Convert all selinux/* applets to "new style" applet definitions

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2016-11-23 18:46:40 +01:00
parent 15fb91cefb
commit a8e52da774
14 changed files with 148 additions and 137 deletions

View File

@ -73,25 +73,13 @@ s - suid type:
INSERT
IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_DHCPRELAY(APPLET(dhcprelay, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_DUMPLEASES(APPLET(dumpleases, BB_DIR_USR_BIN, BB_SUID_DROP))
//IF_E2FSCK(APPLET(e2fsck, BB_DIR_SBIN, BB_SUID_DROP))
//IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label))
//IF_E2FSCK(APPLET_ODDNAME(fsck.ext2, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext2))
//IF_E2FSCK(APPLET_ODDNAME(fsck.ext3, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext3))
IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
//IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_UDHCPC(APPLET(udhcpc, BB_DIR_SBIN, BB_SUID_DROP))
IF_UDHCPD(APPLET(udhcpd, BB_DIR_USR_SBIN, BB_SUID_DROP))

View File

@ -8,117 +8,4 @@ menu "SELinux Utilities"
INSERT
config CHCON
bool "chcon"
default n
depends on SELINUX
help
Enable support to change the security context of file.
config FEATURE_CHCON_LONG_OPTIONS
bool "Enable long options"
default y
depends on CHCON && LONG_OPTS
help
Support long options for the chcon applet.
config GETENFORCE
bool "getenforce"
default n
depends on SELINUX
help
Enable support to get the current mode of SELinux.
config GETSEBOOL
bool "getsebool"
default n
depends on SELINUX
help
Enable support to get SELinux boolean values.
config LOAD_POLICY
bool "load_policy"
default n
depends on SELINUX
help
Enable support to load SELinux policy.
config MATCHPATHCON
bool "matchpathcon"
default n
depends on SELINUX
help
Enable support to get default security context of the
specified path from the file contexts configuration.
config RESTORECON
bool "restorecon"
default n
depends on SELINUX
help
Enable support to relabel files. The feature is almost
the same as setfiles, but usage is a little different.
config RUNCON
bool "runcon"
default n
depends on SELINUX
help
Enable support to run command in specified security context.
config FEATURE_RUNCON_LONG_OPTIONS
bool "Enable long options"
default y
depends on RUNCON && LONG_OPTS
help
Support long options for the runcon applet.
config SELINUXENABLED
bool "selinuxenabled"
default n
depends on SELINUX
help
Enable support for this command to be used within shell scripts
to determine if selinux is enabled.
config SETENFORCE
bool "setenforce"
default n
depends on SELINUX
help
Enable support to modify the mode SELinux is running in.
config SETFILES
bool "setfiles"
default n
depends on SELINUX
help
Enable support to modify to relabel files.
Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
(It is default in libselinux's Makefile), you _must_ enable
CONFIG_LFS.
config FEATURE_SETFILES_CHECK_OPTION
bool "Enable check option"
default n
depends on SETFILES
help
Support "-c" option (check the validity of the contexts against
the specified binary policy) for setfiles. Requires libsepol.
config SETSEBOOL
bool "setsebool"
default n
depends on SELINUX
help
Enable support for change boolean.
semanage and -P option is not supported yet.
config SESTATUS
bool "sestatus"
default n
depends on SELINUX
help
Displays the status of SELinux.
endmenu

View File

@ -8,15 +8,3 @@
lib-y:=
INSERT
lib-$(CONFIG_CHCON) += chcon.o
lib-$(CONFIG_GETENFORCE) += getenforce.o
lib-$(CONFIG_GETSEBOOL) += getsebool.o
lib-$(CONFIG_LOAD_POLICY) += load_policy.o
lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
lib-$(CONFIG_RUNCON) += runcon.o
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
lib-$(CONFIG_SETENFORCE) += setenforce.o
lib-$(CONFIG_SETFILES) += setfiles.o
lib-$(CONFIG_RESTORECON) += setfiles.o
lib-$(CONFIG_SETSEBOOL) += setsebool.o
lib-$(CONFIG_SESTATUS) += sestatus.o

View File

@ -7,6 +7,23 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config CHCON
//config: bool "chcon"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to change the security context of file.
//config:
//config:config FEATURE_CHCON_LONG_OPTIONS
//config: bool "Enable long options"
//config: default y
//config: depends on CHCON && LONG_OPTS
//config: help
//config: Support long options for the chcon applet.
//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_CHCON) += chcon.o
//usage:#define chcon_trivial_usage
//usage: "[OPTIONS] CONTEXT FILE..."

View File

@ -6,6 +6,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config GETENFORCE
//config: bool "getenforce"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to get the current mode of SELinux.
//applet:IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_GETENFORCE) += getenforce.o
//usage:#define getenforce_trivial_usage NOUSAGE_STR
//usage:#define getenforce_full_usage ""

View File

@ -6,6 +6,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config GETSEBOOL
//config: bool "getsebool"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to get SELinux boolean values.
//applet:IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_GETSEBOOL) += getsebool.o
//usage:#define getsebool_trivial_usage
//usage: "-a or getsebool boolean..."

View File

@ -4,6 +4,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config LOAD_POLICY
//config: bool "load_policy"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to load SELinux policy.
//applet:IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_LOAD_POLICY) += load_policy.o
//usage:#define load_policy_trivial_usage NOUSAGE_STR
//usage:#define load_policy_full_usage ""

View File

@ -5,6 +5,17 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config MATCHPATHCON
//config: bool "matchpathcon"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to get default security context of the
//config: specified path from the file contexts configuration.
//applet:IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
//usage:#define matchpathcon_trivial_usage
//usage: "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"

View File

@ -28,6 +28,23 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config RUNCON
//config: bool "runcon"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to run command in specified security context.
//config:
//config:config FEATURE_RUNCON_LONG_OPTIONS
//config: bool "Enable long options"
//config: default y
//config: depends on RUNCON && LONG_OPTS
//config: help
//config: Support long options for the runcon applet.
//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
//usage:#define runcon_trivial_usage
//usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"

View File

@ -6,6 +6,17 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config SELINUXENABLED
//config: bool "selinuxenabled"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support for this command to be used within shell scripts
//config: to determine if selinux is enabled.
//applet:IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
//usage:#define selinuxenabled_trivial_usage NOUSAGE_STR
//usage:#define selinuxenabled_full_usage ""

View File

@ -7,6 +7,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config SESTATUS
//config: bool "sestatus"
//config: default n
//config: depends on SELINUX
//config: help
//config: Displays the status of SELinux.
//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o
//usage:#define sestatus_trivial_usage
//usage: "[-vb]"

View File

@ -6,6 +6,16 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config SETENFORCE
//config: bool "setenforce"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to modify the mode SELinux is running in.
//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o
//usage:#define setenforce_trivial_usage
//usage: "[Enforcing | Permissive | 1 | 0]"

View File

@ -3,6 +3,37 @@
policycoreutils was released under GPL 2.
Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
*/
//config:config SETFILES
//config: bool "setfiles"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to modify to relabel files.
//config: Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
//config: (It is default in libselinux's Makefile), you _must_ enable
//config: CONFIG_LFS.
//config:
//config:config FEATURE_SETFILES_CHECK_OPTION
//config: bool "Enable check option"
//config: default n
//config: depends on SETFILES
//config: help
//config: Support "-c" option (check the validity of the contexts against
//config: the specified binary policy) for setfiles. Requires libsepol.
//config:
//config:config RESTORECON
//config: bool "restorecon"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support to relabel files. The feature is almost
//config: the same as setfiles, but usage is a little different.
//applet:IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
//applet:IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
//kbuild:lib-$(CONFIG_SETFILES) += setfiles.o
//kbuild:lib-$(CONFIG_RESTORECON) += setfiles.o
//usage:#define setfiles_trivial_usage
//usage: "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"

View File

@ -7,6 +7,17 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
//config:config SETSEBOOL
//config: bool "setsebool"
//config: default n
//config: depends on SELINUX
//config: help
//config: Enable support for change boolean.
//config: semanage and -P option is not supported yet.
//applet:IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_SETSEBOOL) += setsebool.o
//usage:#define setsebool_trivial_usage
//usage: "boolean value"