- updated for 4.2.11

[packages/findutils.git] / findutils-selinux.patch

--- findutils-4.1.20/find/Makefile.am.orig      Mon May 26 20:02:34 2003
+++ findutils-4.1.20/find/Makefile.am   Wed Jan 28 15:15:13 2004
@@ -3,8 +3,9 @@
 bin_PROGRAMS = find
 find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = testsuite
 
--- findutils-4.2.11/find/defs.h.orig   2005-01-03 01:06:10.000000000 +0100
+++ findutils-4.2.11/find/defs.h        2005-01-09 18:10:03.183117288 +0100
@@ -126,6 +126,10 @@
 #define MODE_RWX       (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
 #define MODE_ALL       (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if 1
 #include <stdbool.h>
 typedef bool boolean;
@@ -290,6 +294,9 @@
     struct dir_id   fileid;    /* samefile */
     mode_t type;               /* type */
     FILE *stream;              /* fprint fprint0 */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf */
   } args;
 
@@ -477,6 +484,10 @@
   
   /* Pointer to the function used to stat files. */
   int (*xstat) (const char *name, struct stat *statbuf);
+
+#ifdef WITH_SELINUX
+  int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
 };
 extern struct options options;
 
@@ -511,4 +522,9 @@
 # define fchdir(fd) (-1)
 #endif
 
+#ifdef WITH_SELINUX
+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 #endif
--- findutils-4.2.6/find/find.1.orig    2004-11-21 10:52:17.000000000 +0100
+++ findutils-4.2.6/find/find.1 2004-11-21 22:52:25.469719184 +0100
@@ -396,6 +396,9 @@
 link to a file of type \fIc\fR; if the \-L option has been given, true
 if \fIc\fR is `l'.  In other words, for symbolic links, \-xtype checks
 the type of the file that \-type does not check.
+.IP "\-context \fIscontext\fR"
+.IP "\--context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
 
 .SS ACTIONS
 .IP "\-delete\fR"
@@ -633,6 +636,8 @@
 File's type (like in ls -l), U=unknown type (shouldn't happen)
 .IP %Y
 File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded (but the
 other character is printed).
--- findutils-4.2.11/find/find.c.orig   2005-01-03 01:10:13.000000000 +0100
+++ findutils-4.2.11/find/find.c        2005-01-09 18:11:42.808971856 +0100
@@ -238,11 +238,17 @@
     {
     case SYMLINK_ALWAYS_DEREF:  /* -L */
       options.xstat = optionl_stat;
+#ifdef WITH_SELINUX
+      options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
       options.no_leaf_check = true;
       break;
       
     case SYMLINK_NEVER_DEREF:  /* -P (default) */
       options.xstat = optionp_stat;
+#ifdef WITH_SELINUX
+      options.x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
       /* Can't turn no_leaf_check off because the user might have specified 
        * -noleaf anyway
        */
@@ -250,6 +256,9 @@
       
     case SYMLINK_DEREF_ARGSONLY: /* -H */
       options.xstat = optionh_stat;
+#ifdef WITH_SELINUX
+      options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
       options.no_leaf_check = true;
     }
 
@@ -272,6 +281,9 @@
   struct predicate *cur_pred;
   char *predicate_name;                /* Name of predicate being parsed. */
   int end_of_leading_options = 0; /* First arg after any -H/-L etc. */
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag;
+#endif /* WITH_SELINUX */
   program_name = argv[0];
 
 #ifdef HAVE_SETLOCALE
@@ -301,6 +313,9 @@
   options.ignore_readdir_race = false;
 
   state.exit_status = 0;
+#ifdef WITH_SELINUX
+  is_selinux_enabled_flag = (is_selinux_enabled() > 0);
+#endif /* WITH_SELINUX */
 
 #if defined(DEBUG_STAT)
   options.xstat = debug_stat;
@@ -382,6 +397,14 @@
       if (strchr ("-!(),", argv[i][0]) == NULL)
        usage (_("paths must precede expression"));
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+       if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+           (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+         error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
+       }
+      }
+#endif
       parse_function = find_parser (predicate_name);
       if (parse_function == NULL)
        /* Command line option not recognized */
--- findutils-4.2.11/find/parser.c.orig 2005-01-03 01:10:27.000000000 +0100
+++ findutils-4.2.11/find/parser.c      2005-01-09 18:12:19.498394216 +0100
@@ -28,6 +28,10 @@
 #include "../gnulib/lib/xalloc.h"
 
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -129,6 +133,9 @@
 static boolean parse_warn PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_quit PARAMS((char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case));
 static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )()));
@@ -254,6 +261,10 @@
   {ARG_TEST,               "wholename",             parse_wholename},   /* GNU, replaces -path */
   {ARG_OPTION,             "xdev",                  parse_xdev},
   {ARG_TEST,               "xtype",                 parse_xtype},      /* GNU */
+#ifdef WITH_SELINUX
+  {ARG_TEST,               "context",               parse_scontext},    /* SELINUX */
+  {ARG_TEST,               "-context",              parse_scontext},    /* SELINUX */
+#endif /*WITH_SELINUX*/
   {0, 0, 0}
 };
 \f
@@ -726,6 +737,10 @@
       -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
       -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
       -used N -user NAME -xtype [bcdpfls]\n"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\
       -fls FILE -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls -delete\n\
@@ -1542,6 +1557,32 @@
   return true;
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext ( argv, arg_ptr )
+     char *argv[];
+     int *arg_ptr;
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary(pred_scontext);
+  our_pred->need_stat = false;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_xtype (char **argv, int *arg_ptr)
 {
@@ -1702,7 +1743,11 @@
          if (*scan2 == '.')
            for (scan2++; ISDIGIT (*scan2); scan2++)
              /* Do nothing. */ ;
+#ifdef WITH_SELINUX
+         if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
+#else  /* WITH_SELINUX */
          if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
+#endif /* WITH_SELINUX */
            {
              segmentp = make_segment (segmentp, format, scan2 - format,
                                       (int) *scan2);
--- findutils-4.2.11/find/pred.c.orig   2005-01-03 01:15:48.000000000 +0100
+++ findutils-4.2.11/find/pred.c        2005-01-09 18:22:25.204312920 +0100
@@ -30,6 +30,14 @@
 #include "filemode.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -73,7 +81,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -202,6 +209,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -813,6 +823,26 @@
 
          }
          break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+             segment->text[segment->text_len] = 's';
+             (void) fprintf (fp, segment->text, scontext);
+             freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
        }
     }
   return (true);
@@ -1366,6 +1396,31 @@
    */
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext (char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp(scontext, pred_ptr->args.scontext) == 0);
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 \f
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.1.7/find/util.c.selinux 2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/util.c 2003-10-10 13:19:10.869534272 -0400
@@ -65,6 +65,9 @@
   last_pred->no_default_print = false;
   last_pred->need_stat = true;
   last_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  last_pred->args.scontext = NULL;
+#endif
   last_pred->pred_next = NULL;
   last_pred->pred_left = NULL;
   last_pred->pred_right = NULL;
--- findutils-4.2.8/po/pl.po.orig       2004-11-26 00:55:08.041685696 +0100
+++ findutils-4.2.8/po/pl.po    2004-11-26 01:02:56.090531456 +0100
@@ -216,6 +216,11 @@
 msgid "paths must precede expression"
 msgstr "¶cie¿ki musz± poprzedzaæ wyra¿enie"
 
+#: find/find.c:217
+#, c-format
+msgid "Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"
+msgstr "B³±d: b³êdne wyra¿enie %s: j±dro nie ma w³±czonej obs³ugi SELinuksa.\n"
+
 #. Command line option not recognized
 #: find/find.c:427
 #, c-format
@@ -375,6 +380,10 @@
 "      -wholename WZORZEC -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n"
 "      -used N -user NAZWA -xtype [bcdpfls]"
 
+#: find/parser.c:738
+msgid "      -context CONTEXT\n"
+msgstr "      -context KONTEKST\n"
+
 #: find/parser.c:725
 msgid ""
 "actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n"