* chcon -- change security context, based on coreutils-5.97-13
*
* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
- *
+ *
* Copyright (C) 2006 - 2007 KaiGai Kohei <kaigai@kaigai.gr.jp>
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
*/
-#include "busybox.h"
-#include <getopt.h>
+
+//usage:#define chcon_trivial_usage
+//usage: "[OPTIONS] CONTEXT FILE..."
+//usage: "\n chcon [OPTIONS] [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE..."
+//usage: IF_FEATURE_CHCON_LONG_OPTIONS(
+//usage: "\n chcon [OPTIONS] --reference=RFILE FILE..."
+//usage: )
+//usage:#define chcon_full_usage "\n\n"
+//usage: "Change the security context of each FILE to CONTEXT\n"
+//usage: IF_FEATURE_CHCON_LONG_OPTIONS(
+//usage: "\n -v,--verbose Verbose"
+//usage: "\n -c,--changes Report changes made"
+//usage: "\n -h,--no-dereference Affect symlinks instead of their targets"
+//usage: "\n -f,--silent,--quiet Suppress most error messages"
+//usage: "\n --reference=RFILE Use RFILE's group instead of using a CONTEXT value"
+//usage: "\n -u,--user=USER Set user/role/type/range in the target"
+//usage: "\n -r,--role=ROLE security context"
+//usage: "\n -t,--type=TYPE"
+//usage: "\n -l,--range=RANGE"
+//usage: "\n -R,--recursive Recurse"
+//usage: )
+//usage: IF_NOT_FEATURE_CHCON_LONG_OPTIONS(
+//usage: "\n -v Verbose"
+//usage: "\n -c Report changes made"
+//usage: "\n -h Affect symlinks instead of their targets"
+//usage: "\n -f Suppress most error messages"
+//usage: "\n -u USER Set user/role/type/range in the target security context"
+//usage: "\n -r ROLE"
+//usage: "\n -t TYPE"
+//usage: "\n -l RNG"
+//usage: "\n -R Recurse"
+//usage: )
+
#include <selinux/context.h>
+#include "libbb.h"
+
#define OPT_RECURSIVE (1<<0) /* 'R' */
#define OPT_CHANHES (1<<1) /* 'c' */
#define OPT_NODEREFERENCE (1<<2) /* 'h' */
static char *range = NULL;
static char *specified_context = NULL;
-static int change_filedir_context(const char *fname, struct stat *stbuf, void *userData, int depth)
+static int FAST_FUNC change_filedir_context(
+ const char *fname,
+ struct stat *stbuf UNUSED_PARAM,
+ void *userData UNUSED_PARAM,
+ int depth UNUSED_PARAM)
{
context_t context = NULL;
security_context_t file_context = NULL;
}
if (status < 0 && errno != ENODATA) {
if ((option_mask32 & OPT_QUIET) == 0)
- bb_error_msg("cannot obtain security context: %s", fname);
+ bb_error_msg("can't obtain security context: %s", fname);
goto skip;
}
if (file_context == NULL && specified_context == NULL) {
- bb_error_msg("cannot apply partial context to unlabeled file %s", fname);
+ bb_error_msg("can't apply partial context to unlabeled file %s", fname);
goto skip;
}
if (specified_context == NULL) {
context = set_security_context_component(file_context,
- user, role, type, range);
+ user, role, type, range);
if (!context) {
- bb_error_msg("cannot compute security context from %s", file_context);
+ bb_error_msg("can't compute security context from %s", file_context);
goto skip;
}
} else {
context_string = context_str(context);
if (!context_string) {
- bb_error_msg("cannot obtain security context in text expression");
+ bb_error_msg("can't obtain security context in text expression");
goto skip;
}
}
if ((option_mask32 & OPT_VERBOSE) || ((option_mask32 & OPT_CHANHES) && !fail)) {
printf(!fail
- ? "context of %s changed to %s\n"
- : "failed to change context of %s to %s\n",
- fname, context_string);
+ ? "context of %s changed to %s\n"
+ : "can't change context of %s to %s\n",
+ fname, context_string);
}
if (!fail) {
rc = TRUE;
} else if ((option_mask32 & OPT_QUIET) == 0) {
- bb_error_msg("failed to change context of %s to %s",
- fname, context_string);
+ bb_error_msg("can't change context of %s to %s",
+ fname, context_string);
}
} else if (option_mask32 & OPT_VERBOSE) {
printf("context of %s retained as %s\n", fname, context_string);
}
#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
-static struct option chcon_options[] = {
- { "recursive", 0, NULL, 'R' },
- { "changes", 0, NULL, 'c' },
- { "no-dereference", 0, NULL, 'h' },
- { "silent", 0, NULL, 'f' },
- { "quiet", 0, NULL, 'f' },
- { "user", 1, NULL, 'u' },
- { "role", 1, NULL, 'r' },
- { "type", 1, NULL, 't' },
- { "range", 1, NULL, 'l' },
- { "verbose", 0, NULL, 'v' },
- { "reference", 1, NULL, 0xff }, /* no short option */
- { NULL, 0, NULL, 0 },
-};
+static const char chcon_longopts[] ALIGN1 =
+ "recursive\0" No_argument "R"
+ "changes\0" No_argument "c"
+ "no-dereference\0" No_argument "h"
+ "silent\0" No_argument "f"
+ "quiet\0" No_argument "f"
+ "user\0" Required_argument "u"
+ "role\0" Required_argument "r"
+ "type\0" Required_argument "t"
+ "range\0" Required_argument "l"
+ "verbose\0" No_argument "v"
+ "reference\0" Required_argument "\xff" /* no short option */
+ ;
#endif
-int chcon_main(int argc, char *argv[]);
-int chcon_main(int argc, char *argv[])
+int chcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int chcon_main(int argc UNUSED_PARAM, char **argv)
{
char *reference_file;
char *fname;
int i, errors = 0;
#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
- applet_long_options = chcon_options;
+ applet_long_options = chcon_longopts;
#endif
opt_complementary = "-1" /* at least 1 param */
":?" /* error if exclusivity constraints are violated */
":\xff--urtl:u--\xff:r--\xff:t--\xff:l--\xff"
#endif
":f--v:v--f"; /* 'verbose' and 'quiet' are exclusive */
- getopt32(argc, argv, "Rchf:u:r:t:l:v",
+ getopt32(argv, "Rchfu:r:t:l:v",
&user, &role, &type, &range, &reference_file);
argv += optind;
#if ENABLE_FEATURE_CHCON_LONG_OPTIONS
if (option_mask32 & OPT_REFERENCE) {
/* FIXME: lgetfilecon() should be used when '-h' is specified.
- But current implementation follows the original one. */
+ * But current implementation follows the original one. */
if (getfilecon(reference_file, &specified_context) < 0)
bb_perror_msg_and_die("getfilecon('%s') failed", reference_file);
} else
fname[fname_len] = '\0';
if (recursive_action(fname,
- option_mask32 & OPT_RECURSIVE,
- FALSE, /* followLinks */
- FALSE, /* depthFirst */
- change_filedir_context,
- change_filedir_context,
- NULL, 0) != TRUE)
+ 1<<option_mask32 & OPT_RECURSIVE,
+ change_filedir_context,
+ change_filedir_context,
+ NULL, 0) != TRUE)
errors = 1;
}
return errors;