4 files changed, 31 insertions, 32 deletions

diff --git a/lib/lsm.h b/lib/lsm.h
index b16138a4..660917aa 100644
--- a/lib/lsm.h
+++ b/lib/lsm.h
@@ -38,6 +38,14 @@ static inline int lsm_enabled(void)
   else return is_selinux_enabled() == 1;
 }
 
+static inline char *lsm_name(void)
+{
+  if (CFG_TOYBOX_SMACK) return "Smack";
+  if (CFG_TOYBOX_SELINUX) return "SELinux";
+
+  return "LSM";
+}
+
 // Fetch this process's lsm context
 static inline char *lsm_context(void)
 {
diff --git a/toys.h b/toys.h
index 4b2d3736..79754257 100644
--- a/toys.h
+++ b/toys.h
@@ -68,6 +68,7 @@
 #include <sys/sysinfo.h>
 
 #include "lib/lib.h"
+#include "lib/lsm.h"
 #include "toys/e2fs.h"
 
 // Get list of function prototypes for all enabled command_main() functions.
diff --git a/toys/posix/id.c b/toys/posix/id.c
index 7ab489ef..aa43072f 100644
--- a/toys/posix/id.c
+++ b/toys/posix/id.c
@@ -6,7 +6,7 @@
  *
  * See http://opengroup.org/onlinepubs/9699919799/utilities/id.html
 
-USE_ID(NEWTOY(id, ">1"USE_ID_SELINUX("Z")"nGgru[!"USE_ID_SELINUX("Z")"Ggu]", TOYFLAG_USR|TOYFLAG_BIN))
+USE_ID(NEWTOY(id, ">1"USE_ID_Z("Z")"nGgru[!"USE_ID_Z("Z")"Ggu]", TOYFLAG_USR|TOYFLAG_BIN))
 USE_GROUPS(NEWTOY(groups, NULL, TOYFLAG_USR|TOYFLAG_BIN))
 USE_LOGNAME(NEWTOY(logname, ">0", TOYFLAG_USR|TOYFLAG_BIN))
 USE_WHOAMI(OLDTOY(whoami, logname, TOYFLAG_USR|TOYFLAG_BIN))
@@ -25,14 +25,14 @@ config ID
     -r	Show real ID instead of effective ID
     -u	Show only the effective user ID
 
-config ID_SELINUX
+config ID_Z
   bool
   default y
-  depends on ID && TOYBOX_SELINUX
+  depends on ID && !TOYBOX_LSM_NONE
   help
     usage: id [-Z]
 
-    -Z Show only SELinux context
+    -Z	Show only security context
 
 config GROUPS
   bool "groups"
@@ -60,15 +60,16 @@ config WHOAMI
 */
 
 #define FOR_id
+#define FORCE_FLAGS
 #include "toys.h"
 
 GLOBALS(
-  int do_u, do_n, do_G, do_Z, is_groups;
+  int is_groups;
 )
 
 static void s_or_u(char *s, unsigned u, int done)
 {
-  if (TT.do_n) printf("%s", s);
+  if (toys.optflags&FLAG_n) printf("%s", s);
   else printf("%u", u);
   if (done) {
     xputc('\n');
@@ -101,12 +102,12 @@ void do_id(char *username)
 
   i = flags & FLAG_r;
   pw = xgetpwuid(i ? uid : euid);
-  if (TT.do_u) s_or_u(pw->pw_name, pw->pw_uid, 1);
+  if (toys.optflags&FLAG_u) s_or_u(pw->pw_name, pw->pw_uid, 1);
 
   grp = xgetgrgid(i ? gid : egid);
   if (flags & FLAG_g) s_or_u(grp->gr_name, grp->gr_gid, 1);
 
-  if (!TT.do_G && !TT.do_Z) {
+  if (!(toys.optflags&(FLAG_g|FLAG_Z))) {
     showid("uid=", pw->pw_uid, pw->pw_name);
     showid(" gid=", grp->gr_gid, grp->gr_name);
 
@@ -124,39 +125,35 @@ void do_id(char *username)
     showid(" groups=", grp->gr_gid, grp->gr_name);
   }
 
-  if (!TT.do_Z) {
+  if (!(toys.optflags&FLAG_Z)) {
     groups = (gid_t *)toybuf;
     i = sizeof(toybuf)/sizeof(gid_t);
     ngroups = username ? getgrouplist(username, gid, groups, &i)
       : getgroups(i, groups);
     if (ngroups<0) perror_exit(0);
 
-    int show_separator = !TT.do_G;
+    int show_separator = !(toys.optflags&FLAG_G);
     for (i = 0; i<ngroups; i++) {
-      if (show_separator) xputc(TT.do_G ? ' ' : ',');
+      if (show_separator) xputc((toys.optflags&FLAG_G) ? ' ' : ',');
       show_separator = 1;
       if (!(grp = getgrgid(groups[i]))) perror_msg(0);
-      else if (TT.do_G) s_or_u(grp->gr_name, grp->gr_gid, 0);
+      else if (toys.optflags&FLAG_G) s_or_u(grp->gr_name, grp->gr_gid, 0);
       else if (grp->gr_gid != egid) showid("", grp->gr_gid, grp->gr_name);
       else show_separator = 0; // Because we didn't show anything this time.
     }
-    if (TT.do_G) {
+    if (toys.optflags&FLAG_G) {
       xputc('\n');
       exit(0);
     }
   }
 
-  if (CFG_TOYBOX_SELINUX) {
-    char *context = NULL;
+  if (!CFG_TOYBOX_LSM_NONE) {
+    if (lsm_enabled()) {
+      char *context = lsm_context();
 
-    if (is_selinux_enabled() < 1) {
-      if (TT.do_Z)
-        error_exit("SELinux disabled");
-    } else if (getcon(&context) == 0) {
-      if (!TT.do_Z) xputc(' ');
-      printf("context=%s", context);
-    }
-    if (CFG_TOYBOX_FREE) free(context);
+      printf(" context=%s"+!!(toys.optflags&FLAG_Z), context);
+      if (CFG_TOYBOX_FREE) free(context);
+    } else if (toys.optflags&FLAG_Z) error_exit("%s disabled", lsm_name());
   }
 
   xputc('\n');
@@ -164,12 +161,6 @@ void do_id(char *username)
 
 void id_main(void)
 {
-  // FLAG macros can be 0 if "id" command not enabled, so snapshot them here.
-  if (FLAG_u) TT.do_u |= toys.optflags & FLAG_u;
-  if (FLAG_n) TT.do_n |= toys.optflags & FLAG_n;
-  if (FLAG_G) TT.do_G |= toys.optflags & FLAG_G;
-  if (FLAG_Z) TT.do_Z |= toys.optflags & FLAG_Z;
-
   if (toys.optc) while(*toys.optargs) do_id(*toys.optargs++);
   else do_id(NULL);
 }
@@ -177,12 +168,12 @@ void id_main(void)
 void groups_main(void)
 {
   TT.is_groups = 1;
-  TT.do_G = TT.do_n = 1;
+  toys.optflags = FLAG_G|FLAG_n;
   id_main();
 }
 
 void logname_main(void)
 {
-  TT.do_u = TT.do_n = 1;
+  toys.optflags = FLAG_u|FLAG_n;
   id_main();
 }
diff --git a/toys/posix/ls.c b/toys/posix/ls.c
index 46a60ef7..84149e41 100644
--- a/toys/posix/ls.c
+++ b/toys/posix/ls.c
@@ -47,7 +47,6 @@ config LS_COLOR
 
 #define FOR_ls
 #include "toys.h"
-#include "lib/lsm.h"
 
 // test sst output (suid/sticky in ls flaglist)