runcon.c 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. /*
  2. * runcon [ context |
  3. * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
  4. * command [arg1 [arg2 ...] ]
  5. *
  6. * attempt to run the specified command with the specified context.
  7. *
  8. * -r role : use the current context with the specified role
  9. * -t type : use the current context with the specified type
  10. * -u user : use the current context with the specified user
  11. * -l level : use the current context with the specified level range
  12. * -c : compute process transition context before modifying
  13. *
  14. * Contexts are interpreted as follows:
  15. *
  16. * Number of MLS
  17. * components system?
  18. *
  19. * 1 - type
  20. * 2 - role:type
  21. * 3 Y role:type:range
  22. * 3 N user:role:type
  23. * 4 Y user:role:type:range
  24. * 4 N error
  25. *
  26. * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
  27. * - based on coreutils-5.97 (in Fedora Core 6)
  28. *
  29. * Licensed under GPLv2, see file LICENSE in this source tree.
  30. */
  31. //config:config RUNCON
  32. //config: bool "runcon (6.6 kb)"
  33. //config: default n
  34. //config: depends on SELINUX
  35. //config: help
  36. //config: Enable support to run command in specified security context.
  37. //applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
  38. //kbuild:lib-$(CONFIG_RUNCON) += runcon.o
  39. //usage:#define runcon_trivial_usage
  40. //usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
  41. //usage: "runcon CONTEXT PROG ARGS"
  42. //usage:#define runcon_full_usage "\n\n"
  43. //usage: "Run PROG in a different security context\n"
  44. //usage: "\n CONTEXT Complete security context\n"
  45. //usage: "\n -c Compute process transition context before modifying"
  46. //usage: "\n -t TYPE Type (for same role as parent)"
  47. //usage: "\n -u USER User identity"
  48. //usage: "\n -r ROLE Role"
  49. //usage: "\n -l RNG Levelrange"
  50. #include <selinux/context.h>
  51. /* from deprecated <selinux/flask.h>: */
  52. #undef SECCLASS_PROCESS
  53. #define SECCLASS_PROCESS 2
  54. #include "libbb.h"
  55. static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
  56. char *command, int compute_trans)
  57. {
  58. context_t con;
  59. security_context_t cur_context;
  60. if (getcon(&cur_context))
  61. bb_error_msg_and_die("can't get current context");
  62. if (compute_trans) {
  63. security_context_t file_context, new_context;
  64. if (getfilecon(command, &file_context) < 0)
  65. bb_error_msg_and_die("can't retrieve attributes of '%s'",
  66. command);
  67. if (security_compute_create(cur_context, file_context,
  68. SECCLASS_PROCESS, &new_context))
  69. bb_error_msg_and_die("unable to compute a new context");
  70. cur_context = new_context;
  71. }
  72. con = context_new(cur_context);
  73. if (!con)
  74. bb_error_msg_and_die("'%s' is not a valid context", cur_context);
  75. if (user && context_user_set(con, user))
  76. bb_error_msg_and_die("can't set new user '%s'", user);
  77. if (type && context_type_set(con, type))
  78. bb_error_msg_and_die("can't set new type '%s'", type);
  79. if (range && context_range_set(con, range))
  80. bb_error_msg_and_die("can't set new range '%s'", range);
  81. if (role && context_role_set(con, role))
  82. bb_error_msg_and_die("can't set new role '%s'", role);
  83. return con;
  84. }
  85. #if ENABLE_LONG_OPTS
  86. static const char runcon_longopts[] ALIGN1 =
  87. "user\0" Required_argument "u"
  88. "role\0" Required_argument "r"
  89. "type\0" Required_argument "t"
  90. "range\0" Required_argument "l"
  91. "compute\0" No_argument "c"
  92. "help\0" No_argument "h"
  93. ;
  94. #endif
  95. #define OPTS_ROLE (1<<0) /* r */
  96. #define OPTS_TYPE (1<<1) /* t */
  97. #define OPTS_USER (1<<2) /* u */
  98. #define OPTS_RANGE (1<<3) /* l */
  99. #define OPTS_COMPUTE (1<<4) /* c */
  100. #define OPTS_HELP (1<<5) /* h */
  101. #define OPTS_CONTEXT_COMPONENT (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
  102. int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  103. int runcon_main(int argc UNUSED_PARAM, char **argv)
  104. {
  105. char *role = NULL;
  106. char *range = NULL;
  107. char *user = NULL;
  108. char *type = NULL;
  109. char *context = NULL;
  110. unsigned opts;
  111. context_t con;
  112. selinux_or_die();
  113. opts = getopt32long(argv, "^"
  114. "r:t:u:l:ch"
  115. "\0" "-1",
  116. runcon_longopts,
  117. &role, &type, &user, &range
  118. );
  119. argv += optind;
  120. if (!(opts & OPTS_CONTEXT_COMPONENT)) {
  121. context = *argv++;
  122. if (!argv[0])
  123. bb_error_msg_and_die("no command given");
  124. }
  125. if (context) {
  126. con = context_new(context);
  127. if (!con)
  128. bb_error_msg_and_die("'%s' is not a valid context", context);
  129. } else {
  130. con = runcon_compute_new_context(user, role, type, range,
  131. argv[0], opts & OPTS_COMPUTE);
  132. }
  133. if (security_check_context(context_str(con)))
  134. bb_error_msg_and_die("'%s' is not a valid context",
  135. context_str(con));
  136. if (setexeccon(context_str(con)))
  137. bb_error_msg_and_die("can't set up security context '%s'",
  138. context_str(con));
  139. BB_EXECVP_or_die(argv);
  140. }