[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [PATCH] tar: only include selinux context with -p opt
From: Tanguy Pruvot <tanguy.pruvot () gmail ! com>
Date: 2014-05-29 16:01:07
Message-ID: CACOx48rHe8pYTi+orUJYwt3XJTR0BVs1Z=DW5MgAh8kq6JgM9Q () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Without answer, i added -p to store selinux contexts (its for android 4.3+)
[Attachment #5 (text/html)]
<div dir="ltr">Without answer, i added -p to store selinux contexts (its for android 4.3+)</div>
--001a113a665a6cedba04fa8c09d2--
["0001-tar-add-selinux-context-support-on-create.patch" (application/octet-stream)]
From 2c2a59a6c44c965daa54f2a0eb949d38c93ac691 Mon Sep 17 00:00:00 2001
From: Tanguy Pruvot <tanguy.pruvot@gmail.com>
Date: Sat, 17 May 2014 17:27:40 +0200
Subject: [PATCH 1/2] tar: add selinux context support on create
No flag is required for the moment, it will add them
to the tar if selinux is enabled on the machine.
Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>
Change-Id: Ic7a39ee03087ed19e814b138ec6d70cdadb605cd
---
archival/libarchive/data_extract_to_command.c | 2 +-
archival/tar.c | 41 +++++++++++++++++++++++++
include/bb_archive.h | 2 +-
3 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/archival/libarchive/data_extract_to_command.c \
b/archival/libarchive/data_extract_to_command.c index 5b32c2e..4249c23 100644
--- a/archival/libarchive/data_extract_to_command.c
+++ b/archival/libarchive/data_extract_to_command.c
@@ -63,7 +63,7 @@ void FAST_FUNC data_extract_to_command(archive_handle_t \
*archive_handle) {
file_header_t *file_header = archive_handle->file_header;
-#if 0 /* do we need this? ENABLE_FEATURE_TAR_SELINUX */
+#if ENABLE_FEATURE_TAR_SELINUX
char *sctx = archive_handle->tar__sctx[PAX_NEXT_FILE];
if (!sctx)
sctx = archive_handle->tar__sctx[PAX_GLOBAL];
diff --git a/archival/tar.c b/archival/tar.c
index aa02d35..be2bb09 100644
--- a/archival/tar.c
+++ b/archival/tar.c
@@ -210,6 +210,7 @@ enum {
CONTTYPE = '7', /* reserved */
GNULONGLINK = 'K', /* GNU long (>100 chars) link name */
GNULONGNAME = 'L', /* GNU long (>100 chars) file name */
+ EXTTYPE = 'x', /* ext metadata for next file, store selinux_context */
};
/* Might be faster (and bigger) if the dev/ino were stored in numeric order;) */
@@ -351,6 +352,34 @@ static void writeLongname(int fd, int type, const char *name, \
int dir) }
#endif
+#if ENABLE_FEATURE_TAR_SELINUX
+# define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
+/* Write 2 blocks : extended file header + selinux context */
+static int writeSeHeader(int fd, const char *con, struct tar_header_t *header)
+{
+ char block[TAR_BLOCK_SIZE];
+ struct tar_header_t hd;
+
+ int sz = sizeof(SELINUX_CONTEXT_KEYWORD) + 4 + strlen(con);
+ if (sz >= 100) sz++; /* another ascii digit for size */
+ if (sz > TAR_BLOCK_SIZE)
+ return FALSE;
+
+ memset(&block, 0, TAR_BLOCK_SIZE);
+ sprintf(block, "%d %s=%s\n", sz, SELINUX_CONTEXT_KEYWORD, con);
+
+ /* write duplicated file entry */
+ memcpy(&hd, header, sizeof(hd));
+ hd.typeflag = EXTTYPE;
+ PUT_OCTAL(hd.size, sz);
+ chksum_and_xwrite(fd, &hd);
+
+ /* write selinux context */
+ xwrite(fd, &block, TAR_BLOCK_SIZE);
+ return TRUE;
+}
+#endif
+
/* Write out a tar header for the specified file/directory/whatever */
static int writeTarHeader(struct TarBallInfo *tbInfo,
const char *header_name, const char *fileName, struct stat *statbuf)
@@ -468,6 +497,18 @@ static int writeTarHeader(struct TarBallInfo *tbInfo,
header_name, S_ISDIR(statbuf->st_mode));
#endif
+#if ENABLE_FEATURE_TAR_SELINUX
+ if (is_selinux_enabled()) {
+ security_context_t sid;
+ lgetfilecon(fileName, &sid);
+ if (sid) {
+ // optional extended block
+ writeSeHeader(tbInfo->tarFd, sid, &header);
+ freecon(sid);
+ }
+ }
+#endif
+
/* Now write the header out to disk */
chksum_and_xwrite(tbInfo->tarFd, &header);
diff --git a/include/bb_archive.h b/include/bb_archive.h
index b82cfd8..d796fcd 100644
--- a/include/bb_archive.h
+++ b/include/bb_archive.h
@@ -146,7 +146,7 @@ typedef struct tar_header_t { /* byte offset */
/* Normally it's defined as magic[6] followed by
* version[2], but we put them together to save code.
*/
- char magic[8]; /* 257-264 */
+ char magic[8]; /* 257-264 (magic 6 + version 2) */
char uname[32]; /* 265-296 */
char gname[32]; /* 297-328 */
char devmajor[8]; /* 329-336 */
--
1.7.2.5
["0002-tar-only-include-selinux-context-with-p-opt.patch" (application/octet-stream)]
From 1e1154804d738a282cf86bf089bc58d990b4adad Mon Sep 17 00:00:00 2001
From: Tanguy Pruvot <tanguy.pruvot@gmail.com>
Date: Thu, 29 May 2014 17:04:08 +0200
Subject: [PATCH 2/2] tar: only include selinux context with -p opt
Change-Id: I22134071cca5ac9fd66cff2cd1ddd09ff3d5c1bb
---
archival/tar.c | 21 ++++++++++++++++++---
include/bb_archive.h | 3 +++
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/archival/tar.c b/archival/tar.c
index be2bb09..0155825 100644
--- a/archival/tar.c
+++ b/archival/tar.c
@@ -162,8 +162,8 @@
#if !ENABLE_FEATURE_SEAMLESS_GZ && !ENABLE_FEATURE_SEAMLESS_BZ2
/* Do not pass gzip flag to writeTarFile() */
-#define writeTarFile(tar_fd, verboseFlag, recurseFlags, include, exclude, gzip) \
- writeTarFile(tar_fd, verboseFlag, recurseFlags, include, exclude)
+#define writeTarFile(tar_fd, verboseFlag, recurseFlags, optFlags, include, exclude, gzip) \
+ writeTarFile(tar_fd, verboseFlag, optFlags, recurseFlags, include, exclude)
#endif
@@ -187,6 +187,8 @@ typedef struct TarBallInfo {
int tarFd; /* Open-for-write file descriptor
* for the tarball */
int verboseFlag; /* Whether to print extra stuff or not */
+ unsigned optFlags; /* all command line flags */
+
const llist_t *excludeList; /* List of files to not include */
HardLinkInfo *hlInfoHead; /* Hard Link Tracking Information */
HardLinkInfo *hlInfo; /* Hard Link Info for the current file */
@@ -498,7 +500,7 @@ static int writeTarHeader(struct TarBallInfo *tbInfo,
#endif
#if ENABLE_FEATURE_TAR_SELINUX
- if (is_selinux_enabled()) {
+ if (is_selinux_enabled() && (tbInfo->optFlags & ARCHIVE_STORE_SELINUX)) {
security_context_t sid;
lgetfilecon(fileName, &sid);
if (sid) {
@@ -741,6 +743,7 @@ static void NOINLINE vfork_compressor(int tar_fd, int gzip)
/* gcc 4.2.1 inlines it, making code bigger */
static NOINLINE int writeTarFile(int tar_fd, int verboseFlag,
+ unsigned optFlags,
int recurseFlags, const llist_t *include,
const llist_t *exclude, int gzip)
{
@@ -750,6 +753,7 @@ static NOINLINE int writeTarFile(int tar_fd, int verboseFlag,
tbInfo.hlInfoHead = NULL;
tbInfo.tarFd = tar_fd;
tbInfo.verboseFlag = verboseFlag;
+ tbInfo.optFlags = optFlags;
/* Store the stat info for the tarball's file, so
* can avoid including the tarball into itself.... */
@@ -804,6 +808,7 @@ static NOINLINE int writeTarFile(int tar_fd, int verboseFlag,
}
#else
int writeTarFile(int tar_fd, int verboseFlag,
+ unsigned optFlags,
int recurseFlags, const llist_t *include,
const llist_t *exclude, int gzip);
#endif /* FEATURE_TAR_CREATE */
@@ -839,6 +844,7 @@ static llist_t *append_file_list_to_list(llist_t *list)
//usage: IF_FEATURE_SEAMLESS_LZMA("a")
//usage: IF_FEATURE_TAR_CREATE("h")
//usage: IF_FEATURE_TAR_NOPRESERVE_TIME("m")
+//usage: IF_FEATURE_TAR_SELINUX("p")
//usage: "vO] "
//usage: IF_FEATURE_TAR_FROM("[-X FILE] [-T FILE] ")
//usage: "[-f TARFILE] [-C DIR] [FILE]..."
@@ -884,6 +890,9 @@ static llist_t *append_file_list_to_list(llist_t *list)
//usage: "\n X File with names to exclude"
//usage: "\n T File with names to include"
//usage: )
+//usage: IF_FEATURE_TAR_SELINUX(
+//usage: "\n p Store SELinux contexts"
+//usage: )
//usage:
//usage:#define tar_example_usage
//usage: "$ zcat /tmp/tarball.tar.gz | tar -xf -\n"
@@ -1119,6 +1128,11 @@ int tar_main(int argc UNUSED_PARAM, char **argv)
if (opt & OPT_NOPRESERVE_PERM)
tar_handle->ah_flags |= ARCHIVE_DONT_RESTORE_PERM;
+#if ENABLE_FEATURE_TAR_SELINUX
+ if (opt & OPT_P)
+ tar_handle->ah_flags |= ARCHIVE_STORE_SELINUX;
+#endif
+
if (opt & OPT_OVERWRITE) {
tar_handle->ah_flags &= ~ARCHIVE_UNLINK_OLD;
tar_handle->ah_flags |= ARCHIVE_O_TRUNC;
@@ -1205,6 +1219,7 @@ int tar_main(int argc UNUSED_PARAM, char **argv)
#endif
/* NB: writeTarFile() closes tar_handle->src_fd */
return writeTarFile(tar_handle->src_fd, verboseFlag,
+ tar_handle->ah_flags,
(opt & OPT_DEREFERENCE ? ACTION_FOLLOWLINKS : 0)
| (opt & OPT_NORECURSION ? 0 : ACTION_RECURSE),
tar_handle->accept,
diff --git a/include/bb_archive.h b/include/bb_archive.h
index d796fcd..fc976f2 100644
--- a/include/bb_archive.h
+++ b/include/bb_archive.h
@@ -125,6 +125,9 @@ typedef struct archive_handle_t {
#if ENABLE_RPM
#define ARCHIVE_REPLACE_VIA_RENAME (1 << 10)
#endif
+#if ENABLE_FEATURE_TAR_SELINUX
+#define ARCHIVE_STORE_SELINUX (1 << 15)
+#endif
/* POSIX tar Header Block, from POSIX 1003.1-1990 */
--
1.7.2.5
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic