From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 9 Dec 2016 23:30:30 +0000 (-0500)
Subject: selinux: drop deprecated headers
X-Git-Tag: 1_26_0~11
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c6f35241b38ea0c9581409efcd83716b74918903;p=oweals%2Fbusybox.git

selinux: drop deprecated headers

The selinux guys want you to get class values at runtime by converting
textual names into constants.  Drop the deprecated headers and switch
to the new format.

This API has been around for years, so there shouldn't be an issue
with backwards compatibility.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---

diff --git a/include/libbb.h b/include/libbb.h
index a42a2fba8..2e9ea46e2 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -81,8 +81,6 @@
 #if ENABLE_SELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
-# include <selinux/flask.h>
-# include <selinux/av_permissions.h>
 #endif
 #if ENABLE_FEATURE_UTMP
 # if defined __UCLIBC__ && ( \
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index a2004f480..6255af492 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username)
 	if (!seuser)
 		bb_error_msg_and_die("invalid context '%s'", context);
 	if (strcmp(seuser, username) != 0) {
-		if (checkPasswdAccess(PASSWD__PASSWD) != 0)
+		security_class_t tclass;
+		access_vector_t av;
+
+		tclass = string_to_security_class("passwd");
+		if (tclass == 0)
+			goto die;
+		av = string_to_av_perm(tclass, "passwd");
+		if (av == 0)
+			goto die;
+
+		if (selinux_check_passwd_access(av) != 0)
+ die:
 			bb_error_msg_and_die("SELinux: access denied");
 	}
 	if (ENABLE_FEATURE_CLEAN_UP)