Changeset 2725 in MondoRescue for branches/2.2.9/mindi-busybox/selinux

Timestamp:

Feb 25, 2011, 9:26:54 PM (13 years ago)

Author:

Bruno Cornec

Message:

• Update mindi-busybox to 1.18.3 to avoid problems with the tar command which is now failing on recent versions with busybox 1.7.3

Location:

branches/2.2.9/mindi-busybox/selinux

Files:

• Config.in (modified) (5 diffs)
• Config.src (added)
• Kbuild (modified) (3 diffs)
• Kbuild.src (added)
• chcon.c (modified) (8 diffs)
• getenforce.c (modified) (1 diff)
• getsebool.c (modified) (3 diffs)
• load_policy.c (modified) (1 diff)
• matchpathcon.c (modified) (3 diffs)
• runcon.c (modified) (6 diffs)
• selinuxenabled.c (modified) (1 diff)
• sestatus.c (added)
• setenforce.c (modified) (2 diffs)
• setfiles.c (modified) (14 diffs)
• setsebool.c (added)

branches/2.2.9/mindi-busybox/selinux/Config.in

@@ +1 @@
+# DO NOT EDIT. This file is generated from Config.src
 #
 # For a description of the syntax of this configuration file,
@@ -4 +5 @@
 #
 
-menu "Selinux Utilities"
+menu "SELinux Utilities"
     depends on SELINUX
+
+
 
 config CHCON
@@ -17 +20 @@
     bool "Enable long options"
     default y
-    depends on CHCON && GETOPT_LONG
+    depends on CHCON && LONG_OPTS
     help
       Support long options for the chcon applet.
@@ -68 +71 @@
     bool "Enable long options"
     default y
-    depends on RUNCON && GETOPT_LONG
+    depends on RUNCON && LONG_OPTS
     help
       Support long options for the runcon applet.
@@ -105 +108 @@
       the specified binary policy) for setfiles. Requires libsepol.
 
+config SETSEBOOL
+    bool "setsebool"
+    default n
+    depends on SELINUX
+    help
+      Enable support for change boolean.
+      semanage and -P option is not supported yet.
+
+config SESTATUS
+    bool "sestatus"
+    default n
+    depends on SELINUX
+    help
+      Displays the status of SELinux.
+
 endmenu
-

branches/2.2.9/mindi-busybox/selinux/Kbuild

@@ +1 @@
+# DO NOT EDIT. This file is generated from Kbuild.src
 # Makefile for busybox
 #
@@ -4 +5 @@
 # Copyright (C) 2007 by KaiGai Kohei <kaigai@kaigai.gr.jp>
 #
-# Licensed under the GPL v2, see the file LICENSE in this tarball.
+# Licensed under GPLv2, see file LICENSE in this source tree.
 
 lib-y:=
+
+
 lib-$(CONFIG_CHCON)     += chcon.o
 lib-$(CONFIG_GETENFORCE)    += getenforce.o
@@ -17 +20 @@
 lib-$(CONFIG_SETFILES)      += setfiles.o
 lib-$(CONFIG_RESTORECON)    += setfiles.o
+lib-$(CONFIG_SETSEBOOL)     += setsebool.o
+lib-$(CONFIG_SESTATUS)      += sestatus.o

branches/2.2.9/mindi-busybox/selinux/chcon.c

@@ -5 +5 @@
  *
  * Copyright (C) 2006 - 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 #include <getopt.h>
@@ -29 +31 @@
 static char *specified_context = NULL;
 
-static int change_filedir_context(const char *fname, struct stat *stbuf, void *userData, int depth)
+static int FAST_FUNC change_filedir_context(
+        const char *fname,
+        struct stat *stbuf UNUSED_PARAM,
+        void *userData UNUSED_PARAM,
+        int depth UNUSED_PARAM)
 {
     context_t context = NULL;
@@ -44 +50 @@
     if (status < 0 && errno != ENODATA) {
         if ((option_mask32 & OPT_QUIET) == 0)
-            bb_error_msg("cannot obtain security context: %s", fname);
+            bb_error_msg("can't obtain security context: %s", fname);
         goto skip;
     }
 
     if (file_context == NULL && specified_context == NULL) {
-        bb_error_msg("cannot apply partial context to unlabeled file %s", fname);
+        bb_error_msg("can't apply partial context to unlabeled file %s", fname);
         goto skip;
     }
@@ -57 +63 @@
                              user, role, type, range);
         if (!context) {
-            bb_error_msg("cannot compute security context from %s", file_context);
+            bb_error_msg("can't compute security context from %s", file_context);
             goto skip;
         }
@@ -70 +76 @@
     context_string = context_str(context);
     if (!context_string) {
-        bb_error_msg("cannot obtain security context in text expression");
+        bb_error_msg("can't obtain security context in text expression");
         goto skip;
     }
@@ -85 +91 @@
             printf(!fail
                    ? "context of %s changed to %s\n"
-                   : "failed to change context of %s to %s\n",
+                   : "can't change context of %s to %s\n",
                    fname, context_string);
         }
@@ -91 +97 @@
             rc = TRUE;
         } else if ((option_mask32 & OPT_QUIET) == 0) {
-            bb_error_msg("failed to change context of %s to %s",
+            bb_error_msg("can't change context of %s to %s",
                      fname, context_string);
         }
@@ -121 +127 @@
 #endif
 
-int chcon_main(int argc, char **argv);
-int chcon_main(int argc, char **argv)
+int chcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int chcon_main(int argc UNUSED_PARAM, char **argv)
 {
     char *reference_file;

branches/2.2.9/mindi-busybox/selinux/getenforce.c

@@ -5 +5 @@
  * Port to BusyBox  Hiroshi Shinji <shiroshi@my.email.ne.jp>
  *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 
 #include "libbb.h"
 
-int getenforce_main(int argc, char **argv);
-int getenforce_main(int argc, char **argv)
+int getenforce_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int getenforce_main(int argc UNUSED_PARAM, char **argv UNUSED_PARAM)
 {
     int rc;

branches/2.2.9/mindi-busybox/selinux/getsebool.c

@@ -5 +5 @@
  * Port to BusyBox  Hiroshi Shinji <shiroshi@my.email.ne.jp>
  *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 
 #include "libbb.h"
 
-int getsebool_main(int argc, char **argv);
+int getsebool_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int getsebool_main(int argc, char **argv)
 {
@@ -25 +26 @@
         rc = security_get_boolean_names(&names, &len);
         if (rc)
-            bb_perror_msg_and_die("cannot get boolean names");
+            bb_perror_msg_and_die("can't get boolean names");
 
         if (!len) {
@@ -54 +55 @@
         if (pending != active)
             printf(" pending: %s", (pending ? "on" : "off"));
-        putchar('\n');
+        bb_putchar('\n');
     }
 

branches/2.2.9/mindi-busybox/selinux/load_policy.c

@@ -1 +1 @@
 /*
  * load_policy
- * This implementation is based on old load_policy to be small.
  * Author: Yuichi Nakamura <ynakam@hitachisoft.jp>
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 #include "libbb.h"
 
-int load_policy_main(int argc, char **argv);
-int load_policy_main(int argc, char **argv)
+int load_policy_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int load_policy_main(int argc UNUSED_PARAM, char **argv UNUSED_PARAM)
 {
-    int fd;
-    struct stat st;
-    void *data;
-    if (argc != 2) {
+    int rc;
+
+    if (argv[1]) {
         bb_show_usage();
     }
 
-    fd = xopen(argv[1], O_RDONLY);
-    if (fstat(fd, &st) < 0) {
-        bb_perror_msg_and_die("can't fstat");
-    }
-    data = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
-    if (data == MAP_FAILED) {
-        bb_perror_msg_and_die("can't mmap");
-    }
-    if (security_load_policy(data, st.st_size) < 0) {
+    rc = selinux_mkload_policy(1);
+    if (rc < 0) {
         bb_perror_msg_and_die("can't load policy");
     }

branches/2.2.9/mindi-busybox/selinux/matchpathcon.c

@@ -4 +4 @@
  * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
  *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 #include "libbb.h"
@@ -18 +19 @@
         printf("%s\t%s\n", path, buf);
     else
-        printf("%s\n", buf);
+        puts(buf);
 
     freecon(buf);
@@ -30 +31 @@
 #define OPT_VERIFY      (1<<4)  /* -V */
 
-int matchpathcon_main(int argc, char **argv);
-int matchpathcon_main(int argc, char **argv)
+int matchpathcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int matchpathcon_main(int argc UNUSED_PARAM, char **argv)
 {
     int error = 0;

branches/2.2.9/mindi-busybox/selinux/runcon.c

@@ -26 +26 @@
  * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
  *                  - based on coreutils-5.97 (in Fedora Core 6)
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 #include <getopt.h>
@@ -40 +42 @@
 
     if (getcon(&cur_context))
-        bb_error_msg_and_die("cannot get current context");
+        bb_error_msg_and_die("can't get current context");
 
     if (compute_trans) {
@@ -46 +48 @@
 
         if (getfilecon(command, &file_context) < 0)
-            bb_error_msg_and_die("cannot retrieve attributes of '%s'",
+            bb_error_msg_and_die("can't retrieve attributes of '%s'",
                          command);
         if (security_compute_create(cur_context, file_context,
@@ -58 +60 @@
         bb_error_msg_and_die("'%s' is not a valid context", cur_context);
     if (user && context_user_set(con, user))
-        bb_error_msg_and_die("failed to set new user '%s'", user);
+        bb_error_msg_and_die("can't set new user '%s'", user);
     if (type && context_type_set(con, type))
-        bb_error_msg_and_die("failed to set new type '%s'", type);
+        bb_error_msg_and_die("can't set new type '%s'", type);
     if (range && context_range_set(con, range))
-        bb_error_msg_and_die("failed to set new range '%s'", range);
+        bb_error_msg_and_die("can't set new range '%s'", range);
     if (role && context_role_set(con, role))
-        bb_error_msg_and_die("failed to set new role '%s'", role);
+        bb_error_msg_and_die("can't set new role '%s'", role);
 
     return con;
@@ -88 +90 @@
 #define OPTS_CONTEXT_COMPONENT      (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
 
-int runcon_main(int argc, char **argv);
-int runcon_main(int argc, char **argv)
+int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int runcon_main(int argc UNUSED_PARAM, char **argv)
 {
     char *role = NULL;
@@ -128 +130 @@
 
     if (setexeccon(context_str(con)))
-        bb_error_msg_and_die("cannot set up security context '%s'",
+        bb_error_msg_and_die("can't set up security context '%s'",
                      context_str(con));
 
     execvp(argv[0], argv);
-
-    bb_perror_msg_and_die("cannot execute '%s'", argv[0]);
+    bb_perror_msg_and_die("can't execute '%s'", argv[0]);
 }

branches/2.2.9/mindi-busybox/selinux/selinuxenabled.c

@@ -5 +5 @@
  * Port to BusyBox  Hiroshi Shinji <shiroshi@my.email.ne.jp>
  *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 #include "libbb.h"
 
-int selinuxenabled_main(int argc, char **argv);
-int selinuxenabled_main(int argc, char **argv)
+int selinuxenabled_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int selinuxenabled_main(int argc UNUSED_PARAM, char **argv UNUSED_PARAM)
 {
     return !is_selinux_enabled();

branches/2.2.9/mindi-busybox/selinux/setenforce.c

@@ -5 +5 @@
  * Port to BusyBox  Hiroshi Shinji <shiroshi@my.email.ne.jp>
  *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 
@@ -20 +21 @@
 };
 
-int setenforce_main(int argc, char **argv);
-int setenforce_main(int argc, char **argv)
+int setenforce_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int setenforce_main(int argc UNUSED_PARAM, char **argv)
 {
     int i, rc;
 
-    if (argc != 2)
+    if (!argv[1] || argv[2])
         bb_show_usage();
 

branches/2.2.9/mindi-busybox/selinux/setfiles.c

@@ -36 +36 @@
     int nerr;
     struct edir excludeArray[MAX_EXCLUDES];
-};
-
+} FIX_ALIASING;
 #define G (*(struct globals*)&bb_common_bufsiz1)
 void BUG_setfiles_globals_too_big(void);
@@ -100 +99 @@
 
 
-static void qprintf(const char *fmt, ...)
+static void qprintf(const char *fmt UNUSED_PARAM, ...)
 {
     /* quiet, do nothing */
@@ -113 +112 @@
 }
 
-static void add_exclude(const char *const directory)
+static void add_exclude(const char *directory)
 {
     struct stat sb;
@@ -120 +119 @@
     if (directory == NULL || directory[0] != '/') {
         bb_error_msg_and_die("full path required for exclude: %s", directory);
-
     }
     if (lstat(directory, &sb)) {
@@ -285 +283 @@
             count = (count % (80*0x400));
             if (count == 0)
-                fputc('\n', stdout);
-            fputc('*', stdout);
-            fflush(stdout);
+                bb_putchar('\n');
+            bb_putchar('*');
+            fflush_all();
         }
     }
@@ -348 +346 @@
         if (verbose > 1 || !user_only_changed) {
             bb_info_msg("%s: reset %s context %s->%s",
-                applet_name, my_file, context ?: "", newcon);
+                applet_name, my_file, context ? context : "", newcon);
         }
     }
@@ -392 +390 @@
  * the directory traversal.
  */
-static int apply_spec(const char *file,
-              struct stat *sb, void *userData, int depth)
+static int FAST_FUNC apply_spec(
+        const char *file,
+        struct stat *sb,
+        void *userData UNUSED_PARAM,
+        int depth UNUSED_PARAM)
 {
     if (!follow_mounts) {
@@ -487 +488 @@
 }
 
-int setfiles_main(int argc, char **argv);
-int setfiles_main(int argc, char **argv)
+int setfiles_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int setfiles_main(int argc UNUSED_PARAM, char **argv)
 {
     struct stat sb;
@@ -542 +543 @@
     } else { /* setfiles */
         flags = getopt32(argv, "de:f:ilnpqr:svo:FW"
-                USE_FEATURE_SETFILES_CHECK_OPTION("c:"),
+                IF_FEATURE_SETFILES_CHECK_OPTION("c:"),
             &exclude_dir, &input_filename, &rootpath, &out_filename,
-                 USE_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
+                 IF_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
             &verbose);
     }
+    argv += optind;
 
 #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
@@ -552 +554 @@
         FILE *policystream;
 
-        policystream = xfopen(policyfile, "r");
+        policystream = xfopen_for_read(policyfile);
         if (sepol_set_policydb_from_file(policystream) < 0) {
             bb_error_msg_and_die("sepol_set_policydb_from_file on %s", policyfile);
@@ -573 +575 @@
         outfile = stdout;
         if (NOT_LONE_CHAR(out_filename, '-')) {
-            outfile = xfopen(out_filename, "w");
+            outfile = xfopen_for_write(out_filename);
         }
     }
@@ -593 +595 @@
            checking against a binary policy file. */
         set_matchpathcon_canoncon(&canoncon);
-        if (argc == 1)
+        if (!argv[0])
             bb_show_usage();
-        if (stat(argv[optind], &sb) < 0) {
-            bb_perror_msg_and_die("%s", argv[optind]);
-        }
+        xstat(argv[0], &sb);
         if (!S_ISREG(sb.st_mode)) {
-            bb_error_msg_and_die("spec file %s is not a regular file", argv[optind]);
+            bb_error_msg_and_die("spec file %s is not a regular file", argv[0]);
         }
         /* Load the file contexts configuration and check it. */
-        rc = matchpathcon_init(argv[optind]);
+        rc = matchpathcon_init(argv[0]);
         if (rc < 0) {
-            bb_perror_msg_and_die("%s", argv[optind]);
-        }
-
-        optind++;
-
+            bb_simple_perror_msg_and_die(argv[0]);
+        }
         if (nerr)
-            exit(1);
+            exit(EXIT_FAILURE);
+        argv++;
     }
 
@@ -618 +616 @@
 
         if (NOT_LONE_CHAR(input_filename, '-'))
-            f = xfopen(input_filename, "r");
+            f = xfopen_for_read(input_filename);
         while ((len = getline(&buf, &buf_len, f)) > 0) {
             buf[len - 1] = '\0';
@@ -626 +624 @@
             fclose_if_not_stdin(f);
     } else {
-        if (optind >= argc)
+        if (!argv[0])
             bb_show_usage();
-        for (i = optind; i < argc; i++) {
+        for (i = 0; argv[i]; i++) {
             errors |= process_one(argv[i]);
         }