diff options
-rw-r--r-- | include/libbb.h | 4 | ||||
-rw-r--r-- | libbb/procps.c | 11 | ||||
-rw-r--r-- | procps/ps.c | 73 |
3 files changed, 59 insertions, 29 deletions
diff --git a/include/libbb.h b/include/libbb.h index dd0f5c1cc..1ba122a2d 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -830,6 +830,9 @@ typedef struct { DIR *dir; /* Fields are set to 0/NULL if failed to determine (or not requested) */ char *cmd; + USE_SELINUX(char *context;) + /* Everything below must contain no ptrs to malloc'ed data: + * it is memset(0) for each process in procps_scan() */ unsigned vsz, rss; /* we round it to kbytes */ unsigned long stime, utime; unsigned pid; @@ -859,6 +862,7 @@ enum { PSSCAN_STIME = 1 << 10, PSSCAN_UTIME = 1 << 11, PSSCAN_TTY = 1 << 12, + USE_SELINUX(PSSCAN_CONTEXT = 1 << 13,) /* These are all retrieved from proc/NN/stat in one go: */ PSSCAN_STAT = PSSCAN_PPID | PSSCAN_PGID | PSSCAN_SID | PSSCAN_COMM | PSSCAN_STATE diff --git a/libbb/procps.c b/libbb/procps.c index 946f569f5..be0d61bd3 100644 --- a/libbb/procps.c +++ b/libbb/procps.c @@ -4,7 +4,8 @@ * * Copyright 1998 by Albert Cahalan; all rights reserved. * Copyright (C) 2002 by Vladimir Oleynik <dzo@simtreas.ru> - * + * SELinux support: (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp> + * * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. */ @@ -95,6 +96,7 @@ void free_procps_scan(procps_status_t* sp) { closedir(sp->dir); free(sp->cmd); + USE_SELINUX(free(sp->context);) free(sp); } @@ -132,6 +134,13 @@ procps_status_t* procps_scan(procps_status_t* sp, int flags) sp->pid = pid; if (!(flags & ~PSSCAN_PID)) break; +#if ENABLE_SELINUX + if (flags & PSSCAN_CONTEXT) { + if (getpidcon(sp->pid, &sp->context) < 0) + sp->context = NULL; + } +#endif + filename_tail = filename + sprintf(filename, "/proc/%d", pid); if (flags & PSSCAN_UIDGID) { diff --git a/procps/ps.c b/procps/ps.c index 968a6fe99..c3023cf5e 100644 --- a/procps/ps.c +++ b/procps/ps.c @@ -3,6 +3,8 @@ * Mini ps implementation(s) for busybox * * Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org> + * Fix for SELinux Support:(c)2007 Hiroshi Shinji <shiroshi@my.email.ne.jp> + (c)2007 Yuichi Nakamura <ynakam@hitachisoft.jp> * * Licensed under the GPL version 2, see the file LICENSE in this tarball. */ @@ -68,6 +70,14 @@ static void func_tty(char *buf, int size, const procps_status_t *ps) { safe_strncpy(buf, ps->tty_str, size+1); } + +#if ENABLE_SELINUX +static void func_label(char *buf, int size, const procps_status_t *ps) +{ + safe_strncpy(buf, ps->context ? ps->context : "unknown", size+1); +} +#endif + /* static void func_nice(char *buf, int size, const procps_status_t *ps) { @@ -116,11 +126,19 @@ static const ps_out_t out_spec[] = { { 4 , "vsz" ,"VSZ" ,func_vsz ,PSSCAN_VSZ }, // Not mandated by POSIX, but useful: { 4 , "rss" ,"RSS" ,func_rss ,PSSCAN_RSS }, +#if ENABLE_SELINUX + { 35 , "label" ,"LABEL" ,func_label ,PSSCAN_CONTEXT }, +#endif }; #define VEC_SIZE(v) ( sizeof(v) / sizeof((v)[0]) ) -#define DEFAULT_O_STR "pid,user" /* TODO: ,vsz,stat */ ",args" +#if ENABLE_SELINUX +#define SELINIX_O_PREFIX "label," +#define DEFAULT_O_STR SELINIX_O_PREFIX "pid,user" /* TODO: ,vsz,stat */ ",args" +#else +#define DEFAULT_O_STR "pid,user" /* TODO: ,vsz,stat */ ",args" +#endif struct globals { ps_out_t* out; @@ -207,6 +225,10 @@ static void post_process(void) } width += out[i].width + 1; /* "FIELD " */ } +#if ENABLE_SELINUX + if (!is_selinux_enabled()) + need_flags &= ~PSSCAN_CONTEXT; +#endif buffer = xmalloc(width + 1); /* for trailing \0 */ } @@ -261,9 +283,7 @@ int ps_main(int argc, char **argv) { procps_status_t *p; llist_t* opt_o = NULL; - - /* Cannot be const: parse_o() will choke */ - strcpy(default_o, DEFAULT_O_STR); + USE_SELINUX(int opt;) // POSIX: // -a Write information for all processes associated with terminals @@ -277,14 +297,25 @@ int ps_main(int argc, char **argv) // Select which columns to display /* We allow (and ignore) most of the above. FIXME */ opt_complementary = "o::"; - getopt32(argc, argv, "o:aAdefl", &opt_o); + USE_SELINUX(opt =) getopt32(argc, argv, "Zo:aAdefl", &opt_o); if (opt_o) { do { parse_o(opt_o->data); opt_o = opt_o->link; } while (opt_o); - } else + } else { + /* Below: parse_o() needs char*, NOT const char*... */ +#if ENABLE_SELINUX + if (!(opt & 1) || !is_selinux_enabled()) { + /* no -Z or no SELinux: do not show LABEL */ + strcpy(default_o, DEFAULT_O_STR + sizeof(SELINIX_O_PREFIX)-1); + } else +#endif + { + strcpy(default_o, DEFAULT_O_STR); + } parse_o(default_o); + } post_process(); /* Was INT_MAX, but some libc's go belly up with printf("%.*s") @@ -314,7 +345,6 @@ int ps_main(int argc, char **argv) procps_status_t *p = NULL; int i, len; SKIP_SELINUX(const) int use_selinux = 0; - USE_SELINUX(security_context_t sid = NULL;) #if !ENABLE_FEATURE_PS_WIDE enum { terminal_width = 79 }; #else @@ -341,7 +371,7 @@ int ps_main(int argc, char **argv) #endif #if ENABLE_SELINUX if ((i & 1) && is_selinux_enabled()) - use_selinux = 1; + use_selinux = PSSCAN_CONTEXT; #endif #endif /* ENABLE_FEATURE_PS_WIDE || ENABLE_SELINUX */ @@ -356,28 +386,15 @@ int ps_main(int argc, char **argv) | PSSCAN_STATE | PSSCAN_VSZ | PSSCAN_CMD + | use_selinux ))) { char *namecmd = p->cmd; #if ENABLE_SELINUX if (use_selinux) { - char sbuf[128]; - len = sizeof(sbuf); - - if (is_selinux_enabled()) { - if (getpidcon(p->pid, &sid) < 0) - sid = NULL; - } - - if (sid) { - /* I assume sid initialized with NULL */ - len = strlen(sid) + 1; - safe_strncpy(sbuf, sid, len); - freecon(sid); - sid = NULL; - } else { - safe_strncpy(sbuf, "unknown", 7); - } - len = printf("%5u %-32s %s ", p->pid, sbuf, p->state); + len = printf("%5u %-32s %s ", + p->pid, + p->context ? p->context : "unknown", + p->state); } else #endif { @@ -396,14 +413,14 @@ int ps_main(int argc, char **argv) if (i < 0) i = 0; if (strlen(namecmd) > (size_t)i) - namecmd[i] = 0; + namecmd[i] = '\0'; puts(namecmd); } else { namecmd = p->comm; if (i < 2) i = 2; if (strlen(namecmd) > ((size_t)i-2)) - namecmd[i-2] = 0; + namecmd[i-2] = '\0'; printf("[%s]\n", namecmd); } } |