setfiles.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680
  1. /*
  2. setfiles: based on policycoreutils 2.0.19
  3. policycoreutils was released under GPL 2.
  4. Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
  5. */
  6. //usage:#define setfiles_trivial_usage
  7. //usage: "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"
  8. //usage: IF_FEATURE_SETFILES_CHECK_OPTION(
  9. //usage: " [-c policyfile] spec_file"
  10. //usage: )
  11. //usage: " pathname"
  12. //usage:#define setfiles_full_usage "\n\n"
  13. //usage: "Reset file contexts under pathname according to spec_file\n"
  14. //usage: IF_FEATURE_SETFILES_CHECK_OPTION(
  15. //usage: "\n -c FILE Check the validity of the contexts against the specified binary policy"
  16. //usage: )
  17. //usage: "\n -d Show which specification matched each file"
  18. //usage: "\n -l Log changes in file labels to syslog"
  19. //usage: "\n -n Don't change any file labels"
  20. //usage: "\n -q Suppress warnings"
  21. //usage: "\n -r DIR Use an alternate root path"
  22. //usage: "\n -e DIR Exclude DIR"
  23. //usage: "\n -F Force reset of context to match file_context for customizable files"
  24. //usage: "\n -o FILE Save list of files with incorrect context"
  25. //usage: "\n -s Take a list of files from stdin (instead of command line)"
  26. //usage: "\n -v Show changes in file labels, if type or role are changing"
  27. //usage: "\n -vv Show changes in file labels, if type, role, or user are changing"
  28. //usage: "\n -W Display warnings about entries that had no matching files"
  29. //usage:
  30. //usage:#define restorecon_trivial_usage
  31. //usage: "[-iFnRv] [-e EXCLUDEDIR]... [-o FILE] [-f FILE]"
  32. //usage:#define restorecon_full_usage "\n\n"
  33. //usage: "Reset security contexts of files in pathname\n"
  34. //usage: "\n -i Ignore files that don't exist"
  35. //usage: "\n -f FILE File with list of files to process"
  36. //usage: "\n -e DIR Directory to exclude"
  37. //usage: "\n -R,-r Recurse"
  38. //usage: "\n -n Don't change any file labels"
  39. //usage: "\n -o FILE Save list of files with incorrect context"
  40. //usage: "\n -v Verbose"
  41. //usage: "\n -vv Show changed labels"
  42. //usage: "\n -F Force reset of context to match file_context"
  43. //usage: "\n for customizable files, or the user section,"
  44. //usage: "\n if it has changed"
  45. #include "libbb.h"
  46. #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
  47. #include <sepol/sepol.h>
  48. #endif
  49. #define MAX_EXCLUDES 50
  50. struct edir {
  51. char *directory;
  52. size_t size;
  53. };
  54. struct globals {
  55. FILE *outfile;
  56. char *policyfile;
  57. char *rootpath;
  58. int rootpathlen;
  59. unsigned count;
  60. int excludeCtr;
  61. int errors;
  62. int verbose; /* getopt32 uses it, has to be int */
  63. smallint recurse; /* Recursive descent */
  64. smallint follow_mounts;
  65. /* Behavior flags determined based on setfiles vs. restorecon */
  66. smallint expand_realpath; /* Expand paths via realpath */
  67. smallint abort_on_error; /* Abort the file tree walk upon an error */
  68. int add_assoc; /* Track inode associations for conflict detection */
  69. int matchpathcon_flags; /* Flags to matchpathcon */
  70. dev_t dev_id; /* Device id where target file exists */
  71. int nerr;
  72. struct edir excludeArray[MAX_EXCLUDES];
  73. } FIX_ALIASING;
  74. #define G (*(struct globals*)&bb_common_bufsiz1)
  75. void BUG_setfiles_globals_too_big(void);
  76. #define INIT_G() do { \
  77. if (sizeof(G) > COMMON_BUFSIZE) \
  78. BUG_setfiles_globals_too_big(); \
  79. /* memset(&G, 0, sizeof(G)); - already is */ \
  80. } while (0)
  81. #define outfile (G.outfile )
  82. #define policyfile (G.policyfile )
  83. #define rootpath (G.rootpath )
  84. #define rootpathlen (G.rootpathlen )
  85. #define count (G.count )
  86. #define excludeCtr (G.excludeCtr )
  87. #define errors (G.errors )
  88. #define verbose (G.verbose )
  89. #define recurse (G.recurse )
  90. #define follow_mounts (G.follow_mounts )
  91. #define expand_realpath (G.expand_realpath )
  92. #define abort_on_error (G.abort_on_error )
  93. #define add_assoc (G.add_assoc )
  94. #define matchpathcon_flags (G.matchpathcon_flags)
  95. #define dev_id (G.dev_id )
  96. #define nerr (G.nerr )
  97. #define excludeArray (G.excludeArray )
  98. /* Must match getopt32 string! */
  99. enum {
  100. OPT_d = (1 << 0),
  101. OPT_e = (1 << 1),
  102. OPT_f = (1 << 2),
  103. OPT_i = (1 << 3),
  104. OPT_l = (1 << 4),
  105. OPT_n = (1 << 5),
  106. OPT_p = (1 << 6),
  107. OPT_q = (1 << 7),
  108. OPT_r = (1 << 8),
  109. OPT_s = (1 << 9),
  110. OPT_v = (1 << 10),
  111. OPT_o = (1 << 11),
  112. OPT_F = (1 << 12),
  113. OPT_W = (1 << 13),
  114. OPT_c = (1 << 14), /* c only for setfiles */
  115. OPT_R = (1 << 14), /* R only for restorecon */
  116. };
  117. #define FLAG_d_debug (option_mask32 & OPT_d)
  118. #define FLAG_e (option_mask32 & OPT_e)
  119. #define FLAG_f (option_mask32 & OPT_f)
  120. #define FLAG_i_ignore_enoent (option_mask32 & OPT_i)
  121. #define FLAG_l_take_log (option_mask32 & OPT_l)
  122. #define FLAG_n_dry_run (option_mask32 & OPT_n)
  123. #define FLAG_p_progress (option_mask32 & OPT_p)
  124. #define FLAG_q_quiet (option_mask32 & OPT_q)
  125. #define FLAG_r (option_mask32 & OPT_r)
  126. #define FLAG_s (option_mask32 & OPT_s)
  127. #define FLAG_v (option_mask32 & OPT_v)
  128. #define FLAG_o (option_mask32 & OPT_o)
  129. #define FLAG_F_force (option_mask32 & OPT_F)
  130. #define FLAG_W_warn_no_match (option_mask32 & OPT_W)
  131. #define FLAG_c (option_mask32 & OPT_c)
  132. #define FLAG_R (option_mask32 & OPT_R)
  133. static void qprintf(const char *fmt UNUSED_PARAM, ...)
  134. {
  135. /* quiet, do nothing */
  136. }
  137. static void inc_err(void)
  138. {
  139. nerr++;
  140. if (nerr > 9 && !FLAG_d_debug) {
  141. bb_error_msg_and_die("exiting after 10 errors");
  142. }
  143. }
  144. static void add_exclude(const char *directory)
  145. {
  146. struct stat sb;
  147. size_t len;
  148. if (directory == NULL || directory[0] != '/') {
  149. bb_error_msg_and_die("full path required for exclude: %s", directory);
  150. }
  151. if (lstat(directory, &sb)) {
  152. bb_error_msg("directory \"%s\" not found, ignoring", directory);
  153. return;
  154. }
  155. if ((sb.st_mode & S_IFDIR) == 0) {
  156. bb_error_msg("\"%s\" is not a directory: mode %o, ignoring",
  157. directory, sb.st_mode);
  158. return;
  159. }
  160. if (excludeCtr == MAX_EXCLUDES) {
  161. bb_error_msg_and_die("maximum excludes %d exceeded", MAX_EXCLUDES);
  162. }
  163. len = strlen(directory);
  164. while (len > 1 && directory[len - 1] == '/') {
  165. len--;
  166. }
  167. excludeArray[excludeCtr].directory = xstrndup(directory, len);
  168. excludeArray[excludeCtr++].size = len;
  169. }
  170. static bool exclude(const char *file)
  171. {
  172. int i = 0;
  173. for (i = 0; i < excludeCtr; i++) {
  174. if (strncmp(file, excludeArray[i].directory,
  175. excludeArray[i].size) == 0) {
  176. if (file[excludeArray[i].size] == '\0'
  177. || file[excludeArray[i].size] == '/') {
  178. return 1;
  179. }
  180. }
  181. }
  182. return 0;
  183. }
  184. static int match(const char *name, struct stat *sb, char **con)
  185. {
  186. int ret;
  187. char path[PATH_MAX + 1];
  188. char *tmp_path = xstrdup(name);
  189. if (excludeCtr > 0 && exclude(name)) {
  190. goto err;
  191. }
  192. ret = lstat(name, sb);
  193. if (ret) {
  194. if (FLAG_i_ignore_enoent && errno == ENOENT) {
  195. free(tmp_path);
  196. return 0;
  197. }
  198. bb_error_msg("stat(%s)", name);
  199. goto err;
  200. }
  201. if (expand_realpath) {
  202. if (S_ISLNK(sb->st_mode)) {
  203. char *p = NULL;
  204. char *file_sep;
  205. size_t len = 0;
  206. if (verbose > 1)
  207. bb_error_msg("warning! %s refers to a symbolic link, not following last component", name);
  208. file_sep = strrchr(tmp_path, '/');
  209. if (file_sep == tmp_path) {
  210. file_sep++;
  211. path[0] = '\0';
  212. p = path;
  213. } else if (file_sep) {
  214. *file_sep++ = '\0';
  215. p = realpath(tmp_path, path);
  216. } else {
  217. file_sep = tmp_path;
  218. p = realpath("./", path);
  219. }
  220. if (p)
  221. len = strlen(p);
  222. if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
  223. bb_perror_msg("realpath(%s) failed", name);
  224. goto err;
  225. }
  226. p += len;
  227. /* ensure trailing slash of directory name */
  228. if (len == 0 || p[-1] != '/') {
  229. *p++ = '/';
  230. }
  231. strcpy(p, file_sep);
  232. name = path;
  233. if (excludeCtr > 0 && exclude(name))
  234. goto err;
  235. } else {
  236. char *p;
  237. p = realpath(name, path);
  238. if (!p) {
  239. bb_perror_msg("realpath(%s)", name);
  240. goto err;
  241. }
  242. name = p;
  243. if (excludeCtr > 0 && exclude(name))
  244. goto err;
  245. }
  246. }
  247. /* name will be what is matched in the policy */
  248. if (NULL != rootpath) {
  249. if (0 != strncmp(rootpath, name, rootpathlen)) {
  250. bb_error_msg("%s is not located in %s",
  251. name, rootpath);
  252. goto err;
  253. }
  254. name += rootpathlen;
  255. }
  256. free(tmp_path);
  257. if (rootpath != NULL && name[0] == '\0')
  258. /* this is actually the root dir of the alt root */
  259. return matchpathcon_index("/", sb->st_mode, con);
  260. return matchpathcon_index(name, sb->st_mode, con);
  261. err:
  262. free(tmp_path);
  263. return -1;
  264. }
  265. /* Compare two contexts to see if their differences are "significant",
  266. * or whether the only difference is in the user. */
  267. static bool only_changed_user(const char *a, const char *b)
  268. {
  269. if (FLAG_F_force)
  270. return 0;
  271. if (!a || !b)
  272. return 0;
  273. a = strchr(a, ':'); /* Rest of the context after the user */
  274. b = strchr(b, ':');
  275. if (!a || !b)
  276. return 0;
  277. return (strcmp(a, b) == 0);
  278. }
  279. static int restore(const char *file)
  280. {
  281. char *my_file;
  282. struct stat my_sb;
  283. int i, j, ret;
  284. char *context = NULL;
  285. char *newcon = NULL;
  286. bool user_only_changed = 0;
  287. int retval = 0;
  288. my_file = bb_simplify_path(file);
  289. i = match(my_file, &my_sb, &newcon);
  290. if (i < 0) /* No matching specification. */
  291. goto out;
  292. if (FLAG_p_progress) {
  293. count++;
  294. if (count % 0x400 == 0) { /* every 1024 times */
  295. count = (count % (80*0x400));
  296. if (count == 0)
  297. bb_putchar('\n');
  298. bb_putchar('*');
  299. fflush_all();
  300. }
  301. }
  302. /*
  303. * Try to add an association between this inode and
  304. * this specification. If there is already an association
  305. * for this inode and it conflicts with this specification,
  306. * then use the last matching specification.
  307. */
  308. if (add_assoc) {
  309. j = matchpathcon_filespec_add(my_sb.st_ino, i, my_file);
  310. if (j < 0)
  311. goto err;
  312. if (j != i) {
  313. /* There was already an association and it took precedence. */
  314. goto out;
  315. }
  316. }
  317. if (FLAG_d_debug)
  318. printf("%s: %s matched by %s\n", applet_name, my_file, newcon);
  319. /* Get the current context of the file. */
  320. ret = lgetfilecon_raw(my_file, &context);
  321. if (ret < 0) {
  322. if (errno == ENODATA) {
  323. context = NULL; /* paranoia */
  324. } else {
  325. bb_perror_msg("lgetfilecon_raw on %s", my_file);
  326. goto err;
  327. }
  328. user_only_changed = 0;
  329. } else
  330. user_only_changed = only_changed_user(context, newcon);
  331. /*
  332. * Do not relabel the file if the matching specification is
  333. * <<none>> or the file is already labeled according to the
  334. * specification.
  335. */
  336. if ((strcmp(newcon, "<<none>>") == 0)
  337. || (context && (strcmp(context, newcon) == 0) && !FLAG_F_force)) {
  338. goto out;
  339. }
  340. if (!FLAG_F_force && context && (is_context_customizable(context) > 0)) {
  341. if (verbose > 1) {
  342. bb_error_msg("skipping %s. %s is customizable_types",
  343. my_file, context);
  344. }
  345. goto out;
  346. }
  347. if (verbose) {
  348. /* If we're just doing "-v", trim out any relabels where
  349. * the user has changed but the role and type are the
  350. * same. For "-vv", emit everything. */
  351. if (verbose > 1 || !user_only_changed) {
  352. bb_info_msg("%s: reset %s context %s->%s",
  353. applet_name, my_file, context ? context : "", newcon);
  354. }
  355. }
  356. if (FLAG_l_take_log && !user_only_changed) {
  357. if (context)
  358. bb_info_msg("relabeling %s from %s to %s", my_file, context, newcon);
  359. else
  360. bb_info_msg("labeling %s to %s", my_file, newcon);
  361. }
  362. if (outfile && !user_only_changed)
  363. fprintf(outfile, "%s\n", my_file);
  364. /*
  365. * Do not relabel the file if -n was used.
  366. */
  367. if (FLAG_n_dry_run || user_only_changed)
  368. goto out;
  369. /*
  370. * Relabel the file to the specified context.
  371. */
  372. ret = lsetfilecon(my_file, newcon);
  373. if (ret) {
  374. bb_perror_msg("lsetfileconon(%s,%s)", my_file, newcon);
  375. goto err;
  376. }
  377. out:
  378. freecon(context);
  379. freecon(newcon);
  380. free(my_file);
  381. return retval;
  382. err:
  383. retval--; /* -1 */
  384. goto out;
  385. }
  386. /*
  387. * Apply the last matching specification to a file.
  388. * This function is called by recursive_action on each file during
  389. * the directory traversal.
  390. */
  391. static int FAST_FUNC apply_spec(
  392. const char *file,
  393. struct stat *sb,
  394. void *userData UNUSED_PARAM,
  395. int depth UNUSED_PARAM)
  396. {
  397. if (!follow_mounts) {
  398. /* setfiles does not process across different mount points */
  399. if (sb->st_dev != dev_id) {
  400. return SKIP;
  401. }
  402. }
  403. errors |= restore(file);
  404. if (abort_on_error && errors)
  405. return FALSE;
  406. return TRUE;
  407. }
  408. static int canoncon(const char *path, unsigned lineno, char **contextp)
  409. {
  410. static const char err_msg[] ALIGN1 = "%s: line %u has invalid context %s";
  411. char *tmpcon;
  412. char *context = *contextp;
  413. int invalid = 0;
  414. #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
  415. if (policyfile) {
  416. if (sepol_check_context(context) >= 0)
  417. return 0;
  418. /* Exit immediately if we're in checking mode. */
  419. bb_error_msg_and_die(err_msg, path, lineno, context);
  420. }
  421. #endif
  422. if (security_canonicalize_context_raw(context, &tmpcon) < 0) {
  423. if (errno != ENOENT) {
  424. invalid = 1;
  425. inc_err();
  426. }
  427. } else {
  428. free(context);
  429. *contextp = tmpcon;
  430. }
  431. if (invalid) {
  432. bb_error_msg(err_msg, path, lineno, context);
  433. }
  434. return invalid;
  435. }
  436. static int process_one(char *name)
  437. {
  438. struct stat sb;
  439. int rc;
  440. rc = lstat(name, &sb);
  441. if (rc < 0) {
  442. if (FLAG_i_ignore_enoent && errno == ENOENT)
  443. return 0;
  444. bb_perror_msg("stat(%s)", name);
  445. goto err;
  446. }
  447. dev_id = sb.st_dev;
  448. if (S_ISDIR(sb.st_mode) && recurse) {
  449. if (recursive_action(name,
  450. ACTION_RECURSE,
  451. apply_spec,
  452. apply_spec,
  453. NULL, 0) != TRUE) {
  454. bb_error_msg("error while labeling %s", name);
  455. goto err;
  456. }
  457. } else {
  458. rc = restore(name);
  459. if (rc)
  460. goto err;
  461. }
  462. out:
  463. if (add_assoc) {
  464. if (FLAG_q_quiet)
  465. set_matchpathcon_printf(&qprintf);
  466. matchpathcon_filespec_eval();
  467. set_matchpathcon_printf(NULL);
  468. matchpathcon_filespec_destroy();
  469. }
  470. return rc;
  471. err:
  472. rc = -1;
  473. goto out;
  474. }
  475. int setfiles_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  476. int setfiles_main(int argc UNUSED_PARAM, char **argv)
  477. {
  478. struct stat sb;
  479. int rc, i = 0;
  480. const char *input_filename = NULL;
  481. char *buf = NULL;
  482. size_t buf_len;
  483. int flags;
  484. llist_t *exclude_dir = NULL;
  485. char *out_filename = NULL;
  486. INIT_G();
  487. if (applet_name[0] == 's') { /* "setfiles" */
  488. /*
  489. * setfiles:
  490. * Recursive descent,
  491. * Does not expand paths via realpath,
  492. * Aborts on errors during the file tree walk,
  493. * Try to track inode associations for conflict detection,
  494. * Does not follow mounts,
  495. * Validates all file contexts at init time.
  496. */
  497. recurse = 1;
  498. abort_on_error = 1;
  499. add_assoc = 1;
  500. /* follow_mounts = 0; - already is */
  501. matchpathcon_flags = MATCHPATHCON_VALIDATE | MATCHPATHCON_NOTRANS;
  502. } else {
  503. /*
  504. * restorecon:
  505. * No recursive descent unless -r/-R,
  506. * Expands paths via realpath,
  507. * Do not abort on errors during the file tree walk,
  508. * Do not try to track inode associations for conflict detection,
  509. * Follows mounts,
  510. * Does lazy validation of contexts upon use.
  511. */
  512. expand_realpath = 1;
  513. follow_mounts = 1;
  514. matchpathcon_flags = MATCHPATHCON_NOTRANS;
  515. /* restorecon only */
  516. selinux_or_die();
  517. }
  518. set_matchpathcon_flags(matchpathcon_flags);
  519. opt_complementary = "e::vv:v--p:p--v:v--q:q--v";
  520. /* Option order must match OPT_x definitions! */
  521. if (applet_name[0] == 'r') { /* restorecon */
  522. flags = getopt32(argv, "de:f:ilnpqrsvo:FWR",
  523. &exclude_dir, &input_filename, &out_filename, &verbose);
  524. } else { /* setfiles */
  525. flags = getopt32(argv, "de:f:ilnpqr:svo:FW"
  526. IF_FEATURE_SETFILES_CHECK_OPTION("c:"),
  527. &exclude_dir, &input_filename, &rootpath, &out_filename,
  528. IF_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
  529. &verbose);
  530. }
  531. argv += optind;
  532. #if ENABLE_FEATURE_SETFILES_CHECK_OPTION
  533. if ((applet_name[0] == 's') && (flags & OPT_c)) {
  534. FILE *policystream;
  535. policystream = xfopen_for_read(policyfile);
  536. if (sepol_set_policydb_from_file(policystream) < 0) {
  537. bb_error_msg_and_die("sepol_set_policydb_from_file on %s", policyfile);
  538. }
  539. fclose(policystream);
  540. /* Only process the specified file_contexts file, not
  541. any .homedirs or .local files, and do not perform
  542. context translations. */
  543. set_matchpathcon_flags(MATCHPATHCON_BASEONLY |
  544. MATCHPATHCON_NOTRANS |
  545. MATCHPATHCON_VALIDATE);
  546. }
  547. #endif
  548. while (exclude_dir)
  549. add_exclude(llist_pop(&exclude_dir));
  550. if (flags & OPT_o) {
  551. outfile = stdout;
  552. if (NOT_LONE_CHAR(out_filename, '-')) {
  553. outfile = xfopen_for_write(out_filename);
  554. }
  555. }
  556. if (applet_name[0] == 'r') { /* restorecon */
  557. if (flags & (OPT_r | OPT_R))
  558. recurse = 1;
  559. } else { /* setfiles */
  560. if (flags & OPT_r)
  561. rootpathlen = strlen(rootpath);
  562. }
  563. if (flags & OPT_s) {
  564. input_filename = "-";
  565. add_assoc = 0;
  566. }
  567. if (applet_name[0] == 's') { /* setfiles */
  568. /* Use our own invalid context checking function so that
  569. we can support either checking against the active policy or
  570. checking against a binary policy file. */
  571. set_matchpathcon_canoncon(&canoncon);
  572. if (!argv[0])
  573. bb_show_usage();
  574. xstat(argv[0], &sb);
  575. if (!S_ISREG(sb.st_mode)) {
  576. bb_error_msg_and_die("spec file %s is not a regular file", argv[0]);
  577. }
  578. /* Load the file contexts configuration and check it. */
  579. rc = matchpathcon_init(argv[0]);
  580. if (rc < 0) {
  581. bb_simple_perror_msg_and_die(argv[0]);
  582. }
  583. if (nerr)
  584. exit(EXIT_FAILURE);
  585. argv++;
  586. }
  587. if (input_filename) {
  588. ssize_t len;
  589. FILE *f = stdin;
  590. if (NOT_LONE_CHAR(input_filename, '-'))
  591. f = xfopen_for_read(input_filename);
  592. while ((len = getline(&buf, &buf_len, f)) > 0) {
  593. buf[len - 1] = '\0';
  594. errors |= process_one(buf);
  595. }
  596. if (ENABLE_FEATURE_CLEAN_UP)
  597. fclose_if_not_stdin(f);
  598. } else {
  599. if (!argv[0])
  600. bb_show_usage();
  601. for (i = 0; argv[i]; i++) {
  602. errors |= process_one(argv[i]);
  603. }
  604. }
  605. if (FLAG_W_warn_no_match)
  606. matchpathcon_checkmatches(argv[0]);
  607. if (ENABLE_FEATURE_CLEAN_UP && outfile)
  608. fclose(outfile);
  609. return errors;
  610. }