blob: 16f17110141d01836fb2bfdf8b43f0ae3b6197c7
1 | /* |
2 | * runcon [ context | |
3 | * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) |
4 | * command [arg1 [arg2 ...] ] |
5 | * |
6 | * attempt to run the specified command with the specified context. |
7 | * |
8 | * -r role : use the current context with the specified role |
9 | * -t type : use the current context with the specified type |
10 | * -u user : use the current context with the specified user |
11 | * -l level : use the current context with the specified level range |
12 | * -c : compute process transition context before modifying |
13 | * |
14 | * Contexts are interpreted as follows: |
15 | * |
16 | * Number of MLS |
17 | * components system? |
18 | * |
19 | * 1 - type |
20 | * 2 - role:type |
21 | * 3 Y role:type:range |
22 | * 3 N user:role:type |
23 | * 4 Y user:role:type:range |
24 | * 4 N error |
25 | * |
26 | * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp> |
27 | * - based on coreutils-5.97 (in Fedora Core 6) |
28 | * |
29 | * Licensed under GPLv2, see file LICENSE in this source tree. |
30 | */ |
31 | //config:config RUNCON |
32 | //config: bool "runcon" |
33 | //config: default n |
34 | //config: depends on SELINUX |
35 | //config: help |
36 | //config: Enable support to run command in specified security context. |
37 | //config: |
38 | //config:config FEATURE_RUNCON_LONG_OPTIONS |
39 | //config: bool "Enable long options" |
40 | //config: default y |
41 | //config: depends on RUNCON && LONG_OPTS |
42 | //config: help |
43 | //config: Support long options for the runcon applet. |
44 | |
45 | //applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP)) |
46 | |
47 | //kbuild:lib-$(CONFIG_RUNCON) += runcon.o |
48 | |
49 | //usage:#define runcon_trivial_usage |
50 | //usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n" |
51 | //usage: "runcon CONTEXT PROG ARGS" |
52 | //usage:#define runcon_full_usage "\n\n" |
53 | //usage: "Run PROG in a different security context\n" |
54 | //usage: "\n CONTEXT Complete security context\n" |
55 | //usage: IF_FEATURE_RUNCON_LONG_OPTIONS( |
56 | //usage: "\n -c,--compute Compute process transition context before modifying" |
57 | //usage: "\n -t,--type=TYPE Type (for same role as parent)" |
58 | //usage: "\n -u,--user=USER User identity" |
59 | //usage: "\n -r,--role=ROLE Role" |
60 | //usage: "\n -l,--range=RNG Levelrange" |
61 | //usage: ) |
62 | //usage: IF_NOT_FEATURE_RUNCON_LONG_OPTIONS( |
63 | //usage: "\n -c Compute process transition context before modifying" |
64 | //usage: "\n -t TYPE Type (for same role as parent)" |
65 | //usage: "\n -u USER User identity" |
66 | //usage: "\n -r ROLE Role" |
67 | //usage: "\n -l RNG Levelrange" |
68 | //usage: ) |
69 | |
70 | #include <selinux/context.h> |
71 | /* from deprecated <selinux/flask.h>: */ |
72 | #undef SECCLASS_PROCESS |
73 | #define SECCLASS_PROCESS 2 |
74 | |
75 | #include "libbb.h" |
76 | |
77 | static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range, |
78 | char *command, int compute_trans) |
79 | { |
80 | context_t con; |
81 | security_context_t cur_context; |
82 | |
83 | if (getcon(&cur_context)) |
84 | bb_error_msg_and_die("can't get current context"); |
85 | |
86 | if (compute_trans) { |
87 | security_context_t file_context, new_context; |
88 | |
89 | if (getfilecon(command, &file_context) < 0) |
90 | bb_error_msg_and_die("can't retrieve attributes of '%s'", |
91 | command); |
92 | if (security_compute_create(cur_context, file_context, |
93 | SECCLASS_PROCESS, &new_context)) |
94 | bb_error_msg_and_die("unable to compute a new context"); |
95 | cur_context = new_context; |
96 | } |
97 | |
98 | con = context_new(cur_context); |
99 | if (!con) |
100 | bb_error_msg_and_die("'%s' is not a valid context", cur_context); |
101 | if (user && context_user_set(con, user)) |
102 | bb_error_msg_and_die("can't set new user '%s'", user); |
103 | if (type && context_type_set(con, type)) |
104 | bb_error_msg_and_die("can't set new type '%s'", type); |
105 | if (range && context_range_set(con, range)) |
106 | bb_error_msg_and_die("can't set new range '%s'", range); |
107 | if (role && context_role_set(con, role)) |
108 | bb_error_msg_and_die("can't set new role '%s'", role); |
109 | |
110 | return con; |
111 | } |
112 | |
113 | #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS |
114 | static const char runcon_longopts[] ALIGN1 = |
115 | "user\0" Required_argument "u" |
116 | "role\0" Required_argument "r" |
117 | "type\0" Required_argument "t" |
118 | "range\0" Required_argument "l" |
119 | "compute\0" No_argument "c" |
120 | "help\0" No_argument "h" |
121 | ; |
122 | #endif |
123 | |
124 | #define OPTS_ROLE (1<<0) /* r */ |
125 | #define OPTS_TYPE (1<<1) /* t */ |
126 | #define OPTS_USER (1<<2) /* u */ |
127 | #define OPTS_RANGE (1<<3) /* l */ |
128 | #define OPTS_COMPUTE (1<<4) /* c */ |
129 | #define OPTS_HELP (1<<5) /* h */ |
130 | #define OPTS_CONTEXT_COMPONENT (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE) |
131 | |
132 | int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
133 | int runcon_main(int argc UNUSED_PARAM, char **argv) |
134 | { |
135 | char *role = NULL; |
136 | char *range = NULL; |
137 | char *user = NULL; |
138 | char *type = NULL; |
139 | char *context = NULL; |
140 | unsigned opts; |
141 | context_t con; |
142 | |
143 | selinux_or_die(); |
144 | |
145 | #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS |
146 | applet_long_options = runcon_longopts; |
147 | #endif |
148 | opt_complementary = "-1"; |
149 | opts = getopt32(argv, "r:t:u:l:ch", &role, &type, &user, &range); |
150 | argv += optind; |
151 | |
152 | if (!(opts & OPTS_CONTEXT_COMPONENT)) { |
153 | context = *argv++; |
154 | if (!argv[0]) |
155 | bb_error_msg_and_die("no command given"); |
156 | } |
157 | |
158 | if (context) { |
159 | con = context_new(context); |
160 | if (!con) |
161 | bb_error_msg_and_die("'%s' is not a valid context", context); |
162 | } else { |
163 | con = runcon_compute_new_context(user, role, type, range, |
164 | argv[0], opts & OPTS_COMPUTE); |
165 | } |
166 | |
167 | if (security_check_context(context_str(con))) |
168 | bb_error_msg_and_die("'%s' is not a valid context", |
169 | context_str(con)); |
170 | |
171 | if (setexeccon(context_str(con))) |
172 | bb_error_msg_and_die("can't set up security context '%s'", |
173 | context_str(con)); |
174 | |
175 | BB_EXECVP_or_die(argv); |
176 | } |
177 |