Lines 53-58
Link Here
|
53 |
#include <unistd.h> |
53 |
#include <unistd.h> |
54 |
#include <sys/stat.h> |
54 |
#include <sys/stat.h> |
55 |
|
55 |
|
|
|
56 |
#ifdef WITH_SELINUX |
57 |
#include <selinux/selinux.h> |
58 |
int optionh_getfilecon(const char *name, security_context_t *p); |
59 |
int optionl_getfilecon(const char *name, security_context_t *p); |
60 |
int optionp_getfilecon(const char *name, security_context_t *p); |
61 |
#endif /*WITH_SELINUX*/ |
62 |
|
56 |
#if ENABLE_NLS |
63 |
#if ENABLE_NLS |
57 |
# include <libintl.h> |
64 |
# include <libintl.h> |
58 |
# define _(Text) gettext (Text) |
65 |
# define _(Text) gettext (Text) |
Lines 155-160
Link Here
|
155 |
static boolean parse_warn PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
162 |
static boolean parse_warn PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
156 |
static boolean parse_xtype PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
163 |
static boolean parse_xtype PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
157 |
static boolean parse_quit PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
164 |
static boolean parse_quit PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
|
|
165 |
#ifdef WITH_SELINUX |
166 |
static boolean parse_scontext PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
167 |
#endif /*WITH_SELINUX*/ |
158 |
|
168 |
|
159 |
boolean parse_print PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
169 |
boolean parse_print PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
160 |
|
170 |
|
Lines 340-345
Link Here
|
340 |
{ARG_TEST, "-help", parse_help, NULL}, /* GNU */ |
350 |
{ARG_TEST, "-help", parse_help, NULL}, /* GNU */ |
341 |
{ARG_TEST, "version", parse_version, NULL}, /* GNU */ |
351 |
{ARG_TEST, "version", parse_version, NULL}, /* GNU */ |
342 |
{ARG_TEST, "-version", parse_version, NULL}, /* GNU */ |
352 |
{ARG_TEST, "-version", parse_version, NULL}, /* GNU */ |
|
|
353 |
{ARG_TEST, "context", parse_scontext, pred_scontext}, /* SELinux */ |
354 |
{ARG_TEST, "-context", parse_scontext, pred_scontext}, /* SELinux */ |
343 |
{0, 0, 0, 0} |
355 |
{0, 0, 0, 0} |
344 |
}; |
356 |
}; |
345 |
|
357 |
|
Lines 451-460
Link Here
|
451 |
case SYMLINK_ALWAYS_DEREF: /* -L */ |
463 |
case SYMLINK_ALWAYS_DEREF: /* -L */ |
452 |
options.xstat = optionl_stat; |
464 |
options.xstat = optionl_stat; |
453 |
options.no_leaf_check = true; |
465 |
options.no_leaf_check = true; |
|
|
466 |
#ifdef WITH_SELINUX |
467 |
options.x_getfilecon = optionl_getfilecon; |
468 |
#endif /* WITH_SELINUX */ |
454 |
break; |
469 |
break; |
455 |
|
470 |
|
456 |
case SYMLINK_NEVER_DEREF: /* -P (default) */ |
471 |
case SYMLINK_NEVER_DEREF: /* -P (default) */ |
457 |
options.xstat = optionp_stat; |
472 |
options.xstat = optionp_stat; |
|
|
473 |
#ifdef WITH_SELINUX |
474 |
options.x_getfilecon = optionp_getfilecon; |
475 |
#endif /* WITH_SELINUX */ |
458 |
/* Can't turn no_leaf_check off because the user might have specified |
476 |
/* Can't turn no_leaf_check off because the user might have specified |
459 |
* -noleaf anyway |
477 |
* -noleaf anyway |
460 |
*/ |
478 |
*/ |
Lines 463-468
Link Here
|
463 |
case SYMLINK_DEREF_ARGSONLY: /* -H */ |
481 |
case SYMLINK_DEREF_ARGSONLY: /* -H */ |
464 |
options.xstat = optionh_stat; |
482 |
options.xstat = optionh_stat; |
465 |
options.no_leaf_check = true; |
483 |
options.no_leaf_check = true; |
|
|
484 |
#ifdef WITH_SELINUX |
485 |
options.x_getfilecon = optionh_getfilecon; |
486 |
#endif /* WITH_SELINUX */ |
466 |
} |
487 |
} |
467 |
} |
488 |
} |
468 |
options.symlink_handling = opt; |
489 |
options.symlink_handling = opt; |
Lines 670-675
Link Here
|
670 |
|
691 |
|
671 |
The predicate structure is updated with the new information. */ |
692 |
The predicate structure is updated with the new information. */ |
672 |
|
693 |
|
|
|
694 |
#ifdef WITH_SELINUX |
695 |
|
696 |
static int |
697 |
fallback_getfilecon(const char *name, security_context_t *p, int prev_rv) |
698 |
{ |
699 |
/* Our original getfilecon() call failed. Perhaps we can't follow a |
700 |
* symbolic link. If that might be the problem, lgetfilecon() the link. |
701 |
* Otherwise, admit defeat. |
702 |
*/ |
703 |
switch (errno) |
704 |
{ |
705 |
case ENOENT: |
706 |
case ENOTDIR: |
707 |
#ifdef DEBUG_STAT |
708 |
fprintf(stderr, "fallback_getfilecon(): getfilecon(%s) failed; falling back on lgetfilecon()\n", name); |
709 |
#endif |
710 |
return lgetfilecon(name, p); |
711 |
|
712 |
case EACCES: |
713 |
case EIO: |
714 |
case ELOOP: |
715 |
case ENAMETOOLONG: |
716 |
#ifdef EOVERFLOW |
717 |
case EOVERFLOW: /* EOVERFLOW is not #defined on UNICOS. */ |
718 |
#endif |
719 |
default: |
720 |
return prev_rv; |
721 |
} |
722 |
} |
723 |
|
724 |
|
725 |
/* optionh_getfilecon() implements the getfilecon operation when the |
726 |
* -H option is in effect. |
727 |
* |
728 |
* If the item to be examined is a command-line argument, we follow |
729 |
* symbolic links. If the getfilecon() call fails on the command-line |
730 |
* item, we fall back on the properties of the symbolic link. |
731 |
* |
732 |
* If the item to be examined is not a command-line argument, we |
733 |
* examine the link itself. |
734 |
*/ |
735 |
int |
736 |
optionh_getfilecon(const char *name, security_context_t *p) |
737 |
{ |
738 |
if (0 == state.curdepth) |
739 |
{ |
740 |
/* This file is from the command line; deference the link (if it |
741 |
* is a link). |
742 |
*/ |
743 |
int rv = getfilecon(name, p); |
744 |
if (0 == rv) |
745 |
return 0; /* success */ |
746 |
else |
747 |
return fallback_getfilecon(name, p, rv); |
748 |
} |
749 |
else |
750 |
{ |
751 |
/* Not a file on the command line; do not derefernce the link. |
752 |
*/ |
753 |
return lgetfilecon(name, p); |
754 |
} |
755 |
} |
756 |
|
757 |
/* optionl_getfilecon() implements the getfilecon operation when the |
758 |
* -L option is in effect. That option makes us examine the thing the |
759 |
* symbolic link points to, not the symbolic link itself. |
760 |
*/ |
761 |
int |
762 |
optionl_getfilecon(const char *name, security_context_t *p) |
763 |
{ |
764 |
int rv = getfilecon(name, p); |
765 |
if (0 == rv) |
766 |
return 0; /* normal case. */ |
767 |
else |
768 |
return fallback_getfilecon(name, p, rv); |
769 |
} |
770 |
|
771 |
/* optionp_getfilecon() implements the stat operation when the -P |
772 |
* option is in effect (this is also the default). That option makes |
773 |
* us examine the symbolic link itself, not the thing it points to. |
774 |
*/ |
775 |
int |
776 |
optionp_getfilecon(const char *name, security_context_t *p) |
777 |
{ |
778 |
return lgetfilecon(name, p); |
779 |
} |
780 |
#endif /* WITH_SELINUX */ |
781 |
|
673 |
|
782 |
|
674 |
static boolean |
783 |
static boolean |
675 |
parse_and (const struct parser_table* entry, char **argv, int *arg_ptr) |
784 |
parse_and (const struct parser_table* entry, char **argv, int *arg_ptr) |
Lines 1128-1133
Link Here
|
1128 |
-readable -writable -executable\n\ |
1237 |
-readable -writable -executable\n\ |
1129 |
-wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\ |
1238 |
-wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\ |
1130 |
-used N -user NAME -xtype [bcdpfls]\n")); |
1239 |
-used N -user NAME -xtype [bcdpfls]\n")); |
|
|
1240 |
#ifdef WITH_SELINUX |
1241 |
puts (_("\ |
1242 |
-context CONTEXT\n")); |
1243 |
#endif /*WITH_SELINUX*/ |
1131 |
puts (_("\ |
1244 |
puts (_("\ |
1132 |
actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\ |
1245 |
actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\ |
1133 |
-fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\ |
1246 |
-fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\ |
Lines 2552-2557
Link Here
|
2552 |
exit (0); |
2665 |
exit (0); |
2553 |
} |
2666 |
} |
2554 |
|
2667 |
|
|
|
2668 |
#ifdef WITH_SELINUX |
2669 |
|
2670 |
static boolean |
2671 |
parse_scontext ( const struct parser_table* entry, char **argv, int *arg_ptr) |
2672 |
{ |
2673 |
struct predicate *our_pred; |
2674 |
|
2675 |
if ( (argv == NULL) || (argv[*arg_ptr] == NULL) ) |
2676 |
return( false ); |
2677 |
|
2678 |
our_pred = insert_primary(entry); |
2679 |
our_pred->need_stat = false; |
2680 |
#ifdef DEBUG |
2681 |
our_pred->p_name = find_pred_name (pred_scontext); |
2682 |
#endif /*DEBUG*/ |
2683 |
our_pred->args.scontext = argv[*arg_ptr];; |
2684 |
|
2685 |
(*arg_ptr)++; |
2686 |
return( true ); |
2687 |
} |
2688 |
|
2689 |
#endif /*WITH_SELINUX*/ |
2690 |
|
2555 |
static boolean |
2691 |
static boolean |
2556 |
parse_xdev (const struct parser_table* entry, char **argv, int *arg_ptr) |
2692 |
parse_xdev (const struct parser_table* entry, char **argv, int *arg_ptr) |
2557 |
{ |
2693 |
{ |
Lines 2803-2809
Link Here
|
2803 |
if (*scan2 == '.') |
2939 |
if (*scan2 == '.') |
2804 |
for (scan2++; ISDIGIT (*scan2); scan2++) |
2940 |
for (scan2++; ISDIGIT (*scan2); scan2++) |
2805 |
/* Do nothing. */ ; |
2941 |
/* Do nothing. */ ; |
|
|
2942 |
#ifdef WITH_SELINUX |
2943 |
if (strchr ("abcdDfFgGhHiklmMnpPsStuUyYZ", *scan2)) |
2944 |
#else |
2806 |
if (strchr ("abcdDfFgGhHiklmMnpPsStuUyY", *scan2)) |
2945 |
if (strchr ("abcdDfFgGhHiklmMnpPsStuUyY", *scan2)) |
|
|
2946 |
#endif |
2807 |
{ |
2947 |
{ |
2808 |
segmentp = make_segment (segmentp, format, scan2 - format, |
2948 |
segmentp = make_segment (segmentp, format, scan2 - format, |
2809 |
KIND_FORMAT, *scan2, 0, |
2949 |
KIND_FORMAT, *scan2, 0, |