next portion of selinux updates: chcon, runcon. From

Yuichi Nakamura <himainu-ynakam@miomio.jp> KaiGai Kohei <busybox@kaigai.gr.jp>
author: Denis Vlasenko <vda.linux@googlemail.com> 2007-03-11 22:16:02 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2007-03-11 22:16:02 +0000
commit: 1203c9bf2f63938f7766a3022a9659b25712824f (patch)
tree: 162a5019d61ce2403466754ab0ee727e04f1563b
parent: baca1759129945fcd03d96ccc840892401b5a1af (diff)
download: busybox-w32-1203c9bf2f63938f7766a3022a9659b25712824f.tar.gz
busybox-w32-1203c9bf2f63938f7766a3022a9659b25712824f.tar.bz2
busybox-w32-1203c9bf2f63938f7766a3022a9659b25712824f.zip
7 files changed, 349 insertions, 2 deletions
diff --git a/coreutils/id.c b/coreutils/id.c
index a0364675f..e183402fa 100644
--- a/coreutils/id.c
+++ b/coreutils/id.c
@@ -89,7 +89,7 @@ int id_main(int argc, char **argv)
                if (flags & JUST_CONTEXT) {        
                        selinux_or_die();
                        if (argc - optind == 1) {
-                                bb_error_msg_and_die("can't print security context when user specified");
+                                bb_error_msg_and_die("user name can't be passed with -Z");
                        }
                        
                        if (getcon(&scontext)) {
diff --git a/coreutils/install.c b/coreutils/install.c
index 83facad9d..1f65407b1 100644
--- a/coreutils/install.c
+++ b/coreutils/install.c
@@ -1,6 +1,7 @@
 /* vi: set sw=4 ts=4: */
 /*
- *  Copyright (C) 2003 by Glenn McGrath <bug1@iinet.net.au>
+ * Copyright (C) 2003 by Glenn McGrath <bug1@iinet.net.au>
+ * SELinux support: by Yuichi Nakamura <ynakam@hitachisoft.jp>
 *
 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
 *
diff --git a/include/libbb.h b/include/libbb.h
index e07fa7587..69652b666 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -41,6 +41,7 @@
 #if ENABLE_SELINUX
 #include <selinux/selinux.h>
+#include <selinux/context.h>
 #endif
 #if ENABLE_LOCALE_SUPPORT
@@ -598,6 +599,8 @@ extern void run_shell(const char *shell, int loginshell, const char *command, co
 #if ENABLE_SELINUX
 extern void renew_current_security_context(void);
 extern void set_current_security_context(security_context_t sid);
+extern context_t set_security_context_component(security_context_t cur_context,
+                                                char *user, char *role, char *type, char *range);
 #endif
 extern void selinux_or_die(void);
 extern int restricted_shell(const char *shell);
diff --git a/libbb/Kbuild b/libbb/Kbuild
index a53b17f44..ffded6a68 100644
--- a/libbb/Kbuild
+++ b/libbb/Kbuild
@@ -106,6 +106,7 @@ lib-$(CONFIG_SU) += correct_password.o
 lib-$(CONFIG_LOGIN) += correct_password.o
 lib-$(CONFIG_DF) += find_mount_point.o
 lib-$(CONFIG_MKFS_MINIX) += find_mount_point.o
+lib-$(CONFIG_SELINUX) += selinux_common.o
 # We shouldn't build xregcomp.c if we don't need it - this ensures we don't
 # require regex.h to be in the include dir even if we don't need it thereby
diff --git a/libbb/selinux_common.c b/libbb/selinux_common.c
new file mode 100644
index 000000000..70d63a465
--- /dev/null
+++ b/libbb/selinux_common.c
@@ -0,0 +1,30 @@
+/*
+ * libbb/selinux_common.c
+ *   -- common SELinux utility functions
+ * 
+ * Copyright 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
+ */
+#include "busybox.h"
+#include <selinux/context.h>
+context_t set_security_context_component(security_context_t cur_context,
+                                         char *user, char *role, char *type, char *range)
+{
+        context_t con = context_new(cur_context);
+        if (!con)
+                return NULL;
+        if (user && context_user_set(con, user))
+                goto error;
+        if (type && context_type_set(con, type))
+                goto error;
+        if (range && context_range_set(con, range))
+                goto error;
+        if (role && context_role_set(con, role))
+                goto error;
+        return con;
+error:
+        context_free(con);
+        return NULL;
+}
diff --git a/selinux/chcon.c b/selinux/chcon.c
new file mode 100644
index 000000000..d7ff40816
--- /dev/null
+++ b/selinux/chcon.c
@@ -0,0 +1,175 @@
+/*
+ * chcon -- change security context, based on coreutils-5.97-13
+ *
+ * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
+ * 
+ * Copyright (C) 2006 - 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
+ */
+#include "busybox.h"
+#include <getopt.h>
+#include <selinux/context.h>
+#define OPT_RECURSIVE           (1<<0)  /* 'R' */
+#define OPT_CHANHES             (1<<1)  /* 'c' */
+#define OPT_NODEREFERENCE       (1<<2)  /* 'h' */
+#define OPT_QUIET               (1<<3)  /* 'f' */
+#define OPT_USER                (1<<4)  /* 'u' */
+#define OPT_ROLE                (1<<5)  /* 'r' */
+#define OPT_TYPE                (1<<6)  /* 't' */
+#define OPT_RANGE               (1<<7)  /* 'l' */
+#define OPT_VERBOSE             (1<<8)  /* 'v' */
+#define OPT_REFERENCE           ((1<<9) * ENABLE_FEATURE_CHCON_LONG_OPTIONS)
+#define OPT_COMPONENT_SPECIFIED (OPT_USER | OPT_ROLE | OPT_TYPE | OPT_RANGE)
+static char *user = NULL;
+static char *role = NULL;
+static char *type = NULL;
+static char *range = NULL;
+static char *specified_context = NULL;
+static int change_filedir_context(const char *fname, struct stat *stbuf, void *userData, int depth)
+{
+        context_t context = NULL;
+        security_context_t file_context = NULL;
+        security_context_t context_string;
+        int rc = FALSE;
+        int status = 0;
+        if (option_mask32 & OPT_NODEREFERENCE) {
+                status = lgetfilecon(fname, &file_context);
+        } else {
+                status = getfilecon(fname, &file_context);
+        }
+        if (status < 0 && errno != ENODATA) {
+                if ((option_mask32 & OPT_QUIET) == 0)
+                        bb_error_msg("cannot obtain security context: %s", fname);
+                goto skip;
+        }
+        if (file_context == NULL && specified_context == NULL) {
+                bb_error_msg("cannot apply partial context to unlabeled file %s", fname);
+                goto skip;
+        }
+        if (specified_context == NULL) {
+                context = set_security_context_component(file_context,
+                                                         user, role, type, range);
+                if (!context) {
+                        bb_error_msg("cannot compute security context from %s", file_context);
+                        goto skip;
+                }
+        } else {
+                context = context_new(specified_context);
+                if (!context) {
+                        bb_error_msg("invalid context: %s", specified_context);
+                        goto skip;
+                }
+        }
+        context_string = context_str(context);
+        if (!context_string) {
+                bb_error_msg("cannot obtain security context in text expression");
+                goto skip;
+        }
+        if (file_context == NULL || strcmp(context_string, file_context) != 0) {
+                int fail;
+                if (option_mask32 & OPT_NODEREFERENCE) {
+                        fail = lsetfilecon(fname, context_string);
+                } else {
+                        fail = setfilecon(fname, context_string);
+                }
+                if ((option_mask32 & OPT_VERBOSE) || ((option_mask32 & OPT_CHANHES) && !fail)) {
+                        printf(!fail
+                               ? "context of %s changed to %s\n"
+                               : "failed to change context of %s to %s\n",
+                               fname, context_string);
+                }
+                if (!fail) {
+                        rc = TRUE;
+                } else if ((option_mask32 & OPT_QUIET) == 0) {
+                        bb_error_msg("failed to change context of %s to %s",
+                                     fname, context_string);
+                }
+        } else if (option_mask32 & OPT_VERBOSE) {
+                printf("context of %s retained as %s\n", fname, context_string);
+                rc = TRUE;
+        }
+skip:
+        /* FIXME: aren't these work ok on NULL ptr? Remove if() then */
+        if (context)
+                context_free(context);
+        if (file_context)
+                freecon(file_context);
+        return rc;
+}
+#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
+static struct option chcon_options[] = {
+        { "recursive",      0, NULL, 'R' },
+        { "changes",        0, NULL, 'c' },
+        { "no-dereference", 0, NULL, 'h' },
+        { "silent",         0, NULL, 'f' },
+        { "quiet",          0, NULL, 'f' },
+        { "user",           1, NULL, 'u' },
+        { "role",           1, NULL, 'r' },
+        { "type",           1, NULL, 't' },
+        { "range",          1, NULL, 'l' },
+        { "verbose",        0, NULL, 'v' },
+        { "reference",      1, NULL, 0xff }, /* no short option */
+        { NULL,             0, NULL, 0 },
+};
+#endif
+int chcon_main(int argc, char *argv[]);
+int chcon_main(int argc, char *argv[])
+{
+        char *reference_file;
+        char *fname;
+        int i, errors = 0;
+#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
+        applet_long_options = chcon_options;
+#endif
+        opt_complementary = "-1"    /* at least 1 param */
+                ":?:f--v:v--f"      /* 'verbose' and 'quiet' are exclusive */
+                ":\xff--urtl:u--\xff:r--\xff:t--\xff:l--\xff";
+        getopt32(argc, argv, "Rchf:u:r:t:l:v",
+                &user, &role, &type, &range, &reference_file);
+        argv += optind;
+#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
+        if (option_mask32 & OPT_REFERENCE) {
+                /* FIXME: lgetfilecon() should be used when '-h' is specified.
+                   But current implementation follows the original one. */
+                if (getfilecon(reference_file, &specified_context) < 0)
+                        bb_perror_msg_and_die("getfilecon('%s') failed", reference_file);
+        } else
+#endif
+        if ((option_mask32 & OPT_COMPONENT_SPECIFIED) == 0) {
+                specified_context = *argv++;
+                /* specified_context is never NULL -
+                 * "-1" in opt_complementary prevents this. */
+                if (!argv[0])
+                        bb_error_msg_and_die("too few arguments");
+        }
+        for (i = 0; (fname = argv[i]) != NULL; i++) {
+                int fname_len = strlen(fname);
+                while (fname_len > 1 && fname[fname_len - 1] == '/')
+                        fname_len--;
+                fname[fname_len] = '\0';
+                if (recursive_action(fname,
+                                     option_mask32 & OPT_RECURSIVE,
+                                     FALSE,     /* followLinks */
+                                     FALSE,     /* depthFirst */
+                                     change_filedir_context,
+                                     change_filedir_context,
+                                     NULL, 0) != TRUE)
+                        errors = 1;
+        }
+        return errors;
+}
diff --git a/selinux/runcon.c b/selinux/runcon.c
new file mode 100644
index 000000000..24e436feb
--- /dev/null
+++ b/selinux/runcon.c
@@ -0,0 +1,137 @@
+/*
+ * runcon [ context |
+ *         ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
+ *         command [arg1 [arg2 ...] ]
+ *
+ * attempt to run the specified command with the specified context.
+ *
+ * -r role  : use the current context with the specified role
+ * -t type  : use the current context with the specified type
+ * -u user  : use the current context with the specified user
+ * -l level : use the current context with the specified level range
+ * -c       : compute process transition context before modifying
+ *
+ * Contexts are interpreted as follows:
+ *
+ * Number of       MLS
+ * components    system?
+ *
+ *     1            -         type
+ *     2            -         role:type
+ *     3            Y         role:type:range
+ *     3            N         user:role:type
+ *     4            Y         user:role:type:range
+ *     4            N         error
+ *
+ * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
+ *                  - based on coreutils-5.97 (in Fedora Core 6)
+ */
+#include "busybox.h"
+#include <getopt.h>
+#include <selinux/context.h>
+#include <selinux/flask.h>
+static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
+                                            char *command, int compute_trans)
+{
+        context_t con;
+        security_context_t cur_context;
+        if (getcon(&cur_context))
+                bb_error_msg_and_die("cannot get current context");
+        if (compute_trans) {
+                security_context_t file_context, new_context;
+                if (getfilecon(command, &file_context) < 0)
+                        bb_error_msg_and_die("cannot retrieve attributes of '%s'",
+                                             command);
+                if (security_compute_create(cur_context, file_context,
+                                            SECCLASS_PROCESS, &new_context))
+                        bb_error_msg_and_die("unable to compute a new context");
+                cur_context = new_context;
+        }
+        con = context_new(cur_context);
+        if (!con)
+                bb_error_msg_and_die("'%s' is not a valid context", cur_context);
+        if (user && context_user_set(con, user))
+                bb_error_msg_and_die("failed to set new user '%s'", user);
+        if (type && context_type_set(con, type))
+                bb_error_msg_and_die("failed to set new type '%s'", type);
+        if (range && context_range_set(con, range))
+                bb_error_msg_and_die("failed to set new range '%s'", range);
+        if (role && context_role_set(con, role))
+                bb_error_msg_and_die("failed to set new role '%s'", role);
+        return con;
+}
+#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
+static const struct option runcon_options[] = {
+        { "user",       1, NULL, 'u' },
+        { "role",       1, NULL, 'r' },
+        { "type",       1, NULL, 't' },
+        { "range",      1, NULL, 'l' },
+        { "compute",    0, NULL, 'c' },
+        { "help",       0, NULL, 'h' },
+        { NULL,         0, NULL, 0 },
+};
+#endif
+#define OPTS_ROLE       (1<<0)  /* r */
+#define OPTS_TYPE       (1<<1)  /* t */
+#define OPTS_USER       (1<<2)  /* u */
+#define OPTS_RANGE      (1<<3)  /* l */
+#define OPTS_COMPUTE    (1<<4)  /* c */
+#define OPTS_HELP       (1<<5)  /* h */
+#define OPTS_CONTEXT_COMPONENT          (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
+int runcon_main(int argc, char *argv[]);
+int runcon_main(int argc, char *argv[])
+{
+        char *role = NULL;
+        char *range = NULL;
+        char *user = NULL;
+        char *type = NULL;
+        char *context = NULL;
+        unsigned opts;
+        context_t con;
+        selinux_or_die();
+#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
+        applet_long_options = runcon_options;
+#endif
+        opt_complementary = "-1";
+        opts = getopt32(argc, argv, "r:t:u:l:ch", &role, &type, &user, &range);
+        argv += optind;
+        if (!(opts & OPTS_CONTEXT_COMPONENT)) {
+                context = *argv++;
+                if (!argv[0])
+                        bb_error_msg_and_die("no command found");
+        }
+        if (context) {
+                con = context_new(context);
+                if (!con)
+                        bb_error_msg_and_die("'%s' is not a valid context", context);
+        } else {
+                con = runcon_compute_new_context(user, role, type, range,
+                                argv[0], opts & OPTS_COMPUTE);
+        }
+        if (security_check_context(context_str(con)))
+                bb_error_msg_and_die("'%s' is not a valid context",
+                                     context_str(con));
+        if (setexeccon(context_str(con)))
+                bb_error_msg_and_die("cannot set up security context '%s'",
+                                     context_str(con));
+        execvp(argv[0], argv);
+        bb_perror_msg_and_die("cannot execute '%s'", command);
+        return 1;
+}
author	Denis Vlasenko <vda.linux@googlemail.com>	2007-03-11 22:16:02 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2007-03-11 22:16:02 +0000
commit	1203c9bf2f63938f7766a3022a9659b25712824f (patch)
tree	162a5019d61ce2403466754ab0ee727e04f1563b
parent	baca1759129945fcd03d96ccc840892401b5a1af (diff)
download	busybox-w32-1203c9bf2f63938f7766a3022a9659b25712824f.tar.gz busybox-w32-1203c9bf2f63938f7766a3022a9659b25712824f.tar.bz2 busybox-w32-1203c9bf2f63938f7766a3022a9659b25712824f.zip

diff --git a/coreutils/id.c b/coreutils/id.c index a0364675f..e183402fa 100644 --- a/coreutils/id.c +++ b/coreutils/id.c
@@ -89,7 +89,7 @@ int id_main(int argc, char **argv)
89	if (flags & JUST_CONTEXT) {	89	if (flags & JUST_CONTEXT) {
90	selinux_or_die();	90	selinux_or_die();
91	if (argc - optind == 1) {	91	if (argc - optind == 1) {
92	bb_error_msg_and_die("can't print security context when user specified");	92	bb_error_msg_and_die("user name can't be passed with -Z");
93	}	93	}
94		94
95	if (getcon(&scontext)) {	95	if (getcon(&scontext)) {


diff --git a/coreutils/install.c b/coreutils/install.c index 83facad9d..1f65407b1 100644 --- a/coreutils/install.c +++ b/coreutils/install.c
@@ -1,6 +1,7 @@
1	/* vi: set sw=4 ts=4: */	1	/* vi: set sw=4 ts=4: */
2	/*	2	/*
3	* Copyright (C) 2003 by Glenn McGrath <bug1@iinet.net.au>	3	* Copyright (C) 2003 by Glenn McGrath <bug1@iinet.net.au>
		4	* SELinux support: by Yuichi Nakamura <ynakam@hitachisoft.jp>
4	*	5	*
5	* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.	6	* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
6	*	7	*


diff --git a/include/libbb.h b/include/libbb.h index e07fa7587..69652b666 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -41,6 +41,7 @@
41		41
42	#if ENABLE_SELINUX	42	#if ENABLE_SELINUX
43	#include <selinux/selinux.h>	43	#include <selinux/selinux.h>
		44	#include <selinux/context.h>
44	#endif	45	#endif
45		46
46	#if ENABLE_LOCALE_SUPPORT	47	#if ENABLE_LOCALE_SUPPORT
@@ -598,6 +599,8 @@ extern void run_shell(const char shell, int loginshell, const char command, co
598	#if ENABLE_SELINUX	599	#if ENABLE_SELINUX
599	extern void renew_current_security_context(void);	600	extern void renew_current_security_context(void);
600	extern void set_current_security_context(security_context_t sid);	601	extern void set_current_security_context(security_context_t sid);
		602	extern context_t set_security_context_component(security_context_t cur_context,
		603	char user, char role, char type, char range);
601	#endif	604	#endif
602	extern void selinux_or_die(void);	605	extern void selinux_or_die(void);
603	extern int restricted_shell(const char *shell);	606	extern int restricted_shell(const char *shell);


diff --git a/libbb/Kbuild b/libbb/Kbuild index a53b17f44..ffded6a68 100644 --- a/libbb/Kbuild +++ b/libbb/Kbuild
@@ -106,6 +106,7 @@ lib-$(CONFIG_SU) += correct_password.o
106	lib-$(CONFIG_LOGIN) += correct_password.o	106	lib-$(CONFIG_LOGIN) += correct_password.o
107	lib-$(CONFIG_DF) += find_mount_point.o	107	lib-$(CONFIG_DF) += find_mount_point.o
108	lib-$(CONFIG_MKFS_MINIX) += find_mount_point.o	108	lib-$(CONFIG_MKFS_MINIX) += find_mount_point.o
		109	lib-$(CONFIG_SELINUX) += selinux_common.o
109		110
110	# We shouldn't build xregcomp.c if we don't need it - this ensures we don't	111	# We shouldn't build xregcomp.c if we don't need it - this ensures we don't
111	# require regex.h to be in the include dir even if we don't need it thereby	112	# require regex.h to be in the include dir even if we don't need it thereby


diff --git a/libbb/selinux_common.c b/libbb/selinux_common.c new file mode 100644 index 000000000..70d63a465 --- /dev/null +++ b/libbb/selinux_common.c
@@ -0,0 +1,30 @@
		1	/*
		2	* libbb/selinux_common.c
		3	* -- common SELinux utility functions
		4	*
		5	* Copyright 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
		6	*/
		7	#include "busybox.h"
		8	#include <selinux/context.h>
		9
		10	context_t set_security_context_component(security_context_t cur_context,
		11	char user, char role, char type, char range)
		12	{
		13	context_t con = context_new(cur_context);
		14	if (!con)
		15	return NULL;
		16
		17	if (user && context_user_set(con, user))
		18	goto error;
		19	if (type && context_type_set(con, type))
		20	goto error;
		21	if (range && context_range_set(con, range))
		22	goto error;
		23	if (role && context_role_set(con, role))
		24	goto error;
		25	return con;
		26
		27	error:
		28	context_free(con);
		29	return NULL;
		30	}


diff --git a/selinux/chcon.c b/selinux/chcon.c new file mode 100644 index 000000000..d7ff40816 --- /dev/null +++ b/selinux/chcon.c
@@ -0,0 +1,175 @@
		1	/*
		2	* chcon -- change security context, based on coreutils-5.97-13
		3	*
		4	* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
		5	*
		6	* Copyright (C) 2006 - 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
		7	*/
		8	#include "busybox.h"
		9	#include <getopt.h>
		10	#include <selinux/context.h>
		11
		12	#define OPT_RECURSIVE (1<<0) /* 'R' */
		13	#define OPT_CHANHES (1<<1) /* 'c' */
		14	#define OPT_NODEREFERENCE (1<<2) /* 'h' */
		15	#define OPT_QUIET (1<<3) /* 'f' */
		16	#define OPT_USER (1<<4) /* 'u' */
		17	#define OPT_ROLE (1<<5) /* 'r' */
		18	#define OPT_TYPE (1<<6) /* 't' */
		19	#define OPT_RANGE (1<<7) /* 'l' */
		20	#define OPT_VERBOSE (1<<8) /* 'v' */
		21	#define OPT_REFERENCE ((1<<9) * ENABLE_FEATURE_CHCON_LONG_OPTIONS)
		22	#define OPT_COMPONENT_SPECIFIED (OPT_USER \| OPT_ROLE \| OPT_TYPE \| OPT_RANGE)
		23
		24	static char *user = NULL;
		25	static char *role = NULL;
		26	static char *type = NULL;
		27	static char *range = NULL;
		28	static char *specified_context = NULL;
		29
		30	static int change_filedir_context(const char fname, struct stat stbuf, void *userData, int depth)
		31	{
		32	context_t context = NULL;
		33	security_context_t file_context = NULL;
		34	security_context_t context_string;
		35	int rc = FALSE;
		36	int status = 0;
		37
		38	if (option_mask32 & OPT_NODEREFERENCE) {
		39	status = lgetfilecon(fname, &file_context);
		40	} else {
		41	status = getfilecon(fname, &file_context);
		42	}
		43	if (status < 0 && errno != ENODATA) {
		44	if ((option_mask32 & OPT_QUIET) == 0)
		45	bb_error_msg("cannot obtain security context: %s", fname);
		46	goto skip;
		47	}
		48
		49	if (file_context == NULL && specified_context == NULL) {
		50	bb_error_msg("cannot apply partial context to unlabeled file %s", fname);
		51	goto skip;
		52	}
		53
		54	if (specified_context == NULL) {
		55	context = set_security_context_component(file_context,
		56	user, role, type, range);
		57	if (!context) {
		58	bb_error_msg("cannot compute security context from %s", file_context);
		59	goto skip;
		60	}
		61	} else {
		62	context = context_new(specified_context);
		63	if (!context) {
		64	bb_error_msg("invalid context: %s", specified_context);
		65	goto skip;
		66	}
		67	}
		68
		69	context_string = context_str(context);
		70	if (!context_string) {
		71	bb_error_msg("cannot obtain security context in text expression");
		72	goto skip;
		73	}
		74
		75	if (file_context == NULL \|\| strcmp(context_string, file_context) != 0) {
		76	int fail;
		77
		78	if (option_mask32 & OPT_NODEREFERENCE) {
		79	fail = lsetfilecon(fname, context_string);
		80	} else {
		81	fail = setfilecon(fname, context_string);
		82	}
		83	if ((option_mask32 & OPT_VERBOSE) \|\| ((option_mask32 & OPT_CHANHES) && !fail)) {
		84	printf(!fail
		85	? "context of %s changed to %s\n"
		86	: "failed to change context of %s to %s\n",
		87	fname, context_string);
		88	}
		89	if (!fail) {
		90	rc = TRUE;
		91	} else if ((option_mask32 & OPT_QUIET) == 0) {
		92	bb_error_msg("failed to change context of %s to %s",
		93	fname, context_string);
		94	}
		95	} else if (option_mask32 & OPT_VERBOSE) {
		96	printf("context of %s retained as %s\n", fname, context_string);
		97	rc = TRUE;
		98	}
		99	skip:
		100	/* FIXME: aren't these work ok on NULL ptr? Remove if() then */
		101	if (context)
		102	context_free(context);
		103	if (file_context)
		104	freecon(file_context);
		105
		106	return rc;
		107	}
		108
		109	#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
		110	static struct option chcon_options[] = {
		111	{ "recursive", 0, NULL, 'R' },
		112	{ "changes", 0, NULL, 'c' },
		113	{ "no-dereference", 0, NULL, 'h' },
		114	{ "silent", 0, NULL, 'f' },
		115	{ "quiet", 0, NULL, 'f' },
		116	{ "user", 1, NULL, 'u' },
		117	{ "role", 1, NULL, 'r' },
		118	{ "type", 1, NULL, 't' },
		119	{ "range", 1, NULL, 'l' },
		120	{ "verbose", 0, NULL, 'v' },
		121	{ "reference", 1, NULL, 0xff }, /* no short option */
		122	{ NULL, 0, NULL, 0 },
		123	};
		124	#endif
		125
		126	int chcon_main(int argc, char *argv[]);
		127	int chcon_main(int argc, char *argv[])
		128	{
		129	char *reference_file;
		130	char *fname;
		131	int i, errors = 0;
		132
		133	#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
		134	applet_long_options = chcon_options;
		135	#endif
		136	opt_complementary = "-1" /* at least 1 param */
		137	":?:f--v:v--f" /* 'verbose' and 'quiet' are exclusive */
		138	":\xff--urtl:u--\xff:r--\xff:t--\xff:l--\xff";
		139	getopt32(argc, argv, "Rchf:u:r:t:l:v",
		140	&user, &role, &type, &range, &reference_file);
		141	argv += optind;
		142
		143	#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
		144	if (option_mask32 & OPT_REFERENCE) {
		145	/* FIXME: lgetfilecon() should be used when '-h' is specified.
		146	But current implementation follows the original one. */
		147	if (getfilecon(reference_file, &specified_context) < 0)
		148	bb_perror_msg_and_die("getfilecon('%s') failed", reference_file);
		149	} else
		150	#endif
		151	if ((option_mask32 & OPT_COMPONENT_SPECIFIED) == 0) {
		152	specified_context = *argv++;
		153	/* specified_context is never NULL -
		154	* "-1" in opt_complementary prevents this. */
		155	if (!argv[0])
		156	bb_error_msg_and_die("too few arguments");
		157	}
		158
		159	for (i = 0; (fname = argv[i]) != NULL; i++) {
		160	int fname_len = strlen(fname);
		161	while (fname_len > 1 && fname[fname_len - 1] == '/')
		162	fname_len--;
		163	fname[fname_len] = '\0';
		164
		165	if (recursive_action(fname,
		166	option_mask32 & OPT_RECURSIVE,
		167	FALSE, /* followLinks */
		168	FALSE, /* depthFirst */
		169	change_filedir_context,
		170	change_filedir_context,
		171	NULL, 0) != TRUE)
		172	errors = 1;
		173	}
		174	return errors;
		175	}


diff --git a/selinux/runcon.c b/selinux/runcon.c new file mode 100644 index 000000000..24e436feb --- /dev/null +++ b/selinux/runcon.c
@@ -0,0 +1,137 @@
		1	/*
		2	* runcon [ context \|
		3	* ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
		4	* command [arg1 [arg2 ...] ]
		5	*
		6	* attempt to run the specified command with the specified context.
		7	*
		8	* -r role : use the current context with the specified role
		9	* -t type : use the current context with the specified type
		10	* -u user : use the current context with the specified user
		11	* -l level : use the current context with the specified level range
		12	* -c : compute process transition context before modifying
		13	*
		14	* Contexts are interpreted as follows:
		15	*
		16	* Number of MLS
		17	* components system?
		18	*
		19	* 1 - type
		20	* 2 - role:type
		21	* 3 Y role:type:range
		22	* 3 N user:role:type
		23	* 4 Y user:role:type:range
		24	* 4 N error
		25	*
		26	* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
		27	* - based on coreutils-5.97 (in Fedora Core 6)
		28	*/
		29	#include "busybox.h"
		30	#include <getopt.h>
		31	#include <selinux/context.h>
		32	#include <selinux/flask.h>
		33
		34	static context_t runcon_compute_new_context(char user, char role, char type, char range,
		35	char *command, int compute_trans)
		36	{
		37	context_t con;
		38	security_context_t cur_context;
		39
		40	if (getcon(&cur_context))
		41	bb_error_msg_and_die("cannot get current context");
		42
		43	if (compute_trans) {
		44	security_context_t file_context, new_context;
		45
		46	if (getfilecon(command, &file_context) < 0)
		47	bb_error_msg_and_die("cannot retrieve attributes of '%s'",
		48	command);
		49	if (security_compute_create(cur_context, file_context,
		50	SECCLASS_PROCESS, &new_context))
		51	bb_error_msg_and_die("unable to compute a new context");
		52	cur_context = new_context;
		53	}
		54
		55	con = context_new(cur_context);
		56	if (!con)
		57	bb_error_msg_and_die("'%s' is not a valid context", cur_context);
		58	if (user && context_user_set(con, user))
		59	bb_error_msg_and_die("failed to set new user '%s'", user);
		60	if (type && context_type_set(con, type))
		61	bb_error_msg_and_die("failed to set new type '%s'", type);
		62	if (range && context_range_set(con, range))
		63	bb_error_msg_and_die("failed to set new range '%s'", range);
		64	if (role && context_role_set(con, role))
		65	bb_error_msg_and_die("failed to set new role '%s'", role);
		66
		67	return con;
		68	}
		69
		70	#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
		71	static const struct option runcon_options[] = {
		72	{ "user", 1, NULL, 'u' },
		73	{ "role", 1, NULL, 'r' },
		74	{ "type", 1, NULL, 't' },
		75	{ "range", 1, NULL, 'l' },
		76	{ "compute", 0, NULL, 'c' },
		77	{ "help", 0, NULL, 'h' },
		78	{ NULL, 0, NULL, 0 },
		79	};
		80	#endif
		81
		82	#define OPTS_ROLE (1<<0) /* r */
		83	#define OPTS_TYPE (1<<1) /* t */
		84	#define OPTS_USER (1<<2) /* u */
		85	#define OPTS_RANGE (1<<3) /* l */
		86	#define OPTS_COMPUTE (1<<4) /* c */
		87	#define OPTS_HELP (1<<5) /* h */
		88	#define OPTS_CONTEXT_COMPONENT (OPTS_ROLE \| OPTS_TYPE \| OPTS_USER \| OPTS_RANGE)
		89
		90	int runcon_main(int argc, char *argv[]);
		91	int runcon_main(int argc, char *argv[])
		92	{
		93	char *role = NULL;
		94	char *range = NULL;
		95	char *user = NULL;
		96	char *type = NULL;
		97	char *context = NULL;
		98	unsigned opts;
		99	context_t con;
		100
		101	selinux_or_die();
		102
		103	#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
		104	applet_long_options = runcon_options;
		105	#endif
		106	opt_complementary = "-1";
		107	opts = getopt32(argc, argv, "r:t:u:l:ch", &role, &type, &user, &range);
		108	argv += optind;
		109
		110	if (!(opts & OPTS_CONTEXT_COMPONENT)) {
		111	context = *argv++;
		112	if (!argv[0])
		113	bb_error_msg_and_die("no command found");
		114	}
		115
		116	if (context) {
		117	con = context_new(context);
		118	if (!con)
		119	bb_error_msg_and_die("'%s' is not a valid context", context);
		120	} else {
		121	con = runcon_compute_new_context(user, role, type, range,
		122	argv[0], opts & OPTS_COMPUTE);
		123	}
		124
		125	if (security_check_context(context_str(con)))
		126	bb_error_msg_and_die("'%s' is not a valid context",
		127	context_str(con));
		128
		129	if (setexeccon(context_str(con)))
		130	bb_error_msg_and_die("cannot set up security context '%s'",
		131	context_str(con));
		132
		133	execvp(argv[0], argv);
		134
		135	bb_perror_msg_and_die("cannot execute '%s'", command);
		136	return 1;
		137	}