Convert all selinux/* applets to "new style" applet definitions

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2016-11-23 18:46:40 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2016-11-23 18:46:40 +0100
commit: a8e52da7742b2bc8a3993f7f7c3c70da8fe79848 (patch)
tree: 5ec3c417b56095f6768b6a7c96817c248bdea2fa
parent: 15fb91cefb22d64952f34fe246fc8f257172af63 (diff)
download: busybox-w32-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.tar.gz
busybox-w32-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.tar.bz2
busybox-w32-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.zip
14 files changed, 148 insertions, 137 deletions
diff --git a/include/applets.src.h b/include/applets.src.h
index c72dca849..4e789151d 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -73,25 +73,13 @@ s     - suid type:
 INSERT
-IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_DHCPRELAY(APPLET(dhcprelay, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_DUMPLEASES(APPLET(dumpleases, BB_DIR_USR_BIN, BB_SUID_DROP))
 //IF_E2FSCK(APPLET(e2fsck, BB_DIR_SBIN, BB_SUID_DROP))
 //IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label))
 //IF_E2FSCK(APPLET_ODDNAME(fsck.ext2, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext2))
 //IF_E2FSCK(APPLET_ODDNAME(fsck.ext3, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext3))
-IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
 //IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
-IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
-IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_UDHCPC(APPLET(udhcpc, BB_DIR_SBIN, BB_SUID_DROP))
 IF_UDHCPD(APPLET(udhcpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
diff --git a/selinux/Config.src b/selinux/Config.src
index d4701f60b..9cb755a0f 100644
--- a/selinux/Config.src
+++ b/selinux/Config.src
@@ -8,117 +8,4 @@ menu "SELinux Utilities"
 INSERT
-config CHCON
-        bool "chcon"
-        default n
-        depends on SELINUX
-        help
-          Enable support to change the security context of file.
-config FEATURE_CHCON_LONG_OPTIONS
-        bool "Enable long options"
-        default y
-        depends on CHCON && LONG_OPTS
-        help
-          Support long options for the chcon applet.
-config GETENFORCE
-        bool "getenforce"
-        default n
-        depends on SELINUX
-        help
-          Enable support to get the current mode of SELinux.
-config GETSEBOOL
-        bool "getsebool"
-        default n
-        depends on SELINUX
-        help
-          Enable support to get SELinux boolean values.
-config LOAD_POLICY
-        bool "load_policy"
-        default n
-        depends on SELINUX
-        help
-          Enable support to load SELinux policy.
-config MATCHPATHCON
-        bool "matchpathcon"
-        default n
-        depends on SELINUX
-        help
-          Enable support to get default security context of the
-          specified path from the file contexts configuration.
-config RESTORECON
-        bool "restorecon"
-        default n
-        depends on SELINUX
-        help
-          Enable support to relabel files. The feature is almost
-          the same as setfiles, but usage is a little different.
-config RUNCON
-        bool "runcon"
-        default n
-        depends on SELINUX
-        help
-          Enable support to run command in specified security context.
-config FEATURE_RUNCON_LONG_OPTIONS
-        bool "Enable long options"
-        default y
-        depends on RUNCON && LONG_OPTS
-        help
-          Support long options for the runcon applet.
-config SELINUXENABLED
-        bool "selinuxenabled"
-        default n
-        depends on SELINUX
-        help
-          Enable support for this command to be used within shell scripts
-          to determine if selinux is enabled.
-config SETENFORCE
-        bool "setenforce"
-        default n
-        depends on SELINUX
-        help
-          Enable support to modify the mode SELinux is running in.
-config SETFILES
-        bool "setfiles"
-        default n
-        depends on SELINUX
-        help
-          Enable support to modify to relabel files.
-          Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
-          (It is default in libselinux's Makefile), you _must_ enable
-          CONFIG_LFS.
-config FEATURE_SETFILES_CHECK_OPTION
-        bool "Enable check option"
-        default n
-        depends on SETFILES
-        help
-          Support "-c" option (check the validity of the contexts against
-          the specified binary policy) for setfiles. Requires libsepol.
-config SETSEBOOL
-        bool "setsebool"
-        default n
-        depends on SELINUX
-        help
-          Enable support for change boolean.
-          semanage and -P option is not supported yet.
-config SESTATUS
-        bool "sestatus"
-        default n
-        depends on SELINUX
-        help
-          Displays the status of SELinux.
 endmenu
diff --git a/selinux/Kbuild.src b/selinux/Kbuild.src
index cdd5f2adf..62c9e64cd 100644
--- a/selinux/Kbuild.src
+++ b/selinux/Kbuild.src
@@ -8,15 +8,3 @@
 lib-y:=
 INSERT
-lib-$(CONFIG_CHCON)             += chcon.o
-lib-$(CONFIG_GETENFORCE)        += getenforce.o
-lib-$(CONFIG_GETSEBOOL)         += getsebool.o
-lib-$(CONFIG_LOAD_POLICY)       += load_policy.o
-lib-$(CONFIG_MATCHPATHCON)      += matchpathcon.o
-lib-$(CONFIG_RUNCON)            += runcon.o
-lib-$(CONFIG_SELINUXENABLED)    += selinuxenabled.o
-lib-$(CONFIG_SETENFORCE)        += setenforce.o
-lib-$(CONFIG_SETFILES)          += setfiles.o
-lib-$(CONFIG_RESTORECON)        += setfiles.o
-lib-$(CONFIG_SETSEBOOL)         += setsebool.o
-lib-$(CONFIG_SESTATUS)          += sestatus.o
diff --git a/selinux/chcon.c b/selinux/chcon.c
index f947c2c12..c743013ce 100644
--- a/selinux/chcon.c
+++ b/selinux/chcon.c
@@ -7,6 +7,23 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config CHCON
+//config:       bool "chcon"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to change the security context of file.
+//config:
+//config:config FEATURE_CHCON_LONG_OPTIONS
+//config:       bool "Enable long options"
+//config:       default y
+//config:       depends on CHCON && LONG_OPTS
+//config:       help
+//config:         Support long options for the chcon applet.
+//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_CHCON) += chcon.o
 //usage:#define chcon_trivial_usage
 //usage:       "[OPTIONS] CONTEXT FILE..."
diff --git a/selinux/getenforce.c b/selinux/getenforce.c
index 56611d693..37477652b 100644
--- a/selinux/getenforce.c
+++ b/selinux/getenforce.c
@@ -6,6 +6,16 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config GETENFORCE
+//config:       bool "getenforce"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to get the current mode of SELinux.
+//applet:IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_GETENFORCE) += getenforce.o
 //usage:#define getenforce_trivial_usage NOUSAGE_STR
 //usage:#define getenforce_full_usage ""
diff --git a/selinux/getsebool.c b/selinux/getsebool.c
index e8f0fefb0..fce478f5b 100644
--- a/selinux/getsebool.c
+++ b/selinux/getsebool.c
@@ -6,6 +6,16 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config GETSEBOOL
+//config:       bool "getsebool"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to get SELinux boolean values.
+//applet:IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_GETSEBOOL) += getsebool.o
 //usage:#define getsebool_trivial_usage
 //usage:       "-a or getsebool boolean..."
diff --git a/selinux/load_policy.c b/selinux/load_policy.c
index ce139dbf2..f969453e3 100644
--- a/selinux/load_policy.c
+++ b/selinux/load_policy.c
@@ -4,6 +4,16 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config LOAD_POLICY
+//config:       bool "load_policy"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to load SELinux policy.
+//applet:IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_LOAD_POLICY) += load_policy.o
 //usage:#define load_policy_trivial_usage NOUSAGE_STR
 //usage:#define load_policy_full_usage ""
diff --git a/selinux/matchpathcon.c b/selinux/matchpathcon.c
index 9e5728eb3..a3b2fcb74 100644
--- a/selinux/matchpathcon.c
+++ b/selinux/matchpathcon.c
@@ -5,6 +5,17 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config MATCHPATHCON
+//config:       bool "matchpathcon"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to get default security context of the
+//config:         specified path from the file contexts configuration.
+//applet:IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
 //usage:#define matchpathcon_trivial_usage
 //usage:       "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"
diff --git a/selinux/runcon.c b/selinux/runcon.c
index 27f2be3a9..366834e46 100644
--- a/selinux/runcon.c
+++ b/selinux/runcon.c
@@ -28,6 +28,23 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config RUNCON
+//config:       bool "runcon"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to run command in specified security context.
+//config:
+//config:config FEATURE_RUNCON_LONG_OPTIONS
+//config:       bool "Enable long options"
+//config:       default y
+//config:       depends on RUNCON && LONG_OPTS
+//config:       help
+//config:         Support long options for the runcon applet.
+//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
 //usage:#define runcon_trivial_usage
 //usage:       "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
diff --git a/selinux/selinuxenabled.c b/selinux/selinuxenabled.c
index ce830dc22..b80c4e71b 100644
--- a/selinux/selinuxenabled.c
+++ b/selinux/selinuxenabled.c
@@ -6,6 +6,17 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config SELINUXENABLED
+//config:       bool "selinuxenabled"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support for this command to be used within shell scripts
+//config:         to determine if selinux is enabled.
+//applet:IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
 //usage:#define selinuxenabled_trivial_usage NOUSAGE_STR
 //usage:#define selinuxenabled_full_usage ""
diff --git a/selinux/sestatus.c b/selinux/sestatus.c
index e59431873..ad49c9d25 100644
--- a/selinux/sestatus.c
+++ b/selinux/sestatus.c
@@ -7,6 +7,16 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config SESTATUS
+//config:       bool "sestatus"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Displays the status of SELinux.
+//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o
 //usage:#define sestatus_trivial_usage
 //usage:       "[-vb]"
diff --git a/selinux/setenforce.c b/selinux/setenforce.c
index c5bc0a5a6..8d18abd29 100644
--- a/selinux/setenforce.c
+++ b/selinux/setenforce.c
@@ -6,6 +6,16 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config SETENFORCE
+//config:       bool "setenforce"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to modify the mode SELinux is running in.
+//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o
 //usage:#define setenforce_trivial_usage
 //usage:       "[Enforcing | Permissive | 1 | 0]"
diff --git a/selinux/setfiles.c b/selinux/setfiles.c
index c9597d54e..4fc307f55 100644
--- a/selinux/setfiles.c
+++ b/selinux/setfiles.c
@@ -3,6 +3,37 @@
  policycoreutils was released under GPL 2.
  Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
 */
+//config:config SETFILES
+//config:       bool "setfiles"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to modify to relabel files.
+//config:         Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
+//config:         (It is default in libselinux's Makefile), you _must_ enable
+//config:         CONFIG_LFS.
+//config:
+//config:config FEATURE_SETFILES_CHECK_OPTION
+//config:       bool "Enable check option"
+//config:       default n
+//config:       depends on SETFILES
+//config:       help
+//config:         Support "-c" option (check the validity of the contexts against
+//config:         the specified binary policy) for setfiles. Requires libsepol.
+//config:
+//config:config RESTORECON
+//config:       bool "restorecon"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support to relabel files. The feature is almost
+//config:         the same as setfiles, but usage is a little different.
+//applet:IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
+//kbuild:lib-$(CONFIG_SETFILES) += setfiles.o
+//kbuild:lib-$(CONFIG_RESTORECON) += setfiles.o
 //usage:#define setfiles_trivial_usage
 //usage:       "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"
diff --git a/selinux/setsebool.c b/selinux/setsebool.c
index ec682e5c5..6a6bd031c 100644
--- a/selinux/setsebool.c
+++ b/selinux/setsebool.c
@@ -7,6 +7,17 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config SETSEBOOL
+//config:       bool "setsebool"
+//config:       default n
+//config:       depends on SELINUX
+//config:       help
+//config:         Enable support for change boolean.
+//config:         semanage and -P option is not supported yet.
+//applet:IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_SETSEBOOL) += setsebool.o
 //usage:#define setsebool_trivial_usage
 //usage:       "boolean value"
author	Denys Vlasenko <vda.linux@googlemail.com>	2016-11-23 18:46:40 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2016-11-23 18:46:40 +0100
commit	a8e52da7742b2bc8a3993f7f7c3c70da8fe79848 (patch)
tree	5ec3c417b56095f6768b6a7c96817c248bdea2fa
parent	15fb91cefb22d64952f34fe246fc8f257172af63 (diff)
download	busybox-w32-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.tar.gz busybox-w32-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.tar.bz2 busybox-w32-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.zip