From c0cbaab04b3d37a1786f04018eb6226359291031 Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Wed, 10 Apr 2024 10:04:07 -0400
Subject: fsade: Add libselinux wrappers

---
 src/fsade.c | 33 +++++++++++++++++++++++++++++++++
 src/fsade.h | 17 +++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/src/fsade.c b/src/fsade.c
index ee17416..0810c7f 100644
--- a/src/fsade.c
+++ b/src/fsade.c
@@ -22,6 +22,10 @@
 #  include <sys/capability.h>
 #endif
 
+#if BFS_CAN_CHECK_CONTEXT
+#  include <selinux/selinux.h>
+#endif
+
 #if BFS_USE_SYS_EXTATTR_H
 #  include <sys/extattr.h>
 #elif BFS_USE_SYS_XATTR_H
@@ -414,3 +418,32 @@ int bfs_check_xattr_named(const struct BFTW *ftwbuf, const char *name) {
 }
 
 #endif
+
+char *bfs_getfilecon(const struct BFTW *ftwbuf) {
+#if BFS_CAN_CHECK_CONTEXT
+	const char *path = fake_at(ftwbuf);
+
+	char *con;
+	int ret;
+	if (ftwbuf->type == BFS_LNK) {
+		ret = lgetfilecon(path, &con);
+	} else {
+		ret = getfilecon(path, &con);
+	}
+
+	if (ret >= 0) {
+		return con;
+	} else {
+		return NULL;
+	}
+#else
+	errno = ENOTSUP;
+	return NULL;
+#endif
+}
+
+void bfs_freecon(char *con) {
+#if BFS_CAN_CHECK_CONTEXT
+	freecon(con);
+#endif
+}
diff --git a/src/fsade.h b/src/fsade.h
index 413938d..1f1dbfc 100644
--- a/src/fsade.h
+++ b/src/fsade.h
@@ -20,6 +20,8 @@
 #  endif
 #endif
 
+#define BFS_CAN_CHECK_CONTEXT BFS_USE_LIBSELINUX
+
 #define BFS_CAN_CHECK_XATTRS (BFS_USE_SYS_EXTATTR_H || BFS_USE_SYS_XATTR_H)
 
 struct BFTW;
@@ -66,4 +68,19 @@ int bfs_check_xattrs(const struct BFTW *ftwbuf);
  */
 int bfs_check_xattr_named(const struct BFTW *ftwbuf, const char *name);
 
+/**
+ * Get a file's SELinux context
+ *
+ * @param ftwbuf
+ *         The file to check.
+ * @return
+ *         The file's SELinux context, or NULL on failure.
+ */
+char *bfs_getfilecon(const struct BFTW *ftwbuf);
+
+/**
+ * Free a bfs_getfilecon() result.
+ */
+void bfs_freecon(char *con);
+
 #endif // BFS_FSADE_H
-- 
cgit v1.2.3