external/busybox
リビジョン | d8482dbecc75c8a94bd15a02fa8844cfea91e6d2 (tree) |
---|---|
日時 | 2014-08-06 20:40:07 |
作者 | Tanguy Pruvot <tanguy.pruvot@gmai...> |
コミッター | Tanguy Pruvot |
Bionic changes for tty related applets
Tested (but applets not included/enabled)
getty, login, su, passwd, mkpasswd, cryptpw
Sample /etc/passwd required before 'passwd' :
root:x:0:0:root:/:/system/xbin/bash
busybox su allow to change current user, if you are root
Example: "busybox su shell -c /system/xbin/bash"
busybox login allow also to do that :
Example: "busybox login shell"
getpwnam() returns now an empty string in passwd member
instead of null, busybox often check directly pw->pw_passwd[0]
Update also selinux related stubs after tests on x86 4.4.2,
l-preview and aosp/master
If you want to include these applets, here is the required
source list to add in busybox-full.sources :
And the config flags to add :
Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>
Change-Id: I96ee64f0872856fad6b3ff299faafad6451da556
@@ -103,6 +103,15 @@ extern int selinux_file_context_verify(const char *path, mode_t mode); | ||
103 | 103 | extern int get_default_context(const char* user, const char* fromcon, |
104 | 104 | char ** newcon); |
105 | 105 | |
106 | +/* Check a permission in the passwd class. | |
107 | + Return 0 if granted or -1 otherwise. */ | |
108 | +#define PASSWD__PASSWD 0x001UL | |
109 | +#define PASSWD__CHFN 0x002UL | |
110 | +#define PASSWD__CHSH 0x004UL | |
111 | +#define PASSWD__ROOTOK 0x008UL | |
112 | +#define PASSWD__CRONTAB 0x010UL | |
113 | +extern int selinux_check_passwd_access(access_vector_t requested); | |
114 | + | |
106 | 115 | #define lgetfilecon_raw(path, context) \ |
107 | 116 | lgetfilecon(path, context) |
108 | 117 |
@@ -1,9 +1,9 @@ | ||
1 | -#include <stdio.h> | |
2 | -#include <stdlib.h> | |
1 | +#include <libbb.h> | |
3 | 2 | #include <selinux/selinux.h> |
4 | 3 | |
5 | 4 | /* create a new context with user name (may be unsafe) */ |
6 | -int get_default_context(const char* user, const char* fromcon, | |
5 | +int get_default_context(const char* user, | |
6 | + const char* fromcon UNUSED_PARAM, | |
7 | 7 | char ** newcon) |
8 | 8 | { |
9 | 9 | char fmt[] = "u:r:%s:s0\0"; |
@@ -19,9 +19,18 @@ int get_default_context(const char* user, const char* fromcon, | ||
19 | 19 | /* Compute a relabeling decision and set *newcon to refer to it. |
20 | 20 | Caller must free via freecon. |
21 | 21 | Stub not implemented in bionic, but declared in selinux.h */ |
22 | -int security_compute_relabel(const char *scon, const char *tcon, | |
23 | - security_class_t tclass, | |
22 | +#if defined(BIONIC_L) || !defined(__i386__) | |
23 | +int security_compute_relabel(const char *scon UNUSED_PARAM, | |
24 | + const char *tcon, | |
25 | + security_class_t tclass UNUSED_PARAM, | |
24 | 26 | char ** newcon) |
27 | +#else | |
28 | +/* this was changed after 4.4.2 */ | |
29 | +int security_compute_relabel(const security_context_t scon UNUSED_PARAM, | |
30 | + const security_context_t tcon, | |
31 | + security_class_t tclass UNUSED_PARAM, | |
32 | + security_context_t *newcon) | |
33 | +#endif | |
25 | 34 | { |
26 | 35 | if (tcon) |
27 | 36 | *newcon = strdup(tcon); |
@@ -32,7 +41,7 @@ int security_compute_relabel(const char *scon, const char *tcon, | ||
32 | 41 | |
33 | 42 | /* Check a permission in the passwd class. |
34 | 43 | Return 0 if granted or -1 otherwise. */ |
35 | -int selinux_check_passwd_access(access_vector_t requested) | |
44 | +int selinux_check_passwd_access(access_vector_t requested UNUSED_PARAM) | |
36 | 45 | { |
37 | 46 | return 0; |
38 | -} | |
\ No newline at end of file | ||
47 | +} |
@@ -1,7 +1,7 @@ | ||
1 | 1 | # |
2 | 2 | # Automatically generated make config: don't edit |
3 | 3 | # Busybox version: 1.22.1 |
4 | -# Fri Aug 1 16:21:29 2014 | |
4 | +# Wed Aug 6 13:27:12 2014 | |
5 | 5 | # |
6 | 6 | CONFIG_HAVE_DOT_CONFIG=y |
7 | 7 |
@@ -452,7 +452,7 @@ CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y | ||
452 | 452 | # CONFIG_USE_BB_PWD_GRP is not set |
453 | 453 | # CONFIG_USE_BB_SHADOW is not set |
454 | 454 | CONFIG_USE_BB_CRYPT=y |
455 | -# CONFIG_USE_BB_CRYPT_SHA is not set | |
455 | +CONFIG_USE_BB_CRYPT_SHA=y | |
456 | 456 | # CONFIG_ADDUSER is not set |
457 | 457 | # CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set |
458 | 458 | # CONFIG_FEATURE_CHECK_NAMES is not set |
@@ -45,7 +45,7 @@ libbb/time.c libbb/trim.c libbb/u_signal_names.c libbb/udp_io.c libbb/unicode.c | ||
45 | 45 | libbb/vdprintf.c libbb/verror_msg.c libbb/vfork_daemon_rexec.c libbb/warn_ignoring_args.c libbb/wfopen.c libbb/wfopen_input.c |
46 | 46 | libbb/write.c libbb/xatonum.c libbb/xconnect.c libbb/xfunc_die.c libbb/xfuncs.c libbb/xfuncs_printf.c libbb/xgetcwd.c |
47 | 47 | libbb/xgethostbyname.c libbb/xreadlink.c libbb/xrealloc_vector.c libbb/xregcomp.c |
48 | -libbb/endofname.c libbb/in_ether.c | |
48 | +libbb/endofname.c libbb/in_ether.c libbb/nuke_str.c | |
49 | 49 | |
50 | 50 | libpwdgrp/uidgid_get.c |
51 | 51 |
@@ -903,6 +903,8 @@ int get_uidgid(struct bb_uidgid_t*, const char*, int numeric_ok) FAST_FUNC; | ||
903 | 903 | void xget_uidgid(struct bb_uidgid_t*, const char*) FAST_FUNC; |
904 | 904 | /* chown-like handling of "user[:[group]" */ |
905 | 905 | void parse_chown_usergroup_or_die(struct bb_uidgid_t *u, char *user_group) FAST_FUNC; |
906 | +struct passwd* safegetpwnam(const char *name) FAST_FUNC; | |
907 | +struct passwd* safegetpwuid(uid_t uid) FAST_FUNC; | |
906 | 908 | struct passwd* xgetpwnam(const char *name) FAST_FUNC; |
907 | 909 | struct group* xgetgrnam(const char *name) FAST_FUNC; |
908 | 910 | struct passwd* xgetpwuid(uid_t uid) FAST_FUNC; |
@@ -15,9 +15,31 @@ | ||
15 | 15 | * pointers to static data (getpwuid) |
16 | 16 | */ |
17 | 17 | |
18 | -struct passwd* FAST_FUNC xgetpwnam(const char *name) | |
18 | +struct passwd* FAST_FUNC safegetpwnam(const char *name) | |
19 | 19 | { |
20 | 20 | struct passwd *pw = getpwnam(name); |
21 | +#ifdef __BIONIC__ | |
22 | + if (pw && !pw->pw_passwd) { | |
23 | + pw->pw_passwd = ""; | |
24 | + } | |
25 | +#endif | |
26 | + return pw; | |
27 | +} | |
28 | + | |
29 | +struct passwd* FAST_FUNC safegetpwuid(uid_t uid) | |
30 | +{ | |
31 | + struct passwd *pw = getpwuid(uid); | |
32 | +#ifdef __BIONIC__ | |
33 | + if (pw && !pw->pw_passwd) { | |
34 | + pw->pw_passwd = ""; | |
35 | + } | |
36 | +#endif | |
37 | + return pw; | |
38 | +} | |
39 | + | |
40 | +struct passwd* FAST_FUNC xgetpwnam(const char *name) | |
41 | +{ | |
42 | + struct passwd *pw = safegetpwnam(name); | |
21 | 43 | if (!pw) |
22 | 44 | bb_error_msg_and_die("unknown user %s", name); |
23 | 45 | return pw; |
@@ -31,10 +53,9 @@ struct group* FAST_FUNC xgetgrnam(const char *name) | ||
31 | 53 | return gr; |
32 | 54 | } |
33 | 55 | |
34 | - | |
35 | 56 | struct passwd* FAST_FUNC xgetpwuid(uid_t uid) |
36 | 57 | { |
37 | - struct passwd *pw = getpwuid(uid); | |
58 | + struct passwd *pw = safegetpwuid(uid); | |
38 | 59 | if (!pw) |
39 | 60 | bb_error_msg_and_die("unknown uid %u", (unsigned)uid); |
40 | 61 | return pw; |
@@ -54,7 +54,12 @@ static FILE *dbf; | ||
54 | 54 | * and for line editing at the same time. |
55 | 55 | */ |
56 | 56 | #undef _PATH_LOGIN |
57 | +#ifdef __BIONIC__ | |
58 | +#define cfsetspeed(t,s) cfsetispeed(t,s) | |
59 | +#define _PATH_LOGIN "/system/xbin/login" | |
60 | +#else | |
57 | 61 | #define _PATH_LOGIN "/bin/login" |
62 | +#endif | |
58 | 63 | |
59 | 64 | /* Displayed before the login prompt. |
60 | 65 | * If ISSUE is not defined, getty will never display the contents of the |
@@ -94,7 +99,7 @@ struct globals { | ||
94 | 99 | //usage:#define getty_trivial_usage |
95 | 100 | //usage: "[OPTIONS] BAUD_RATE[,BAUD_RATE]... TTY [TERMTYPE]" |
96 | 101 | //usage:#define getty_full_usage "\n\n" |
97 | -//usage: "Open TTY, prompt for login name, then invoke /bin/login\n" | |
102 | +//usage: "Open TTY, prompt for login name, then invoke /system/xbin/login\n" | |
98 | 103 | //usage: "\n -h Enable hardware RTS/CTS flow control" |
99 | 104 | //usage: "\n -L Set CLOCAL (ignore Carrier Detect state)" |
100 | 105 | //usage: "\n -m Get baud rate from modem's CONNECT status message" |
@@ -102,7 +107,7 @@ struct globals { | ||
102 | 107 | //usage: "\n -w Wait for CR or LF before sending /etc/issue" |
103 | 108 | //usage: "\n -i Don't display /etc/issue" |
104 | 109 | //usage: "\n -f ISSUE_FILE Display ISSUE_FILE instead of /etc/issue" |
105 | -//usage: "\n -l LOGIN Invoke LOGIN instead of /bin/login" | |
110 | +//usage: "\n -l LOGIN Invoke LOGIN instead of /system/xbin/login" | |
106 | 111 | //usage: "\n -t SEC Terminate after SEC if no login name is read" |
107 | 112 | //usage: "\n -I INITSTR Send INITSTR before anything else" |
108 | 113 | //usage: "\n -H HOST Log HOST into the utmp file as the hostname" |
@@ -499,7 +504,7 @@ static char *get_logname(void) | ||
499 | 504 | default: |
500 | 505 | if ((unsigned char)c < ' ') { |
501 | 506 | /* ignore garbage characters */ |
502 | - } else if ((int)(bp - G.line_buf) < sizeof(G.line_buf) - 1) { | |
507 | + } else if ((int)(bp - G.line_buf) < (int)sizeof(G.line_buf) - 1) { | |
503 | 508 | /* echo and store the character */ |
504 | 509 | full_write(STDOUT_FILENO, &c, 1); |
505 | 510 | *bp++ = c; |
@@ -17,9 +17,11 @@ | ||
17 | 17 | |
18 | 18 | #if ENABLE_SELINUX |
19 | 19 | # include <selinux/selinux.h> /* for is_selinux_enabled() */ |
20 | +#ifndef __BIONIC__ | |
20 | 21 | # include <selinux/get_context_list.h> /* for get_default_context() */ |
21 | 22 | # include <selinux/flask.h> /* for security class definitions */ |
22 | 23 | #endif |
24 | +#endif | |
23 | 25 | |
24 | 26 | #if ENABLE_PAM |
25 | 27 | /* PAM may include <locale.h>. We may need to undefine bbox's stub define: */ |
@@ -118,7 +120,8 @@ static void initselinux(char *username, char *full_tty, | ||
118 | 120 | bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty); |
119 | 121 | } |
120 | 122 | if (setfilecon(full_tty, new_tty_sid) != 0) { |
121 | - bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid); | |
123 | + if (strcmp(old_tty_sid, new_tty_sid)) | |
124 | + bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid); | |
122 | 125 | } |
123 | 126 | } |
124 | 127 | #endif |
@@ -397,7 +400,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) | ||
397 | 400 | pam_strerror(pamh, pamret), pamret); |
398 | 401 | safe_strncpy(username, "UNKNOWN", sizeof(username)); |
399 | 402 | #else /* not PAM */ |
400 | - pw = getpwnam(username); | |
403 | + pw = safegetpwnam(username); | |
401 | 404 | if (!pw) { |
402 | 405 | strcpy(username, "UNKNOWN"); |
403 | 406 | goto fake_it; |
@@ -45,7 +45,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv) | ||
45 | 45 | /* Clear dangerous stuff, set PATH */ |
46 | 46 | sanitize_env_if_suid(); |
47 | 47 | |
48 | - pwd = getpwuid(0); | |
48 | + pwd = safegetpwuid(0); | |
49 | 49 | if (!pwd) { |
50 | 50 | goto auth_error; |
51 | 51 | } |
@@ -697,7 +697,7 @@ static void start_one_job(const char *user, CronLine *line) | ||
697 | 697 | struct passwd *pas; |
698 | 698 | pid_t pid; |
699 | 699 | |
700 | - pas = getpwnam(user); | |
700 | + pas = safegetpwnam(user); | |
701 | 701 | if (!pas) { |
702 | 702 | crondlog(WARN9 "can't get uid for %s", user); |
703 | 703 | goto err; |
@@ -84,7 +84,7 @@ struct globals { | ||
84 | 84 | } FIX_ALIASING; |
85 | 85 | #define G (*(struct globals*)&bb_common_bufsiz1) |
86 | 86 | #define INIT_G() do { \ |
87 | - G.loginpath = "/bin/login"; \ | |
87 | + G.loginpath = "/system/xbin/login"; \ | |
88 | 88 | G.issuefile = "/etc/issue.net"; \ |
89 | 89 | } while (0) |
90 | 90 |