diff options
-rw-r--r-- | include/libbb.h | 2 | ||||
-rw-r--r-- | libbb/update_passwd.c | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/include/libbb.h b/include/libbb.h index a42a2fb..2e9ea46 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -81,8 +81,6 @@ #if ENABLE_SELINUX # include <selinux/selinux.h> # include <selinux/context.h> -# include <selinux/flask.h> -# include <selinux/av_permissions.h> #endif #if ENABLE_FEATURE_UTMP # if defined __UCLIBC__ && ( \ diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c index a2004f4..6255af4 100644 --- a/libbb/update_passwd.c +++ b/libbb/update_passwd.c @@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username) if (!seuser) bb_error_msg_and_die("invalid context '%s'", context); if (strcmp(seuser, username) != 0) { - if (checkPasswdAccess(PASSWD__PASSWD) != 0) + security_class_t tclass; + access_vector_t av; + + tclass = string_to_security_class("passwd"); + if (tclass == 0) + goto die; + av = string_to_av_perm(tclass, "passwd"); + if (av == 0) + goto die; + + if (selinux_check_passwd_access(av) != 0) + die: bb_error_msg_and_die("SELinux: access denied"); } if (ENABLE_FEATURE_CLEAN_UP) |