This patch enables to apply -context matching rule for find applet. It returns TRUE, if checked entry has same security context with given one by -context option.
example of usage) # ./busybox find /etc -context system_u:object_r:shadow_t /etc/gshadow /etc/.pwd.lock /etc/shadow /etc/gshadow- /etc/shadow- It will print any file under /etc, have a security context of 'system_u:object_r:shadow_t'. Any comment please, Thanks, -- KaiGai Kohei <[EMAIL PROTECTED]>
Index: busybox/include/usage.h =================================================================== --- busybox/include/usage.h (revision 18764) +++ busybox/include/usage.h (working copy) @@ -980,6 +980,8 @@ "\n -delete Delete files; Turns on -depth option" \ ) USE_FEATURE_FIND_PATH( \ "\n -path Path matches PATTERN" \ + ) USE_FEATURE_FIND_CONTEXT ( \ + "\n -context File has specified security context" \ ) USE_FEATURE_FIND_PAREN( \ "\n (EXPR) Group an expression" \ ) Index: busybox/findutils/find.c =================================================================== --- busybox/findutils/find.c (revision 18764) +++ busybox/findutils/find.c (working copy) @@ -81,6 +81,7 @@ USE_FEATURE_FIND_PRUNE( ACTS(prune)) USE_FEATURE_FIND_DELETE(ACTS(delete)) USE_FEATURE_FIND_PATH( ACTS(path, const char *pattern;)) +USE_FEATURE_FIND_CONTEXT(ACTS(context, security_context_t context;)) static action ***actions; static bool need_print = 1; @@ -336,7 +337,27 @@ } #endif +#if ENABLE_FEATURE_FIND_CONTEXT +ACTF(context) +{ + security_context_t con; + int rc; + if (recurse_flags & ACTION_FOLLOWLINKS) { + rc = getfilecon(fileName, &con); + } else { + rc = lgetfilecon(fileName, &con); + } + if (rc < 0) + return FALSE; + + rc = strcmp(ap->context, con); + freecon(con); + + return rc == 0; +} +#endif + static int fileAction(const char *fileName, struct stat *statbuf, void* junk, int depth) { int i; @@ -419,6 +440,7 @@ USE_FEATURE_FIND_PRUNE( PARM_prune ,) USE_FEATURE_FIND_DELETE(PARM_delete ,) USE_FEATURE_FIND_PATH( PARM_path ,) + USE_FEATURE_FIND_CONTEXT(PARM_context ,) #if ENABLE_DESKTOP PARM_and , PARM_or , @@ -448,6 +470,7 @@ USE_FEATURE_FIND_PRUNE( "-prune" ,) USE_FEATURE_FIND_DELETE("-delete",) USE_FEATURE_FIND_PATH( "-path" ,) + USE_FEATURE_FIND_CONTEXT("-context",) #if ENABLE_DESKTOP "-and" , "-or" , @@ -709,6 +732,18 @@ ap->size = XATOOFF(arg1); } #endif +#if ENABLE_FEATURE_FIND_CONTEXT + else if (parm == PARM_context) { + action_context *ap; + + if (!*++argv) + bb_error_msg_and_die(bb_msg_requires_arg, arg); + ap = ALLOC_ACTION(context); + ap->context = NULL; + if (selinux_raw_to_trans_context(argv[0], &ap->context)) + bb_perror_msg("%s", argv[0]); + } +#endif else bb_show_usage(); argv++; Index: busybox/findutils/Config.in =================================================================== --- busybox/findutils/Config.in (revision 18764) +++ busybox/findutils/Config.in (working copy) @@ -151,6 +151,13 @@ help The -path option matches whole pathnames instead of just filenames. +config FEATURE_FIND_CONTEXT + bool "Enable (-context) option for matching security context" + default n + depends on FIND && SELINUX + help + Support the 'find -context' option for matching security context. + config GREP bool "grep" default n
_______________________________________________ busybox mailing list busybox@busybox.net http://busybox.net/cgi-bin/mailman/listinfo/busybox