From: Michal Eljasiewicz <m.eljasiewic@samsung.com>
Date: Fri, 24 Oct 2014 12:06:27 +0000 (+0200)
Subject: mkfifo: add -Z (Smack) option
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=94b3f5b01fbc2e2192037b313d0a0af135223616;p=platform%2Fupstream%2Ftoybox.git

mkfifo: add -Z (Smack) option

Change-Id: Ie7a9b75af5743e0e649f3987ee5423e1dae2bc52
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
---

diff --git a/toys/posix/mkfifo.c b/toys/posix/mkfifo.c
index ea1fe30..9ecbfb4 100644
--- a/toys/posix/mkfifo.c
+++ b/toys/posix/mkfifo.c
@@ -4,15 +4,17 @@
  *
  * See http://opengroup.org/onlinepubs/9699919799/utilities/mkfifo.html
 
-USE_MKFIFO(NEWTOY(mkfifo, "<1m:", TOYFLAG_BIN))
+USE_MKFIFO(NEWTOY(mkfifo, "<1m:Z:", TOYFLAG_BIN))
 
 config MKFIFO
   bool "mkfifo"
   default y
   help
-    usage: mkfifo [fifo_name...]
+    usage: mkfifo [-Z context] [fifo_name...]
 
     Create FIFOs (named pipes).
+
+    -Z	Set security context to created file
 */
 
 #define FOR_mkfifo
@@ -20,9 +22,11 @@ config MKFIFO
 
 #ifdef USE_SMACK
 #include <sys/smack.h>
+#include <linux/xattr.h>
 #endif //USE_SMACK
 
 GLOBALS(
+  char *arg_context;
   char *m_string;
   mode_t mode;
 )
@@ -30,10 +34,46 @@ GLOBALS(
 void mkfifo_main(void)
 {
   char **s;
+#ifdef USE_SMACK
+  char *label;
+#endif
+
+  if (toys.optflags & FLAG_Z) {
+#ifdef USE_SMACK
+  /* That is usage of side effect. This changes current process smack label.
+   * All FIFO special files created later by this process will get access label
+   * equal to process label that they were created by.
+   * TODO Maybe it would be more clean to use smack_label_length for label
+   * validation and then smack_set_label_for_path for setting labels for
+   * FIFO files, but those functions are only available on libsmack 1.1.
+   */
+    if(smack_set_label_for_self (TT.arg_context) < 0)
+      perror_exit("Failed to set context %s to %s\n", TT.arg_context,
+        toys.optargs[0]);
+
+#else
+  printf("mkfifo: -Z works only with smack enabled toybox");
+  xputc('\n');
+#endif
+  }
 
   TT.mode = 0666;
   if (toys.optflags & FLAG_m) TT.mode = string_to_mode(TT.m_string, 0);
 
-  for (s = toys.optargs; *s; s++)
-    if (mknod(*s, S_IFIFO | TT.mode, 0) < 0) perror_msg("%s", *s);
+  for (s = toys.optargs; *s; s++) {
+    if (mknod(*s, S_IFIFO | TT.mode, 0) < 0) {
+      perror_msg("%s", *s);
+    }
+#ifdef USE_SMACK
+    else {
+      if(toys.optflags & FLAG_Z) {
+        smack_new_label_from_path(*s, XATTR_NAME_SMACK, 0, &label);
+          if (strcmp(label, TT.arg_context) != 0)
+            fprintf(stderr, "Warning: SMACK label of %s set to '%s' and not '%s' due "
+              "to label transmutation\n", *s, label, TT.arg_context);
+          free(label);
+      }
+    }
+#endif
+  }
 }