* misc.c (is_secured_filename): New.

* keydb.c (maybe_create_keyring)
* tdbio.c (tdbio_set_dbname)
* plaintext.c (handle_plaintext)
* openfile.c (copy_options_file, open_outfile)
* exec.c (exec_write)
* keygen.c (do_generate_keypair, gen_card_key_with_backup)
* sign.c (sign_file, clearsign_file)
* keyring.c (create_tmp_file, do_copy): Check for secured files
before creating them.

* keygen.c (print_status_key_created): s/unsigned char/byte/ due
to a strange typedef for RISC OS.  Noted by Stefan.

1 files changed, 35 insertions, 0 deletions

diff --git a/g10/misc.c b/g10/misc.c
index 207367d7e..110d9128c 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -198,6 +198,41 @@ is_secured_file (int fd)
   return 0; /* No. */
 }
 
+/* Return true if FNAME is corresponds to a secured file.  Using NULL,
+   "" or "-" for FS is allowed and will return false. This function is
+   used before creating a file, thus it won't fail if the file does
+   not exist. */ 
+int 
+is_secured_filename (const char *fname)
+{
+#ifdef ENABLE_SELINUX_HACKS
+  struct stat buf;
+  struct secured_file_item *sf;
+
+  if (iobuf_is_pipe_filename (fname) || !*fname)
+    return 0; 
+
+  /* Note that we print out a error here and claim that a file is
+     secure if something went wrong. */
+  if (stat (fname, &buf))
+    {
+      if (errno == ENOENT || errno == EPERM || errno == EACCES)
+        return 0;
+      log_error (_("fstat of `%s' failed in %s: %s\n"), fname,
+                 "is_secured_filename", strerror (errno));
+      return 1;
+    }
+/*   log_debug ("is_secured_filename (%s) i=%lu.%lu\n", fname, */
+/*              (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+  for (sf=secured_files; sf; sf = sf->next)
+    {
+      if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+        return 1; /* Yes.  */
+    }
+#endif /*ENABLE_SELINUX_HACKS*/
+  return 0; /* No. */
+}
+
 
 
 u16