A patch from Takeharu KATO to update/fix SE-Linux support.
This commit is contained in:
parent
988a78c61c
commit
60158cb93e
3
Makefile
3
Makefile
@ -47,8 +47,7 @@ DIRS:=applets archival archival/libunarchive coreutils console-tools \
|
|||||||
SRC_DIRS:=$(patsubst %,$(top_srcdir)/%,$(DIRS))
|
SRC_DIRS:=$(patsubst %,$(top_srcdir)/%,$(DIRS))
|
||||||
|
|
||||||
ifeq ($(strip $(CONFIG_SELINUX)),y)
|
ifeq ($(strip $(CONFIG_SELINUX)),y)
|
||||||
CFLAGS += -I/usr/include/selinux
|
LIBRARIES += -lselinux
|
||||||
LIBRARIES += -lsecure
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
CONFIG_CONFIG_IN = $(top_srcdir)/sysdeps/$(TARGET_OS)/Config.in
|
CONFIG_CONFIG_IN = $(top_srcdir)/sysdeps/$(TARGET_OS)/Config.in
|
||||||
|
@ -32,8 +32,7 @@
|
|||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
#include <proc_secure.h>
|
#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
||||||
#include <flask_util.h>
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define PRINT_REAL 1
|
#define PRINT_REAL 1
|
||||||
@ -61,9 +60,6 @@ extern int id_main(int argc, char **argv)
|
|||||||
gid_t gid;
|
gid_t gid;
|
||||||
unsigned long flags;
|
unsigned long flags;
|
||||||
short status;
|
short status;
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
int is_flask_enabled_flag = is_flask_enabled();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
bb_opt_complementaly = "u~g:g~u";
|
bb_opt_complementaly = "u~g:g~u";
|
||||||
flags = bb_getopt_ulflags(argc, argv, "rnug");
|
flags = bb_getopt_ulflags(argc, argv, "rnug");
|
||||||
@ -109,17 +105,26 @@ extern int id_main(int argc, char **argv)
|
|||||||
putchar(' ');
|
putchar(' ');
|
||||||
/* my_getgrgid doesn't exit on failure here */
|
/* my_getgrgid doesn't exit on failure here */
|
||||||
status|=printf_full(gid, my_getgrgid(NULL, gid, 0), 'g');
|
status|=printf_full(gid, my_getgrgid(NULL, gid, 0), 'g');
|
||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
if(is_flask_enabled_flag) {
|
if ( is_selinux_enabled() ) {
|
||||||
security_id_t mysid = getsecsid();
|
security_context_t mysid;
|
||||||
char context[80];
|
char context[80];
|
||||||
int len = sizeof(context);
|
int len = sizeof(context);
|
||||||
|
|
||||||
|
getcon(&mysid);
|
||||||
context[0] = '\0';
|
context[0] = '\0';
|
||||||
if(security_sid_to_context(mysid, context, &len))
|
if (mysid) {
|
||||||
strcpy(context, "unknown");
|
len = strlen(mysid)+1;
|
||||||
|
safe_strncpy(context, mysid, len);
|
||||||
|
freecon(mysid);
|
||||||
|
}else{
|
||||||
|
safe_strncpy(context, "unknown",8);
|
||||||
|
}
|
||||||
bb_printf(" context=%s", context);
|
bb_printf(" context=%s", context);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
putchar('\n');
|
putchar('\n');
|
||||||
bb_fflush_stdout_and_exit(status);
|
bb_fflush_stdout_and_exit(status);
|
||||||
}
|
}
|
||||||
|
@ -64,9 +64,7 @@ enum {
|
|||||||
#include <sys/sysmacros.h> /* major() and minor() */
|
#include <sys/sysmacros.h> /* major() and minor() */
|
||||||
#include "busybox.h"
|
#include "busybox.h"
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
#include <fs_secure.h>
|
#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
||||||
#include <flask_util.h>
|
|
||||||
#include <ss.h>
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_FEATURE_LS_TIMESTAMPS
|
#ifdef CONFIG_FEATURE_LS_TIMESTAMPS
|
||||||
@ -182,7 +180,7 @@ struct dnode { /* the basic node */
|
|||||||
char *fullname; /* the dir entry name */
|
char *fullname; /* the dir entry name */
|
||||||
struct stat dstat; /* the file stat info */
|
struct stat dstat; /* the file stat info */
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
security_id_t sid;
|
security_context_t sid;
|
||||||
#endif
|
#endif
|
||||||
struct dnode *next; /* point at the next node */
|
struct dnode *next; /* point at the next node */
|
||||||
};
|
};
|
||||||
@ -195,7 +193,7 @@ static int list_single(struct dnode *);
|
|||||||
static unsigned int all_fmt;
|
static unsigned int all_fmt;
|
||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
static int is_flask_enabled_flag;
|
static int selinux_enabled= 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_FEATURE_AUTOWIDTH
|
#ifdef CONFIG_FEATURE_AUTOWIDTH
|
||||||
@ -213,16 +211,17 @@ static struct dnode *my_stat(char *fullname, char *name)
|
|||||||
struct stat dstat;
|
struct stat dstat;
|
||||||
struct dnode *cur;
|
struct dnode *cur;
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
security_id_t sid;
|
security_context_t sid=NULL;
|
||||||
#endif
|
#endif
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
#ifdef CONFIG_FEATURE_LS_FOLLOWLINKS
|
#ifdef CONFIG_FEATURE_LS_FOLLOWLINKS
|
||||||
if (all_fmt & FOLLOW_LINKS) {
|
if (all_fmt & FOLLOW_LINKS) {
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
if(is_flask_enabled_flag)
|
if (is_selinux_enabled()) {
|
||||||
rc = stat_secure(fullname, &dstat, &sid);
|
rc=0; /* Set the number which means success before hand. */
|
||||||
else
|
rc = getfilecon(fullname,&sid);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
rc = stat(fullname, &dstat);
|
rc = stat(fullname, &dstat);
|
||||||
if(rc)
|
if(rc)
|
||||||
@ -235,9 +234,10 @@ static struct dnode *my_stat(char *fullname, char *name)
|
|||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
if(is_flask_enabled_flag)
|
if (is_selinux_enabled()) {
|
||||||
rc = lstat_secure(fullname, &dstat, &sid);
|
rc=0; /* Set the number which means success before hand. */
|
||||||
else
|
rc = lgetfilecon(fullname,&sid);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
rc = lstat(fullname, &dstat);
|
rc = lstat(fullname, &dstat);
|
||||||
if(rc)
|
if(rc)
|
||||||
@ -736,12 +736,16 @@ static int list_single(struct dnode *dn)
|
|||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
case LIST_CONTEXT:
|
case LIST_CONTEXT:
|
||||||
{
|
{
|
||||||
char context[64];
|
char context[80];
|
||||||
int len = sizeof(context);
|
int len;
|
||||||
if(security_sid_to_context(dn->sid, context, &len))
|
|
||||||
{
|
if (dn->sid) {
|
||||||
strcpy(context, "unknown");
|
/* I assume sid initilized with NULL */
|
||||||
len = 7;
|
len = strlen(dn->sid)+1;
|
||||||
|
safe_strncpy(context, dn->sid, len);
|
||||||
|
freecon(dn->sid);
|
||||||
|
}else {
|
||||||
|
safe_strncpy(context, "unknown",8);
|
||||||
}
|
}
|
||||||
printf("%-32s ", context);
|
printf("%-32s ", context);
|
||||||
column += MAX(33, len);
|
column += MAX(33, len);
|
||||||
@ -963,10 +967,6 @@ extern int ls_main(int argc, char **argv)
|
|||||||
char *terminal_width_str = NULL;
|
char *terminal_width_str = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
is_flask_enabled_flag = is_flask_enabled();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
all_fmt = LIST_SHORT | DISP_NORMAL | STYLE_AUTO
|
all_fmt = LIST_SHORT | DISP_NORMAL | STYLE_AUTO
|
||||||
#ifdef CONFIG_FEATURE_LS_TIMESTAMPS
|
#ifdef CONFIG_FEATURE_LS_TIMESTAMPS
|
||||||
| TIME_MOD
|
| TIME_MOD
|
||||||
|
@ -423,11 +423,11 @@ void bb_xasprintf(char **string_ptr, const char *format, ...) __attribute__ ((fo
|
|||||||
#define FAIL_DELAY 3
|
#define FAIL_DELAY 3
|
||||||
extern void change_identity ( const struct passwd *pw );
|
extern void change_identity ( const struct passwd *pw );
|
||||||
extern const char *change_identity_e2str ( const struct passwd *pw );
|
extern const char *change_identity_e2str ( const struct passwd *pw );
|
||||||
extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
|
extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args);
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
, security_context_t sid
|
extern void renew_current_security_context(void);
|
||||||
|
extern void set_current_security_context(security_context_t sid);
|
||||||
#endif
|
#endif
|
||||||
);
|
|
||||||
extern int run_parts(char **args, const unsigned char test_mode, char **env);
|
extern int run_parts(char **args, const unsigned char test_mode, char **env);
|
||||||
extern int restricted_shell ( const char *shell );
|
extern int restricted_shell ( const char *shell );
|
||||||
extern void setup_environment ( const char *shell, int loginshell, int changeenv, const struct passwd *pw );
|
extern void setup_environment ( const char *shell, int loginshell, int changeenv, const struct passwd *pw );
|
||||||
@ -458,11 +458,7 @@ typedef struct {
|
|||||||
char short_cmd[16];
|
char short_cmd[16];
|
||||||
} procps_status_t;
|
} procps_status_t;
|
||||||
|
|
||||||
extern procps_status_t * procps_scan(int save_user_arg0
|
extern procps_status_t * procps_scan(int save_user_arg0);
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
, int use_selinux, security_context_t *sid
|
|
||||||
#endif
|
|
||||||
);
|
|
||||||
extern unsigned short compare_string_array(const char *string_array[], const char *key);
|
extern unsigned short compare_string_array(const char *string_array[], const char *key);
|
||||||
|
|
||||||
extern int my_query_module(const char *name, int which, void **buf, size_t *bufsize, size_t *ret);
|
extern int my_query_module(const char *name, int which, void **buf, size_t *bufsize, size_t *ret);
|
||||||
|
@ -45,11 +45,8 @@ extern long* find_pid_by_name( const char* pidName)
|
|||||||
procps_status_t * p;
|
procps_status_t * p;
|
||||||
|
|
||||||
pidList = xmalloc(sizeof(long));
|
pidList = xmalloc(sizeof(long));
|
||||||
#ifdef CONFIG_SELINUX
|
while ((p = procps_scan(0)) != 0)
|
||||||
while ((p = procps_scan(0, 0, NULL)) != 0) {
|
{
|
||||||
#else
|
|
||||||
while ((p = procps_scan(0)) != 0) {
|
|
||||||
#endif
|
|
||||||
if (strncmp(p->short_cmd, pidName, COMM_LEN-1) == 0) {
|
if (strncmp(p->short_cmd, pidName, COMM_LEN-1) == 0) {
|
||||||
pidList=xrealloc( pidList, sizeof(long) * (i+2));
|
pidList=xrealloc( pidList, sizeof(long) * (i+2));
|
||||||
pidList[i++]=p->pid;
|
pidList[i++]=p->pid;
|
||||||
|
@ -16,11 +16,7 @@
|
|||||||
|
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
||||||
extern procps_status_t * procps_scan(int save_user_arg0
|
extern procps_status_t * procps_scan(int save_user_arg0)
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
, int use_selinux , security_id_t *sid
|
|
||||||
#endif
|
|
||||||
)
|
|
||||||
{
|
{
|
||||||
static DIR *dir;
|
static DIR *dir;
|
||||||
struct dirent *entry;
|
struct dirent *entry;
|
||||||
@ -60,16 +56,9 @@ extern procps_status_t * procps_scan(int save_user_arg0
|
|||||||
my_getpwuid(curstatus.user, sb.st_uid, sizeof(curstatus.user));
|
my_getpwuid(curstatus.user, sb.st_uid, sizeof(curstatus.user));
|
||||||
|
|
||||||
sprintf(status, "/proc/%d/stat", pid);
|
sprintf(status, "/proc/%d/stat", pid);
|
||||||
|
|
||||||
if((fp = fopen(status, "r")) == NULL)
|
if((fp = fopen(status, "r")) == NULL)
|
||||||
continue;
|
continue;
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
if(use_selinux)
|
|
||||||
{
|
|
||||||
if(fstat_secure(fileno(fp), &sb, sid))
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
name = fgets(buf, sizeof(buf), fp);
|
name = fgets(buf, sizeof(buf), fp);
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
if(name == NULL)
|
if(name == NULL)
|
||||||
|
@ -37,7 +37,33 @@
|
|||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
#include <proc_secure.h>
|
#include <selinux/selinux.h> /* for setexeccon */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef CONFIG_SELINUX
|
||||||
|
static security_context_t current_sid=NULL;
|
||||||
|
|
||||||
|
void
|
||||||
|
renew_current_security_context(void)
|
||||||
|
{
|
||||||
|
if (current_sid)
|
||||||
|
freecon(current_sid); /* Release old context */
|
||||||
|
|
||||||
|
getcon(¤t_sid); /* update */
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
void
|
||||||
|
set_current_security_context(security_context_t sid)
|
||||||
|
{
|
||||||
|
if (current_sid)
|
||||||
|
freecon(current_sid); /* Release old context */
|
||||||
|
|
||||||
|
current_sid=sid;
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
|
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
|
||||||
@ -45,11 +71,7 @@
|
|||||||
If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
|
If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
|
||||||
arguments. */
|
arguments. */
|
||||||
|
|
||||||
void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
|
void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args)
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
, security_id_t sid
|
|
||||||
#endif
|
|
||||||
)
|
|
||||||
{
|
{
|
||||||
const char **args;
|
const char **args;
|
||||||
int argno = 1;
|
int argno = 1;
|
||||||
@ -78,9 +100,10 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
|
|||||||
}
|
}
|
||||||
args [argno] = 0;
|
args [argno] = 0;
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
if(sid)
|
if ( (current_sid) && (!setexeccon(current_sid)) ) {
|
||||||
execve_secure(shell, (char **) args, environ, sid);
|
freecon(current_sid);
|
||||||
else
|
execve(shell, (char **) args, environ);
|
||||||
|
} else
|
||||||
#endif
|
#endif
|
||||||
execv ( shell, (char **) args );
|
execv ( shell, (char **) args );
|
||||||
bb_perror_msg_and_die ( "cannot run %s", shell );
|
bb_perror_msg_and_die ( "cannot run %s", shell );
|
||||||
|
@ -17,10 +17,10 @@
|
|||||||
|
|
||||||
#include "busybox.h"
|
#include "busybox.h"
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
#include <flask_util.h>
|
#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
||||||
#include <get_sid_list.h>
|
#include <selinux/get_context_list.h> /* for get_default_context() */
|
||||||
#include <proc_secure.h>
|
#include <selinux/flask.h> /* for security class definitions */
|
||||||
#include <fs_secure.h>
|
#include <errno.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_FEATURE_U_W_TMP
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
||||||
@ -79,8 +79,7 @@ extern int login_main(int argc, char **argv)
|
|||||||
char *opt_host = 0;
|
char *opt_host = 0;
|
||||||
int alarmstarted = 0;
|
int alarmstarted = 0;
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
int flask_enabled = is_flask_enabled();
|
security_context_t stat_sid = NULL, sid = NULL, old_tty_sid=NULL, new_tty_sid=NULL;
|
||||||
security_id_t sid = 0, old_tty_sid, new_tty_sid;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
username[0]=0;
|
username[0]=0;
|
||||||
@ -225,41 +224,45 @@ auth_ok:
|
|||||||
#ifdef CONFIG_FEATURE_U_W_TMP
|
#ifdef CONFIG_FEATURE_U_W_TMP
|
||||||
setutmp ( username, tty );
|
setutmp ( username, tty );
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
if (flask_enabled)
|
|
||||||
{
|
|
||||||
struct stat st;
|
|
||||||
|
|
||||||
if (get_default_sid(username, 0, &sid))
|
|
||||||
{
|
|
||||||
fprintf(stderr, "Unable to get SID for %s\n", username);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
if (stat_secure(tty, &st, &old_tty_sid))
|
|
||||||
{
|
|
||||||
fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno));
|
|
||||||
return EXIT_FAILURE;
|
|
||||||
}
|
|
||||||
if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno));
|
|
||||||
return EXIT_FAILURE;
|
|
||||||
}
|
|
||||||
if(chsid(tty, new_tty_sid) != 0)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno));
|
|
||||||
return EXIT_FAILURE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
sid = 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if ( *tty != '/' )
|
if ( *tty != '/' )
|
||||||
snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
|
snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
|
||||||
else
|
else
|
||||||
safe_strncpy ( full_tty, tty, sizeof( full_tty ) - 1 );
|
safe_strncpy ( full_tty, tty, sizeof( full_tty ) - 1 );
|
||||||
|
|
||||||
|
#ifdef CONFIG_SELINUX
|
||||||
|
if (is_selinux_enabled())
|
||||||
|
{
|
||||||
|
struct stat st;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if (get_default_context(username, NULL, &sid))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "Unable to get SID for %s\n", username);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
rc = getfilecon(full_tty,&stat_sid);
|
||||||
|
freecon(stat_sid);
|
||||||
|
if ((rc<0) || (stat(full_tty, &st)<0))
|
||||||
|
{
|
||||||
|
fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", full_tty, strerror(errno));
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
if (security_compute_relabel (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", full_tty, strerror(errno));
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
if(setfilecon(full_tty, new_tty_sid) != 0)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "chsid(%.100s, %s) failed: %.100s\n", full_tty, new_tty_sid, strerror(errno));
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
freecon(sid);
|
||||||
|
freecon(old_tty_sid);
|
||||||
|
freecon(new_tty_sid);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if ( !is_my_tty ( full_tty ))
|
if ( !is_my_tty ( full_tty ))
|
||||||
syslog ( LOG_ERR, "unable to determine TTY name, got %s\n", full_tty );
|
syslog ( LOG_ERR, "unable to determine TTY name, got %s\n", full_tty );
|
||||||
|
|
||||||
@ -279,11 +282,10 @@ auth_ok:
|
|||||||
|
|
||||||
if ( pw-> pw_uid == 0 )
|
if ( pw-> pw_uid == 0 )
|
||||||
syslog ( LOG_INFO, "root login %s\n", fromhost );
|
syslog ( LOG_INFO, "root login %s\n", fromhost );
|
||||||
run_shell ( tmp, 1, 0, 0
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
, sid
|
set_current_security_context(sid);
|
||||||
#endif
|
#endif
|
||||||
); /* exec the shell finally. */
|
run_shell ( tmp, 1, 0, 0); /* exec the shell finally. */
|
||||||
|
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
@ -147,11 +147,10 @@ int su_main ( int argc, char **argv )
|
|||||||
|
|
||||||
change_identity ( pw );
|
change_identity ( pw );
|
||||||
setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw );
|
setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw );
|
||||||
run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
, 0
|
set_current_security_context(NULL);
|
||||||
#endif
|
#endif
|
||||||
);
|
run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args);
|
||||||
|
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
@ -153,6 +153,12 @@ extern int sulogin_main(int argc, char **argv)
|
|||||||
puts("Entering System Maintenance Mode\n");
|
puts("Entering System Maintenance Mode\n");
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
syslog(LOG_INFO, "System Maintenance Mode\n");
|
syslog(LOG_INFO, "System Maintenance Mode\n");
|
||||||
|
|
||||||
|
#ifdef CONFIG_SELINUX
|
||||||
|
renew_current_security_context();
|
||||||
|
#endif
|
||||||
|
|
||||||
run_shell(pwent.pw_shell, 1, 0, 0);
|
run_shell(pwent.pw_shell, 1, 0, 0);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
36
procps/ps.c
36
procps/ps.c
@ -31,9 +31,7 @@
|
|||||||
#include <sys/ioctl.h>
|
#include <sys/ioctl.h>
|
||||||
#include "busybox.h"
|
#include "busybox.h"
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
#include <fs_secure.h>
|
#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
||||||
#include <ss.h>
|
|
||||||
#include <flask_util.h> /* for is_flask_enabled() */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static const int TERMINAL_WIDTH = 79; /* not 80 in case terminal has linefold bug */
|
static const int TERMINAL_WIDTH = 79; /* not 80 in case terminal has linefold bug */
|
||||||
@ -48,8 +46,8 @@ extern int ps_main(int argc, char **argv)
|
|||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
int use_selinux = 0;
|
int use_selinux = 0;
|
||||||
security_id_t sid;
|
security_context_t sid=NULL;
|
||||||
if(is_flask_enabled() && argv[1] && !strcmp(argv[1], "-c") )
|
if(is_selinux_enabled() && argv[1] && !strcmp(argv[1], "-c") )
|
||||||
use_selinux = 1;
|
use_selinux = 1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -58,26 +56,34 @@ extern int ps_main(int argc, char **argv)
|
|||||||
terminal_width--;
|
terminal_width--;
|
||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
if(use_selinux)
|
if (use_selinux)
|
||||||
printf(" PID Context Stat Command\n");
|
printf(" PID Context Stat Command\n");
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
printf(" PID Uid VmSize Stat Command\n");
|
printf(" PID Uid VmSize Stat Command\n");
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
while ((p = procps_scan(1, use_selinux, &sid)) != 0) {
|
|
||||||
#else
|
|
||||||
while ((p = procps_scan(1)) != 0) {
|
|
||||||
#endif
|
|
||||||
char *namecmd = p->cmd;
|
|
||||||
|
|
||||||
|
while ((p = procps_scan(1)) != 0) {
|
||||||
|
char *namecmd = p->cmd;
|
||||||
#ifdef CONFIG_SELINUX
|
#ifdef CONFIG_SELINUX
|
||||||
if(use_selinux)
|
if ( use_selinux )
|
||||||
{
|
{
|
||||||
char sbuf[128];
|
char sbuf[128];
|
||||||
len = sizeof(sbuf);
|
len = sizeof(sbuf);
|
||||||
if(security_sid_to_context(sid, (security_context_t)&sbuf, &len))
|
|
||||||
strcpy(sbuf, "unknown");
|
|
||||||
|
|
||||||
|
if (is_selinux_enabled()) {
|
||||||
|
if (getpidcon(p->pid,&sid)<0)
|
||||||
|
sid=NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sid) {
|
||||||
|
/* I assume sid initilized with NULL */
|
||||||
|
len = strlen(sid)+1;
|
||||||
|
safe_strncpy(sbuf, sid, len);
|
||||||
|
freecon(sid);
|
||||||
|
sid=NULL;
|
||||||
|
}else {
|
||||||
|
safe_strncpy(sbuf, "unknown",7);
|
||||||
|
}
|
||||||
len = printf("%5d %-32s %s ", p->pid, sbuf, p->state);
|
len = printf("%5d %-32s %s ", p->pid, sbuf, p->state);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -510,11 +510,7 @@ int top_main(int argc, char **argv)
|
|||||||
/* read process IDs & status for all the processes */
|
/* read process IDs & status for all the processes */
|
||||||
procps_status_t * p;
|
procps_status_t * p;
|
||||||
|
|
||||||
#ifdef CONFIG_SELINUX
|
|
||||||
while ((p = procps_scan(0, 0, NULL) ) != 0) {
|
|
||||||
#else
|
|
||||||
while ((p = procps_scan(0)) != 0) {
|
while ((p = procps_scan(0)) != 0) {
|
||||||
#endif
|
|
||||||
int n = ntop;
|
int n = ntop;
|
||||||
|
|
||||||
top = xrealloc(top, (++ntop)*sizeof(procps_status_t));
|
top = xrealloc(top, (++ntop)*sizeof(procps_status_t));
|
||||||
|
Loading…
Reference in New Issue
Block a user