selinux: drop deprecated headers

The selinux guys want you to get class values at runtime by converting textual names into constants. Drop the deprecated headers and switch to the new format. This API has been around for years, so there shouldn't be an issue with backwards compatibility. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
author: Mike Frysinger 2016-12-09 18:30:30 -0500
committer: Mike Frysinger 2016-12-09 18:30:30 -0500
commit: c6f35241b38ea0c9581409efcd83716b74918903 (patch)
tree: 1dfdee1099c3671e1e54345727030ebcea582567 /libbb/update_passwd.c
parent: 1cda8790803a6fb072375c8fa53273333d2d4607 (diff)
download: busybox-c6f35241b38ea0c9581409efcd83716b74918903.zip
busybox-c6f35241b38ea0c9581409efcd83716b74918903.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index a2004f4..6255af4 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username)
 	if (!seuser)
 		bb_error_msg_and_die("invalid context '%s'", context);
 	if (strcmp(seuser, username) != 0) {
-		if (checkPasswdAccess(PASSWD__PASSWD) != 0)
+		security_class_t tclass;
+		access_vector_t av;
+
+		tclass = string_to_security_class("passwd");
+		if (tclass == 0)
+			goto die;
+		av = string_to_av_perm(tclass, "passwd");
+		if (av == 0)
+			goto die;
+
+		if (selinux_check_passwd_access(av) != 0)
+ die:
 			bb_error_msg_and_die("SELinux: access denied");
 	}
 	if (ENABLE_FEATURE_CLEAN_UP)
author	Mike Frysinger	2016-12-09 18:30:30 -0500
committer	Mike Frysinger	2016-12-09 18:30:30 -0500
commit	c6f35241b38ea0c9581409efcd83716b74918903 (patch)
tree	1dfdee1099c3671e1e54345727030ebcea582567 /libbb/update_passwd.c
parent	1cda8790803a6fb072375c8fa53273333d2d4607 (diff)
download	busybox-c6f35241b38ea0c9581409efcd83716b74918903.zip busybox-c6f35241b38ea0c9581409efcd83716b74918903.tar.gz