From b13154de3eca5ba28fbb4854d916cd0be5febeed Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Fri, 2 Nov 2012 20:15:39 +0400
Subject: Imported Upstream version 2.22

---
 login-utils/selinux_utils.c | 51 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 login-utils/selinux_utils.c

(limited to 'login-utils/selinux_utils.c')

diff --git a/login-utils/selinux_utils.c b/login-utils/selinux_utils.c
new file mode 100644
index 0000000..e709d00
--- /dev/null
+++ b/login-utils/selinux_utils.c
@@ -0,0 +1,51 @@
+#include <selinux/av_permissions.h>
+#include <selinux/context.h>
+#include <selinux/flask.h>
+#include <selinux/selinux.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+
+#include "selinux_utils.h"
+
+int checkAccess(char *chuser, int access)
+{
+	int status = -1;
+	security_context_t user_context;
+	const char *user = NULL;
+	if (getprevcon(&user_context) == 0) {
+		context_t c = context_new(user_context);
+		user = context_user_get(c);
+		if (strcmp(chuser, user) == 0) {
+			status = 0;
+		} else {
+			struct av_decision avd;
+			int retval = security_compute_av(user_context,
+							 user_context,
+							 SECCLASS_PASSWD,
+							 access,
+							 &avd);
+			if ((retval == 0) &&
+			    ((access & avd.allowed) == (unsigned)access))
+				status = 0;
+		}
+		context_free(c);
+		freecon(user_context);
+	}
+	return status;
+}
+
+int setupDefaultContext(char *orig_file)
+{
+	if (is_selinux_enabled() > 0) {
+		security_context_t scontext;
+		if (getfilecon(orig_file, &scontext) < 0)
+			return 1;
+		if (setfscreatecon(scontext) < 0) {
+			freecon(scontext);
+			return 1;
+		}
+		freecon(scontext);
+	}
+	return 0;
+}
-- 
cgit v1.2.3