paludis  Version 2.0.0
security_context.hh
Go to the documentation of this file.
1 /* vim: set sw=4 sts=4 et foldmethod=syntax : */
2 
3 /*
4  * Copyright (c) 2006 Stephen Bennett
5  *
6  * This file is part of the Paludis package manager. Paludis is free software;
7  * you can redistribute it and/or modify it under the terms of the GNU General
8  * Public License, version 2, as published by the Free Software Foundation.
9  *
10  * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
11  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
12  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
13  * details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
17  * Place, Suite 330, Boston, MA 02111-1307 USA
18  */
19 
20 #ifndef PALUDIS_GUARD_PALUDIS_UTIL_SECURITY_CONTEXT_HH
21 #define PALUDIS_GUARD_PALUDIS_UTIL_SECURITY_CONTEXT_HH 1
22 
23 #include <string>
26 #include <paludis/util/pimp.hh>
27 #include <paludis/util/fs_path.hh>
28 
29 /** \file
30  * Declarations for SecurityContext and associated classes.
31  *
32  * \ingroup grplibpaludisselinux
33  */
34 
35 namespace paludis
36 {
37  class FSCreateCon;
38  class MatchPathCon;
39  class SecurityContext;
40 
41  /**
42  * Thin wrapper around setfilecon()
43  *
44  * \ingroup grplibpaludisselinux
45  */
46  int setfilecon(const FSPath & file, const std::shared_ptr<const SecurityContext> & con) PALUDIS_VISIBLE;
47 
48  /**
49  * Whether SELinux is enabled. Ideally, you are not using this function.
50  *
51  * \ingroup grplibpaludisselinux
52  */
54 
55  /**
56  * A SecurityContext can be written to a stream.
57  *
58  * \ingroup grplibpaludisselinux
59  */
60  std::ostream& operator<<(std::ostream&, const SecurityContext &) PALUDIS_VISIBLE;
61 
62  /**
63  * Error class for SELinux-related functions
64  *
65  * \ingroup grplibpaludisselinux
66  * \ingroup grpexceptions
67  */
68  class PALUDIS_VISIBLE SELinuxException :
69  public Exception
70  {
71  public:
72  /// Constructor.
73  SELinuxException(const std::string & our_message)
74  : Exception(our_message)
75  {
76  }
77  };
78 
79  /**
80  * Security context class. Wraps security_context_t.
81  *
82  * \ingroup grplibpaludisselinux
83  */
85  {
86  private:
88 
89  public:
90  /**
91  * Constructor
92  */
94 
95  /**
96  * Can be constructed from a string.
97  */
98  SecurityContext(const std::string &);
99 
100  /**
101  * Destructor
102  */
103  ~SecurityContext();
104 
105  SecurityContext(const SecurityContext &) = delete;
106 
107  SecurityContext & operator= (const SecurityContext &) = delete;
108 
109  friend std::ostream& paludis::operator<<(std::ostream&, const SecurityContext &);
110  friend class paludis::FSCreateCon;
111  friend class paludis::MatchPathCon;
112  friend int paludis::setfilecon(const FSPath &, const std::shared_ptr<const SecurityContext> &);
113 
114  /**
115  * Returns a SecurityContext referring to the current process's context
116  */
117  static std::shared_ptr<const SecurityContext> current_context();
118 
119  /**
120  * Returns a SecurityContext referring to the current filesystem creation context
121  */
122  static std::shared_ptr<const SecurityContext> fs_create_context();
123  };
124 
125  /**
126  * RAII-style wrapper for setfscreatecon().
127  *
128  * Create an FSCreateCon object to set the security context of newly created file objects.
129  * When destroyed, it will revert to the previous creation context.
130  *
131  * Note that with older versions of libselinux this operation is not thread-safe. Any
132  * multi-threaded code calling it must use a critical section to ensure the desired
133  * behaviour on all systems.
134  *
135  * \ingroup grplibpaludisselinux
136  */
138  {
139  private:
140  std::shared_ptr<const SecurityContext> _context;
141  std::shared_ptr<const SecurityContext> _prev_context;
142 
143  public:
144  /**
145  * Constructor
146  */
147  FSCreateCon(const std::shared_ptr<const SecurityContext> &);
148 
149  /**
150  * Destructor
151  */
152  ~FSCreateCon();
153  };
154 
155  /**
156  * Wrapper class around matchpathcon().
157  *
158  * \ingroup grplibpaludisselinux
159  */
161  public Singleton<MatchPathCon>
162  {
163  private:
164  bool _good;
165 
166  public:
167  /**
168  * Constructor. Optional parameter is the path to the file_contexts to use.
169  */
170  MatchPathCon();
171 
172  /**
173  * Destructor
174  */
175  ~MatchPathCon();
176 
177  /**
178  * Retrieve the default context for a given pathname
179  */
180  std::shared_ptr<const SecurityContext> match(const std::string &, mode_t = 0) const;
181 
182  /**
183  * Did the initialisation succeed?
184  */
185  bool good() const;
186  };
187 }
188 
189 #endif
Definition: pimp.hh:51
Definition: security_context.hh:68
int setfilecon(const FSPath &file, const std::shared_ptr< const SecurityContext > &con) PALUDIS_VISIBLE
Definition: security_context.hh:84
Definition: security_context.hh:160
Definition: exception.hh:74
std::ostream & operator<<(std::ostream &, const WantPhase &) PALUDIS_VISIBLE
Definition: singleton.hh:44
SELinuxException(const std::string &our_message)
Constructor.
Definition: security_context.hh:73
Definition: security_context.hh:137
bool is_selinux_enabled() PALUDIS_VISIBLE
Definition: fs_path.hh:33
#define PALUDIS_VISIBLE
Definition: attributes.hh:71