emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Patch from Russell Coker:

Browse Source 
I've attached my latest SE Linux patch for busybox against the latest CVS
    version of busybox.
This commit is contained in:
Eric Andersen 2003-07-03 10:07:04 +00:00
parent c48d49ad98
commit 9e48045e45
13 changed files with 263 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile
View File

@ -31,6 +31,11 @@ DIRS:=applets archival archival/libunarchive coreutils console-tools \
networking/libiproute networking/udhcp procps loginutils shell \ networking/libiproute networking/udhcp procps loginutils shell \
sysklogd util-linux libbb libpwdgrp coreutils/libcoreutils sysklogd util-linux libbb libpwdgrp coreutils/libcoreutils
ifeq ($(strip $(CONFIG_SELINUX)),y)
CFLAGS += -I/usr/include/selinux
LIBRARIES += -lsecure
endif
ifeq ($(strip $(HAVE_DOT_CONFIG)),y) ifeq ($(strip $(HAVE_DOT_CONFIG)),y)
all: busybox busybox.links #doc all: busybox busybox.links #doc

34
coreutils/id.c
View File

@ -28,9 +28,13 @@
#include <getopt.h> #include <getopt.h>
#include <string.h> #include <string.h>
#include <sys/types.h> #include <sys/types.h>
#ifdef CONFIG_SELINUX
#include <proc_secure.h>
#include <flask_util.h>
#endif
#define NO_GROUP 1 #define JUST_USER 1
#define NO_USER 2 #define JUST_GROUP 2
#define PRINT_REAL 4 #define PRINT_REAL 4
#define NAME_NOT_NUMBER 8 #define NAME_NOT_NUMBER 8
@ -40,10 +44,13 @@ extern int id_main(int argc, char **argv)
long pwnam, grnam; long pwnam, grnam;
int uid, gid; int uid, gid;
int flags; int flags;
#ifdef CONFIG_SELINUX
int is_flask_enabled_flag = is_flask_enabled();
#endif
flags = bb_getopt_ulflags(argc, argv, "ugrn"); flags = bb_getopt_ulflags(argc, argv, "ugrn");
if (((flags & (NO_USER | NO_GROUP)) == (NO_USER | NO_GROUP)) if (((flags & (JUST_USER | JUST_GROUP)) == (JUST_USER | JUST_GROUP))
|| (argc > optind + 1) || (argc > optind + 1)
) { ) {
bb_show_usage(); bb_show_usage();
@ -67,9 +74,9 @@ extern int id_main(int argc, char **argv)
pwnam=my_getpwnam(user); pwnam=my_getpwnam(user);
grnam=my_getgrnam(group); grnam=my_getgrnam(group);
if (flags & (NO_GROUP | NO_USER)) { if (flags & (JUST_GROUP | JUST_USER)) {
char *s = group; char *s = group;
if (flags & NO_GROUP) { if (flags & JUST_USER) {
s = user; s = user;
grnam = pwnam; grnam = pwnam;
} }
@ -79,7 +86,24 @@ extern int id_main(int argc, char **argv)
printf("%ld\n", grnam); printf("%ld\n", grnam);
} }
} else { } else {
#ifdef CONFIG_SELINUX
printf("uid=%ld(%s) gid=%ld(%s)", pwnam, user, grnam, group);
if(is_flask_enabled_flag)
{
security_id_t mysid = getsecsid();
char context[80];
int len = sizeof(context);
context[0] = '\0';
if(security_sid_to_context(mysid, context, &len))
strcpy(context, "unknown");
printf(" context=%s\n", context);
}
else
printf("\n");
#else
printf("uid=%ld(%s) gid=%ld(%s)\n", pwnam, user, grnam, group); printf("uid=%ld(%s) gid=%ld(%s)\n", pwnam, user, grnam, group);
#endif
} }
bb_fflush_stdout_and_exit(0); bb_fflush_stdout_and_exit(0);

94
coreutils/ls.c
View File

@ -62,6 +62,11 @@ enum {
#include <termios.h> #include <termios.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include "busybox.h" #include "busybox.h"
#ifdef CONFIG_SELINUX
#include <fs_secure.h>
#include <flask_util.h>
#include <ss.h>
#endif
#ifdef CONFIG_FEATURE_LS_TIMESTAMPS #ifdef CONFIG_FEATURE_LS_TIMESTAMPS
#include <time.h> #include <time.h>
@ -89,14 +94,15 @@ enum {
#define LIST_NLINKS (1U<<3) #define LIST_NLINKS (1U<<3)
#define LIST_ID_NAME (1U<<4) #define LIST_ID_NAME (1U<<4)
#define LIST_ID_NUMERIC (1U<<5) #define LIST_ID_NUMERIC (1U<<5)
#define LIST_SIZE (1U<<6) #define LIST_CONTEXT (1U<<6)
#define LIST_DEV (1U<<7) #define LIST_SIZE (1U<<7)
#define LIST_DATE_TIME (1U<<8) #define LIST_DEV (1U<<8)
#define LIST_FULLTIME (1U<<9) #define LIST_DATE_TIME (1U<<9)
#define LIST_FILENAME (1U<<10) #define LIST_FULLTIME (1U<<10)
#define LIST_SYMLINK (1U<<11) #define LIST_FILENAME (1U<<11)
#define LIST_FILETYPE (1U<<12) #define LIST_SYMLINK (1U<<12)
#define LIST_EXEC (1U<<13) #define LIST_FILETYPE (1U<<13)
#define LIST_EXEC (1U<<14)
#define LIST_MASK ((LIST_EXEC << 1) - 1) #define LIST_MASK ((LIST_EXEC << 1) - 1)
@ -179,6 +185,9 @@ struct dnode { /* the basic node */
char *name; /* the dir entry name */ char *name; /* the dir entry name */
char *fullname; /* the dir entry name */ char *fullname; /* the dir entry name */
struct stat dstat; /* the file stat info */ struct stat dstat; /* the file stat info */
#ifdef CONFIG_SELINUX
security_id_t sid;
#endif
struct dnode *next; /* point at the next node */ struct dnode *next; /* point at the next node */
}; };
typedef struct dnode dnode_t; typedef struct dnode dnode_t;
@ -189,6 +198,10 @@ static int list_single(struct dnode *);
static unsigned int all_fmt; static unsigned int all_fmt;
#ifdef CONFIG_SELINUX
static int is_flask_enabled_flag;
#endif
#ifdef CONFIG_FEATURE_AUTOWIDTH #ifdef CONFIG_FEATURE_AUTOWIDTH
static unsigned short terminal_width = TERMINAL_WIDTH; static unsigned short terminal_width = TERMINAL_WIDTH;
static unsigned short tabstops = COLUMN_GAP; static unsigned short tabstops = COLUMN_GAP;
@ -203,26 +216,49 @@ static struct dnode *my_stat(char *fullname, char *name)
{ {
struct stat dstat; struct stat dstat;
struct dnode *cur; struct dnode *cur;
#ifdef CONFIG_SELINUX
security_id_t sid;
#endif
int rc;
#ifdef CONFIG_FEATURE_LS_FOLLOWLINKS #ifdef CONFIG_FEATURE_LS_FOLLOWLINKS
if (all_fmt & FOLLOW_LINKS) { if (all_fmt & FOLLOW_LINKS) {
if (stat(fullname, &dstat)) { #ifdef CONFIG_SELINUX
if(is_flask_enabled_flag)
rc = stat_secure(fullname, &dstat, &sid);
else
#endif
rc = stat(fullname, &dstat);
if(rc)
{
bb_perror_msg("%s", fullname); bb_perror_msg("%s", fullname);
status = EXIT_FAILURE; status = EXIT_FAILURE;
return 0; return 0;
} }
} else } else
#endif #endif
if (lstat(fullname, &dstat)) { {
bb_perror_msg("%s", fullname); #ifdef CONFIG_SELINUX
status = EXIT_FAILURE; if(is_flask_enabled_flag)
return 0; rc = lstat_secure(fullname, &dstat, &sid);
else
#endif
rc = lstat(fullname, &dstat);
if(rc)
{
bb_perror_msg("%s", fullname);
status = EXIT_FAILURE;
return 0;
}
} }
cur = (struct dnode *) xmalloc(sizeof(struct dnode)); cur = (struct dnode *) xmalloc(sizeof(struct dnode));
cur->fullname = fullname; cur->fullname = fullname;
cur->name = name; cur->name = name;
cur->dstat = dstat; cur->dstat = dstat;
#ifdef CONFIG_SELINUX
cur->sid = sid;
#endif
return cur; return cur;
} }
@ -451,6 +487,9 @@ static void showfiles(struct dnode **dn, int nfiles)
/* find the longest file name- use that as the column width */ /* find the longest file name- use that as the column width */
for (i = 0; i < nfiles; i++) { for (i = 0; i < nfiles; i++) {
int len = strlen(dn[i]->name) + int len = strlen(dn[i]->name) +
#ifdef CONFIG_SELINUX
((all_fmt & LIST_CONTEXT) ? 33 : 0) +
#endif
((all_fmt & LIST_INO) ? 8 : 0) + ((all_fmt & LIST_INO) ? 8 : 0) +
((all_fmt & LIST_BLOCKS) ? 5 : 0); ((all_fmt & LIST_BLOCKS) ? 5 : 0);
if (column_width < len) if (column_width < len)
@ -694,6 +733,21 @@ static int list_single(struct dnode *dn)
} }
column += 13; column += 13;
break; break;
#endif
#ifdef CONFIG_SELINUX
case LIST_CONTEXT:
{
char context[64];
int len = sizeof(context);
if(security_sid_to_context(dn->sid, context, &len))
{
strcpy(context, "unknown");
len = 7;
}
printf("%-32s ", context);
column += MAX(33, len);
}
break;
#endif #endif
case LIST_FILENAME: case LIST_FILENAME:
#ifdef CONFIG_FEATURE_LS_COLOR #ifdef CONFIG_FEATURE_LS_COLOR
@ -774,6 +828,9 @@ static const char ls_opts[] = "1AaCdgilnsx"
"h" "h"
#endif #endif
"k" "k"
#ifdef CONFIG_SELINUX
"K"
#endif
#ifdef CONFIG_FEATURE_AUTOWIDTH #ifdef CONFIG_FEATURE_AUTOWIDTH
"T:w:" "T:w:"
#endif #endif
@ -834,7 +891,12 @@ static const unsigned opt_flags[] = {
#ifdef CONFIG_FEATURE_HUMAN_READABLE #ifdef CONFIG_FEATURE_HUMAN_READABLE
LS_DISP_HR, /* h */ LS_DISP_HR, /* h */
#endif #endif
#ifndef CONFIG_SELINUX
0, /* k - ingored */ 0, /* k - ingored */
#else
LIST_CONTEXT, /* k */
LIST_MODEBITS|LIST_NLINKS|LIST_CONTEXT|LIST_SIZE|LIST_DATE_TIME, /* K */
#endif
}; };
@ -849,6 +911,9 @@ extern int ls_main(int argc, char **argv)
int opt; int opt;
int oi, ac; int oi, ac;
char **av; char **av;
#ifdef CONFIG_SELINUX
is_flask_enabled_flag = is_flask_enabled();
#endif
#ifdef CONFIG_FEATURE_AUTOWIDTH #ifdef CONFIG_FEATURE_AUTOWIDTH
struct winsize win = { 0, 0, 0, 0 }; struct winsize win = { 0, 0, 0, 0 };
@ -911,6 +976,9 @@ extern int ls_main(int argc, char **argv)
if (flags & TIME_MASK_TRIGGER) { if (flags & TIME_MASK_TRIGGER) {
all_fmt &= ~TIME_MASK; all_fmt &= ~TIME_MASK;
} }
if (flags & LIST_CONTEXT) {
all_fmt |= STYLE_SINGLE;
}
#ifdef CONFIG_FEATURE_HUMAN_READABLE #ifdef CONFIG_FEATURE_HUMAN_READABLE
if (opt == 'l') { if (opt == 'l') {
all_fmt &= ~LS_DISP_HR; all_fmt &= ~LS_DISP_HR;

15
include/libbb.h
View File

@ -39,6 +39,9 @@
#include <features.h> #include <features.h>
#include "config.h" #include "config.h"
#ifdef CONFIG_SELINUX
#include <proc_secure.h>
#endif
#include "pwd_.h" #include "pwd_.h"
#include "grp_.h" #include "grp_.h"
@ -394,7 +397,11 @@ void bb_xasprintf(char **string_ptr, const char *format, ...) __attribute__ ((fo
#define FAIL_DELAY 3 #define FAIL_DELAY 3
extern void change_identity ( const struct passwd *pw ); extern void change_identity ( const struct passwd *pw );
extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args ); extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
#ifdef CONFIG_SELINUX
, security_id_t sid
#endif
);
extern int run_parts(char **args, const unsigned char test_mode); extern int run_parts(char **args, const unsigned char test_mode);
extern int restricted_shell ( const char *shell ); extern int restricted_shell ( const char *shell );
extern void setup_environment ( const char *shell, int loginshell, int changeenv, const struct passwd *pw ); extern void setup_environment ( const char *shell, int loginshell, int changeenv, const struct passwd *pw );
@ -425,7 +432,11 @@ typedef struct {
char short_cmd[16]; char short_cmd[16];
} procps_status_t; } procps_status_t;
extern procps_status_t * procps_scan(int save_user_arg0); extern procps_status_t * procps_scan(int save_user_arg0
#ifdef CONFIG_SELINUX
, int use_selinux, security_id_t *sid
#endif
);
extern unsigned short compare_string_array(const char *string_array[], const char *key); extern unsigned short compare_string_array(const char *string_array[], const char *key);
extern int my_query_module(const char *name, int which, void **buf, size_t *bufsize, size_t *ret); extern int my_query_module(const char *name, int which, void **buf, size_t *bufsize, size_t *ret);

15
include/usage.h
View File

@ -882,6 +882,12 @@
"\t-u\tthe hardware clock is kept in coordinated universal time\n" \ "\t-u\tthe hardware clock is kept in coordinated universal time\n" \
"\t-l\tthe hardware clock is kept in local time" "\t-l\tthe hardware clock is kept in local time"
#ifdef CONFIG_SELINUX
#define USAGE_SELINUX(a, b) a
#else
#define USAGE_SELINUX(a, b) b
#endif
#define id_trivial_usage \ #define id_trivial_usage \
"[OPTIONS]... [USERNAME]" "[OPTIONS]... [USERNAME]"
#define id_full_usage \ #define id_full_usage \
@ -889,6 +895,7 @@
"Options:\n" \ "Options:\n" \
"\t-g\tprints only the group ID\n" \ "\t-g\tprints only the group ID\n" \
"\t-u\tprints only the user ID\n" \ "\t-u\tprints only the user ID\n" \
USAGE_SELINUX("\t-c\tprints only the security context\n", "") \
"\t-n\tprint a name instead of a number (with for -ug)\n" \ "\t-n\tprint a name instead of a number (with for -ug)\n" \
"\t-r\tprints the real user ID instead of the effective ID (with -ug)" "\t-r\tprints the real user ID instead of the effective ID (with -ug)"
#define id_example_usage \ #define id_example_usage \
@ -1347,7 +1354,7 @@
#define USAGE_AUTOWIDTH(a) #define USAGE_AUTOWIDTH(a)
#endif #endif
#define ls_trivial_usage \ #define ls_trivial_usage \
"[-1Aa" USAGE_LS_TIMESTAMPS("c") "Cd" USAGE_LS_TIMESTAMPS("e") USAGE_LS_FILETYPES("F") "iln" USAGE_LS_FILETYPES("p") USAGE_LS_FOLLOWLINKS("L") USAGE_LS_RECURSIVE("R") USAGE_LS_SORTFILES("rS") "s" USAGE_AUTOWIDTH("T") USAGE_LS_TIMESTAMPS("tu") USAGE_LS_SORTFILES("v") USAGE_AUTOWIDTH("w") "x" USAGE_LS_SORTFILES("X") USAGE_HUMAN_READABLE("h") USAGE_NOT_HUMAN_READABLE("") "k] [filenames...]" "[-1Aa" USAGE_LS_TIMESTAMPS("c") "Cd" USAGE_LS_TIMESTAMPS("e") USAGE_LS_FILETYPES("F") "iln" USAGE_LS_FILETYPES("p") USAGE_LS_FOLLOWLINKS("L") USAGE_LS_RECURSIVE("R") USAGE_LS_SORTFILES("rS") "s" USAGE_AUTOWIDTH("T") USAGE_LS_TIMESTAMPS("tu") USAGE_LS_SORTFILES("v") USAGE_AUTOWIDTH("w") "x" USAGE_LS_SORTFILES("X") USAGE_HUMAN_READABLE("h") USAGE_NOT_HUMAN_READABLE("") "k" USAGE_SELINUX("K", "") "] [filenames...]"
#define ls_full_usage \ #define ls_full_usage \
"List directory contents\n\n" \ "List directory contents\n\n" \
"Options:\n" \ "Options:\n" \
@ -1377,8 +1384,7 @@
USAGE_LS_SORTFILES("\t-X\tsort the listing by extension\n") \ USAGE_LS_SORTFILES("\t-X\tsort the listing by extension\n") \
USAGE_HUMAN_READABLE( \ USAGE_HUMAN_READABLE( \
"\t-h\tprint sizes in human readable format (e.g., 1K 243M 2G )\n" \ "\t-h\tprint sizes in human readable format (e.g., 1K 243M 2G )\n" \
"\t-k\tprint sizes in kilobytes(default)") USAGE_NOT_HUMAN_READABLE( \ USAGE_SELINUX("\t-k\tprint security context\n\t-K\tprint security context in long format\n", "")
"\t-k\tprint sizes in kilobytes(compatibility)")
#define lsmod_trivial_usage \ #define lsmod_trivial_usage \
"" ""
@ -1786,7 +1792,8 @@
"" ""
#define ps_full_usage \ #define ps_full_usage \
"Report process status\n" \ "Report process status\n" \
"\nThis version of ps accepts no options." USAGE_SELINUX("\nOptions:\n\t-c\tshow SE Linux context", "\nThis version of ps accepts no options.")
#define ps_example_usage \ #define ps_example_usage \
"$ ps\n" \ "$ ps\n" \
" PID Uid Gid State Command\n" \ " PID Uid Gid State Command\n" \

4
libbb/find_pid_by_name.c
View File

@ -41,7 +41,11 @@ extern long* find_pid_by_name( const char* pidName)
procps_status_t * p; procps_status_t * p;
pidList = xmalloc(sizeof(long)); pidList = xmalloc(sizeof(long));
#ifdef CONFIG_SELINUX
while ((p = procps_scan(0, 0, NULL)) != 0) {
#else
while ((p = procps_scan(0)) != 0) { while ((p = procps_scan(0)) != 0) {
#endif
if (strcmp(p->short_cmd, pidName) == 0) { if (strcmp(p->short_cmd, pidName) == 0) {
pidList=xrealloc( pidList, sizeof(long) * (i+2)); pidList=xrealloc( pidList, sizeof(long) * (i+2));
pidList[i++]=p->pid; pidList[i++]=p->pid;

14
libbb/procps.c
View File

@ -16,7 +16,11 @@
#include "libbb.h" #include "libbb.h"
extern procps_status_t * procps_scan(int save_user_arg0) extern procps_status_t * procps_scan(int save_user_arg0
#ifdef CONFIG_SELINUX
, int use_selinux , security_id_t *sid
#endif
)
{ {
static DIR *dir; static DIR *dir;
struct dirent *entry; struct dirent *entry;
@ -53,6 +57,14 @@ extern procps_status_t * procps_scan(int save_user_arg0)
sprintf(status, "/proc/%d/stat", pid); sprintf(status, "/proc/%d/stat", pid);
if((fp = fopen(status, "r")) == NULL) if((fp = fopen(status, "r")) == NULL)
continue; continue;
#ifdef CONFIG_SELINUX
if(use_selinux)
{
if(fstat_secure(fileno(fp), &sb, sid))
continue;
}
else
#endif
if(fstat(fileno(fp), &sb)) if(fstat(fileno(fp), &sb))
continue; continue;
my_getpwuid(curstatus.user, sb.st_uid); my_getpwuid(curstatus.user, sb.st_uid);

15
libbb/run_shell.c
View File

@ -36,14 +36,20 @@
#include <syslog.h> #include <syslog.h>
#include <ctype.h> #include <ctype.h>
#include "libbb.h" #include "libbb.h"
#ifdef CONFIG_SELINUX
#include <proc_secure.h>
#endif
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty. /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
If COMMAND is nonzero, pass it to the shell with the -c option. If COMMAND is nonzero, pass it to the shell with the -c option.
If ADDITIONAL_ARGS is nonzero, pass it to the shell as more If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
arguments. */ arguments. */
void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args ) void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
#ifdef CONFIG_SELINUX
, security_id_t sid
#endif
)
{ {
const char **args; const char **args;
int argno = 1; int argno = 1;
@ -71,6 +77,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
args [argno++] = *additional_args; args [argno++] = *additional_args;
} }
args [argno] = 0; args [argno] = 0;
#ifdef CONFIG_SELINUX
if(sid)
execve_secure(shell, (char **) args, environ, sid);
else
#endif
execv ( shell, (char **) args ); execv ( shell, (char **) args );
bb_perror_msg_and_die ( "cannot run %s", shell ); bb_perror_msg_and_die ( "cannot run %s", shell );
} }

47
loginutils/login.c
View File

@ -16,7 +16,12 @@
#include <time.h> #include <time.h>
#include "busybox.h" #include "busybox.h"
#ifdef CONFIG_SELINUX
#include <flask_util.h>
#include <get_sid_list.h>
#include <proc_secure.h>
#include <fs_secure.h>
#endif
#ifdef CONFIG_FEATURE_U_W_TMP #ifdef CONFIG_FEATURE_U_W_TMP
// import from utmp.c // import from utmp.c
@ -73,6 +78,10 @@ extern int login_main(int argc, char **argv)
int opt_fflag = 0; int opt_fflag = 0;
char *opt_host = 0; char *opt_host = 0;
int alarmstarted = 0; int alarmstarted = 0;
#ifdef CONFIG_SELINUX
int flask_enabled = is_flask_enabled();
security_id_t sid = 0, old_tty_sid, new_tty_sid;
#endif
username[0]=0; username[0]=0;
amroot = ( getuid ( ) == 0 ); amroot = ( getuid ( ) == 0 );
@ -217,6 +226,36 @@ auth_ok:
#ifdef CONFIG_FEATURE_U_W_TMP #ifdef CONFIG_FEATURE_U_W_TMP
setutmp ( username, tty ); setutmp ( username, tty );
#endif #endif
#ifdef CONFIG_SELINUX
if (flask_enabled)
{
struct stat st;
if (get_default_sid(username, 0, &sid))
{
fprintf(stderr, "Unable to get SID for %s\n", username);
exit(1);
}
if (stat_secure(tty, &st, &old_tty_sid))
{
fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno));
return EXIT_FAILURE;
}
if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
{
fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno));
return EXIT_FAILURE;
}
if(chsid(tty, new_tty_sid) != 0)
{
fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno));
return EXIT_FAILURE;
}
}
else
sid = 0;
#endif
if ( *tty != '/' ) if ( *tty != '/' )
snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty); snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
else else
@ -239,7 +278,11 @@ auth_ok:
if ( pw-> pw_uid == 0 ) if ( pw-> pw_uid == 0 )
syslog ( LOG_INFO, "root login %s\n", fromhost ); syslog ( LOG_INFO, "root login %s\n", fromhost );
run_shell ( pw-> pw_shell, 1, 0, 0 ); /* exec the shell finally. */ run_shell ( pw-> pw_shell, 1, 0, 0
#ifdef CONFIG_SELINUX
, sid
#endif
); /* exec the shell finally. */
return EXIT_FAILURE; return EXIT_FAILURE;
} }

6
loginutils/su.c
View File

@ -156,7 +156,11 @@ int su_main ( int argc, char **argv )
change_identity ( pw ); change_identity ( pw );
setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw ); setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw );
run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args ); run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args
#ifdef CONFIG_SELINUX
, 0
#endif
);
return EXIT_FAILURE; return EXIT_FAILURE;
} }

33
procps/ps.c
View File

@ -31,6 +31,11 @@
#include <termios.h> #include <termios.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include "busybox.h" #include "busybox.h"
#ifdef CONFIG_SELINUX
#include <fs_secure.h>
#include <ss.h>
#include <flask_util.h> /* for is_flask_enabled() */
#endif
static const int TERMINAL_WIDTH = 79; /* not 80 in case terminal has linefold bug */ static const int TERMINAL_WIDTH = 79; /* not 80 in case terminal has linefold bug */
@ -47,6 +52,13 @@ extern int ps_main(int argc, char **argv)
#define terminal_width TERMINAL_WIDTH #define terminal_width TERMINAL_WIDTH
#endif #endif
#ifdef CONFIG_SELINUX
int use_selinux = 0;
security_id_t sid;
if(is_flask_enabled() && argv[1] && !strcmp(argv[1], "-c") )
use_selinux = 1;
#endif
#ifdef CONFIG_FEATURE_AUTOWIDTH #ifdef CONFIG_FEATURE_AUTOWIDTH
ioctl(fileno(stdout), TIOCGWINSZ, &win); ioctl(fileno(stdout), TIOCGWINSZ, &win);
@ -54,10 +66,31 @@ extern int ps_main(int argc, char **argv)
terminal_width = win.ws_col - 1; terminal_width = win.ws_col - 1;
#endif #endif
#ifdef CONFIG_SELINUX
if(use_selinux)
printf(" PID Context Stat Command\n");
else
#endif
printf(" PID Uid VmSize Stat Command\n"); printf(" PID Uid VmSize Stat Command\n");
#ifdef CONFIG_SELINUX
while ((p = procps_scan(1, use_selinux, &sid)) != 0) {
#else
while ((p = procps_scan(1)) != 0) { while ((p = procps_scan(1)) != 0) {
#endif
char *namecmd = p->cmd; char *namecmd = p->cmd;
#ifdef CONFIG_SELINUX
if(use_selinux)
{
char sbuf[128];
len = sizeof(sbuf);
if(security_sid_to_context(sid, (security_context_t)&sbuf, &len))
strcpy(sbuf, "unknown");
len = printf("%5d %-32s %s ", p->pid, sbuf, p->state);
}
else
#endif
if(p->rss == 0) if(p->rss == 0)
len = printf("%5d %-8s %s ", p->pid, p->user, p->state); len = printf("%5d %-8s %s ", p->pid, p->user, p->state);
else else

4
procps/top.c
View File

@ -501,7 +501,11 @@ int top_main(int argc, char **argv)
/* read process IDs & status for all the processes */ /* read process IDs & status for all the processes */
procps_status_t * p; procps_status_t * p;
#ifdef CONFIG_SELINUX
while ((p = procps_scan(0, 0, NULL) ) != 0) {
#else
while ((p = procps_scan(0)) != 0) { while ((p = procps_scan(0)) != 0) {
#endif
int n = ntop; int n = ntop;
top = xrealloc(top, (++ntop)*sizeof(procps_status_t)); top = xrealloc(top, (++ntop)*sizeof(procps_status_t));

7
sysdeps/linux/Config.in
View File

@ -106,6 +106,13 @@ config CONFIG_FEATURE_SUID_CONFIG_QUIET
help help
Please submit a patch to add help text for this item. Please submit a patch to add help text for this item.
config CONFIG_SELINUX
bool "Support NSA Security Enhanced Linux"
default n
help
Enable support for SE Linux in applets ls, ps, and id. Also provide
the option of compiling in SE Linux applets.
endmenu endmenu
menu 'Build Options' menu 'Build Options'