diff options
author | Remi Collet <remi@remirepo.net> | 2019-10-25 12:07:15 +0200 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2019-10-25 12:07:15 +0200 |
commit | 0e40a793f2452276bf18ed70d6206898d620c13f (patch) | |
tree | 424254d29c6b782827b186d888560c80ea37a0a3 /preload-selinux.inc | |
parent | 47cb18001f6777b2c149c819497a3e8ed7edca81 (diff) |
add SELinux example (wip)
Diffstat (limited to 'preload-selinux.inc')
-rw-r--r-- | preload-selinux.inc | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/preload-selinux.inc b/preload-selinux.inc new file mode 100644 index 0000000..cc09581 --- /dev/null +++ b/preload-selinux.inc @@ -0,0 +1,45 @@ +<?php +/** + * ZSTD compressor using FFI and libselinux + * PoC, only for documentation purpose + * + * Copyright (c) 2019 Remi Collet + * License: CC-BY-SA + * http://creativecommons.org/licenses/by-sa/4.0/ + */ +namespace Remi; + +class SELinux { + static private $ffi = null; + + private static function init() { + if (self::$ffi) { + return; + } + // Try if preloaded + try { + self::$ffi = \FFI::scope("_REMI_SELINUX_"); + echo "Using FFI::scope OK\n"; + } catch (\FFI\Exception $e) { + // Try direct load + self::$ffi = \FFI::load(__DIR__ . '/preload-selinux.h'); + echo "Using FFI::load OK\n"; + } + if (!self::$ffi) { + throw new \RuntimeException("FFI parse fails"); + } + } + + public static function is_enabled(): bool { + self::init(); + + return (bool)self::$ffi->is_selinux_enabled(); + } + + public static function getenforce(): int { + self::init(); + + return self::$ffi->security_getenforce(); + } +} + |