dbus-broker/backport-util-selinux-provide-helper-to-check-enforcing-mode.patch

From df23f09376386fbdefb4bcc049c1c81a9a893baf Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david@readahead.eu>
Date: Mon, 12 Jun 2023 12:04:47 +0200
Subject: [PATCH] util/selinux: provide helper to check enforcing mode

Add a new helper to check the selinux enforcing mode. This will be used
in follow-ups to avoid AVC denials in permissive mode.

Signed-off-by: David Rheinsberg <david@readahead.eu>
---
 src/util/selinux-fallback.c |  4 ++++
 src/util/selinux.c          | 16 ++++++++++++++++
 src/util/selinux.h          |  1 +
 3 files changed, 21 insertions(+)

diff --git a/src/util/selinux-fallback.c b/src/util/selinux-fallback.c
index ec4d458..0654a07 100644
--- a/src/util/selinux-fallback.c
+++ b/src/util/selinux-fallback.c
@@ -16,6 +16,10 @@ bool bus_selinux_is_enabled(void) {
         return false;
 }
 
+bool bus_selinux_is_enforcing(void) {
+        return false;
+}
+
 const char *bus_selinux_policy_root(void) {
         return NULL;
 }
diff --git a/src/util/selinux.c b/src/util/selinux.c
index f8b4c8a..4b61ec7 100644
--- a/src/util/selinux.c
+++ b/src/util/selinux.c
@@ -38,6 +38,22 @@ bool bus_selinux_is_enabled(void) {
         return is_selinux_enabled();
 }
 
+/**
+ * bus_selinux_is_enforcing() - checks if SELinux is in enforcing mode
+ *
+ * If selinux is not enabled or otherwise unavailable, this will return true.
+ * That is, this will only return false, if selinux is enabled and in
+ * permissive mode.
+ *
+ * Returns: true if SELinux is in enforcing mode, false otherwise.
+ */
+bool bus_selinux_is_enforcing(void) {
+        if (bus_selinux_status_open)
+                return selinux_status_getenforce() != 0;
+        else
+                return security_getenforce() != 0;
+}
+
 /**
  * bus_selinux_policy_root() - the root directory where the current SELinux policy can be found
  *
diff --git a/src/util/selinux.h b/src/util/selinux.h
index 9a71e90..435c8a8 100644
--- a/src/util/selinux.h
+++ b/src/util/selinux.h
@@ -16,6 +16,7 @@ enum {
 };
 
 bool bus_selinux_is_enabled(void);
+bool bus_selinux_is_enforcing(void);
 const char *bus_selinux_policy_root(void);
 
 int bus_selinux_registry_new(BusSELinuxRegistry **registryp, const char *fallback_context);
-- 
2.33.0