On mar, 2014-01-14 at 15:20 +0100, Christian Brabandt wrote:
> On Tue, January 14, 2014 14:41, José Bollo wrote:
> > Hi all,
> > I'm working for Tizen that uses the Linux Security Module SMACK.
> >
> > Then, I wrote a patch to vi to make the copy of the smack attributes.
> >
> > What is the process to push it mainstream?
>
> You mean vim, right?
yes!
> If so, then simply publish it here (by attaching
> it to a mail).
See attachment. Not really sure to be up-to-date. Let me know, I'm
staying tuned.
Best regards
José
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
diff --git a/src/config.h.in b/src/config.h.in
index f6c7fa4..41adc5e 100644
--- a/src/config.h.in
+++ b/src/config.h.in
@@ -190,6 +190,7 @@
#undef HAVE_SIGSETJMP
#undef HAVE_SIGSTACK
#undef HAVE_SIGVEC
+#undef HAVE_SMACK
#undef HAVE_STRCASECMP
#undef HAVE_STRERROR
#undef HAVE_STRFTIME
diff --git a/src/configure.in b/src/configure.in
index 152313b..da44157 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -345,6 +345,23 @@ fi
AC_SUBST(QUOTESED)
+dnl Link with -lsmack for Smack stuff; if not found
+AC_MSG_CHECKING(--disable-smack argument)
+AC_ARG_ENABLE(smack,
+ [ --disable-smack Do not check for Smack support.],
+ , enable_smack="yes")
+if test "$enable_smack" = "yes"; then
+ AC_CHECK_HEADER([linux/xattr.h], true, enable_smack="no")
+fi
+if test "$enable_smack" = "yes"; then
+ AC_MSG_RESULT(no)
+ AC_CHECK_LIB(attr, llistxattr,
+ [LIBS="$LIBS -lattr"
+ AC_DEFINE(HAVE_SMACK)])
+else
+ AC_MSG_RESULT(yes)
+fi
+
dnl Link with -lselinux for SELinux stuff; if not found
AC_MSG_CHECKING(--disable-selinux argument)
AC_ARG_ENABLE(selinux,
diff --git a/src/fileio.c b/src/fileio.c
index b6127d9..b93ce2a 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -3987,7 +3987,7 @@ buf_write(buf, fname, sfname, start, end, eap, append, forceit,
)
mch_setperm(backup,
(perm & 0707) | ((perm & 07) << 3));
-# ifdef HAVE_SELINUX
+# if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(fname, backup);
# endif
#endif
@@ -4026,7 +4026,7 @@ buf_write(buf, fname, sfname, start, end, eap, append, forceit,
#ifdef HAVE_ACL
mch_set_acl(backup, acl);
#endif
-#ifdef HAVE_SELINUX
+#if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(fname, backup);
#endif
break;
@@ -4675,7 +4675,7 @@ restore_backup:
}
#endif
-#ifdef HAVE_SELINUX
+#if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
/* Probably need to set the security context. */
if (!backup_copy)
mch_copy_sec(backup, wfname);
diff --git a/src/memfile.c b/src/memfile.c
index c6f5fdf..20ee9c0 100644
--- a/src/memfile.c
+++ b/src/memfile.c
@@ -1395,7 +1395,7 @@ mf_do_open(mfp, fname, flags)
if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0)
fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC);
#endif
-#ifdef HAVE_SELINUX
+#if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(fname, mfp->mf_fname);
#endif
mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */
diff --git a/src/os_unix.c b/src/os_unix.c
index a82c65d..16ca776 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -46,6 +46,14 @@
static int selinux_enabled = -1;
#endif
+#ifdef HAVE_SMACK
+# include <attr/xattr.h>
+# include <linux/xattr.h>
+# ifndef SMACK_LABEL_LEN
+# define SMACK_LABEL_LEN 1024
+# endif
+#endif
+
/*
* Use this prototype for select, some include files have a wrong prototype
*/
@@ -2707,6 +2715,84 @@ mch_copy_sec(from_file, to_file)
}
#endif /* HAVE_SELINUX */
+#if defined(HAVE_SMACK)
+/*
+ * Copy security info from "from_file" to "to_file".
+ */
+ void
+mch_copy_sec(from_file, to_file)
+ char_u *from_file;
+ char_u *to_file;
+{
+ static const char const *smack_copied_attributes[] = {
+ XATTR_NAME_SMACK,
+ XATTR_NAME_SMACKEXEC,
+ XATTR_NAME_SMACKMMAP
+ };
+ char buffer[SMACK_LABEL_LEN];
+ const char *name;
+ int index;
+ int ret;
+ ssize_t size;
+
+ if (from_file == NULL)
+ return;
+
+ for (index = 0 ; index < (int)(sizeof smack_copied_attributes / sizeof smack_copied_attributes[0]) ; index++)
+ {
+ /* get the name of the attribute to copy */
+ name = smack_copied_attributes[index];
+
+ /* get the value of the attribute in buffer */
+ size = getxattr((char*)from_file, name, buffer, sizeof buffer);
+ if (size >= 0) {
+
+ /* copy the attribute value of buffer */
+ ret = setxattr((char*)to_file, name, buffer, (size_t)size, 0);
+ if (ret < 0) {
+ MSG_PUTS(_("\nCould not set security context "));
+ MSG_PUTS(name);
+ MSG_PUTS(_(" for "));
+ msg_outtrans(to_file);
+ msg_putchar('\n');
+ }
+
+ } else {
+ /* what reason of not having the attribute value? */
+ switch (errno) {
+
+ /* extended attributes aren't supported or enabled */
+ case ENOTSUP:
+ /* should a message be echoed? not sure... */
+ return; /* leave because it isn't usefull to continue */
+
+ /* no enough size OR unexpected error */
+ case ERANGE:
+ default:
+ MSG_PUTS(_("\nCould not get security context "));
+ MSG_PUTS(name);
+ MSG_PUTS(_(" for "));
+ msg_outtrans(from_file);
+ MSG_PUTS(_(". Removing it!\n"));
+ /* break; Don't break but continue and remove the attribute */
+
+ /* no attribute of this name */
+ case ENODATA:
+ ret = removexattr((char*)to_file, name);
+ if (ret < 0 && errno != ENODATA) {
+ MSG_PUTS(_("\nCould not remote security context "));
+ MSG_PUTS(name);
+ MSG_PUTS(_(" for "));
+ msg_outtrans(to_file);
+ msg_putchar('\n');
+ }
+ break;
+ }
+ }
+ }
+}
+#endif /* HAVE_SMACK */
+
/*
* Return a pointer to the ACL of file "fname" in allocated memory.
* Return NULL if the ACL is not available for whatever reason.
