From 9e48045e45df7e3e205575a4eb3dc39d634b05aa Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Thu, 3 Jul 2003 10:07:04 +0000
Subject: Patch from Russell Coker:

    I've attached my latest SE Linux patch for busybox against the latest CVS
    version of busybox.
---
 loginutils/login.c | 47 +++++++++++++++++++++++++++++++++++++++++++++--
 loginutils/su.c    |  6 +++++-
 2 files changed, 50 insertions(+), 3 deletions(-)

(limited to 'loginutils')

diff --git a/loginutils/login.c b/loginutils/login.c
index e239f421c..741d15c93 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -16,7 +16,12 @@
 #include <time.h>
 
 #include "busybox.h"
-
+#ifdef CONFIG_SELINUX
+#include <flask_util.h>
+#include <get_sid_list.h>
+#include <proc_secure.h>
+#include <fs_secure.h>
+#endif
 
 #ifdef CONFIG_FEATURE_U_W_TMP
 // import from utmp.c
@@ -73,6 +78,10 @@ extern int login_main(int argc, char **argv)
 	int opt_fflag = 0;
 	char *opt_host = 0;
 	int alarmstarted = 0;	
+#ifdef CONFIG_SELINUX
+	int flask_enabled = is_flask_enabled();
+	security_id_t sid = 0, old_tty_sid, new_tty_sid;
+#endif
 
 	username[0]=0;
 	amroot = ( getuid ( ) == 0 );
@@ -217,6 +226,36 @@ auth_ok:
 #ifdef CONFIG_FEATURE_U_W_TMP
 	setutmp ( username, tty );
 #endif
+#ifdef CONFIG_SELINUX
+	if (flask_enabled)
+	{
+		struct stat st;
+
+		if (get_default_sid(username, 0, &sid))
+		{
+			fprintf(stderr, "Unable to get SID for %s\n", username);
+			exit(1);
+		}
+		if (stat_secure(tty, &st, &old_tty_sid))
+		{
+			fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno));
+			return EXIT_FAILURE;
+		}
+		if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
+		{
+			fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno));
+			return EXIT_FAILURE;
+		}
+		if(chsid(tty, new_tty_sid) != 0)
+		{
+			fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno));
+			return EXIT_FAILURE;
+		}
+	}
+	else
+		sid = 0;
+#endif
+
 	if ( *tty != '/' ) 
 		snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
 	else
@@ -239,7 +278,11 @@ auth_ok:
 	if ( pw-> pw_uid == 0 ) 
 		syslog ( LOG_INFO, "root login %s\n", fromhost );
 	
-	run_shell ( pw-> pw_shell, 1, 0, 0 );	/* exec the shell finally. */
+	run_shell ( pw-> pw_shell, 1, 0, 0
+#ifdef CONFIG_SELINUX
+	, sid
+#endif
+	 );	/* exec the shell finally. */
 	
 	return EXIT_FAILURE;
 }
diff --git a/loginutils/su.c b/loginutils/su.c
index 5e40cf2e4..85f5cbe7b 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -156,7 +156,11 @@ int su_main ( int argc, char **argv )
 
 	change_identity ( pw );	
 	setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw );
-	run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args );
+	run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args
+#ifdef CONFIG_SELINUX
+	, 0
+#endif
+	);
 	
 	return EXIT_FAILURE;
 }
-- 
cgit v1.2.3