selinux: drop deprecated headers
The selinux guys want you to get class values at runtime by converting textual names into constants. Drop the deprecated headers and switch to the new format. This API has been around for years, so there shouldn't be an issue with backwards compatibility. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This commit is contained in:
parent
1cda879080
commit
c6f35241b3
@ -81,8 +81,6 @@
|
|||||||
#if ENABLE_SELINUX
|
#if ENABLE_SELINUX
|
||||||
# include <selinux/selinux.h>
|
# include <selinux/selinux.h>
|
||||||
# include <selinux/context.h>
|
# include <selinux/context.h>
|
||||||
# include <selinux/flask.h>
|
|
||||||
# include <selinux/av_permissions.h>
|
|
||||||
#endif
|
#endif
|
||||||
#if ENABLE_FEATURE_UTMP
|
#if ENABLE_FEATURE_UTMP
|
||||||
# if defined __UCLIBC__ && ( \
|
# if defined __UCLIBC__ && ( \
|
||||||
|
@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username)
|
|||||||
if (!seuser)
|
if (!seuser)
|
||||||
bb_error_msg_and_die("invalid context '%s'", context);
|
bb_error_msg_and_die("invalid context '%s'", context);
|
||||||
if (strcmp(seuser, username) != 0) {
|
if (strcmp(seuser, username) != 0) {
|
||||||
if (checkPasswdAccess(PASSWD__PASSWD) != 0)
|
security_class_t tclass;
|
||||||
|
access_vector_t av;
|
||||||
|
|
||||||
|
tclass = string_to_security_class("passwd");
|
||||||
|
if (tclass == 0)
|
||||||
|
goto die;
|
||||||
|
av = string_to_av_perm(tclass, "passwd");
|
||||||
|
if (av == 0)
|
||||||
|
goto die;
|
||||||
|
|
||||||
|
if (selinux_check_passwd_access(av) != 0)
|
||||||
|
die:
|
||||||
bb_error_msg_and_die("SELinux: access denied");
|
bb_error_msg_and_die("SELinux: access denied");
|
||||||
}
|
}
|
||||||
if (ENABLE_FEATURE_CLEAN_UP)
|
if (ENABLE_FEATURE_CLEAN_UP)
|
||||||
|
Loading…
Reference in New Issue
Block a user