More ls -Z upgrading. Move TOYBOX_SELINUX and TOYBOX_SMACK support from

portability.h to new lib/lsm.h. Update ls.c to use it.

Fix "ls . toys" (two directories when one is . or ..), which was filtering
out the . as something we shouldn't recurse into even though it was explicitly
listed on the command line. For some reason "ls -Z . toys" is still segfaulting
though (but "ls -Z ." isn't), need to figure out why...

1 files changed, 96 insertions, 0 deletions

diff --git a/lib/lsm.h b/lib/lsm.h
new file mode 100644
index 00000000..b16138a4
--- /dev/null
+++ b/lib/lsm.h
@@ -0,0 +1,96 @@
+/* lsm.h - header file for lib directory
+ *
+ * Copyright 2015 Rob Landley <rob@landley.net>
+ */
+
+#if CFG_TOYBOX_SELINUX
+#include <selinux/selinux.h>
+#else
+#define is_selinux_enabled() 0
+#define getcon(...) (-1)
+#define getfilecon(...) (-1)
+#define lgetfilecon(...) (-1)
+#define fgetfilecon(...) (-1)
+#define setfilecon(...) (-1)
+#define lsetfilecon(...) (-1)
+#define fsetfilecon(...) (-1)
+#endif
+
+#if CFG_TOYBOX_SMACK
+#include <sys/smack.h>
+#include <sys/xattr.h>
+#include <linux/xattr.h>
+#else
+#define XATTR_NAME_SMACK 0
+//ssize_t fgetxattr (int fd, char *name, void *value, size_t size);
+#define smack_smackfs_path(...) (-1)
+#define smack_new_label_from_self(...) (-1)
+#define smack_new_label_from_path(...) (-1)
+#define smack_new_label_from_file(...) (-1)
+#define smack_set_label_for_path(...) (-1)
+#define smack_set_label_for_file(...) (-1)
+#endif
+
+// This turns into "return 0" when no LSM and lets code optimize out.
+static inline int lsm_enabled(void)
+{
+  if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
+  else return is_selinux_enabled() == 1;
+}
+
+// Fetch this process's lsm context
+static inline char *lsm_context(void)
+{
+  int ok = 0;
+  char *result;
+
+  if (CFG_TOYBOX_SMACK) ok = smack_new_label_from_self(&result) > 0;
+  else ok = getcon(&result) == 0;
+
+  return ok ? result : strdup("?");
+}
+
+static inline int lsm_set_context(char *filename, char *context)
+{
+  if (CFG_TOYBOX_SMACK)
+    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 1, context);
+  else return setfilecon(filename, context);
+}
+
+static inline int lsm_lset_context(char *filename, char *context)
+{
+  if (CFG_TOYBOX_SMACK)
+    return smack_set_label_for_path(filename, XATTR_NAME_SMACK, 0, context);
+  else return lsetfilecon(filename, context);
+}
+
+static inline int lsm_fset_context(int file, char *context)
+{
+  if (CFG_TOYBOX_SMACK)
+    return smack_set_label_for_file(file, XATTR_NAME_SMACK, context);
+  else return fsetfilecon(file, context);
+}
+
+
+// returns -1 in case of error or else the length of the context */
+// context can be NULL to get the length only */
+static inline int lsm_get_context(char *filename, char **context)
+{
+  if (CFG_TOYBOX_SMACK)
+    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 1, context);
+  else return getfilecon(filename, context);
+}
+
+static inline int lsm_lget_context(char *filename, char **context)
+{
+  if (CFG_TOYBOX_SMACK)
+    return smack_new_label_from_path(filename, XATTR_NAME_SMACK, 0, context);
+  else return lgetfilecon(filename, context);
+}
+
+static inline int lsm_fget_context(int file, char **context)
+{
+  if (CFG_TOYBOX_SMACK)
+    return smack_new_label_from_file(file, XATTR_NAME_SMACK, context);
+  return fgetfilecon(file, context);
+}