2 setfiles: based on policycoreutils 2.0.19
3 policycoreutils was released under GPL 2.
4 Port to BusyBox by 2007 Yuichi Nakamura <ynakam@hitachisoft.jp>
8 #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
9 #include <sepol/sepol.h>
12 #define MAX_EXCLUDES 50
27 int verbose; /* getopt32 uses it, has to be int */
33 //smallint ignore_enoent;
35 //smallint warn_no_match;
36 smallint recurse; /* Recursive descent */
37 smallint follow_mounts;
38 /* Behavior flags determined based on setfiles vs. restorecon */
39 smallint expand_realpath; /* Expand paths via realpath */
40 smallint abort_on_error; /* Abort the file tree walk upon an error */
41 int add_assoc; /* Track inode associations for conflict detection */
42 int matchpathcon_flags; /* Flags to matchpathcon */
43 dev_t dev_id; /* Device id where target file exists */
45 struct edir excludeArray[MAX_EXCLUDES];
48 #define G (*(struct globals*)&bb_common_bufsiz1)
49 void BUG_setfiles_globals_too_big(void);
50 #define INIT_G() do { \
51 if (sizeof(G) > COMMON_BUFSIZE) \
52 BUG_setfiles_globals_too_big(); \
53 /* memset(&G, 0, sizeof(G)); - already is */ \
55 #define outfile (G.outfile )
56 #define policyfile (G.policyfile )
57 #define rootpath (G.rootpath )
58 #define rootpathlen (G.rootpathlen )
59 #define count (G.count )
60 #define excludeCtr (G.excludeCtr )
61 #define errors (G.errors )
62 #define verbose (G.verbose )
63 //#define force (G.force )
64 //#define progress (G.progress )
65 //#define debug (G.debug )
66 //#define dry_run (G.dry_run )
67 //#define quiet (G.quiet )
68 //#define ignore_enoent (G.ignore_enoent )
69 //#define take_log (G.take_log )
70 //#define warn_no_match (G.warn_no_match )
71 #define recurse (G.recurse )
72 #define follow_mounts (G.follow_mounts )
73 #define expand_realpath (G.expand_realpath )
74 #define abort_on_error (G.abort_on_error )
75 #define add_assoc (G.add_assoc )
76 #define matchpathcon_flags (G.matchpathcon_flags)
77 #define dev_id (G.dev_id )
78 #define nerr (G.nerr )
79 #define excludeArray (G.excludeArray )
81 /* Must match getopt32 string! */
97 OPT_c = (1 << 14), /* c only for setfiles */
98 OPT_R = (1 << 14), /* R only for restorecon */
100 #define FLAG_d_debug (option_mask32 & OPT_d)
101 #define FLAG_e (option_mask32 & OPT_e)
102 #define FLAG_f (option_mask32 & OPT_f)
103 #define FLAG_i_ignore_enoent (option_mask32 & OPT_i)
104 #define FLAG_l_take_log (option_mask32 & OPT_l)
105 #define FLAG_n_dry_run (option_mask32 & OPT_n)
106 #define FLAG_p_progress (option_mask32 & OPT_p)
107 #define FLAG_q_quiet (option_mask32 & OPT_q)
108 #define FLAG_r (option_mask32 & OPT_r)
109 #define FLAG_s (option_mask32 & OPT_s)
110 #define FLAG_v (option_mask32 & OPT_v)
111 #define FLAG_o (option_mask32 & OPT_o)
112 #define FLAG_F_force (option_mask32 & OPT_F)
113 #define FLAG_W_warn_no_match (option_mask32 & OPT_W)
114 #define FLAG_c (option_mask32 & OPT_c)
115 #define FLAG_R (option_mask32 & OPT_R)
118 static void qprintf(const char *fmt, ...)
120 /* quiet, do nothing */
123 static void inc_err(void)
126 if (nerr > 9 && !FLAG_d_debug) {
127 bb_error_msg_and_die("exiting after 10 errors");
131 static int add_exclude(const char *directory)
136 if (directory == NULL || directory[0] != '/') {
137 bb_error_msg("full path required for exclude: %s", directory);
140 if (lstat(directory, &sb)) {
141 bb_error_msg("directory \"%s\" not found, ignoring", directory);
144 if ((sb.st_mode & S_IFDIR) == 0) {
145 bb_error_msg("\"%s\" is not a directory: mode %o, ignoring",
146 directory, sb.st_mode);
149 if (excludeCtr == MAX_EXCLUDES) {
150 bb_error_msg("maximum excludes %d exceeded", MAX_EXCLUDES);
154 len = strlen(directory);
155 while (len > 1 && directory[len - 1] == '/') {
158 excludeArray[excludeCtr].directory = xstrndup(directory, len);
159 excludeArray[excludeCtr++].size = len;
164 static int exclude(const char *file)
167 for (i = 0; i < excludeCtr; i++) {
168 if (strncmp(file, excludeArray[i].directory,
169 excludeArray[i].size) == 0) {
170 if (file[excludeArray[i].size] == '\0'
171 || file[excludeArray[i].size] == '/') {
179 static int match(const char *name, struct stat *sb, char **con)
182 char path[PATH_MAX + 1];
183 char *tmp_path = xstrdup(name);
185 if (excludeCtr > 0) {
190 ret = lstat(name, sb);
192 if (FLAG_i_ignore_enoent && errno == ENOENT) {
196 bb_error_msg("stat(%s)", name);
200 if (expand_realpath) {
201 if (S_ISLNK(sb->st_mode)) {
208 bb_error_msg("warning! %s refers to a symbolic link, not following last component", name);
210 file_sep = strrchr(tmp_path, '/');
211 if (file_sep == tmp_path) {
215 } else if (file_sep) {
217 p = realpath(tmp_path, path);
220 p = realpath("./", path);
224 if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
225 bb_perror_msg("realpath(%s) failed", name);
229 /* ensure trailing slash of directory name */
230 if (len == 0 || p[-1] != '/') {
235 if (excludeCtr > 0 && exclude(name))
240 p = realpath(name, path);
242 bb_perror_msg("realpath(%s)", name);
246 if (excludeCtr > 0 && exclude(name))
251 /* name will be what is matched in the policy */
252 if (NULL != rootpath) {
253 if (0 != strncmp(rootpath, name, rootpathlen)) {
254 bb_error_msg("%s is not located in %s",
262 if (rootpath != NULL && name[0] == '\0')
263 /* this is actually the root dir of the alt root */
264 return matchpathcon_index("/", sb->st_mode, con);
265 return matchpathcon_index(name, sb->st_mode, con);
271 /* Compare two contexts to see if their differences are "significant",
272 * or whether the only difference is in the user. */
273 static int only_changed_user(const char *a, const char *b)
279 a = strchr(a, ':'); /* Rest of the context after the user */
283 return (strcmp(a, b) == 0);
286 static int restore(const char *file)
288 char *my_file = xstrdup(file);
289 char *my_file_orig = my_file;
292 char *context = NULL;
294 int user_only_changed = 0;
295 size_t len = strlen(my_file);
298 /* Skip the extra slashes at the beginning and end, if present. */
299 if (file[0] == '/' && file[1] == '/')
301 if (len > 1 && my_file[len - 1] == '/')
302 my_file[len - 1] = '\0';
304 i = match(my_file, &my_sb, &newcon);
306 if (i < 0) /* No matching specification. */
310 if (FLAG_p_progress) {
312 if (count % 0x400 == 0) { /* every 1024 times */
313 count = (count % (80*0x400));
322 * Try to add an association between this inode and
323 * this specification. If there is already an association
324 * for this inode and it conflicts with this specification,
325 * then use the last matching specification.
328 j = matchpathcon_filespec_add(my_sb.st_ino, i, my_file);
333 /* There was already an association and it took precedence. */
339 printf("%s: %s matched by %s\n", applet_name, my_file, newcon);
341 /* Get the current context of the file. */
342 ret = lgetfilecon_raw(my_file, &context);
344 if (errno == ENODATA) {
345 context = NULL; /* paranoia */
347 bb_perror_msg("lgetfilecon_raw on %s", my_file);
350 user_only_changed = 0;
352 user_only_changed = only_changed_user(context, newcon);
355 * Do not relabel the file if the matching specification is
356 * <<none>> or the file is already labeled according to the
359 if ((strcmp(newcon, "<<none>>") == 0)
360 || (context && (strcmp(context, newcon) == 0) && !FLAG_F_force)) {
364 if (!FLAG_F_force && context && (is_context_customizable(context) > 0)) {
366 bb_error_msg("skipping %s. %s is customizable_types",
373 /* If we're just doing "-v", trim out any relabels where
374 * the user has changed but the role and type are the
375 * same. For "-vv", emit everything. */
376 if (verbose > 1 || !user_only_changed) {
377 bb_info_msg("%s: reset %s context %s->%s",
378 applet_name, my_file, context ?: "", newcon);
382 if (FLAG_l_take_log && !user_only_changed) {
384 bb_info_msg("relabeling %s from %s to %s", my_file, context, newcon);
386 bb_info_msg("labeling %s to %s", my_file, newcon);
389 if (outfile && !user_only_changed)
390 fprintf(outfile, "%s\n", my_file);
393 * Do not relabel the file if -n was used.
395 if (FLAG_n_dry_run || user_only_changed)
399 * Relabel the file to the specified context.
401 ret = lsetfilecon(my_file, newcon);
403 bb_perror_msg("lsetfileconon(%s,%s)", my_file, newcon);
418 * Apply the last matching specification to a file.
419 * This function is called by recursive_action on each file during
420 * the directory traversal.
422 static int apply_spec(const char *file,
423 struct stat *sb, void *userData, int depth)
425 if (!follow_mounts) {
426 /* setfiles does not process across different mount points */
427 if (sb->st_dev != dev_id) {
431 errors |= restore(file);
432 if (abort_on_error && errors)
438 static int canoncon(const char *path, unsigned lineno, char **contextp)
440 static const char err_msg[] = "%s: line %u has invalid context %s";
443 char *context = *contextp;
446 #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
448 if (sepol_check_context(context) >= 0)
450 /* Exit immediately if we're in checking mode. */
451 bb_error_msg_and_die(err_msg, path, lineno, context);
455 if (security_canonicalize_context_raw(context, &tmpcon) < 0) {
456 if (errno != ENOENT) {
466 bb_error_msg(err_msg, path, lineno, context);
472 static int process_one(char *name)
477 rc = lstat(name, &sb);
479 if (FLAG_i_ignore_enoent && errno == ENOENT)
481 bb_perror_msg("stat(%s)", name);
486 if (S_ISDIR(sb.st_mode) && recurse) {
487 if (recursive_action(name,
492 bb_error_msg("error while labeling %s", name);
504 set_matchpathcon_printf(&qprintf);
505 matchpathcon_filespec_eval();
506 set_matchpathcon_printf(NULL);
507 matchpathcon_filespec_destroy();
517 int setfiles_main(int argc, char **argv);
518 int setfiles_main(int argc, char **argv)
522 const char *input_filename = NULL;
523 int use_input_file = 0;
527 llist_t *exclude_dir = NULL;
528 char *out_filename = NULL;
532 if (applet_name[0] == 's') { /* "setfiles" */
536 * Does not expand paths via realpath,
537 * Aborts on errors during the file tree walk,
538 * Try to track inode associations for conflict detection,
539 * Does not follow mounts,
540 * Validates all file contexts at init time.
545 /* follow_mounts = 0; - already is */
546 matchpathcon_flags = MATCHPATHCON_VALIDATE | MATCHPATHCON_NOTRANS;
550 * No recursive descent unless -r/-R,
551 * Expands paths via realpath,
552 * Do not abort on errors during the file tree walk,
553 * Do not try to track inode associations for conflict detection,
555 * Does lazy validation of contexts upon use.
559 matchpathcon_flags = MATCHPATHCON_NOTRANS;
560 /* restorecon only */
564 set_matchpathcon_flags(matchpathcon_flags);
566 opt_complementary = "e::vv:v--p:p--v";
567 /* Option order must match OPT_x definitions! */
568 if (applet_name[0] == 'r') { /* restorecon */
569 flags = getopt32(argc, argv, "de:f:ilnpqrsvo:FWR",
570 &exclude_dir, &input_filename, &out_filename, &verbose);
571 } else { /* setfiles */
572 flags = getopt32(argc, argv, "de:f:ilnpqr:svo:FW"
573 USE_FEATURE_SETFILES_CHECK_OPTION("c:"),
574 &exclude_dir, &input_filename, &rootpath, &out_filename,
575 USE_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
579 #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
580 if ((applet_name[0] == 's') && (flags & OPT_c)) {
583 policystream = xfopen(policyfile, "r");
584 if (sepol_set_policydb_from_file(policystream) < 0) {
585 bb_error_msg_and_die("sepol_set_policydb_from_file on %s", policyfile);
587 fclose(policystream);
589 /* Only process the specified file_contexts file, not
590 any .homedirs or .local files, and do not perform
591 context translations. */
592 set_matchpathcon_flags(MATCHPATHCON_BASEONLY |
593 MATCHPATHCON_NOTRANS |
594 MATCHPATHCON_VALIDATE);
598 //if (flags & OPT_d) {
602 if (exclude_dir == NULL) {
605 while (exclude_dir) {
606 if (add_exclude(llist_pop(&exclude_dir)))
610 //if (flags & OPT_i) {
611 // ignore_enoent = 1;
613 //if (flags & OPT_l) {
616 //if (flags & OPT_F) {
619 //if (flags & OPT_n) {
624 if (NOT_LONE_CHAR(out_filename, '-')) {
625 outfile = xfopen(out_filename, "w");
628 //if (flags & OPT_q) {
631 if (applet_name[0] == 'r') { /* restorecon */
632 if (flags & (OPT_r | OPT_R))
634 } else { /* setfiles */
636 rootpathlen = strlen(rootpath);
640 input_filename = "-";
643 //if (flags & OPT_p) {
646 //if (flags & OPT_W) {
647 // warn_no_match = 1;
650 if (applet_name[0] == 's') { /* setfiles */
651 /* Use our own invalid context checking function so that
652 we can support either checking against the active policy or
653 checking against a binary policy file. */
654 set_matchpathcon_canoncon(&canoncon);
657 if (stat(argv[optind], &sb) < 0) {
658 bb_perror_msg_and_die("%s", argv[optind]);
660 if (!S_ISREG(sb.st_mode)) {
661 bb_error_msg_and_die("spec file %s is not a regular file", argv[optind]);
663 /* Load the file contexts configuration and check it. */
664 rc = matchpathcon_init(argv[optind]);
666 bb_perror_msg_and_die("%s", argv[optind]);
675 if (use_input_file) {
679 if (NOT_LONE_CHAR(input_filename, '-'))
680 f = xfopen(input_filename, "r");
681 while ((len = getline(&buf, &buf_len, f)) > 0) {
683 errors |= process_one(buf);
685 if (ENABLE_FEATURE_CLEAN_UP)
686 fclose_if_not_stdin(f);
690 for (i = optind; i < argc; i++) {
691 errors |= process_one(argv[i]);
695 if (FLAG_W_warn_no_match)
696 matchpathcon_checkmatches(argv[0]);
698 if (ENABLE_FEATURE_CLEAN_UP && outfile)
projects / oweals / busybox.git / blob