summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/libbb.h2
-rw-r--r--libbb/update_passwd.c13
2 files changed, 12 insertions, 3 deletions
diff --git a/include/libbb.h b/include/libbb.h
index a42a2fb..2e9ea46 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -81,8 +81,6 @@
#if ENABLE_SELINUX
# include <selinux/selinux.h>
# include <selinux/context.h>
-# include <selinux/flask.h>
-# include <selinux/av_permissions.h>
#endif
#if ENABLE_FEATURE_UTMP
# if defined __UCLIBC__ && ( \
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index a2004f4..6255af4 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username)
if (!seuser)
bb_error_msg_and_die("invalid context '%s'", context);
if (strcmp(seuser, username) != 0) {
- if (checkPasswdAccess(PASSWD__PASSWD) != 0)
+ security_class_t tclass;
+ access_vector_t av;
+
+ tclass = string_to_security_class("passwd");
+ if (tclass == 0)
+ goto die;
+ av = string_to_av_perm(tclass, "passwd");
+ if (av == 0)
+ goto die;
+
+ if (selinux_check_passwd_access(av) != 0)
+ die:
bb_error_msg_and_die("SELinux: access denied");
}
if (ENABLE_FEATURE_CLEAN_UP)