036585a911
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
208 lines
6.0 KiB
C
208 lines
6.0 KiB
C
/*
|
|
* chcon -- change security context, based on coreutils-5.97-13
|
|
*
|
|
* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
|
|
*
|
|
* Copyright (C) 2006 - 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
|
|
*
|
|
* Licensed under GPLv2, see file LICENSE in this source tree.
|
|
*/
|
|
//config:config CHCON
|
|
//config: bool "chcon (8.9 kb)"
|
|
//config: default n
|
|
//config: depends on SELINUX
|
|
//config: help
|
|
//config: Enable support to change the security context of file.
|
|
|
|
//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
|
|
|
|
//kbuild:lib-$(CONFIG_CHCON) += chcon.o
|
|
|
|
//usage:#define chcon_trivial_usage
|
|
//usage: "[OPTIONS] CONTEXT FILE..."
|
|
//usage: "\n chcon [OPTIONS] [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE..."
|
|
//usage: "\n chcon [OPTIONS] --reference=RFILE FILE..."
|
|
//usage:
|
|
//usage:#define chcon_full_usage "\n\n"
|
|
//usage: "Change the security context of each FILE to CONTEXT\n"
|
|
//usage: "\n -v Verbose"
|
|
//usage: "\n -c Report changes made"
|
|
//usage: "\n -h Affect symlinks instead of their targets"
|
|
//usage: "\n -f Suppress most error messages"
|
|
//usage: IF_LONG_OPTS(
|
|
//usage: "\n --reference RFILE Use RFILE's group instead of using a CONTEXT value"
|
|
//usage: )
|
|
//usage: "\n -u USER Set user/role/type/range in the target security context"
|
|
//usage: "\n -r ROLE"
|
|
//usage: "\n -t TYPE"
|
|
//usage: "\n -l RNG"
|
|
//usage: "\n -R Recurse"
|
|
|
|
#include <selinux/context.h>
|
|
|
|
#include "libbb.h"
|
|
|
|
#define OPT_RECURSIVE (1<<0) /* 'R' */
|
|
#define OPT_CHANHES (1<<1) /* 'c' */
|
|
#define OPT_NODEREFERENCE (1<<2) /* 'h' */
|
|
#define OPT_QUIET (1<<3) /* 'f' */
|
|
#define OPT_USER (1<<4) /* 'u' */
|
|
#define OPT_ROLE (1<<5) /* 'r' */
|
|
#define OPT_TYPE (1<<6) /* 't' */
|
|
#define OPT_RANGE (1<<7) /* 'l' */
|
|
#define OPT_VERBOSE (1<<8) /* 'v' */
|
|
#define OPT_REFERENCE ((1<<9) * ENABLE_LONG_OPTS)
|
|
#define OPT_COMPONENT_SPECIFIED (OPT_USER | OPT_ROLE | OPT_TYPE | OPT_RANGE)
|
|
|
|
static char *user = NULL;
|
|
static char *role = NULL;
|
|
static char *type = NULL;
|
|
static char *range = NULL;
|
|
static char *specified_context = NULL;
|
|
|
|
static int FAST_FUNC change_filedir_context(
|
|
const char *fname,
|
|
struct stat *stbuf UNUSED_PARAM,
|
|
void *userData UNUSED_PARAM,
|
|
int depth UNUSED_PARAM)
|
|
{
|
|
context_t context = NULL;
|
|
security_context_t file_context = NULL;
|
|
security_context_t context_string;
|
|
int rc = FALSE;
|
|
int status = 0;
|
|
|
|
if (option_mask32 & OPT_NODEREFERENCE) {
|
|
status = lgetfilecon(fname, &file_context);
|
|
} else {
|
|
status = getfilecon(fname, &file_context);
|
|
}
|
|
if (status < 0 && errno != ENODATA) {
|
|
if ((option_mask32 & OPT_QUIET) == 0)
|
|
bb_error_msg("can't obtain security context: %s", fname);
|
|
goto skip;
|
|
}
|
|
|
|
if (file_context == NULL && specified_context == NULL) {
|
|
bb_error_msg("can't apply partial context to unlabeled file %s", fname);
|
|
goto skip;
|
|
}
|
|
|
|
if (specified_context == NULL) {
|
|
context = set_security_context_component(file_context,
|
|
user, role, type, range);
|
|
if (!context) {
|
|
bb_error_msg("can't compute security context from %s", file_context);
|
|
goto skip;
|
|
}
|
|
} else {
|
|
context = context_new(specified_context);
|
|
if (!context) {
|
|
bb_error_msg("invalid context: %s", specified_context);
|
|
goto skip;
|
|
}
|
|
}
|
|
|
|
context_string = context_str(context);
|
|
if (!context_string) {
|
|
bb_error_msg("can't obtain security context in text expression");
|
|
goto skip;
|
|
}
|
|
|
|
if (file_context == NULL || strcmp(context_string, file_context) != 0) {
|
|
int fail;
|
|
|
|
if (option_mask32 & OPT_NODEREFERENCE) {
|
|
fail = lsetfilecon(fname, context_string);
|
|
} else {
|
|
fail = setfilecon(fname, context_string);
|
|
}
|
|
if ((option_mask32 & OPT_VERBOSE) || ((option_mask32 & OPT_CHANHES) && !fail)) {
|
|
printf(!fail
|
|
? "context of %s changed to %s\n"
|
|
: "can't change context of %s to %s\n",
|
|
fname, context_string);
|
|
}
|
|
if (!fail) {
|
|
rc = TRUE;
|
|
} else if ((option_mask32 & OPT_QUIET) == 0) {
|
|
bb_error_msg("can't change context of %s to %s",
|
|
fname, context_string);
|
|
}
|
|
} else if (option_mask32 & OPT_VERBOSE) {
|
|
printf("context of %s retained as %s\n", fname, context_string);
|
|
rc = TRUE;
|
|
}
|
|
skip:
|
|
context_free(context);
|
|
freecon(file_context);
|
|
|
|
return rc;
|
|
}
|
|
|
|
#if ENABLE_LONG_OPTS
|
|
static const char chcon_longopts[] ALIGN1 =
|
|
"recursive\0" No_argument "R"
|
|
"changes\0" No_argument "c"
|
|
"no-dereference\0" No_argument "h"
|
|
"silent\0" No_argument "f"
|
|
"quiet\0" No_argument "f"
|
|
"user\0" Required_argument "u"
|
|
"role\0" Required_argument "r"
|
|
"type\0" Required_argument "t"
|
|
"range\0" Required_argument "l"
|
|
"verbose\0" No_argument "v"
|
|
"reference\0" Required_argument "\xff" /* no short option */
|
|
;
|
|
#endif
|
|
|
|
int chcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|
int chcon_main(int argc UNUSED_PARAM, char **argv)
|
|
{
|
|
char *reference_file;
|
|
char *fname;
|
|
int i, errors = 0;
|
|
|
|
opt_complementary = "-1" /* at least 1 param */
|
|
":?" /* error if exclusivity constraints are violated */
|
|
#if ENABLE_LONG_OPTS
|
|
":\xff--urtl:u--\xff:r--\xff:t--\xff:l--\xff"
|
|
#endif
|
|
":f--v:v--f"; /* 'verbose' and 'quiet' are exclusive */
|
|
getopt32long(argv, "Rchfu:r:t:l:v", chcon_longopts,
|
|
&user, &role, &type, &range, &reference_file
|
|
);
|
|
argv += optind;
|
|
|
|
#if ENABLE_LONG_OPTS
|
|
if (option_mask32 & OPT_REFERENCE) {
|
|
/* FIXME: lgetfilecon() should be used when '-h' is specified.
|
|
* But current implementation follows the original one. */
|
|
if (getfilecon(reference_file, &specified_context) < 0)
|
|
bb_perror_msg_and_die("getfilecon('%s') failed", reference_file);
|
|
} else
|
|
#endif
|
|
if ((option_mask32 & OPT_COMPONENT_SPECIFIED) == 0) {
|
|
specified_context = *argv++;
|
|
/* specified_context is never NULL -
|
|
* "-1" in opt_complementary prevents this. */
|
|
if (!argv[0])
|
|
bb_error_msg_and_die("too few arguments");
|
|
}
|
|
|
|
for (i = 0; (fname = argv[i]) != NULL; i++) {
|
|
int fname_len = strlen(fname);
|
|
while (fname_len > 1 && fname[fname_len - 1] == '/')
|
|
fname_len--;
|
|
fname[fname_len] = '\0';
|
|
|
|
if (recursive_action(fname,
|
|
1<<option_mask32 & OPT_RECURSIVE,
|
|
change_filedir_context,
|
|
change_filedir_context,
|
|
NULL, 0) != TRUE)
|
|
errors = 1;
|
|
}
|
|
return errors;
|
|
}
|