add matchmediacon
This commit is contained in:
		
							parent
							
								
									aca62f6df6
								
							
						
					
					
						commit
						9a368c5f7b
					
				
							
								
								
									
										160
									
								
								libselinux-rhat.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										160
									
								
								libselinux-rhat.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,160 @@ | ||||
| --- libselinux-1.17.9/include/selinux/selinux.h.rhat	2004-09-08 10:51:34.000000000 -0400
 | ||||
| +++ libselinux-1.17.9/include/selinux/selinux.h	2004-09-10 13:24:34.747534140 -0400
 | ||||
| @@ -173,6 +173,13 @@
 | ||||
|  		 mode_t mode, | ||||
|  		 security_context_t *con); | ||||
|   | ||||
| +/* Match the specified media and against the media contexts 
 | ||||
| +   /proc/ide/hdc/media
 | ||||
| +   configuration and set *con to refer to the resulting context.
 | ||||
| +   Caller must free con via freecon. */
 | ||||
| +extern int matchmediacon(const char *path,
 | ||||
| +		 security_context_t *con);
 | ||||
| +
 | ||||
|  /* | ||||
|    selinux_getenforcemode reads the /etc/selinux/config file and determines  | ||||
|    whether the machine should be started in enforcing (1), permissive (0) or  | ||||
| @@ -194,6 +201,7 @@
 | ||||
|  extern const char *selinux_default_context_path(void); | ||||
|  extern const char *selinux_user_contexts_path(void); | ||||
|  extern const char *selinux_file_context_path(void); | ||||
| +extern const char *selinux_media_context_path(void);
 | ||||
|  extern const char *selinux_contexts_path(void); | ||||
|  extern const char *selinux_booleans_path(void); | ||||
|   | ||||
| --- libselinux-1.17.9/src/selinux_config.c.rhat	2004-09-08 10:51:34.000000000 -0400
 | ||||
| +++ libselinux-1.17.9/src/selinux_config.c	2004-09-10 13:24:34.751533684 -0400
 | ||||
| @@ -24,7 +24,8 @@
 | ||||
|  #define FAILSAFE_CONTEXT  5 | ||||
|  #define DEFAULT_TYPE      6 | ||||
|  #define BOOLEANS          7 | ||||
| -#define NEL               8
 | ||||
| +#define MEDIA_CONTEXTS    8
 | ||||
| +#define NEL               9
 | ||||
|   | ||||
|  /* New layout is relative to SELINUXDIR/policytype. */ | ||||
|  static char *file_paths[NEL]; | ||||
| @@ -200,6 +201,10 @@
 | ||||
|  } | ||||
|  hidden_def(selinux_file_context_path) | ||||
|   | ||||
| +const char *selinux_media_context_path() {
 | ||||
| +  return get_path(MEDIA_CONTEXTS);
 | ||||
| +}
 | ||||
| +
 | ||||
|  const char *selinux_contexts_path() { | ||||
|    return get_path(CONTEXTS_DIR); | ||||
|  } | ||||
| --- /dev/null	2004-09-10 04:39:39.953683832 -0400
 | ||||
| +++ libselinux-1.17.9/src/matchmediacon.c	2004-09-10 13:24:34.750533798 -0400
 | ||||
| @@ -0,0 +1,65 @@
 | ||||
| +#include <unistd.h>
 | ||||
| +#include <fcntl.h>
 | ||||
| +#include <sys/stat.h>
 | ||||
| +#include <string.h>
 | ||||
| +#include "selinux_internal.h"
 | ||||
| +#include <stdio.h>
 | ||||
| +#include <stdlib.h>
 | ||||
| +#include <ctype.h>
 | ||||
| +#include <errno.h>
 | ||||
| +#include <limits.h>
 | ||||
| +#include <regex.h>
 | ||||
| +#include <stdarg.h>
 | ||||
| +
 | ||||
| +int matchmediacon(const char *media, 
 | ||||
| +		 security_context_t *con)
 | ||||
| +{
 | ||||
| +	const char *path = selinux_media_context_path();
 | ||||
| +	FILE *infile;
 | ||||
| +	char *ptr, *ptr2;
 | ||||
| +	char *target;
 | ||||
| +	int found=-1;
 | ||||
| +	char current_line[PATH_MAX];
 | ||||
| +	if ((infile = fopen(path, "r")) == NULL)
 | ||||
| +		return -1;
 | ||||
| +	while (!feof_unlocked (infile)) {
 | ||||
| +		if (!fgets_unlocked(current_line, sizeof(current_line), infile)) {
 | ||||
| +			return -1;
 | ||||
| +		}
 | ||||
| +		if (current_line[strlen(current_line) - 1])
 | ||||
| +			current_line[strlen(current_line) - 1] = 0;
 | ||||
| +		/* Skip leading whitespace before the partial context. */
 | ||||
| +		ptr = current_line;
 | ||||
| +		while (*ptr && isspace(*ptr))
 | ||||
| +			ptr++;
 | ||||
| +		
 | ||||
| +		if (!(*ptr))
 | ||||
| +			continue;
 | ||||
| +
 | ||||
| +
 | ||||
| +		/* Find the end of the media context. */
 | ||||
| +		ptr2 = ptr;
 | ||||
| +		while (*ptr2 && !isspace(*ptr2))
 | ||||
| +			ptr2++;
 | ||||
| +		if (!(*ptr2))
 | ||||
| +			continue;
 | ||||
| +		
 | ||||
| +		*ptr2++=NULL;
 | ||||
| +		if (strcmp (media, ptr) == 0) {
 | ||||
| +			found = 1;
 | ||||
| +			break;
 | ||||
| +		}
 | ||||
| +	}
 | ||||
| +	if (!found) 
 | ||||
| +		return -1;
 | ||||
| +
 | ||||
| +	/* Skip whitespace. */
 | ||||
| +	while (*ptr2 && isspace(*ptr2))
 | ||||
| +		ptr2++;
 | ||||
| +	if (!(*ptr2)) {
 | ||||
| +		return -1;
 | ||||
| +	}
 | ||||
| +	
 | ||||
| +	*con = strdup(ptr2);
 | ||||
| +	return 0;
 | ||||
| +}
 | ||||
| --- libselinux-1.17.9/src/compat_file_path.h.rhat	2004-09-08 10:51:34.000000000 -0400
 | ||||
| +++ libselinux-1.17.9/src/compat_file_path.h	2004-09-10 13:24:34.748534026 -0400
 | ||||
| @@ -7,3 +7,4 @@
 | ||||
|  S_(FAILSAFE_CONTEXT, SECURITYDIR "/failsafe_context") | ||||
|  S_(DEFAULT_TYPE, SECURITYDIR "/default_type") | ||||
|  S_(BOOLEANS, SECURITYDIR "/booleans") | ||||
| +S_(MEDIA_CONTEXTS, SECURITYDIR "/default_media")
 | ||||
| --- libselinux-1.17.9/src/file_path_suffixes.h.rhat	2004-09-08 10:51:34.000000000 -0400
 | ||||
| +++ libselinux-1.17.9/src/file_path_suffixes.h	2004-09-10 13:24:34.749533912 -0400
 | ||||
| @@ -7,3 +7,4 @@
 | ||||
|  S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context") | ||||
|  S_(DEFAULT_TYPE, "/contexts/default_type") | ||||
|  S_(BOOLEANS, "/booleans") | ||||
| +S_(MEDIA_CONTEXTS, "/contexts/files/media")
 | ||||
| --- /dev/null	2004-09-10 04:39:39.953683832 -0400
 | ||||
| +++ libselinux-1.17.9/utils/matchmediacon.c	2004-09-10 13:25:04.099192223 -0400
 | ||||
| @@ -0,0 +1,28 @@
 | ||||
| +#include <unistd.h>
 | ||||
| +#include <stdio.h>
 | ||||
| +#include <stdlib.h>
 | ||||
| +#include <selinux/selinux.h>
 | ||||
| +#include <errno.h>
 | ||||
| +#include <string.h>
 | ||||
| +
 | ||||
| +int main(int argc, char **argv) 
 | ||||
| +{
 | ||||
| +	char *buf;
 | ||||
| +	int rc, i;
 | ||||
| +
 | ||||
| +	if (argc < 2) {
 | ||||
| +		fprintf(stderr, "usage:  %s media...\n", argv[0]);
 | ||||
| +		exit(1);
 | ||||
| +	}
 | ||||
| +
 | ||||
| +	for (i = 1; i < argc; i++) {
 | ||||
| +		rc = matchmediacon(argv[i], &buf);
 | ||||
| +		if (rc < 0) {
 | ||||
| +			fprintf(stderr, "%s: matchmediacon(%s) failed: %s\n", argv[0], argv[i]);
 | ||||
| +			exit(2);
 | ||||
| +		}
 | ||||
| +		printf("%s\t%s\n", argv[i], buf);
 | ||||
| +		freecon(buf);
 | ||||
| +	}
 | ||||
| +	exit(0);
 | ||||
| +}
 | ||||
| @ -1,11 +1,11 @@ | ||||
| Summary: SELinux library and simple utilities | ||||
| Name: libselinux | ||||
| Version: 1.17.9 | ||||
| Release: 1 | ||||
| Release: 2 | ||||
| License: Public domain (uncopyrighted) | ||||
| Group: System Environment/Libraries | ||||
| Source: http://www.nsa.gov/selinux/archives/libselinux-%{version}.tgz | ||||
| #Patch: libselinux-rhat.patch | ||||
| Patch: libselinux-rhat.patch | ||||
| BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot | ||||
| 
 | ||||
| %description | ||||
| @ -34,7 +34,7 @@ needed for developing SELinux applications. | ||||
| 
 | ||||
| %prep | ||||
| %setup -q | ||||
| #%patch -p1 -b .rhat | ||||
| %patch -p1 -b .rhat | ||||
| 
 | ||||
| %build | ||||
| make CFLAGS="%{optflags}" | ||||
| @ -69,6 +69,9 @@ rm -rf ${RPM_BUILD_ROOT} | ||||
| %{_mandir}/man8/* | ||||
| 
 | ||||
| %changelog | ||||
| * Wed Sep 8 2004 Dan Walsh <dwalsh@redhat.com> 1.17.9-2 | ||||
| - Add matchmediacon | ||||
| 
 | ||||
| * Wed Sep 8 2004 Dan Walsh <dwalsh@redhat.com> 1.17.9-1 | ||||
| - Update from NSA | ||||
| 	* Added get_default_context_with_role. | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user