maint: refactor SMACK interface to a separate module

Consolidate all smack routines and checks in a module. We replace and wrap the most commonly used smack routines, which allows removing ifdefs throughout the code. * gl/lib/smack.h: A new header containing the implementation of the wrapped and replacement routines. Note the is_smack_enabled() routine should be optimized out at compile time when compiled on a system without libsmack. * gl/modules/smack: Describe the new module and move the configure time code here from ... * m4/jm-macros.m4: ... here. * bootstrap.conf: Reference the new module. * src/id.c: Use the routines without ifdefs where possible. * src/ls.c: Likewise. * src/mkdir.c: Likewise. * src/mkfifo.c: Likewise. * src/mknod.c: Likewise.
2024-11-27 12:04:25 +08:00 · 2013-07-02 03:42:20 +01:00 · 2013-07-02 03:42:20 +01:00 · 5fb93f635b
commit 5fb93f635b
parent b8a87eaf2d
9 changed files with 105 additions and 66 deletions
--- a/bootstrap.conf
+++ b/bootstrap.conf
@ -211,6 +211,7 @@ gnulib_modules="
  settime
  sig2str
  sigaction
+  smack
  ssize_t
  statat
  stat-macros
--- a/gl/lib/smack.h
+++ b/gl/lib/smack.h
@ -0,0 +1,46 @@
+/* Include and determine availability of smack routines
+   Copyright (C) 2013 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+/* Here we replace or wrap the most common smack functions used by coreutils.
+   Others will need to be protected by HAVE_SMACK.  */
+
+#include <config.h>
+
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#else
+static inline ssize_t
+smack_new_label_from_self (char **label)
+{
+  return -1;
+}
+
+static inline int
+smack_set_label_for_self (const char *label)
+{
+  return -1;
+}
+#endif
+
+static inline bool
+is_smack_enabled (void)
+{
+#ifdef HAVE_SMACK
+  return smack_smackfs_path () != NULL;
+#else
+  return false;
+#endif
+}
--- a/gl/modules/smack
+++ b/gl/modules/smack
@ -0,0 +1,42 @@
+Description:
+Include and determine the availability of smack routines
+
+Files:
+lib/smack.h
+
+Depends-on:
+
+configure.ac:
+# Check whether libsmack is available
+LIB_SMACK=
+AC_ARG_ENABLE([libsmack],
+  AC_HELP_STRING([--disable-libsmack], [disable libsmack support]))
+if test "X$enable_libsmack" != "Xno"; then
+  AC_CHECK_LIB([smack], [smack_new_label_from_self],
+    [AC_CHECK_LIB([smack], [smack_new_label_from_path],
+      [AC_CHECK_HEADER([sys/smack.h],
+        [LIB_SMACK=-lsmack
+         AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])]
+      )])])
+  if test "X$LIB_SMACK" = "X"; then
+    if test "X$enable_libsmack" = "Xyes"; then
+      AC_MSG_ERROR([libsmack library was not found or not usable])
+    fi
+  fi
+else
+  AC_MSG_WARN([libsmack support disabled by user])
+fi
+AC_SUBST([LIB_SMACK])
+
+
+Makefile.am:
+lib_SOURCES += smack.h
+
+Include:
+"smack.h"
+
+License:
+LGPL
+
+Maintainer:
+Pádraig Brady
--- a/m4/jm-macros.m4
+++ b/m4/jm-macros.m4
@ -141,27 +141,6 @@ AC_DEFUN([coreutils_MACROS],
  fi
  AC_SUBST([LIB_CAP])

-  # Check whether libsmack is available
-  LIB_SMACK=
-  AC_ARG_ENABLE([libsmack],
-    AC_HELP_STRING([--disable-libsmack], [disable libsmack support]))
-  if test "X$enable_libsmack" != "Xno"; then
-    AC_CHECK_LIB([smack], [smack_new_label_from_self],
-      [AC_CHECK_LIB([smack], [smack_new_label_from_path],
-        [AC_CHECK_HEADER([sys/smack.h],
-          [LIB_SMACK=-lsmack
-           AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])]
-        )])])
-    if test "X$LIB_SMACK" = "X"; then
-      if test "X$enable_libsmack" = "Xyes"; then
-        AC_MSG_ERROR([libsmack library was not found or not usable])
-      fi
-    fi
-  else
-    AC_MSG_WARN([libsmack support disabled by user])
-  fi
-  AC_SUBST([LIB_SMACK])
-
  # See if linking 'seq' requires -lm.
  # It does on nearly every system.  The single exception (so far) is
  # BeOS which has all the math functions in the normal runtime library
--- a/src/id.c
+++ b/src/id.c
@ -24,15 +24,13 @@
 #include <grp.h>
 #include <getopt.h>
 #include <selinux/selinux.h>
-#ifdef HAVE_SMACK
-# include <sys/smack.h>
-#endif

 #include "system.h"
 #include "error.h"
 #include "mgetgroups.h"
 #include "quote.h"
 #include "group-list.h"
+#include "smack.h"

 /* The official name of this program (e.g., no 'g' prefix).  */
 #define PROGRAM_NAME "id"
@ -110,9 +108,7 @@ main (int argc, char **argv)
 {
  int optc;
  int selinux_enabled = (is_selinux_enabled () > 0);
-#ifdef HAVE_SMACK
-  int smack_enabled = (smack_smackfs_path () != NULL);
-#endif
+  bool smack_enabled = is_smack_enabled ();

  /* If true, output the list of all group IDs. -G */
  bool just_group_list = false;
@ -207,14 +203,11 @@ main (int argc, char **argv)
          || (default_format && ! getenv ("POSIXLY_CORRECT"))))
    {
      /* Report failure only if --context (-Z) was explicitly requested.  */
-      if (selinux_enabled && getcon (&context) && just_context)
+      if ((selinux_enabled && getcon (&context) && just_context)
+          || (smack_enabled
+              && smack_new_label_from_self ((char **) &context) < 0
+              && just_context))
        error (EXIT_FAILURE, 0, _("can't get process context"));
-#ifdef HAVE_SMACK
-      else if (smack_enabled
-               && smack_new_label_from_self ((char **) &context) < 0
-               && just_context)
-        error (EXIT_FAILURE, 0, _("can't get process context"));
-#endif
    }

  if (n_ids == 1)
--- a/src/ls.c
+++ b/src/ls.c
@ -101,6 +101,7 @@
 #include "obstack.h"
 #include "quote.h"
 #include "quotearg.h"
+#include "smack.h"
 #include "stat-size.h"
 #include "stat-time.h"
 #include "strftime.h"
@ -115,10 +116,6 @@
 # include <sys/capability.h>
 #endif

-#ifdef HAVE_SMACK
-# include <sys/smack.h>
-#endif
-
 #define PROGRAM_NAME (ls_mode == LS_LS ? "ls" \
                      : (ls_mode == LS_MULTI_COL \
                         ? "dir" : "vdir"))
@ -2762,11 +2759,9 @@ free_ent (struct fileinfo *f)
  free (f->linkname);
  if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
    {
-#ifdef HAVE_SMACK
-      if (smack_smackfs_path ())
+      if (is_smack_enabled ())
        free (f->scontext);
      else
-#endif
        freecon (f->scontext);
    }
 }
@ -2825,7 +2820,7 @@ getfilecon_cache (char const *file, struct fileinfo *f, bool deref)
    }
  int r = 0;
 #ifdef HAVE_SMACK
-  if (smack_smackfs_path ())
+  if (is_smack_enabled ())
    r = smack_new_label_from_path (file, "security.SMACK64", deref,
                                   &f->scontext);
  else
@ -3030,11 +3025,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,

          if (err == 0)
            {
-#ifdef HAVE_SMACK
-              if (smack_smackfs_path ())
+              if (is_smack_enabled ())
                have_scontext = ! STREQ ("_", f->scontext);
              else
-#endif
                have_scontext = ! STREQ ("unlabeled", f->scontext);
            }
          else
--- a/src/mkdir.c
+++ b/src/mkdir.c
@ -22,10 +22,6 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>

-#ifdef HAVE_SMACK
-# include <sys/smack.h>
-#endif
-
 #include "system.h"
 #include "error.h"
 #include "mkdir-p.h"
@ -33,6 +29,7 @@
 #include "prog-fprintf.h"
 #include "quote.h"
 #include "savewd.h"
+#include "smack.h"

 /* The official name of this program (e.g., no 'g' prefix).  */
 #define PROGRAM_NAME "mkdir"
@ -201,11 +198,9 @@ main (int argc, char **argv)

  if (scontext)
    {
-#ifdef HAVE_SMACK
-      if (smack_smackfs_path ())
+      if (is_smack_enabled ())
        ret = smack_set_label_for_self (scontext);
      else
-#endif
        ret = setfscreatecon (scontext);
    }

--- a/src/mkfifo.c
+++ b/src/mkfifo.c
@ -22,14 +22,11 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>

-#ifdef HAVE_SMACK
-# include <sys/smack.h>
-#endif
-
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
 #include "quote.h"
+#include "smack.h"

 /* The official name of this program (e.g., no 'g' prefix).  */
 #define PROGRAM_NAME "mkfifo"
@ -115,11 +112,9 @@ main (int argc, char **argv)

  if (scontext)
    {
-#ifdef HAVE_SMACK
-      if (smack_smackfs_path ())
+      if (is_smack_enabled ())
        ret = smack_set_label_for_self (scontext);
      else
-#endif
        ret = setfscreatecon (scontext);
    }

--- a/src/mknod.c
+++ b/src/mknod.c
@ -22,14 +22,11 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>

-#ifdef HAVE_SMACK
-# include <sys/smack.h>
-#endif
-
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
 #include "quote.h"
+#include "smack.h"
 #include "xstrtol.h"

 /* The official name of this program (e.g., no 'g' prefix).  */
@ -171,11 +168,9 @@ main (int argc, char **argv)

  if (scontext)
    {
-#ifdef HAVE_SMACK
-      if (smack_smackfs_path ())
+      if (is_smack_enabled ())
        ret = smack_set_label_for_self (scontext);
      else
-#endif
        ret = setfscreatecon (scontext);
    }