- unify ftp.gnu.org urls

[packages/findutils.git] / findutils-selinux.patch

--- findutils-4.4.0/find/Makefile.am.orig       2007-07-22 14:29:31.000000000 +0200
+++ findutils-4.4.0/find/Makefile.am    2008-03-16 01:19:36.539333465 +0100
@@ -25,8 +25,9 @@
 endif
 
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@
+LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = . testsuite
 
--- findutils-4.4.0/find/defs.h.orig    2008-03-10 10:37:21.000000000 +0100
+++ findutils-4.4.0/find/defs.h 2008-03-16 01:22:53.718566717 +0100
@@ -49,6 +49,9 @@
 #include <stdint.h>            /* for uintmax_t */
 #include <sys/stat.h> /* S_ISUID etc. */
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
 
 
 #ifndef CHAR_BIT
@@ -314,6 +317,9 @@
     struct perm_val perm;      /* perm */
     struct samefile_file_id samefileid; /* samefile */
     mode_t type;               /* type */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf fprint ls fls print0 fprint0 print */
   } args;
 
@@ -589,6 +595,10 @@
   /* Pointer to the function used to stat files. */
   int (*xstat) (const char *name, struct stat *statbuf);
 
+#ifdef WITH_SELINUX
+  int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
+
 
   /* Indicate if we can implement safely_chdir() using the O_NOFOLLOW 
    * flag to open(2). 
@@ -657,4 +667,9 @@
 extern char *program_name;
 
 
+#ifdef WITH_SELINUX
+PREDICATEFUNCTION pred_scontext;
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 #endif
--- findutils-4.4.0/find/find.1.orig    2007-12-19 20:53:14.000000000 +0100
+++ findutils-4.4.0/find/find.1 2008-03-16 01:24:14.939206112 +0100
@@ -935,6 +935,10 @@
 .B \-type
 does not check.
 
+.IP "\-context \fIscontext\fR"
+.IP "\-\-context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
+
 .SS ACTIONS
 .IP "\-delete\fR"
 Delete files; true if removal succeeded.  If the removal failed, an
@@ -1340,6 +1344,8 @@
 U=unknown type (shouldn't happen)
 .IP %Y
 File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded, but the
 other character is printed (don't rely on this, as further format
--- findutils-4.4.0/find/parser.c.orig  2008-03-10 10:37:21.000000000 +0100
+++ findutils-4.4.0/find/parser.c       2008-03-17 20:23:52.047453360 +0100
@@ -53,6 +53,10 @@
 #include <unistd.h> 
 #include <sys/stat.h>
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -156,6 +160,9 @@
 static boolean parse_warn          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 static boolean parse_xtype         PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 static boolean parse_quit          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext      PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 boolean parse_print             PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 
@@ -322,6 +329,10 @@
   {ARG_TEST,       "writable",               parse_accesscheck, pred_writable}, /* GNU, 4.3.0+ */
   PARSE_OPTION     ("xdev",                  xdev), /* POSIX */
   PARSE_TEST       ("xtype",                 xtype),        /* GNU */
+#ifdef WITH_SELINUX
+  PARSE_TEST       ("context",               scontext),      /* SELINUX */
+  PARSE_TEST       ("-context",              scontext),      /* SELINUX */
+#endif /*WITH_SELINUX*/
 #ifdef UNIMPLEMENTED_UNIX
   /* It's pretty ugly for find to know about archive formats.
      Plus what it could do with cpio archives is very limited.
@@ -451,11 +462,17 @@
        {
        case SYMLINK_ALWAYS_DEREF:  /* -L */
          options.xstat = optionl_stat;
+#ifdef WITH_SELINUX
+         options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
          options.no_leaf_check = true;
          break;
          
        case SYMLINK_NEVER_DEREF:       /* -P (default) */
          options.xstat = optionp_stat;
+#ifdef WITH_SELINUX
+         options.x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
          /* Can't turn no_leaf_check off because the user might have specified 
           * -noleaf anyway
           */
@@ -463,6 +480,9 @@
          
        case SYMLINK_DEREF_ARGSONLY: /* -H */
          options.xstat = optionh_stat;
+#ifdef WITH_SELINUX
+         options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
          options.no_leaf_check = true;
        }
     }
@@ -1129,6 +1149,10 @@
       -readable -writable -executable\n\
       -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
       -used N -user NAME -xtype [bcdpfls]\n"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
       -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
@@ -2392,6 +2416,30 @@
     }
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext (const struct parser_table *entry, char **argv, int *arg_ptr)
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary_withpred (entry, pred_scontext);
+  our_pred->need_stat = our_pred->need_type = false;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_used (const struct parser_table* entry, char **argv, int *arg_ptr)
 {
@@ -2777,7 +2825,11 @@
          if (*scan2 == '.')
            for (scan2++; ISDIGIT (*scan2); scan2++)
              /* Do nothing. */ ;
+#ifdef WITH_SELINUX
+         if (strchr ("abcdDfFgGhHiklmMnpPsStuUyYZ", *scan2))
+#else  /* WITH_SELINUX */
          if (strchr ("abcdDfFgGhHiklmMnpPsStuUyY", *scan2))
+#endif /* WITH_SELINUX */
            {
              segmentp = make_segment (segmentp, format, scan2 - format,
                                       KIND_FORMAT, *scan2, 0,
--- findutils-4.2.11/find/pred.c.orig   2005-01-03 01:15:48.000000000 +0100
+++ findutils-4.2.11/find/pred.c        2005-01-09 18:22:25.204312920 +0100
@@ -30,6 +30,14 @@
 #include "filemode.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -73,7 +81,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -202,6 +209,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -813,6 +823,26 @@
 
          }
          break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+             segment->text[segment->text_len] = 's';
+             checked_fprintf (dest, segment->text, scontext);
+             freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
        }
     }
   return (true);
@@ -1366,6 +1396,31 @@
    */
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp(scontext, pred_ptr->args.scontext) == 0);
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 \f
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.4.0/find/tree.c.orig    2007-12-20 22:40:35.000000000 +0100
+++ findutils-4.4.0/find/tree.c 2008-03-17 20:21:28.427267235 +0100
@@ -1194,6 +1194,9 @@
   struct predicate *cur_pred;
   const struct parser_table *entry_close, *entry_print, *entry_open;
   int i, oldi;
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag;
+#endif /* WITH_SELINUX */
 
   predicates = NULL;
   
@@ -1230,6 +1233,14 @@
        }
 
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+       if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+           (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+         error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
+       }
+      }
+#endif
       parse_entry = find_parser (predicate_name);
       if (parse_entry == NULL)
        {
--- findutils-4.4.0/find/util.c.orig    2008-03-10 10:37:22.000000000 +0100
+++ findutils-4.4.0/find/util.c 2008-03-16 01:28:33.177920622 +0100
@@ -97,6 +97,9 @@
   new_pred->pred_func = pred_func;
   new_pred->p_name = entry->parser_name;
   new_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  new_pred->args.scontext = NULL;
+#endif
   new_pred->p_type = PRIMARY_TYPE;
   new_pred->p_prec = NO_PREC;
   return new_pred;
--- findutils-4.4.0/po/pl.po.orig       2008-03-15 12:43:32.000000000 +0100
+++ findutils-4.4.0/po/pl.po    2008-03-17 20:28:05.717905863 +0100
@@ -453,6 +453,10 @@
 "      -wholename WZORZEC -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n"
 "      -used N -user NAZWA -xtype [bcdpfls]\n"
 
+#: find/parser.c:1154
+msgid "      -context CONTEXT\n"
+msgstr "      -context KONTEKST\n"
+
 #: find/parser.c:1132
 msgid ""
 "actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n"
@@ -755,6 +759,11 @@
 msgid "unknown predicate `%s'"
 msgstr "nieznane wyra¿enie `%s'"
 
+#: find/tree.c:1241
+#, c-format
+msgid "Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"
+msgstr "B³±d: b³êdne wyra¿enie %s: j±dro nie ma w³±czonej obs³ugi SELinuksa.\n"
+
 #: find/tree.c:1257
 #, c-format
 msgid "invalid predicate `%s'"