networking/libiproute networking/udhcp procps loginutils shell \
sysklogd util-linux libbb libpwdgrp coreutils/libcoreutils
+ifeq ($(strip $(CONFIG_SELINUX)),y)
+CFLAGS += -I/usr/include/selinux
+LIBRARIES += -lsecure
+endif
+
ifeq ($(strip $(HAVE_DOT_CONFIG)),y)
all: busybox busybox.links #doc
#include <getopt.h>
#include <string.h>
#include <sys/types.h>
+#ifdef CONFIG_SELINUX
+#include <proc_secure.h>
+#include <flask_util.h>
+#endif
-#define NO_GROUP 1
-#define NO_USER 2
+#define JUST_USER 1
+#define JUST_GROUP 2
#define PRINT_REAL 4
#define NAME_NOT_NUMBER 8
long pwnam, grnam;
int uid, gid;
int flags;
+#ifdef CONFIG_SELINUX
+ int is_flask_enabled_flag = is_flask_enabled();
+#endif
flags = bb_getopt_ulflags(argc, argv, "ugrn");
- if (((flags & (NO_USER | NO_GROUP)) == (NO_USER | NO_GROUP))
+ if (((flags & (JUST_USER | JUST_GROUP)) == (JUST_USER | JUST_GROUP))
|| (argc > optind + 1)
) {
bb_show_usage();
pwnam=my_getpwnam(user);
grnam=my_getgrnam(group);
- if (flags & (NO_GROUP | NO_USER)) {
+ if (flags & (JUST_GROUP | JUST_USER)) {
char *s = group;
- if (flags & NO_GROUP) {
+ if (flags & JUST_USER) {
s = user;
grnam = pwnam;
}
printf("%ld\n", grnam);
}
} else {
+#ifdef CONFIG_SELINUX
+ printf("uid=%ld(%s) gid=%ld(%s)", pwnam, user, grnam, group);
+ if(is_flask_enabled_flag)
+ {
+ security_id_t mysid = getsecsid();
+ char context[80];
+ int len = sizeof(context);
+ context[0] = '\0';
+ if(security_sid_to_context(mysid, context, &len))
+ strcpy(context, "unknown");
+ printf(" context=%s\n", context);
+ }
+ else
+ printf("\n");
+#else
printf("uid=%ld(%s) gid=%ld(%s)\n", pwnam, user, grnam, group);
+#endif
+
}
bb_fflush_stdout_and_exit(0);
#include <termios.h>
#include <sys/ioctl.h>
#include "busybox.h"
+#ifdef CONFIG_SELINUX
+#include <fs_secure.h>
+#include <flask_util.h>
+#include <ss.h>
+#endif
#ifdef CONFIG_FEATURE_LS_TIMESTAMPS
#include <time.h>
#define LIST_NLINKS (1U<<3)
#define LIST_ID_NAME (1U<<4)
#define LIST_ID_NUMERIC (1U<<5)
-#define LIST_SIZE (1U<<6)
-#define LIST_DEV (1U<<7)
-#define LIST_DATE_TIME (1U<<8)
-#define LIST_FULLTIME (1U<<9)
-#define LIST_FILENAME (1U<<10)
-#define LIST_SYMLINK (1U<<11)
-#define LIST_FILETYPE (1U<<12)
-#define LIST_EXEC (1U<<13)
+#define LIST_CONTEXT (1U<<6)
+#define LIST_SIZE (1U<<7)
+#define LIST_DEV (1U<<8)
+#define LIST_DATE_TIME (1U<<9)
+#define LIST_FULLTIME (1U<<10)
+#define LIST_FILENAME (1U<<11)
+#define LIST_SYMLINK (1U<<12)
+#define LIST_FILETYPE (1U<<13)
+#define LIST_EXEC (1U<<14)
#define LIST_MASK ((LIST_EXEC << 1) - 1)
char *name; /* the dir entry name */
char *fullname; /* the dir entry name */
struct stat dstat; /* the file stat info */
+#ifdef CONFIG_SELINUX
+ security_id_t sid;
+#endif
struct dnode *next; /* point at the next node */
};
typedef struct dnode dnode_t;
static unsigned int all_fmt;
+#ifdef CONFIG_SELINUX
+static int is_flask_enabled_flag;
+#endif
+
#ifdef CONFIG_FEATURE_AUTOWIDTH
static unsigned short terminal_width = TERMINAL_WIDTH;
static unsigned short tabstops = COLUMN_GAP;
{
struct stat dstat;
struct dnode *cur;
+#ifdef CONFIG_SELINUX
+ security_id_t sid;
+#endif
+ int rc;
#ifdef CONFIG_FEATURE_LS_FOLLOWLINKS
if (all_fmt & FOLLOW_LINKS) {
- if (stat(fullname, &dstat)) {
+#ifdef CONFIG_SELINUX
+ if(is_flask_enabled_flag)
+ rc = stat_secure(fullname, &dstat, &sid);
+ else
+#endif
+ rc = stat(fullname, &dstat);
+ if(rc)
+ {
bb_perror_msg("%s", fullname);
status = EXIT_FAILURE;
return 0;
}
} else
#endif
- if (lstat(fullname, &dstat)) {
- bb_perror_msg("%s", fullname);
- status = EXIT_FAILURE;
- return 0;
+ {
+#ifdef CONFIG_SELINUX
+ if(is_flask_enabled_flag)
+ rc = lstat_secure(fullname, &dstat, &sid);
+ else
+#endif
+ rc = lstat(fullname, &dstat);
+ if(rc)
+ {
+ bb_perror_msg("%s", fullname);
+ status = EXIT_FAILURE;
+ return 0;
+ }
}
cur = (struct dnode *) xmalloc(sizeof(struct dnode));
cur->fullname = fullname;
cur->name = name;
cur->dstat = dstat;
+#ifdef CONFIG_SELINUX
+ cur->sid = sid;
+#endif
return cur;
}
/* find the longest file name- use that as the column width */
for (i = 0; i < nfiles; i++) {
int len = strlen(dn[i]->name) +
+#ifdef CONFIG_SELINUX
+ ((all_fmt & LIST_CONTEXT) ? 33 : 0) +
+#endif
((all_fmt & LIST_INO) ? 8 : 0) +
((all_fmt & LIST_BLOCKS) ? 5 : 0);
if (column_width < len)
column += 13;
break;
#endif
+#ifdef CONFIG_SELINUX
+ case LIST_CONTEXT:
+ {
+ char context[64];
+ int len = sizeof(context);
+ if(security_sid_to_context(dn->sid, context, &len))
+ {
+ strcpy(context, "unknown");
+ len = 7;
+ }
+ printf("%-32s ", context);
+ column += MAX(33, len);
+ }
+ break;
+#endif
case LIST_FILENAME:
#ifdef CONFIG_FEATURE_LS_COLOR
errno = 0;
"h"
#endif
"k"
+#ifdef CONFIG_SELINUX
+ "K"
+#endif
#ifdef CONFIG_FEATURE_AUTOWIDTH
"T:w:"
#endif
#ifdef CONFIG_FEATURE_HUMAN_READABLE
LS_DISP_HR, /* h */
#endif
+#ifndef CONFIG_SELINUX
0, /* k - ingored */
+#else
+ LIST_CONTEXT, /* k */
+ LIST_MODEBITS|LIST_NLINKS|LIST_CONTEXT|LIST_SIZE|LIST_DATE_TIME, /* K */
+#endif
};
int opt;
int oi, ac;
char **av;
+#ifdef CONFIG_SELINUX
+ is_flask_enabled_flag = is_flask_enabled();
+#endif
#ifdef CONFIG_FEATURE_AUTOWIDTH
struct winsize win = { 0, 0, 0, 0 };
if (flags & TIME_MASK_TRIGGER) {
all_fmt &= ~TIME_MASK;
}
+ if (flags & LIST_CONTEXT) {
+ all_fmt |= STYLE_SINGLE;
+ }
#ifdef CONFIG_FEATURE_HUMAN_READABLE
if (opt == 'l') {
all_fmt &= ~LS_DISP_HR;
#include <features.h>
#include "config.h"
+#ifdef CONFIG_SELINUX
+#include <proc_secure.h>
+#endif
#include "pwd_.h"
#include "grp_.h"
#define FAIL_DELAY 3
extern void change_identity ( const struct passwd *pw );
-extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args );
+extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
+#ifdef CONFIG_SELINUX
+ , security_id_t sid
+#endif
+);
extern int run_parts(char **args, const unsigned char test_mode);
extern int restricted_shell ( const char *shell );
extern void setup_environment ( const char *shell, int loginshell, int changeenv, const struct passwd *pw );
char short_cmd[16];
} procps_status_t;
-extern procps_status_t * procps_scan(int save_user_arg0);
+extern procps_status_t * procps_scan(int save_user_arg0
+#ifdef CONFIG_SELINUX
+ , int use_selinux, security_id_t *sid
+#endif
+);
extern unsigned short compare_string_array(const char *string_array[], const char *key);
extern int my_query_module(const char *name, int which, void **buf, size_t *bufsize, size_t *ret);
"\t-u\tthe hardware clock is kept in coordinated universal time\n" \
"\t-l\tthe hardware clock is kept in local time"
+#ifdef CONFIG_SELINUX
+#define USAGE_SELINUX(a, b) a
+#else
+#define USAGE_SELINUX(a, b) b
+#endif
+
#define id_trivial_usage \
"[OPTIONS]... [USERNAME]"
#define id_full_usage \
"Options:\n" \
"\t-g\tprints only the group ID\n" \
"\t-u\tprints only the user ID\n" \
+ USAGE_SELINUX("\t-c\tprints only the security context\n", "") \
"\t-n\tprint a name instead of a number (with for -ug)\n" \
"\t-r\tprints the real user ID instead of the effective ID (with -ug)"
#define id_example_usage \
#define USAGE_AUTOWIDTH(a)
#endif
#define ls_trivial_usage \
- "[-1Aa" USAGE_LS_TIMESTAMPS("c") "Cd" USAGE_LS_TIMESTAMPS("e") USAGE_LS_FILETYPES("F") "iln" USAGE_LS_FILETYPES("p") USAGE_LS_FOLLOWLINKS("L") USAGE_LS_RECURSIVE("R") USAGE_LS_SORTFILES("rS") "s" USAGE_AUTOWIDTH("T") USAGE_LS_TIMESTAMPS("tu") USAGE_LS_SORTFILES("v") USAGE_AUTOWIDTH("w") "x" USAGE_LS_SORTFILES("X") USAGE_HUMAN_READABLE("h") USAGE_NOT_HUMAN_READABLE("") "k] [filenames...]"
+ "[-1Aa" USAGE_LS_TIMESTAMPS("c") "Cd" USAGE_LS_TIMESTAMPS("e") USAGE_LS_FILETYPES("F") "iln" USAGE_LS_FILETYPES("p") USAGE_LS_FOLLOWLINKS("L") USAGE_LS_RECURSIVE("R") USAGE_LS_SORTFILES("rS") "s" USAGE_AUTOWIDTH("T") USAGE_LS_TIMESTAMPS("tu") USAGE_LS_SORTFILES("v") USAGE_AUTOWIDTH("w") "x" USAGE_LS_SORTFILES("X") USAGE_HUMAN_READABLE("h") USAGE_NOT_HUMAN_READABLE("") "k" USAGE_SELINUX("K", "") "] [filenames...]"
#define ls_full_usage \
"List directory contents\n\n" \
"Options:\n" \
USAGE_LS_SORTFILES("\t-X\tsort the listing by extension\n") \
USAGE_HUMAN_READABLE( \
"\t-h\tprint sizes in human readable format (e.g., 1K 243M 2G )\n" \
- "\t-k\tprint sizes in kilobytes(default)") USAGE_NOT_HUMAN_READABLE( \
- "\t-k\tprint sizes in kilobytes(compatibility)")
+ USAGE_SELINUX("\t-k\tprint security context\n\t-K\tprint security context in long format\n", "")
#define lsmod_trivial_usage \
""
""
#define ps_full_usage \
"Report process status\n" \
- "\nThis version of ps accepts no options."
+ USAGE_SELINUX("\nOptions:\n\t-c\tshow SE Linux context", "\nThis version of ps accepts no options.")
+
#define ps_example_usage \
"$ ps\n" \
" PID Uid Gid State Command\n" \
procps_status_t * p;
pidList = xmalloc(sizeof(long));
+#ifdef CONFIG_SELINUX
+ while ((p = procps_scan(0, 0, NULL)) != 0) {
+#else
while ((p = procps_scan(0)) != 0) {
+#endif
if (strcmp(p->short_cmd, pidName) == 0) {
pidList=xrealloc( pidList, sizeof(long) * (i+2));
pidList[i++]=p->pid;
#include "libbb.h"
-extern procps_status_t * procps_scan(int save_user_arg0)
+extern procps_status_t * procps_scan(int save_user_arg0
+#ifdef CONFIG_SELINUX
+ , int use_selinux , security_id_t *sid
+#endif
+ )
{
static DIR *dir;
struct dirent *entry;
sprintf(status, "/proc/%d/stat", pid);
if((fp = fopen(status, "r")) == NULL)
continue;
+#ifdef CONFIG_SELINUX
+ if(use_selinux)
+ {
+ if(fstat_secure(fileno(fp), &sb, sid))
+ continue;
+ }
+ else
+#endif
if(fstat(fileno(fp), &sb))
continue;
my_getpwuid(curstatus.user, sb.st_uid);
#include <syslog.h>
#include <ctype.h>
#include "libbb.h"
-
+#ifdef CONFIG_SELINUX
+#include <proc_secure.h>
+#endif
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
If COMMAND is nonzero, pass it to the shell with the -c option.
If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
arguments. */
-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args )
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
+#ifdef CONFIG_SELINUX
+ , security_id_t sid
+#endif
+)
{
const char **args;
int argno = 1;
args [argno++] = *additional_args;
}
args [argno] = 0;
+#ifdef CONFIG_SELINUX
+ if(sid)
+ execve_secure(shell, (char **) args, environ, sid);
+ else
+#endif
execv ( shell, (char **) args );
bb_perror_msg_and_die ( "cannot run %s", shell );
}
#include <time.h>
#include "busybox.h"
-
+#ifdef CONFIG_SELINUX
+#include <flask_util.h>
+#include <get_sid_list.h>
+#include <proc_secure.h>
+#include <fs_secure.h>
+#endif
#ifdef CONFIG_FEATURE_U_W_TMP
// import from utmp.c
int opt_fflag = 0;
char *opt_host = 0;
int alarmstarted = 0;
+#ifdef CONFIG_SELINUX
+ int flask_enabled = is_flask_enabled();
+ security_id_t sid = 0, old_tty_sid, new_tty_sid;
+#endif
username[0]=0;
amroot = ( getuid ( ) == 0 );
#ifdef CONFIG_FEATURE_U_W_TMP
setutmp ( username, tty );
#endif
+#ifdef CONFIG_SELINUX
+ if (flask_enabled)
+ {
+ struct stat st;
+
+ if (get_default_sid(username, 0, &sid))
+ {
+ fprintf(stderr, "Unable to get SID for %s\n", username);
+ exit(1);
+ }
+ if (stat_secure(tty, &st, &old_tty_sid))
+ {
+ fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
+ {
+ fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ if(chsid(tty, new_tty_sid) != 0)
+ {
+ fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ }
+ else
+ sid = 0;
+#endif
+
if ( *tty != '/' )
snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
else
if ( pw-> pw_uid == 0 )
syslog ( LOG_INFO, "root login %s\n", fromhost );
- run_shell ( pw-> pw_shell, 1, 0, 0 ); /* exec the shell finally. */
+ run_shell ( pw-> pw_shell, 1, 0, 0
+#ifdef CONFIG_SELINUX
+ , sid
+#endif
+ ); /* exec the shell finally. */
return EXIT_FAILURE;
}
change_identity ( pw );
setup_environment ( opt_shell, opt_loginshell, !opt_preserve, pw );
- run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args );
+ run_shell ( opt_shell, opt_loginshell, opt_command, (const char**)opt_args
+#ifdef CONFIG_SELINUX
+ , 0
+#endif
+ );
return EXIT_FAILURE;
}
#include <termios.h>
#include <sys/ioctl.h>
#include "busybox.h"
+#ifdef CONFIG_SELINUX
+#include <fs_secure.h>
+#include <ss.h>
+#include <flask_util.h> /* for is_flask_enabled() */
+#endif
static const int TERMINAL_WIDTH = 79; /* not 80 in case terminal has linefold bug */
#define terminal_width TERMINAL_WIDTH
#endif
+#ifdef CONFIG_SELINUX
+ int use_selinux = 0;
+ security_id_t sid;
+ if(is_flask_enabled() && argv[1] && !strcmp(argv[1], "-c") )
+ use_selinux = 1;
+#endif
+
#ifdef CONFIG_FEATURE_AUTOWIDTH
ioctl(fileno(stdout), TIOCGWINSZ, &win);
terminal_width = win.ws_col - 1;
#endif
+#ifdef CONFIG_SELINUX
+ if(use_selinux)
+ printf(" PID Context Stat Command\n");
+ else
+#endif
printf(" PID Uid VmSize Stat Command\n");
+#ifdef CONFIG_SELINUX
+ while ((p = procps_scan(1, use_selinux, &sid)) != 0) {
+#else
while ((p = procps_scan(1)) != 0) {
+#endif
char *namecmd = p->cmd;
+#ifdef CONFIG_SELINUX
+ if(use_selinux)
+ {
+ char sbuf[128];
+ len = sizeof(sbuf);
+ if(security_sid_to_context(sid, (security_context_t)&sbuf, &len))
+ strcpy(sbuf, "unknown");
+
+ len = printf("%5d %-32s %s ", p->pid, sbuf, p->state);
+ }
+ else
+#endif
if(p->rss == 0)
len = printf("%5d %-8s %s ", p->pid, p->user, p->state);
else
/* read process IDs & status for all the processes */
procps_status_t * p;
+#ifdef CONFIG_SELINUX
+ while ((p = procps_scan(0, 0, NULL) ) != 0) {
+#else
while ((p = procps_scan(0)) != 0) {
+#endif
int n = ntop;
top = xrealloc(top, (++ntop)*sizeof(procps_status_t));
help
Please submit a patch to add help text for this item.
+config CONFIG_SELINUX
+ bool "Support NSA Security Enhanced Linux"
+ default n
+ help
+ Enable support for SE Linux in applets ls, ps, and id. Also provide
+ the option of compiling in SE Linux applets.
+
endmenu
menu 'Build Options'
projects / platform / upstream / busybox.git / commitdiff