add SELinux example (wip)

author: Remi Collet <remi@remirepo.net> 2019-10-25 12:07:15 +0200
committer: Remi Collet <remi@remirepo.net> 2019-10-25 12:07:15 +0200
commit: 0e40a793f2452276bf18ed70d6206898d620c13f (patch)
tree: 424254d29c6b782827b186d888560c80ea37a0a3 /preload-selinux.inc
parent: 47cb18001f6777b2c149c819497a3e8ed7edca81 (diff)
1 files changed, 45 insertions, 0 deletions
diff --git a/preload-selinux.inc b/preload-selinux.inc
new file mode 100644
index 0000000..cc09581
--- /dev/null
+++ b/preload-selinux.inc
@@ -0,0 +1,45 @@
+<?php
+/** 
+ * ZSTD compressor using FFI and libselinux
+ * PoC, only for documentation purpose
+ *
+ * Copyright (c) 2019 Remi Collet
+ * License: CC-BY-SA
+ * http://creativecommons.org/licenses/by-sa/4.0/
+ */
+namespace Remi;
+
+class SELinux {
+	static private $ffi = null;
+
+	private static function init() {
+		if (self::$ffi) {
+			return;
+		}
+		// Try if preloaded
+		try {
+			self::$ffi = \FFI::scope("_REMI_SELINUX_");
+			echo "Using FFI::scope OK\n";
+		} catch (\FFI\Exception $e) {
+			// Try direct load
+			self::$ffi = \FFI::load(__DIR__ . '/preload-selinux.h');
+			echo "Using FFI::load OK\n";
+		}
+		if (!self::$ffi) {
+			throw new \RuntimeException("FFI parse fails");
+		}
+	}
+
+	public static function is_enabled(): bool {
+		self::init();
+
+		return (bool)self::$ffi->is_selinux_enabled();
+	}
+
+	public static function getenforce(): int {
+		self::init();
+
+		return self::$ffi->security_getenforce();
+	}
+}
+
author	Remi Collet <remi@remirepo.net>	2019-10-25 12:07:15 +0200
committer	Remi Collet <remi@remirepo.net>	2019-10-25 12:07:15 +0200
commit	0e40a793f2452276bf18ed70d6206898d620c13f (patch)
tree	424254d29c6b782827b186d888560c80ea37a0a3 /preload-selinux.inc
parent	47cb18001f6777b2c149c819497a3e8ed7edca81 (diff)