static bool selinux_action_allowed(int s, pid_t tid, debugger_action_t action)
{
char *scon = NULL, *tcon = NULL;
const char *tclass = "debuggerd";
const char *perm;
bool allowed = false;
if (selinux_enabled <= 0)
return true;
if (action <= 0 || action >= (sizeof(debuggerd_perms)/sizeof(debuggerd_perms[0]))) {
ALOGE("SELinux: No permission defined for debugger action %d", action);
return false;
}
perm = debuggerd_perms[action];
if (getpeercon(s, &scon) < 0) {
ALOGE("Cannot get peer context from socket\n");
goto out;
}
if (getpidcon(tid, &tcon) < 0) {
ALOGE("Cannot get context for tid %d\n", tid);
goto out;
}
allowed = (selinux_check_access(scon, tcon, tclass, perm, NULL) == 0);
out:
freecon(scon);
freecon(tcon);
return allowed;
}
static int
SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
virSecurityLabelPtr sec)
{
security_context_t ctx;
if (getpidcon(vm->pid, &ctx) == -1) {
virReportSystemError(errno,
_("unable to get PID %d security context"),
vm->pid);
return -1;
}
if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label exceeds "
"maximum length: %d"),
VIR_SECURITY_LABEL_BUFLEN - 1);
freecon(ctx);
return -1;
}
strcpy(sec->label, (char *) ctx);
freecon(ctx);
sec->enforcing = security_getenforce();
if (sec->enforcing == -1) {
virReportSystemError(errno, "%s",
_("error calling security_getenforce()"));
return -1;
}
return 0;
}
/*
* Function: getPidCon
* Purpose: Get the context of a process identified by its pid
* Parameters:
* pid: a jint representing the process
* Returns: a jstring representing the security context of the pid,
* the jstring may be NULL if there was an error
* Exceptions: none
*/
static jstring getPidCon(JNIEnv *env, jobject clazz, jint pid) {
#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return NULL;
security_context_t context = NULL;
jstring securityString = NULL;
pid_t checkPid = (pid_t)pid;
if (getpidcon(checkPid, &context) == -1)
goto bail;
ALOGV("getPidCon: Successfully retrived context '%s' for pid '%d'", context, checkPid);
securityString = env->NewStringUTF(context);
bail:
if (context != NULL)
freecon(context);
return securityString;
#else
return NULL;
#endif
}
int main(int argc, char **argv)
{
pid_t pid;
char *buf;
int rc;
if (argc != 2) {
fprintf(stderr, "usage: %s pid\n", argv[0]);
exit(1);
}
if (sscanf(argv[1], "%d", &pid) != 1) {
fprintf(stderr, "%s: invalid pid %s\n", argv[0], argv[1]);
exit(2);
}
rc = getpidcon(pid, &buf);
if (rc < 0) {
fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
exit(3);
}
printf("%s\n", buf);
freecon(buf);
exit(EXIT_SUCCESS);
}
static bool selinux_action_allowed(int s, debugger_request_t* request)
{
char *scon = NULL, *tcon = NULL;
const char *tclass = "debuggerd";
const char *perm;
bool allowed = false;
if (request->action <= 0 || request->action >= (sizeof(debuggerd_perms)/sizeof(debuggerd_perms[0]))) {
ALOGE("SELinux: No permission defined for debugger action %d", request->action);
return false;
}
perm = debuggerd_perms[request->action];
if (getpeercon(s, &scon) < 0) {
ALOGE("Cannot get peer context from socket\n");
goto out;
}
if (getpidcon(request->tid, &tcon) < 0) {
ALOGE("Cannot get context for tid %d\n", request->tid);
goto out;
}
allowed = (selinux_check_access(scon, tcon, tclass, perm, reinterpret_cast<void*>(request)) == 0);
out:
freecon(scon);
freecon(tcon);
return allowed;
}
/*
* Function: getPidCon
* Purpose: Get the context of a process identified by its pid
* Parameters:
* pid: a jint representing the process
* Returns: a jstring representing the security context of the pid,
* the jstring may be NULL if there was an error
* Exceptions: none
*/
static jstring getPidCon(JNIEnv *env, jobject, jint pid) {
if (isSELinuxDisabled) {
return NULL;
}
security_context_t tmp = NULL;
int ret = getpidcon(static_cast<pid_t>(pid), &tmp);
Unique_SecurityContext context(tmp);
ScopedLocalRef<jstring> securityString(env, NULL);
if (ret != -1) {
securityString.reset(env->NewStringUTF(context.get()));
}
ALOGV("getPidCon(%d) => %s", pid, context.get());
return securityString.release();
}
{
setbank(m_bg1_tilemap, 0, (data & 0x07));
setbank(m_bg2_tilemap, 1, (data & 0x38) >> 3);
}
}
WRITE16_MEMBER(aerofgt_state::turbofrc_gfxbank_w)
{
tilemap_t *tmap = (offset == 0) ? m_bg1_tilemap : m_bg2_tilemap;
data = COMBINE_DATA(&m_bank[offset]);
setbank(tmap, 4 * offset + 0, (data >> 0) & 0x0f);
setbank(tmap, 4 * offset + 1, (data >> 4) & 0x0f);
setbank(tmap, 4 * offset + 2, (data >> 8) & 0x0f);
setbank(tmap, 4 * offset + 3, (data >> 12) & 0x0f);
}
WRITE16_MEMBER(aerofgt_state::aerofgt_gfxbank_w)
{
tilemap_t *tmap = (offset < 2) ? m_bg1_tilemap : m_bg2_tilemap;
data = COMBINE_DATA(&m_bank[offset]);
setbank(tmap, 2 * offset + 0, (data >> 8) & 0xff);
setbank(tmap, 2 * offset + 1, (data >> 0) & 0xff);
static bool check_mac_perms(pid_t spid, const char *tctx, const char *perm, const char *name)
{
char *sctx = NULL;
const char *class = "service_manager";
bool allowed;
if (getpidcon(spid, &sctx) < 0) {
ALOGE("SELinux: getpidcon(pid=%d) failed to retrieve pid context.\n", spid);
return false;
}
int result = selinux_check_access(sctx, tctx, class, perm, (void *) name);
allowed = (result == 0);
freecon(sctx);
return allowed;
}
static char *get_selinux_label(int pid) {
#ifdef HAVE_SELINUX_SELINUX_H
char *selinux_label;
security_context_t pid_context;
context_t context;
if (getpidcon(pid, &pid_context) == -1) {
/* error getting pid selinux context */
dW("Can't get selinux context for process %d\n", pid);
return NULL;
}
context = context_new(pid_context);
selinux_label = strdup(context_type_get(context));
context_free(context);
freecon(pid_context);
return selinux_label;
#else
return NULL;
#endif /* HAVE_SELINUX_SELINUX_H */
}
static int
SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def,
pid_t pid)
{
security_context_t pctx;
context_t ctx = NULL;
const char *mcs;
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
if (getpidcon(pid, &pctx) == -1) {
virReportSystemError(errno,
_("unable to get PID %d security context"), pid);
return -1;
}
ctx = context_new(pctx);
freecon(pctx);
if (!ctx)
goto err;
mcs = context_range_get(ctx);
if (!mcs)
goto err;
mcsAdd(mcs);
context_free(ctx);
return 0;
err:
context_free(ctx);
return -1;
}
int main(int argc, char **argv)
{
/* these vars are reused several times */
int rc, opt, i, c;
char *context, *root_path;
/* files that need context checks */
char *fc[MAX_CHECK];
char *cterm = ttyname(0);
int nfc = 0;
struct stat m;
/* processes that need context checks */
char *pc[MAX_CHECK];
int npc = 0;
/* booleans */
char **bools;
int nbool;
int verbose = 0;
int show_bools = 0;
/* policy */
const char *pol_name, *root_dir;
char *pol_path;
while (1) {
opt = getopt(argc, argv, "vb");
if (opt == -1)
break;
switch (opt) {
case 'v':
verbose = 1;
break;
case 'b':
show_bools = 1;
break;
default:
/* invalid option */
printf("\nUsage: %s [OPTION]\n\n", basename(argv[0]));
printf(" -v Verbose check of process and file contexts.\n");
printf(" -b Display current state of booleans.\n");
printf("\nWithout options, show SELinux status.\n");
return -1;
}
}
printf_tab("SELinux status:");
rc = is_selinux_enabled();
switch (rc) {
case 1:
printf("enabled\n");
break;
case 0:
printf("disabled\n");
return 0;
break;
default:
printf("unknown (%s)\n", strerror(errno));
return 0;
break;
}
printf_tab("SELinuxfs mount:");
if (selinux_mnt != NULL) {
printf("%s\n", selinux_mnt);
} else {
printf("not mounted\n\n");
printf("Please mount selinuxfs for proper results.\n");
return -1;
}
printf_tab("SELinux root directory:");
root_dir = selinux_path();
if (root_dir == NULL) {
printf("error (%s)\n", strerror(errno));
return -1;
}
/* The path has a trailing '/' so duplicate to edit */
root_path = strdup(root_dir);
if (!root_path) {
printf("malloc error (%s)\n", strerror(errno));
return -1;
}
/* actually blank the '/' */
root_path[strlen(root_path) - 1] = '\0';
printf("%s\n", root_path);
free(root_path);
/* Dump all the path information */
printf_tab("Loaded policy name:");
pol_path = strdup(selinux_policy_root());
if (pol_path) {
pol_name = basename(pol_path);
puts(pol_name);
free(pol_path);
} else {
printf("error (%s)\n", strerror(errno));
}
printf_tab("Current mode:");
rc = security_getenforce();
switch (rc) {
case 1:
printf("enforcing\n");
break;
case 0:
printf("permissive\n");
break;
default:
printf("unknown (%s)\n", strerror(errno));
break;
}
printf_tab("Mode from config file:");
if (selinux_getenforcemode(&rc) == 0) {
switch (rc) {
case 1:
printf("enforcing\n");
break;
case 0:
printf("permissive\n");
break;
case -1:
printf("disabled\n");
break;
}
} else {
printf("error (%s)\n", strerror(errno));
}
printf_tab("Policy MLS status:");
rc = is_selinux_mls_enabled();
switch (rc) {
case 0:
printf("disabled\n");
break;
case 1:
printf("enabled\n");
break;
default:
printf("error (%s)\n", strerror(errno));
break;
}
printf_tab("Policy deny_unknown status:");
rc = security_deny_unknown();
switch (rc) {
case 0:
printf("allowed\n");
break;
case 1:
printf("denied\n");
break;
default:
printf("error (%s)\n", strerror(errno));
break;
}
rc = security_policyvers();
printf_tab("Max kernel policy version:");
if (rc < 0)
printf("unknown (%s)\n", strerror(errno));
else
printf("%d\n", rc);
if (show_bools) {
/* show booleans */
if (security_get_boolean_names(&bools, &nbool) >= 0) {
printf("\nPolicy booleans:\n");
for (i = 0; i < nbool; i++) {
if (strlen(bools[i]) + 1 > COL)
COL = strlen(bools[i]) + 1;
}
for (i = 0; i < nbool; i++) {
printf_tab(bools[i]);
rc = security_get_boolean_active(bools[i]);
switch (rc) {
case 1:
printf("on");
break;
case 0:
printf("off");
break;
default:
printf("unknown (%s)", strerror(errno));
break;
}
c = security_get_boolean_pending(bools[i]);
if (c != rc)
switch (c) {
case 1:
printf(" (activate pending)");
break;
case 0:
printf(" (inactivate pending)");
break;
default:
printf(" (pending error: %s)",
strerror(errno));
break;
}
printf("\n");
/* free up the booleans */
free(bools[i]);
}
free(bools);
}
}
/* only show contexts if -v is given */
if (!verbose)
return 0;
load_checks(pc, &npc, fc, &nfc);
printf("\nProcess contexts:\n");
printf_tab("Current context:");
if (getcon(&context) >= 0) {
printf("%s\n", context);
freecon(context);
} else
printf("unknown (%s)\n", strerror(errno));
printf_tab("Init context:");
if (getpidcon(1, &context) >= 0) {
printf("%s\n", context);
freecon(context);
} else
printf("unknown (%s)\n", strerror(errno));
for (i = 0; i < npc; i++) {
rc = pidof(pc[i]);
if (rc > 0) {
if (getpidcon(rc, &context) < 0)
continue;
printf_tab(pc[i]);
printf("%s\n", context);
freecon(context);
}
}
printf("\nFile contexts:\n");
/* controlling term */
printf_tab("Controlling terminal:");
if (lgetfilecon(cterm, &context) >= 0) {
printf("%s\n", context);
freecon(context);
} else {
printf("unknown (%s)\n", strerror(errno));
}
for (i = 0; i < nfc; i++) {
if (lgetfilecon(fc[i], &context) >= 0) {
printf_tab(fc[i]);
/* check if this is a symlink */
if (lstat(fc[i], &m)) {
printf
("%s (could not check link status (%s)!)\n",
context, strerror(errno));
freecon(context);
continue;
}
if (S_ISLNK(m.st_mode)) {
/* print link target context */
printf("%s -> ", context);
freecon(context);
if (getfilecon(fc[i], &context) >= 0) {
printf("%s\n", context);
freecon(context);
} else {
printf("unknown (%s)\n",
strerror(errno));
}
} else {
printf("%s\n", context);
freecon(context);
}
}
}
return 0;
}
int main(int argc, char **argv)
{
int pid, rc, len, status;
security_context_t context_s;
context_t context;
if (argc != 3) {
fprintf(stderr, "usage: %s newdomain program\n", argv[0]);
exit(-1);
}
rc = getcon(&context_s);
if (rc < 0) {
fprintf(stderr, "%s: unable to get my context\n", argv[0]);
exit(-1);
}
context = context_new(context_s);
if (!context) {
fprintf(stderr, "%s: unable to create context structure\n", argv[0]);
exit(-1);
}
if (context_type_set(context, argv[1])) {
fprintf(stderr, "%s: unable to set new type\n", argv[0]);
exit(-1);
}
freecon(context_s);
context_s = context_str(context);
if (!context_s) {
fprintf(stderr, "%s: unable to obtain new context string\n", argv[0]);
exit(-1);
}
rc = setexeccon(context_s);
if (rc < 0) {
fprintf(stderr, "%s: unable to set exec context to %s\n", argv[0], context_s);
exit(-1);
}
pid = fork();
if (pid < 0) {
perror("fork");
exit(-1);
} else if (pid == 0) {
signal(SIGTRAP, SIG_IGN);
rc = ptrace(PTRACE_TRACEME, 0, 0, 0);
if (rc < 0) {
perror("ptrace: PTRACE_TRACEME");
exit(-1);
}
execv(argv[2], argv+2);
perror(argv[2]);
exit(1);
}
repeat:
pid = wait(&status);
if (pid < 0) {
perror("wait");
exit(-1);
}
if (WIFEXITED(status)) {
fprintf(stderr, "Child exited with status %d.\n", WEXITSTATUS(status));
exit(WEXITSTATUS(status));
}
if (WIFSTOPPED(status)) {
fprintf(stderr, "Child stopped by signal %d.\n", WSTOPSIG(status));
rc = getpidcon(pid, &context_s);
if (rc < 0) {
perror("getpidcon");
exit(-1);
}
fprintf(stderr, "Child has context %s\n", context_s);
fprintf(stderr, "..Resuming the child.\n");
rc = ptrace(PTRACE_CONT,pid,0,0);
if (rc < 0){
perror("ptrace: PTRACE_CONT");
exit(-1);
}
goto repeat;
}
if (WIFSIGNALED(status)) {
fprintf(stderr, "Child terminated by signal %d.\n", WTERMSIG(status));
fprintf(stderr, "..This is consistent with a ptrace permission denial - check the audit message.\n");
exit(1);
}
fprintf(stderr, "Unexpected exit status 0x%x\n", status);
exit(-1);
}
static void display_verbose(void)
{
security_context_t con, _con;
char *fc[50], *pc[50], *cterm;
pid_t *pidList;
int i;
read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
/* process contexts */
puts("\nProcess contexts:");
/* current context */
if (getcon(&con) == 0) {
printf(COL_FMT "%s\n", "Current context:", con);
if (ENABLE_FEATURE_CLEAN_UP)
freecon(con);
}
/* /sbin/init context */
if (getpidcon(1, &con) == 0) {
printf(COL_FMT "%s\n", "Init context:", con);
if (ENABLE_FEATURE_CLEAN_UP)
freecon(con);
}
/* [process] context */
for (i = 0; pc[i] != NULL; i++) {
pidList = find_pid_by_name(bb_basename(pc[i]));
if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
printf(COL_FMT "%s\n", pc[i], con);
if (ENABLE_FEATURE_CLEAN_UP)
freecon(con);
}
if (ENABLE_FEATURE_CLEAN_UP)
free(pidList);
}
/* files contexts */
puts("\nFile contexts:");
cterm = ttyname(0);
puts(cterm);
if (cterm && lgetfilecon(cterm, &con) >= 0) {
printf(COL_FMT "%s\n", "Controlling term:", con);
if (ENABLE_FEATURE_CLEAN_UP)
freecon(con);
}
for (i=0; fc[i] != NULL; i++) {
struct stat stbuf;
if (lgetfilecon(fc[i], &con) < 0)
continue;
if (lstat(fc[i], &stbuf) == 0) {
if (S_ISLNK(stbuf.st_mode)) {
if (getfilecon(fc[i], &_con) >= 0) {
printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
if (ENABLE_FEATURE_CLEAN_UP)
freecon(_con);
}
} else {
printf(COL_FMT "%s\n", fc[i], con);
}
}
if (ENABLE_FEATURE_CLEAN_UP)
freecon(con);
}
}
/* returns requested time interval in seconds,
negative indicates error has occurred
*/
static long
parse_time_units(const char* age)
{
char *unit;
long num;
num = strtol(age,&unit,10);
if (age == unit) /* no digits found */
return -1;
if (unit[0] == '\0') /* no units found */
return -1;
switch(unit[0]) {
case 's':
return num;
case 'm':
return (num * 60);
case 'h':
return (num * 60 * 60);
case 'd':
return (num * 60 * 60 * 24);
case 'w':
return (num * 60 * 60 * 24 * 7);
case 'M':
return (num * 60 * 60 * 24 * 7 * 4);
case 'y':
return (num * 60 * 60 * 24 * 7 * 4 * 12);
}
return -1;
}
static int
match_process_uid(pid_t pid, uid_t uid)
{
char buf[128];
uid_t puid;
FILE *f;
int re = -1;
snprintf (buf, sizeof buf, PROC_BASE "/%d/status", pid);
if (!(f = fopen (buf, "r")))
return 0;
while (fgets(buf, sizeof buf, f))
{
if (sscanf (buf, "Uid:\t%d", &puid))
{
re = uid==puid;
break;
}
}
fclose(f);
if (re==-1)
{
fprintf(stderr, _("killall: Cannot get UID from process status\n"));
exit(1);
}
return re;
}
static regex_t *
build_regexp_list(int names, char **namelist)
{
int i;
regex_t *reglist;
int flag = REG_EXTENDED|REG_NOSUB;
if (!(reglist = malloc (sizeof (regex_t) * names)))
{
perror ("malloc");
exit (1);
}
if (ignore_case)
flag |= REG_ICASE;
for (i = 0; i < names; i++)
{
if (regcomp(®list[i], namelist[i], flag) != 0)
{
fprintf(stderr, _("killall: Bad regular expression: %s\n"), namelist[i]);
exit (1);
}
}
return reglist;
}
#ifdef WITH_SELINUX
static int
kill_all(int signal, int names, char **namelist, struct passwd *pwent,
regex_t *scontext )
#else /*WITH_SELINUX*/
static int
kill_all (int signal, int names, char **namelist, struct passwd *pwent)
#endif /*WITH_SELINUX*/
{
DIR *dir;
struct dirent *de;
FILE *file;
struct stat st, sts[MAX_NAMES];
int *name_len = NULL;
char *path, comm[COMM_LEN];
char *command_buf;
char *command;
pid_t *pid_table, pid, self, *pid_killed;
pid_t *pgids;
int i, j, okay, length, got_long, error;
int pids, max_pids, pids_killed;
unsigned long found;
regex_t *reglist = NULL;;
#ifdef WITH_SELINUX
security_context_t lcontext=NULL;
#endif /*WITH_SELINUX*/
if (names && reg)
reglist = build_regexp_list(names, namelist);
else if (names)
{
if (!(name_len = malloc (sizeof (int) * names)))
{
perror ("malloc");
exit (1);
}
for (i = 0; i < names; i++)
{
if (!strchr (namelist[i], '/'))
{
sts[i].st_dev = 0;
name_len[i] = strlen (namelist[i]);
}
else if (stat (namelist[i], &sts[i]) < 0)
{
perror (namelist[i]);
exit (1);
}
}
}
self = getpid ();
found = 0;
if (!(dir = opendir (PROC_BASE)))
{
perror (PROC_BASE);
exit (1);
}
max_pids = 256;
pid_table = malloc (max_pids * sizeof (pid_t));
if (!pid_table)
{
perror ("malloc");
exit (1);
}
pids = 0;
while ( (de = readdir (dir)) != NULL)
{
if (!(pid = (pid_t) atoi (de->d_name)) || pid == self)
continue;
if (pids == max_pids)
{
if (!(pid_table = realloc (pid_table, 2 * pids * sizeof (pid_t))))
{
perror ("realloc");
exit (1);
}
max_pids *= 2;
}
pid_table[pids++] = pid;
}
(void) closedir (dir);
pids_killed = 0;
pid_killed = malloc (max_pids * sizeof (pid_t));
if (!pid_killed)
{
perror ("malloc");
exit (1);
}
if (!process_group)
pgids = NULL; /* silence gcc */
else
{
pgids = calloc (pids, sizeof (pid_t));
if (!pgids)
{
perror ("malloc");
exit (1);
}
}
for (i = 0; i < pids; i++)
{
pid_t id;
int found_name = -1;
double process_age_sec = 0;
/* match by UID */
if (pwent && match_process_uid(pid_table[i], pwent->pw_uid)==0)
continue;
#ifdef WITH_SELINUX
/* match by SELinux context */
if (scontext)
{
if (getpidcon(pid_table[i], &lcontext) < 0)
continue;
if (regexec(scontext, lcontext, 0, NULL, 0) != 0) {
freecon(lcontext);
continue;
}
freecon(lcontext);
}
#endif /*WITH_SELINUX*/
/* load process name */
if (asprintf (&path, PROC_BASE "/%d/stat", pid_table[i]) < 0)
continue;
if (!(file = fopen (path, "r")))
{
free (path);
continue;
}
free (path);
okay = fscanf (file, "%*d (%15[^)]", comm) == 1;
if (!okay) {
fclose(file);
continue;
}
if ( younger_than || older_than ) {
rewind(file);
unsigned long long proc_stt_jf = 0;
okay = fscanf(file, "%*d %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %Lu",
&proc_stt_jf) == 1;
if (!okay) {
fclose(file);
continue;
}
process_age_sec = process_age(proc_stt_jf);
}
(void) fclose (file);
got_long = 0;
command = NULL; /* make gcc happy */
length = strlen (comm);
if (length == COMM_LEN - 1)
{
if (asprintf (&path, PROC_BASE "/%d/cmdline", pid_table[i]) < 0)
continue;
if (!(file = fopen (path, "r"))) {
free (path);
continue;
}
free (path);
while (1) {
/* look for actual command so we skip over initial "sh" if any */
char *p;
int cmd_size = 128;
command_buf = (char *)malloc (cmd_size);
if (!command_buf)
exit (1);
/* 'cmdline' has arguments separated by nulls */
for (p=command_buf; ; p++) {
int c;
if (p == (command_buf + cmd_size))
{
int cur_size = cmd_size;
cmd_size *= 2;
command_buf = (char *)realloc(command_buf, cmd_size);
if (!command_buf)
exit (1);
p = command_buf + cur_size;
}
c = fgetc(file);
if (c == EOF || c == '\0') {
*p = '\0';
break;
} else {
*p = c;
}
}
if (strlen(command_buf) == 0) {
okay = 0;
break;
}
p = strrchr(command_buf,'/');
p = p ? p+1 : command_buf;
if (strncmp(p, comm, COMM_LEN-1) == 0) {
okay = 1;
command = p;
break;
}
}
(void) fclose(file);
if (exact && !okay)
{
if (verbose)
fprintf (stderr, _("killall: skipping partial match %s(%d)\n"),
comm, pid_table[i]);
continue;
}
got_long = okay;
}
/* mach by process name */
for (j = 0; j < names; j++)
{
if (reg)
{
if (regexec (®list[j], got_long ? command : comm, 0, NULL, 0) != 0)
continue;
}
else /* non-regex */
{
if ( younger_than && process_age_sec && (process_age_sec > younger_than ) )
continue;
if ( older_than && process_age_sec && (process_age_sec < older_than ) )
continue;
if (!sts[j].st_dev)
{
if (length != COMM_LEN - 1 || name_len[j] < COMM_LEN - 1)
{
if (ignore_case == 1)
{
if (strcasecmp (namelist[j], comm))
continue;
}
else
{
if (strcmp(namelist[j], comm))
continue;
}
}
else
{
if (ignore_case == 1)
{
if (got_long ? strcasecmp (namelist[j], command) :
strncasecmp (namelist[j], comm, COMM_LEN - 1))
continue;
}
else
{
if (got_long ? strcmp (namelist[j], command) :
strncmp (namelist[j], comm, COMM_LEN - 1))
continue;
}
}
}
else
{
int ok = 1;
if (asprintf (&path, PROC_BASE "/%d/exe", pid_table[i]) < 0)
continue;
if (stat (path, &st) < 0)
ok = 0;
else if (sts[j].st_dev != st.st_dev ||
sts[j].st_ino != st.st_ino)
{
/* maybe the binary has been modified and std[j].st_ino
* is not reliable anymore. We need to compare paths.
*/
size_t len = strlen(namelist[j]);
char *linkbuf = malloc(len + 1);
if (!linkbuf ||
readlink(path, linkbuf, len + 1) != len ||
memcmp(namelist[j], linkbuf, len))
ok = 0;
free(linkbuf);
}
free(path);
if (!ok)
continue;
}
} /* non-regex */
found_name = j;
break;
}
if (names && found_name==-1)
continue; /* match by process name faild */
/* check for process group */
if (!process_group)
id = pid_table[i];
else
{
int j;
id = getpgid (pid_table[i]);
pgids[i] = id;
if (id < 0)
{
fprintf (stderr, "killall: getpgid(%d): %s\n",
pid_table[i], strerror (errno));
}
for (j = 0; j < i; j++)
if (pgids[j] == id)
break;
if (j < i)
continue;
}
if (interactive && !ask (comm, id, signal))
continue;
if (kill (process_group ? -id : id, signal) >= 0)
{
if (verbose)
fprintf (stderr, _("Killed %s(%s%d) with signal %d\n"), got_long ? command :
comm, process_group ? "pgid " : "", id, signal);
if (found_name >= 0)
/* mark item of namelist */
found |= 1 << found_name;
pid_killed[pids_killed++] = id;
}
else if (errno != ESRCH || interactive)
fprintf (stderr, "%s(%d): %s\n", got_long ? command :
comm, id, strerror (errno));
}
if (!quiet)
for (i = 0; i < names; i++)
if (!(found & (1 << i)))
fprintf (stderr, _("%s: no process found\n"), namelist[i]);
if (names)
/* killall returns a zero return code if at least one process has
* been killed for each listed command. */
error = found == ((1 << (names - 1)) | ((1 << (names - 1)) - 1)) ? 0 : 1;
else
/* in nameless mode killall returns a zero return code if at least
* one process has killed */
error = pids_killed ? 0 : 1;
/*
* We scan all (supposedly) killed processes every second to detect dead
* processes as soon as possible in order to limit problems of race with
* PID re-use.
*/
while (pids_killed && wait_until_dead)
{
for (i = 0; i < pids_killed;)
{
if (kill (process_group ? -pid_killed[i] : pid_killed[i], 0) < 0 &&
errno == ESRCH)
{
pid_killed[i] = pid_killed[--pids_killed];
continue;
}
i++;
}
sleep (1); /* wait a bit longer */
}
return error;
}
static JSBool
rpmsx_getprop(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
{
void * ptr = JS_GetInstancePrivate(cx, obj, &rpmsxClass, NULL);
jsint tiny = JSVAL_TO_INT(id);
#if defined(WITH_SELINUX)
security_context_t con = NULL;
#endif
/* XXX the class has ptr == NULL, instances have ptr != NULL. */
if (ptr == NULL)
return JS_TRUE;
switch (tiny) {
case _DEBUG:
*vp = INT_TO_JSVAL(_debug);
break;
#if defined(WITH_SELINUX)
case _CURRENT: *vp = _GET_CON(!getcon(&con)); break;
case _PID: *vp = _GET_CON(!getpidcon(getpid(), &con)); break;
case _PPID: *vp = _GET_CON(!getpidcon(getppid(), &con)); break;
case _PREV: *vp = _GET_CON(!getprevcon(&con)); break;
case _EXEC: *vp = _GET_CON(!getexeccon(&con)); break;
case _FSCREATE: *vp = _GET_CON(!getfscreatecon(&con)); break;
case _KEYCREATE: *vp = _GET_CON(!getkeycreatecon(&con)); break;
case _SOCKCREATE: *vp = _GET_CON(!getsockcreatecon(&con)); break;
case _ENFORCE: *vp = INT_TO_JSVAL(security_getenforce()); break;
case _DENY: *vp = INT_TO_JSVAL(security_deny_unknown()); break;
case _POLICYVERS: *vp = INT_TO_JSVAL(security_policyvers()); break;
case _ENABLED: *vp = INT_TO_JSVAL(is_selinux_enabled()); break;
case _MLSENABLED: *vp = INT_TO_JSVAL(is_selinux_mls_enabled()); break;
#ifdef NOTYET
case _BOOLS: *vp = ; break;
#endif
case _ROOT: *vp = _GET_STR(selinux_policy_root()); break;
case _BINARY: *vp = _GET_STR(selinux_binary_policy_path()); break;
case _FAILSAFE: *vp = _GET_STR(selinux_failsafe_context_path());break;
case _REMOVABLE: *vp = _GET_STR(selinux_removable_context_path());break;
case _DEFAULT: *vp = _GET_STR(selinux_default_context_path()); break;
case _USER: *vp = _GET_STR(selinux_user_contexts_path()); break;
case _FCON: *vp = _GET_STR(selinux_file_context_path()); break;
case _FCONHOME: *vp = _GET_STR(selinux_file_context_homedir_path());break;
case _FCONLOCAL: *vp = _GET_STR(selinux_file_context_local_path());break;
case _FCONSUBS: *vp = _GET_STR(selinux_file_context_subs_path());break;
case _HOMEDIR: *vp = _GET_STR(selinux_homedir_context_path()); break;
case _MEDIA: *vp = _GET_STR(selinux_media_context_path()); break;
case _VIRTDOMAIN: *vp = _GET_STR(selinux_virtual_domain_context_path());break;
case _VIRTIMAGE: *vp = _GET_STR(selinux_virtual_image_context_path());break;
case _X: *vp = _GET_STR(selinux_x_context_path()); break;
case _CONTEXTS: *vp = _GET_STR(selinux_contexts_path()); break;
case _SECURETTY: *vp = _GET_STR(selinux_securetty_types_path()); break;
case _BOOLEANS: *vp = _GET_STR(selinux_booleans_path()); break;
case _CUSTOMTYPES: *vp = _GET_STR(selinux_customizable_types_path());break;
case _USERS: *vp = _GET_STR(selinux_users_path()); break;
case _USERSCONF: *vp = _GET_STR(selinux_usersconf_path()); break;
case _XLATIONS: *vp = _GET_STR(selinux_translations_path()); break;
case _COLORS: *vp = _GET_STR(selinux_colors_path()); break;
case _NETFILTER: *vp = _GET_STR(selinux_netfilter_context_path());break;
case _PATH: *vp = _GET_STR(selinux_path()); break;
#endif
default:
break;
}
#if defined(WITH_SELINUX)
if (con) {
freecon(con);
con = NULL;
}
#endif
return JS_TRUE;
}
