aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2016-11-23 18:46:40 +0100
committerDenys Vlasenko <vda.linux@googlemail.com>2016-11-23 18:46:40 +0100
commita8e52da7742b2bc8a3993f7f7c3c70da8fe79848 (patch)
tree5ec3c417b56095f6768b6a7c96817c248bdea2fa
parent15fb91cefb22d64952f34fe246fc8f257172af63 (diff)
downloadbusybox-a8e52da7742b2bc8a3993f7f7c3c70da8fe79848.tar.gz
Convert all selinux/* applets to "new style" applet definitions
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--include/applets.src.h12
-rw-r--r--selinux/Config.src113
-rw-r--r--selinux/Kbuild.src12
-rw-r--r--selinux/chcon.c17
-rw-r--r--selinux/getenforce.c10
-rw-r--r--selinux/getsebool.c10
-rw-r--r--selinux/load_policy.c10
-rw-r--r--selinux/matchpathcon.c11
-rw-r--r--selinux/runcon.c17
-rw-r--r--selinux/selinuxenabled.c11
-rw-r--r--selinux/sestatus.c10
-rw-r--r--selinux/setenforce.c10
-rw-r--r--selinux/setfiles.c31
-rw-r--r--selinux/setsebool.c11
14 files changed, 148 insertions, 137 deletions
diff --git a/include/applets.src.h b/include/applets.src.h
index c72dca849..4e789151d 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -73,25 +73,13 @@ s - suid type:
INSERT
-IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_DHCPRELAY(APPLET(dhcprelay, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_DUMPLEASES(APPLET(dumpleases, BB_DIR_USR_BIN, BB_SUID_DROP))
//IF_E2FSCK(APPLET(e2fsck, BB_DIR_SBIN, BB_SUID_DROP))
//IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label))
//IF_E2FSCK(APPLET_ODDNAME(fsck.ext2, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext2))
//IF_E2FSCK(APPLET_ODDNAME(fsck.ext3, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext3))
-IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
//IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
-IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
-IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_UDHCPC(APPLET(udhcpc, BB_DIR_SBIN, BB_SUID_DROP))
IF_UDHCPD(APPLET(udhcpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
diff --git a/selinux/Config.src b/selinux/Config.src
index d4701f60b..9cb755a0f 100644
--- a/selinux/Config.src
+++ b/selinux/Config.src
@@ -8,117 +8,4 @@ menu "SELinux Utilities"
INSERT
-config CHCON
- bool "chcon"
- default n
- depends on SELINUX
- help
- Enable support to change the security context of file.
-
-config FEATURE_CHCON_LONG_OPTIONS
- bool "Enable long options"
- default y
- depends on CHCON && LONG_OPTS
- help
- Support long options for the chcon applet.
-
-config GETENFORCE
- bool "getenforce"
- default n
- depends on SELINUX
- help
- Enable support to get the current mode of SELinux.
-
-config GETSEBOOL
- bool "getsebool"
- default n
- depends on SELINUX
- help
- Enable support to get SELinux boolean values.
-
-config LOAD_POLICY
- bool "load_policy"
- default n
- depends on SELINUX
- help
- Enable support to load SELinux policy.
-
-config MATCHPATHCON
- bool "matchpathcon"
- default n
- depends on SELINUX
- help
- Enable support to get default security context of the
- specified path from the file contexts configuration.
-
-config RESTORECON
- bool "restorecon"
- default n
- depends on SELINUX
- help
- Enable support to relabel files. The feature is almost
- the same as setfiles, but usage is a little different.
-
-config RUNCON
- bool "runcon"
- default n
- depends on SELINUX
- help
- Enable support to run command in specified security context.
-
-config FEATURE_RUNCON_LONG_OPTIONS
- bool "Enable long options"
- default y
- depends on RUNCON && LONG_OPTS
- help
- Support long options for the runcon applet.
-
-config SELINUXENABLED
- bool "selinuxenabled"
- default n
- depends on SELINUX
- help
- Enable support for this command to be used within shell scripts
- to determine if selinux is enabled.
-
-config SETENFORCE
- bool "setenforce"
- default n
- depends on SELINUX
- help
- Enable support to modify the mode SELinux is running in.
-
-config SETFILES
- bool "setfiles"
- default n
- depends on SELINUX
- help
- Enable support to modify to relabel files.
- Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
- (It is default in libselinux's Makefile), you _must_ enable
- CONFIG_LFS.
-
-config FEATURE_SETFILES_CHECK_OPTION
- bool "Enable check option"
- default n
- depends on SETFILES
- help
- Support "-c" option (check the validity of the contexts against
- the specified binary policy) for setfiles. Requires libsepol.
-
-config SETSEBOOL
- bool "setsebool"
- default n
- depends on SELINUX
- help
- Enable support for change boolean.
- semanage and -P option is not supported yet.
-
-config SESTATUS
- bool "sestatus"
- default n
- depends on SELINUX
- help
- Displays the status of SELinux.
-
endmenu
diff --git a/selinux/Kbuild.src b/selinux/Kbuild.src
index cdd5f2adf..62c9e64cd 100644
--- a/selinux/Kbuild.src
+++ b/selinux/Kbuild.src
@@ -8,15 +8,3 @@
lib-y:=
INSERT
-lib-$(CONFIG_CHCON) += chcon.o
-lib-$(CONFIG_GETENFORCE) += getenforce.o
-lib-$(CONFIG_GETSEBOOL) += getsebool.o
-lib-$(CONFIG_LOAD_POLICY) += load_policy.o
-lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
-lib-$(CONFIG_RUNCON) += runcon.o
-lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
-lib-$(CONFIG_SETENFORCE) += setenforce.o
-lib-$(CONFIG_SETFILES) += setfiles.o
-lib-$(CONFIG_RESTORECON) += setfiles.o
-lib-$(CONFIG_SETSEBOOL) += setsebool.o
-lib-$(CONFIG_SESTATUS) += sestatus.o
diff --git a/selinux/chcon.c b/selinux/chcon.c
index f947c2c12..c743013ce 100644
--- a/selinux/chcon.c
+++ b/selinux/chcon.c
@@ -7,6 +7,23 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config CHCON
+//config: bool "chcon"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to change the security context of file.
+//config:
+//config:config FEATURE_CHCON_LONG_OPTIONS
+//config: bool "Enable long options"
+//config: default y
+//config: depends on CHCON && LONG_OPTS
+//config: help
+//config: Support long options for the chcon applet.
+
+//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_CHCON) += chcon.o
//usage:#define chcon_trivial_usage
//usage: "[OPTIONS] CONTEXT FILE..."
diff --git a/selinux/getenforce.c b/selinux/getenforce.c
index 56611d693..37477652b 100644
--- a/selinux/getenforce.c
+++ b/selinux/getenforce.c
@@ -6,6 +6,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config GETENFORCE
+//config: bool "getenforce"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to get the current mode of SELinux.
+
+//applet:IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETENFORCE) += getenforce.o
//usage:#define getenforce_trivial_usage NOUSAGE_STR
//usage:#define getenforce_full_usage ""
diff --git a/selinux/getsebool.c b/selinux/getsebool.c
index e8f0fefb0..fce478f5b 100644
--- a/selinux/getsebool.c
+++ b/selinux/getsebool.c
@@ -6,6 +6,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config GETSEBOOL
+//config: bool "getsebool"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to get SELinux boolean values.
+
+//applet:IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETSEBOOL) += getsebool.o
//usage:#define getsebool_trivial_usage
//usage: "-a or getsebool boolean..."
diff --git a/selinux/load_policy.c b/selinux/load_policy.c
index ce139dbf2..f969453e3 100644
--- a/selinux/load_policy.c
+++ b/selinux/load_policy.c
@@ -4,6 +4,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config LOAD_POLICY
+//config: bool "load_policy"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to load SELinux policy.
+
+//applet:IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_LOAD_POLICY) += load_policy.o
//usage:#define load_policy_trivial_usage NOUSAGE_STR
//usage:#define load_policy_full_usage ""
diff --git a/selinux/matchpathcon.c b/selinux/matchpathcon.c
index 9e5728eb3..a3b2fcb74 100644
--- a/selinux/matchpathcon.c
+++ b/selinux/matchpathcon.c
@@ -5,6 +5,17 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config MATCHPATHCON
+//config: bool "matchpathcon"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to get default security context of the
+//config: specified path from the file contexts configuration.
+
+//applet:IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
//usage:#define matchpathcon_trivial_usage
//usage: "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"
diff --git a/selinux/runcon.c b/selinux/runcon.c
index 27f2be3a9..366834e46 100644
--- a/selinux/runcon.c
+++ b/selinux/runcon.c
@@ -28,6 +28,23 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config RUNCON
+//config: bool "runcon"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to run command in specified security context.
+//config:
+//config:config FEATURE_RUNCON_LONG_OPTIONS
+//config: bool "Enable long options"
+//config: default y
+//config: depends on RUNCON && LONG_OPTS
+//config: help
+//config: Support long options for the runcon applet.
+
+//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
//usage:#define runcon_trivial_usage
//usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
diff --git a/selinux/selinuxenabled.c b/selinux/selinuxenabled.c
index ce830dc22..b80c4e71b 100644
--- a/selinux/selinuxenabled.c
+++ b/selinux/selinuxenabled.c
@@ -6,6 +6,17 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config SELINUXENABLED
+//config: bool "selinuxenabled"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support for this command to be used within shell scripts
+//config: to determine if selinux is enabled.
+
+//applet:IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
//usage:#define selinuxenabled_trivial_usage NOUSAGE_STR
//usage:#define selinuxenabled_full_usage ""
diff --git a/selinux/sestatus.c b/selinux/sestatus.c
index e59431873..ad49c9d25 100644
--- a/selinux/sestatus.c
+++ b/selinux/sestatus.c
@@ -7,6 +7,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config SESTATUS
+//config: bool "sestatus"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Displays the status of SELinux.
+
+//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o
//usage:#define sestatus_trivial_usage
//usage: "[-vb]"
diff --git a/selinux/setenforce.c b/selinux/setenforce.c
index c5bc0a5a6..8d18abd29 100644
--- a/selinux/setenforce.c
+++ b/selinux/setenforce.c
@@ -6,6 +6,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config SETENFORCE
+//config: bool "setenforce"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to modify the mode SELinux is running in.
+
+//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o
//usage:#define setenforce_trivial_usage
//usage: "[Enforcing | Permissive | 1 | 0]"
diff --git a/selinux/setfiles.c b/selinux/setfiles.c
index c9597d54e..4fc307f55 100644
--- a/selinux/setfiles.c
+++ b/selinux/setfiles.c
@@ -3,6 +3,37 @@
policycoreutils was released under GPL 2.
Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
*/
+//config:config SETFILES
+//config: bool "setfiles"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to modify to relabel files.
+//config: Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
+//config: (It is default in libselinux's Makefile), you _must_ enable
+//config: CONFIG_LFS.
+//config:
+//config:config FEATURE_SETFILES_CHECK_OPTION
+//config: bool "Enable check option"
+//config: default n
+//config: depends on SETFILES
+//config: help
+//config: Support "-c" option (check the validity of the contexts against
+//config: the specified binary policy) for setfiles. Requires libsepol.
+//config:
+//config:config RESTORECON
+//config: bool "restorecon"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support to relabel files. The feature is almost
+//config: the same as setfiles, but usage is a little different.
+
+//applet:IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
+
+//kbuild:lib-$(CONFIG_SETFILES) += setfiles.o
+//kbuild:lib-$(CONFIG_RESTORECON) += setfiles.o
//usage:#define setfiles_trivial_usage
//usage: "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"
diff --git a/selinux/setsebool.c b/selinux/setsebool.c
index ec682e5c5..6a6bd031c 100644
--- a/selinux/setsebool.c
+++ b/selinux/setsebool.c
@@ -7,6 +7,17 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config SETSEBOOL
+//config: bool "setsebool"
+//config: default n
+//config: depends on SELINUX
+//config: help
+//config: Enable support for change boolean.
+//config: semanage and -P option is not supported yet.
+
+//applet:IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SETSEBOOL) += setsebool.o
//usage:#define setsebool_trivial_usage
//usage: "boolean value"