diff options
-rw-r--r-- | lib/lsm.h | 8 | ||||
-rw-r--r-- | toys.h | 1 | ||||
-rw-r--r-- | toys/posix/id.c | 53 | ||||
-rw-r--r-- | toys/posix/ls.c | 1 |
4 files changed, 31 insertions, 32 deletions
@@ -38,6 +38,14 @@ static inline int lsm_enabled(void) else return is_selinux_enabled() == 1; } +static inline char *lsm_name(void) +{ + if (CFG_TOYBOX_SMACK) return "Smack"; + if (CFG_TOYBOX_SELINUX) return "SELinux"; + + return "LSM"; +} + // Fetch this process's lsm context static inline char *lsm_context(void) { @@ -68,6 +68,7 @@ #include <sys/sysinfo.h> #include "lib/lib.h" +#include "lib/lsm.h" #include "toys/e2fs.h" // Get list of function prototypes for all enabled command_main() functions. diff --git a/toys/posix/id.c b/toys/posix/id.c index 7ab489ef..aa43072f 100644 --- a/toys/posix/id.c +++ b/toys/posix/id.c @@ -6,7 +6,7 @@ * * See http://opengroup.org/onlinepubs/9699919799/utilities/id.html -USE_ID(NEWTOY(id, ">1"USE_ID_SELINUX("Z")"nGgru[!"USE_ID_SELINUX("Z")"Ggu]", TOYFLAG_USR|TOYFLAG_BIN)) +USE_ID(NEWTOY(id, ">1"USE_ID_Z("Z")"nGgru[!"USE_ID_Z("Z")"Ggu]", TOYFLAG_USR|TOYFLAG_BIN)) USE_GROUPS(NEWTOY(groups, NULL, TOYFLAG_USR|TOYFLAG_BIN)) USE_LOGNAME(NEWTOY(logname, ">0", TOYFLAG_USR|TOYFLAG_BIN)) USE_WHOAMI(OLDTOY(whoami, logname, TOYFLAG_USR|TOYFLAG_BIN)) @@ -25,14 +25,14 @@ config ID -r Show real ID instead of effective ID -u Show only the effective user ID -config ID_SELINUX +config ID_Z bool default y - depends on ID && TOYBOX_SELINUX + depends on ID && !TOYBOX_LSM_NONE help usage: id [-Z] - -Z Show only SELinux context + -Z Show only security context config GROUPS bool "groups" @@ -60,15 +60,16 @@ config WHOAMI */ #define FOR_id +#define FORCE_FLAGS #include "toys.h" GLOBALS( - int do_u, do_n, do_G, do_Z, is_groups; + int is_groups; ) static void s_or_u(char *s, unsigned u, int done) { - if (TT.do_n) printf("%s", s); + if (toys.optflags&FLAG_n) printf("%s", s); else printf("%u", u); if (done) { xputc('\n'); @@ -101,12 +102,12 @@ void do_id(char *username) i = flags & FLAG_r; pw = xgetpwuid(i ? uid : euid); - if (TT.do_u) s_or_u(pw->pw_name, pw->pw_uid, 1); + if (toys.optflags&FLAG_u) s_or_u(pw->pw_name, pw->pw_uid, 1); grp = xgetgrgid(i ? gid : egid); if (flags & FLAG_g) s_or_u(grp->gr_name, grp->gr_gid, 1); - if (!TT.do_G && !TT.do_Z) { + if (!(toys.optflags&(FLAG_g|FLAG_Z))) { showid("uid=", pw->pw_uid, pw->pw_name); showid(" gid=", grp->gr_gid, grp->gr_name); @@ -124,39 +125,35 @@ void do_id(char *username) showid(" groups=", grp->gr_gid, grp->gr_name); } - if (!TT.do_Z) { + if (!(toys.optflags&FLAG_Z)) { groups = (gid_t *)toybuf; i = sizeof(toybuf)/sizeof(gid_t); ngroups = username ? getgrouplist(username, gid, groups, &i) : getgroups(i, groups); if (ngroups<0) perror_exit(0); - int show_separator = !TT.do_G; + int show_separator = !(toys.optflags&FLAG_G); for (i = 0; i<ngroups; i++) { - if (show_separator) xputc(TT.do_G ? ' ' : ','); + if (show_separator) xputc((toys.optflags&FLAG_G) ? ' ' : ','); show_separator = 1; if (!(grp = getgrgid(groups[i]))) perror_msg(0); - else if (TT.do_G) s_or_u(grp->gr_name, grp->gr_gid, 0); + else if (toys.optflags&FLAG_G) s_or_u(grp->gr_name, grp->gr_gid, 0); else if (grp->gr_gid != egid) showid("", grp->gr_gid, grp->gr_name); else show_separator = 0; // Because we didn't show anything this time. } - if (TT.do_G) { + if (toys.optflags&FLAG_G) { xputc('\n'); exit(0); } } - if (CFG_TOYBOX_SELINUX) { - char *context = NULL; + if (!CFG_TOYBOX_LSM_NONE) { + if (lsm_enabled()) { + char *context = lsm_context(); - if (is_selinux_enabled() < 1) { - if (TT.do_Z) - error_exit("SELinux disabled"); - } else if (getcon(&context) == 0) { - if (!TT.do_Z) xputc(' '); - printf("context=%s", context); - } - if (CFG_TOYBOX_FREE) free(context); + printf(" context=%s"+!!(toys.optflags&FLAG_Z), context); + if (CFG_TOYBOX_FREE) free(context); + } else if (toys.optflags&FLAG_Z) error_exit("%s disabled", lsm_name()); } xputc('\n'); @@ -164,12 +161,6 @@ void do_id(char *username) void id_main(void) { - // FLAG macros can be 0 if "id" command not enabled, so snapshot them here. - if (FLAG_u) TT.do_u |= toys.optflags & FLAG_u; - if (FLAG_n) TT.do_n |= toys.optflags & FLAG_n; - if (FLAG_G) TT.do_G |= toys.optflags & FLAG_G; - if (FLAG_Z) TT.do_Z |= toys.optflags & FLAG_Z; - if (toys.optc) while(*toys.optargs) do_id(*toys.optargs++); else do_id(NULL); } @@ -177,12 +168,12 @@ void id_main(void) void groups_main(void) { TT.is_groups = 1; - TT.do_G = TT.do_n = 1; + toys.optflags = FLAG_G|FLAG_n; id_main(); } void logname_main(void) { - TT.do_u = TT.do_n = 1; + toys.optflags = FLAG_u|FLAG_n; id_main(); } diff --git a/toys/posix/ls.c b/toys/posix/ls.c index 46a60ef7..84149e41 100644 --- a/toys/posix/ls.c +++ b/toys/posix/ls.c @@ -47,7 +47,6 @@ config LS_COLOR #define FOR_ls #include "toys.h" -#include "lib/lsm.h" // test sst output (suid/sticky in ls flaglist) |