libudev: get rid of selinux
"Hello world!" linked against libselinux parses /proc/mounts and whatever else on startup, even when the lib is not needed at all. Not funny! Get rid of that thing where it's not absolutely needed.
This commit is contained in:
Kay Sievers
parent
033e9f8cde
commit
e598c5738c
|
|
@ -6,4 +6,5 @@ AM_CPPFLAGS = \
|
|||
|
||||
AM_CFLAGS =
|
||||
|
||||
AM_LDFLAGS =
|
||||
AM_LDFLAGS = \
|
||||
-Wl,--as-needed
|
||||
|
|
|
|||
2
TODO
2
TODO
|
|
@ -1,3 +1,5 @@
|
|||
convert usb_id to libudev's udev_device
|
||||
|
||||
o handle spaces in SYMLINK+=, do not create multiple links
|
||||
o use libudev device in udev_rules.c
|
||||
get rid of udevice, store rule matching state in rule iterator
|
||||
|
|
|
|||
|
|
@ -10,11 +10,6 @@ ata_id_SOURCES = \
|
|||
../../udev/lib/libudev.c \
|
||||
../../udev/lib/libudev-util.c
|
||||
|
||||
if USE_SELINUX
|
||||
ata_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
ata_id.8
|
||||
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@ cdrom_id_SOURCES = \
|
|||
../../udev/lib/libudev.c \
|
||||
../../udev/lib/libudev-util.c
|
||||
|
||||
if USE_SELINUX
|
||||
cdrom_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
cdrom_id.8
|
||||
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@ edd_id_SOURCES = \
|
|||
../../udev/lib/libudev.c \
|
||||
../../udev/lib/libudev-util.c
|
||||
|
||||
if USE_SELINUX
|
||||
edd_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
edd_id.8
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@ create_floppy_devices_SOURCES = \
|
|||
../../udev/lib/libudev.h \
|
||||
../../udev/lib/libudev.c \
|
||||
../../udev/lib/libudev-util.c \
|
||||
../../udev/udev_utils.c
|
||||
../../udev/udev_utils.c \
|
||||
../../udev/udev_selinux.c
|
||||
|
||||
if USE_SELINUX
|
||||
create_floppy_devices_LDADD = \
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ int main(int argc, char **argv)
|
|||
|
||||
logging_init("create_floppy_devices");
|
||||
udev_set_log_fn(udev, log_fn);
|
||||
selinux_init(udev);
|
||||
|
||||
while ((c = getopt(argc, argv, "cudm:U:G:M:t:")) != -1) {
|
||||
switch (c) {
|
||||
|
|
@ -161,6 +162,7 @@ int main(int argc, char **argv)
|
|||
i++;
|
||||
}
|
||||
|
||||
selinux_exit(udev);
|
||||
udev_unref(udev);
|
||||
exit:
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@ fstab_import_SOURCES = \
|
|||
../../udev/lib/libudev.c \
|
||||
../../udev/lib/libudev-util.c
|
||||
|
||||
if USE_SELINUX
|
||||
fstab_import_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@ scsi_id_SOURCES = \
|
|||
../../udev/lib/libudev.c \
|
||||
../../udev/lib/libudev-util.c
|
||||
|
||||
if USE_SELINUX
|
||||
scsi_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_sysconf_DATA = \
|
||||
scsi_id.config
|
||||
|
||||
|
|
|
|||
|
|
@ -12,10 +12,5 @@ usb_id_SOURCES = \
|
|||
../../udev/udev_sysfs.c \
|
||||
../../udev/udev_utils.c
|
||||
|
||||
if USE_SELINUX
|
||||
usb_id_LDADD = \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
distclean-local:
|
||||
rm -f Makefile.in
|
||||
|
|
|
|||
|
|
@ -16,11 +16,6 @@ vol_id_SOURCES = \
|
|||
vol_id_LDADD = \
|
||||
lib/libvolume_id.la
|
||||
|
||||
if USE_SELINUX
|
||||
vol_id_LDADD += \
|
||||
$(SELINUX_LIBS)
|
||||
endif
|
||||
|
||||
dist_man_MANS = \
|
||||
vol_id.8
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ common_files = \
|
|||
udev_sysfs.c \
|
||||
udev_utils.c \
|
||||
udev_utils_file.c \
|
||||
udev_selinux.c \
|
||||
list.h \
|
||||
lib/libudev.h \
|
||||
lib/libudev-private.h \
|
||||
|
|
|
|||
|
|
@ -25,9 +25,6 @@
|
|||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#ifdef USE_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
|
||||
#include "libudev.h"
|
||||
#include "libudev-private.h"
|
||||
|
|
@ -42,11 +39,6 @@ struct udev {
|
|||
char *dev_path;
|
||||
char *rules_path;
|
||||
int log_priority;
|
||||
#ifdef USE_SELINUX
|
||||
int selinux_initialized;
|
||||
int selinux_enabled;
|
||||
security_context_t selinux_prev_scontext;
|
||||
#endif
|
||||
int run;
|
||||
};
|
||||
|
||||
|
|
@ -72,26 +64,6 @@ static void log_stderr(struct udev *udev,
|
|||
vfprintf(stderr, format, args);
|
||||
}
|
||||
|
||||
static void selinux_init(struct udev *udev)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
/*
|
||||
* record the present security context, for file-creation
|
||||
* restoration creation purposes.
|
||||
*/
|
||||
udev->selinux_enabled = (is_selinux_enabled() > 0);
|
||||
info(udev, "selinux=%i\n", udev->selinux_enabled);
|
||||
if (udev->selinux_enabled) {
|
||||
matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
|
||||
if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
|
||||
err(udev, "getfscreatecon failed\n");
|
||||
udev->selinux_prev_scontext = NULL;
|
||||
}
|
||||
}
|
||||
udev->selinux_initialized = 1;
|
||||
#endif
|
||||
}
|
||||
|
||||
void *udev_get_userdata(struct udev *udev)
|
||||
{
|
||||
if (udev == NULL)
|
||||
|
|
@ -106,68 +78,6 @@ void udev_set_userdata(struct udev *udev, void *userdata)
|
|||
udev->userdata = userdata;
|
||||
}
|
||||
|
||||
static void selinux_exit(struct udev *udev)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (!udev->selinux_initialized)
|
||||
return;
|
||||
if (udev->selinux_enabled) {
|
||||
freecon(udev->selinux_prev_scontext);
|
||||
udev->selinux_prev_scontext = NULL;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (!udev->selinux_initialized)
|
||||
selinux_init(udev);
|
||||
if (udev->selinux_enabled) {
|
||||
security_context_t scontext = NULL;
|
||||
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
if (lsetfilecon(file, scontext) < 0)
|
||||
err(udev, "setfilecon %s failed: %m\n", file);
|
||||
freecon(scontext);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (!udev->selinux_initialized)
|
||||
selinux_init(udev);
|
||||
if (udev->selinux_enabled) {
|
||||
security_context_t scontext = NULL;
|
||||
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
if (setfscreatecon(scontext) < 0)
|
||||
err(udev, "setfscreatecon %s failed: %m\n", file);
|
||||
freecon(scontext);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void udev_selinux_resetfscreatecon(struct udev *udev)
|
||||
{
|
||||
#ifdef USE_SELINUX
|
||||
if (!udev->selinux_initialized)
|
||||
selinux_init(udev);
|
||||
if (udev->selinux_enabled) {
|
||||
if (setfscreatecon(udev->selinux_prev_scontext) < 0)
|
||||
err(udev, "setfscreatecon failed: %m\n");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
* udev_new:
|
||||
*
|
||||
|
|
@ -364,7 +274,6 @@ void udev_unref(struct udev *udev)
|
|||
udev->refcount--;
|
||||
if (udev->refcount > 0)
|
||||
return;
|
||||
selinux_exit(udev);
|
||||
free(udev->dev_path);
|
||||
free(udev->sys_path);
|
||||
free(udev->rules_path);
|
||||
|
|
|
|||
|
|
@ -44,11 +44,6 @@ extern const char *udev_get_dev_path(struct udev *udev);
|
|||
extern void *udev_get_userdata(struct udev *udev);
|
||||
extern void udev_set_userdata(struct udev *udev, void *userdata);
|
||||
|
||||
/* selinux glue */
|
||||
extern void udev_selinux_resetfscreatecon(struct udev *udev);
|
||||
extern void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode);
|
||||
extern void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode);
|
||||
|
||||
/* list iteration */
|
||||
struct udev_list_entry;
|
||||
extern struct udev_list_entry *udev_list_entry_get_next(struct udev_list_entry *list_entry);
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ int main(int argc, char *argv[])
|
|||
if (udev == NULL)
|
||||
exit(1);
|
||||
dbg(udev, "version %s\n", VERSION);
|
||||
selinux_init(udev);
|
||||
|
||||
/* set signal handlers */
|
||||
memset(&act, 0x00, sizeof(act));
|
||||
|
|
@ -131,6 +132,7 @@ fail:
|
|||
udev_rules_cleanup(&rules);
|
||||
sysfs_cleanup();
|
||||
exit:
|
||||
selinux_exit(udev);
|
||||
udev_unref(udev);
|
||||
if (retval != 0)
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -167,6 +167,13 @@ extern int file_map(const char *filename, char **buf, size_t *bufsize);
|
|||
extern void file_unmap(void *buf, size_t bufsize);
|
||||
extern size_t buf_get_line(const char *buf, size_t buflen, size_t cur);
|
||||
|
||||
/* udev_selinux */
|
||||
extern void selinux_init(struct udev *udev);
|
||||
extern void selinux_exit(struct udev *udev);
|
||||
extern void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode);
|
||||
extern void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode);
|
||||
extern void udev_selinux_resetfscreatecon(struct udev *udev);
|
||||
|
||||
/* udevadm commands */
|
||||
extern int udevadm_monitor(struct udev *udev, int argc, char *argv[]);
|
||||
extern int udevadm_info(struct udev *udev, int argc, char *argv[]);
|
||||
|
|
|
|||
99
udev/udev_selinux.c
Normal file
99
udev/udev_selinux.c
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
/*
|
||||
* libudev - interface to udev device information
|
||||
*
|
||||
* Copyright (C) 2008 Kay Sievers <kay.sievers@vrfy.org>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stddef.h>
|
||||
#include <stdarg.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "udev.h"
|
||||
|
||||
#ifndef USE_SELINUX
|
||||
void selinux_init(struct udev *udev) {}
|
||||
void selinux_exit(struct udev *udev) {}
|
||||
void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode) {}
|
||||
void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode) {}
|
||||
void udev_selinux_resetfscreatecon(struct udev *udev) {}
|
||||
#else
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
static int selinux_enabled;
|
||||
security_context_t selinux_prev_scontext;
|
||||
|
||||
void selinux_init(struct udev *udev)
|
||||
{
|
||||
/* record the present security context */
|
||||
selinux_enabled = (is_selinux_enabled() > 0);
|
||||
info(udev, "selinux=%i\n", selinux_enabled);
|
||||
if (!selinux_enabled)
|
||||
return;
|
||||
matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
|
||||
if (getfscreatecon(&selinux_prev_scontext) < 0) {
|
||||
err(udev, "getfscreatecon failed\n");
|
||||
selinux_prev_scontext = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
void selinux_exit(struct udev *udev)
|
||||
{
|
||||
if (!selinux_enabled)
|
||||
return;
|
||||
freecon(selinux_prev_scontext);
|
||||
selinux_prev_scontext = NULL;
|
||||
}
|
||||
|
||||
void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
|
||||
{
|
||||
security_context_t scontext = NULL;
|
||||
|
||||
if (!selinux_enabled)
|
||||
return;
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
if (lsetfilecon(file, scontext) < 0)
|
||||
err(udev, "setfilecon %s failed: %m\n", file);
|
||||
freecon(scontext);
|
||||
}
|
||||
|
||||
void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
|
||||
{
|
||||
security_context_t scontext = NULL;
|
||||
|
||||
if (!selinux_enabled)
|
||||
return;
|
||||
if (matchpathcon(file, mode, &scontext) < 0) {
|
||||
err(udev, "matchpathcon(%s) failed\n", file);
|
||||
return;
|
||||
}
|
||||
if (setfscreatecon(scontext) < 0)
|
||||
err(udev, "setfscreatecon %s failed: %m\n", file);
|
||||
freecon(scontext);
|
||||
}
|
||||
|
||||
void udev_selinux_resetfscreatecon(struct udev *udev)
|
||||
{
|
||||
if (!selinux_enabled)
|
||||
return;
|
||||
if (setfscreatecon(selinux_prev_scontext) < 0)
|
||||
err(udev, "setfscreatecon failed: %m\n");
|
||||
}
|
||||
#endif
|
||||
|
|
@ -140,6 +140,7 @@ int main(int argc, char *argv[])
|
|||
|
||||
logging_init("udevadm");
|
||||
udev_set_log_fn(udev, log_fn);
|
||||
selinux_init(udev);
|
||||
sysfs_init();
|
||||
|
||||
/* see if we are a compat link, this will be removed in a future release */
|
||||
|
|
@ -211,6 +212,7 @@ int main(int argc, char *argv[])
|
|||
rc = 2;
|
||||
out:
|
||||
sysfs_cleanup();
|
||||
selinux_exit(udev);
|
||||
udev_unref(udev);
|
||||
logging_close();
|
||||
return rc;
|
||||
|
|
|
|||
|
|
@ -801,6 +801,7 @@ int main(int argc, char *argv[])
|
|||
logging_init("udevd");
|
||||
udev_set_log_fn(udev, log_fn);
|
||||
dbg(udev, "version %s\n", VERSION);
|
||||
selinux_init(udev);
|
||||
|
||||
while (1) {
|
||||
int option;
|
||||
|
|
@ -1125,6 +1126,8 @@ exit:
|
|||
if (uevent_netlink_sock >= 0)
|
||||
close(uevent_netlink_sock);
|
||||
|
||||
selinux_exit(udev);
|
||||
udev_unref(udev);
|
||||
logging_close();
|
||||
return rc;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue