From ab0ee6da4dedd343b4ec8371d046dc9230bb2798 Mon Sep 17 00:00:00 2001
From: xroche <[email protected]>
Date: Wed, 15 Oct 2014 13:16:52 +0200
Subject: [PATCH] Add -Z option to ls command
Signed-off-by: xroche <[email protected]>
---
toys/posix/ls.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/toys/posix/ls.c b/toys/posix/ls.c
index 0687132..4de0089 100644
--- a/toys/posix/ls.c
+++ b/toys/posix/ls.c
@@ -5,13 +5,13 @@
*
* See http://opengroup.org/onlinepubs/9699919799/utilities/ls.html
-USE_LS(NEWTOY(ls,
USE_LS_COLOR("(color):;")"goACFHLRSacdfiklmnpqrstux1[-1Cglmnox][-cu][-ftS][-HL]",
TOYFLAG_BIN|TOYFLAG_LOCALE))
+USE_LS(NEWTOY(ls,
USE_LS_COLOR("(color):;")"goACFHLRSZacdfiklmnpqrstux1[-1Cglmnox][-cu][-ftS][-HL]",
TOYFLAG_BIN|TOYFLAG_LOCALE))
config LS
bool "ls"
default y
help
- usage: ls [-ACFHLRSacdfiklmnpqrstux1] [directory...]
+ usage: ls [-ACFHLRSZacdfiklmnpqrstux1] [directory...]
list files
what to show:
@@ -22,6 +22,7 @@ config LS
-u use access time for timestamps -A list all files but
. and ..
-H follow command line symlinks -L follow symlinks
-R recursively list files in subdirs -F append /dir *exe
@sym |FIFO
+ -Z security context of listed files
output formats:
-1 list one file per line -C columns (sorted
vertically)
@@ -49,6 +50,7 @@ config LS_COLOR
#ifdef USE_SMACK
#include <sys/smack.h>
+#include <linux/xattr.h>
#endif //USE_SMACK
// test sst output (suid/sticky in ls flaglist)
@@ -381,6 +383,23 @@ static void listfiles(int dirfd, struct dirtree
*indir)
if (flags & FLAG_i) xprintf("% *lu ", len[1], (unsigned
long)st->st_ino);
if (flags & FLAG_s) xprintf("% *lu ", len[6], (unsigned
long)st->st_blocks);
+
+#ifdef USE_SMACK
+ if (flags & FLAG_Z) {
+ if (smack_smackfs_path () != NULL) { // if smack enabled
+ char *context;
+ char p[128];
You can’t be sure that the sprintf below will fit in 128 bytes.
+ sprintf(p, "%s/%s", indir->name, sort[next]->name);
+ int r = smack_new_label_from_path(p, XATTR_NAME_SMACK,
1, &context);
+ if (r < 0)
+ printf("_ ", context);
This is a really bad idea. If you can’t fetch the Smack label use “?”,
not “_”.
+ else
+ printf("%s ", context);
+ } // smack not enabled
+ else
+ printf("unlabeled ");
The string “unlabeled” is a valid Smack label. You have three
legitimate options. You can ignore the –Z. You can print “?”. You can
try fetching the Smack label anyway. It’s an extended attribute that
might be there even if Smack isn’t enabled.
Also be aware that the –Z option is shared with SELinux. Someday
someone will likely add USE_SELINUX and want to reuse your code.
+ }
+#endif
if (flags & (FLAG_l|FLAG_o|FLAG_n|FLAG_g)) {
struct tm *tm;
--
1.8.4.5
*From:*Dev [mailto:[email protected]] *On Behalf Of *Xavier
Roche
*Sent:* Wednesday, October 15, 2014 4:38 AM
*To:* Jan Cybulski
*Cc:* [email protected]
*Subject:* Re: [Dev] Fwd: Re: ToyBox task
Jan,
You will find attached to this mail a patch I made which add '-Z'
option to the 'ls' toybox command.
(I have adapted the patch to the current tizen repo status).
This is just a draft, and the display calculation is still missing...
Anyway I hope this will help you...
Best regards,
--
Xavier Roche
Intel Open Source Technology Center
On 15/10/2014 08:05, Jan Cybulski wrote:
Hello all,
As for now I continue my work on Toybox.
Xavier, you sent patch that adds dependency on libsmack to Toybox.
I just wonder if Toybox maintainers do not mind that:
maybe they would prefer just reads of smackfs and proc or xattrs?
(I would prefer libsmack though)
Best regards,
Jan Cybulski
On 14.10.2014 13:55, Xavier Roche wrote:
On 14/10/2014 12:32, WaLyong Cho wrote:
On 10/14/2014 06:56 PM, Xavier Roche wrote:
Hi Walyong,
Thanks for the info,
Basically the toybox solution has already been studied
and we have
already metrics on what we have add/modify.
It requires a very little effort to get it work
properly in a Tizen
security context.
(here provides some value and print on the mail
history with Samsung and
a link toward Tizen Git repos)
More over, Toybox is an active opensource project and
offers community
feedbacks and improvements, on which we can rely on.
If toybox really active and we can rely on then toybox
also will be good
option.
I really think it is a good option, (almost 60 commits
published last month) ...
In addition, please take a look at the following :
- tizen toybox repo : toybox
<https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox>
<https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox>
- current toybox status in Tizen : wiki
<https://wiki.tizen.org/wiki/Toybox>
<https://wiki.tizen.org/wiki/Toybox> and detailed status
<https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
<https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
More over, I have discussed with the toybox upstream
maintainer (Rob Landley, who used to work on busybox), and he
is ready to give us an upstream support and integrate our
patches as possible.
Any way I am always curious and interesting in
studying alternatives.
I could not find anything on your project in the open.
Please send me the pointer as soon as it is available...
I will.
Thanks
Best regards,
--
Xavier Roche
Intel Open Source Technology Center
On 14/10/2014 10:15, WaLyong Cho wrote:
Hi all,
I'd like to introduce new toolbox like tool. That
is named as *tinybox*.
We have plan to open that on github. That is not
under IP verification.
I think that will be soon opened.
*tinybox* is using Apache license.
Many of coreutils commands were already
implemented. And many of others
are implementing now.
*tinybox* was started to be used on Tizen.(so at
the first time, that
has name like tizenbox.) But there is no Tizen
feature and should be.
I hope to move security-related functionalities to
*tinybox*.
On 10/13/2014 06:31 PM, Xavier Roche wrote:
Hello Jan,
You can work with the platform/upstream/toybox
repository (see :
https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox
)
The list provided in the wiki ( here
<https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
<https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
) is up to date.
Basically, the security-related
functionalities to add only concern the
following:
- cp
- id
- ls
- mkdir
- mkfifo
- mknod
- ps
I will create Jira issues on these tasks, with
a detailed description
for each cases...
However, Gerrit seems not to work properly
today... I'm not sure you
could clone the toybox repository at the moment.
Feel free to contact me if any questions!
Best regards,
--
Xavier Roche
Intel Open Source Technology Center
On 13/10/2014 10:41, Jan Cybulski wrote:
Hello, Dominique and Xavier,
I am Tizen developer in Samsung Electronics,
I got a task from Tomasz Swierczek to add
smack aware code to ToyBox.
He gave me contact to You as people in
charge for this on Intel side.
I would like to start working on this and
ask which repository should
I work with, and what is the required
schedule for this task?
Aslo : Is wiki site for this up to date?
(https://wiki.tizen.org/wiki/Toybox)
Especially I mean the list of
toys that are still to be changed by
adding security-related
functionalities. I would like to avoid
duplication if some work is
done already or is performed right now.
Best regards,
Jan Cybulski
_______________________________________________
Dev mailing list
[email protected] <mailto:[email protected]>
https://lists.tizen.org/listinfo/dev
Best regards,
--
Xavier Roche
Intel Open Source Technology Center
