From 9a368c5f7b306faf0d75df881c90e051ea0ce6ad Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 10 2004 17:27:19 +0000 Subject: add matchmediacon --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch new file mode 100644 index 0000000..db9d25e --- /dev/null +++ b/libselinux-rhat.patch @@ -0,0 +1,160 @@ +--- libselinux-1.17.9/include/selinux/selinux.h.rhat 2004-09-08 10:51:34.000000000 -0400 ++++ libselinux-1.17.9/include/selinux/selinux.h 2004-09-10 13:24:34.747534140 -0400 +@@ -173,6 +173,13 @@ + mode_t mode, + security_context_t *con); + ++/* Match the specified media and against the media contexts ++ /proc/ide/hdc/media ++ configuration and set *con to refer to the resulting context. ++ Caller must free con via freecon. */ ++extern int matchmediacon(const char *path, ++ security_context_t *con); ++ + /* + selinux_getenforcemode reads the /etc/selinux/config file and determines + whether the machine should be started in enforcing (1), permissive (0) or +@@ -194,6 +201,7 @@ + extern const char *selinux_default_context_path(void); + extern const char *selinux_user_contexts_path(void); + extern const char *selinux_file_context_path(void); ++extern const char *selinux_media_context_path(void); + extern const char *selinux_contexts_path(void); + extern const char *selinux_booleans_path(void); + +--- libselinux-1.17.9/src/selinux_config.c.rhat 2004-09-08 10:51:34.000000000 -0400 ++++ libselinux-1.17.9/src/selinux_config.c 2004-09-10 13:24:34.751533684 -0400 +@@ -24,7 +24,8 @@ + #define FAILSAFE_CONTEXT 5 + #define DEFAULT_TYPE 6 + #define BOOLEANS 7 +-#define NEL 8 ++#define MEDIA_CONTEXTS 8 ++#define NEL 9 + + /* New layout is relative to SELINUXDIR/policytype. */ + static char *file_paths[NEL]; +@@ -200,6 +201,10 @@ + } + hidden_def(selinux_file_context_path) + ++const char *selinux_media_context_path() { ++ return get_path(MEDIA_CONTEXTS); ++} ++ + const char *selinux_contexts_path() { + return get_path(CONTEXTS_DIR); + } +--- /dev/null 2004-09-10 04:39:39.953683832 -0400 ++++ libselinux-1.17.9/src/matchmediacon.c 2004-09-10 13:24:34.750533798 -0400 +@@ -0,0 +1,65 @@ ++#include ++#include ++#include ++#include ++#include "selinux_internal.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int matchmediacon(const char *media, ++ security_context_t *con) ++{ ++ const char *path = selinux_media_context_path(); ++ FILE *infile; ++ char *ptr, *ptr2; ++ char *target; ++ int found=-1; ++ char current_line[PATH_MAX]; ++ if ((infile = fopen(path, "r")) == NULL) ++ return -1; ++ while (!feof_unlocked (infile)) { ++ if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { ++ return -1; ++ } ++ if (current_line[strlen(current_line) - 1]) ++ current_line[strlen(current_line) - 1] = 0; ++ /* Skip leading whitespace before the partial context. */ ++ ptr = current_line; ++ while (*ptr && isspace(*ptr)) ++ ptr++; ++ ++ if (!(*ptr)) ++ continue; ++ ++ ++ /* Find the end of the media context. */ ++ ptr2 = ptr; ++ while (*ptr2 && !isspace(*ptr2)) ++ ptr2++; ++ if (!(*ptr2)) ++ continue; ++ ++ *ptr2++=NULL; ++ if (strcmp (media, ptr) == 0) { ++ found = 1; ++ break; ++ } ++ } ++ if (!found) ++ return -1; ++ ++ /* Skip whitespace. */ ++ while (*ptr2 && isspace(*ptr2)) ++ ptr2++; ++ if (!(*ptr2)) { ++ return -1; ++ } ++ ++ *con = strdup(ptr2); ++ return 0; ++} +--- libselinux-1.17.9/src/compat_file_path.h.rhat 2004-09-08 10:51:34.000000000 -0400 ++++ libselinux-1.17.9/src/compat_file_path.h 2004-09-10 13:24:34.748534026 -0400 +@@ -7,3 +7,4 @@ + S_(FAILSAFE_CONTEXT, SECURITYDIR "/failsafe_context") + S_(DEFAULT_TYPE, SECURITYDIR "/default_type") + S_(BOOLEANS, SECURITYDIR "/booleans") ++S_(MEDIA_CONTEXTS, SECURITYDIR "/default_media") +--- libselinux-1.17.9/src/file_path_suffixes.h.rhat 2004-09-08 10:51:34.000000000 -0400 ++++ libselinux-1.17.9/src/file_path_suffixes.h 2004-09-10 13:24:34.749533912 -0400 +@@ -7,3 +7,4 @@ + S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context") + S_(DEFAULT_TYPE, "/contexts/default_type") + S_(BOOLEANS, "/booleans") ++S_(MEDIA_CONTEXTS, "/contexts/files/media") +--- /dev/null 2004-09-10 04:39:39.953683832 -0400 ++++ libselinux-1.17.9/utils/matchmediacon.c 2004-09-10 13:25:04.099192223 -0400 +@@ -0,0 +1,28 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int main(int argc, char **argv) ++{ ++ char *buf; ++ int rc, i; ++ ++ if (argc < 2) { ++ fprintf(stderr, "usage: %s media...\n", argv[0]); ++ exit(1); ++ } ++ ++ for (i = 1; i < argc; i++) { ++ rc = matchmediacon(argv[i], &buf); ++ if (rc < 0) { ++ fprintf(stderr, "%s: matchmediacon(%s) failed: %s\n", argv[0], argv[i]); ++ exit(2); ++ } ++ printf("%s\t%s\n", argv[i], buf); ++ freecon(buf); ++ } ++ exit(0); ++} diff --git a/libselinux.spec b/libselinux.spec index fa3f975..711f40d 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,11 +1,11 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.17.9 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libselinux-%{version}.tgz -#Patch: libselinux-rhat.patch +Patch: libselinux-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot %description @@ -34,7 +34,7 @@ needed for developing SELinux applications. %prep %setup -q -#%patch -p1 -b .rhat +%patch -p1 -b .rhat %build make CFLAGS="%{optflags}" @@ -69,6 +69,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/* %changelog +* Wed Sep 8 2004 Dan Walsh 1.17.9-2 +- Add matchmediacon + * Wed Sep 8 2004 Dan Walsh 1.17.9-1 - Update from NSA * Added get_default_context_with_role.