an access vector in human-readable form.
 .sp
 .BI "security_class_t string_to_security_class(const char *" name ");"
 .sp
+.BI "security_class_t mode_to_security_class(mode_t " mode ");"
+.sp
 .BI "access_vector_t string_to_av_perm(security_class_t " tclass ", const char *" name ");"
 .sp
 .BI "void print_access_vector(security_class_t " tclass ", access_vector_t " av ");"
@ -53,6 +55,11 @@ returns the class value corresponding to the string name
 .IR name ,
 or zero if no such class exists.

+.B mode_to_security_class
+returns the class value corresponding to the specified 
+.IR mode ,
+or zero if no such class exists.
+
 .B string_to_av_perm
 returns the access vector bit corresponding to the string name
 .I name
@ -88,3 +95,4 @@ Eamon Walsh <ewalsh@tycho.nsa.gov>
 .BR selinux (8),
 .BR getcon (3),
 .BR getfilecon (3)
+.BR stat (3)
--- a/libselinux/src/stringrep.c
+++ b/libselinux/src/stringrep.c
@ -436,6 +436,27 @@ security_class_t string_to_security_class(const char *s)
 	return map_class(node->value);
 }

+security_class_t mode_to_security_class(mode_t m) {
+
+	if (S_ISREG(m))
+		return string_to_security_class("file");
+	if (S_ISDIR(m))
+		return string_to_security_class("dir");
+	if (S_ISCHR(m))
+		return string_to_security_class("chr_file");
+	if (S_ISBLK(m))
+		return string_to_security_class("blk_file");
+	if (S_ISFIFO(m))
+		return string_to_security_class("fifo_file");
+	if (S_ISLNK(m))
+		return string_to_security_class("lnk_file");
+	if (S_ISSOCK(m))
+		return string_to_security_class("sock_file");
+
+	errno=EINVAL;
+	return 0;
+}
+
 access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
 {
 	struct discover_class_node *node;