--- /dev/null 2006-07-03 08:55:05.634219750 +0200 +++ busybox-1.2.0/selinux/Makefile.in 2006-07-03 13:22:00.000000000 +0200 @@ -0,0 +1,35 @@ +# Makefile for busybox +# +# Copyright (C) 2003 by Dan Walsh <dwalsh@redhat.com> +# Copyright (C) 1999-2003 by Erik Andersen <andersen@codepoet.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +SELINUX_AR:=selinux.a +ifndef $(SELINUX_DIR) +SELINUX_DIR:=$(TOPDIR)selinux/ +endif + +SELINUX-y:= +SELINUX-$(CONFIG_LOAD_POLICY) += load_policy.o +libraries-y+=$(SELINUX_DIR)$(SELINUX_AR) + +$(SELINUX_DIR)$(SELINUX_AR): $(patsubst %,$(SELINUX_DIR)%, $(SELINUX-y)) + $(AR) -ro $@ $(patsubst %,$(SELINUX_DIR)%, $(SELINUX-y)) + +$(SELINUX_DIR)%.o: $(SELINUX_DIR)%.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $< + --- /dev/null 2006-07-03 08:55:05.634219750 +0200 +++ busybox-1.2.0/selinux/Config.in 2006-07-03 13:22:00.000000000 +0200 @@ -0,0 +1,16 @@ +# +# For a description of the syntax of this configuration file, +# see scripts/kbuild/config-language.txt. +# + +menu "Selinux Utilities" + +if CONFIG_SELINUX +config CONFIG_LOAD_POLICY + bool "load_policy" + default n + help + Enable support for loading SE Linux into the kernel. +endif +endmenu + --- /dev/null 2006-07-03 08:55:05.634219750 +0200 +++ busybox-1.2.0/selinux/Makefile 2006-07-03 13:22:00.000000000 +0200 @@ -0,0 +1,30 @@ +# Makefile for busybox +# +# Copyright (C) 1999-2003 by Erik Andersen <andersen@codepoet.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +TOPDIR:= ../ +SELINUX_DIR:=./ +include $(TOPDIR).config +include $(TOPDIR)Rules.mak +include Makefile.in +all: $(libraries-y) +-include $(TOPDIR).depend + +clean: + rm -f *.o *.a $(AR_TARGET) + --- /dev/null 2006-07-03 08:55:05.634219750 +0200 +++ busybox-1.2.0/selinux/load_policy.c 2006-07-03 13:22:00.000000000 +0200 @@ -0,0 +1,55 @@ +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <sys/mman.h> +#include <selinux/selinux.h> +#include <locale.h> /* for setlocale() */ +#include <libintl.h> /* for gettext() */ +#define _(msgid) gettext (msgid) +#ifndef PACKAGE +#define PACKAGE "policycoreutils" /* the name of this package lang translation */ +#endif + +extern int load_policy_main(int argc, char **argv) +{ + int fd, ret; + struct stat sb; + void *map; + + if (argc != 2) { + fprintf(stderr, _("usage: %s policyfile\n"), argv[0]); + return 1; + } + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { + fprintf(stderr, _("Can't open '%s': %s\n"), + argv[1], strerror(errno)); + return 2; + } + + if (fstat(fd, &sb) < 0) { + fprintf(stderr, _("Can't stat '%s': %s\n"), + argv[1], strerror(errno)); + return 2; + } + + map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (map == MAP_FAILED) { + fprintf(stderr, _("Can't map '%s': %s\n"), + argv[1], strerror(errno)); + return 2; + } + + ret = security_load_policy(map, sb.st_size); + if (ret < 0) { + fprintf(stderr, _("%s: security_load_policy failed\n"), argv[0]); + return 3; + } + return EXIT_SUCCESS; +} --- busybox-1.2.0/include/usage.h.selinux 2006-07-01 00:42:10.000000000 +0200 +++ busybox-1.2.0/include/usage.h 2006-07-03 13:22:00.000000000 +0200 @@ -1133,7 +1133,7 @@ #define id_full_usage \ "Print information for USERNAME or the current user\n\n" \ "Options:\n" \ - USAGE_SELINUX("\t-c\tprints only the security context\n") \ + USAGE_SELINUX("\t-Z\tprints only the security context\n") \ "\t-g\tprints only the group ID\n" \ "\t-u\tprints only the user ID\n" \ "\t-n\tprint a name instead of a number\n" \ @@ -2326,6 +2326,15 @@ #else #define USAGE_PS "\nOptions:" #endif + +#define load_policy_trivial_usage \ + "" +#define load_policy_full_usage \ + "load SELinux policy\n" + +#define load_policy_example_usage \ + "$ load_policy /etc/selinux/strict/policy/policy.17\n" + #if ENABLE_FEATURE_PS_WIDE #define USAGE_PS_WIDE(a) a #else @@ -2337,7 +2346,7 @@ #define ps_full_usage \ "Report process status\n" \ USAGE_PS \ - USAGE_SELINUX("\n\t-c\tshow SE Linux context") \ + USAGE_SELINUX("\n\t-Z\tshow SE Linux context") \ USAGE_PS_WIDE("\n\tw\twide output") #define ps_example_usage \ --- busybox-1.2.0/include/applets.h.selinux 2006-07-01 00:42:10.000000000 +0200 +++ busybox-1.2.0/include/applets.h 2006-07-03 13:22:27.000000000 +0200 @@ -166,6 +166,7 @@ USE_SETARCH(APPLET_NOUSAGE(linux64, setarch, _BB_DIR_BIN, _BB_SUID_NEVER)) USE_FEATURE_INITRD(APPLET_NOUSAGE(linuxrc, init, _BB_DIR_ROOT, _BB_SUID_NEVER)) USE_LN(APPLET(ln, _BB_DIR_BIN, _BB_SUID_NEVER)) +USE_LOAD_POLICY(APPLET(load_policy, _BB_DIR_SBIN, _BB_SUID_NEVER)) USE_LOADFONT(APPLET(loadfont, _BB_DIR_USR_BIN, _BB_SUID_NEVER)) USE_LOADKMAP(APPLET(loadkmap, _BB_DIR_SBIN, _BB_SUID_NEVER)) USE_LOGGER(APPLET(logger, _BB_DIR_USR_BIN, _BB_SUID_NEVER)) --- busybox-1.2.0/Config.in.selinux 2006-07-01 00:42:13.000000000 +0200 +++ busybox-1.2.0/Config.in 2006-07-03 13:22:00.000000000 +0200 @@ -473,3 +473,4 @@ source procps/Config.in source shell/Config.in source sysklogd/Config.in +source selinux/Config.in --- busybox-1.2.0/Rules.mak.selinux 2006-07-01 00:42:13.000000000 +0200 +++ busybox-1.2.0/Rules.mak 2006-07-03 13:22:00.000000000 +0200 @@ -397,7 +397,7 @@ -o $@ $(LD_START_GROUP) \ $(APPLETS_DEFINE) $(APPLET_SRC) \ $(BUSYBOX_DEFINE) $(BUSYBOX_SRC) $(libraries-y) \ - $(LDBUSYBOX) $(LIBRARIES) \ + $(LDBUSYBOX) $(LIBRARIES) -lsepol\ $(LD_END_GROUP) cmd_link.so = $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(LDFLAGS) \ $(LIB_CFLAGS) $(CFLAGS_COMBINE) $(LIB_LDFLAGS) \ --- busybox-1.2.0/Makefile.selinux 2006-07-01 00:42:13.000000000 +0200 +++ busybox-1.2.0/Makefile 2006-07-03 13:22:00.000000000 +0200 @@ -33,7 +33,7 @@ DIRS:=applets archival archival/libunarchive coreutils console-tools \ debianutils editors findutils init miscutils modutils networking \ - networking/libiproute networking/udhcp procps loginutils shell \ + networking/libiproute networking/udhcp procps loginutils selinux shell \ sysklogd util-linux e2fsprogs libpwdgrp coreutils/libcoreutils libbb SRC_DIRS:=$(patsubst %,$(top_srcdir)/%,$(DIRS)) @@ -228,7 +228,7 @@ defconfig: scripts/config/conf @./scripts/config/conf -y $(CONFIG_CONFIG_IN) > /dev/null - @$(SED) -i -r -e "s/^(USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|SELINUX|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config + @$(SED) -i -r -e "s/^(USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config @./scripts/config/conf -o $(CONFIG_CONFIG_IN) > /dev/null