Annotation of /trunk/mkinitrd-magellan/busybox/selinux/runcon.c
Parent Directory | Revision Log
Revision 984 -
(hide annotations)
(download)
Sun May 30 11:32:42 2010 UTC (14 years ago) by niro
File MIME type: text/plain
File size: 4131 byte(s)
Sun May 30 11:32:42 2010 UTC (14 years ago) by niro
File MIME type: text/plain
File size: 4131 byte(s)
-updated to busybox-1.16.1 and enabled blkid/uuid support in default config
1 | niro | 816 | /* |
2 | * runcon [ context | | ||
3 | * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) | ||
4 | * command [arg1 [arg2 ...] ] | ||
5 | * | ||
6 | * attempt to run the specified command with the specified context. | ||
7 | * | ||
8 | * -r role : use the current context with the specified role | ||
9 | * -t type : use the current context with the specified type | ||
10 | * -u user : use the current context with the specified user | ||
11 | * -l level : use the current context with the specified level range | ||
12 | * -c : compute process transition context before modifying | ||
13 | * | ||
14 | * Contexts are interpreted as follows: | ||
15 | * | ||
16 | * Number of MLS | ||
17 | * components system? | ||
18 | * | ||
19 | * 1 - type | ||
20 | * 2 - role:type | ||
21 | * 3 Y role:type:range | ||
22 | * 3 N user:role:type | ||
23 | * 4 Y user:role:type:range | ||
24 | * 4 N error | ||
25 | * | ||
26 | * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp> | ||
27 | * - based on coreutils-5.97 (in Fedora Core 6) | ||
28 | niro | 984 | * |
29 | * Licensed under GPLv2, see file LICENSE in this tarball for details. | ||
30 | niro | 816 | */ |
31 | #include <getopt.h> | ||
32 | #include <selinux/context.h> | ||
33 | #include <selinux/flask.h> | ||
34 | |||
35 | #include "libbb.h" | ||
36 | |||
37 | static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range, | ||
38 | char *command, int compute_trans) | ||
39 | { | ||
40 | context_t con; | ||
41 | security_context_t cur_context; | ||
42 | |||
43 | if (getcon(&cur_context)) | ||
44 | niro | 984 | bb_error_msg_and_die("can't get current context"); |
45 | niro | 816 | |
46 | if (compute_trans) { | ||
47 | security_context_t file_context, new_context; | ||
48 | |||
49 | if (getfilecon(command, &file_context) < 0) | ||
50 | niro | 984 | bb_error_msg_and_die("can't retrieve attributes of '%s'", |
51 | niro | 816 | command); |
52 | if (security_compute_create(cur_context, file_context, | ||
53 | SECCLASS_PROCESS, &new_context)) | ||
54 | bb_error_msg_and_die("unable to compute a new context"); | ||
55 | cur_context = new_context; | ||
56 | } | ||
57 | |||
58 | con = context_new(cur_context); | ||
59 | if (!con) | ||
60 | bb_error_msg_and_die("'%s' is not a valid context", cur_context); | ||
61 | if (user && context_user_set(con, user)) | ||
62 | bb_error_msg_and_die("failed to set new user '%s'", user); | ||
63 | if (type && context_type_set(con, type)) | ||
64 | bb_error_msg_and_die("failed to set new type '%s'", type); | ||
65 | if (range && context_range_set(con, range)) | ||
66 | bb_error_msg_and_die("failed to set new range '%s'", range); | ||
67 | if (role && context_role_set(con, role)) | ||
68 | bb_error_msg_and_die("failed to set new role '%s'", role); | ||
69 | |||
70 | return con; | ||
71 | } | ||
72 | |||
73 | #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS | ||
74 | static const char runcon_longopts[] ALIGN1 = | ||
75 | "user\0" Required_argument "u" | ||
76 | "role\0" Required_argument "r" | ||
77 | "type\0" Required_argument "t" | ||
78 | "range\0" Required_argument "l" | ||
79 | "compute\0" No_argument "c" | ||
80 | "help\0" No_argument "h" | ||
81 | ; | ||
82 | #endif | ||
83 | |||
84 | #define OPTS_ROLE (1<<0) /* r */ | ||
85 | #define OPTS_TYPE (1<<1) /* t */ | ||
86 | #define OPTS_USER (1<<2) /* u */ | ||
87 | #define OPTS_RANGE (1<<3) /* l */ | ||
88 | #define OPTS_COMPUTE (1<<4) /* c */ | ||
89 | #define OPTS_HELP (1<<5) /* h */ | ||
90 | #define OPTS_CONTEXT_COMPONENT (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE) | ||
91 | |||
92 | int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
93 | int runcon_main(int argc UNUSED_PARAM, char **argv) | ||
94 | { | ||
95 | char *role = NULL; | ||
96 | char *range = NULL; | ||
97 | char *user = NULL; | ||
98 | char *type = NULL; | ||
99 | char *context = NULL; | ||
100 | unsigned opts; | ||
101 | context_t con; | ||
102 | |||
103 | selinux_or_die(); | ||
104 | |||
105 | #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS | ||
106 | applet_long_options = runcon_longopts; | ||
107 | #endif | ||
108 | opt_complementary = "-1"; | ||
109 | opts = getopt32(argv, "r:t:u:l:ch", &role, &type, &user, &range); | ||
110 | argv += optind; | ||
111 | |||
112 | if (!(opts & OPTS_CONTEXT_COMPONENT)) { | ||
113 | context = *argv++; | ||
114 | if (!argv[0]) | ||
115 | bb_error_msg_and_die("no command given"); | ||
116 | } | ||
117 | |||
118 | if (context) { | ||
119 | con = context_new(context); | ||
120 | if (!con) | ||
121 | bb_error_msg_and_die("'%s' is not a valid context", context); | ||
122 | } else { | ||
123 | con = runcon_compute_new_context(user, role, type, range, | ||
124 | argv[0], opts & OPTS_COMPUTE); | ||
125 | } | ||
126 | |||
127 | if (security_check_context(context_str(con))) | ||
128 | bb_error_msg_and_die("'%s' is not a valid context", | ||
129 | context_str(con)); | ||
130 | |||
131 | if (setexeccon(context_str(con))) | ||
132 | niro | 984 | bb_error_msg_and_die("can't set up security context '%s'", |
133 | niro | 816 | context_str(con)); |
134 | |||
135 | execvp(argv[0], argv); | ||
136 | |||
137 | niro | 984 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); |
138 | niro | 816 | } |