Lines 27-35
Link Here
|
27 |
|
27 |
|
28 |
#include "comm.h" |
28 |
#include "comm.h" |
29 |
|
29 |
|
30 |
#ifdef FLASK_LINUX |
30 |
#ifdef WITH_SELINUX |
31 |
#include <fs_secure.h> |
31 |
#include <selinux/selinux.h> |
32 |
#endif /*FLASK_LINUX*/ |
32 |
#endif /*WITH_SELINUX*/ |
33 |
|
33 |
|
34 |
#ifndef MAX_DEPTH |
34 |
#ifndef MAX_DEPTH |
35 |
#define MAX_DEPTH 100 |
35 |
#define MAX_DEPTH 100 |
Lines 58-66
Link Here
|
58 |
int argc; /* with -a : number of arguments, -1 if swapped */ |
58 |
int argc; /* with -a : number of arguments, -1 if swapped */ |
59 |
pid_t pid; |
59 |
pid_t pid; |
60 |
uid_t uid; |
60 |
uid_t uid; |
61 |
#ifdef FLASK_LINUX |
61 |
#ifdef WITH_SELINUX |
62 |
security_id_t sid; |
62 |
security_context_t scontext; |
63 |
#endif /*FLASK_LINUX*/ |
63 |
#endif /*WITH_SELINUX*/ |
64 |
int highlight; |
64 |
int highlight; |
65 |
struct _child *children; |
65 |
struct _child *children; |
66 |
struct _proc *parent; |
66 |
struct _proc *parent; |
Lines 108-117
Link Here
|
108 |
static int width[MAX_DEPTH], more[MAX_DEPTH]; |
108 |
static int width[MAX_DEPTH], more[MAX_DEPTH]; |
109 |
static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0, |
109 |
static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0, |
110 |
trunc = 1, wait_end = 0; |
110 |
trunc = 1, wait_end = 0; |
111 |
#ifdef FLASK_LINUX |
111 |
#ifdef WITH_SELINUX |
112 |
static int show_sids = 0; |
|
|
113 |
static int show_scontext = 0; |
112 |
static int show_scontext = 0; |
114 |
#endif /*FLASK_LINUX*/ |
113 |
#endif /*WITH_SELINUX*/ |
115 |
static int output_width = 132; |
114 |
static int output_width = 132; |
116 |
static int cur_x = 1; |
115 |
static int cur_x = 1; |
117 |
static char last_char = 0; |
116 |
static char last_char = 0; |
Lines 161-198
Link Here
|
161 |
return digits; |
160 |
return digits; |
162 |
} |
161 |
} |
163 |
|
162 |
|
164 |
#ifdef FLASK_LINUX |
163 |
#ifdef WITH_SELINUX |
165 |
static void |
164 |
static void |
166 |
out_sid ( security_id_t sid ) |
165 |
out_scontext ( security_context_t scontext ) |
167 |
{ |
166 |
{ |
168 |
if ( (int) sid >= 0 ) |
|
|
169 |
out_int((int) sid); |
170 |
else |
171 |
out_string("??"); |
172 |
} |
173 |
|
174 |
static void |
175 |
out_scontext ( security_id_t sid ) |
176 |
{ |
177 |
static char buf[256]; |
178 |
int security_sid_to_context(); |
179 |
int len = sizeof(buf); |
180 |
int rv; |
181 |
|
182 |
bzero(buf,256); |
183 |
|
184 |
rv = security_sid_to_context((int)sid, buf, &len); |
185 |
if ( rv ) { |
186 |
out_string("`??\'"); /* punt */ |
187 |
} |
188 |
else { |
189 |
out_string("`"); |
167 |
out_string("`"); |
190 |
out_string(buf); |
168 |
out_string(scontext); |
191 |
out_string("\'"); |
169 |
out_string("'"); |
192 |
} |
|
|
193 |
} |
170 |
} |
194 |
#endif /*FLASK_LINUX*/ |
171 |
#endif /*WITH_SELINUX*/ |
195 |
|
172 |
|
196 |
|
173 |
|
197 |
static void |
174 |
static void |
198 |
out_newline (void) |
175 |
out_newline (void) |
Lines 216-228
Link Here
|
216 |
return walk; |
193 |
return walk; |
217 |
} |
194 |
} |
218 |
|
195 |
|
219 |
#ifdef FLASK_LINUX |
196 |
#ifdef WITH_SELINUX |
220 |
static PROC * |
197 |
static PROC * |
221 |
new_proc(const char *comm, pid_t pid, uid_t uid, security_id_t sid) |
198 |
new_proc(const char *comm, pid_t pid, uid_t uid, security_context_t scontext) |
222 |
#else /*FLASK_LINUX*/ |
199 |
#else /*WITH_SELINUX*/ |
223 |
static PROC * |
200 |
static PROC * |
224 |
new_proc (const char *comm, pid_t pid, uid_t uid) |
201 |
new_proc (const char *comm, pid_t pid, uid_t uid) |
225 |
#endif /*FLASK_LINUX*/ |
202 |
#endif /*WITH_SELINUX*/ |
226 |
{ |
203 |
{ |
227 |
PROC *new; |
204 |
PROC *new; |
228 |
|
205 |
|
Lines 235-243
Link Here
|
235 |
new->pid = pid; |
212 |
new->pid = pid; |
236 |
new->uid = uid; |
213 |
new->uid = uid; |
237 |
new->highlight = 0; |
214 |
new->highlight = 0; |
238 |
#ifdef FLASK_LINUX |
215 |
#ifdef WITH_SELINUX |
239 |
new->sid = sid; |
216 |
new->scontext = scontext; |
240 |
#endif /*FLASK_LINUX*/ |
217 |
#endif /*WITH_SELINUX*/ |
241 |
new->children = NULL; |
218 |
new->children = NULL; |
242 |
new->parent = NULL; |
219 |
new->parent = NULL; |
243 |
new->next = list; |
220 |
new->next = list; |
Lines 306-329
Link Here
|
306 |
this->argv[i] = start = strchr (start, 0) + 1; |
283 |
this->argv[i] = start = strchr (start, 0) + 1; |
307 |
} |
284 |
} |
308 |
|
285 |
|
309 |
#ifdef FLASK_LINUX |
286 |
#ifdef WITH_SELINUX |
310 |
static void |
287 |
static void |
311 |
add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid, |
288 |
add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid, |
312 |
const char *args, int size, security_id_t sid) |
289 |
const char *args, int size, security_context_t scontext) |
313 |
#else /*FLASK_LINUX*/ |
290 |
#else /*WITH_SELINUX*/ |
314 |
static void |
291 |
static void |
315 |
add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid, |
292 |
add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid, |
316 |
const char *args, int size) |
293 |
const char *args, int size) |
317 |
#endif /*FLASK_LINUX*/ |
294 |
#endif /*WITH_SELINUX*/ |
318 |
{ |
295 |
{ |
319 |
PROC *this, *parent; |
296 |
PROC *this, *parent; |
320 |
|
297 |
|
321 |
if (!(this = find_proc (pid))) |
298 |
if (!(this = find_proc (pid))) |
322 |
#ifdef FLASK_LINUX |
299 |
#ifdef WITH_SELINUX |
323 |
this = new_proc(comm, pid, uid, sid); |
300 |
this = new_proc(comm, pid, uid, scontext); |
324 |
#else /*FLASK_LINUX*/ |
301 |
#else /*WITH_SELINUX*/ |
325 |
this = new_proc (comm, pid, uid); |
302 |
this = new_proc (comm, pid, uid); |
326 |
#endif /*FLASK_LINUX*/ |
303 |
#endif /*WITH_SELINUX*/ |
327 |
else |
304 |
else |
328 |
{ |
305 |
{ |
329 |
strcpy (this->comm, comm); |
306 |
strcpy (this->comm, comm); |
Lines 334-344
Link Here
|
334 |
if (pid == ppid) |
311 |
if (pid == ppid) |
335 |
ppid = 0; |
312 |
ppid = 0; |
336 |
if (!(parent = find_proc (ppid))) |
313 |
if (!(parent = find_proc (ppid))) |
337 |
#ifdef FLASK_LINUX |
314 |
#ifdef WITH_SELINUX |
338 |
parent = new_proc("?", ppid, 0, sid); |
315 |
parent = new_proc("?", ppid, 0, scontext); |
339 |
#else /*FLASK_LINUX*/ |
316 |
#else /*WITH_SELINUX*/ |
340 |
parent = new_proc ("?", ppid, 0); |
317 |
parent = new_proc ("?", ppid, 0); |
341 |
#endif /*FLASK_LINUX*/ |
318 |
#endif /*WITH_SELINUX*/ |
342 |
add_child (parent, this); |
319 |
add_child (parent, this); |
343 |
this->parent = parent; |
320 |
this->parent = parent; |
344 |
} |
321 |
} |
Lines 430-454
Link Here
|
430 |
else |
407 |
else |
431 |
(void) out_int (current->uid); |
408 |
(void) out_int (current->uid); |
432 |
} |
409 |
} |
433 |
#ifdef FLASK_LINUX |
410 |
#ifdef WITH_SELINUX |
434 |
if ( show_sids ) { |
|
|
435 |
out_char (info++ ? ',' : '('); |
436 |
out_sid(current->sid); |
437 |
} |
438 |
if ( show_scontext ) { |
411 |
if ( show_scontext ) { |
439 |
out_char (info++ ? ',' : '('); |
412 |
out_char (info++ ? ',' : '('); |
440 |
out_scontext(current->sid); |
413 |
out_scontext(current->scontext); |
441 |
} |
414 |
} |
442 |
#endif /*FLASK_LINUX*/ |
415 |
#endif /*WITH_SELINUX*/ |
443 |
if ((swapped && print_args && current->argc < 0) || (!swapped && info)) |
416 |
if ((swapped && print_args && current->argc < 0) || (!swapped && info)) |
444 |
out_char (')'); |
417 |
out_char (')'); |
445 |
if (current->highlight && (tmp = tgetstr ("me", NULL))) |
418 |
if (current->highlight && (tmp = tgetstr ("me", NULL))) |
446 |
tputs (tmp, 1, putchar); |
419 |
tputs (tmp, 1, putchar); |
447 |
#ifdef FLASK_LINUX |
|
|
448 |
if (show_scontext || print_args) |
449 |
#else /*FLASK_LINUX*/ |
450 |
if (print_args) |
420 |
if (print_args) |
451 |
#endif /*FLASK_LINUX*/ |
|
|
452 |
{ |
421 |
{ |
453 |
for (i = 0; i < current->argc; i++) |
422 |
for (i = 0; i < current->argc; i++) |
454 |
{ |
423 |
{ |
Lines 473-492
Link Here
|
473 |
} |
442 |
} |
474 |
} |
443 |
} |
475 |
} |
444 |
} |
476 |
#ifdef FLASK_LINUX |
445 |
#ifdef WITH_SELINUX |
477 |
if ( show_scontext || print_args || ! current->children ) |
446 |
if ( show_scontext || print_args || ! current->children ) |
478 |
#else /*FLASK_LINUX*/ |
447 |
#else /*WITH_SELINUX*/ |
479 |
if (print_args || !current->children) |
448 |
if (print_args || !current->children) |
480 |
#endif /*FLASK_LINUX*/ |
449 |
#endif /*WITH_SELINUX*/ |
481 |
{ |
450 |
{ |
482 |
while (closing--) |
451 |
while (closing--) |
483 |
out_char (']'); |
452 |
out_char (']'); |
484 |
out_newline (); |
453 |
out_newline (); |
485 |
#ifdef FLASK_LINUX |
454 |
#ifdef WITH_SELINUX |
486 |
if ( show_scontext || print_args ) |
455 |
if ( show_scontext || print_args ) |
487 |
#else /*FLASK_LINUX*/ |
456 |
#else /*WITH_SELINUX*/ |
488 |
if (print_args) |
457 |
if (print_args) |
489 |
#endif /*FLASK_LINUX*/ |
458 |
#endif /*WITH_SELINUX*/ |
490 |
{ |
459 |
{ |
491 |
more[level] = !last; |
460 |
more[level] = !last; |
492 |
width[level] = swapped + (comm_len > 1 ? 0 : -1); |
461 |
width[level] = swapped + (comm_len > 1 ? 0 : -1); |
Lines 576-584
Link Here
|
576 |
pid_t pid, ppid; |
545 |
pid_t pid, ppid; |
577 |
int fd, size; |
546 |
int fd, size; |
578 |
int empty; |
547 |
int empty; |
579 |
#ifdef FLASK_LINUX |
548 |
#ifdef WITH_SELINUX |
580 |
security_id_t sid = -1; |
549 |
security_context_t scontext = NULL; |
581 |
#endif /*FLASK_LINUX*/ |
550 |
int selinux_enabled=is_selinux_enabled()>0; |
|
|
551 |
#endif /*WITH_SELINUX*/ |
582 |
|
552 |
|
583 |
if (!print_args) |
553 |
if (!print_args) |
584 |
buffer = NULL; |
554 |
buffer = NULL; |
Lines 603-613
Link Here
|
603 |
{ |
573 |
{ |
604 |
empty = 0; |
574 |
empty = 0; |
605 |
sprintf (path, "%s/%d", PROC_BASE, pid); |
575 |
sprintf (path, "%s/%d", PROC_BASE, pid); |
606 |
#ifdef FLASK_LINUX |
576 |
#ifdef WITH_SELINUX |
607 |
if (fstat_secure(fileno(file),&st,&sid) < 0) |
577 |
if (selinux_enabled) |
608 |
#else /*FLASK_LINUX*/ |
578 |
if (getpidcon(pid,&scontext) < 0) |
|
|
579 |
{ |
580 |
perror (path); |
581 |
exit (1); |
582 |
} |
583 |
#endif /*WITH_SELINUX*/ |
609 |
if (stat (path, &st) < 0) |
584 |
if (stat (path, &st) < 0) |
610 |
#endif /*FLASK_LINUX*/ |
|
|
611 |
{ |
585 |
{ |
612 |
perror (path); |
586 |
perror (path); |
613 |
exit (1); |
587 |
exit (1); |
Lines 632-642
Link Here
|
632 |
&ppid) == 4) |
606 |
&ppid) == 4) |
633 |
*/ |
607 |
*/ |
634 |
if (!print_args) |
608 |
if (!print_args) |
635 |
#ifdef FLASK_LINUX |
609 |
#ifdef WITH_SELINUX |
636 |
add_proc(comm, pid, ppid, st.st_uid, NULL, 0, sid); |
610 |
add_proc(comm, pid, ppid, st.st_uid, NULL, 0, scontext); |
637 |
#else /*FLASK_LINUX*/ |
611 |
#else /*WITH_SELINUX*/ |
638 |
add_proc (comm, pid, ppid, st.st_uid, NULL, 0); |
612 |
add_proc (comm, pid, ppid, st.st_uid, NULL, 0); |
639 |
#endif /*FLASK_LINUX*/ |
613 |
#endif /*WITH_SELINUX*/ |
640 |
else |
614 |
else |
641 |
{ |
615 |
{ |
642 |
sprintf (path, "%s/%d/cmdline", PROC_BASE, pid); |
616 |
sprintf (path, "%s/%d/cmdline", PROC_BASE, pid); |
Lines 653-663
Link Here
|
653 |
(void) close (fd); |
627 |
(void) close (fd); |
654 |
if (size) |
628 |
if (size) |
655 |
buffer[size++] = 0; |
629 |
buffer[size++] = 0; |
656 |
#ifdef FLASK_LINUX |
630 |
#ifdef WITH_SELINUX |
657 |
add_proc(comm, pid, ppid, st.st_uid, buffer, size, sid); |
631 |
add_proc(comm, pid, ppid, st.st_uid, buffer, size, scontext); |
658 |
#else /*FLASK_LINUX*/ |
632 |
#else /*WITH_SELINUX*/ |
659 |
add_proc (comm, pid, ppid, st.st_uid, buffer, size); |
633 |
add_proc (comm, pid, ppid, st.st_uid, buffer, size); |
660 |
#endif /*FLASK_LINUX*/ |
634 |
#endif /*WITH_SELINUX*/ |
661 |
} |
635 |
} |
662 |
} |
636 |
} |
663 |
} |
637 |
} |
Lines 696-706
Link Here
|
696 |
cmd = comm; |
670 |
cmd = comm; |
697 |
if (*cmd == '-') |
671 |
if (*cmd == '-') |
698 |
cmd++; |
672 |
cmd++; |
699 |
#ifdef FLASK_LINUX |
673 |
#ifdef WITH_SELINUX |
700 |
add_proc(cmd, pid, ppid, uid, NULL, 0, -1); |
674 |
add_proc(cmd, pid, ppid, uid, NULL, 0, NULL); |
701 |
#else /*FLASK_LINUX*/ |
675 |
#else /*WITH_SELINUX*/ |
702 |
add_proc (cmd, pid, ppid, uid, NULL, 0); |
676 |
add_proc (cmd, pid, ppid, uid, NULL, 0); |
703 |
#endif /*FLASK_LINUX*/ |
677 |
#endif /*WITH_SELINUX*/ |
704 |
} |
678 |
} |
705 |
} |
679 |
} |
706 |
|
680 |
|
Lines 722-731
Link Here
|
722 |
fprintf (stderr, _(" -n sort output by PID\n")); |
696 |
fprintf (stderr, _(" -n sort output by PID\n")); |
723 |
fprintf (stderr, _(" -p show PIDs; implies -c\n")); |
697 |
fprintf (stderr, _(" -p show PIDs; implies -c\n")); |
724 |
fprintf (stderr, _(" -u show uid transitions\n")); |
698 |
fprintf (stderr, _(" -u show uid transitions\n")); |
725 |
#ifdef FLASK_LINUX |
699 |
#ifdef WITH_SELINUX |
726 |
fprintf (stderr, _(" -s show Flask SIDs\n")); |
700 |
fprintf (stderr, _(" -Z show SELinux security contexts\n")); |
727 |
fprintf (stderr, _(" -x show Flask security contexts\n")); |
701 |
#endif /*WITH_SELINUX*/ |
728 |
#endif /*FLASK_LINUX*/ |
|
|
729 |
fprintf (stderr, _(" -U use UTF-8 (Unicode)) line drawing characters\n")); |
702 |
fprintf (stderr, _(" -U use UTF-8 (Unicode)) line drawing characters\n")); |
730 |
fprintf (stderr, _(" -V display version information\n")); |
703 |
fprintf (stderr, _(" -V display version information\n")); |
731 |
fprintf (stderr, _(" pid start at pid, default 1 (init))\n")); |
704 |
fprintf (stderr, _(" pid start at pid, default 1 (init))\n")); |
Lines 771-781
Link Here
|
771 |
} |
744 |
} |
772 |
|
745 |
|
773 |
|
746 |
|
774 |
#ifdef FLASK_LINUX |
747 |
#ifdef WITH_SELINUX |
775 |
while ((c = getopt (argc, argv, "acGhH:npluUVsx")) != EOF) |
748 |
while ((c = getopt (argc, argv, "acGhH:npluUVZ")) != EOF) |
776 |
#else /*FLASK_LINUX*/ |
749 |
#else /*WITH_SELINUX*/ |
777 |
while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF) |
750 |
while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF) |
778 |
#endif /*FLASK_LINUX*/ |
751 |
#endif /*WITH_SELINUX*/ |
779 |
switch (c) |
752 |
switch (c) |
780 |
{ |
753 |
{ |
781 |
case 'a': |
754 |
case 'a': |
Lines 832-845
Link Here
|
832 |
case 'V': |
805 |
case 'V': |
833 |
print_version(); |
806 |
print_version(); |
834 |
return 0; |
807 |
return 0; |
835 |
#ifdef FLASK_LINUX |
808 |
#ifdef WITH_SELINUX |
836 |
case 's': |
809 |
case 'Z': |
837 |
show_sids = 1; |
810 |
if (is_selinux_enabled()>0) |
838 |
break; |
811 |
show_scontext = 1; |
839 |
case 'x': |
812 |
else |
840 |
show_scontext = 1; |
813 |
fprintf(stderr, "Warning: -Z ignored. Requires anx SELinux enabled kernel\n"); |
841 |
break; |
814 |
break; |
842 |
#endif /*FLASK_LINUX*/ |
815 |
#endif /*WITH_SELINUX*/ |
843 |
default: |
816 |
default: |
844 |
usage (); |
817 |
usage (); |
845 |
} |
818 |
} |