A patch from Takeharu KATO to update/fix SE-Linux support.

2005-05-03 06:25:50 +00:00
parent 988a78c61c
commit 60158cb93e
12 changed files with 161 additions and 143 deletions
--- a/libbb/find_pid_by_name.c
+++ b/libbb/find_pid_by_name.c
@@ -45,11 +45,8 @@ extern long* find_pid_by_name( const char* pidName)
 	procps_status_t * p;

 	pidList = xmalloc(sizeof(long));
-#ifdef CONFIG_SELINUX
-	while ((p = procps_scan(0, 0, NULL)) != 0) {
-#else
-	while ((p = procps_scan(0)) != 0) {
-#endif
+	while ((p = procps_scan(0)) != 0) 
+	{
 		if (strncmp(p->short_cmd, pidName, COMM_LEN-1) == 0) {
 			pidList=xrealloc( pidList, sizeof(long) * (i+2));
 			pidList[i++]=p->pid;
--- a/libbb/procps.c
+++ b/libbb/procps.c
@@ -16,11 +16,7 @@

 #include "libbb.h"

-extern procps_status_t * procps_scan(int save_user_arg0
-#ifdef CONFIG_SELINUX
-	, int use_selinux , security_id_t *sid
-#endif
-	)
+extern procps_status_t * procps_scan(int save_user_arg0)
 {
 	static DIR *dir;
 	struct dirent *entry;
@@ -60,16 +56,9 @@ extern procps_status_t * procps_scan(int save_user_arg0
 		my_getpwuid(curstatus.user, sb.st_uid, sizeof(curstatus.user));

 		sprintf(status, "/proc/%d/stat", pid);
+
 		if((fp = fopen(status, "r")) == NULL)
 			continue;
-#ifdef CONFIG_SELINUX
-		if(use_selinux)
-		{
-			if(fstat_secure(fileno(fp), &sb, sid))
-				continue;
-		}
-		else
-#endif
 		name = fgets(buf, sizeof(buf), fp);
 		fclose(fp);
 		if(name == NULL)
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -37,7 +37,33 @@
 #include <ctype.h>
 #include "libbb.h"
 #ifdef CONFIG_SELINUX
-#include <proc_secure.h>
+#include <selinux/selinux.h>  /* for setexeccon  */
+#endif
+
+#ifdef CONFIG_SELINUX
+static security_context_t current_sid=NULL;
+
+void
+renew_current_security_context(void)
+{
+  if  (current_sid)  
+    freecon(current_sid);  /* Release old context  */
+
+  getcon(&current_sid);  /* update */
+
+  return;
+}
+void
+set_current_security_context(security_context_t sid)
+{
+  if  (current_sid)  
+    freecon(current_sid);  /* Release old context  */
+
+  current_sid=sid;
+
+  return;
+}
+
 #endif

 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
@@ -45,11 +71,7 @@
   If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
   arguments.  */

-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
-#ifdef CONFIG_SELINUX
-	, security_id_t sid
-#endif
-)
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args)
 {
 	const char **args;
 	int argno = 1;
@@ -78,10 +100,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
 	}
 	args [argno] = 0;
 #ifdef CONFIG_SELINUX
-	if(sid)
-		execve_secure(shell, (char **) args, environ, sid);
-	else
+	if ( (current_sid) && (!setexeccon(current_sid)) ) {
+	    freecon(current_sid);
+	    execve(shell, (char **) args, environ);
+	} else
 #endif
-	execv ( shell, (char **) args );
+	  execv ( shell, (char **) args );
 	bb_perror_msg_and_die ( "cannot run %s", shell );
 }