This patch adds a TOYBOX_SELINUX configuration option to control both

the SELinux commands (such as chcon) and the SELinux-specific options to regular commands (such as ls -Z). This lets us #include <selinux/selinux.h> in portability.h. I've also fixed chcon to insist on being given the a context argument. This patch also adds -Z to id and fixes id's regular output (-G should be separated by spaces, non-G output should be separated by commas, and you don't want a double comma where the egid is omitted from the list of groups).
author: Elliott Hughes <enh@google.com> 2015-01-16 13:36:53 -0600
committer: Elliott Hughes <enh@google.com> 2015-01-16 13:36:53 -0600
commit: 7e2af1c7489cbf974a57d482bb9d23c884d2aa49 (patch)
tree: d358db3adabf66240ed384d49b2834d3d33b7d9a
parent: 376a2579ec2d0a9bb64d30668b7e32ab220aa023 (diff)
download: toybox-7e2af1c7489cbf974a57d482bb9d23c884d2aa49.tar.gz
4 files changed, 60 insertions, 17 deletions
diff --git a/Config.in b/Config.in
index 29cf4e1f..f9437fa5 100644
--- a/Config.in
+++ b/Config.in
@@ -34,6 +34,13 @@ config TOYBOX_SUID
 
 	  chown root:root toybox; chmod +s toybox
 
+config TOYBOX_SELINUX
+ bool "SELinux support"
+ default n
+ help
+  Include SELinux options in commands such as ls, and add
+  SELinux-specific commands such as chcon.
+
 config TOYBOX_FLOAT
 	bool "Floating point support"
 	default y
diff --git a/lib/portability.h b/lib/portability.h
index 8bbbdb25..67ac5b58 100644
--- a/lib/portability.h
+++ b/lib/portability.h
@@ -236,3 +236,7 @@ pid_t xfork(void);
 
 //#define strncpy(...) @@strncpyisbadmmkay@@
 //#define strncat(...) @@strcatisbadmmkay@@
+
+#if CFG_TOYBOX_SELINUX
+#include <selinux/selinux.h>
+#endif
diff --git a/toys/pending/chcon.c b/toys/pending/chcon.c
index 41259de6..0ef4e1e5 100644
--- a/toys/pending/chcon.c
+++ b/toys/pending/chcon.c
@@ -2,11 +2,12 @@
  *
  * Copyright 2014 The Android Open Source Project
 
-USE_CHCON(NEWTOY(chcon, "hRv", TOYFLAG_USR|TOYFLAG_BIN))
+USE_CHCON(NEWTOY(chcon, "<1hRv", TOYFLAG_USR|TOYFLAG_BIN))
 
 config CHCON
   bool "chcon"
-  default n
+  depends on TOYBOX_SELINUX
+  default y
   help
     usage: chcon [-hRv] CONTEXT FILE...
 
@@ -19,7 +20,6 @@ config CHCON
 
 #define FOR_chcon
 #include "toys.h"
-#include <selinux/selinux.h>
 
 GLOBALS(
   char *context;
diff --git a/toys/posix/id.c b/toys/posix/id.c
index dd48cf0b..4e1ec8cb 100644
--- a/toys/posix/id.c
+++ b/toys/posix/id.c
@@ -6,7 +6,7 @@
  *
  * See http://opengroup.org/onlinepubs/9699919799/utilities/id.html
 
-USE_ID(NEWTOY(id, ">1nGgru[!Ggu]", TOYFLAG_BIN))
+USE_ID(NEWTOY(id, ">1"USE_ID_SELINUX("Z")"nGgru[!"USE_ID_SELINUX("Z")"Ggu]", TOYFLAG_BIN))
 USE_GROUPS(NEWTOY(groups, NULL, TOYFLAG_USR|TOYFLAG_BIN))
 USE_LOGNAME(NEWTOY(logname, ">0", TOYFLAG_BIN))
 USE_WHOAMI(OLDTOY(whoami, logname, TOYFLAG_BIN))
@@ -25,6 +25,15 @@ config ID
     -r	Show real ID instead of effective ID
     -u	Show only the effective user ID
 
+config ID_SELINUX
+  bool
+  default y
+  depends on ID && TOYBOX_SELINUX
+  help
+    usage: id [-Z]
+
+    -Z Show only SELinux context
+
 config GROUPS
   bool "groups"
   default y
@@ -54,7 +63,7 @@ config WHOAMI
 #include "toys.h"
 
 GLOBALS(
-  int do_u, do_n, do_G, is_groups;
+  int do_u, do_n, do_G, do_Z, is_groups;
 )
 
 static void s_or_u(char *s, unsigned u, int done)
@@ -97,7 +106,7 @@ void do_id(char *username)
   grp = xgetgrgid(i ? gid : egid);
   if (flags & FLAG_g) s_or_u(grp->gr_name, grp->gr_gid, 1);
 
-  if (!TT.do_G) {
+  if (!TT.do_G && !TT.do_Z) {
     showid("uid=", pw->pw_uid, pw->pw_name);
     showid(" gid=", grp->gr_gid, grp->gr_name);
 
@@ -115,18 +124,40 @@ void do_id(char *username)
     showid(" groups=", grp->gr_gid, grp->gr_name);
   }
 
-  groups = (gid_t *)toybuf;
-  i = sizeof(toybuf)/sizeof(gid_t);
-  ngroups = username ? getgrouplist(username, gid, groups, &i)
-    : getgroups(i, groups);
-  if (ngroups<0) perror_exit(0);
-
-  for (i = 0; i<ngroups; i++) {
-    if (i || !TT.do_G) xputc(' ');
-    if (!(grp = getgrgid(groups[i]))) perror_msg(0);
-    else if (TT.do_G) s_or_u(grp->gr_name, grp->gr_gid, 0);
-    else if (grp->gr_gid != egid) showid("", grp->gr_gid, grp->gr_name);
+  if (!TT.do_Z) {
+    groups = (gid_t *)toybuf;
+    i = sizeof(toybuf)/sizeof(gid_t);
+    ngroups = username ? getgrouplist(username, gid, groups, &i)
+      : getgroups(i, groups);
+    if (ngroups<0) perror_exit(0);
+
+    int show_separator = !TT.do_G;
+    for (i = 0; i<ngroups; i++) {
+      if (show_separator) xputc(TT.do_G ? ' ' : ',');
+      show_separator = 1;
+      if (!(grp = getgrgid(groups[i]))) perror_msg(0);
+      else if (TT.do_G) s_or_u(grp->gr_name, grp->gr_gid, 0);
+      else if (grp->gr_gid != egid) showid("", grp->gr_gid, grp->gr_name);
+      else show_separator = 0; // Because we didn't show anything this time.
+    }
+    if (TT.do_G) {
+      xputc('\n');
+      exit(0);
+    }
+  }
+
+#if CFG_TOYBOX_SELINUX
+  char *context = NULL;
+  if (is_selinux_enabled() < 1) {
+    if (TT.do_Z)
+      error_exit("SELinux disabled");
+  } else if (getcon(&context) == 0) {
+    if (!TT.do_Z) xputc(' ');
+    printf("context=%s", context);
   }
+  if (CFG_TOYBOX_FREE) free(context);
+#endif
+
   xputc('\n');
 }
 
@@ -136,6 +167,7 @@ void id_main(void)
   if (FLAG_u) TT.do_u |= toys.optflags & FLAG_u;
   if (FLAG_n) TT.do_n |= toys.optflags & FLAG_n;
   if (FLAG_G) TT.do_G |= toys.optflags & FLAG_G;
+  if (FLAG_Z) TT.do_Z |= toys.optflags & FLAG_Z;
 
   if (toys.optc) while(*toys.optargs) do_id(*toys.optargs++);
   else do_id(NULL);
author	Elliott Hughes <enh@google.com>	2015-01-16 13:36:53 -0600
committer	Elliott Hughes <enh@google.com>	2015-01-16 13:36:53 -0600
commit	7e2af1c7489cbf974a57d482bb9d23c884d2aa49 (patch)
tree	d358db3adabf66240ed384d49b2834d3d33b7d9a
parent	376a2579ec2d0a9bb64d30668b7e32ab220aa023 (diff)
download	toybox-7e2af1c7489cbf974a57d482bb9d23c884d2aa49.tar.gz