3
0

runcon.c 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. /*
  2. * runcon [ context |
  3. * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
  4. * command [arg1 [arg2 ...] ]
  5. *
  6. * attempt to run the specified command with the specified context.
  7. *
  8. * -r role : use the current context with the specified role
  9. * -t type : use the current context with the specified type
  10. * -u user : use the current context with the specified user
  11. * -l level : use the current context with the specified level range
  12. * -c : compute process transition context before modifying
  13. *
  14. * Contexts are interpreted as follows:
  15. *
  16. * Number of MLS
  17. * components system?
  18. *
  19. * 1 - type
  20. * 2 - role:type
  21. * 3 Y role:type:range
  22. * 3 N user:role:type
  23. * 4 Y user:role:type:range
  24. * 4 N error
  25. *
  26. * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
  27. * - based on coreutils-5.97 (in Fedora Core 6)
  28. *
  29. * Licensed under GPLv2, see file LICENSE in this source tree.
  30. */
  31. //usage:#define runcon_trivial_usage
  32. //usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
  33. //usage: "runcon CONTEXT PROG ARGS"
  34. //usage:#define runcon_full_usage "\n\n"
  35. //usage: "Run PROG in a different security context\n"
  36. //usage: "\n CONTEXT Complete security context\n"
  37. //usage: IF_FEATURE_RUNCON_LONG_OPTIONS(
  38. //usage: "\n -c,--compute Compute process transition context before modifying"
  39. //usage: "\n -t,--type=TYPE Type (for same role as parent)"
  40. //usage: "\n -u,--user=USER User identity"
  41. //usage: "\n -r,--role=ROLE Role"
  42. //usage: "\n -l,--range=RNG Levelrange"
  43. //usage: )
  44. //usage: IF_NOT_FEATURE_RUNCON_LONG_OPTIONS(
  45. //usage: "\n -c Compute process transition context before modifying"
  46. //usage: "\n -t TYPE Type (for same role as parent)"
  47. //usage: "\n -u USER User identity"
  48. //usage: "\n -r ROLE Role"
  49. //usage: "\n -l RNG Levelrange"
  50. //usage: )
  51. #include <selinux/context.h>
  52. #include <selinux/flask.h>
  53. #include "libbb.h"
  54. static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
  55. char *command, int compute_trans)
  56. {
  57. context_t con;
  58. security_context_t cur_context;
  59. if (getcon(&cur_context))
  60. bb_error_msg_and_die("can't get current context");
  61. if (compute_trans) {
  62. security_context_t file_context, new_context;
  63. if (getfilecon(command, &file_context) < 0)
  64. bb_error_msg_and_die("can't retrieve attributes of '%s'",
  65. command);
  66. if (security_compute_create(cur_context, file_context,
  67. SECCLASS_PROCESS, &new_context))
  68. bb_error_msg_and_die("unable to compute a new context");
  69. cur_context = new_context;
  70. }
  71. con = context_new(cur_context);
  72. if (!con)
  73. bb_error_msg_and_die("'%s' is not a valid context", cur_context);
  74. if (user && context_user_set(con, user))
  75. bb_error_msg_and_die("can't set new user '%s'", user);
  76. if (type && context_type_set(con, type))
  77. bb_error_msg_and_die("can't set new type '%s'", type);
  78. if (range && context_range_set(con, range))
  79. bb_error_msg_and_die("can't set new range '%s'", range);
  80. if (role && context_role_set(con, role))
  81. bb_error_msg_and_die("can't set new role '%s'", role);
  82. return con;
  83. }
  84. #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
  85. static const char runcon_longopts[] ALIGN1 =
  86. "user\0" Required_argument "u"
  87. "role\0" Required_argument "r"
  88. "type\0" Required_argument "t"
  89. "range\0" Required_argument "l"
  90. "compute\0" No_argument "c"
  91. "help\0" No_argument "h"
  92. ;
  93. #endif
  94. #define OPTS_ROLE (1<<0) /* r */
  95. #define OPTS_TYPE (1<<1) /* t */
  96. #define OPTS_USER (1<<2) /* u */
  97. #define OPTS_RANGE (1<<3) /* l */
  98. #define OPTS_COMPUTE (1<<4) /* c */
  99. #define OPTS_HELP (1<<5) /* h */
  100. #define OPTS_CONTEXT_COMPONENT (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
  101. int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  102. int runcon_main(int argc UNUSED_PARAM, char **argv)
  103. {
  104. char *role = NULL;
  105. char *range = NULL;
  106. char *user = NULL;
  107. char *type = NULL;
  108. char *context = NULL;
  109. unsigned opts;
  110. context_t con;
  111. selinux_or_die();
  112. #if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
  113. applet_long_options = runcon_longopts;
  114. #endif
  115. opt_complementary = "-1";
  116. opts = getopt32(argv, "r:t:u:l:ch", &role, &type, &user, &range);
  117. argv += optind;
  118. if (!(opts & OPTS_CONTEXT_COMPONENT)) {
  119. context = *argv++;
  120. if (!argv[0])
  121. bb_error_msg_and_die("no command given");
  122. }
  123. if (context) {
  124. con = context_new(context);
  125. if (!con)
  126. bb_error_msg_and_die("'%s' is not a valid context", context);
  127. } else {
  128. con = runcon_compute_new_context(user, role, type, range,
  129. argv[0], opts & OPTS_COMPUTE);
  130. }
  131. if (security_check_context(context_str(con)))
  132. bb_error_msg_and_die("'%s' is not a valid context",
  133. context_str(con));
  134. if (setexeccon(context_str(con)))
  135. bb_error_msg_and_die("can't set up security context '%s'",
  136. context_str(con));
  137. BB_EXECVP_or_die(argv);
  138. }