networking/interface.c: huke remaining big statics; use malloc for INET[6]_rresolve

[oweals/busybox.git] / libbb / run_shell.c

diff --git a/libbb/run_shell.c b/libbb/run_shell.c
index 993b4e7117231c3688a908a69adad126fedcf878..25d55dd63b407a6cc171b5e0b49e03bbb179854b 100644 (file)
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -28,16 +28,29 @@
  * SUCH DAMAGE.
  */
 
-#include <stdio.h>
-#include <errno.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <ctype.h>
 #include "libbb.h"
-#ifdef CONFIG_SELINUX
-#include <proc_secure.h>
+#if ENABLE_SELINUX
+#include <selinux/selinux.h>  /* for setexeccon  */
+#endif
+
+#if ENABLE_SELINUX
+static security_context_t current_sid;
+
+void
+renew_current_security_context(void)
+{
+       if (current_sid)
+               freecon(current_sid);  /* Release old context  */
+       getcon(&current_sid);  /* update */
+}
+void
+set_current_security_context(security_context_t sid)
+{
+       if (current_sid)
+               freecon(current_sid);  /* Release old context  */
+       current_sid = sid;
+}
+
 #endif
 
 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
@@ -45,43 +58,37 @@
    If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
    arguments.  */
 
-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
-#ifdef CONFIG_SELINUX
-       , security_id_t sid
-#endif
-)
+void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args)
 {
        const char **args;
        int argno = 1;
        int additional_args_cnt = 0;
 
-       for ( args = additional_args; args && *args; args++ )
+       for (args = additional_args; args && *args; args++)
                additional_args_cnt++;
 
-               args = (const char **) xmalloc (sizeof (char *) * ( 4  + additional_args_cnt ));
+       args = xmalloc(sizeof(char*) * (4 + additional_args_cnt));
 
-       args [0] = bb_get_last_path_component ( bb_xstrdup ( shell ));
+       args[0] = bb_get_last_path_component(xstrdup(shell));
 
-       if ( loginshell ) {
-               char *args0;
-               bb_xasprintf ( &args0, "-%s", args [0] );
-               args [0] = args0;
-       }
+       if (loginshell)
+               args[0] = xasprintf("-%s", args[0]);
 
-       if ( command ) {
-               args [argno++] = "-c";
-               args [argno++] = command;
+       if (command) {
+               args[argno++] = "-c";
+               args[argno++] = command;
        }
-       if ( additional_args ) {
-               for ( ; *additional_args; ++additional_args )
-                       args [argno++] = *additional_args;
+       if (additional_args) {
+               for (; *additional_args; ++additional_args)
+                       args[argno++] = *additional_args;
        }
-       args [argno] = 0;
-#ifdef CONFIG_SELINUX
-       if(sid)
-               execve_secure(shell, (char **) args, environ, sid);
-       else
+       args[argno] = NULL;
+#if ENABLE_SELINUX
+       if (current_sid && !setexeccon(current_sid)) {
+               freecon(current_sid);
+               execve(shell, (char **) args, environ);
+       } else
 #endif
-       execv ( shell, (char **) args );
-       bb_perror_msg_and_die ( "cannot run %s", shell );
+       execv(shell, (char **) args);
+       bb_perror_msg_and_die("cannot run %s", shell);
 }