From 60158cb93eb0b3207dd1084cdf5bdd9226bd9e89 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Tue, 3 May 2005 06:25:50 +0000 Subject: A patch from Takeharu KATO to update/fix SE-Linux support. --- libbb/find_pid_by_name.c | 7 ++----- libbb/procps.c | 15 ++------------- libbb/run_shell.c | 43 +++++++++++++++++++++++++++++++++---------- 3 files changed, 37 insertions(+), 28 deletions(-) (limited to 'libbb') diff --git a/libbb/find_pid_by_name.c b/libbb/find_pid_by_name.c index 930710f..570e7bd 100644 --- a/libbb/find_pid_by_name.c +++ b/libbb/find_pid_by_name.c @@ -45,11 +45,8 @@ extern long* find_pid_by_name( const char* pidName) procps_status_t * p; pidList = xmalloc(sizeof(long)); -#ifdef CONFIG_SELINUX - while ((p = procps_scan(0, 0, NULL)) != 0) { -#else - while ((p = procps_scan(0)) != 0) { -#endif + while ((p = procps_scan(0)) != 0) + { if (strncmp(p->short_cmd, pidName, COMM_LEN-1) == 0) { pidList=xrealloc( pidList, sizeof(long) * (i+2)); pidList[i++]=p->pid; diff --git a/libbb/procps.c b/libbb/procps.c index e405fb7..72f627f 100644 --- a/libbb/procps.c +++ b/libbb/procps.c @@ -16,11 +16,7 @@ #include "libbb.h" -extern procps_status_t * procps_scan(int save_user_arg0 -#ifdef CONFIG_SELINUX - , int use_selinux , security_id_t *sid -#endif - ) +extern procps_status_t * procps_scan(int save_user_arg0) { static DIR *dir; struct dirent *entry; @@ -60,16 +56,9 @@ extern procps_status_t * procps_scan(int save_user_arg0 my_getpwuid(curstatus.user, sb.st_uid, sizeof(curstatus.user)); sprintf(status, "/proc/%d/stat", pid); + if((fp = fopen(status, "r")) == NULL) continue; -#ifdef CONFIG_SELINUX - if(use_selinux) - { - if(fstat_secure(fileno(fp), &sb, sid)) - continue; - } - else -#endif name = fgets(buf, sizeof(buf), fp); fclose(fp); if(name == NULL) diff --git a/libbb/run_shell.c b/libbb/run_shell.c index 993b4e7..67ff2a5 100644 --- a/libbb/run_shell.c +++ b/libbb/run_shell.c @@ -37,7 +37,33 @@ #include #include "libbb.h" #ifdef CONFIG_SELINUX -#include +#include /* for setexeccon */ +#endif + +#ifdef CONFIG_SELINUX +static security_context_t current_sid=NULL; + +void +renew_current_security_context(void) +{ + if (current_sid) + freecon(current_sid); /* Release old context */ + + getcon(¤t_sid); /* update */ + + return; +} +void +set_current_security_context(security_context_t sid) +{ + if (current_sid) + freecon(current_sid); /* Release old context */ + + current_sid=sid; + + return; +} + #endif /* Run SHELL, or DEFAULT_SHELL if SHELL is empty. @@ -45,11 +71,7 @@ If ADDITIONAL_ARGS is nonzero, pass it to the shell as more arguments. */ -void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args -#ifdef CONFIG_SELINUX - , security_id_t sid -#endif -) +void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args) { const char **args; int argno = 1; @@ -78,10 +100,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c } args [argno] = 0; #ifdef CONFIG_SELINUX - if(sid) - execve_secure(shell, (char **) args, environ, sid); - else + if ( (current_sid) && (!setexeccon(current_sid)) ) { + freecon(current_sid); + execve(shell, (char **) args, environ); + } else #endif - execv ( shell, (char **) args ); + execv ( shell, (char **) args ); bb_perror_msg_and_die ( "cannot run %s", shell ); } -- cgit v1.1