here's a patch that should let us replace toolbox's chcon.

(it also adds a feature, -R, because toybox makes that so easy.)

you'll probably want fancier configuration here because although the
--as-needed works okay, a typical Ubuntu box will have the .so but not
the .h files. i did consider adding a toys/selinux/ directory, but
given that existing tools like ls and id will want -Z SELinux options,
i wasn't sure whether you'd think it was worth segregating the
SELinux-only toys.

note that this won't help the tizen smack users (and patch for smack
won't help SELinux users). so you might want to think about where
you'd like us to be aiming: #if USE_SELINUX/USE_SMACK in all the
relevant places, or a toys/selinux and a toys/smack (though we'd still
need #if in at least ls and id), or a lib/security.c that concentrates
all the differences into one file?

diff --git a/scripts/make.sh b/scripts/make.sh
index 167c3d5..4430e3b 100755 (executable)
--- a/scripts/make.sh
+++ b/scripts/make.sh
@@ -89,7 +89,7 @@ then
   # for it.
 
   > generated/optlibs.dat
-  for i in util crypt m resolv
+  for i in util crypt m resolv selinux
   do
     echo "int main(int argc, char *argv[]) {return 0;}" | \
     ${CROSS_COMPILE}${CC} $CFLAGS -xc - -o /dev/null -Wl,--as-needed -l$i > /dev/null 2>/dev/null &&

diff --git a/toys/pending/chcon.c b/toys/pending/chcon.c
new file mode 100644 (file)
index 0000000..41259de
--- /dev/null
+++ b/toys/pending/chcon.c
@@ -0,0 +1,51 @@
+/* chcon.c - Change file security context
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_CHCON(NEWTOY(chcon, "hRv", TOYFLAG_USR|TOYFLAG_BIN))
+
+config CHCON
+  bool "chcon"
+  default n
+  help
+    usage: chcon [-hRv] CONTEXT FILE...
+
+    Change the SELinux security context of listed file[s] (recursively with -R).
+
+    -h change symlinks instead of what they point to.
+    -R recurse into subdirectories.
+    -v verbose output.
+*/
+
+#define FOR_chcon
+#include "toys.h"
+#include <selinux/selinux.h>
+
+GLOBALS(
+  char *context;
+)
+
+int do_chcon(struct dirtree *try)
+{
+  int ret;
+
+  if (!dirtree_notdotdot(try)) return 0;
+
+  char *path = dirtree_path(try, 0);
+  if (toys.optflags & FLAG_v)
+    printf("chcon '%s' to %s\n", path, TT.context);
+  ret = ((toys.optflags&FLAG_h) ? lsetfilecon : setfilecon)(path, TT.context);
+  if (ret == -1)
+    perror_msg("'%s' to %s", path, TT.context);
+  free(path);
+
+  return (toys.optflags & FLAG_R) ? DIRTREE_RECURSE : 0;
+}
+
+void chcon_main(void)
+{
+  TT.context = *toys.optargs;
+  char **file;
+
+  for (file = toys.optargs+1; *file; file++) dirtree_read(*file, do_chcon);
+}