Skip to content

Commit

Permalink
umockdev-record: Record SELinux context
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinpitt
martinpitt committed Dec 14, 2023
1 parent 508a7d8 commit 631d80b
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 3 deletions.
6 changes: 4 additions & 2 deletions meson.build
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ meson.add_dist_script(srcdir / 'getversion.sh')
#

dl = cc.find_library('dl')
selinux = cc.find_library('libselinux', required: false)

glib = dependency('glib-2.0', version: '>= 2.32.0')
gobject = dependency('gobject-2.0', version: '>= 2.32.0')
Expand All @@ -87,6 +88,7 @@ vala_libutil = cc.find_library('util')
# local VAPIs
vapi_config = valac.find_library('config', dirs: srcdir)
vapi_ioctl = valac.find_library('ioctl', dirs: srcdir)
vapi_selinux = valac.find_library('selinux', dirs: srcdir)
vapi_assertions = valac.find_library('assertions', dirs: testsdir)

#
Expand Down Expand Up @@ -141,7 +143,7 @@ umockdev_lib = shared_library('umockdev',
'src/debug.c'],
vala_vapi: 'umockdev-1.0.vapi',
vala_gir: 'UMockdev-1.0.gir',
dependencies: [glib, gobject, gio, gio_unix, vapi_posix, vapi_linux, vapi_linux_fixes, vala_libudev, vala_libutil, vapi_ioctl, libpcap],
dependencies: [glib, gobject, gio, gio_unix, vapi_posix, vapi_linux, vapi_linux_fixes, vala_libudev, vala_libutil, vapi_ioctl, vapi_selinux, libpcap],
link_with: [umockdev_utils_lib],
link_depends: ['src/umockdev.map'],
link_args: [
Expand Down Expand Up @@ -201,7 +203,7 @@ umockdev_record_exe = executable('umockdev-record',
'src/ioctl_tree.c',
'src/utils.c',
'src/debug.c'],
dependencies: [glib, gobject, gio_unix, vapi_posix, vapi_config, vapi_ioctl, libpcap],
dependencies: [glib, gobject, gio_unix, vapi_posix, vapi_config, vapi_ioctl, vapi_selinux, libpcap, selinux],
link_with: [umockdev_utils_lib],
vala_args: ['--define=INTERNAL_REGISTER_API',
'--define=INTERNAL_UNREGISTER_ALL_API',
Expand Down
6 changes: 6 additions & 0 deletions src/selinux.vapi
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
[CCode (cprefix = "", lower_case_cprefix = "", cheader_filename = "selinux/selinux.h")]
namespace Selinux {
int lgetfilecon (string path, out string context);
int lsetfilecon (string path, string context);
void freecon (string context);
}
10 changes: 9 additions & 1 deletion src/umockdev-record.vala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
*/

using UMockdevUtils;
using Selinux;

static void
devices_from_dir (string dir, ref GenericArray<string> devs)
Expand Down Expand Up @@ -251,7 +252,14 @@ record_device(string dev)
continue;

if (line.has_prefix("N: ")) {
line = line + dev_contents("/dev/" + line.substring(3).chomp());
string devpath = "/dev/" + line.substring(3).chomp();
line = line + dev_contents(devpath);

// record SELinux context
string context;
int res = Selinux.lgetfilecon(devpath, out context);
if (res > 0)
properties.append("E: __DEVCONTEXT=" + context);
}
stdout.puts(line);
stdout.putc('\n');
Expand Down
2 changes: 2 additions & 0 deletions tests/test-umockdev-record.vala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,8 +194,10 @@ t_system_single ()
assert_cmpstr (serr, CompareOperator.EQ, "");
assert_cmpint (exit, CompareOperator.EQ, 0);
assert_in("E: DEVNAME=/dev/null", sout);
assert_in("E: __DEVCONTEXT=system_u:object_r:null_device_t:s0\n", sout);
assert_in("P: /devices/virtual/mem/null", sout);
assert_in("E: DEVNAME=/dev/zero", sout);
assert_in("E: __DEVCONTEXT=system_u:object_r:zero_device_t:s0\n", sout);
}

// system /sys: umockdev-record --all works and result loads back
Expand Down

0 comments on commit 631d80b

Please sign in to comment.