Patch from Russell Coker:

I've attached my latest SE Linux patch for busybox against the latest CVS version of busybox.
2003-07-03 10:07:04 +00:00
parent c48d49ad98
commit 9e48045e45
13 changed files with 263 additions and 30 deletions
--- a/libbb/find_pid_by_name.c
+++ b/libbb/find_pid_by_name.c
@@ -41,7 +41,11 @@ extern long* find_pid_by_name( const char* pidName)
 	procps_status_t * p;

 	pidList = xmalloc(sizeof(long));
+#ifdef CONFIG_SELINUX
+	while ((p = procps_scan(0, 0, NULL)) != 0) {
+#else
 	while ((p = procps_scan(0)) != 0) {
+#endif
 		if (strcmp(p->short_cmd, pidName) == 0) {
 			pidList=xrealloc( pidList, sizeof(long) * (i+2));
 			pidList[i++]=p->pid;
--- a/libbb/procps.c
+++ b/libbb/procps.c
@@ -16,7 +16,11 @@

 #include "libbb.h"

-extern procps_status_t * procps_scan(int save_user_arg0)
+extern procps_status_t * procps_scan(int save_user_arg0
+#ifdef CONFIG_SELINUX
+	, int use_selinux , security_id_t *sid
+#endif
+	)
 {
 	static DIR *dir;
 	struct dirent *entry;
@@ -53,6 +57,14 @@ extern procps_status_t * procps_scan(int save_user_arg0)
 		sprintf(status, "/proc/%d/stat", pid);
 		if((fp = fopen(status, "r")) == NULL)
 			continue;
+#ifdef CONFIG_SELINUX
+		if(use_selinux)
+		{
+			if(fstat_secure(fileno(fp), &sb, sid))
+				continue;
+		}
+		else
+#endif
 		if(fstat(fileno(fp), &sb))
 			continue;
 		my_getpwuid(curstatus.user, sb.st_uid);
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -36,14 +36,20 @@
 #include <syslog.h>
 #include <ctype.h>
 #include "libbb.h"
-
+#ifdef CONFIG_SELINUX
+#include <proc_secure.h>
+#endif

 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
   If COMMAND is nonzero, pass it to the shell with the -c option.
   If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
   arguments.  */

-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args )
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
+#ifdef CONFIG_SELINUX
+	, security_id_t sid
+#endif
+)
 {
 	const char **args;
 	int argno = 1;
@@ -71,6 +77,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
 			args [argno++] = *additional_args;
 	}
 	args [argno] = 0;
+#ifdef CONFIG_SELINUX
+	if(sid)
+		execve_secure(shell, (char **) args, environ, sid);
+	else
+#endif
 	execv ( shell, (char **) args );
 	bb_perror_msg_and_die ( "cannot run %s", shell );
 }