X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=lib%2Fselinux-at.h;h=5fa3333c63b86a66832fc49451453b3891b7d7cd;hb=2deeabadbd2d7eaebc49d62f818e60f40159b0ff;hp=212e252529aaa1a89a7c95bab10c180fc92cbba7;hpb=27aa230554a630b52c2ce1540f6274c0aa4eaed1;p=pspp

diff --git a/lib/selinux-at.h b/lib/selinux-at.h
index 212e252529..5fa3333c63 100644
--- a/lib/selinux-at.h
+++ b/lib/selinux-at.h
@@ -1,5 +1,5 @@
 /* Prototypes for openat-style fd-relative SELinux functions
-   Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+   Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -17,7 +17,36 @@
 #include <selinux/selinux.h>
 #include <selinux/context.h>
 
-int  getfileconat (int fd, char const *file, security_context_t *con);
-int lgetfileconat (int fd, char const *file, security_context_t *con);
-int  setfileconat (int fd, char const *file, security_context_t con);
-int lsetfileconat (int fd, char const *file, security_context_t con);
+/* These are the dir-fd-relative variants of the functions without the
+   "at" suffix.  For example, getfileconat (AT_FDCWD, file, &c) is usually
+   equivalent to getfilecon (file, &c).  The emulation is accomplished
+   by first attempting getfilecon ("/proc/self/fd/DIR_FD/FILE", &c).
+   Failing that, simulate it via save_cwd/fchdir/getfilecon/restore_cwd.
+   If either the save_cwd or the restore_cwd fails (relatively unlikely),
+   then give a diagnostic and exit nonzero.  */
+
+/* dir-fd-relative getfilecon.  Set *CON to the SELinux security context
+   of the file specified by DIR_FD and FILE and return the length of *CON.
+   DIR_FD and FILE are interpreted as for fstatat[*].  A non-NULL *CON
+   must be freed with freecon.  Upon error, set *CON to NULL, set errno
+   and return -1.
+   [*] with flags=0 here, with flags=AT_SYMLINK_NOFOLLOW for lgetfileconat  */
+int  getfileconat (int dir_fd, char const *file, security_context_t *con);
+
+/* dir-fd-relative lgetfilecon.  This function is just like getfileconat,
+   except when DIR_FD and FILE specify a symlink:  lgetfileconat operates on
+   the symlink, while getfileconat operates on the referent of the symlink.  */
+int lgetfileconat (int dir_fd, char const *file, security_context_t *con);
+
+/* dir-fd-relative setfilecon.  Set the SELinux security context of
+   the file specified by DIR_FD and FILE to CON.  DIR_FD and FILE are
+   interpreted as for fstatat[*].  Upon success, return 0.
+   Otherwise, return -1 and set errno.  */
+int  setfileconat (int dir_fd, char const *file, security_context_t con);
+
+/* dir-fd-relative lsetfilecon.  This function is just like setfileconat,
+   except that rather than dereferencing a symlink, this function affects it. */
+/* dir-fd-relative lsetfilecon.  This function is just like setfileconat,
+   except when DIR_FD and FILE specify a symlink:  lsetfileconat operates on
+   the symlink, while setfileconat operates on the referent of the symlink.  */
+int lsetfileconat (int dir_fd, char const *file, security_context_t con);