summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDenis Vlasenko <vda.linux@googlemail.com>2007-06-19 22:22:57 +0000
committerDenis Vlasenko <vda.linux@googlemail.com>2007-06-19 22:22:57 +0000
commita19faf8bb7fc1db51f863fea4233639851ba7789 (patch)
tree9f4570279b58d05484d232ed36164c07dd9fd86d
parentdcf6de552a15c1e7bddb32f1028ceb6214915425 (diff)
find: -context support for SELinux (KaiGai Kohei <kaigai@kaigai.gr.jp>)
find: make it a bit smaller function old new delta .rodata 129018 129050 +32 parse_params 1509 1346 -163 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/1 up/down: 32/-163) Total: -131 bytes
-rw-r--r--findutils/Config.in7
-rw-r--r--findutils/find.c345
-rw-r--r--include/usage.h2
3 files changed, 191 insertions, 163 deletions
diff --git a/findutils/Config.in b/findutils/Config.in
index f8ad98de1..50415cb5f 100644
--- a/findutils/Config.in
+++ b/findutils/Config.in
@@ -164,6 +164,13 @@ config FEATURE_FIND_REGEX
help
The -regex option matches whole pathname against regular expression.
+config FEATURE_FIND_CONTEXT
+ bool "Enable (-context) option for matching security context"
+ default n
+ depends on FIND && SELINUX
+ help
+ Support the 'find -context' option for matching security context.
+
config GREP
bool "grep"
default n
diff --git a/findutils/find.c b/findutils/find.c
index 036d13f4a..aa2244141 100644
--- a/findutils/find.c
+++ b/findutils/find.c
@@ -75,24 +75,25 @@ typedef struct {
} action;
#define ACTS(name, arg...) typedef struct { action a; arg; } action_##name;
#define ACTF(name) static int func_##name(const char *fileName, struct stat *statbuf, action_##name* ap)
- ACTS(print)
- ACTS(name, const char *pattern;)
-USE_FEATURE_FIND_PATH( ACTS(path, const char *pattern;))
-USE_FEATURE_FIND_REGEX( ACTS(regex, regex_t compiled_pattern;))
-USE_FEATURE_FIND_PRINT0(ACTS(print0))
-USE_FEATURE_FIND_TYPE( ACTS(type, int type_mask;))
-USE_FEATURE_FIND_PERM( ACTS(perm, char perm_char; mode_t perm_mask;))
-USE_FEATURE_FIND_MTIME( ACTS(mtime, char mtime_char; unsigned mtime_days;))
-USE_FEATURE_FIND_MMIN( ACTS(mmin, char mmin_char; unsigned mmin_mins;))
-USE_FEATURE_FIND_NEWER( ACTS(newer, time_t newer_mtime;))
-USE_FEATURE_FIND_INUM( ACTS(inum, ino_t inode_num;))
-USE_FEATURE_FIND_EXEC( ACTS(exec, char **exec_argv; unsigned *subst_count; int exec_argc;))
-USE_FEATURE_FIND_USER( ACTS(user, uid_t uid;))
-USE_FEATURE_FIND_GROUP( ACTS(group, gid_t gid;))
-USE_FEATURE_FIND_PAREN( ACTS(paren, action ***subexpr;))
-USE_FEATURE_FIND_SIZE( ACTS(size, char size_char; off_t size;))
-USE_FEATURE_FIND_PRUNE( ACTS(prune))
-USE_FEATURE_FIND_DELETE(ACTS(delete))
+ ACTS(print)
+ ACTS(name, const char *pattern;)
+USE_FEATURE_FIND_PATH( ACTS(path, const char *pattern;))
+USE_FEATURE_FIND_REGEX( ACTS(regex, regex_t compiled_pattern;))
+USE_FEATURE_FIND_PRINT0( ACTS(print0))
+USE_FEATURE_FIND_TYPE( ACTS(type, int type_mask;))
+USE_FEATURE_FIND_PERM( ACTS(perm, char perm_char; mode_t perm_mask;))
+USE_FEATURE_FIND_MTIME( ACTS(mtime, char mtime_char; unsigned mtime_days;))
+USE_FEATURE_FIND_MMIN( ACTS(mmin, char mmin_char; unsigned mmin_mins;))
+USE_FEATURE_FIND_NEWER( ACTS(newer, time_t newer_mtime;))
+USE_FEATURE_FIND_INUM( ACTS(inum, ino_t inode_num;))
+USE_FEATURE_FIND_USER( ACTS(user, uid_t uid;))
+USE_FEATURE_FIND_SIZE( ACTS(size, char size_char; off_t size;))
+USE_FEATURE_FIND_CONTEXT(ACTS(context, security_context_t context;))
+USE_FEATURE_FIND_PAREN( ACTS(paren, action ***subexpr;))
+USE_FEATURE_FIND_PRUNE( ACTS(prune))
+USE_FEATURE_FIND_DELETE( ACTS(delete))
+USE_FEATURE_FIND_EXEC( ACTS(exec, char **exec_argv; unsigned *subst_count; int exec_argc;))
+USE_FEATURE_FIND_GROUP( ACTS(group, gid_t gid;))
static action ***actions;
static bool need_print = 1;
@@ -102,7 +103,7 @@ static int recurse_flags = ACTION_RECURSE;
static unsigned count_subst(const char *str)
{
unsigned count = 0;
- while ((str = strstr(str, "{}"))) {
+ while ((str = strstr(str, "{}")) != NULL) {
count++;
str++;
}
@@ -355,6 +356,24 @@ ACTF(delete)
return TRUE;
}
#endif
+#if ENABLE_FEATURE_FIND_CONTEXT
+ACTF(context)
+{
+ security_context_t con;
+ int rc;
+
+ if (recurse_flags & ACTION_FOLLOWLINKS) {
+ rc = getfilecon(fileName, &con);
+ } else {
+ rc = lgetfilecon(fileName, &con);
+ }
+ if (rc < 0)
+ return FALSE;
+ rc = strcmp(ap->context, con);
+ freecon(con);
+ return rc == 0;
+}
+#endif
static int fileAction(const char *fileName, struct stat *statbuf, void *userData, int depth)
@@ -424,64 +443,68 @@ static const char* plus_minus_num(const char* str)
static action*** parse_params(char **argv)
{
enum {
- PARM_a ,
- PARM_o ,
- USE_FEATURE_FIND_NOT( PARM_char_not ,)
- PARM_print ,
- USE_FEATURE_FIND_PRINT0(PARM_print0 ,)
- PARM_name ,
- USE_FEATURE_FIND_PATH( PARM_path ,)
- USE_FEATURE_FIND_REGEX( PARM_regex ,)
- USE_FEATURE_FIND_TYPE( PARM_type ,)
- USE_FEATURE_FIND_PERM( PARM_perm ,)
- USE_FEATURE_FIND_MTIME( PARM_mtime ,)
- USE_FEATURE_FIND_MMIN( PARM_mmin ,)
- USE_FEATURE_FIND_NEWER( PARM_newer ,)
- USE_FEATURE_FIND_INUM( PARM_inum ,)
- USE_FEATURE_FIND_EXEC( PARM_exec ,)
- USE_FEATURE_FIND_USER( PARM_user ,)
- USE_FEATURE_FIND_GROUP( PARM_group ,)
- USE_FEATURE_FIND_DEPTH( PARM_depth ,)
- USE_FEATURE_FIND_PAREN( PARM_char_brace,)
- USE_FEATURE_FIND_SIZE( PARM_size ,)
- USE_FEATURE_FIND_PRUNE( PARM_prune ,)
- USE_FEATURE_FIND_DELETE(PARM_delete ,)
+ PARM_a ,
+ PARM_o ,
+ USE_FEATURE_FIND_NOT( PARM_char_not ,)
#if ENABLE_DESKTOP
- PARM_and ,
- PARM_or ,
- USE_FEATURE_FIND_NOT( PARM_not ,)
-#endif
+ PARM_and ,
+ PARM_or ,
+ USE_FEATURE_FIND_NOT( PARM_not ,)
+#endif
+ PARM_print ,
+ USE_FEATURE_FIND_PRINT0( PARM_print0 ,)
+ USE_FEATURE_FIND_DEPTH( PARM_depth ,)
+ USE_FEATURE_FIND_PRUNE( PARM_prune ,)
+ USE_FEATURE_FIND_DELETE( PARM_delete ,)
+ USE_FEATURE_FIND_EXEC( PARM_exec ,)
+ USE_FEATURE_FIND_PAREN( PARM_char_brace,)
+ /* All options starting from here require argument */
+ PARM_name ,
+ USE_FEATURE_FIND_PATH( PARM_path ,)
+ USE_FEATURE_FIND_REGEX( PARM_regex ,)
+ USE_FEATURE_FIND_TYPE( PARM_type ,)
+ USE_FEATURE_FIND_PERM( PARM_perm ,)
+ USE_FEATURE_FIND_MTIME( PARM_mtime ,)
+ USE_FEATURE_FIND_MMIN( PARM_mmin ,)
+ USE_FEATURE_FIND_NEWER( PARM_newer ,)
+ USE_FEATURE_FIND_INUM( PARM_inum ,)
+ USE_FEATURE_FIND_USER( PARM_user ,)
+ USE_FEATURE_FIND_GROUP( PARM_group ,)
+ USE_FEATURE_FIND_SIZE( PARM_size ,)
+ USE_FEATURE_FIND_CONTEXT(PARM_context ,)
};
static const char *const params[] = {
- "-a" ,
- "-o" ,
- USE_FEATURE_FIND_NOT( "!" ,)
- "-print" ,
- USE_FEATURE_FIND_PRINT0("-print0",)
- "-name" ,
- USE_FEATURE_FIND_PATH( "-path" ,)
- USE_FEATURE_FIND_REGEX( "-regex" ,)
- USE_FEATURE_FIND_TYPE( "-type" ,)
- USE_FEATURE_FIND_PERM( "-perm" ,)
- USE_FEATURE_FIND_MTIME( "-mtime" ,)
- USE_FEATURE_FIND_MMIN( "-mmin" ,)
- USE_FEATURE_FIND_NEWER( "-newer" ,)
- USE_FEATURE_FIND_INUM( "-inum" ,)
- USE_FEATURE_FIND_EXEC( "-exec" ,)
- USE_FEATURE_FIND_USER( "-user" ,)
- USE_FEATURE_FIND_GROUP( "-group" ,)
- USE_FEATURE_FIND_DEPTH( "-depth" ,)
- USE_FEATURE_FIND_PAREN( "(" ,)
- USE_FEATURE_FIND_SIZE( "-size" ,)
- USE_FEATURE_FIND_PRUNE( "-prune" ,)
- USE_FEATURE_FIND_DELETE("-delete",)
+ "-a" ,
+ "-o" ,
+ USE_FEATURE_FIND_NOT( "!" ,)
#if ENABLE_DESKTOP
- "-and" ,
- "-or" ,
- USE_FEATURE_FIND_NOT( "-not" ,)
-#endif
- NULL
+ "-and" ,
+ "-or" ,
+ USE_FEATURE_FIND_NOT( "-not" ,)
+#endif
+ "-print" ,
+ USE_FEATURE_FIND_PRINT0( "-print0" ,)
+ USE_FEATURE_FIND_DEPTH( "-depth" ,)
+ USE_FEATURE_FIND_PRUNE( "-prune" ,)
+ USE_FEATURE_FIND_DELETE( "-delete" ,)
+ USE_FEATURE_FIND_EXEC( "-exec" ,)
+ USE_FEATURE_FIND_PAREN( "(" ,)
+ /* All options starting from here require argument */
+ "-name" ,
+ USE_FEATURE_FIND_PATH( "-path" ,)
+ USE_FEATURE_FIND_REGEX( "-regex" ,)
+ USE_FEATURE_FIND_TYPE( "-type" ,)
+ USE_FEATURE_FIND_PERM( "-perm" ,)
+ USE_FEATURE_FIND_MTIME( "-mtime" ,)
+ USE_FEATURE_FIND_MMIN( "-mmin" ,)
+ USE_FEATURE_FIND_NEWER( "-newer" ,)
+ USE_FEATURE_FIND_INUM( "-inum" ,)
+ USE_FEATURE_FIND_USER( "-user" ,)
+ USE_FEATURE_FIND_GROUP( "-group" ,)
+ USE_FEATURE_FIND_SIZE( "-size" ,)
+ USE_FEATURE_FIND_CONTEXT("-context",)
+ NULL
};
action*** appp;
@@ -522,8 +545,19 @@ static action*** parse_params(char **argv)
*/
while (*argv) {
const char *arg = argv[0];
- const char *arg1 = argv[1];
int parm = index_in_str_array(params, arg);
+ const char *arg1 = argv[1];
+
+ if (parm >= PARM_name) {
+ /* All options starting from -name require argument */
+ if (!arg1)
+ bb_error_msg_and_die(bb_msg_requires_arg, arg);
+ argv++;
+ }
+
+ /* We can use big switch() here, but on i386
+ * it doesn't give smaller code. Other arches? */
+
/* --- Operators --- */
if (parm == PARM_a USE_DESKTOP(|| parm == PARM_and)) {
/* no further special handling required */
@@ -557,18 +591,80 @@ static action*** parse_params(char **argv)
(void) ALLOC_ACTION(print0);
}
#endif
+#if ENABLE_FEATURE_FIND_DEPTH
+ else if (parm == PARM_depth) {
+ recurse_flags |= ACTION_DEPTHFIRST;
+ }
+#endif
+#if ENABLE_FEATURE_FIND_PRUNE
+ else if (parm == PARM_prune) {
+ USE_FEATURE_FIND_NOT( invert_flag = 0; )
+ (void) ALLOC_ACTION(prune);
+ }
+#endif
+#if ENABLE_FEATURE_FIND_DELETE
+ else if (parm == PARM_delete) {
+ need_print = 0;
+ recurse_flags |= ACTION_DEPTHFIRST;
+ (void) ALLOC_ACTION(delete);
+ }
+#endif
+#if ENABLE_FEATURE_FIND_EXEC
+ else if (parm == PARM_exec) {
+ int i;
+ action_exec *ap;
+ need_print = 0;
+ USE_FEATURE_FIND_NOT( invert_flag = 0; )
+ ap = ALLOC_ACTION(exec);
+ ap->exec_argv = ++argv; /* first arg after -exec */
+ ap->exec_argc = 0;
+ while (1) {
+ if (!*argv) /* did not see ';' until end */
+ bb_error_msg_and_die("-exec CMD must end by ';'");
+ if (LONE_CHAR(argv[0], ';'))
+ break;
+ argv++;
+ ap->exec_argc++;
+ }
+ if (ap->exec_argc == 0)
+ bb_error_msg_and_die(bb_msg_requires_arg, arg);
+ ap->subst_count = xmalloc(ap->exec_argc * sizeof(int));
+ i = ap->exec_argc;
+ while (i--)
+ ap->subst_count[i] = count_subst(ap->exec_argv[i]);
+ }
+#endif
+#if ENABLE_FEATURE_FIND_PAREN
+ else if (parm == PARM_char_brace) {
+ action_paren *ap;
+ char **endarg;
+ unsigned nested = 1;
+
+ endarg = argv;
+ while (1) {
+ if (!*++endarg)
+ bb_error_msg_and_die("unpaired '('");
+ if (LONE_CHAR(*endarg, '('))
+ nested++;
+ else if (LONE_CHAR(*endarg, ')') && !--nested) {
+ *endarg = NULL;
+ break;
+ }
+ }
+ ap = ALLOC_ACTION(paren);
+ ap->subexpr = parse_params(argv + 1);
+ *endarg = (char*) ")"; /* restore NULLed parameter */
+ argv = endarg;
+ }
+#endif
else if (parm == PARM_name) {
action_name *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(name);
ap->pattern = arg1;
}
#if ENABLE_FEATURE_FIND_PATH
else if (parm == PARM_path) {
action_path *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(path);
ap->pattern = arg1;
}
@@ -576,8 +672,6 @@ static action*** parse_params(char **argv)
#if ENABLE_FEATURE_FIND_REGEX
else if (parm == PARM_regex) {
action_regex *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(regex);
xregcomp(&ap->compiled_pattern, arg1, 0 /*cflags*/);
}
@@ -585,8 +679,6 @@ static action*** parse_params(char **argv)
#if ENABLE_FEATURE_FIND_TYPE
else if (parm == PARM_type) {
action_type *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(type);
ap->type_mask = find_type(arg1);
}
@@ -599,8 +691,6 @@ static action*** parse_params(char **argv)
*/
else if (parm == PARM_perm) {
action_perm *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(perm);
ap->perm_char = arg1[0];
arg1 = plus_minus_num(arg1);
@@ -612,8 +702,6 @@ static action*** parse_params(char **argv)
#if ENABLE_FEATURE_FIND_MTIME
else if (parm == PARM_mtime) {
action_mtime *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(mtime);
ap->mtime_char = arg1[0];
ap->mtime_days = xatoul(plus_minus_num(arg1));
@@ -622,8 +710,6 @@ static action*** parse_params(char **argv)
#if ENABLE_FEATURE_FIND_MMIN
else if (parm == PARM_mmin) {
action_mmin *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(mmin);
ap->mmin_char = arg1[0];
ap->mmin_mins = xatoul(plus_minus_num(arg1));
@@ -631,54 +717,23 @@ static action*** parse_params(char **argv)
#endif
#if ENABLE_FEATURE_FIND_NEWER
else if (parm == PARM_newer) {
- action_newer *ap;
struct stat stat_newer;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
- xstat(arg1, &stat_newer);
+ action_newer *ap;
ap = ALLOC_ACTION(newer);
+ xstat(arg1, &stat_newer);
ap->newer_mtime = stat_newer.st_mtime;
}
#endif
#if ENABLE_FEATURE_FIND_INUM
else if (parm == PARM_inum) {
action_inum *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(inum);
ap->inode_num = xatoul(arg1);
}
#endif
-#if ENABLE_FEATURE_FIND_EXEC
- else if (parm == PARM_exec) {
- int i;
- action_exec *ap;
- need_print = 0;
- USE_FEATURE_FIND_NOT( invert_flag = 0; )
- ap = ALLOC_ACTION(exec);
- ap->exec_argv = ++argv; /* first arg after -exec */
- ap->exec_argc = 0;
- while (1) {
- if (!*argv) /* did not see ';' until end */
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
- if (LONE_CHAR(argv[0], ';'))
- break;
- argv++;
- ap->exec_argc++;
- }
- if (ap->exec_argc == 0)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
- ap->subst_count = xmalloc(ap->exec_argc * sizeof(int));
- i = ap->exec_argc;
- while (i--)
- ap->subst_count[i] = count_subst(ap->exec_argv[i]);
- }
-#endif
#if ENABLE_FEATURE_FIND_USER
else if (parm == PARM_user) {
action_user *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(user);
ap->uid = bb_strtou(arg1, NULL, 10);
if (errno)
@@ -688,42 +743,12 @@ static action*** parse_params(char **argv)
#if ENABLE_FEATURE_FIND_GROUP
else if (parm == PARM_group) {
action_group *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(group);
ap->gid = bb_strtou(arg1, NULL, 10);
if (errno)
ap->gid = xgroup2gid(arg1);
}
#endif
-#if ENABLE_FEATURE_FIND_DEPTH
- else if (parm == PARM_depth) {
- recurse_flags |= ACTION_DEPTHFIRST;
- }
-#endif
-#if ENABLE_FEATURE_FIND_PAREN
- else if (parm == PARM_char_brace) {
- action_paren *ap;
- char **endarg;
- unsigned nested = 1;
-
- endarg = argv;
- while (1) {
- if (!*++endarg)
- bb_error_msg_and_die("unpaired '('");
- if (LONE_CHAR(*endarg, '('))
- nested++;
- else if (LONE_CHAR(*endarg, ')') && !--nested) {
- *endarg = NULL;
- break;
- }
- }
- ap = ALLOC_ACTION(paren);
- ap->subexpr = parse_params(argv + 1);
- *endarg = (char*) ")"; /* restore NULLed parameter */
- argv = endarg;
- }
-#endif
#if ENABLE_FEATURE_FIND_SIZE
else if (parm == PARM_size) {
/* -size n[bckw]: file uses n units of space
@@ -746,24 +771,18 @@ static action*** parse_params(char **argv)
{ NULL, 0 }
};
action_size *ap;
- if (!*++argv)
- bb_error_msg_and_die(bb_msg_requires_arg, arg);
ap = ALLOC_ACTION(size);
ap->size_char = arg1[0];
ap->size = XATOU_SFX(plus_minus_num(arg1), find_suffixes);
}
#endif
-#if ENABLE_FEATURE_FIND_PRUNE
- else if (parm == PARM_prune) {
- USE_FEATURE_FIND_NOT( invert_flag = 0; )
- (void) ALLOC_ACTION(prune);
- }
-#endif
-#if ENABLE_FEATURE_FIND_DELETE
- else if (parm == PARM_delete) {
- need_print = 0;
- recurse_flags |= ACTION_DEPTHFIRST;
- (void) ALLOC_ACTION(delete);
+#if ENABLE_FEATURE_FIND_CONTEXT
+ else if (parm == PARM_context) {
+ action_context *ap;
+ ap = ALLOC_ACTION(context);
+ ap->context = NULL;
+ if (selinux_raw_to_trans_context(arg1, &ap->context))
+ bb_perror_msg("%s", arg1);
}
#endif
else {
diff --git a/include/usage.h b/include/usage.h
index f5bd96a47..7d09feb05 100644
--- a/include/usage.h
+++ b/include/usage.h
@@ -981,6 +981,8 @@
USE_FEATURE_FIND_PRINT0( \
"\n -print0 Delimit output with null characters rather than" \
"\n newlines") \
+ USE_FEATURE_FIND_CONTEXT ( \
+ "\n -context File has specified security context") \
USE_FEATURE_FIND_EXEC( \
"\n -exec CMD ARG ; Execute CMD with all instances of {} replaced by the" \
"\n matching files") \