platform/external/busybox.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  * runcon [ context |
3  *         ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
4  *         command [arg1 [arg2 ...] ]
5  *
6  * attempt to run the specified command with the specified context.
7  *
8  * -r role  : use the current context with the specified role
9  * -t type  : use the current context with the specified type
10  * -u user  : use the current context with the specified user
11  * -l level : use the current context with the specified level range
12  * -c       : compute process transition context before modifying
13  *
14  * Contexts are interpreted as follows:
15  *
16  * Number of       MLS
17  * components    system?
18  *
19  *     1            -         type
20  *     2            -         role:type
21  *     3            Y         role:type:range
22  *     3            N         user:role:type
23  *     4            Y         user:role:type:range
24  *     4            N         error
25  *
26  * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
27  *                  - based on coreutils-5.97 (in Fedora Core 6)
28  *
29  * Licensed under GPLv2, see file LICENSE in this source tree.
30  */
31 //config:config RUNCON
32 //config:	bool "runcon"
33 //config:	default n
34 //config:	depends on SELINUX
35 //config:	help
36 //config:	  Enable support to run command in specified security context.
37 //config:
38 //config:config FEATURE_RUNCON_LONG_OPTIONS
39 //config:	bool "Enable long options"
40 //config:	default y
41 //config:	depends on RUNCON && LONG_OPTS
42 //config:	help
43 //config:	  Support long options for the runcon applet.
44
45 //applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
46
47 //kbuild:lib-$(CONFIG_RUNCON) += runcon.o
48
49 //usage:#define runcon_trivial_usage
50 //usage:       "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
51 //usage:       "runcon CONTEXT PROG ARGS"
52 //usage:#define runcon_full_usage "\n\n"
53 //usage:       "Run PROG in a different security context\n"
54 //usage:     "\n	CONTEXT		Complete security context\n"
55 //usage:	IF_FEATURE_RUNCON_LONG_OPTIONS(
56 //usage:     "\n	-c,--compute	Compute process transition context before modifying"
57 //usage:     "\n	-t,--type=TYPE	Type (for same role as parent)"
58 //usage:     "\n	-u,--user=USER	User identity"
59 //usage:     "\n	-r,--role=ROLE	Role"
60 //usage:     "\n	-l,--range=RNG	Levelrange"
61 //usage:	)
62 //usage:	IF_NOT_FEATURE_RUNCON_LONG_OPTIONS(
63 //usage:     "\n	-c	Compute process transition context before modifying"
64 //usage:     "\n	-t TYPE	Type (for same role as parent)"
65 //usage:     "\n	-u USER	User identity"
66 //usage:     "\n	-r ROLE	Role"
67 //usage:     "\n	-l RNG	Levelrange"
68 //usage:	)
69
70 #include <selinux/context.h>
71 /* from deprecated <selinux/flask.h>: */
72 #undef  SECCLASS_PROCESS
73 #define SECCLASS_PROCESS 2
74
75 #include "libbb.h"
76
77 static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
78 			char *command, int compute_trans)
79 {
80 	context_t con;
81 	security_context_t cur_context;
82
83 	if (getcon(&cur_context))
84 		bb_error_msg_and_die("can't get current context");
85
86 	if (compute_trans) {
87 		security_context_t file_context, new_context;
88
89 		if (getfilecon(command, &file_context) < 0)
90 			bb_error_msg_and_die("can't retrieve attributes of '%s'",
91 					command);
92 		if (security_compute_create(cur_context, file_context,
93 					SECCLASS_PROCESS, &new_context))
94 			bb_error_msg_and_die("unable to compute a new context");
95 		cur_context = new_context;
96 	}
97
98 	con = context_new(cur_context);
99 	if (!con)
100 		bb_error_msg_and_die("'%s' is not a valid context", cur_context);
101 	if (user && context_user_set(con, user))
102 		bb_error_msg_and_die("can't set new user '%s'", user);
103 	if (type && context_type_set(con, type))
104 		bb_error_msg_and_die("can't set new type '%s'", type);
105 	if (range && context_range_set(con, range))
106 		bb_error_msg_and_die("can't set new range '%s'", range);
107 	if (role && context_role_set(con, role))
108 		bb_error_msg_and_die("can't set new role '%s'", role);
109
110 	return con;
111 }
112
113 #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
114 static const char runcon_longopts[] ALIGN1 =
115 	"user\0"    Required_argument "u"
116 	"role\0"    Required_argument "r"
117 	"type\0"    Required_argument "t"
118 	"range\0"   Required_argument "l"
119 	"compute\0" No_argument "c"
120 	"help\0"    No_argument "h"
121 	;
122 #endif
123
124 #define OPTS_ROLE	(1<<0)	/* r */
125 #define OPTS_TYPE	(1<<1)	/* t */
126 #define OPTS_USER	(1<<2)	/* u */
127 #define OPTS_RANGE	(1<<3)	/* l */
128 #define OPTS_COMPUTE	(1<<4)	/* c */
129 #define OPTS_HELP	(1<<5)	/* h */
130 #define OPTS_CONTEXT_COMPONENT		(OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
131
132 int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
133 int runcon_main(int argc UNUSED_PARAM, char **argv)
134 {
135 	char *role = NULL;
136 	char *range = NULL;
137 	char *user = NULL;
138 	char *type = NULL;
139 	char *context = NULL;
140 	unsigned opts;
141 	context_t con;
142
143 	selinux_or_die();
144
145 #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
146 	applet_long_options = runcon_longopts;
147 #endif
148 	opt_complementary = "-1";
149 	opts = getopt32(argv, "r:t:u:l:ch", &role, &type, &user, &range);
150 	argv += optind;
151
152 	if (!(opts & OPTS_CONTEXT_COMPONENT)) {
153 		context = *argv++;
154 		if (!argv[0])
155 			bb_error_msg_and_die("no command given");
156 	}
157
158 	if (context) {
159 		con = context_new(context);
160 		if (!con)
161 			bb_error_msg_and_die("'%s' is not a valid context", context);
162 	} else {
163 		con = runcon_compute_new_context(user, role, type, range,
164 				argv[0], opts & OPTS_COMPUTE);
165 	}
166
167 	if (security_check_context(context_str(con)))
168 		bb_error_msg_and_die("'%s' is not a valid context",
169 				context_str(con));
170
171 	if (setexeccon(context_str(con)))
172 		bb_error_msg_and_die("can't set up security context '%s'",
173 				context_str(con));
174
175 	BB_EXECVP_or_die(argv);
176 }
177
1	/*
2	* runcon [ context \|
3	* ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
4	* command [arg1 [arg2 ...] ]
5	*
6	* attempt to run the specified command with the specified context.
7	*
8	* -r role : use the current context with the specified role
9	* -t type : use the current context with the specified type
10	* -u user : use the current context with the specified user
11	* -l level : use the current context with the specified level range
12	* -c : compute process transition context before modifying
13	*
14	* Contexts are interpreted as follows:
15	*
16	* Number of MLS
17	* components system?
18	*
19	* 1 - type
20	* 2 - role:type
21	* 3 Y role:type:range
22	* 3 N user:role:type
23	* 4 Y user:role:type:range
24	* 4 N error
25	*
26	* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
27	* - based on coreutils-5.97 (in Fedora Core 6)
28	*
29	* Licensed under GPLv2, see file LICENSE in this source tree.
30	*/
31	//config:config RUNCON
32	//config: bool "runcon"
33	//config: default n
34	//config: depends on SELINUX
35	//config: help
36	//config: Enable support to run command in specified security context.
37	//config:
38	//config:config FEATURE_RUNCON_LONG_OPTIONS
39	//config: bool "Enable long options"
40	//config: default y
41	//config: depends on RUNCON && LONG_OPTS
42	//config: help
43	//config: Support long options for the runcon applet.
44
45	//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
46
47	//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
48
49	//usage:#define runcon_trivial_usage
50	//usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
51	//usage: "runcon CONTEXT PROG ARGS"
52	//usage:#define runcon_full_usage "\n\n"
53	//usage: "Run PROG in a different security context\n"
54	//usage: "\n CONTEXT Complete security context\n"
55	//usage: IF_FEATURE_RUNCON_LONG_OPTIONS(
56	//usage: "\n -c,--compute Compute process transition context before modifying"
57	//usage: "\n -t,--type=TYPE Type (for same role as parent)"
58	//usage: "\n -u,--user=USER User identity"
59	//usage: "\n -r,--role=ROLE Role"
60	//usage: "\n -l,--range=RNG Levelrange"
61	//usage: )
62	//usage: IF_NOT_FEATURE_RUNCON_LONG_OPTIONS(
63	//usage: "\n -c Compute process transition context before modifying"
64	//usage: "\n -t TYPE Type (for same role as parent)"
65	//usage: "\n -u USER User identity"
66	//usage: "\n -r ROLE Role"
67	//usage: "\n -l RNG Levelrange"
68	//usage: )
69
70	#include <selinux/context.h>
71	/* from deprecated <selinux/flask.h>: */
72	#undef SECCLASS_PROCESS
73	#define SECCLASS_PROCESS 2
74
75	#include "libbb.h"
76
77	static context_t runcon_compute_new_context(char user, char role, char type, char range,
78	char *command, int compute_trans)
79	{
80	context_t con;
81	security_context_t cur_context;
82
83	if (getcon(&cur_context))
84	bb_error_msg_and_die("can't get current context");
85
86	if (compute_trans) {
87	security_context_t file_context, new_context;
88
89	if (getfilecon(command, &file_context) < 0)
90	bb_error_msg_and_die("can't retrieve attributes of '%s'",
91	command);
92	if (security_compute_create(cur_context, file_context,
93	SECCLASS_PROCESS, &new_context))
94	bb_error_msg_and_die("unable to compute a new context");
95	cur_context = new_context;
96	}
97
98	con = context_new(cur_context);
99	if (!con)
100	bb_error_msg_and_die("'%s' is not a valid context", cur_context);
101	if (user && context_user_set(con, user))
102	bb_error_msg_and_die("can't set new user '%s'", user);
103	if (type && context_type_set(con, type))
104	bb_error_msg_and_die("can't set new type '%s'", type);
105	if (range && context_range_set(con, range))
106	bb_error_msg_and_die("can't set new range '%s'", range);
107	if (role && context_role_set(con, role))
108	bb_error_msg_and_die("can't set new role '%s'", role);
109
110	return con;
111	}
112
113	#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
114	static const char runcon_longopts[] ALIGN1 =
115	"user\0" Required_argument "u"
116	"role\0" Required_argument "r"
117	"type\0" Required_argument "t"
118	"range\0" Required_argument "l"
119	"compute\0" No_argument "c"
120	"help\0" No_argument "h"
121	;
122	#endif
123
124	#define OPTS_ROLE (1<<0) /* r */
125	#define OPTS_TYPE (1<<1) /* t */
126	#define OPTS_USER (1<<2) /* u */
127	#define OPTS_RANGE (1<<3) /* l */
128	#define OPTS_COMPUTE (1<<4) /* c */
129	#define OPTS_HELP (1<<5) /* h */
130	#define OPTS_CONTEXT_COMPONENT (OPTS_ROLE \| OPTS_TYPE \| OPTS_USER \| OPTS_RANGE)
131
132	int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
133	int runcon_main(int argc UNUSED_PARAM, char **argv)
134	{
135	char *role = NULL;
136	char *range = NULL;
137	char *user = NULL;
138	char *type = NULL;
139	char *context = NULL;
140	unsigned opts;
141	context_t con;
142
143	selinux_or_die();
144
145	#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
146	applet_long_options = runcon_longopts;
147	#endif
148	opt_complementary = "-1";
149	opts = getopt32(argv, "r:t:u:l:ch", &role, &type, &user, &range);
150	argv += optind;
151
152	if (!(opts & OPTS_CONTEXT_COMPONENT)) {
153	context = *argv++;
154	if (!argv[0])
155	bb_error_msg_and_die("no command given");
156	}
157
158	if (context) {
159	con = context_new(context);
160	if (!con)
161	bb_error_msg_and_die("'%s' is not a valid context", context);
162	} else {
163	con = runcon_compute_new_context(user, role, type, range,
164	argv[0], opts & OPTS_COMPUTE);
165	}
166
167	if (security_check_context(context_str(con)))
168	bb_error_msg_and_die("'%s' is not a valid context",
169	context_str(con));
170
171	if (setexeccon(context_str(con)))
172	bb_error_msg_and_die("can't set up security context '%s'",
173	context_str(con));
174
175	BB_EXECVP_or_die(argv);
176	}
177