#! /bin/bash
#
# Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
# Copyright (C) 2011 Nokia Corporation.
#
#      This program is free software; you can redistribute it and/or modify
#      it under the terms of the GNU General Public License as published by
#      the Free Software Foundation, version 2.
#
#      This program is distributed in the hope that it will be useful, but
#      WITHOUT ANY WARRANTY; without even the implied warranty of
#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
#      General Public License for more details.
#
#      You should have received a copy of the GNU General Public
#      License along with this program; if not, write to the Free Software
#      Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
#      02110-1301 USA
#
# Authors:
#      Casey Schaufler <casey@schaufler-ca.com>
#
# chkconfig: 2345 08 08
# description: Initialize Smack configuration
### BEGIN INIT INFO
# Provides: smack
# Required-Start: $local_fs
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Set up Smack configuration
# Description: Smack is an implementation of Mandatory Access Control. \
#              The access control rules are loaded using the smackfs \
#              pseudo-filesystem.
### END INIT INFO

#
# Make sure that /smack is mounted
# Ensure that the mount point is a directory
#
mount_smack() {
	if [ ! -e /smack ] ; then
		/bin/mkdir /smack
	fi

	if [ ! -d /smack ] ; then
		if [ -e /smack ] ; then
			/bin/rm -f /smack
		fi
		/bin/mkdir /smack
	fi

	/bin/mount smackfs -t smackfs /smack >& /dev/null
}

#
# Load any Smack access rules
#
load_rules() {
	if [ -f /etc/smack/accesses ] ; then
		/sbin/smackload < /etc/smack/accesses
	fi
}

#
# Unload any Smack access rules
#
unload_rules() {
	/sbin/smackload -c < /smack/load
}

#
# Load any Smack CIPSO mappings
#
load_cipso() {
	if [ -f /etc/smack/cipso ] ; then
		/sbin/smackcipso < /etc/smack/cipso
	fi
}

case "$1" in
   start)
	mount_smack
	load_rules
	load_cipso
	;;
   status)
	if [ ! -e /smack/load ] ; then
		exit 4
	fi
	;;
   reload|force-reload|restart|try-restart)
	unload_rules
	load_rules
	load_cipso
	;;
   stop)
	unload_rules
	;;
   *)
	;;
esac

exit 0
