[packages/findutils.git] / findutils-selinux.patch

--- findutils-4.1.20/find/Makefile.am.orig	Mon May 26 20:02:34 2003
+++ findutils-4.1.20/find/Makefile.am	Wed Jan 28 15:15:13 2004
@@ -3,8 +3,9 @@
 bin_PROGRAMS = find
 find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = testsuite
 
--- findutils-4.2.4/find/defs.h.orig	2004-11-08 20:34:16.000000000 +0100
+++ findutils-4.2.4/find/defs.h	2004-11-09 00:40:03.771236728 +0100
@@ -120,6 +120,10 @@
 #define MODE_RWX	(S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
 #define MODE_ALL	(S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if 1
 #include <stdbool.h>
 typedef bool boolean;
@@ -272,6 +276,9 @@
     struct perm_val perm;	/* perm */
     mode_t type;		/* type */
     FILE *stream;		/* fprint fprint0 */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf */
   } args;
 
@@ -317,6 +324,11 @@
 VOID *xmalloc PARAMS((size_t n));
 VOID *xrealloc PARAMS((VOID *p, size_t n));
 
+#ifdef WITH_SELINUX
+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 /* xstrdup.c */
 char *xstrdup PARAMS((char *string));
 
--- findutils-4.2.6/find/find.1.orig	2004-11-21 10:52:17.000000000 +0100
+++ findutils-4.2.6/find/find.1	2004-11-21 22:52:25.469719184 +0100
@@ -396,6 +396,9 @@
 link to a file of type \fIc\fR; if the \-L option has been given, true
 if \fIc\fR is `l'.  In other words, for symbolic links, \-xtype checks
 the type of the file that \-type does not check.
+.IP "\-context \fIscontext\fR"
+.IP "\--context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
 
 .SS ACTIONS
 .IP "\-delete\fR"
@@ -633,6 +636,8 @@
 File's type (like in ls -l), U=unknown type (shouldn't happen)
 .IP %Y
 File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded (but the
 other character is printed).
--- findutils-4.2.6/find/find.c.orig	2004-11-21 13:18:59.000000000 +0100
+++ findutils-4.2.6/find/find.c	2004-11-21 23:04:25.185305784 +0100
@@ -147,6 +147,9 @@
 
 /* Pointer to the function used to stat files. */
 int (*xstat) ();
+#ifdef WITH_SELINUX
+int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
 
 /* Status value to return to system. */
 int exit_status;
@@ -257,11 +260,17 @@
     {
     case SYMLINK_ALWAYS_DEREF:  /* -L */
       xstat = optionl_stat;
+#ifdef WITH_SELINUX
+      x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
       no_leaf_check = false;
       break;
       
     case SYMLINK_NEVER_DEREF:	/* -P (default) */
       xstat = optionp_stat;
+#ifdef WITH_SELINUX
+      x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
       /* Can't turn on no_leaf_check because the user might have specified 
        * -noleaf anyway
        */
@@ -269,6 +278,9 @@
       
     case SYMLINK_DEREF_ARGSONLY: /* -H */
       xstat = optionh_stat;
+#ifdef WITH_SELINUX
+      x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
       no_leaf_check = true;
     }
   
@@ -289,6 +301,9 @@
   struct predicate *cur_pred;
   char *predicate_name;		/* Name of predicate being parsed. */
   int end_of_leading_options = 0; /* First arg after any -H/-L etc. */
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag;
+#endif /* WITH_SELINUX */
   program_name = argv[0];
 
 #ifdef HAVE_SETLOCALE
@@ -318,6 +333,9 @@
   stay_on_filesystem = false;
   ignore_readdir_race = false;
   exit_status = 0;
+#ifdef WITH_SELINUX
+  is_selinux_enabled_flag = (is_selinux_enabled() > 0);
+#endif /* WITH_SELINUX */
 
 #if defined(DEBUG_STAT)
   xstat = debug_stat;
@@ -403,6 +421,14 @@
       if (strchr ("-!(),", argv[i][0]) == NULL)
 	usage (_("paths must precede expression"));
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+	if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+	    (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+	  error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
+	}
+      }
+#endif
       parse_function = find_parser (predicate_name);
       if (parse_function == NULL)
 	/* Command line option not recognized */
--- findutils-4.2.6/find/parser.c.orig	2004-11-15 01:22:30.000000000 +0100
+++ findutils-4.2.6/find/parser.c	2004-11-21 23:00:45.121760528 +0100
@@ -27,6 +27,10 @@
 #include "../gnulib/lib/xstrtol.h"
 
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -127,6 +131,9 @@
 static boolean parse_warn PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_quit PARAMS((char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case));
 static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )()));
@@ -251,6 +258,10 @@
   {ARG_TEST,               "wholename",             parse_wholename},   /* GNU, replaces -path */
   {ARG_TEST,               "xdev",                  parse_xdev},
   {ARG_TEST,               "xtype",                 parse_xtype},	/* GNU */
+#ifdef WITH_SELINUX
+  {ARG_TEST,               "context",               parse_scontext},    /* SELINUX */
+  {ARG_TEST,               "-context",              parse_scontext},    /* SELINUX */
+#endif /*WITH_SELINUX*/
   {0, 0, 0}
 };
 \f
@@ -720,6 +731,10 @@
       -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
       -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
       -used N -user NAME -xtype [bcdpfls]"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\
       -fls FILE -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls -delete\n\
@@ -1515,6 +1530,32 @@
   return true;
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext ( argv, arg_ptr )
+     char *argv[];
+     int *arg_ptr;
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary(pred_scontext);
+  our_pred->need_stat = false;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_xtype (char **argv, int *arg_ptr)
 {
@@ -1675,7 +1716,11 @@
 	  if (*scan2 == '.')
 	    for (scan2++; ISDIGIT (*scan2); scan2++)
 	      /* Do nothing. */ ;
+#ifdef WITH_SELINUX
+	  if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
+#else  /* WITH_SELINUX */
 	  if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
+#endif /* WITH_SELINUX */
 	    {
 	      segmentp = make_segment (segmentp, format, scan2 - format,
 				       (int) *scan2);
--- findutils-4.1.7/find/pred.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/pred.c	2003-10-10 13:15:13.752422594 -0400
@@ -27,6 +27,14 @@
 #include "modetype.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -69,7 +77,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -196,6 +203,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -719,6 +729,26 @@
 	  fprintf (fp, segment->text,
 		   human_readable ((uintmax_t) stat_buf->st_uid, hbuf, 1, 1));
 	  break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*x_getfilecon)(rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+	      segment->text[segment->text_len] = 's';
+	      (void) fprintf (fp, segment->text, scontext);
+	      freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
 	}
     }
   return (true);
@@ -1220,6 +1250,34 @@
     }
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext ( pathname, stat_buf, pred_ptr )
+     char *pathname;
+     struct stat *stat_buf;
+     struct predicate *pred_ptr;
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (* x_getfilecon)(rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 );
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 \f
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.1.7/find/util.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/util.c	2003-10-10 13:19:10.869534272 -0400
@@ -65,6 +65,9 @@
   last_pred->no_default_print = false;
   last_pred->need_stat = true;
   last_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  last_pred->args.scontext = NULL;
+#endif
   last_pred->pred_next = NULL;
   last_pred->pred_left = NULL;
   last_pred->pred_right = NULL;
--- findutils-4.2.7/po/pl.po.orig	2004-11-09 00:39:40.614757048 +0100
+++ findutils-4.2.7/po/pl.po	2004-11-09 00:44:33.436241416 +0100
@@ -216,6 +216,11 @@
 msgid "paths must precede expression"
Commit	Line	Data
32939b0c JB	1	--- findutils-4.1.20/find/Makefile.am.orig Mon May 26 20:02:34 2003
	2	+++ findutils-4.1.20/find/Makefile.am Wed Jan 28 15:15:13 2004
	3	@@ -3,8 +3,9 @@
	4	bin_PROGRAMS = find
	5	find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
	6	EXTRA_DIST = defs.h $(man_MANS)
	7	+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
	8	INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
	9	-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
	10	+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
	11	man_MANS = find.1
	12	SUBDIRS = testsuite
	13
095a6182 JB	14	--- findutils-4.2.4/find/defs.h.orig 2004-11-08 20:34:16.000000000 +0100
	15	+++ findutils-4.2.4/find/defs.h 2004-11-09 00:40:03.771236728 +0100
	16	@@ -120,6 +120,10 @@
32939b0c JB	17	#define MODE_RWX (S_IXUSR \| S_IXGRP \| S_IXOTH \| MODE_RW)
	18	#define MODE_ALL (S_ISUID \| S_ISGID \| S_ISVTX \| MODE_RWX)
	19
	20	+#ifdef WITH_SELINUX
	21	+#include <selinux/selinux.h>
	22	+#endif /WITH_SELINUX/
	23	+
095a6182 JB	24	#if 1
	25	#include <stdbool.h>
	26	typedef bool boolean;
	27	@@ -272,6 +276,9 @@
32939b0c JB	28	struct perm_val perm; /* perm */
	29	mode_t type; /* type */
	30	FILE stream; / fprint fprint0 */
	31	+#ifdef WITH_SELINUX
	32	+ security_context_t scontext; /* scontext */
	33	+#endif /WITH_SELINUX/
	34	struct format_val printf_vec; /* printf fprintf */
	35	} args;
	36
095a6182	37	@@ -317,6 +324,11 @@
32939b0c JB	38	VOID *xmalloc PARAMS((size_t n));
	39	VOID xrealloc PARAMS((VOID p, size_t n));
	40
	41	+#ifdef WITH_SELINUX
	42	+boolean pred_scontext PARAMS((char pathname, struct stat stat_buf, struct predicate *pred_ptr));
	43	+extern int (*x_getfilecon) ();
	44	+#endif /WITH_SELINUX/
	45	+
	46	/* xstrdup.c */
	47	char xstrdup PARAMS((char string));
	48
dace4399 JB	49	--- findutils-4.2.6/find/find.1.orig 2004-11-21 10:52:17.000000000 +0100
	50	+++ findutils-4.2.6/find/find.1 2004-11-21 22:52:25.469719184 +0100
	51	@@ -396,6 +396,9 @@
	52	link to a file of type \fIc\fR; if the \-L option has been given, true
	53	if \fIc\fR is `l'. In other words, for symbolic links, \-xtype checks
	54	the type of the file that \-type does not check.
32939b0c JB	55	+.IP "\-context \fIscontext\fR"
	56	+.IP "\--context \fIscontext\fR"
	57	+(SELinux only) File has the security context \fIscontext\fR.
095a6182	58
dace4399	59	.SS ACTIONS
095a6182	60	.IP "\-delete\fR"
dace4399	61	@@ -633,6 +636,8 @@
095a6182 JB	62	File's type (like in ls -l), U=unknown type (shouldn't happen)
	63	.IP %Y
	64	File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
32939b0c JB	65	+.IP %Z
	66	+(SELinux only) file's security context.
	67	.PP
	68	A `%' character followed by any other character is discarded (but the
	69	other character is printed).
dace4399 JB	70	--- findutils-4.2.6/find/find.c.orig 2004-11-21 13:18:59.000000000 +0100
	71	+++ findutils-4.2.6/find/find.c 2004-11-21 23:04:25.185305784 +0100
	72	@@ -147,6 +147,9 @@
32939b0c JB	73
	74	/* Pointer to the function used to stat files. */
	75	int (*xstat) ();
	76	+#ifdef WITH_SELINUX
	77	+int (*x_getfilecon) ();
	78	+#endif /* WITH_SELINUX */
	79
	80	/* Status value to return to system. */
	81	int exit_status;
dace4399 JB	82	@@ -257,11 +260,17 @@
	83	{
	84	case SYMLINK_ALWAYS_DEREF: /* -L */
	85	xstat = optionl_stat;
	86	+#ifdef WITH_SELINUX
	87	+ x_getfilecon = getfilecon;
	88	+#endif /* WITH_SELINUX */
	89	no_leaf_check = false;
	90	break;
	91
	92	case SYMLINK_NEVER_DEREF: /* -P (default) */
	93	xstat = optionp_stat;
	94	+#ifdef WITH_SELINUX
	95	+ x_getfilecon = lgetfilecon;
	96	+#endif /* WITH_SELINUX */
	97	/* Can't turn on no_leaf_check because the user might have specified
	98	* -noleaf anyway
	99	*/
	100	@@ -269,6 +278,9 @@
	101
	102	case SYMLINK_DEREF_ARGSONLY: /* -H */
	103	xstat = optionh_stat;
	104	+#ifdef WITH_SELINUX
	105	+ x_getfilecon = getfilecon;
	106	+#endif /* WITH_SELINUX */
	107	no_leaf_check = true;
	108	}
	109
	110	@@ -289,6 +301,9 @@
	111	struct predicate *cur_pred;
	112	char predicate_name; / Name of predicate being parsed. */
	113	int end_of_leading_options = 0; /* First arg after any -H/-L etc. */
32939b0c	114	+#ifdef WITH_SELINUX
dace4399	115	+ int is_selinux_enabled_flag;
32939b0c	116	+#endif /* WITH_SELINUX */
dace4399	117	program_name = argv[0];
32939b0c	118
dace4399 JB	119	#ifdef HAVE_SETLOCALE
	120	@@ -318,6 +333,9 @@
	121	stay_on_filesystem = false;
	122	ignore_readdir_race = false;
	123	exit_status = 0;
	124	+#ifdef WITH_SELINUX
	125	+ is_selinux_enabled_flag = (is_selinux_enabled() > 0);
	126	+#endif /* WITH_SELINUX */
	127
	128	#if defined(DEBUG_STAT)
	129	xstat = debug_stat;
	130	@@ -403,6 +421,14 @@
32939b0c JB	131	if (strchr ("-!(),", argv[i][0]) == NULL)
	132	usage (_("paths must precede expression"));
	133	predicate_name = argv[i];
	134	+#ifdef WITH_SELINUX
	135	+ if (! is_selinux_enabled_flag) {
	136	+ if ((strncmp(predicate_name,"-context",strlen("-context"))==0) \|\|
	137	+ (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
	138	+ error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
	139	+ }
	140	+ }
	141	+#endif
	142	parse_function = find_parser (predicate_name);
	143	if (parse_function == NULL)
	144	/* Command line option not recognized */
dace4399 JB	145	--- findutils-4.2.6/find/parser.c.orig 2004-11-15 01:22:30.000000000 +0100
dace4399 JB	146	+++ findutils-4.2.6/find/parser.c 2004-11-21 23:00:45.121760528 +0100
095a6182 JB	147	@@ -27,6 +27,10 @@
	148	#include "../gnulib/lib/xstrtol.h"
	149
32939b0c JB	150
	151	+#ifdef WITH_SELINUX
	152	+#include <selinux/selinux.h>
	153	+#endif /WITH_SELINUX/
	154	+
	155	#if ENABLE_NLS
	156	# include <libintl.h>
	157	# define _(Text) gettext (Text)
095a6182 JB	158	@@ -127,6 +131,9 @@
095a6182 JB	159	static boolean parse_warn PARAMS((char argv[], int arg_ptr));
32939b0c	160	static boolean parse_xtype PARAMS((char argv[], int arg_ptr));
095a6182	161	static boolean parse_quit PARAMS((char argv[], int arg_ptr));
32939b0c JB	162	+#ifdef WITH_SELINUX
	163	+static boolean parse_scontext PARAMS((char argv[], int arg_ptr));
	164	+#endif /WITH_SELINUX/
	165
	166	static boolean insert_regex PARAMS((char argv[], int arg_ptr, boolean ignore_case));
	167	static boolean insert_type PARAMS((char argv[], int arg_ptr, boolean (*which_pred )()));
095a6182 JB	168	@@ -251,6 +258,10 @@
	169	{ARG_TEST, "wholename", parse_wholename}, /* GNU, replaces -path */
	170	{ARG_TEST, "xdev", parse_xdev},
	171	{ARG_TEST, "xtype", parse_xtype}, /* GNU */
32939b0c	172	+#ifdef WITH_SELINUX
095a6182 JB	173	+ {ARG_TEST, "context", parse_scontext}, /* SELINUX */
095a6182 JB	174	+ {ARG_TEST, "-context", parse_scontext}, /* SELINUX */
32939b0c	175	+#endif /WITH_SELINUX/
dace4399	176	{0, 0, 0}
32939b0c JB	177	};
32939b0c JB	178	\f
dace4399	179	@@ -720,6 +731,10 @@
32939b0c	180	-nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
095a6182 JB	181	-wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
095a6182 JB	182	-used N -user NAME -xtype [bcdpfls]"));
32939b0c JB	183	+#ifdef WITH_SELINUX
	184	+ puts (_("\
	185	+ -context CONTEXT\n"));
	186	+#endif /WITH_SELINUX/
	187	puts (_("\
	188	actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\
095a6182	189	-fls FILE -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls -delete\n\
dace4399	190	@@ -1515,6 +1530,32 @@
32939b0c JB	191	return true;
	192	}
	193
	194	+#ifdef WITH_SELINUX
	195	+
	196	+static boolean
	197	+parse_scontext ( argv, arg_ptr )
	198	+ char *argv[];
	199	+ int *arg_ptr;
	200	+{
	201	+ struct predicate *our_pred;
	202	+
	203	+ if ( (argv == NULL) \|\| (argv[*arg_ptr] == NULL) )
	204	+ return( false );
	205	+
	206	+ our_pred = insert_primary(pred_scontext);
	207	+ our_pred->need_stat = false;
	208	+#ifdef DEBUG
	209	+ our_pred->p_name = find_pred_name (pred_scontext);
	210	+#endif /DEBUG/
	211	+
	212	+ our_pred->args.scontext = argv[*arg_ptr];;
	213	+
	214	+ (*arg_ptr)++;
	215	+ return( true );
	216	+}
	217	+
	218	+#endif /WITH_SELINUX/
	219	+
	220	static boolean
	221	parse_xtype (char *argv, int arg_ptr)
	222	{
dace4399	223	@@ -1675,7 +1716,11 @@
32939b0c JB	224	if (*scan2 == '.')
	225	for (scan2++; ISDIGIT (*scan2); scan2++)
	226	/* Do nothing. */ ;
32939b0c	227	+#ifdef WITH_SELINUX
dace4399	228	+ if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
32939b0c	229	+#else /* WITH_SELINUX */
dace4399	230	if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
32939b0c JB	231	+#endif /* WITH_SELINUX */
	232	{
	233	segmentp = make_segment (segmentp, format, scan2 - format,
	234	(int) *scan2);
	235	--- findutils-4.1.7/find/pred.c.selinux 2001-05-20 16:39:37.000000000 -0400
	236	+++ findutils-4.1.7/find/pred.c 2003-10-10 13:15:13.752422594 -0400
	237	@@ -27,6 +27,14 @@
	238	#include "modetype.h"
	239	#include "wait.h"
	240
	241	+#ifdef WITH_SELINUX
	242	+#include <selinux/selinux.h>
	243	+#endif /WITH_SELINUX/
	244	+
	245	+#ifndef FNM_CASEFOLD
	246	+#define FNM_CASEFOLD (1<<4)
	247	+#endif /FNM_CASEFOLD/
	248	+
	249	#if ENABLE_NLS
	250	# include <libintl.h>
	251	# define _(Text) gettext (Text)
	252	@@ -69,7 +77,6 @@
	253
	254	extern int yesno ();
	255
	256	-
	257	/* Get or fake the disk device blocksize.
	258	Usually defined by sys/param.h (if at all). */
	259	#ifndef DEV_BSIZE
	260	@@ -196,6 +203,9 @@
	261	{pred_used, "used "},
	262	{pred_user, "user "},
	263	{pred_xtype, "xtype "},
	264	+#ifdef WITH_SELINUX
	265	+ {pred_scontext, "context"},
	266	+#endif /WITH_SELINUX/
	267	{0, "none "}
	268	};
	269
	270	@@ -719,6 +729,26 @@
	271	fprintf (fp, segment->text,
	272	human_readable ((uintmax_t) stat_buf->st_uid, hbuf, 1, 1));
	273	break;
	274	+#ifdef WITH_SELINUX
	275	+ case 'Z': /* SELinux security context */
	276	+ {
	277	+ security_context_t scontext;
	278	+ int rv;
	279	+ rv = (*x_getfilecon)(rel_pathname, &scontext);
	280	+
	281	+ if ( rv < 0 ) {
	282	+ (void) fprintf(stderr, "getfileconf(%s): %s",
	283	+ pathname, strerror(errno));
	284	+ (void) fflush(stderr);
	285	+ }
	286	+ else {
	287	+ segment->text[segment->text_len] = 's';
	288	+ (void) fprintf (fp, segment->text, scontext);
	289	+ freecon(scontext);
	290	+ }
	291	+ }
	292	+ break ;
	293	+#endif /* WITH_SELINUX */
	294	}
295	}
296	return (true);
297	@@ -1220,6 +1250,34 @@
298	}
299	return (pred_type (pathname, &sbuf, pred_ptr));
300	}
301	+
302	+
303	+#ifdef WITH_SELINUX
304	+
305	+boolean
306	+pred_scontext ( pathname, stat_buf, pred_ptr )
307	+ char *pathname;
308	+ struct stat *stat_buf;
309	+ struct predicate *pred_ptr;
310	+{
311	+ int rv;
312	+ security_context_t scontext;
313	+
314	+ rv = (* x_getfilecon)(rel_pathname, &scontext);
315	+
316	+ if ( rv < 0 ) {
317	+ (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
318	+ (void) fflush(stderr);
319	+ return ( false );
320	+ }
321	+
322	+ rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 );
323	+ freecon(scontext);
324	+ return rv;
325	+}
326	+
327	+#endif /WITH_SELINUX/
328	+
329	\f
330	/* 1) fork to get a child; parent remembers the child pid
331	2) child execs the command requested
332	--- findutils-4.1.7/find/util.c.selinux 2001-05-20 16:39:37.000000000 -0400
333	+++ findutils-4.1.7/find/util.c 2003-10-10 13:19:10.869534272 -0400
334	@@ -65,6 +65,9 @@
335	last_pred->no_default_print = false;
336	last_pred->need_stat = true;
337	last_pred->args.str = NULL;
338	+#ifdef WITH_SELINUX
339	+ last_pred->args.scontext = NULL;
340	+#endif
341	last_pred->pred_next = NULL;
342	last_pred->pred_left = NULL;
343	last_pred->pred_right = NULL;
460d7c2f JB	344	--- findutils-4.2.7/po/pl.po.orig 2004-11-09 00:39:40.614757048 +0100
460d7c2f JB	345	+++ findutils-4.2.7/po/pl.po 2004-11-09 00:44:33.436241416 +0100
32939b0c JB	346	@@ -216,6 +216,11 @@
	347	msgid "paths must precede expression"
	348