]>
Commit | Line | Data |
---|---|---|
32939b0c JB |
1 | --- findutils-4.1.20/find/Makefile.am.orig Mon May 26 20:02:34 2003 |
2 | +++ findutils-4.1.20/find/Makefile.am Wed Jan 28 15:15:13 2004 | |
3 | @@ -3,8 +3,9 @@ | |
4 | bin_PROGRAMS = find | |
5 | find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c | |
6 | EXTRA_DIST = defs.h $(man_MANS) | |
7 | +DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX | |
8 | INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\" | |
9 | -LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ | |
10 | +LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux | |
11 | man_MANS = find.1 | |
12 | SUBDIRS = testsuite | |
13 | ||
14 | --- findutils-4.1.7/find/defs.h.selinux 2001-05-20 16:39:37.000000000 -0400 | |
15 | +++ findutils-4.1.7/find/defs.h 2003-10-10 13:06:11.451070520 -0400 | |
16 | @@ -118,6 +118,10 @@ | |
17 | #define MODE_RWX (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW) | |
18 | #define MODE_ALL (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX) | |
19 | ||
20 | +#ifdef WITH_SELINUX | |
21 | +#include <selinux/selinux.h> | |
22 | +#endif /*WITH_SELINUX*/ | |
23 | + | |
24 | /* Not char because of type promotion; NeXT gcc can't handle it. */ | |
25 | typedef int boolean; | |
26 | #define true 1 | |
27 | @@ -265,6 +269,9 @@ | |
28 | struct perm_val perm; /* perm */ | |
29 | mode_t type; /* type */ | |
30 | FILE *stream; /* fprint fprint0 */ | |
31 | +#ifdef WITH_SELINUX | |
32 | + security_context_t scontext; /* scontext */ | |
33 | +#endif /*WITH_SELINUX*/ | |
34 | struct format_val printf_vec; /* printf fprintf */ | |
35 | } args; | |
36 | ||
37 | @@ -310,6 +317,11 @@ | |
38 | VOID *xmalloc PARAMS((size_t n)); | |
39 | VOID *xrealloc PARAMS((VOID *p, size_t n)); | |
40 | ||
41 | +#ifdef WITH_SELINUX | |
42 | +boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); | |
43 | +extern int (*x_getfilecon) (); | |
44 | +#endif /*WITH_SELINUX*/ | |
45 | + | |
46 | /* xstrdup.c */ | |
47 | char *xstrdup PARAMS((char *string)); | |
48 | ||
49 | --- findutils-4.1.7/find/find.1.selinux 2003-10-10 13:06:11.334084221 -0400 | |
50 | +++ findutils-4.1.7/find/find.1 2003-10-10 13:06:11.555058342 -0400 | |
51 | @@ -230,6 +230,9 @@ | |
52 | file of type \fIc\fR; if \-follow has been given, true if \fIc\fR is | |
53 | `l'. In other words, for symbolic links, \-xtype checks the type of | |
54 | the file that \-type does not check. | |
55 | +.IP "\-context \fIscontext\fR" | |
56 | +.IP "\--context \fIscontext\fR" | |
57 | +(SELinux only) File has the security context \fIscontext\fR. | |
58 | .SS ACTIONS | |
59 | .IP "\-exec \fIcommand\fR ;" | |
60 | Execute \fIcommand\fR; true if 0 status is returned. All following | |
61 | @@ -419,6 +422,8 @@ | |
62 | File's user name, or numeric user ID if the user has no name. | |
63 | .IP %U | |
64 | File's numeric user ID. | |
65 | +.IP %Z | |
66 | +(SELinux only) file's security context. | |
67 | .PP | |
68 | A `%' character followed by any other character is discarded (but the | |
69 | other character is printed). | |
70 | --- findutils-4.1.7/find/find.c.selinux 2001-05-20 16:39:37.000000000 -0400 | |
71 | +++ findutils-4.1.7/find/find.c 2003-10-10 13:06:11.556058225 -0400 | |
72 | @@ -135,6 +135,9 @@ | |
73 | ||
74 | /* Pointer to the function used to stat files. */ | |
75 | int (*xstat) (); | |
76 | +#ifdef WITH_SELINUX | |
77 | +int (*x_getfilecon) (); | |
78 | +#endif /* WITH_SELINUX */ | |
79 | ||
80 | /* Status value to return to system. */ | |
81 | int exit_status; | |
82 | @@ -181,6 +184,10 @@ | |
83 | xstat = debug_stat; | |
84 | #else /* !DEBUG_STAT */ | |
85 | xstat = lstat; | |
86 | +#ifdef WITH_SELINUX | |
5b673d38 | 87 | + int is_selinux_enabled_flag = (is_selinux_enabled() > 0); |
32939b0c JB |
88 | + x_getfilecon = lgetfilecon; |
89 | +#endif /* WITH_SELINUX */ | |
90 | #endif /* !DEBUG_STAT */ | |
91 | ||
92 | human_block_size (getenv ("FIND_BLOCK_SIZE"), 0, &output_block_size); | |
93 | @@ -202,6 +209,14 @@ | |
94 | if (strchr ("-!(),", argv[i][0]) == NULL) | |
95 | usage (_("paths must precede expression")); | |
96 | predicate_name = argv[i]; | |
97 | +#ifdef WITH_SELINUX | |
98 | + if (! is_selinux_enabled_flag) { | |
99 | + if ((strncmp(predicate_name,"-context",strlen("-context"))==0) || | |
100 | + (strncmp(predicate_name,"--context",strlen("--context"))==0)) { | |
101 | + error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name); | |
102 | + } | |
103 | + } | |
104 | +#endif | |
105 | parse_function = find_parser (predicate_name); | |
106 | if (parse_function == NULL) | |
107 | /* Command line option not recognized */ | |
108 | --- findutils-4.1.7/find/parser.c.selinux 2001-05-20 16:39:37.000000000 -0400 | |
109 | +++ findutils-4.1.7/find/parser.c 2003-10-10 13:06:11.558057991 -0400 | |
110 | @@ -23,6 +23,10 @@ | |
111 | #include "modetype.h" | |
112 | #include "xstrtol.h" | |
113 | ||
114 | +#ifdef WITH_SELINUX | |
115 | +#include <selinux/selinux.h> | |
116 | +#endif /*WITH_SELINUX*/ | |
117 | + | |
118 | #if ENABLE_NLS | |
119 | # include <libintl.h> | |
120 | # define _(Text) gettext (Text) | |
121 | @@ -113,6 +117,9 @@ | |
122 | static boolean parse_version PARAMS((char *argv[], int *arg_ptr)); | |
123 | static boolean parse_xdev PARAMS((char *argv[], int *arg_ptr)); | |
124 | static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr)); | |
125 | +#ifdef WITH_SELINUX | |
126 | +static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr)); | |
127 | +#endif /*WITH_SELINUX*/ | |
128 | ||
129 | static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case)); | |
130 | static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )())); | |
131 | @@ -215,7 +222,11 @@ | |
132 | {"-version", parse_version}, /* GNU */ | |
133 | {"xdev", parse_xdev}, | |
134 | {"xtype", parse_xtype}, /* GNU */ | |
135 | - {0, 0} | |
136 | +#ifdef WITH_SELINUX | |
137 | + {"context", parse_scontext}, /* SELINUX */ | |
138 | + {"-context", parse_scontext}, /* SELINUX */ | |
139 | +#endif /*WITH_SELINUX*/ | |
140 | + {0, 0} | |
141 | }; | |
142 | \f | |
143 | /* Return a pointer to the parser function to invoke for predicate | |
144 | @@ -465,7 +476,10 @@ | |
145 | { | |
146 | dereference = true; | |
147 | xstat = stat; | |
148 | - no_leaf_check = true; | |
149 | +#ifdef WITH_SELINUX | |
150 | + x_getfilecon = getfilecon; | |
151 | +#endif /* WITH_SELINUX */ | |
152 | + no_leaf_check = true; | |
153 | return (true); | |
154 | } | |
155 | ||
156 | @@ -570,6 +584,10 @@ | |
157 | -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\ | |
158 | -size N[bckw] -true -type [bcdpfls] -uid N -used N -user NAME\n\ | |
159 | -xtype [bcdpfls]\n")); | |
160 | +#ifdef WITH_SELINUX | |
161 | + puts (_("\ | |
162 | + -context CONTEXT\n")); | |
163 | +#endif /*WITH_SELINUX*/ | |
164 | puts (_("\ | |
165 | actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\ | |
166 | -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls\n")); | |
167 | @@ -1200,6 +1218,32 @@ | |
168 | return true; | |
169 | } | |
170 | ||
171 | +#ifdef WITH_SELINUX | |
172 | + | |
173 | +static boolean | |
174 | +parse_scontext ( argv, arg_ptr ) | |
175 | + char *argv[]; | |
176 | + int *arg_ptr; | |
177 | +{ | |
178 | + struct predicate *our_pred; | |
179 | + | |
180 | + if ( (argv == NULL) || (argv[*arg_ptr] == NULL) ) | |
181 | + return( false ); | |
182 | + | |
183 | + our_pred = insert_primary(pred_scontext); | |
184 | + our_pred->need_stat = false; | |
185 | +#ifdef DEBUG | |
186 | + our_pred->p_name = find_pred_name (pred_scontext); | |
187 | +#endif /*DEBUG*/ | |
188 | + | |
189 | + our_pred->args.scontext = argv[*arg_ptr];; | |
190 | + | |
191 | + (*arg_ptr)++; | |
192 | + return( true ); | |
193 | +} | |
194 | + | |
195 | +#endif /*WITH_SELINUX*/ | |
196 | + | |
197 | static boolean | |
198 | parse_xtype (char **argv, int *arg_ptr) | |
199 | { | |
200 | @@ -1358,7 +1402,11 @@ | |
201 | if (*scan2 == '.') | |
202 | for (scan2++; ISDIGIT (*scan2); scan2++) | |
203 | /* Do nothing. */ ; | |
204 | - if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2)) | |
205 | +#ifdef WITH_SELINUX | |
206 | + if (strchr ("abcdfFgGhHiklmnpPstuUZ", *scan2)) | |
207 | +#else /* WITH_SELINUX */ | |
208 | + if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2)) | |
209 | +#endif /* WITH_SELINUX */ | |
210 | { | |
211 | segmentp = make_segment (segmentp, format, scan2 - format, | |
212 | (int) *scan2); | |
213 | --- findutils-4.1.7/find/pred.c.selinux 2001-05-20 16:39:37.000000000 -0400 | |
214 | +++ findutils-4.1.7/find/pred.c 2003-10-10 13:15:13.752422594 -0400 | |
215 | @@ -27,6 +27,14 @@ | |
216 | #include "modetype.h" | |
217 | #include "wait.h" | |
218 | ||
219 | +#ifdef WITH_SELINUX | |
220 | +#include <selinux/selinux.h> | |
221 | +#endif /*WITH_SELINUX*/ | |
222 | + | |
223 | +#ifndef FNM_CASEFOLD | |
224 | +#define FNM_CASEFOLD (1<<4) | |
225 | +#endif /*FNM_CASEFOLD*/ | |
226 | + | |
227 | #if ENABLE_NLS | |
228 | # include <libintl.h> | |
229 | # define _(Text) gettext (Text) | |
230 | @@ -69,7 +77,6 @@ | |
231 | ||
232 | extern int yesno (); | |
233 | ||
234 | - | |
235 | /* Get or fake the disk device blocksize. | |
236 | Usually defined by sys/param.h (if at all). */ | |
237 | #ifndef DEV_BSIZE | |
238 | @@ -196,6 +203,9 @@ | |
239 | {pred_used, "used "}, | |
240 | {pred_user, "user "}, | |
241 | {pred_xtype, "xtype "}, | |
242 | +#ifdef WITH_SELINUX | |
243 | + {pred_scontext, "context"}, | |
244 | +#endif /*WITH_SELINUX*/ | |
245 | {0, "none "} | |
246 | }; | |
247 | ||
248 | @@ -719,6 +729,26 @@ | |
249 | fprintf (fp, segment->text, | |
250 | human_readable ((uintmax_t) stat_buf->st_uid, hbuf, 1, 1)); | |
251 | break; | |
252 | +#ifdef WITH_SELINUX | |
253 | + case 'Z': /* SELinux security context */ | |
254 | + { | |
255 | + security_context_t scontext; | |
256 | + int rv; | |
257 | + rv = (*x_getfilecon)(rel_pathname, &scontext); | |
258 | + | |
259 | + if ( rv < 0 ) { | |
260 | + (void) fprintf(stderr, "getfileconf(%s): %s", | |
261 | + pathname, strerror(errno)); | |
262 | + (void) fflush(stderr); | |
263 | + } | |
264 | + else { | |
265 | + segment->text[segment->text_len] = 's'; | |
266 | + (void) fprintf (fp, segment->text, scontext); | |
267 | + freecon(scontext); | |
268 | + } | |
269 | + } | |
270 | + break ; | |
271 | +#endif /* WITH_SELINUX */ | |
272 | } | |
273 | } | |
274 | return (true); | |
275 | @@ -1220,6 +1250,34 @@ | |
276 | } | |
277 | return (pred_type (pathname, &sbuf, pred_ptr)); | |
278 | } | |
279 | + | |
280 | + | |
281 | +#ifdef WITH_SELINUX | |
282 | + | |
283 | +boolean | |
284 | +pred_scontext ( pathname, stat_buf, pred_ptr ) | |
285 | + char *pathname; | |
286 | + struct stat *stat_buf; | |
287 | + struct predicate *pred_ptr; | |
288 | +{ | |
289 | + int rv; | |
290 | + security_context_t scontext; | |
291 | + | |
292 | + rv = (* x_getfilecon)(rel_pathname, &scontext); | |
293 | + | |
294 | + if ( rv < 0 ) { | |
295 | + (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno)); | |
296 | + (void) fflush(stderr); | |
297 | + return ( false ); | |
298 | + } | |
299 | + | |
300 | + rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 ); | |
301 | + freecon(scontext); | |
302 | + return rv; | |
303 | +} | |
304 | + | |
305 | +#endif /*WITH_SELINUX*/ | |
306 | + | |
307 | \f | |
308 | /* 1) fork to get a child; parent remembers the child pid | |
309 | 2) child execs the command requested | |
310 | --- findutils-4.1.7/find/util.c.selinux 2001-05-20 16:39:37.000000000 -0400 | |
311 | +++ findutils-4.1.7/find/util.c 2003-10-10 13:19:10.869534272 -0400 | |
312 | @@ -65,6 +65,9 @@ | |
313 | last_pred->no_default_print = false; | |
314 | last_pred->need_stat = true; | |
315 | last_pred->args.str = NULL; | |
316 | +#ifdef WITH_SELINUX | |
317 | + last_pred->args.scontext = NULL; | |
318 | +#endif | |
319 | last_pred->pred_next = NULL; | |
320 | last_pred->pred_left = NULL; | |
321 | last_pred->pred_right = NULL; | |
322 | --- findutils-4.1.20/po/pl.po.orig Wed Jan 28 15:12:55 2004 | |
323 | +++ findutils-4.1.20/po/pl.po Wed Jan 28 15:37:07 2004 | |
324 | @@ -216,6 +216,11 @@ | |
325 | msgid "paths must precede expression" | |
326 |