diff options
Diffstat (limited to 'libbb')
-rw-r--r-- | libbb/find_pid_by_name.c | 7 | ||||
-rw-r--r-- | libbb/procps.c | 15 | ||||
-rw-r--r-- | libbb/run_shell.c | 43 |
3 files changed, 37 insertions, 28 deletions
diff --git a/libbb/find_pid_by_name.c b/libbb/find_pid_by_name.c index 930710f32..570e7bd93 100644 --- a/libbb/find_pid_by_name.c +++ b/libbb/find_pid_by_name.c @@ -45,11 +45,8 @@ extern long* find_pid_by_name( const char* pidName) procps_status_t * p; pidList = xmalloc(sizeof(long)); -#ifdef CONFIG_SELINUX - while ((p = procps_scan(0, 0, NULL)) != 0) { -#else - while ((p = procps_scan(0)) != 0) { -#endif + while ((p = procps_scan(0)) != 0) + { if (strncmp(p->short_cmd, pidName, COMM_LEN-1) == 0) { pidList=xrealloc( pidList, sizeof(long) * (i+2)); pidList[i++]=p->pid; diff --git a/libbb/procps.c b/libbb/procps.c index e405fb7ef..72f627f15 100644 --- a/libbb/procps.c +++ b/libbb/procps.c @@ -16,11 +16,7 @@ #include "libbb.h" -extern procps_status_t * procps_scan(int save_user_arg0 -#ifdef CONFIG_SELINUX - , int use_selinux , security_id_t *sid -#endif - ) +extern procps_status_t * procps_scan(int save_user_arg0) { static DIR *dir; struct dirent *entry; @@ -60,16 +56,9 @@ extern procps_status_t * procps_scan(int save_user_arg0 my_getpwuid(curstatus.user, sb.st_uid, sizeof(curstatus.user)); sprintf(status, "/proc/%d/stat", pid); + if((fp = fopen(status, "r")) == NULL) continue; -#ifdef CONFIG_SELINUX - if(use_selinux) - { - if(fstat_secure(fileno(fp), &sb, sid)) - continue; - } - else -#endif name = fgets(buf, sizeof(buf), fp); fclose(fp); if(name == NULL) diff --git a/libbb/run_shell.c b/libbb/run_shell.c index 993b4e711..67ff2a5f8 100644 --- a/libbb/run_shell.c +++ b/libbb/run_shell.c @@ -37,7 +37,33 @@ #include <ctype.h> #include "libbb.h" #ifdef CONFIG_SELINUX -#include <proc_secure.h> +#include <selinux/selinux.h> /* for setexeccon */ +#endif + +#ifdef CONFIG_SELINUX +static security_context_t current_sid=NULL; + +void +renew_current_security_context(void) +{ + if (current_sid) + freecon(current_sid); /* Release old context */ + + getcon(¤t_sid); /* update */ + + return; +} +void +set_current_security_context(security_context_t sid) +{ + if (current_sid) + freecon(current_sid); /* Release old context */ + + current_sid=sid; + + return; +} + #endif /* Run SHELL, or DEFAULT_SHELL if SHELL is empty. @@ -45,11 +71,7 @@ If ADDITIONAL_ARGS is nonzero, pass it to the shell as more arguments. */ -void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args -#ifdef CONFIG_SELINUX - , security_id_t sid -#endif -) +void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args) { const char **args; int argno = 1; @@ -78,10 +100,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c } args [argno] = 0; #ifdef CONFIG_SELINUX - if(sid) - execve_secure(shell, (char **) args, environ, sid); - else + if ( (current_sid) && (!setexeccon(current_sid)) ) { + freecon(current_sid); + execve(shell, (char **) args, environ); + } else #endif - execv ( shell, (char **) args ); + execv ( shell, (char **) args ); bb_perror_msg_and_die ( "cannot run %s", shell ); } |