CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

net-utils: Build with selinux support.

Browse Source 
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
This commit is contained in:
Xin Ouyang 2012-06-13 18:08:50 +08:00
parent 865c1820bd
commit c911fda243
2 changed files with 252 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

243
recipes-extended/net-tools/net-tools/netstat-selinux-support.patch Normal file
View File

@ -0,0 +1,243 @@
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Wed, 13 Jun 2012 13:32:01 +0800
Subject: [PATCH] net-tools: netstat add SELinux support.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
---
Makefile | 9 +++++++-
netstat.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 74 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 8fcc55c..dca8fbc 100644
--- a/Makefile
+++ b/Makefile
@@ -116,6 +116,13 @@ NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a
CFLAGS = $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH)
LDFLAGS = $(LOPTS) -L$(NET_LIB_PATH)
+ifeq ($(HAVE_SELINUX),1)
+SELINUX_LDFLAGS = -lselinux
+CFLAGS += -DHAVE_SELINUX
+else
+SELINUX_LDFLAGS =
+endif
+
SUBDIRS = man/ $(NET_LIB_PATH)/
ifeq ($(origin CC), undefined)
@@ -209,7 +216,7 @@ plipconfig: $(NET_LIB) plipconfig.o
$(CC) $(LDFLAGS) -o plipconfig plipconfig.o $(NLIB)
netstat: $(NET_LIB) netstat.o statistics.o
- $(CC) $(LDFLAGS) -o netstat netstat.o statistics.o $(NLIB) $(RESLIB)
+ $(CC) $(SELINUX_LDFLAGS) $(LDFLAGS) -o netstat netstat.o statistics.o $(NLIB) $(RESLIB)
iptunnel: $(NET_LIB) iptunnel.o
$(CC) $(LDFLAGS) -o iptunnel iptunnel.o $(NLIB) $(RESLIB)
diff --git a/netstat.c b/netstat.c
index c3a7bb1..71be41f 100644
--- a/netstat.c
+++ b/netstat.c
@@ -86,6 +86,12 @@
#include <net/if.h>
#include <dirent.h>
+#if HAVE_SELINUX
+#include <selinux/selinux.h>
+#else
+#define security_context_t char*
+#endif
+
#include "net-support.h"
#include "pathnames.h"
#include "version.h"
@@ -97,6 +103,7 @@
#include "proc.h"
#define PROGNAME_WIDTH 20
+#define SELINUX_WIDTH 50
#if !defined(s6_addr32) && defined(in6a_words)
#define s6_addr32 in6a_words /* libinet6 */
@@ -153,6 +160,7 @@ int flag_wide= 0;
int flag_prg = 0;
int flag_arg = 0;
int flag_ver = 0;
+int flag_selinux = 0;
FILE *procinfo;
@@ -216,12 +224,17 @@ FILE *procinfo;
#define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s)
#define PROGNAME_WIDTH2(s) #s
+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH)
+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s)
+#define SELINUX_WIDTH2(s) #s
+
#define PRG_HASH_SIZE 211
static struct prg_node {
struct prg_node *next;
unsigned long inode;
char name[PROGNAME_WIDTH];
+ char scon[SELINUX_WIDTH];
} *prg_hash[PRG_HASH_SIZE];
static char prg_cache_loaded = 0;
@@ -229,9 +242,12 @@ static char prg_cache_loaded = 0;
#define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE)
#define PROGNAME_BANNER "PID/Program name"
+#define SELINUX_BANNER "Security Context"
#define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0)
+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0)
+
#define PRG_LOCAL_ADDRESS "local_address"
#define PRG_INODE "inode"
#define PRG_SOCKET_PFX "socket:["
@@ -253,7 +269,7 @@ static char prg_cache_loaded = 0;
/* NOT working as of glibc-2.0.7: */
#undef DIRENT_HAVE_D_TYPE_WORKS
-static void prg_cache_add(unsigned long inode, char *name)
+static void prg_cache_add(unsigned long inode, char *name, char *scon)
{
unsigned hi = PRG_HASHIT(inode);
struct prg_node **pnp,*pn;
@@ -274,6 +290,14 @@ static void prg_cache_add(unsigned long inode, char *name)
if (strlen(name)>sizeof(pn->name)-1)
name[sizeof(pn->name)-1]='\0';
strcpy(pn->name,name);
+
+ {
+ int len=(strlen(scon)-sizeof(pn->scon))+1;
+ if (len > 0)
+ strcpy(pn->scon,&scon[len+1]);
+ else
+ strcpy(pn->scon,scon);
+ }
}
static const char *prg_cache_get(unsigned long inode)
@@ -286,6 +310,16 @@ static const char *prg_cache_get(unsigned long inode)
return("-");
}
+static const char *prg_cache_get_con(unsigned long inode)
+{
+ unsigned hi=PRG_HASHIT(inode);
+ struct prg_node *pn;
+
+ for (pn=prg_hash[hi];pn;pn=pn->next)
+ if (pn->inode==inode) return(pn->scon);
+ return("-");
+}
+
static void prg_cache_clear(void)
{
struct prg_node **pnp,*pn;
@@ -357,6 +391,7 @@ static void prg_cache_load(void)
const char *cs,*cmdlp;
DIR *dirproc=NULL,*dirfd=NULL;
struct dirent *direproc,*direfd;
+ security_context_t scon=NULL;
if (prg_cache_loaded || !flag_prg) return;
prg_cache_loaded=1;
@@ -426,7 +461,15 @@ static void prg_cache_load(void)
}
snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp);
- prg_cache_add(inode, finbuf);
+#if HAVE_SELINUX
+ if (getpidcon(atoi(direproc->d_name), &scon) == -1) {
+ scon=strdup("-");
+ }
+ prg_cache_add(inode, finbuf, scon);
+ freecon(scon);
+#else
+ prg_cache_add(inode, finbuf, "-");
+#endif
}
closedir(dirfd);
dirfd = NULL;
@@ -546,6 +589,8 @@ static void finish_this_one(int uid, unsigned long inode, const char *timers)
}
if (flag_prg)
printf(" %-16s",prg_cache_get(inode));
+ if (flag_selinux)
+ printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode));
if (flag_opt)
printf(" %s", timers);
putchar('\n');
@@ -1238,6 +1283,8 @@ static void unix_do_one(int nr, const char *line)
printf("- ");
if (flag_prg)
printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-"));
+ if (flag_selinux)
+ printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-"));
puts(path);
}
@@ -1256,6 +1303,7 @@ static int unix_info(void)
printf(_("\nProto RefCnt Flags Type State I-Node "));
print_progname_banner();
+ print_selinux_banner();
printf(_(" Path\n")); /* xxx */
{
@@ -1546,6 +1594,7 @@ static void usage(void)
fprintf(stderr, _(" -o, --timers display timers\n"));
fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n"));
fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n"));
+ fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n"));
fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n"));
fprintf(stderr, _(" <AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: %s\n"), DFLT_AF);
@@ -1591,6 +1640,7 @@ int main
{"cache", 0, 0, 'C'},
{"fib", 0, 0, 'F'},
{"groups", 0, 0, 'g'},
+ {"context", 0, 0, 'Z'},
{NULL, 0, 0, 0}
};
@@ -1602,7 +1652,7 @@ int main
getroute_init(); /* Set up AF routing support */
afname[0] = '\0';
- while ((i = getopt_long(argc, argv, "MCFA:acdegphinNorstuWVv?wxl64", longopts, &lop)) != EOF)
+ while ((i = getopt_long(argc, argv, "MCFA:acdegphinNorstuWVv?wxlZ64", longopts, &lop)) != EOF)
switch (i) {
case -1:
break;
@@ -1705,6 +1755,19 @@ int main
if (aftrans_opt("unix"))
exit(1);
break;
+ case 'Z':
+#if HAVE_SELINUX
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, _("SELinux is not enabled on this machine.\n"));
+ exit(1);
+ }
+ flag_prg++;
+ flag_selinux++;
+#else
+ fprintf(stderr, _("SELinux is not enabled for this application.\n"));
+ exit(1);
+#endif
+ break;
case '?':
case 'h':
usage();
--
1.7.5.4

9
recipes-extended/net-tools/net-tools_1.60-23.bbappend Normal file
View File

@ -0,0 +1,9 @@
PR .= ".1"
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
SRC_URI += "file://netstat-selinux-support.patch"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}"
EXTRA_OEMAKE += "${@base_contains('DISTRO_FEATURES', 'selinux', 'HAVE_SELINUX=1', 'HAVE_SELINUX=0', d)}"