aboutsummaryrefslogtreecommitdiff
path: root/toys/pending/chcon.c
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2014-12-11 20:17:28 -0600
committerElliott Hughes <enh@google.com>2014-12-11 20:17:28 -0600
commite75b1d8d96ea104e5f4fa3f7d06e289cbbedc435 (patch)
tree49bc141df9e128074d4e14d037f0740882648db0 /toys/pending/chcon.c
parented053c0fa6ea2bb65be902d0ad437ab4f2031552 (diff)
downloadtoybox-e75b1d8d96ea104e5f4fa3f7d06e289cbbedc435.tar.gz
here's a patch that should let us replace toolbox's chcon.
(it also adds a feature, -R, because toybox makes that so easy.) you'll probably want fancier configuration here because although the --as-needed works okay, a typical Ubuntu box will have the .so but not the .h files. i did consider adding a toys/selinux/ directory, but given that existing tools like ls and id will want -Z SELinux options, i wasn't sure whether you'd think it was worth segregating the SELinux-only toys. note that this won't help the tizen smack users (and patch for smack won't help SELinux users). so you might want to think about where you'd like us to be aiming: #if USE_SELINUX/USE_SMACK in all the relevant places, or a toys/selinux and a toys/smack (though we'd still need #if in at least ls and id), or a lib/security.c that concentrates all the differences into one file?
Diffstat (limited to 'toys/pending/chcon.c')
-rw-r--r--toys/pending/chcon.c51
1 files changed, 51 insertions, 0 deletions
diff --git a/toys/pending/chcon.c b/toys/pending/chcon.c
new file mode 100644
index 00000000..41259de6
--- /dev/null
+++ b/toys/pending/chcon.c
@@ -0,0 +1,51 @@
+/* chcon.c - Change file security context
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_CHCON(NEWTOY(chcon, "hRv", TOYFLAG_USR|TOYFLAG_BIN))
+
+config CHCON
+ bool "chcon"
+ default n
+ help
+ usage: chcon [-hRv] CONTEXT FILE...
+
+ Change the SELinux security context of listed file[s] (recursively with -R).
+
+ -h change symlinks instead of what they point to.
+ -R recurse into subdirectories.
+ -v verbose output.
+*/
+
+#define FOR_chcon
+#include "toys.h"
+#include <selinux/selinux.h>
+
+GLOBALS(
+ char *context;
+)
+
+int do_chcon(struct dirtree *try)
+{
+ int ret;
+
+ if (!dirtree_notdotdot(try)) return 0;
+
+ char *path = dirtree_path(try, 0);
+ if (toys.optflags & FLAG_v)
+ printf("chcon '%s' to %s\n", path, TT.context);
+ ret = ((toys.optflags&FLAG_h) ? lsetfilecon : setfilecon)(path, TT.context);
+ if (ret == -1)
+ perror_msg("'%s' to %s", path, TT.context);
+ free(path);
+
+ return (toys.optflags & FLAG_R) ? DIRTREE_RECURSE : 0;
+}
+
+void chcon_main(void)
+{
+ TT.context = *toys.optargs;
+ char **file;
+
+ for (file = toys.optargs+1; *file; file++) dirtree_read(*file, do_chcon);
+}