diff options
-rw-r--r-- | include/applets.src.h | 12 | ||||
-rw-r--r-- | selinux/Config.src | 113 | ||||
-rw-r--r-- | selinux/Kbuild.src | 12 | ||||
-rw-r--r-- | selinux/chcon.c | 17 | ||||
-rw-r--r-- | selinux/getenforce.c | 10 | ||||
-rw-r--r-- | selinux/getsebool.c | 10 | ||||
-rw-r--r-- | selinux/load_policy.c | 10 | ||||
-rw-r--r-- | selinux/matchpathcon.c | 11 | ||||
-rw-r--r-- | selinux/runcon.c | 17 | ||||
-rw-r--r-- | selinux/selinuxenabled.c | 11 | ||||
-rw-r--r-- | selinux/sestatus.c | 10 | ||||
-rw-r--r-- | selinux/setenforce.c | 10 | ||||
-rw-r--r-- | selinux/setfiles.c | 31 | ||||
-rw-r--r-- | selinux/setsebool.c | 11 |
14 files changed, 148 insertions, 137 deletions
diff --git a/include/applets.src.h b/include/applets.src.h index c72dca8..4e78915 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -73,25 +73,13 @@ s - suid type: INSERT -IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_DHCPRELAY(APPLET(dhcprelay, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_DUMPLEASES(APPLET(dumpleases, BB_DIR_USR_BIN, BB_SUID_DROP)) //IF_E2FSCK(APPLET(e2fsck, BB_DIR_SBIN, BB_SUID_DROP)) //IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label)) //IF_E2FSCK(APPLET_ODDNAME(fsck.ext2, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext2)) //IF_E2FSCK(APPLET_ODDNAME(fsck.ext3, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext3)) -IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP)) //IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP)) -IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon)) -IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP)) -IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP)) -IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_UDHCPC(APPLET(udhcpc, BB_DIR_SBIN, BB_SUID_DROP)) IF_UDHCPD(APPLET(udhcpd, BB_DIR_USR_SBIN, BB_SUID_DROP)) diff --git a/selinux/Config.src b/selinux/Config.src index d4701f6..9cb755a 100644 --- a/selinux/Config.src +++ b/selinux/Config.src @@ -8,117 +8,4 @@ menu "SELinux Utilities" INSERT -config CHCON - bool "chcon" - default n - depends on SELINUX - help - Enable support to change the security context of file. - -config FEATURE_CHCON_LONG_OPTIONS - bool "Enable long options" - default y - depends on CHCON && LONG_OPTS - help - Support long options for the chcon applet. - -config GETENFORCE - bool "getenforce" - default n - depends on SELINUX - help - Enable support to get the current mode of SELinux. - -config GETSEBOOL - bool "getsebool" - default n - depends on SELINUX - help - Enable support to get SELinux boolean values. - -config LOAD_POLICY - bool "load_policy" - default n - depends on SELINUX - help - Enable support to load SELinux policy. - -config MATCHPATHCON - bool "matchpathcon" - default n - depends on SELINUX - help - Enable support to get default security context of the - specified path from the file contexts configuration. - -config RESTORECON - bool "restorecon" - default n - depends on SELINUX - help - Enable support to relabel files. The feature is almost - the same as setfiles, but usage is a little different. - -config RUNCON - bool "runcon" - default n - depends on SELINUX - help - Enable support to run command in specified security context. - -config FEATURE_RUNCON_LONG_OPTIONS - bool "Enable long options" - default y - depends on RUNCON && LONG_OPTS - help - Support long options for the runcon applet. - -config SELINUXENABLED - bool "selinuxenabled" - default n - depends on SELINUX - help - Enable support for this command to be used within shell scripts - to determine if selinux is enabled. - -config SETENFORCE - bool "setenforce" - default n - depends on SELINUX - help - Enable support to modify the mode SELinux is running in. - -config SETFILES - bool "setfiles" - default n - depends on SELINUX - help - Enable support to modify to relabel files. - Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64, - (It is default in libselinux's Makefile), you _must_ enable - CONFIG_LFS. - -config FEATURE_SETFILES_CHECK_OPTION - bool "Enable check option" - default n - depends on SETFILES - help - Support "-c" option (check the validity of the contexts against - the specified binary policy) for setfiles. Requires libsepol. - -config SETSEBOOL - bool "setsebool" - default n - depends on SELINUX - help - Enable support for change boolean. - semanage and -P option is not supported yet. - -config SESTATUS - bool "sestatus" - default n - depends on SELINUX - help - Displays the status of SELinux. - endmenu diff --git a/selinux/Kbuild.src b/selinux/Kbuild.src index cdd5f2a..62c9e64 100644 --- a/selinux/Kbuild.src +++ b/selinux/Kbuild.src @@ -8,15 +8,3 @@ lib-y:= INSERT -lib-$(CONFIG_CHCON) += chcon.o -lib-$(CONFIG_GETENFORCE) += getenforce.o -lib-$(CONFIG_GETSEBOOL) += getsebool.o -lib-$(CONFIG_LOAD_POLICY) += load_policy.o -lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o -lib-$(CONFIG_RUNCON) += runcon.o -lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o -lib-$(CONFIG_SETENFORCE) += setenforce.o -lib-$(CONFIG_SETFILES) += setfiles.o -lib-$(CONFIG_RESTORECON) += setfiles.o -lib-$(CONFIG_SETSEBOOL) += setsebool.o -lib-$(CONFIG_SESTATUS) += sestatus.o diff --git a/selinux/chcon.c b/selinux/chcon.c index f947c2c..c743013 100644 --- a/selinux/chcon.c +++ b/selinux/chcon.c @@ -7,6 +7,23 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config CHCON +//config: bool "chcon" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to change the security context of file. +//config: +//config:config FEATURE_CHCON_LONG_OPTIONS +//config: bool "Enable long options" +//config: default y +//config: depends on CHCON && LONG_OPTS +//config: help +//config: Support long options for the chcon applet. + +//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_CHCON) += chcon.o //usage:#define chcon_trivial_usage //usage: "[OPTIONS] CONTEXT FILE..." diff --git a/selinux/getenforce.c b/selinux/getenforce.c index 56611d6..3747765 100644 --- a/selinux/getenforce.c +++ b/selinux/getenforce.c @@ -6,6 +6,16 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config GETENFORCE +//config: bool "getenforce" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to get the current mode of SELinux. + +//applet:IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_GETENFORCE) += getenforce.o //usage:#define getenforce_trivial_usage NOUSAGE_STR //usage:#define getenforce_full_usage "" diff --git a/selinux/getsebool.c b/selinux/getsebool.c index e8f0fef..fce478f 100644 --- a/selinux/getsebool.c +++ b/selinux/getsebool.c @@ -6,6 +6,16 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config GETSEBOOL +//config: bool "getsebool" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to get SELinux boolean values. + +//applet:IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_GETSEBOOL) += getsebool.o //usage:#define getsebool_trivial_usage //usage: "-a or getsebool boolean..." diff --git a/selinux/load_policy.c b/selinux/load_policy.c index ce139db..f969453 100644 --- a/selinux/load_policy.c +++ b/selinux/load_policy.c @@ -4,6 +4,16 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config LOAD_POLICY +//config: bool "load_policy" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to load SELinux policy. + +//applet:IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_LOAD_POLICY) += load_policy.o //usage:#define load_policy_trivial_usage NOUSAGE_STR //usage:#define load_policy_full_usage "" diff --git a/selinux/matchpathcon.c b/selinux/matchpathcon.c index 9e5728e..a3b2fcb 100644 --- a/selinux/matchpathcon.c +++ b/selinux/matchpathcon.c @@ -5,6 +5,17 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config MATCHPATHCON +//config: bool "matchpathcon" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to get default security context of the +//config: specified path from the file contexts configuration. + +//applet:IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o //usage:#define matchpathcon_trivial_usage //usage: "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]" diff --git a/selinux/runcon.c b/selinux/runcon.c index 27f2be3..366834e 100644 --- a/selinux/runcon.c +++ b/selinux/runcon.c @@ -28,6 +28,23 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config RUNCON +//config: bool "runcon" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to run command in specified security context. +//config: +//config:config FEATURE_RUNCON_LONG_OPTIONS +//config: bool "Enable long options" +//config: default y +//config: depends on RUNCON && LONG_OPTS +//config: help +//config: Support long options for the runcon applet. + +//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_RUNCON) += runcon.o //usage:#define runcon_trivial_usage //usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n" diff --git a/selinux/selinuxenabled.c b/selinux/selinuxenabled.c index ce830dc..b80c4e7 100644 --- a/selinux/selinuxenabled.c +++ b/selinux/selinuxenabled.c @@ -6,6 +6,17 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config SELINUXENABLED +//config: bool "selinuxenabled" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support for this command to be used within shell scripts +//config: to determine if selinux is enabled. + +//applet:IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o //usage:#define selinuxenabled_trivial_usage NOUSAGE_STR //usage:#define selinuxenabled_full_usage "" diff --git a/selinux/sestatus.c b/selinux/sestatus.c index e594318..ad49c9d 100644 --- a/selinux/sestatus.c +++ b/selinux/sestatus.c @@ -7,6 +7,16 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config SESTATUS +//config: bool "sestatus" +//config: default n +//config: depends on SELINUX +//config: help +//config: Displays the status of SELinux. + +//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o //usage:#define sestatus_trivial_usage //usage: "[-vb]" diff --git a/selinux/setenforce.c b/selinux/setenforce.c index c5bc0a5..8d18abd 100644 --- a/selinux/setenforce.c +++ b/selinux/setenforce.c @@ -6,6 +6,16 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config SETENFORCE +//config: bool "setenforce" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to modify the mode SELinux is running in. + +//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o //usage:#define setenforce_trivial_usage //usage: "[Enforcing | Permissive | 1 | 0]" diff --git a/selinux/setfiles.c b/selinux/setfiles.c index c9597d5..4fc307f 100644 --- a/selinux/setfiles.c +++ b/selinux/setfiles.c @@ -3,6 +3,37 @@ policycoreutils was released under GPL 2. Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp> */ +//config:config SETFILES +//config: bool "setfiles" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to modify to relabel files. +//config: Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64, +//config: (It is default in libselinux's Makefile), you _must_ enable +//config: CONFIG_LFS. +//config: +//config:config FEATURE_SETFILES_CHECK_OPTION +//config: bool "Enable check option" +//config: default n +//config: depends on SETFILES +//config: help +//config: Support "-c" option (check the validity of the contexts against +//config: the specified binary policy) for setfiles. Requires libsepol. +//config: +//config:config RESTORECON +//config: bool "restorecon" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support to relabel files. The feature is almost +//config: the same as setfiles, but usage is a little different. + +//applet:IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon)) + +//kbuild:lib-$(CONFIG_SETFILES) += setfiles.o +//kbuild:lib-$(CONFIG_RESTORECON) += setfiles.o //usage:#define setfiles_trivial_usage //usage: "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]" diff --git a/selinux/setsebool.c b/selinux/setsebool.c index ec682e5..6a6bd03 100644 --- a/selinux/setsebool.c +++ b/selinux/setsebool.c @@ -7,6 +7,17 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config SETSEBOOL +//config: bool "setsebool" +//config: default n +//config: depends on SELINUX +//config: help +//config: Enable support for change boolean. +//config: semanage and -P option is not supported yet. + +//applet:IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_SETSEBOOL) += setsebool.o //usage:#define setsebool_trivial_usage //usage: "boolean value" |