This patch enables to apply -context matching rule for find applet.
It returns TRUE, if checked entry has same security context
with given one by -context option.
example of usage)
# ./busybox find /etc -context system_u:object_r:shadow_t
/etc/gshadow
/etc/.pwd.lock
/etc/shadow
/etc/gshadow-
/etc/shadow-
It will print any file under /etc, have a security context of
'system_u:object_r:shadow_t'.
Any comment please,
Thanks,
--
KaiGai Kohei <[EMAIL PROTECTED]>
Index: busybox/include/usage.h
===================================================================
--- busybox/include/usage.h (revision 18764)
+++ busybox/include/usage.h (working copy)
@@ -980,6 +980,8 @@
"\n -delete Delete files; Turns on -depth option" \
) USE_FEATURE_FIND_PATH( \
"\n -path Path matches PATTERN" \
+ ) USE_FEATURE_FIND_CONTEXT ( \
+ "\n -context File has specified security context" \
) USE_FEATURE_FIND_PAREN( \
"\n (EXPR) Group an expression" \
)
Index: busybox/findutils/find.c
===================================================================
--- busybox/findutils/find.c (revision 18764)
+++ busybox/findutils/find.c (working copy)
@@ -81,6 +81,7 @@
USE_FEATURE_FIND_PRUNE( ACTS(prune))
USE_FEATURE_FIND_DELETE(ACTS(delete))
USE_FEATURE_FIND_PATH( ACTS(path, const char *pattern;))
+USE_FEATURE_FIND_CONTEXT(ACTS(context, security_context_t context;))
static action ***actions;
static bool need_print = 1;
@@ -336,7 +337,27 @@
}
#endif
+#if ENABLE_FEATURE_FIND_CONTEXT
+ACTF(context)
+{
+ security_context_t con;
+ int rc;
+ if (recurse_flags & ACTION_FOLLOWLINKS) {
+ rc = getfilecon(fileName, &con);
+ } else {
+ rc = lgetfilecon(fileName, &con);
+ }
+ if (rc < 0)
+ return FALSE;
+
+ rc = strcmp(ap->context, con);
+ freecon(con);
+
+ return rc == 0;
+}
+#endif
+
static int fileAction(const char *fileName, struct stat *statbuf, void* junk, int depth)
{
int i;
@@ -419,6 +440,7 @@
USE_FEATURE_FIND_PRUNE( PARM_prune ,)
USE_FEATURE_FIND_DELETE(PARM_delete ,)
USE_FEATURE_FIND_PATH( PARM_path ,)
+ USE_FEATURE_FIND_CONTEXT(PARM_context ,)
#if ENABLE_DESKTOP
PARM_and ,
PARM_or ,
@@ -448,6 +470,7 @@
USE_FEATURE_FIND_PRUNE( "-prune" ,)
USE_FEATURE_FIND_DELETE("-delete",)
USE_FEATURE_FIND_PATH( "-path" ,)
+ USE_FEATURE_FIND_CONTEXT("-context",)
#if ENABLE_DESKTOP
"-and" ,
"-or" ,
@@ -709,6 +732,18 @@
ap->size = XATOOFF(arg1);
}
#endif
+#if ENABLE_FEATURE_FIND_CONTEXT
+ else if (parm == PARM_context) {
+ action_context *ap;
+
+ if (!*++argv)
+ bb_error_msg_and_die(bb_msg_requires_arg, arg);
+ ap = ALLOC_ACTION(context);
+ ap->context = NULL;
+ if (selinux_raw_to_trans_context(argv[0], &ap->context))
+ bb_perror_msg("%s", argv[0]);
+ }
+#endif
else
bb_show_usage();
argv++;
Index: busybox/findutils/Config.in
===================================================================
--- busybox/findutils/Config.in (revision 18764)
+++ busybox/findutils/Config.in (working copy)
@@ -151,6 +151,13 @@
help
The -path option matches whole pathnames instead of just filenames.
+config FEATURE_FIND_CONTEXT
+ bool "Enable (-context) option for matching security context"
+ default n
+ depends on FIND && SELINUX
+ help
+ Support the 'find -context' option for matching security context.
+
config GREP
bool "grep"
default n
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
