libveriexec: add function to check a label based on a path
veriexec_check_path_label() can be used to check if a specified path has a label associated with it that contains the what we want. Obtained from: Juniper Networks, Inc.
This commit is contained in:
parent
bd4742c970
commit
9bc96108d1
@ -38,6 +38,7 @@ int veriexec_check_path(const char *);
|
|||||||
int veriexec_get_pid_params(pid_t, struct mac_veriexec_syscall_params *);
|
int veriexec_get_pid_params(pid_t, struct mac_veriexec_syscall_params *);
|
||||||
int veriexec_get_path_params(const char *,
|
int veriexec_get_path_params(const char *,
|
||||||
struct mac_veriexec_syscall_params *);
|
struct mac_veriexec_syscall_params *);
|
||||||
|
int veriexec_check_path_label(const char *, const char *);
|
||||||
int veriexec_check_pid_label(pid_t, const char *);
|
int veriexec_check_pid_label(pid_t, const char *);
|
||||||
|
|
||||||
#define HAVE_VERIEXEC_CHECK_PID_LABEL 1
|
#define HAVE_VERIEXEC_CHECK_PID_LABEL 1
|
||||||
|
@ -81,7 +81,7 @@ veriexec_get_path_params(const char *file,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief check if label contains what we want
|
* @brief check if a process has label that contains what we want
|
||||||
*
|
*
|
||||||
* @return
|
* @return
|
||||||
* @li 0 if no
|
* @li 0 if no
|
||||||
@ -109,6 +109,35 @@ veriexec_check_pid_label(pid_t pid, const char *want)
|
|||||||
return 0; /* no */
|
return 0; /* no */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief check if a path has label that contains what we want
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* @li 0 if no
|
||||||
|
* @li 1 if yes
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
veriexec_check_path_label(const char *file, const char *want)
|
||||||
|
{
|
||||||
|
struct mac_veriexec_syscall_params params;
|
||||||
|
char *cp;
|
||||||
|
size_t n;
|
||||||
|
|
||||||
|
if (want != NULL && file != NULL &&
|
||||||
|
veriexec_get_path_params(file, ¶ms) == 0) {
|
||||||
|
/* Does label contain [,]<want>[,] ? */
|
||||||
|
if (params.labellen > 0 &&
|
||||||
|
(cp = strstr(params.label, want)) != NULL) {
|
||||||
|
if (cp == params.label || cp[-1] == ',') {
|
||||||
|
n = strlen(want);
|
||||||
|
if (cp[n] == '\0' || cp[n] == ',')
|
||||||
|
return 1; /* yes */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0; /* no */
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef UNIT_TEST
|
#ifdef UNIT_TEST
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
Loading…
Reference in New Issue
Block a user