find: add -context.

Tested manually on an Android device with:

  adb shell find /system -context u:object_r:wait_for_keymaster_exec:s0
  adb shell find /system/bin -context '"*key*"'
  adb shell find /system/bin -context '"*tool*"'

1 files changed, 13 insertions, 3 deletions

diff --git a/toys/posix/find.c b/toys/posix/find.c
index bae96db5..7887c0a3 100644
--- a/toys/posix/find.c
+++ b/toys/posix/find.c
@@ -33,7 +33,8 @@ config FIND
     -newer FILE     newer mtime than FILE     -mindepth # at least # dirs down
     -depth          ignore contents of dir    -maxdepth # at most # dirs down
     -inum  N        inode number N            -empty      empty files and dirs
-    -type [bcdflps] (block, char, dir, file, symlink, pipe, socket)
+    -type [bcdflps]   (block, char, dir, file, symlink, pipe, socket)
+    -context PATTERN  security context
 
     Numbers N may be prefixed by a - (less than) or + (greater than). Units for
     -Xtime are d (days, default), h (hours), m (minutes), or s (seconds).
@@ -189,7 +190,7 @@ static void execdir(struct dirtree *new, int flush)
       aa->execdir = bb;
     }
   }
-} 
+}
 
 // Call this with 0 for first pass argument parsing and syntax checking (which
 // populates argdata). Later commands traverse argdata (in order) when they
@@ -347,6 +348,15 @@ static int do_find(struct dirtree *new)
           if (i) free(name);
         }
         free(path);
+      } else if (!CFG_TOYBOX_LSM_NONE && !strcmp(s, "context")) {
+        if (check) {
+          char *path, *context;
+
+          lsm_get_context(path = dirtree_path(new, 0), &context);
+          test = !fnmatch(ss[1], context, 0);
+          free(path);
+          free(context);
+        }
       } else if (!strcmp(s, "perm")) {
         if (check) {
           char *m = ss[1];
@@ -544,7 +554,7 @@ cont:
     if (!print && test) do_print(new, '\n');
 
     if (S_ISDIR(new->st.st_mode)) execdir(new, 0);
- 
+
   } else dlist_terminate(TT.argdata);
 
   return recurse;