Patch from Russell Coker:

I've attached my latest SE Linux patch for busybox against the latest CVS version of busybox. git-svn-id: svn://busybox.net/trunk/busybox@7031 69ca8d6d-28ef-0310-b511-8ec308f3f277
author: andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> 2003-07-03 10:07:04 +0000
committer: andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> 2003-07-03 10:07:04 +0000
commit: 058ac4543d7d9b3acec3dd992df07d460484742e (patch)
tree: e8f993dffc34380fbcc54cc858c81da594bdb95b /libbb
parent: 6b9670aadfe6d16099d630f89862239bb0c59e7c (diff)
download: busybox-w32-058ac4543d7d9b3acec3dd992df07d460484742e.tar.gz
busybox-w32-058ac4543d7d9b3acec3dd992df07d460484742e.tar.bz2
busybox-w32-058ac4543d7d9b3acec3dd992df07d460484742e.zip
3 files changed, 30 insertions, 3 deletions
diff --git a/libbb/find_pid_by_name.c b/libbb/find_pid_by_name.c
index b6602b942..b8490b724 100644
--- a/libbb/find_pid_by_name.c
+++ b/libbb/find_pid_by_name.c
@@ -41,7 +41,11 @@ extern long* find_pid_by_name( const char* pidName)
        procps_status_t * p;
        pidList = xmalloc(sizeof(long));
+#ifdef CONFIG_SELINUX
+        while ((p = procps_scan(0, 0, NULL)) != 0) {
+#else
        while ((p = procps_scan(0)) != 0) {
+#endif
                if (strcmp(p->short_cmd, pidName) == 0) {
                        pidList=xrealloc( pidList, sizeof(long) * (i+2));
                        pidList[i++]=p->pid;
diff --git a/libbb/procps.c b/libbb/procps.c
index 7df071869..44103fae8 100644
--- a/libbb/procps.c
+++ b/libbb/procps.c
@@ -16,7 +16,11 @@
 #include "libbb.h"
-extern procps_status_t * procps_scan(int save_user_arg0)
+extern procps_status_t * procps_scan(int save_user_arg0
+#ifdef CONFIG_SELINUX
+        , int use_selinux , security_id_t *sid
+#endif
+        )
 {
        static DIR *dir;
        struct dirent *entry;
@@ -53,6 +57,14 @@ extern procps_status_t * procps_scan(int save_user_arg0)
                sprintf(status, "/proc/%d/stat", pid);
                if((fp = fopen(status, "r")) == NULL)
                        continue;
+#ifdef CONFIG_SELINUX
+                if(use_selinux)
+                {
+                        if(fstat_secure(fileno(fp), &sb, sid))
+                                continue;
+                }
+                else
+#endif
                if(fstat(fileno(fp), &sb))
                        continue;
                my_getpwuid(curstatus.user, sb.st_uid);
diff --git a/libbb/run_shell.c b/libbb/run_shell.c
index 49e8a76c2..4855d763e 100644
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -36,14 +36,20 @@
 #include <syslog.h>
 #include <ctype.h>
 #include "libbb.h"
+#ifdef CONFIG_SELINUX
+#include <proc_secure.h>
+#endif
 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
   If COMMAND is nonzero, pass it to the shell with the -c option.
   If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
   arguments.  */
-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args )
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
+#ifdef CONFIG_SELINUX
+        , security_id_t sid
+#endif
+)
 {
        const char **args;
        int argno = 1;
@@ -71,6 +77,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
                        args [argno++] = *additional_args;
        }
        args [argno] = 0;
+#ifdef CONFIG_SELINUX
+        if(sid)
+                execve_secure(shell, (char **) args, environ, sid);
+        else
+#endif
        execv ( shell, (char **) args );
        bb_perror_msg_and_die ( "cannot run %s", shell );
 }
author	andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277>	2003-07-03 10:07:04 +0000
committer	andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277>	2003-07-03 10:07:04 +0000
commit	058ac4543d7d9b3acec3dd992df07d460484742e (patch)
tree	e8f993dffc34380fbcc54cc858c81da594bdb95b /libbb
parent	6b9670aadfe6d16099d630f89862239bb0c59e7c (diff)
download	busybox-w32-058ac4543d7d9b3acec3dd992df07d460484742e.tar.gz busybox-w32-058ac4543d7d9b3acec3dd992df07d460484742e.tar.bz2 busybox-w32-058ac4543d7d9b3acec3dd992df07d460484742e.zip

diff --git a/libbb/find_pid_by_name.c b/libbb/find_pid_by_name.c index b6602b942..b8490b724 100644 --- a/libbb/find_pid_by_name.c +++ b/libbb/find_pid_by_name.c
@@ -41,7 +41,11 @@ extern long* find_pid_by_name( const char* pidName)
41	procps_status_t * p;	41	procps_status_t * p;
42		42
43	pidList = xmalloc(sizeof(long));	43	pidList = xmalloc(sizeof(long));
		44	#ifdef CONFIG_SELINUX
		45	while ((p = procps_scan(0, 0, NULL)) != 0) {
		46	#else
44	while ((p = procps_scan(0)) != 0) {	47	while ((p = procps_scan(0)) != 0) {
		48	#endif
45	if (strcmp(p->short_cmd, pidName) == 0) {	49	if (strcmp(p->short_cmd, pidName) == 0) {
46	pidList=xrealloc( pidList, sizeof(long) * (i+2));	50	pidList=xrealloc( pidList, sizeof(long) * (i+2));
47	pidList[i++]=p->pid;	51	pidList[i++]=p->pid;


diff --git a/libbb/procps.c b/libbb/procps.c index 7df071869..44103fae8 100644 --- a/libbb/procps.c +++ b/libbb/procps.c
@@ -16,7 +16,11 @@
16		16
17	#include "libbb.h"	17	#include "libbb.h"
18		18
19	extern procps_status_t * procps_scan(int save_user_arg0)	19	extern procps_status_t * procps_scan(int save_user_arg0
		20	#ifdef CONFIG_SELINUX
		21	, int use_selinux , security_id_t *sid
		22	#endif
		23	)
20	{	24	{
21	static DIR *dir;	25	static DIR *dir;
22	struct dirent *entry;	26	struct dirent *entry;
@@ -53,6 +57,14 @@ extern procps_status_t * procps_scan(int save_user_arg0)
53	sprintf(status, "/proc/%d/stat", pid);	57	sprintf(status, "/proc/%d/stat", pid);
54	if((fp = fopen(status, "r")) == NULL)	58	if((fp = fopen(status, "r")) == NULL)
55	continue;	59	continue;
		60	#ifdef CONFIG_SELINUX
		61	if(use_selinux)
		62	{
		63	if(fstat_secure(fileno(fp), &sb, sid))
		64	continue;
		65	}
		66	else
		67	#endif
56	if(fstat(fileno(fp), &sb))	68	if(fstat(fileno(fp), &sb))
57	continue;	69	continue;
58	my_getpwuid(curstatus.user, sb.st_uid);	70	my_getpwuid(curstatus.user, sb.st_uid);


diff --git a/libbb/run_shell.c b/libbb/run_shell.c index 49e8a76c2..4855d763e 100644 --- a/libbb/run_shell.c +++ b/libbb/run_shell.c
@@ -36,14 +36,20 @@
36	#include <syslog.h>	36	#include <syslog.h>
37	#include <ctype.h>	37	#include <ctype.h>
38	#include "libbb.h"	38	#include "libbb.h"
39		39	#ifdef CONFIG_SELINUX
		40	#include <proc_secure.h>
		41	#endif
40		42
41	/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.	43	/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
42	If COMMAND is nonzero, pass it to the shell with the -c option.	44	If COMMAND is nonzero, pass it to the shell with the -c option.
43	If ADDITIONAL_ARGS is nonzero, pass it to the shell as more	45	If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
44	arguments. */	46	arguments. */
45		47
46	void run_shell ( const char shell, int loginshell, const char command, const char **additional_args )	48	void run_shell ( const char shell, int loginshell, const char command, const char **additional_args
		49	#ifdef CONFIG_SELINUX
		50	, security_id_t sid
		51	#endif
		52	)
47	{	53	{
48	const char **args;	54	const char **args;
49	int argno = 1;	55	int argno = 1;
@@ -71,6 +77,11 @@ void run_shell ( const char shell, int loginshell, const char command, const c
71	args [argno++] = *additional_args;	77	args [argno++] = *additional_args;
72	}	78	}
73	args [argno] = 0;	79	args [argno] = 0;
		80	#ifdef CONFIG_SELINUX
		81	if(sid)
		82	execve_secure(shell, (char **) args, environ, sid);
		83	else
		84	#endif
74	execv ( shell, (char **) args );	85	execv ( shell, (char **) args );
75	bb_perror_msg_and_die ( "cannot run %s", shell );	86	bb_perror_msg_and_die ( "cannot run %s", shell );
76	}	87	}