static jstring getFdConInner(JNIEnv *env, jobject fileDescriptor, bool isSocket) {
if (isSELinuxDisabled) {
return NULL;
}
if (fileDescriptor == NULL) {
jniThrowNullPointerException(env,
"Trying to check security context of a null FileDescriptor.");
return NULL;
}
int fd = jniGetFDFromFileDescriptor(env, fileDescriptor);
if (env->ExceptionCheck()) {
ALOGE("getFdCon => getFD for %p failed", fileDescriptor);
return NULL;
}
security_context_t tmp = NULL;
int ret;
if (isSocket) {
ret = getpeercon(fd, &tmp);
} else{
ret = fgetfilecon(fd, &tmp);
}
Unique_SecurityContext context(tmp);
ScopedLocalRef<jstring> contextStr(env, NULL);
if (ret != -1) {
contextStr.reset(env->NewStringUTF(context.get()));
}
ALOGV("getFdCon(%d) => %s", fd, context.get());
return contextStr.release();
}
/*
* This function attempts to revert the relabeling done to the tty.
* fd - referencing the opened ttyn
* ttyn - name of tty to restore
*
* Returns zero on success, non-zero otherwise
*/
int
selinux_restore_tty(void)
{
int retval = 0;
security_context_t chk_tty_context = NULL;
debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX)
if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL)
goto skip_relabel;
/* Verify that the tty still has the context set by sudo. */
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
sudo_warn(U_("unable to fgetfilecon %s"), se_state.ttyn);
goto skip_relabel;
}
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
sudo_warnx(U_("%s changed labels"), se_state.ttyn);
goto skip_relabel;
}
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
sudo_warn(U_("unable to restore context for %s"), se_state.ttyn);
skip_relabel:
if (se_state.ttyfd != -1) {
close(se_state.ttyfd);
se_state.ttyfd = -1;
}
if (chk_tty_context != NULL) {
freecon(chk_tty_context);
chk_tty_context = NULL;
}
debug_return_int(retval);
}
/*
* This function attempts to revert the relabeling done to the tty.
* fd - referencing the opened ttyn
* ttyn - name of tty to restore
*
* Returns zero on success, non-zero otherwise
*/
int
selinux_restore_tty(void)
{
int retval = 0;
security_context_t chk_tty_context = NULL;
if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL)
goto skip_relabel;
/* Verify that the tty still has the context set by sudo. */
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
warning("unable to fgetfilecon %s", se_state.ttyn);
goto skip_relabel;
}
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
warningx("%s changed labels.", se_state.ttyn);
goto skip_relabel;
}
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
warning("unable to restore context for %s", se_state.ttyn);
skip_relabel:
if (se_state.ttyfd != -1) {
close(se_state.ttyfd);
se_state.ttyfd = -1;
}
if (chk_tty_context != NULL) {
freecon(chk_tty_context);
chk_tty_context = NULL;
}
return retval;
}
void FAST_FUNC selinux_preserve_fcontext(int fdesc)
{
security_context_t context;
if (fgetfilecon(fdesc, &context) < 0) {
if (errno == ENODATA || errno == ENOTSUP)
return;
bb_perror_msg_and_die("fgetfilecon failed");
}
setfscreatecon_or_die(context);
freecon(context);
}
/* lgetfileconat is called against FILE_NAME iff the FD parameter is set to
zero, otherwise the fgetfileconat is used against correct file descriptor */
void
xattrs_selinux_get (int parentfd, char const *file_name,
struct tar_stat_info *st, int fd)
{
if (selinux_context_option > 0)
{
#if HAVE_SELINUX_SELINUX_H != 1
static int done = 0;
if (!done)
WARN ((0, 0, _("SELinux support is not available")));
done = 1;
#else
int result = fd ?
fgetfilecon (fd, &st->cntx_name)
: lgetfileconat (parentfd, file_name, &st->cntx_name);
if (result == -1 && errno != ENODATA && errno != ENOTSUP)
call_arg_warn (fd ? "fgetfilecon" : "lgetfileconat", file_name);
#endif
}
}
static int
SELinuxFSetFilecon(int fd, char *tcon)
{
security_context_t econ;
VIR_INFO("Setting SELinux context on fd %d to '%s'", fd, tcon);
if (fsetfilecon(fd, tcon) < 0) {
int fsetfilecon_errno = errno;
if (fgetfilecon(fd, &econ) >= 0) {
if (STREQ(tcon, econ)) {
freecon(econ);
/* It's alright, there's nothing to change anyway. */
return 0;
}
freecon(econ);
}
/* if the error complaint is related to an image hosted on
* an nfs mount, or a usbfs/sysfs filesystem not supporting
* labelling, then just ignore it & hope for the best.
* The user hopefully set one of the necessary SELinux
* virt_use_{nfs,usb,pci} boolean tunables to allow it...
*/
if (fsetfilecon_errno != EOPNOTSUPP) {
virReportSystemError(fsetfilecon_errno,
_("unable to set security context '%s' on fd %d"),
tcon, fd);
if (security_getenforce() == 1)
return -1;
} else {
VIR_INFO("Setting security context '%s' on fd %d not supported",
tcon, fd);
}
}
return 0;
}
static void mkswap_selinux_setcontext(int fd, const char *path)
{
struct stat stbuf;
if (!is_selinux_enabled())
return;
if (fstat(fd, &stbuf) < 0)
bb_perror_msg_and_die("fstat failed");
if (S_ISREG(stbuf.st_mode)) {
security_context_t newcon;
security_context_t oldcon = NULL;
context_t context;
if (fgetfilecon(fd, &oldcon) < 0) {
if (errno != ENODATA)
goto error;
if (matchpathcon(path, stbuf.st_mode, &oldcon) < 0)
goto error;
}
context = context_new(oldcon);
if (!context || context_type_set(context, "swapfile_t"))
goto error;
newcon = context_str(context);
if (!newcon)
goto error;
/* fsetfilecon_raw is hidden */
if (strcmp(oldcon, newcon) != 0 && fsetfilecon(fd, newcon) < 0)
goto error;
if (ENABLE_FEATURE_CLEAN_UP) {
context_free(context);
freecon(oldcon);
}
}
return;
error:
bb_perror_msg_and_die("SELinux relabeling failed");
}
int
main(int argc, char **argv) {
struct stat statbuf;
struct swap_header_v1_2 *hdr;
int c;
unsigned long long maxpages;
unsigned long long goodpages;
unsigned long long sz;
off_t offset;
int force = 0;
int version = 1;
char *block_count = 0;
char *opt_label = NULL;
unsigned char *uuid = NULL;
#ifdef HAVE_LIBUUID
const char *opt_uuid = NULL;
uuid_t uuid_dat;
#endif
static const struct option longopts[] = {
{ "check", no_argument, 0, 'c' },
{ "force", no_argument, 0, 'f' },
{ "pagesize", required_argument, 0, 'p' },
{ "label", required_argument, 0, 'L' },
{ "swapversion", required_argument, 0, 'v' },
{ "uuid", required_argument, 0, 'U' },
{ "version", no_argument, 0, 'V' },
{ "help", no_argument, 0, 'h' },
{ NULL, 0, 0, 0 }
};
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
atexit(close_stdout);
while((c = getopt_long(argc, argv, "cfp:L:v:U:Vh", longopts, NULL)) != -1) {
switch (c) {
case 'c':
check=1;
break;
case 'f':
force=1;
break;
case 'p':
user_pagesize = strtou32_or_err(optarg, _("parsing page size failed"));
break;
case 'L':
opt_label = optarg;
break;
case 'v':
version = strtos32_or_err(optarg, _("parsing version number failed"));
break;
case 'U':
#ifdef HAVE_LIBUUID
opt_uuid = optarg;
#else
warnx(_("warning: ignoring -U (UUIDs are unsupported by %s)"),
program_invocation_short_name);
#endif
break;
case 'V':
printf(UTIL_LINUX_VERSION);
exit(EXIT_SUCCESS);
case 'h':
usage(stdout);
default:
usage(stderr);
}
}
if (optind < argc)
device_name = argv[optind++];
if (optind < argc)
block_count = argv[optind++];
if (optind != argc) {
warnx(_("only one device argument is currently supported"));
usage(stderr);
}
if (version != 1)
errx(EXIT_FAILURE,
_("swapspace version %d is not supported"), version);
#ifdef HAVE_LIBUUID
if(opt_uuid) {
if (uuid_parse(opt_uuid, uuid_dat) != 0)
errx(EXIT_FAILURE, _("error: parsing UUID failed"));
} else
uuid_generate(uuid_dat);
uuid = uuid_dat;
#endif
init_signature_page(); /* get pagesize */
if (!device_name) {
warnx(_("error: Nowhere to set up swap on?"));
usage(stderr);
}
if (block_count) {
/* this silly user specified the number of blocks explicitly */
uint64_t blks = strtou64_or_err(block_count,
_("invalid block count argument"));
PAGES = blks / (pagesize / 1024);
}
sz = get_size(device_name);
if (!PAGES)
PAGES = sz;
else if (PAGES > sz && !force) {
errx(EXIT_FAILURE,
_("error: "
"size %llu KiB is larger than device size %llu KiB"),
PAGES*(pagesize/1024), sz*(pagesize/1024));
}
if (PAGES < MIN_GOODPAGES) {
warnx(_("error: swap area needs to be at least %ld KiB"),
(long)(MIN_GOODPAGES * pagesize/1024));
usage(stderr);
}
#ifdef __linux__
if (get_linux_version() >= KERNEL_VERSION(2,3,4))
maxpages = UINT_MAX + 1ULL;
else if (get_linux_version() >= KERNEL_VERSION(2,2,1))
maxpages = V1_MAX_PAGES;
else
#endif
maxpages = V1_OLD_MAX_PAGES;
if (PAGES > maxpages) {
PAGES = maxpages;
warnx(_("warning: truncating swap area to %llu KiB"),
PAGES * pagesize / 1024);
}
if (is_mounted(device_name))
errx(EXIT_FAILURE, _("error: "
"%s is mounted; will not make swapspace"),
device_name);
if (stat(device_name, &statbuf) < 0) {
perror(device_name);
exit(EXIT_FAILURE);
}
if (S_ISBLK(statbuf.st_mode))
DEV = open(device_name, O_RDWR | O_EXCL);
else
DEV = open(device_name, O_RDWR);
if (DEV < 0) {
perror(device_name);
exit(EXIT_FAILURE);
}
if (!S_ISBLK(statbuf.st_mode))
check=0;
else if (blkdev_is_misaligned(DEV))
warnx(_("warning: %s is misaligned"), device_name);
if (check)
check_blocks();
wipe_device(DEV, device_name, force);
hdr = (struct swap_header_v1_2 *) signature_page;
hdr->version = 1;
hdr->last_page = PAGES - 1;
hdr->nr_badpages = badpages;
if (badpages > PAGES - MIN_GOODPAGES)
errx(EXIT_FAILURE, _("Unable to set up swap-space: unreadable"));
goodpages = PAGES - badpages - 1;
printf(_("Setting up swapspace version 1, size = %llu KiB\n"),
goodpages * pagesize / 1024);
write_signature("SWAPSPACE2");
write_uuid_and_label(uuid, opt_label);
offset = 1024;
if (lseek(DEV, offset, SEEK_SET) != offset)
errx(EXIT_FAILURE, _("unable to rewind swap-device"));
if (write_all(DEV, (char *) signature_page + offset,
pagesize - offset) == -1)
err(EXIT_FAILURE,
_("%s: unable to write signature page"),
device_name);
#ifdef HAVE_LIBSELINUX
if (S_ISREG(statbuf.st_mode) && is_selinux_enabled() > 0) {
security_context_t context_string;
security_context_t oldcontext;
context_t newcontext;
if (fgetfilecon(DEV, &oldcontext) < 0) {
if (errno != ENODATA)
err(EXIT_FAILURE,
_("%s: unable to obtain selinux file label"),
device_name);
if (matchpathcon(device_name, statbuf.st_mode, &oldcontext))
errx(EXIT_FAILURE, _("unable to matchpathcon()"));
}
if (!(newcontext = context_new(oldcontext)))
errx(EXIT_FAILURE, _("unable to create new selinux context"));
if (context_type_set(newcontext, SELINUX_SWAPFILE_TYPE))
errx(EXIT_FAILURE, _("couldn't compute selinux context"));
context_string = context_str(newcontext);
if (strcmp(context_string, oldcontext)!=0) {
if (fsetfilecon(DEV, context_string))
err(EXIT_FAILURE, _("unable to relabel %s to %s"),
device_name, context_string);
}
context_free(newcontext);
freecon(oldcontext);
}
#endif
/*
* A subsequent swapon() will fail if the signature
* is not actually on disk. (This is a kernel bug.)
* The fsync() in close_fd() will take care of writing.
*/
if (close_fd(DEV) != 0)
err(EXIT_FAILURE, _("write failed"));
return EXIT_SUCCESS;
}
int
rpl_fgetfilecon (int fd, security_context_t *con)
{
int ret = fgetfilecon (fd, con);
return map_to_failure (ret, con);
}
/*
This function takes a PATH of an existing file system object, and a LOCAL
boolean that indicates whether the function should set the object's label
to the default for the local process, or one using system wide settings.
If LOCAL == true, it will ask the SELinux Kernel what the default label
for all objects created should be and then sets the label on the object.
Otherwise it calls matchpathcon on the object to ask the system what the
default label should be, extracts the type field and then modifies the file
system object. Note only the type field is updated, thus preserving MLS
levels and user identity etc. of the PATH.
Returns -1 on failure. errno will be set appropriately.
*/
static int
restorecon_private (char const *path, bool local)
{
int rc = -1;
struct stat sb;
char *scon = NULL;
char *tcon = NULL;
context_t scontext = 0, tcontext = 0;
const char *contype;
char *constr;
int fd;
if (local)
{
if (getfscreatecon (&tcon) < 0)
return rc;
if (!tcon)
{
errno = ENODATA;
return rc;
}
rc = lsetfilecon (path, tcon);
freecon (tcon);
return rc;
}
fd = open (path, O_RDONLY | O_NOFOLLOW);
if (fd == -1 && (errno != ELOOP))
goto quit;
if (fd != -1)
{
if (fstat (fd, &sb) < 0)
goto quit;
}
else
{
if (lstat (path, &sb) < 0)
goto quit;
}
if (matchpathcon (path, sb.st_mode, &scon) < 0)
{
/* "No such file or directory" is a confusing error,
when processing files, when in fact it was the
associated default context that was not found.
Therefore map the error to something more appropriate
to the context in which we're using matchpathcon(). */
if (errno == ENOENT)
errno = ENODATA;
goto quit;
}
if (!(scontext = context_new (scon)))
goto quit;
if (fd != -1)
{
if (fgetfilecon (fd, &tcon) < 0)
goto quit;
}
else
{
if (lgetfilecon (path, &tcon) < 0)
goto quit;
}
if (!(tcontext = context_new (tcon)))
goto quit;
if (!(contype = context_type_get (scontext)))
goto quit;
if (context_type_set (tcontext, contype))
goto quit;
if (!(constr = context_str (tcontext)))
goto quit;
if (fd != -1)
rc = fsetfilecon (fd, constr);
else
rc = lsetfilecon (path, constr);
quit:
if (fd != -1)
close (fd);
context_free (scontext);
context_free (tcontext);
freecon (scon);
freecon (tcon);
return rc;
}
int main(int argc, char **argv)
{
struct mkswap_control ctl = { .fd = -1 };
int c;
uint64_t sz;
int version = SWAP_VERSION;
char *block_count = NULL, *strsz = NULL;
#ifdef HAVE_LIBUUID
const char *opt_uuid = NULL;
uuid_t uuid_dat;
#endif
static const struct option longopts[] = {
{ "check", no_argument, 0, 'c' },
{ "force", no_argument, 0, 'f' },
{ "pagesize", required_argument, 0, 'p' },
{ "label", required_argument, 0, 'L' },
{ "swapversion", required_argument, 0, 'v' },
{ "uuid", required_argument, 0, 'U' },
{ "version", no_argument, 0, 'V' },
{ "help", no_argument, 0, 'h' },
{ NULL, 0, 0, 0 }
};
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
atexit(close_stdout);
while((c = getopt_long(argc, argv, "cfp:L:v:U:Vh", longopts, NULL)) != -1) {
switch (c) {
case 'c':
ctl.check = 1;
break;
case 'f':
ctl.force = 1;
break;
case 'p':
ctl.user_pagesize = strtou32_or_err(optarg, _("parsing page size failed"));
break;
case 'L':
ctl.opt_label = optarg;
break;
case 'v':
version = strtos32_or_err(optarg, _("parsing version number failed"));
if (version != SWAP_VERSION)
errx(EXIT_FAILURE,
_("swapspace version %d is not supported"), version);
break;
case 'U':
#ifdef HAVE_LIBUUID
opt_uuid = optarg;
#else
warnx(_("warning: ignoring -U (UUIDs are unsupported by %s)"),
program_invocation_short_name);
#endif
break;
case 'V':
printf(UTIL_LINUX_VERSION);
exit(EXIT_SUCCESS);
case 'h':
usage(stdout);
default:
usage(stderr);
}
}
if (optind < argc)
ctl.devname = argv[optind++];
if (optind < argc)
block_count = argv[optind++];
if (optind != argc) {
warnx(_("only one device argument is currently supported"));
usage(stderr);
}
#ifdef HAVE_LIBUUID
if(opt_uuid) {
if (uuid_parse(opt_uuid, uuid_dat) != 0)
errx(EXIT_FAILURE, _("error: parsing UUID failed"));
} else
uuid_generate(uuid_dat);
ctl.uuid = uuid_dat;
#endif
init_signature_page(&ctl); /* get pagesize and allocate signature page */
if (!ctl.devname) {
warnx(_("error: Nowhere to set up swap on?"));
usage(stderr);
}
if (block_count) {
/* this silly user specified the number of blocks explicitly */
uint64_t blks = strtou64_or_err(block_count,
_("invalid block count argument"));
ctl.npages = blks / (ctl.pagesize / 1024);
}
sz = get_size(&ctl);
if (!ctl.npages)
ctl.npages = sz;
else if (ctl.npages > sz && !ctl.force)
errx(EXIT_FAILURE,
_("error: "
"size %llu KiB is larger than device size %ju KiB"),
ctl.npages * (ctl.pagesize / 1024), sz * (ctl.pagesize / 1024));
if (ctl.npages < MIN_GOODPAGES)
errx(EXIT_FAILURE,
_("error: swap area needs to be at least %ld KiB"),
(long)(MIN_GOODPAGES * ctl.pagesize / 1024));
if (ctl.npages > UINT32_MAX) {
/* true when swap is bigger than 17.59 terabytes */
ctl.npages = UINT32_MAX;
warnx(_("warning: truncating swap area to %llu KiB"),
ctl.npages * ctl.pagesize / 1024);
}
if (is_mounted(ctl.devname))
errx(EXIT_FAILURE, _("error: "
"%s is mounted; will not make swapspace"),
ctl.devname);
open_device(&ctl);
if (ctl.check)
check_blocks(&ctl);
wipe_device(&ctl);
assert(ctl.hdr);
ctl.hdr->version = version;
ctl.hdr->last_page = ctl.npages - 1;
ctl.hdr->nr_badpages = ctl.nbadpages;
if ((ctl.npages - MIN_GOODPAGES) < ctl.nbadpages)
errx(EXIT_FAILURE, _("Unable to set up swap-space: unreadable"));
sz = (ctl.npages - ctl.nbadpages - 1) * ctl.pagesize;
strsz = size_to_human_string(SIZE_SUFFIX_SPACE | SIZE_SUFFIX_3LETTER, sz);
printf(_("Setting up swapspace version %d, size = %s (%ju bytes)\n"),
version, strsz, sz);
free(strsz);
set_signature(&ctl);
set_uuid_and_label(&ctl);
write_header_to_device(&ctl);
deinit_signature_page(&ctl);
#ifdef HAVE_LIBSELINUX
if (S_ISREG(ctl.devstat.st_mode) && is_selinux_enabled() > 0) {
security_context_t context_string;
security_context_t oldcontext;
context_t newcontext;
if (fgetfilecon(ctl.fd, &oldcontext) < 0) {
if (errno != ENODATA)
err(EXIT_FAILURE,
_("%s: unable to obtain selinux file label"),
ctl.devname);
if (matchpathcon(ctl.devname, ctl.devstat.st_mode, &oldcontext))
errx(EXIT_FAILURE, _("unable to matchpathcon()"));
}
if (!(newcontext = context_new(oldcontext)))
errx(EXIT_FAILURE, _("unable to create new selinux context"));
if (context_type_set(newcontext, SELINUX_SWAPFILE_TYPE))
errx(EXIT_FAILURE, _("couldn't compute selinux context"));
context_string = context_str(newcontext);
if (strcmp(context_string, oldcontext)!=0) {
if (fsetfilecon(ctl.fd, context_string))
err(EXIT_FAILURE, _("unable to relabel %s to %s"),
ctl.devname, context_string);
}
context_free(newcontext);
freecon(oldcontext);
}
#endif
/*
* A subsequent swapon() will fail if the signature
* is not actually on disk. (This is a kernel bug.)
* The fsync() in close_fd() will take care of writing.
*/
if (close_fd(ctl.fd) != 0)
err(EXIT_FAILURE, _("write failed"));
return EXIT_SUCCESS;
}
/*
* This function attempts to relabel the tty. If this function fails, then
* the contexts are free'd and -1 is returned. On success, 0 is returned
* and tty_context and new_tty_context are set.
*
* This function will not fail if it can not relabel the tty when selinux is
* in permissive mode.
*/
static int
relabel_tty(const char *ttyn, int ptyfd)
{
security_context_t tty_con = NULL;
security_context_t new_tty_con = NULL;
struct stat sb;
int fd;
debug_decl(relabel_tty, SUDO_DEBUG_SELINUX)
se_state.ttyfd = ptyfd;
/* It is perfectly legal to have no tty. */
if (ptyfd == -1 && ttyn == NULL)
debug_return_int(0);
/* If sudo is not allocating a pty for the command, open current tty. */
if (ptyfd == -1) {
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY|O_NONBLOCK);
if (se_state.ttyfd == -1 || fstat(se_state.ttyfd, &sb) == -1) {
sudo_warn(U_("unable to open %s, not relabeling tty"), ttyn);
goto bad;
}
if (!S_ISCHR(sb.st_mode)) {
sudo_warn(U_("%s is not a character device, not relabeling tty"),
ttyn);
goto bad;
}
(void)fcntl(se_state.ttyfd, F_SETFL,
fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
}
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
sudo_warn(U_("unable to get current tty context, not relabeling tty"));
goto bad;
}
if (tty_con) {
security_class_t tclass = string_to_security_class("chr_file");
if (tclass == 0) {
sudo_warn(U_("unknown security class \"chr_file\", not relabeling tty"));
goto bad;
}
if (security_compute_relabel(se_state.new_context, tty_con,
tclass, &new_tty_con) < 0) {
sudo_warn(U_("unable to get new tty context, not relabeling tty"));
goto bad;
}
}
if (new_tty_con != NULL) {
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
sudo_warn(U_("unable to set new tty context"));
goto bad;
}
}
if (ptyfd != -1) {
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
if (se_state.ttyfd == -1 || fstat(se_state.ttyfd, &sb) == -1) {
sudo_warn(U_("unable to open %s"), ttyn);
goto bad;
}
if (!S_ISCHR(sb.st_mode)) {
sudo_warn(U_("%s is not a character device, not relabeling tty"),
ttyn);
goto bad;
}
if (dup2(se_state.ttyfd, ptyfd) == -1) {
sudo_warn("dup2");
goto bad;
}
} else {
/* Re-open tty to get new label and reset std{in,out,err} */
close(se_state.ttyfd);
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY|O_NONBLOCK);
if (se_state.ttyfd == -1 || fstat(se_state.ttyfd, &sb) == -1) {
sudo_warn(U_("unable to open %s"), ttyn);
goto bad;
}
if (!S_ISCHR(sb.st_mode)) {
sudo_warn(U_("%s is not a character device, not relabeling tty"),
ttyn);
goto bad;
}
(void)fcntl(se_state.ttyfd, F_SETFL,
fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) {
if (isatty(fd) && dup2(se_state.ttyfd, fd) == -1) {
sudo_warn("dup2");
goto bad;
}
}
}
/* Retain se_state.ttyfd so we can restore label when command finishes. */
(void)fcntl(se_state.ttyfd, F_SETFD, FD_CLOEXEC);
se_state.ttyn = ttyn;
se_state.tty_context = tty_con;
se_state.new_tty_context = new_tty_con;
debug_return_int(0);
bad:
if (se_state.ttyfd != -1 && se_state.ttyfd != ptyfd) {
close(se_state.ttyfd);
se_state.ttyfd = -1;
}
freecon(tty_con);
debug_return_int(se_state.enforcing ? -1 : 0);
}
int
main(int argc, char ** argv) {
struct stat statbuf;
struct swap_header_v1_2 *hdr;
int i;
unsigned long long maxpages;
unsigned long long goodpages;
unsigned long long sz;
off_t offset;
int force = 0;
int version = 1;
char *block_count = 0;
char *pp;
char *opt_label = NULL;
unsigned char *uuid = NULL;
#ifdef HAVE_LIBUUID
const char *opt_uuid = NULL;
uuid_t uuid_dat;
#endif
program_name = (argc && *argv) ? argv[0] : "mkswap";
if ((pp = strrchr(program_name, '/')) != NULL)
program_name = pp+1;
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
if (argc == 2 &&
(!strcmp(argv[1], "-V") || !strcmp(argv[1], "--version"))) {
printf(_("%s (%s)\n"), program_name, PACKAGE_STRING);
exit(0);
}
for (i=1; i<argc; i++) {
if (argv[i][0] == '-') {
switch (argv[i][1]) {
case 'c':
check=1;
break;
case 'f':
force=1;
break;
case 'p':
pp = argv[i]+2;
if (!*pp && i+1 < argc)
pp = argv[++i];
if (isnzdigit(*pp))
user_pagesize = atoi(pp);
else
usage();
break;
case 'L':
pp = argv[i]+2;
if (!*pp && i+1 < argc)
pp = argv[++i];
opt_label = pp;
break;
case 'v':
version = atoi(argv[i]+2);
break;
case 'U':
#ifdef HAVE_LIBUUID
opt_uuid = argv[i]+2;
if (!*opt_uuid && i+1 < argc)
opt_uuid = argv[++i];
#else
fprintf(stderr, _("%1$s: warning: ignore -U (UUIDs are unsupported by %1$s)\n"),
program_name);
#endif
break;
default:
usage();
}
} else if (!device_name) {
device_name = argv[i];
} else if (!block_count) {
block_count = argv[i];
} else
usage();
}
if (version != 1) {
fprintf(stderr, _("%s: does not support swapspace version %d.\n"),
program_name, version);
exit(EXIT_FAILURE);
}
#ifdef HAVE_LIBUUID
if(opt_uuid) {
if (uuid_parse(opt_uuid, uuid_dat) != 0)
die(_("error: UUID parsing failed"));
} else
uuid_generate(uuid_dat);
uuid = uuid_dat;
#endif
init_signature_page(); /* get pagesize */
atexit(deinit_signature_page);
if (!device_name) {
fprintf(stderr,
_("%s: error: Nowhere to set up swap on?\n"),
program_name);
usage();
}
if (block_count) {
/* this silly user specified the number of blocks explicitly */
char *tmp = NULL;
long long blks;
errno = 0;
blks = strtoll(block_count, &tmp, 0);
if ((tmp == block_count) ||
(tmp && *tmp) ||
(errno != 0 && (blks == LLONG_MAX || blks == LLONG_MIN)) ||
blks < 0)
usage();
PAGES = blks / (pagesize / 1024);
}
sz = get_size(device_name);
if (!PAGES) {
PAGES = sz;
} else if (PAGES > sz && !force) {
fprintf(stderr,
_("%s: error: "
"size %llu KiB is larger than device size %llu KiB\n"),
program_name,
PAGES*(pagesize/1024), sz*(pagesize/1024));
exit(1);
}
if (PAGES < MIN_GOODPAGES) {
fprintf(stderr,
_("%s: error: swap area needs to be at least %ld KiB\n"),
program_name, (long)(MIN_GOODPAGES * pagesize/1024));
usage();
}
#ifdef __linux__
if (get_linux_version() >= KERNEL_VERSION(2,3,4))
maxpages = UINT_MAX + 1ULL;
else if (get_linux_version() >= KERNEL_VERSION(2,2,1))
maxpages = V1_MAX_PAGES;
else
#endif
maxpages = V1_OLD_MAX_PAGES;
if (PAGES > maxpages) {
PAGES = maxpages;
fprintf(stderr,
_("%s: warning: truncating swap area to %llu KiB\n"),
program_name, PAGES * pagesize / 1024);
}
if (stat(device_name, &statbuf) < 0) {
perror(device_name);
exit(EXIT_FAILURE);
}
if (S_ISBLK(statbuf.st_mode))
DEV = open(device_name, O_RDWR | O_EXCL);
else
DEV = open(device_name, O_RDWR);
if (DEV < 0) {
perror(device_name);
exit(1);
}
/* Want a block device. Probably not /dev/hda or /dev/hdb. */
if (!S_ISBLK(statbuf.st_mode))
check=0;
else if (statbuf.st_rdev == 0x0300 || statbuf.st_rdev == 0x0340) {
fprintf(stderr,
_("%s: error: "
"will not try to make swapdevice on '%s'\n"),
program_name, device_name);
exit(1);
} else if (check_mount()) {
fprintf(stderr,
_("%s: error: "
"%s is mounted; will not make swapspace.\n"),
program_name, device_name);
exit(1);
}
if (check)
check_blocks();
zap_bootbits(DEV, device_name, force, S_ISBLK(statbuf.st_mode));
hdr = (struct swap_header_v1_2 *) signature_page;
hdr->version = 1;
hdr->last_page = PAGES - 1;
hdr->nr_badpages = badpages;
if (badpages > PAGES - MIN_GOODPAGES)
die(_("Unable to set up swap-space: unreadable"));
goodpages = PAGES - badpages - 1;
printf(_("Setting up swapspace version 1, size = %llu KiB\n"),
goodpages * pagesize / 1024);
write_signature("SWAPSPACE2");
write_uuid_and_label(uuid, opt_label);
offset = 1024;
if (lseek(DEV, offset, SEEK_SET) != offset)
die(_("unable to rewind swap-device"));
if (write_all(DEV, (char *) signature_page + offset,
pagesize - offset) == -1) {
fprintf(stderr, _("%s: %s: unable to write signature page: %s"),
program_name, device_name, strerror(errno));
exit(1);
}
/*
* A subsequent swapon() will fail if the signature
* is not actually on disk. (This is a kernel bug.)
*/
#ifdef HAVE_FSYNC
if (fsync(DEV))
die(_("fsync failed"));
#endif
#ifdef HAVE_LIBSELINUX
if (S_ISREG(statbuf.st_mode) && is_selinux_enabled() > 0) {
security_context_t context_string;
security_context_t oldcontext;
context_t newcontext;
if (fgetfilecon(DEV, &oldcontext) < 0) {
if (errno != ENODATA) {
fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %s\n"),
program_name, device_name,
strerror(errno));
exit(1);
}
if (matchpathcon(device_name, statbuf.st_mode, &oldcontext))
die(_("unable to matchpathcon()"));
}
if (!(newcontext = context_new(oldcontext)))
die(_("unable to create new selinux context"));
if (context_type_set(newcontext, SELINUX_SWAPFILE_TYPE))
die(_("couldn't compute selinux context"));
context_string = context_str(newcontext);
if (strcmp(context_string, oldcontext)!=0) {
if (fsetfilecon(DEV, context_string)) {
fprintf(stderr, _("%s: unable to relabel %s to %s: %s\n"),
program_name, device_name,
context_string,
strerror(errno));
exit(1);
}
}
context_free(newcontext);
freecon(oldcontext);
}
#endif
return 0;
}
static int get_security_context(char *name, int crontab_fd, security_context_t
*rcontext, char *tabname) {
security_context_t *context_list = NULL;
security_context_t current_con;
int list_count = 0;
security_context_t file_context=NULL;
struct av_decision avd;
int retval=0;
char *seuser = NULL;
char *level = NULL;
int i;
if (name != NULL) {
if (getseuserbyname(name, &seuser, &level)) {
log_it(name, getpid(), "getseuserbyname FAILED", tabname);
return (security_getenforce() > 0);
}
}
else
{
seuser = strdup("system_u");
}
*rcontext = NULL;
if(getcon(¤t_con)) {
log_it(name, getpid(), "Can't get current context", tabname);
return -1;
}
list_count = get_ordered_context_list_with_level(seuser, level, current_con, &context_list);
freecon(current_con);
free(seuser);
free(level);
if (list_count == -1) {
if (security_getenforce() > 0) {
log_it(name, getpid(), "No SELinux security context", tabname);
return -1;
} else {
log_it(name, getpid(),
"No security context but SELinux in permissive mode,"
" continuing", tabname);
return 0;
}
}
if (fgetfilecon(crontab_fd, &file_context) < OK) {
if (security_getenforce() > 0) {
log_it(name, getpid(), "getfilecon FAILED", tabname);
freeconary(context_list);
return -1;
} else {
log_it(name, getpid(), "getfilecon FAILED but SELinux in "
"permissive mode, continuing", tabname);
*rcontext = strdup(context_list[0]);
freeconary(context_list);
return 0;
}
}
/*
* Since crontab files are not directly executed,
* crond must ensure that the crontab file has
* a context that is appropriate for the context of
* the user cron job. It performs an entrypoint
* permission check for this purpose.
*/
for(i = 0; i < list_count; i++)
{
retval = security_compute_av(context_list[i],
file_context,
SECCLASS_FILE,
FILE__ENTRYPOINT,
&avd);
if(!retval && ((FILE__ENTRYPOINT & avd.allowed) == FILE__ENTRYPOINT)) {
*rcontext = strdup(context_list[i]);
freecon(file_context);
freeconary(context_list);
return 0;
}
}
freecon(file_context);
if (security_getenforce() > 0) {
log_it(name, getpid(), "ENTRYPOINT FAILED", tabname);
freeconary(context_list);
return -1;
} else {
log_it(name, getpid(), "ENTRYPOINT FAILED but SELinux in permissive mode, continuing", tabname);
*rcontext = strdup(context_list[0]);
freeconary(context_list);
}
return 0;
}
/*
* This function attempts to relabel the tty. If this function fails, then
* the contexts are free'd and -1 is returned. On success, 0 is returned
* and tty_context and new_tty_context are set.
*
* This function will not fail if it can not relabel the tty when selinux is
* in permissive mode.
*/
static int
relabel_tty(const char *ttyn, int ptyfd)
{
security_context_t tty_con = NULL;
security_context_t new_tty_con = NULL;
int fd;
se_state.ttyfd = ptyfd;
/* It is perfectly legal to have no tty. */
if (ptyfd == -1 && ttyn == NULL)
return 0;
/* If sudo is not allocating a pty for the command, open current tty. */
if (ptyfd == -1) {
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) {
warning("unable to open %s, not relabeling tty", ttyn);
if (se_state.enforcing)
goto bad;
}
(void)fcntl(se_state.ttyfd, F_SETFL,
fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
}
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
warning("unable to get current tty context, not relabeling tty");
if (se_state.enforcing)
goto bad;
}
if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
warning("unable to get new tty context, not relabeling tty");
if (se_state.enforcing)
goto bad;
}
if (new_tty_con != NULL) {
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
warning("unable to set new tty context");
if (se_state.enforcing)
goto bad;
}
}
if (ptyfd != -1) {
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
if (se_state.ttyfd == -1) {
warning("cannot open %s", ttyn);
if (se_state.enforcing)
goto bad;
}
if (dup2(se_state.ttyfd, ptyfd) == -1) {
warning("dup2");
goto bad;
}
} else {
/* Re-open tty to get new label and reset std{in,out,err} */
close(se_state.ttyfd);
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) {
warning("unable to open %s", ttyn);
goto bad;
}
(void)fcntl(se_state.ttyfd, F_SETFL,
fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) {
if (isatty(fd) && dup2(se_state.ttyfd, fd) == -1) {
warning("dup2");
goto bad;
}
}
}
/* Retain se_state.ttyfd so we can restore label when command finishes. */
(void)fcntl(se_state.ttyfd, F_SETFD, FD_CLOEXEC);
se_state.ttyn = ttyn;
se_state.tty_context = tty_con;
se_state.new_tty_context = new_tty_con;
return 0;
bad:
if (se_state.ttyfd != -1 && se_state.ttyfd != ptyfd) {
close(se_state.ttyfd);
se_state.ttyfd = -1;
}
freecon(tty_con);
return -1;
}