veriexec: Add function to get label associated with a file
Add mac_veriexec_metadata_get_file_label to avoid the need to expose internals to other MAC modules. Obtained from: Juniper Networks, Inc.
This commit is contained in:
parent
9bc96108d1
commit
48ffacbc84
@ -178,6 +178,8 @@ int mac_veriexec_metadata_add_file(int file_dev, dev_t fsid, long fileid,
|
||||
unsigned long gen, unsigned char fingerprint[MAXFINGERPRINTLEN],
|
||||
char *label, size_t labellen, int flags, const char *fp_type,
|
||||
int override);
|
||||
const char *mac_veriexec_metadata_get_file_label(dev_t fsid, long fileid,
|
||||
unsigned long gen, int check_files);
|
||||
int mac_veriexec_metadata_has_file(dev_t fsid, long fileid,
|
||||
unsigned long gen);
|
||||
int mac_veriexec_proc_is_trusted(struct ucred *cred, struct proc *p);
|
||||
|
@ -586,6 +586,31 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp,
|
||||
return (error);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return label if we have one
|
||||
*
|
||||
* @param fsid file system identifier to look for
|
||||
* @param fileid file to look for
|
||||
* @param gen generation of file
|
||||
* @param check_files look at non-executable files?
|
||||
*
|
||||
* @return A pointer to the label or @c NULL
|
||||
*/
|
||||
const char *
|
||||
mac_veriexec_metadata_get_file_label(dev_t fsid, long fileid,
|
||||
unsigned long gen, int check_files)
|
||||
{
|
||||
struct mac_veriexec_file_info *ip;
|
||||
int error;
|
||||
|
||||
error = mac_veriexec_metadata_get_file_info(fsid, fileid, gen, NULL,
|
||||
&ip, check_files);
|
||||
if (error)
|
||||
return (NULL);
|
||||
|
||||
return ((ip->flags & VERIEXEC_LABEL) != 0 ? ip->label : NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a file and its fingerprint to the list of files attached
|
||||
* to the device @p fsid.
|
||||
|
Loading…
Reference in New Issue
Block a user