diff options
author | Elliott Hughes <enh@google.com> | 2015-01-16 13:36:53 -0600 |
---|---|---|
committer | Elliott Hughes <enh@google.com> | 2015-01-16 13:36:53 -0600 |
commit | 7e2af1c7489cbf974a57d482bb9d23c884d2aa49 (patch) | |
tree | d358db3adabf66240ed384d49b2834d3d33b7d9a | |
parent | 376a2579ec2d0a9bb64d30668b7e32ab220aa023 (diff) | |
download | toybox-7e2af1c7489cbf974a57d482bb9d23c884d2aa49.tar.gz |
This patch adds a TOYBOX_SELINUX configuration option to control both
the SELinux commands (such as chcon) and the SELinux-specific options
to regular commands (such as ls -Z).
This lets us #include <selinux/selinux.h> in portability.h.
I've also fixed chcon to insist on being given the a context argument.
This patch also adds -Z to id and fixes id's regular output (-G should
be separated by spaces, non-G output should be separated by commas,
and you don't want a double comma where the egid is omitted from the
list of groups).
-rw-r--r-- | Config.in | 7 | ||||
-rw-r--r-- | lib/portability.h | 4 | ||||
-rw-r--r-- | toys/pending/chcon.c | 6 | ||||
-rw-r--r-- | toys/posix/id.c | 60 |
4 files changed, 60 insertions, 17 deletions
@@ -34,6 +34,13 @@ config TOYBOX_SUID chown root:root toybox; chmod +s toybox +config TOYBOX_SELINUX + bool "SELinux support" + default n + help + Include SELinux options in commands such as ls, and add + SELinux-specific commands such as chcon. + config TOYBOX_FLOAT bool "Floating point support" default y diff --git a/lib/portability.h b/lib/portability.h index 8bbbdb25..67ac5b58 100644 --- a/lib/portability.h +++ b/lib/portability.h @@ -236,3 +236,7 @@ pid_t xfork(void); //#define strncpy(...) @@strncpyisbadmmkay@@ //#define strncat(...) @@strcatisbadmmkay@@ + +#if CFG_TOYBOX_SELINUX +#include <selinux/selinux.h> +#endif diff --git a/toys/pending/chcon.c b/toys/pending/chcon.c index 41259de6..0ef4e1e5 100644 --- a/toys/pending/chcon.c +++ b/toys/pending/chcon.c @@ -2,11 +2,12 @@ * * Copyright 2014 The Android Open Source Project -USE_CHCON(NEWTOY(chcon, "hRv", TOYFLAG_USR|TOYFLAG_BIN)) +USE_CHCON(NEWTOY(chcon, "<1hRv", TOYFLAG_USR|TOYFLAG_BIN)) config CHCON bool "chcon" - default n + depends on TOYBOX_SELINUX + default y help usage: chcon [-hRv] CONTEXT FILE... @@ -19,7 +20,6 @@ config CHCON #define FOR_chcon #include "toys.h" -#include <selinux/selinux.h> GLOBALS( char *context; diff --git a/toys/posix/id.c b/toys/posix/id.c index dd48cf0b..4e1ec8cb 100644 --- a/toys/posix/id.c +++ b/toys/posix/id.c @@ -6,7 +6,7 @@ * * See http://opengroup.org/onlinepubs/9699919799/utilities/id.html -USE_ID(NEWTOY(id, ">1nGgru[!Ggu]", TOYFLAG_BIN)) +USE_ID(NEWTOY(id, ">1"USE_ID_SELINUX("Z")"nGgru[!"USE_ID_SELINUX("Z")"Ggu]", TOYFLAG_BIN)) USE_GROUPS(NEWTOY(groups, NULL, TOYFLAG_USR|TOYFLAG_BIN)) USE_LOGNAME(NEWTOY(logname, ">0", TOYFLAG_BIN)) USE_WHOAMI(OLDTOY(whoami, logname, TOYFLAG_BIN)) @@ -25,6 +25,15 @@ config ID -r Show real ID instead of effective ID -u Show only the effective user ID +config ID_SELINUX + bool + default y + depends on ID && TOYBOX_SELINUX + help + usage: id [-Z] + + -Z Show only SELinux context + config GROUPS bool "groups" default y @@ -54,7 +63,7 @@ config WHOAMI #include "toys.h" GLOBALS( - int do_u, do_n, do_G, is_groups; + int do_u, do_n, do_G, do_Z, is_groups; ) static void s_or_u(char *s, unsigned u, int done) @@ -97,7 +106,7 @@ void do_id(char *username) grp = xgetgrgid(i ? gid : egid); if (flags & FLAG_g) s_or_u(grp->gr_name, grp->gr_gid, 1); - if (!TT.do_G) { + if (!TT.do_G && !TT.do_Z) { showid("uid=", pw->pw_uid, pw->pw_name); showid(" gid=", grp->gr_gid, grp->gr_name); @@ -115,18 +124,40 @@ void do_id(char *username) showid(" groups=", grp->gr_gid, grp->gr_name); } - groups = (gid_t *)toybuf; - i = sizeof(toybuf)/sizeof(gid_t); - ngroups = username ? getgrouplist(username, gid, groups, &i) - : getgroups(i, groups); - if (ngroups<0) perror_exit(0); - - for (i = 0; i<ngroups; i++) { - if (i || !TT.do_G) xputc(' '); - if (!(grp = getgrgid(groups[i]))) perror_msg(0); - else if (TT.do_G) s_or_u(grp->gr_name, grp->gr_gid, 0); - else if (grp->gr_gid != egid) showid("", grp->gr_gid, grp->gr_name); + if (!TT.do_Z) { + groups = (gid_t *)toybuf; + i = sizeof(toybuf)/sizeof(gid_t); + ngroups = username ? getgrouplist(username, gid, groups, &i) + : getgroups(i, groups); + if (ngroups<0) perror_exit(0); + + int show_separator = !TT.do_G; + for (i = 0; i<ngroups; i++) { + if (show_separator) xputc(TT.do_G ? ' ' : ','); + show_separator = 1; + if (!(grp = getgrgid(groups[i]))) perror_msg(0); + else if (TT.do_G) s_or_u(grp->gr_name, grp->gr_gid, 0); + else if (grp->gr_gid != egid) showid("", grp->gr_gid, grp->gr_name); + else show_separator = 0; // Because we didn't show anything this time. + } + if (TT.do_G) { + xputc('\n'); + exit(0); + } + } + +#if CFG_TOYBOX_SELINUX + char *context = NULL; + if (is_selinux_enabled() < 1) { + if (TT.do_Z) + error_exit("SELinux disabled"); + } else if (getcon(&context) == 0) { + if (!TT.do_Z) xputc(' '); + printf("context=%s", context); } + if (CFG_TOYBOX_FREE) free(context); +#endif + xputc('\n'); } @@ -136,6 +167,7 @@ void id_main(void) if (FLAG_u) TT.do_u |= toys.optflags & FLAG_u; if (FLAG_n) TT.do_n |= toys.optflags & FLAG_n; if (FLAG_G) TT.do_G |= toys.optflags & FLAG_G; + if (FLAG_Z) TT.do_Z |= toys.optflags & FLAG_Z; if (toys.optc) while(*toys.optargs) do_id(*toys.optargs++); else do_id(NULL); |