--- /dev/null
+diff -Nuarp tizen-coreutils/src/copy.c tizen-coreutils-smack/src/copy.c
+--- tizen-coreutils/src/copy.c 2012-11-30 11:18:57.473521424 +0200
++++ tizen-coreutils-smack/src/copy.c 2012-11-30 11:26:01.601502515 +0200
+@@ -53,6 +53,7 @@
+ #include "utimens.h"
+ #include "xreadlink.h"
+ #include "yesno.h"
++#include "smack.h"
+
+ #ifndef HAVE_FCHOWN
+ # define HAVE_FCHOWN false
+@@ -570,6 +574,28 @@ copy_reg (char const *src_name, char con
+ }
+ }
+
++ if (x->preserve_context)
++ {
++ char src_context[SMACK_LABELLEN];
++ char dst_context[SMACK_LABELLEN];
++
++ if (smack_of_fd (source_desc, src_context, SMACK_LABELLEN) < 0)
++ {
++ if (x->require_preserve)
++ ; //fail silently now // return_val = false;
++ }
++ else if (smack_of_fd (dest_desc, dst_context, SMACK_LABELLEN) < 0)
++ {
++ if (x->require_preserve)
++ ; //fail silently now // return_val = false;
++ }
++ else if (strcmp(src_context, dst_context))
++ {
++ if (smack_to_fd(dest_desc, src_context) < 0 && x->require_preserve)
++ ; //fail silently now // return_val = false;
++ }
++ }
++
+ close_src_and_dst_desc:
+ if (close (dest_desc) < 0)
+ {
+diff -Nuarp tizen-coreutils/src/copy.h tizen-coreutils-smack/src/copy.h
+--- tizen-coreutils/src/copy.h 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/copy.h 2012-11-30 11:20:39.837516860 +0200
+@@ -128,6 +128,10 @@ struct cp_options
+ bool preserve_mode;
+ bool preserve_timestamps;
+
++ /* If true, attempt to give the copies the original files'
++ security context. */
++ bool preserve_context;
++
+ /* Enabled for mv, and for cp by the --preserve=links option.
+ If true, attempt to preserve in the destination files any
+ logical hard links between the source files. If used with cp's
+diff -Nuarp tizen-coreutils/src/cp.c tizen-coreutils-smack/src/cp.c
+--- tizen-coreutils/src/cp.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/cp.c 2012-11-30 11:20:39.837516860 +0200
+@@ -35,6 +35,7 @@
+ #include "stat-time.h"
+ #include "utimens.h"
+ #include "acl.h"
++#include "smack.h"
+
+ #define ASSIGN_BASENAME_STRDUPA(Dest, File_name) \
+ do \
+@@ -191,7 +192,7 @@ Mandatory arguments to long options are
+ -p same as --preserve=mode,ownership,timestamps\n\
+ --preserve[=ATTR_LIST] preserve the specified attributes (default:\n\
+ mode,ownership,timestamps), if possible\n\
+- additional attributes: links, all\n\
++ additional attributes: links, context, all\n\
+ "), stdout);
+ fputs (_("\
+ --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
+@@ -317,6 +318,27 @@ re_protect (char const *const_dst_name,
+ }
+ }
+
++ if (x->preserve_context)
++ {
++ char src_context[SMACK_LABELLEN];
++ char dst_context[SMACK_LABELLEN];
++
++ if (smack_of_file (src_name, src_context, SMACK_LABELLEN) < 0 ||
++ smack_of_file (dst_name, dst_context, SMACK_LABELLEN) < 0)
++ {
++ ; //error (0, errno, _("failed to preserve context for %s"),
++ // quote (dst_name));
++ //return false;
++ }
++ if (strcmp (src_context, dst_context) &&
++ smack_to_file (dst_name, src_context) < 0)
++ {
++ ; //error (0, errno, _("failed to preserve context for %s"),
++ // quote (dst_name));
++ //return false;
++ }
++ }
++
+ if (x->preserve_ownership)
+ {
+ if (chown (dst_name, src_sb.st_uid, src_sb.st_gid) != 0
+@@ -749,6 +771,7 @@ cp_option_init (struct cp_options *x)
+ x->preserve_links = false;
+ x->preserve_mode = false;
+ x->preserve_timestamps = false;
++ x->preserve_context = false;
+
+ x->require_preserve = false;
+ x->recursive = false;
+@@ -777,18 +800,19 @@ decode_preserve_arg (char const *arg, st
+ PRESERVE_TIMESTAMPS,
+ PRESERVE_OWNERSHIP,
+ PRESERVE_LINK,
++ PRESERVE_CONTEXT,
+ PRESERVE_ALL
+ };
+ static enum File_attribute const preserve_vals[] =
+ {
+ PRESERVE_MODE, PRESERVE_TIMESTAMPS,
+- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
++ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
+ };
+ /* Valid arguments to the `--preserve' option. */
+ static char const* const preserve_args[] =
+ {
+ "mode", "timestamps",
+- "ownership", "links", "all", NULL
++ "ownership", "links", "context", "all", NULL
+ };
+ ARGMATCH_VERIFY (preserve_args, preserve_vals);
+
+@@ -824,11 +848,16 @@ decode_preserve_arg (char const *arg, st
+ x->preserve_links = on_off;
+ break;
+
++ case PRESERVE_CONTEXT:
++ x->preserve_context = on_off;
++ break;
++
+ case PRESERVE_ALL:
+ x->preserve_mode = on_off;
+ x->preserve_timestamps = on_off;
+ x->preserve_ownership = on_off;
+ x->preserve_links = on_off;
++ x->preserve_context = on_off;
+ break;
+
+ default:
+@@ -885,6 +914,8 @@ main (int argc, char **argv)
+ x.preserve_ownership = true;
+ x.preserve_mode = true;
+ x.preserve_timestamps = true;
++ /* Context preservation may be draconian */
++ x.preserve_context = true;
+ x.require_preserve = true;
+ x.recursive = true;
+ break;
+diff -Nuarp tizen-coreutils/src/id.c tizen-coreutils-smack/src/id.c
+--- tizen-coreutils/src/id.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/id.c 2012-11-30 11:20:39.837516860 +0200
+@@ -29,6 +29,7 @@
+ #include "system.h"
+ #include "error.h"
+ #include "quote.h"
++#include "smack.h"
+
+ /* The official name of this program (e.g., no `g' prefix). */
+ #define PROGRAM_NAME "id"
+@@ -40,6 +41,7 @@ int getugroups ();
+ static void print_user (uid_t uid);
+ static void print_group (gid_t gid);
+ static void print_group_list (const char *username);
++static void print_context (void);
+ static void print_full_info (const char *username);
+
+ /* The name this program was run with. */
+@@ -52,11 +54,15 @@ static bool use_name = false;
+ static uid_t ruid, euid;
+ static gid_t rgid, egid;
+
++/* The security "context" to print. */
++static char context[SMACK_LABELLEN];
++
+ /* True unless errors have been encountered. */
+ static bool ok = true;
+
+ static struct option const longopts[] =
+ {
++ {"context", no_argument, NULL, 'Z'},
+ {"group", no_argument, NULL, 'g'},
+ {"groups", no_argument, NULL, 'G'},
+ {"name", no_argument, NULL, 'n'},
+@@ -80,6 +86,7 @@ usage (int status)
+ Print information for USERNAME, or the current user.\n\
+ \n\
+ -a ignore, for compatibility with other versions\n\
++ -Z, --context print only the security context\n\
+ -g, --group print only the effective group ID\n\
+ -G, --groups print all group IDs\n\
+ -n, --name print a name instead of a number, for -ugG\n\
+@@ -102,6 +109,8 @@ main (int argc, char **argv)
+ {
+ int optc;
+
++ /* If true, output only the security context. -Z */
++ bool just_context = false;
+ /* If true, output the list of all group IDs. -G */
+ bool just_group_list = false;
+ /* If true, output only the group ID(s). -g */
+@@ -119,13 +128,16 @@ main (int argc, char **argv)
+
+ atexit (close_stdout);
+
+- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
+ {
+ switch (optc)
+ {
+ case 'a':
+ /* Ignore -a, for compatibility with SVR4. */
+ break;
++ case 'Z':
++ just_context = true;
++ break;
+ case 'g':
+ just_group = true;
+ break;
+@@ -148,8 +160,8 @@ main (int argc, char **argv)
+ }
+ }
+
+- if (just_user + just_group + just_group_list > 1)
+- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
++ if (just_user + just_group + just_group_list + just_context > 1)
++ error (EXIT_FAILURE, 0, _("cannot print multiple exclusive fields"));
+
+ if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
+ error (EXIT_FAILURE, 0,
+@@ -183,6 +195,8 @@ main (int argc, char **argv)
+ print_group (use_real ? rgid : egid);
+ else if (just_group_list)
+ print_group_list (argv[optind]);
++ else if (just_context)
++ print_context ();
+ else
+ print_full_info (argv[optind]);
+ putchar ('\n');
+@@ -324,6 +338,18 @@ print_group_list (const char *username)
+ #endif /* HAVE_GETGROUPS */
+ }
+
++/* Print the security context. */
++
++static void
++print_context (void)
++{
++
++ if (smack_of_proc(-1, context, sizeof (context)) < 1 || strlen(context) < 1)
++ printf ("<secuirty context is unavailable>");
++ else
++ printf ("%s", context);
++}
++
+ /* Print all of the info about the user's user and group IDs. */
+
+ static void
+@@ -385,4 +411,7 @@ print_full_info (const char *username)
+ free (groups);
+ }
+ #endif /* HAVE_GETGROUPS */
++
++ if (smack_of_proc(-1, context, sizeof (context)) > 0 && strlen(context) > 0)
++ printf (" context=\"%s\"", context);
+ }
+diff -Nuarp tizen-coreutils/src/install.c tizen-coreutils-smack/src/install.c
+--- tizen-coreutils/src/install.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/install.c 2012-11-30 11:20:39.837516860 +0200
+@@ -39,6 +39,7 @@
+ #include "stat-time.h"
+ #include "utimens.h"
+ #include "xstrtol.h"
++#include "smack.h"
+
+ /* The official name of this program (e.g., no `g' prefix). */
+ #define PROGRAM_NAME "install"
+@@ -115,6 +116,9 @@ static mode_t dir_mode = DEFAULT_MODE;
+ or S_ISGID bits. */
+ static mode_t dir_mode_bits = CHMOD_MODE_BITS;
+
++/* The security context to give all files. */
++static char *context;
++
+ /* If true, strip executable files after copying them. */
+ static bool strip_files;
+
+@@ -124,6 +128,7 @@ static bool dir_arg;
+ static struct option const long_options[] =
+ {
+ {"backup", optional_argument, NULL, 'b'},
++ {"context", required_argument, NULL, 'Z'},
+ {"directory", no_argument, NULL, 'd'},
+ {"group", required_argument, NULL, 'g'},
+ {"mode", required_argument, NULL, 'm'},
+@@ -155,6 +160,7 @@ cp_option_init (struct cp_options *x)
+ x->preserve_links = false;
+ x->preserve_mode = false;
+ x->preserve_timestamps = false;
++ x->preserve_context = false;
+ x->require_preserve = false;
+ x->recursive = false;
+ x->sparse_mode = SPARSE_AUTO;
+@@ -243,7 +249,7 @@ main (int argc, char **argv)
+ we'll actually use backup_suffix_string. */
+ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+
+- while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pt:TvS:", long_options,
++ while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pt:TvS:Z:", long_options,
+ NULL)) != -1)
+ {
+ switch (optc)
+@@ -305,6 +311,9 @@ main (int argc, char **argv)
+ case 'T':
+ no_target_directory = true;
+ break;
++ case 'Z':
++ context = optarg;
++ break;
+ case_GETOPT_HELP_CHAR;
+ case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
+ default:
+@@ -520,6 +529,8 @@ change_attributes (char const *name)
+ error (0, errno, _("cannot change ownership of %s"), quote (name));
+ else if (chmod (name, mode) != 0)
+ error (0, errno, _("cannot change permissions of %s"), quote (name));
++ else if (context && smack_to_file (name, context) < 0)
++ ; // error (0, errno, _("cannot change security context of %s"), quote (name));
+ else
+ return true;
+
+@@ -686,6 +697,7 @@ Mandatory arguments to long options are
+ -t, --target-directory=DIRECTORY copy all SOURCE arguments into DIRECTORY\n\
+ -T, --no-target-directory treat DEST as a normal file\n\
+ -v, --verbose print the name of each directory as it is created\n\
++ -Z, --context=CONTEXT set the security context on all destination files\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+ fputs (VERSION_OPTION_DESCRIPTION, stdout);
+diff -Nuarp tizen-coreutils/src/ls.c tizen-coreutils-smack/src/ls.c
+--- tizen-coreutils/src/ls.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/ls.c 2012-11-30 11:20:39.841516860 +0200
+@@ -104,6 +104,7 @@
+ #include "wcwidth.h"
+ #include "xstrtol.h"
+ #include "xreadlink.h"
++#include "smack.h"
+
+ #define PROGRAM_NAME (ls_mode == LS_LS ? "ls" \
+ : (ls_mode == LS_MULTI_COL \
+@@ -177,6 +178,9 @@ struct fileinfo
+ /* For long listings, true if the file has an access control list. */
+ bool have_acl;
+ #endif
++
++ /* Security context */
++ char context[SMACK_LABELLEN];
+ };
+
+ #if USE_ACL
+@@ -339,6 +343,7 @@ static int nlink_width;
+ static int owner_width;
+ static int group_width;
+ static int author_width;
++static int context_width;
+ static int major_device_number_width;
+ static int minor_device_number_width;
+ static int file_size_width;
+@@ -434,6 +439,10 @@ static bool print_owner = true;
+
+ static bool print_author;
+
++/* True means to display the security context. */
++
++static bool print_context;
++
+ /* True means to display group information. -G and -o turn this off. */
+
+ static bool print_group = true;
+@@ -1514,7 +1523,7 @@ decode_switches (int argc, char **argv)
+ }
+
+ while ((c = getopt_long (argc, argv,
+- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
++ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UXZ1",
+ long_options, NULL)) != -1)
+ {
+ switch (c)
+@@ -1717,6 +1726,10 @@ decode_switches (int argc, char **argv)
+ sort_type_specified = true;
+ break;
+
++ case 'Z':
++ print_context = true;
++ break;
++
+ case '1':
+ /* -1 has no effect after -l. */
+ if (format != long_format)
+@@ -2574,6 +2587,7 @@ gobble_file (char const *name, enum file
+ /* Command line dereferences are already taken care of by the above
+ assertion that the inode number is not yet known. */
+ || (print_inode && inode == NOT_AN_INODE_NUMBER)
++ || print_context
+ || (format_needs_type
+ && (type == unknown || command_line_arg
+ /* --indicator-style=classify (aka -F)
+@@ -2605,6 +2619,7 @@ gobble_file (char const *name, enum file
+ switch (dereference)
+ {
+ case DEREF_ALWAYS:
++ err = smack_of_file_follow(absolute_name, f->context, SMACK_LABELLEN);
+ err = stat (absolute_name, &f->stat);
+ break;
+
+@@ -2613,6 +2628,8 @@ gobble_file (char const *name, enum file
+ if (command_line_arg)
+ {
+ bool need_lstat;
++ err = smack_of_file_follow(absolute_name, f->context,
++ SMACK_LABELLEN);
+ err = stat (absolute_name, &f->stat);
+
+ if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
+@@ -2631,6 +2648,7 @@ gobble_file (char const *name, enum file
+ }
+
+ default: /* DEREF_NEVER */
++ err = smack_of_file(absolute_name, f->context, SMACK_LABELLEN);
+ err = lstat (absolute_name, &f->stat);
+ break;
+ }
+@@ -2738,6 +2756,13 @@ gobble_file (char const *name, enum file
+ author_width = len;
+ }
+
++ if (print_context)
++ {
++ int len = strlen (f->context);
++ if (context_width < len)
++ context_width = len;
++ }
++
+ {
+ char buf[INT_BUFSIZE_BOUND (uintmax_t)];
+ int len = strlen (umaxtostr (f->stat.st_nlink, buf));
+@@ -3463,7 +3488,7 @@ print_long_format (const struct fileinfo
+
+ DIRED_INDENT ();
+
+- if (print_owner | print_group | print_author)
++ if (print_owner | print_group | print_author | print_context)
+ {
+ DIRED_FPUTS (buf, stdout, p - buf);
+
+@@ -3476,6 +3501,9 @@ print_long_format (const struct fileinfo
+ if (print_author)
+ format_user (f->stat.st_author, author_width, f->stat_ok);
+
++ if (print_context)
++ format_user_or_group(f->context, 0, context_width);
++
+ p = buf;
+ }
+
+@@ -3812,6 +3840,9 @@ print_file_name_and_frills (const struct
+ human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
+ ST_NBLOCKSIZE, output_block_size));
+
++ if (print_context)
++ printf ("%*s ", format == with_commas ? 0 : context_width, f->context);
++
+ print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
+ f->stat_ok, f->filetype, NULL);
+
+@@ -3975,6 +4006,9 @@ length_of_file_name_and_frills (const st
+ output_block_size))
+ : block_size_width);
+
++ if (print_context)
++ len += 1 + (format == with_commas ? strlen (f->context) : context_width);
++
+ quote_name (NULL, f->name, filename_quoting_options, &name_width);
+ len += name_width;
+
+@@ -4403,6 +4437,7 @@ Mandatory arguments to long options are
+ -w, --width=COLS assume screen width instead of current value\n\
+ -x list entries by lines instead of by columns\n\
+ -X sort alphabetically by entry extension\n\
++ -Z print the security context\n\
+ -1 list one file per line\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+diff -Nuarp tizen-coreutils/src/mkdir.c tizen-coreutils-smack/src/mkdir.c
+--- tizen-coreutils/src/mkdir.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/mkdir.c 2012-11-30 11:20:39.841516860 +0200
+@@ -29,6 +29,7 @@
+ #include "modechange.h"
+ #include "quote.h"
+ #include "savewd.h"
++#include "smack.h"
+
+ /* The official name of this program (e.g., no `g' prefix). */
+ #define PROGRAM_NAME "mkdir"
+@@ -40,6 +41,7 @@ char *program_name;
+
+ static struct option const longopts[] =
+ {
++ {"context", required_argument, NULL, 'Z'},
+ {"mode", required_argument, NULL, 'm'},
+ {"parents", no_argument, NULL, 'p'},
+ {"verbose", no_argument, NULL, 'v'},
+@@ -65,9 +67,10 @@ Create the DIRECTORY(ies), if they do no
+ Mandatory arguments to long options are mandatory for short options too.\n\
+ "), stdout);
+ fputs (_("\
+- -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n\
+- -p, --parents no error if existing, make parent directories as needed\n\
+- -v, --verbose print a message for each created directory\n\
++ -Z, --context=CONTEXT set security context\n\
++ -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n\
++ -p, --parents no error if existing, make parent directories as needed\n\
++ -v, --verbose print a message for each created directory\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+ fputs (VERSION_OPTION_DESCRIPTION, stdout);
+@@ -92,6 +95,9 @@ struct mkdir_options
+ /* File mode bits affected by MODE. */
+ mode_t mode_bits;
+
++ /* Security context. */
++ char *context;
++
+ /* If not null, format to use when reporting newly made directories. */
+ char const *created_directory_format;
+ };
+@@ -101,6 +107,17 @@ static void
+ announce_mkdir (char const *dir, void *options)
+ {
+ struct mkdir_options const *o = options;
++
++ if (o->context) {
++ char *sep = strrchr(dir, '/');
++ int res = 0;
++ if ((sep != NULL) && (strlen(sep) != strlen(dir)))
++ res = smack_to_file (sep + 1, o->context);
++ else
++ res = smack_to_file (dir, o->context);
++ if (res < 0)
++ ; // error (0, errno, _("setting directory context failed"));
++ }
+ if (o->created_directory_format)
+ error (0, 0, o->created_directory_format, quote (dir));
+ }
+@@ -144,6 +155,7 @@ main (int argc, char **argv)
+ options.make_ancestor_function = NULL;
+ options.mode = S_IRWXUGO;
+ options.mode_bits = 0;
++ options.context = NULL;
+ options.created_directory_format = NULL;
+
+ initialize_main (&argc, &argv);
+@@ -154,10 +166,13 @@ main (int argc, char **argv)
+
+ atexit (close_stdout);
+
+- while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "Z:pm:v", longopts, NULL)) != -1)
+ {
+ switch (optc)
+ {
++ case 'Z':
++ options.context = optarg;
++ break;
+ case 'p':
+ options.make_ancestor_function = make_ancestor;
+ break;
+diff -Nuarp tizen-coreutils/src/mkfifo.c tizen-coreutils-smack/src/mkfifo.c
+--- tizen-coreutils/src/mkfifo.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/mkfifo.c 2012-11-30 11:20:39.841516860 +0200
+@@ -26,6 +26,7 @@
+ #include "error.h"
+ #include "modechange.h"
+ #include "quote.h"
++#include "smack.h"
+
+ /* The official name of this program (e.g., no `g' prefix). */
+ #define PROGRAM_NAME "mkfifo"
+@@ -37,6 +38,7 @@ char *program_name;
+
+ static struct option const longopts[] =
+ {
++ {"context", required_argument, NULL, 'Z'},
+ {"mode", required_argument, NULL, 'm'},
+ {GETOPT_HELP_OPTION_DECL},
+ {GETOPT_VERSION_OPTION_DECL},
+@@ -60,7 +62,10 @@ Create named pipes (FIFOs) with the give
+ Mandatory arguments to long options are mandatory for short options too.\n\
+ "), stdout);
+ fputs (_("\
+- -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\
++ -Z, --context=CONTEXT set security context to CONTEXT\n\
++"), stdout);
++ fputs (_("\
++ -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+ fputs (VERSION_OPTION_DESCRIPTION, stdout);
+@@ -73,6 +78,7 @@ int
+ main (int argc, char **argv)
+ {
+ mode_t newmode;
++ char const *specified_context = NULL;
+ char const *specified_mode = NULL;
+ int exit_status = EXIT_SUCCESS;
+ int optc;
+@@ -85,10 +91,13 @@ main (int argc, char **argv)
+
+ atexit (close_stdout);
+
+- while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "Z:m:", longopts, NULL)) != -1)
+ {
+ switch (optc)
+ {
++ case 'Z':
++ specified_context = optarg;
++ break;
+ case 'm':
+ specified_mode = optarg;
+ break;
+@@ -119,11 +128,17 @@ main (int argc, char **argv)
+ }
+
+ for (; optind < argc; ++optind)
+- if (mkfifo (argv[optind], newmode) != 0)
+- {
+- error (0, errno, _("cannot create fifo %s"), quote (argv[optind]));
+- exit_status = EXIT_FAILURE;
+- }
++ {
++ if (mkfifo (argv[optind], newmode) != 0)
++ {
++ error (0, errno, _("cannot create fifo %s"), quote (argv[optind]));
++ exit_status = EXIT_FAILURE;
++ }
++ if (specified_context &&
++ smack_to_file(argv[optind], specified_context) < 0)
++ ;// error (0, errno, _("context assignment of %s to %s failed"),
++ // argv[optind], quote (specified_context));
++ }
+
+ exit (exit_status);
+ }
+diff -Nuarp tizen-coreutils/src/mknod.c tizen-coreutils-smack/src/mknod.c
+--- tizen-coreutils/src/mknod.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/mknod.c 2012-11-30 11:20:39.841516860 +0200
+@@ -27,6 +27,7 @@
+ #include "modechange.h"
+ #include "quote.h"
+ #include "xstrtol.h"
++#include "smack.h"
+
+ /* The official name of this program (e.g., no `g' prefix). */
+ #define PROGRAM_NAME "mknod"
+@@ -38,6 +39,7 @@ char *program_name;
+
+ static struct option const longopts[] =
+ {
++ {"context", required_argument, NULL, 'Z'},
+ {"mode", required_argument, NULL, 'm'},
+ {GETOPT_HELP_OPTION_DECL},
+ {GETOPT_VERSION_OPTION_DECL},
+@@ -62,7 +64,10 @@ Create the special file NAME of the give
+ Mandatory arguments to long options are mandatory for short options too.\n\
+ "), stdout);
+ fputs (_("\
+- -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\
++ -Z, --context=CONTEXT set file security context to CONTEXT\n\
++"), stdout);
++ fputs (_("\
++ -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+ fputs (VERSION_OPTION_DESCRIPTION, stdout);
+@@ -88,6 +93,7 @@ int
+ main (int argc, char **argv)
+ {
+ mode_t newmode;
++ char const *specified_context = NULL;
+ char const *specified_mode = NULL;
+ int optc;
+ int expected_operands;
+@@ -101,10 +107,13 @@ main (int argc, char **argv)
+
+ atexit (close_stdout);
+
+- while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "Z:m:", longopts, NULL)) != -1)
+ {
+ switch (optc)
+ {
++ case 'Z':
++ specified_context = optarg;
++ break;
+ case 'm':
+ specified_mode = optarg;
+ break;
+@@ -217,5 +226,9 @@ main (int argc, char **argv)
+ usage (EXIT_FAILURE);
+ }
+
++ if (specified_context && smack_to_file (argv[optind], specified_context) < 0)
++ ; //error (0, errno, _("context assignment to %s failed"),
++ // quote (specified_context));
++
+ exit (EXIT_SUCCESS);
+ }
+diff -Nuarp tizen-coreutils/src/mv.c tizen-coreutils-smack/src/mv.c
+--- tizen-coreutils/src/mv.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/mv.c 2012-11-30 11:20:39.841516860 +0200
+@@ -32,6 +32,7 @@
+ #include "filenamecat.h"
+ #include "quote.h"
+ #include "remove.h"
++#include "smack.h"
+
+ /* The official name of this program (e.g., no `g' prefix). */
+ #define PROGRAM_NAME "mv"
+@@ -126,6 +127,7 @@ cp_option_init (struct cp_options *x)
+ x->preserve_links = true;
+ x->preserve_mode = true;
+ x->preserve_timestamps = true;
++ x->preserve_context = true;
+ x->require_preserve = false; /* FIXME: maybe make this an option */
+ x->recursive = true;
+ x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
+diff -Nuarp tizen-coreutils/src/smack.h tizen-coreutils-smack/src/smack.h
+--- tizen-coreutils/src/smack.h 1970-01-01 02:00:00.000000000 +0200
++++ tizen-coreutils-smack/src/smack.h 2012-11-30 11:20:39.841516860 +0200
+@@ -0,0 +1,134 @@
++/* smack.h - Simplified Mandatory Access Control Kernel
++
++ Copyright (C) 2010 Free Software Foundation, Inc.
++
++ This program is free software: you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++ Written by Casey Schaufler. */
++
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/xattr.h>
++#include <unistd.h>
++
++#define SMACK_PATHTEXTSIZE 80
++#define SMACK_LABELLEN 256
++#define SMACK_PROC_FMT "/proc/%s/attr/current"
++#define SMACK_CHECK_PATH "/smack/load"
++#define SMACK_ATTRNAME "security.SMACK64"
++
++static inline int
++smack_enabled(void)
++{
++ int i;
++ struct stat buf;
++
++ i = stat(SMACK_CHECK_PATH, &buf);
++
++ if (i < 0)
++ return 0;
++
++ return 1;
++}
++
++static inline int
++smack_of_file(const char *path, char *result, int rlen)
++{
++ int i;
++
++ i = lgetxattr(path, SMACK_ATTRNAME, result, rlen);
++ if (i < 0)
++ return i;
++
++ if (i < rlen)
++ result[i] = '\0';
++
++ return i;
++}
++
++static inline int
++smack_of_file_follow(const char *path, char *result, int rlen)
++{
++ int i;
++
++ i = getxattr(path, SMACK_ATTRNAME, result, rlen);
++ if (i < 0)
++ return i;
++
++ if (i < rlen)
++ result[i] = '\0';
++
++ return i;
++}
++
++static inline int
++smack_of_fd(int fd, char *result, int rlen)
++{
++ int i;
++
++ i = fgetxattr(fd, SMACK_ATTRNAME, result, rlen);
++ if (i < 0)
++ return i;
++
++ if (i < rlen)
++ result[i] = '\0';
++
++ return i;
++}
++
++static inline int
++smack_to_fd(int fd, char *smack)
++{
++ return fsetxattr(fd, SMACK_ATTRNAME, smack, strlen(smack), 0);
++}
++
++static inline int
++smack_to_file(const char *path, char *smack)
++{
++ return lsetxattr(path, SMACK_ATTRNAME, smack, strlen(smack), 0);
++}
++
++static inline int
++smack_of_proc(pid_t pid, char *result, int rlen)
++{
++ int fd;
++ int red;
++ char *cp = "self";
++ char pidtext[SMACK_PATHTEXTSIZE];
++ char path[SMACK_PATHTEXTSIZE];
++
++ if (pid > 0)
++ {
++ sprintf(pidtext, "%d", pid);
++ cp = pidtext;
++ }
++
++ if (strlen(cp) + strlen(SMACK_PROC_FMT) >= SMACK_PATHTEXTSIZE)
++ return -1;
++
++ sprintf(path, SMACK_PROC_FMT, cp);
++ fd = open(path, O_RDONLY);
++ if (fd < 0)
++ return fd;
++
++ red = read(fd, result, rlen);
++ close(fd);
++
++ if (red >= 0 && red < rlen)
++ result[red] = '\0';
++ if ((cp = index (result, '\n')) != NULL)
++ *cp = '\0';
++
++ return strlen (result);
++}
+diff -Nuarp tizen-coreutils/src/stat.c tizen-coreutils-smack/src/stat.c
+--- tizen-coreutils/src/stat.c 2012-11-30 10:11:38.000000000 +0200
++++ tizen-coreutils-smack/src/stat.c 2012-11-30 11:20:39.845516860 +0200
+@@ -68,6 +68,7 @@
+ #include "stat-time.h"
+ #include "strftime.h"
+ #include "xreadlink.h"
++#include "smack.h"
+
+ #define alignof(type) offsetof (struct { char c; type x; }, x)
+
+@@ -270,6 +271,8 @@ human_fstype (STRUCT_STATVFS const *stat
+ return "squashfs";
+ case S_MAGIC_SYSFS: /* 0x62656572 */
+ return "sysfs";
++ case S_MAGIC_SMACK: /* 0x43415D53 */
++ return "smack";
+ # elif __GNU__
+ case FSTYPE_UFS:
+ return "ufs";
+@@ -595,6 +598,14 @@ print_stat (char *pformat, size_t prefix
+ else
+ out_uint (pformat, prefix_len, statbuf->st_ctime);
+ break;
++ case 'C':
++ {
++ char context[SMACK_LABELLEN];
++
++ if (smack_of_file(filename, context, SMACK_LABELLEN) > 0)
++ out_string(pformat, prefix_len, context);
++ }
++ break;
+ default:
+ fputc ('?', stdout);
+ break;
+@@ -855,6 +866,7 @@ The valid format sequences for files (wi
+ %B The size in bytes of each block reported by %b\n\
+ "), stdout);
+ fputs (_("\
++ %C Security context\n\
+ %d Device number in decimal\n\
+ %D Device number in hex\n\
+ %f Raw mode in hex\n\
projects / external / tizen-coreutils.git / commitdiff