selinux: drop deprecated headers

The selinux guys want you to get class values at runtime by converting
textual names into constants.  Drop the deprecated headers and switch
to the new format.

This API has been around for years, so there shouldn't be an issue
with backwards compatibility.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This commit is contained in:
Mike Frysinger 2016-12-09 18:30:30 -05:00
parent 1cda879080
commit c6f35241b3
2 changed files with 12 additions and 3 deletions

View File

@ -81,8 +81,6 @@
#if ENABLE_SELINUX #if ENABLE_SELINUX
# include <selinux/selinux.h> # include <selinux/selinux.h>
# include <selinux/context.h> # include <selinux/context.h>
# include <selinux/flask.h>
# include <selinux/av_permissions.h>
#endif #endif
#if ENABLE_FEATURE_UTMP #if ENABLE_FEATURE_UTMP
# if defined __UCLIBC__ && ( \ # if defined __UCLIBC__ && ( \

View File

@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username)
if (!seuser) if (!seuser)
bb_error_msg_and_die("invalid context '%s'", context); bb_error_msg_and_die("invalid context '%s'", context);
if (strcmp(seuser, username) != 0) { if (strcmp(seuser, username) != 0) {
if (checkPasswdAccess(PASSWD__PASSWD) != 0) security_class_t tclass;
access_vector_t av;
tclass = string_to_security_class("passwd");
if (tclass == 0)
goto die;
av = string_to_av_perm(tclass, "passwd");
if (av == 0)
goto die;
if (selinux_check_passwd_access(av) != 0)
die:
bb_error_msg_and_die("SELinux: access denied"); bb_error_msg_and_die("SELinux: access denied");
} }
if (ENABLE_FEATURE_CLEAN_UP) if (ENABLE_FEATURE_CLEAN_UP)