From ab0ee6da4dedd343b4ec8371d046dc9230bb2798 Mon Sep 17 00:00:00 2001 From: xroche <[email protected]> Date: Wed, 15 Oct 2014 13:16:52 +0200 Subject: [PATCH] Add -Z option to ls command
Signed-off-by: xroche <[email protected]> --- toys/posix/ls.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/toys/posix/ls.c b/toys/posix/ls.c index 0687132..4de0089 100644 --- a/toys/posix/ls.c +++ b/toys/posix/ls.c @@ -5,13 +5,13 @@ * * See http://opengroup.org/onlinepubs/9699919799/utilities/ls.html -USE_LS(NEWTOY(ls, USE_LS_COLOR("(color):;")"goACFHLRSacdfiklmnpqrstux1[-1Cglmnox][-cu][-ftS][-HL]", TOYFLAG_BIN|TOYFLAG_LOCALE)) +USE_LS(NEWTOY(ls, USE_LS_COLOR("(color):;")"goACFHLRSZacdfiklmnpqrstux1[-1Cglmnox][-cu][-ftS][-HL]", TOYFLAG_BIN|TOYFLAG_LOCALE)) config LS bool "ls" default y help - usage: ls [-ACFHLRSacdfiklmnpqrstux1] [directory...] + usage: ls [-ACFHLRSZacdfiklmnpqrstux1] [directory...] list files what to show: @@ -22,6 +22,7 @@ config LS -u use access time for timestamps -A list all files but . and .. -H follow command line symlinks -L follow symlinks -R recursively list files in subdirs -F append /dir *exe @sym |FIFO + -Z security context of listed files output formats: -1 list one file per line -C columns (sorted vertically) @@ -49,6 +50,7 @@ config LS_COLOR #ifdef USE_SMACK #include <sys/smack.h> +#include <linux/xattr.h> #endif //USE_SMACK // test sst output (suid/sticky in ls flaglist) @@ -381,6 +383,23 @@ static void listfiles(int dirfd, struct dirtree *indir) if (flags & FLAG_i) xprintf("% *lu ", len[1], (unsigned long)st->st_ino); if (flags & FLAG_s) xprintf("% *lu ", len[6], (unsigned long)st->st_blocks); + +#ifdef USE_SMACK + if (flags & FLAG_Z) { + if (smack_smackfs_path () != NULL) { // if smack enabled + char *context; + char p[128]; You can’t be sure that the sprintf below will fit in 128 bytes. + sprintf(p, "%s/%s", indir->name, sort[next]->name); + int r = smack_new_label_from_path(p, XATTR_NAME_SMACK, 1, &context); + if (r < 0) + printf("_ ", context); This is a really bad idea. If you can’t fetch the Smack label use “?”, not “_”. + else + printf("%s ", context); + } // smack not enabled + else + printf("unlabeled "); The string “unlabeled” is a valid Smack label. You have three legitimate options. You can ignore the –Z. You can print “?”. You can try fetching the Smack label anyway. It’s an extended attribute that might be there even if Smack isn’t enabled. Also be aware that the –Z option is shared with SELinux. Someday someone will likely add USE_SELINUX and want to reuse your code. + } +#endif if (flags & (FLAG_l|FLAG_o|FLAG_n|FLAG_g)) { struct tm *tm; -- 1.8.4.5 From: Dev [mailto:[email protected]] On Behalf Of Xavier Roche Sent: Wednesday, October 15, 2014 4:38 AM To: Jan Cybulski Cc: [email protected] Subject: Re: [Dev] Fwd: Re: ToyBox task Jan, You will find attached to this mail a patch I made which add '-Z' option to the 'ls' toybox command. (I have adapted the patch to the current tizen repo status). This is just a draft, and the display calculation is still missing... Anyway I hope this will help you... Best regards, -- Xavier Roche Intel Open Source Technology Center On 15/10/2014 08:05, Jan Cybulski wrote: Hello all, As for now I continue my work on Toybox. Xavier, you sent patch that adds dependency on libsmack to Toybox. I just wonder if Toybox maintainers do not mind that: maybe they would prefer just reads of smackfs and proc or xattrs? (I would prefer libsmack though) Best regards, Jan Cybulski On 14.10.2014 13:55, Xavier Roche wrote: On 14/10/2014 12:32, WaLyong Cho wrote: On 10/14/2014 06:56 PM, Xavier Roche wrote: Hi Walyong, Thanks for the info, Basically the toybox solution has already been studied and we have already metrics on what we have add/modify. It requires a very little effort to get it work properly in a Tizen security context. (here provides some value and print on the mail history with Samsung and a link toward Tizen Git repos) More over, Toybox is an active opensource project and offers community feedbacks and improvements, on which we can rely on. If toybox really active and we can rely on then toybox also will be good option. I really think it is a good option, (almost 60 commits published last month) ... In addition, please take a look at the following : - tizen toybox repo : toybox <https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox><https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox> - current toybox status in Tizen : wiki <https://wiki.tizen.org/wiki/Toybox><https://wiki.tizen.org/wiki/Toybox> and detailed status <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0><https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0> More over, I have discussed with the toybox upstream maintainer (Rob Landley, who used to work on busybox), and he is ready to give us an upstream support and integrate our patches as possible. Any way I am always curious and interesting in studying alternatives. I could not find anything on your project in the open. Please send me the pointer as soon as it is available... I will. Thanks Best regards, -- Xavier Roche Intel Open Source Technology Center On 14/10/2014 10:15, WaLyong Cho wrote: Hi all, I'd like to introduce new toolbox like tool. That is named as *tinybox*. We have plan to open that on github. That is not under IP verification. I think that will be soon opened. *tinybox* is using Apache license. Many of coreutils commands were already implemented. And many of others are implementing now. *tinybox* was started to be used on Tizen.(so at the first time, that has name like tizenbox.) But there is no Tizen feature and should be. I hope to move security-related functionalities to *tinybox*. On 10/13/2014 06:31 PM, Xavier Roche wrote: Hello Jan, You can work with the platform/upstream/toybox repository (see : https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox ) The list provided in the wiki ( here <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0><https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0> ) is up to date. Basically, the security-related functionalities to add only concern the following: - cp - id - ls - mkdir - mkfifo - mknod - ps I will create Jira issues on these tasks, with a detailed description for each cases... However, Gerrit seems not to work properly today... I'm not sure you could clone the toybox repository at the moment. Feel free to contact me if any questions! Best regards, -- Xavier Roche Intel Open Source Technology Center On 13/10/2014 10:41, Jan Cybulski wrote: Hello, Dominique and Xavier, I am Tizen developer in Samsung Electronics, I got a task from Tomasz Swierczek to add smack aware code to ToyBox. He gave me contact to You as people in charge for this on Intel side. I would like to start working on this and ask which repository should I work with, and what is the required schedule for this task? Aslo : Is wiki site for this up to date? (https://wiki.tizen.org/wiki/Toybox) Especially I mean the list of toys that are still to be changed by adding security-related functionalities. I would like to avoid duplication if some work is done already or is performed right now. Best regards, Jan Cybulski _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> https://lists.tizen.org/listinfo/dev Best regards, -- Xavier Roche Intel Open Source Technology Center
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
