Bionic changes for tty related applets

Tested (but applets not included/enabled)
getty, login, su, passwd, mkpasswd, cryptpw

Sample /etc/passwd required before 'passwd' :
root:x:0:0:root:/:/system/xbin/bash

busybox su allow to change current user, if you are root
Example: "busybox su shell -c /system/xbin/bash"

busybox login allow also to do that :
Example: "busybox login shell"

getpwnam() returns now an empty string in passwd member
instead of null, busybox often check directly pw->pw_passwd[0]

Update also selinux related stubs after tests on x86 4.4.2,
l-preview and aosp/master

If you want to include these applets, here is the required
source list to add in busybox-full.sources :

 libbb/correct_password.c libbb/pw_encrypt.c libbb/update_passwd.c
 loginutils/getty.c loginutils/login.c loginutils/su.c
 loginutils/passwd.c loginutils/chpasswd.c loginutils/cryptpw.c

And the config flags to add :

 CONFIG_GETTY=y
 CONFIG_LOGIN=y
 CONFIG_FEATURE_NOLOGIN=y
 CONFIG_PASSWD=y
 CONFIG_CRYPTPW=y
 CONFIG_CHPASSWD=y
 CONFIG_SU=y
 CONFIG_FEATURE_SU_CHECKS_SHELLS=y

Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>

Change-Id: I96ee64f0872856fad6b3ff299faafad6451da556

11 files changed, 70 insertions, 21 deletions

diff --git a/android/selinux/android_selinux.h b/android/selinux/android_selinux.h
index c39d87a..8a0cfb0 100644
--- a/android/selinux/android_selinux.h
+++ b/android/selinux/android_selinux.h
@@ -103,6 +103,15 @@ extern int selinux_file_context_verify(const char *path, mode_t mode);
 extern int get_default_context(const char* user, const char* fromcon,
 			char ** newcon);
 
+/* Check a permission in the passwd class.
+   Return 0 if granted or -1 otherwise. */
+#define PASSWD__PASSWD  0x001UL
+#define PASSWD__CHFN    0x002UL
+#define PASSWD__CHSH    0x004UL
+#define PASSWD__ROOTOK  0x008UL
+#define PASSWD__CRONTAB 0x010UL
+extern int selinux_check_passwd_access(access_vector_t requested);
+
 #define lgetfilecon_raw(path, context) \
 	lgetfilecon(path, context)
 
diff --git a/android/selinux/stubs.c b/android/selinux/stubs.c
index c3f442d..7bcbc95 100644
--- a/android/selinux/stubs.c
+++ b/android/selinux/stubs.c
@@ -1,9 +1,9 @@
-#include <stdio.h>
-#include <stdlib.h>
+#include <libbb.h>
 #include <selinux/selinux.h>
 
 /* create a new context with user name (may be unsafe) */
-int get_default_context(const char* user, const char* fromcon,
+int get_default_context(const char* user,
+	const char* fromcon UNUSED_PARAM,
 	char ** newcon)
 {
 	char fmt[] = "u:r:%s:s0\0";
@@ -19,9 +19,18 @@ int get_default_context(const char* user, const char* fromcon,
 /* Compute a relabeling decision and set *newcon to refer to it.
    Caller must free via freecon.
    Stub not implemented in bionic, but declared in selinux.h */
-int security_compute_relabel(const char *scon, const char *tcon,
-	security_class_t tclass,
+#if defined(BIONIC_L) || !defined(__i386__)
+int security_compute_relabel(const char *scon UNUSED_PARAM,
+	const char *tcon,
+	security_class_t tclass UNUSED_PARAM,
 	char ** newcon)
+#else
+/* this was changed after 4.4.2 */
+int security_compute_relabel(const security_context_t scon UNUSED_PARAM,
+	const security_context_t tcon,
+	security_class_t tclass UNUSED_PARAM,
+	security_context_t *newcon)
+#endif
 {
 	if (tcon)
 		*newcon = strdup(tcon);
@@ -32,7 +41,7 @@ int security_compute_relabel(const char *scon, const char *tcon,
 
 /* Check a permission in the passwd class.
    Return 0 if granted or -1 otherwise. */
-int selinux_check_passwd_access(access_vector_t requested)
+int selinux_check_passwd_access(access_vector_t requested UNUSED_PARAM)
 {
 	return 0;
-}
\ No newline at end of file
+}
diff --git a/busybox-full.config b/busybox-full.config
index bbf6857..27221c6 100644
--- a/busybox-full.config
+++ b/busybox-full.config
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Busybox version: 1.22.1
-# Fri Aug  1 16:21:29 2014
+# Wed Aug  6 13:27:12 2014
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -452,7 +452,7 @@ CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
 # CONFIG_USE_BB_PWD_GRP is not set
 # CONFIG_USE_BB_SHADOW is not set
 CONFIG_USE_BB_CRYPT=y
-# CONFIG_USE_BB_CRYPT_SHA is not set
+CONFIG_USE_BB_CRYPT_SHA=y
 # CONFIG_ADDUSER is not set
 # CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
 # CONFIG_FEATURE_CHECK_NAMES is not set
diff --git a/busybox-full.sources b/busybox-full.sources
index 773e1fe..b65472c 100644
--- a/busybox-full.sources
+++ b/busybox-full.sources
@@ -45,7 +45,7 @@ libbb/time.c libbb/trim.c libbb/u_signal_names.c libbb/udp_io.c libbb/unicode.c
 libbb/vdprintf.c libbb/verror_msg.c libbb/vfork_daemon_rexec.c libbb/warn_ignoring_args.c libbb/wfopen.c libbb/wfopen_input.c
 libbb/write.c libbb/xatonum.c libbb/xconnect.c libbb/xfunc_die.c libbb/xfuncs.c libbb/xfuncs_printf.c libbb/xgetcwd.c
 libbb/xgethostbyname.c libbb/xreadlink.c libbb/xrealloc_vector.c libbb/xregcomp.c
-libbb/endofname.c libbb/in_ether.c
+libbb/endofname.c libbb/in_ether.c libbb/nuke_str.c
 
 libpwdgrp/uidgid_get.c
 
diff --git a/include/libbb.h b/include/libbb.h
index 08d2f19..3730474 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -903,6 +903,8 @@ int get_uidgid(struct bb_uidgid_t*, const char*, int numeric_ok) FAST_FUNC;
 void xget_uidgid(struct bb_uidgid_t*, const char*) FAST_FUNC;
 /* chown-like handling of "user[:[group]" */
 void parse_chown_usergroup_or_die(struct bb_uidgid_t *u, char *user_group) FAST_FUNC;
+struct passwd* safegetpwnam(const char *name) FAST_FUNC;
+struct passwd* safegetpwuid(uid_t uid) FAST_FUNC;
 struct passwd* xgetpwnam(const char *name) FAST_FUNC;
 struct group* xgetgrnam(const char *name) FAST_FUNC;
 struct passwd* xgetpwuid(uid_t uid) FAST_FUNC;
diff --git a/libbb/bb_pwd.c b/libbb/bb_pwd.c
index 8250cd4..d5e651c 100644
--- a/libbb/bb_pwd.c
+++ b/libbb/bb_pwd.c
@@ -15,9 +15,31 @@
  * pointers to static data (getpwuid)
  */
 
-struct passwd* FAST_FUNC xgetpwnam(const char *name)
+struct passwd* FAST_FUNC safegetpwnam(const char *name)
 {
 	struct passwd *pw = getpwnam(name);
+#ifdef __BIONIC__
+	if (pw && !pw->pw_passwd) {
+		pw->pw_passwd = "";
+	}
+#endif
+	return pw;
+}
+
+struct passwd* FAST_FUNC safegetpwuid(uid_t uid)
+{
+	struct passwd *pw = getpwuid(uid);
+#ifdef __BIONIC__
+	if (pw && !pw->pw_passwd) {
+		pw->pw_passwd = "";
+	}
+#endif
+	return pw;
+}
+
+struct passwd* FAST_FUNC xgetpwnam(const char *name)
+{
+	struct passwd *pw = safegetpwnam(name);
 	if (!pw)
 		bb_error_msg_and_die("unknown user %s", name);
 	return pw;
@@ -31,10 +53,9 @@ struct group* FAST_FUNC xgetgrnam(const char *name)
 	return gr;
 }
 
-
 struct passwd* FAST_FUNC xgetpwuid(uid_t uid)
 {
-	struct passwd *pw = getpwuid(uid);
+	struct passwd *pw = safegetpwuid(uid);
 	if (!pw)
 		bb_error_msg_and_die("unknown uid %u", (unsigned)uid);
 	return pw;
diff --git a/loginutils/getty.c b/loginutils/getty.c
index 0f060ae..6fd4ff2 100644
--- a/loginutils/getty.c
+++ b/loginutils/getty.c
@@ -54,7 +54,12 @@ static FILE *dbf;
  * and for line editing at the same time.
  */
 #undef  _PATH_LOGIN
+#ifdef __BIONIC__
+#define cfsetspeed(t,s) cfsetispeed(t,s)
+#define _PATH_LOGIN "/system/xbin/login"
+#else
 #define _PATH_LOGIN "/bin/login"
+#endif
 
 /* Displayed before the login prompt.
  * If ISSUE is not defined, getty will never display the contents of the
@@ -94,7 +99,7 @@ struct globals {
 //usage:#define getty_trivial_usage
 //usage:       "[OPTIONS] BAUD_RATE[,BAUD_RATE]... TTY [TERMTYPE]"
 //usage:#define getty_full_usage "\n\n"
-//usage:       "Open TTY, prompt for login name, then invoke /bin/login\n"
+//usage:       "Open TTY, prompt for login name, then invoke /system/xbin/login\n"
 //usage:     "\n	-h		Enable hardware RTS/CTS flow control"
 //usage:     "\n	-L		Set CLOCAL (ignore Carrier Detect state)"
 //usage:     "\n	-m		Get baud rate from modem's CONNECT status message"
@@ -102,7 +107,7 @@ struct globals {
 //usage:     "\n	-w		Wait for CR or LF before sending /etc/issue"
 //usage:     "\n	-i		Don't display /etc/issue"
 //usage:     "\n	-f ISSUE_FILE	Display ISSUE_FILE instead of /etc/issue"
-//usage:     "\n	-l LOGIN	Invoke LOGIN instead of /bin/login"
+//usage:     "\n	-l LOGIN	Invoke LOGIN instead of /system/xbin/login"
 //usage:     "\n	-t SEC		Terminate after SEC if no login name is read"
 //usage:     "\n	-I INITSTR	Send INITSTR before anything else"
 //usage:     "\n	-H HOST		Log HOST into the utmp file as the hostname"
@@ -499,7 +504,7 @@ static char *get_logname(void)
 			default:
 				if ((unsigned char)c < ' ') {
 					/* ignore garbage characters */
-				} else if ((int)(bp - G.line_buf) < sizeof(G.line_buf) - 1) {
+				} else if ((int)(bp - G.line_buf) < (int)sizeof(G.line_buf) - 1) {
 					/* echo and store the character */
 					full_write(STDOUT_FILENO, &c, 1);
 					*bp++ = c;
diff --git a/loginutils/login.c b/loginutils/login.c
index a4b19cc..862104c 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -17,9 +17,11 @@
 
 #if ENABLE_SELINUX
 # include <selinux/selinux.h>  /* for is_selinux_enabled()  */
+#ifndef __BIONIC__
 # include <selinux/get_context_list.h> /* for get_default_context() */
 # include <selinux/flask.h> /* for security class definitions  */
 #endif
+#endif
 
 #if ENABLE_PAM
 /* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
@@ -118,7 +120,8 @@ static void initselinux(char *username, char *full_tty,
 		bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty);
 	}
 	if (setfilecon(full_tty, new_tty_sid) != 0) {
-		bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
+		if (strcmp(old_tty_sid, new_tty_sid))
+			bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
 	}
 }
 #endif
@@ -397,7 +400,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 					pam_strerror(pamh, pamret), pamret);
 		safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
-		pw = getpwnam(username);
+		pw = safegetpwnam(username);
 		if (!pw) {
 			strcpy(username, "UNKNOWN");
 			goto fake_it;
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 2a29099..c8e5fc9 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -45,7 +45,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
 	/* Clear dangerous stuff, set PATH */
 	sanitize_env_if_suid();
 
-	pwd = getpwuid(0);
+	pwd = safegetpwuid(0);
 	if (!pwd) {
 		goto auth_error;
 	}
diff --git a/miscutils/crond.c b/miscutils/crond.c
index 12f217d..2545618 100644
--- a/miscutils/crond.c
+++ b/miscutils/crond.c
@@ -697,7 +697,7 @@ static void start_one_job(const char *user, CronLine *line)
 	struct passwd *pas;
 	pid_t pid;
 
-	pas = getpwnam(user);
+	pas = safegetpwnam(user);
 	if (!pas) {
 		crondlog(WARN9 "can't get uid for %s", user);
 		goto err;
diff --git a/networking/telnetd.c b/networking/telnetd.c
index 1f244a3..d00d87d 100644
--- a/networking/telnetd.c
+++ b/networking/telnetd.c
@@ -84,7 +84,7 @@ struct globals {
 } FIX_ALIASING;
 #define G (*(struct globals*)&bb_common_bufsiz1)
 #define INIT_G() do { \
-	G.loginpath = "/bin/login"; \
+	G.loginpath = "/system/xbin/login"; \
 	G.issuefile = "/etc/issue.net"; \
 } while (0)