summaryrefslogtreecommitdiff
path: root/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'selinux')
-rw-r--r--selinux/Config.in26
-rw-r--r--selinux/Kbuild2
-rw-r--r--selinux/setfiles.c702
3 files changed, 730 insertions, 0 deletions
diff --git a/selinux/Config.in b/selinux/Config.in
index 42bca66d6..77f89c798 100644
--- a/selinux/Config.in
+++ b/selinux/Config.in
@@ -49,6 +49,14 @@ config MATCHPATHCON
Enable support to get default security context of the
specified path from the file contexts configuration.
+config RESTORECON
+ bool "restorecon"
+ default n
+ depends on SELINUX
+ help
+ Enable support to relabel files. The feature is almost
+ the same as setfiles, but usage is a little different.
+
config RUNCON
bool "runcon"
default n
@@ -78,5 +86,23 @@ config SETENFORCE
help
Enable support to modify the mode SELinux is running in.
+config SETFILES
+ bool "setfiles"
+ default n
+ depends on SELINUX
+ help
+ Enable support to modify to relabel files.
+ Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
+ (It is default in libselinux's Makefile), you _must_ enable
+ CONFIG_LFS.
+
+config FEATURE_SETFILES_CHECK_OPTION
+ bool "Enable check option"
+ default n
+ depends on SETFILES
+ help
+ Support "-c" option (check the validity of the contexts against
+ the specified binary policy) for setfiles. Requires libsepol.
+
endmenu
diff --git a/selinux/Kbuild b/selinux/Kbuild
index 09cae4d2d..08f49c867 100644
--- a/selinux/Kbuild
+++ b/selinux/Kbuild
@@ -14,3 +14,5 @@ lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
lib-$(CONFIG_RUNCON) += runcon.o
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
lib-$(CONFIG_SETENFORCE) += setenforce.o
+lib-$(CONFIG_SETFILES) += setfiles.o
+lib-$(CONFIG_RESTORECON) += setfiles.o
diff --git a/selinux/setfiles.c b/selinux/setfiles.c
new file mode 100644
index 000000000..42207fcfb
--- /dev/null
+++ b/selinux/setfiles.c
@@ -0,0 +1,702 @@
+/*
+ setfiles: based on policycoreutils 2.0.19
+ policycoreutils was released under GPL 2.
+ Port to BusyBox by 2007 Yuichi Nakamura <ynakam@hitachisoft.jp>
+*/
+
+#include "libbb.h"
+#if ENABLE_FEATURE_SETFILES_CHECK_OPTION
+#include <sepol/sepol.h>
+#endif
+
+#define MAX_EXCLUDES 50
+
+struct edir {
+ char *directory;
+ size_t size;
+};
+
+struct globals {
+ FILE *outfile;
+ char *policyfile;
+ char *rootpath;
+ int rootpathlen;
+ unsigned count;
+ int excludeCtr;
+ int errors;
+ int verbose; /* getopt32 uses it, has to be int */
+ //smallint force;
+ //smallint progress;
+ //smallint debug;
+ //smallint dry_run;
+ //smallint quiet;
+ //smallint ignore_enoent;
+ //smallint take_log;
+ //smallint warn_no_match;
+ smallint recurse; /* Recursive descent */
+ smallint follow_mounts;
+ /* Behavior flags determined based on setfiles vs. restorecon */
+ smallint expand_realpath; /* Expand paths via realpath */
+ smallint abort_on_error; /* Abort the file tree walk upon an error */
+ int add_assoc; /* Track inode associations for conflict detection */
+ int matchpathcon_flags; /* Flags to matchpathcon */
+ dev_t dev_id; /* Device id where target file exists */
+ int nerr;
+ struct edir excludeArray[MAX_EXCLUDES];
+};
+
+#define G (*(struct globals*)&bb_common_bufsiz1)
+void BUG_setfiles_globals_too_big(void);
+#define INIT_G() do { \
+ if (sizeof(G) > COMMON_BUFSIZE) \
+ BUG_setfiles_globals_too_big(); \
+ /* memset(&G, 0, sizeof(G)); - already is */ \
+} while (0)
+#define outfile (G.outfile )
+#define policyfile (G.policyfile )
+#define rootpath (G.rootpath )
+#define rootpathlen (G.rootpathlen )
+#define count (G.count )
+#define excludeCtr (G.excludeCtr )
+#define errors (G.errors )
+#define verbose (G.verbose )
+//#define force (G.force )
+//#define progress (G.progress )
+//#define debug (G.debug )
+//#define dry_run (G.dry_run )
+//#define quiet (G.quiet )
+//#define ignore_enoent (G.ignore_enoent )
+//#define take_log (G.take_log )
+//#define warn_no_match (G.warn_no_match )
+#define recurse (G.recurse )
+#define follow_mounts (G.follow_mounts )
+#define expand_realpath (G.expand_realpath )
+#define abort_on_error (G.abort_on_error )
+#define add_assoc (G.add_assoc )
+#define matchpathcon_flags (G.matchpathcon_flags)
+#define dev_id (G.dev_id )
+#define nerr (G.nerr )
+#define excludeArray (G.excludeArray )
+
+/* Must match getopt32 string! */
+enum {
+ OPT_d = (1 << 0),
+ OPT_e = (1 << 1),
+ OPT_f = (1 << 2),
+ OPT_i = (1 << 3),
+ OPT_l = (1 << 4),
+ OPT_n = (1 << 5),
+ OPT_p = (1 << 6),
+ OPT_q = (1 << 7),
+ OPT_r = (1 << 8),
+ OPT_s = (1 << 9),
+ OPT_v = (1 << 10),
+ OPT_o = (1 << 11),
+ OPT_F = (1 << 12),
+ OPT_W = (1 << 13),
+ OPT_c = (1 << 14), /* c only for setfiles */
+ OPT_R = (1 << 14), /* R only for restorecon */
+};
+#define FLAG_d_debug (option_mask32 & OPT_d)
+#define FLAG_e (option_mask32 & OPT_e)
+#define FLAG_f (option_mask32 & OPT_f)
+#define FLAG_i_ignore_enoent (option_mask32 & OPT_i)
+#define FLAG_l_take_log (option_mask32 & OPT_l)
+#define FLAG_n_dry_run (option_mask32 & OPT_n)
+#define FLAG_p_progress (option_mask32 & OPT_p)
+#define FLAG_q_quiet (option_mask32 & OPT_q)
+#define FLAG_r (option_mask32 & OPT_r)
+#define FLAG_s (option_mask32 & OPT_s)
+#define FLAG_v (option_mask32 & OPT_v)
+#define FLAG_o (option_mask32 & OPT_o)
+#define FLAG_F_force (option_mask32 & OPT_F)
+#define FLAG_W_warn_no_match (option_mask32 & OPT_W)
+#define FLAG_c (option_mask32 & OPT_c)
+#define FLAG_R (option_mask32 & OPT_R)
+
+
+static void qprintf(const char *fmt, ...)
+{
+ /* quiet, do nothing */
+}
+
+static void inc_err(void)
+{
+ nerr++;
+ if (nerr > 9 && !FLAG_d_debug) {
+ bb_error_msg_and_die("exiting after 10 errors");
+ }
+}
+
+static int add_exclude(const char *directory)
+{
+ struct stat sb;
+ size_t len = 0;
+
+ if (directory == NULL || directory[0] != '/') {
+ bb_error_msg("full path required for exclude: %s", directory);
+ return 1;
+ }
+ if (lstat(directory, &sb)) {
+ bb_error_msg("directory \"%s\" not found, ignoring", directory);
+ return 0;
+ }
+ if ((sb.st_mode & S_IFDIR) == 0) {
+ bb_error_msg("\"%s\" is not a directory: mode %o, ignoring",
+ directory, sb.st_mode);
+ return 0;
+ }
+ if (excludeCtr == MAX_EXCLUDES) {
+ bb_error_msg("maximum excludes %d exceeded", MAX_EXCLUDES);
+ return 1;
+ }
+
+ len = strlen(directory);
+ while (len > 1 && directory[len - 1] == '/') {
+ len--;
+ }
+ excludeArray[excludeCtr].directory = xstrndup(directory, len);
+ excludeArray[excludeCtr++].size = len;
+
+ return 0;
+}
+
+static int exclude(const char *file)
+{
+ int i = 0;
+ for (i = 0; i < excludeCtr; i++) {
+ if (strncmp(file, excludeArray[i].directory,
+ excludeArray[i].size) == 0) {
+ if (file[excludeArray[i].size] == '\0'
+ || file[excludeArray[i].size] == '/') {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+static int match(const char *name, struct stat *sb, char **con)
+{
+ int ret;
+ char path[PATH_MAX + 1];
+ char *tmp_path = xstrdup(name);
+
+ if (excludeCtr > 0) {
+ if (exclude(name)) {
+ goto err;
+ }
+ }
+ ret = lstat(name, sb);
+ if (ret) {
+ if (FLAG_i_ignore_enoent && errno == ENOENT) {
+ free(tmp_path);
+ return 0;
+ }
+ bb_error_msg("stat(%s)", name);
+ goto err;
+ }
+
+ if (expand_realpath) {
+ if (S_ISLNK(sb->st_mode)) {
+ char *p = NULL;
+ char *file_sep;
+
+ size_t len = 0;
+
+ if (verbose > 1)
+ bb_error_msg("warning! %s refers to a symbolic link, not following last component", name);
+
+ file_sep = strrchr(tmp_path, '/');
+ if (file_sep == tmp_path) {
+ file_sep++;
+ p[0] = '\0';
+ p = path;
+ } else if (file_sep) {
+ *file_sep++ = '\0';
+ p = realpath(tmp_path, path);
+ } else {
+ file_sep = tmp_path;
+ p = realpath("./", path);
+ }
+ if (p)
+ len = strlen(p);
+ if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
+ bb_perror_msg("realpath(%s) failed", name);
+ goto err;
+ }
+ p += len;
+ /* ensure trailing slash of directory name */
+ if (len == 0 || p[-1] != '/') {
+ *p++ = '/';
+ }
+ strcpy(p, file_sep);
+ name = path;
+ if (excludeCtr > 0 && exclude(name))
+ goto err;
+
+ } else {
+ char *p;
+ p = realpath(name, path);
+ if (!p) {
+ bb_perror_msg("realpath(%s)", name);
+ goto err;
+ }
+ name = p;
+ if (excludeCtr > 0 && exclude(name))
+ goto err;
+ }
+ }
+
+ /* name will be what is matched in the policy */
+ if (NULL != rootpath) {
+ if (0 != strncmp(rootpath, name, rootpathlen)) {
+ bb_error_msg("%s is not located in %s",
+ name, rootpath);
+ goto err;
+ }
+ name += rootpathlen;
+ }
+
+ free(tmp_path);
+ if (rootpath != NULL && name[0] == '\0')
+ /* this is actually the root dir of the alt root */
+ return matchpathcon_index("/", sb->st_mode, con);
+ return matchpathcon_index(name, sb->st_mode, con);
+ err:
+ free(tmp_path);
+ return -1;
+}
+
+/* Compare two contexts to see if their differences are "significant",
+ * or whether the only difference is in the user. */
+static int only_changed_user(const char *a, const char *b)
+{
+ if (FLAG_F_force)
+ return 0;
+ if (!a || !b)
+ return 0;
+ a = strchr(a, ':'); /* Rest of the context after the user */
+ b = strchr(b, ':');
+ if (!a || !b)
+ return 0;
+ return (strcmp(a, b) == 0);
+}
+
+static int restore(const char *file)
+{
+ char *my_file = xstrdup(file);
+ char *my_file_orig = my_file;
+ struct stat my_sb;
+ int i, j, ret;
+ char *context = NULL;
+ char *newcon = NULL;
+ int user_only_changed = 0;
+ size_t len = strlen(my_file);
+ int retval = 0;
+
+ /* Skip the extra slashes at the beginning and end, if present. */
+ if (file[0] == '/' && file[1] == '/')
+ my_file++;
+ if (len > 1 && my_file[len - 1] == '/')
+ my_file[len - 1] = '\0';
+
+ i = match(my_file, &my_sb, &newcon);
+
+ if (i < 0) /* No matching specification. */
+ goto out;
+
+
+ if (FLAG_p_progress) {
+ count++;
+ if (count % 0x400 == 0) { /* every 1024 times */
+ count = (count % (80*0x400));
+ if (count == 0)
+ fputc('\n', stdout);
+ fputc('*', stdout);
+ fflush(stdout);
+ }
+ }
+
+ /*
+ * Try to add an association between this inode and
+ * this specification. If there is already an association
+ * for this inode and it conflicts with this specification,
+ * then use the last matching specification.
+ */
+ if (add_assoc) {
+ j = matchpathcon_filespec_add(my_sb.st_ino, i, my_file);
+ if (j < 0)
+ goto err;
+
+ if (j != i) {
+ /* There was already an association and it took precedence. */
+ goto out;
+ }
+ }
+
+ if (FLAG_d_debug)
+ printf("%s: %s matched by %s\n", applet_name, my_file, newcon);
+
+ /* Get the current context of the file. */
+ ret = lgetfilecon_raw(my_file, &context);
+ if (ret < 0) {
+ if (errno == ENODATA) {
+ context = NULL; /* paranoia */
+ } else {
+ bb_perror_msg("lgetfilecon_raw on %s", my_file);
+ goto err;
+ }
+ user_only_changed = 0;
+ } else
+ user_only_changed = only_changed_user(context, newcon);
+
+ /*
+ * Do not relabel the file if the matching specification is
+ * <<none>> or the file is already labeled according to the
+ * specification.
+ */
+ if ((strcmp(newcon, "<<none>>") == 0)
+ || (context && (strcmp(context, newcon) == 0) && !FLAG_F_force)) {
+ goto out;
+ }
+
+ if (!FLAG_F_force && context && (is_context_customizable(context) > 0)) {
+ if (verbose > 1) {
+ bb_error_msg("skipping %s. %s is customizable_types",
+ my_file, context);
+ }
+ goto out;
+ }
+
+ if (verbose) {
+ /* If we're just doing "-v", trim out any relabels where
+ * the user has changed but the role and type are the
+ * same. For "-vv", emit everything. */
+ if (verbose > 1 || !user_only_changed) {
+ bb_info_msg("%s: reset %s context %s->%s",
+ applet_name, my_file, context ?: "", newcon);
+ }
+ }
+
+ if (FLAG_l_take_log && !user_only_changed) {
+ if (context)
+ bb_info_msg("relabeling %s from %s to %s", my_file, context, newcon);
+ else
+ bb_info_msg("labeling %s to %s", my_file, newcon);
+ }
+
+ if (outfile && !user_only_changed)
+ fprintf(outfile, "%s\n", my_file);
+
+ /*
+ * Do not relabel the file if -n was used.
+ */
+ if (FLAG_n_dry_run || user_only_changed)
+ goto out;
+
+ /*
+ * Relabel the file to the specified context.
+ */
+ ret = lsetfilecon(my_file, newcon);
+ if (ret) {
+ bb_perror_msg("lsetfileconon(%s,%s)", my_file, newcon);
+ goto err;
+ }
+
+ out:
+ freecon(context);
+ freecon(newcon);
+ free(my_file_orig);
+ return retval;
+ err:
+ retval--; /* -1 */
+ goto out;
+}
+
+/*
+ * Apply the last matching specification to a file.
+ * This function is called by recursive_action on each file during
+ * the directory traversal.
+ */
+static int apply_spec(const char *file,
+ struct stat *sb, void *userData, int depth)
+{
+ if (!follow_mounts) {
+ /* setfiles does not process across different mount points */
+ if (sb->st_dev != dev_id) {
+ return SKIP;
+ }
+ }
+ errors |= restore(file);
+ if (abort_on_error && errors)
+ return FALSE;
+ return TRUE;
+}
+
+
+static int canoncon(const char *path, unsigned lineno, char **contextp)
+{
+ static const char err_msg[] = "%s: line %u has invalid context %s";
+
+ char *tmpcon;
+ char *context = *contextp;
+ int invalid = 0;
+
+#if ENABLE_FEATURE_SETFILES_CHECK_OPTION
+ if (policyfile) {
+ if (sepol_check_context(context) >= 0)
+ return 0;
+ /* Exit immediately if we're in checking mode. */
+ bb_error_msg_and_die(err_msg, path, lineno, context);
+ }
+#endif
+
+ if (security_canonicalize_context_raw(context, &tmpcon) < 0) {
+ if (errno != ENOENT) {
+ invalid = 1;
+ inc_err();
+ }
+ } else {
+ free(context);
+ *contextp = tmpcon;
+ }
+
+ if (invalid) {
+ bb_error_msg(err_msg, path, lineno, context);
+ }
+
+ return invalid;
+}
+
+static int process_one(char *name)
+{
+ struct stat sb;
+ int rc;
+
+ rc = lstat(name, &sb);
+ if (rc < 0) {
+ if (FLAG_i_ignore_enoent && errno == ENOENT)
+ return 0;
+ bb_perror_msg("stat(%s)", name);
+ goto err;
+ }
+ dev_id = sb.st_dev;
+
+ if (S_ISDIR(sb.st_mode) && recurse) {
+ if (recursive_action(name,
+ ACTION_RECURSE,
+ apply_spec,
+ apply_spec,
+ NULL, 0) != TRUE) {
+ bb_error_msg("error while labeling %s", name);
+ goto err;
+ }
+ } else {
+ rc = restore(name);
+ if (rc)
+ goto err;
+ }
+
+ out:
+ if (add_assoc) {
+ if (FLAG_q_quiet)
+ set_matchpathcon_printf(&qprintf);
+ matchpathcon_filespec_eval();
+ set_matchpathcon_printf(NULL);
+ matchpathcon_filespec_destroy();
+ }
+
+ return rc;
+
+ err:
+ rc = -1;
+ goto out;
+}
+
+int setfiles_main(int argc, char **argv);
+int setfiles_main(int argc, char **argv)
+{
+ struct stat sb;
+ int rc, i = 0;
+ const char *input_filename = NULL;
+ int use_input_file = 0;
+ char *buf = NULL;
+ size_t buf_len;
+ int flags;
+ llist_t *exclude_dir = NULL;
+ char *out_filename = NULL;
+
+ INIT_G();
+
+ if (applet_name[0] == 's') { /* "setfiles" */
+ /*
+ * setfiles:
+ * Recursive descent,
+ * Does not expand paths via realpath,
+ * Aborts on errors during the file tree walk,
+ * Try to track inode associations for conflict detection,
+ * Does not follow mounts,
+ * Validates all file contexts at init time.
+ */
+ recurse = 1;
+ abort_on_error = 1;
+ add_assoc = 1;
+ /* follow_mounts = 0; - already is */
+ matchpathcon_flags = MATCHPATHCON_VALIDATE | MATCHPATHCON_NOTRANS;
+ } else {
+ /*
+ * restorecon:
+ * No recursive descent unless -r/-R,
+ * Expands paths via realpath,
+ * Do not abort on errors during the file tree walk,
+ * Do not try to track inode associations for conflict detection,
+ * Follows mounts,
+ * Does lazy validation of contexts upon use.
+ */
+ expand_realpath = 1;
+ follow_mounts = 1;
+ matchpathcon_flags = MATCHPATHCON_NOTRANS;
+ /* restorecon only */
+ selinux_or_die();
+ }
+
+ set_matchpathcon_flags(matchpathcon_flags);
+
+ opt_complementary = "e::vv:v--p:p--v";
+ /* Option order must match OPT_x definitions! */
+ if (applet_name[0] == 'r') { /* restorecon */
+ flags = getopt32(argc, argv, "de:f:ilnpqrsvo:FWR",
+ &exclude_dir, &input_filename, &out_filename, &verbose);
+ } else { /* setfiles */
+ flags = getopt32(argc, argv, "de:f:ilnpqr:svo:FW"
+ USE_FEATURE_SETFILES_CHECK_OPTION("c:"),
+ &exclude_dir, &input_filename, &rootpath, &out_filename,
+ USE_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
+ &verbose);
+ }
+
+#if ENABLE_FEATURE_SETFILES_CHECK_OPTION
+ if ((applet_name[0] == 's') && (flags & OPT_c)) {
+ FILE *policystream;
+
+ policystream = xfopen(policyfile, "r");
+ if (sepol_set_policydb_from_file(policystream) < 0) {
+ bb_error_msg_and_die("sepol_set_policydb_from_file on %s", policyfile);
+ }
+ fclose(policystream);
+
+ /* Only process the specified file_contexts file, not
+ any .homedirs or .local files, and do not perform
+ context translations. */
+ set_matchpathcon_flags(MATCHPATHCON_BASEONLY |
+ MATCHPATHCON_NOTRANS |
+ MATCHPATHCON_VALIDATE);
+ }
+#endif
+
+ //if (flags & OPT_d) {
+ // debug = 1;
+ //}
+ if (flags & OPT_e) {
+ if (exclude_dir == NULL) {
+ bb_show_usage();
+ }
+ while (exclude_dir) {
+ if (add_exclude(llist_pop(&exclude_dir)))
+ exit(1);
+ }
+ }
+ //if (flags & OPT_i) {
+ // ignore_enoent = 1;
+ //}
+ //if (flags & OPT_l) {
+ // take_log = 1;
+ //}
+ //if (flags & OPT_F) {
+ // force = 1;
+ //}
+ //if (flags & OPT_n) {
+ // dry_run = 1;
+ //}
+ if (flags & OPT_o) {
+ outfile = stdout;
+ if (NOT_LONE_CHAR(out_filename, '-')) {
+ outfile = xfopen(out_filename, "w");
+ }
+ }
+ //if (flags & OPT_q) {
+ // quiet = 1;
+ //}
+ if (applet_name[0] == 'r') { /* restorecon */
+ if (flags & (OPT_r | OPT_R))
+ recurse = 1;
+ } else { /* setfiles */
+ if (flags & OPT_r)
+ rootpathlen = strlen(rootpath);
+ }
+ if (flags & OPT_s) {
+ use_input_file = 1;
+ input_filename = "-";
+ add_assoc = 0;
+ }
+ //if (flags & OPT_p) {
+ // progress = 1;
+ //}
+ //if (flags & OPT_W) {
+ // warn_no_match = 1;
+ //}
+
+ if (applet_name[0] == 's') { /* setfiles */
+ /* Use our own invalid context checking function so that
+ we can support either checking against the active policy or
+ checking against a binary policy file. */
+ set_matchpathcon_canoncon(&canoncon);
+ if (argc == 1)
+ bb_show_usage();
+ if (stat(argv[optind], &sb) < 0) {
+ bb_perror_msg_and_die("%s", argv[optind]);
+ }
+ if (!S_ISREG(sb.st_mode)) {
+ bb_error_msg_and_die("spec file %s is not a regular file", argv[optind]);
+ }
+ /* Load the file contexts configuration and check it. */
+ rc = matchpathcon_init(argv[optind]);
+ if (rc < 0) {
+ bb_perror_msg_and_die("%s", argv[optind]);
+ }
+
+ optind++;
+
+ if (nerr)
+ exit(1);
+ }
+
+ if (use_input_file) {
+ ssize_t len;
+ FILE *f = stdin;
+
+ if (NOT_LONE_CHAR(input_filename, '-'))
+ f = xfopen(input_filename, "r");
+ while ((len = getline(&buf, &buf_len, f)) > 0) {
+ buf[len - 1] = '\0';
+ errors |= process_one(buf);
+ }
+ if (ENABLE_FEATURE_CLEAN_UP)
+ fclose_if_not_stdin(f);
+ } else {
+ if (optind >= argc)
+ bb_show_usage();
+ for (i = optind; i < argc; i++) {
+ errors |= process_one(argv[i]);
+ }
+ }
+
+ if (FLAG_W_warn_no_match)
+ matchpathcon_checkmatches(argv[0]);
+
+ if (ENABLE_FEATURE_CLEAN_UP && outfile)
+ fclose(outfile);
+
+ return errors;
+}