findutils: 4.2.31, support selinux

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>

2 files changed, 508 insertions, 0 deletions

diff --git a/recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch b/recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch
new file mode 100644
index 0000000..73a9747
--- /dev/null
+++ b/recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch
@@ -0,0 +1,499 @@
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Thu, 21 Jun 2012 17:01:39 +0800
+Subject: [PATCH] findutils: support selinux.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+---
+ configure.in     |   10 +++++
+ doc/find.texi    |   12 +++++++
+ find/Makefile.am |    2 +-
+ find/defs.h      |   15 ++++++++-
+ find/find.1      |    4 ++
+ find/find.c      |   97 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ find/parser.c    |   50 ++++++++++++++++++++++++++--
+ find/pred.c      |   53 +++++++++++++++++++++++++++++
+ find/util.c      |    3 ++
+ 9 files changed, 240 insertions(+), 6 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 6a20f15..00dd7f8 100644
+--- a/configure.in
++++ b/configure.in
+@@ -101,6 +101,16 @@ dnl C library, try -lsun.
+ AC_CHECK_FUNC(getpwnam, [],
+ [AC_CHECK_LIB(sun, getpwnam)])
+ 
++AC_ARG_WITH([selinux],
++           AS_HELP_STRING([--without-selinux], [disable SELinux support]),
++           [:],
++[AC_CHECK_LIB([selinux], [is_selinux_enabled],
++             [with_selinux=yes], [with_selinux=no])])
++if test x$with_selinux != xno; then
++   AC_DEFINE([WITH_SELINUX], [1], [Define to support SELinux])
++   AC_SUBST([LIBSELINUX], [-lselinux])
++fi
++
+ dnl Checks for header files.
+ AC_HEADER_STDC
+ dnl Assume unistd.h is present - coreutils does too.
+diff --git a/doc/find.texi b/doc/find.texi
+index 5b5f0cf..e1ad433 100644
+--- a/doc/find.texi
++++ b/doc/find.texi
+@@ -1091,6 +1091,14 @@ will probably be made in early 2006.
+ 
+ @end deffn
+ 
++@deffn Test -context pattern
++True if file's SELinux context matches the pattern @var{pattern}.
++The pattern uses shell glob matching.
++
++This predicate is supported only on @code{find} versions compiled with
++SELinux support and only when SELinux is enabled.
++@end deffn
++
+ @node Contents
+ @section Contents
+ 
+@@ -1599,6 +1607,10 @@ semantics, you will see a difference between the mode as printed by
+ @item %M
+ File's permissions (in symbolic form, as for @code{ls}).  This
+ directive is supported in findutils 4.2.5 and later.
++
++@item %Z
++File's SELinux context, or empty string if the file has no SELinux context
++or this version of find does not support SELinux.
+ @end table
+ 
+ @node Size Directives
+diff --git a/find/Makefile.am b/find/Makefile.am
+index 8e71a32..405955a 100644
+--- a/find/Makefile.am
++++ b/find/Makefile.am
+@@ -6,7 +6,7 @@ bin_PROGRAMS = find
+ find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
+ EXTRA_DIST = defs.h $(man_MANS)
+ INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
+-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
++LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIBSELINUX@
+ man_MANS = find.1
+ SUBDIRS = testsuite
+ 
+diff --git a/find/defs.h b/find/defs.h
+index 9369c9a..8a8cf28 100644
+--- a/find/defs.h
++++ b/find/defs.h
+@@ -131,6 +131,10 @@ int get_statinfo PARAMS((const char *pathname, const char *name, struct stat *p)
+ #define MODE_RWX       (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
+ #define MODE_ALL       (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
+ 
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ #if 1
+ #include <stdbool.h>
+ typedef bool boolean;
+@@ -320,6 +324,9 @@ struct predicate
+     struct dir_id   fileid;    /* samefile */
+     mode_t type;               /* type */
+     FILE *stream;              /* ls fls fprint0 */
++#ifdef WITH_SELINUX
++    security_context_t scontext; /* scontext */
++#endif
+     struct format_val printf_vec; /* printf fprintf fprint  */
+   } args;
+ 
+@@ -481,7 +488,9 @@ boolean pred_uid PARAMS((char *pathname, struct stat *stat_buf, struct predicate
+ boolean pred_used PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+ boolean pred_user PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+ boolean pred_xtype PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+-
++#ifdef WITH_SELINUX
++boolean pred_context PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
++#endif
+ 
+ 
+ int launch PARAMS((const struct buildcmd_control *ctl,
+@@ -570,6 +579,10 @@ struct options
+    * can be changed with the positional option, -regextype.
+    */
+   int regex_options;
++
++#ifdef WITH_SELINUX
++  int (*x_getfilecon) ();
++#endif
+ };
+ extern struct options options;
+ 
+diff --git a/find/find.1 b/find/find.1
+index 9be362f..2753d47 100644
+--- a/find/find.1
++++ b/find/find.1
+@@ -487,6 +487,8 @@ links: if the \-H or \-P option was specified, true if the file is a
+ link to a file of type \fIc\fR; if the \-L option has been given, true
+ if \fIc\fR is `l'.  In other words, for symbolic links, \-xtype checks
+ the type of the file that \-type does not check.
++.IP "\-context \fIpattern\fR"
++(SELinux only) Security context of the file matches glob \fIpattern\fR.
+ 
+ .SS ACTIONS
+ .IP "\-delete\fR"
+@@ -789,6 +791,8 @@ File's numeric user ID.
+ File's type (like in ls \-l), U=unknown type (shouldn't happen)
+ .IP %Y
+ File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
++.IP %Z
++(SELinux only) file's security context
+ .PP
+ A `%' character followed by any other character is discarded, but the
+ other character is printed (don't rely on this, as further format
+diff --git a/find/find.c b/find/find.c
+index df28db6..6b3a2de 100644
+--- a/find/find.c
++++ b/find/find.c
+@@ -245,6 +245,92 @@ optionp_stat(const char *name, struct stat *p)
+   return lstat(name, p);
+ }
+ 
++#ifdef WITH_SELINUX
++static int
++fallback_getfilecon(const char *name, security_context_t *p, int prev_rv)
++{
++  /* Our original getfilecon() call failed.  Perhaps we can't follow a
++   * symbolic link.  If that might be the problem, lgetfilecon() the link.
++   * Otherwise, admit defeat.
++   */
++  switch (errno)
++    {
++    case ENOENT:
++    case ENOTDIR:
++#ifdef DEBUG_STAT
++      fprintf(stderr, "fallback_getfilecon(): getfilecon(%s) failed; falling back on lgetfilecon()\n", name);
++#endif
++      return lgetfilecon(name, p);
++
++    case EACCES:
++    case EIO:
++    case ELOOP:
++    case ENAMETOOLONG:
++#ifdef EOVERFLOW
++    case EOVERFLOW:        /* EOVERFLOW is not #defined on UNICOS. */
++#endif
++    default:
++      return prev_rv;         
++    }
++}
++
++/* optionh_getfilecon() implements the getfilecon operation when the
++ * -H option is in effect.
++ *
++ * If the item to be examined is a command-line argument, we follow
++ * symbolic links.  If the getfilecon() call fails on the command-line
++ * item, we fall back on the properties of the symbolic link.
++ *
++ * If the item to be examined is not a command-line argument, we
++ * examine the link itself.
++ */
++int
++optionh_getfilecon(const char *name, security_context_t *p)
++{
++  if (0 == state.curdepth)
++    {
++      /* This file is from the command line; deference the link (if it
++       * is a link).
++       */
++      int rv = getfilecon(name, p);
++      if (0 == rv)
++       return 0;               /* success */
++      else
++       return fallback_getfilecon(name, p, rv);
++    }
++  else
++    {
++      /* Not a file on the command line; do not derefernce the link.
++       */
++      return lgetfilecon(name, p);
++    }
++}
++
++/* optionl_getfilecon() implements the getfilecon operation when the
++ * -L option is in effect.  That option makes us examine the thing the
++ * symbolic link points to, not the symbolic link itself.
++ */
++int
++optionl_getfilecon(const char *name, security_context_t *p)
++{
++  int rv = getfilecon(name, p);
++  if (0 == rv)
++    return 0;                  /* normal case. */
++  else
++    return fallback_getfilecon(name, p, rv);
++}
++
++/* optionp_getfilecon() implements the stat operation when the -P
++ * option is in effect (this is also the default).  That option makes
++ * us examine the symbolic link itself, not the thing it points to.
++ */
++int
++optionp_getfilecon(const char *name, security_context_t *p)
++{
++  return lgetfilecon(name, p);
++}
++#endif /* WITH_SELINUX */
++
+ #ifdef DEBUG_STAT
+ static uintmax_t stat_count = 0u;
+ 
+@@ -272,11 +358,17 @@ set_follow_state(enum SymlinkOption opt)
+     {
+     case SYMLINK_ALWAYS_DEREF:  /* -L */
+       options.xstat = optionl_stat;
++#ifdef WITH_SELINUX
++      options.x_getfilecon = optionl_getfilecon;
++#endif
+       options.no_leaf_check = true;
+       break;
+       
+     case SYMLINK_NEVER_DEREF:  /* -P (default) */
+       options.xstat = optionp_stat;
++#ifdef WITH_SELINUX
++      options.x_getfilecon = optionp_getfilecon;
++#endif
+       /* Can't turn no_leaf_check off because the user might have specified 
+        * -noleaf anyway
+        */
+@@ -284,6 +376,9 @@ set_follow_state(enum SymlinkOption opt)
+       
+     case SYMLINK_DEREF_ARGSONLY: /* -H */
+       options.xstat = optionh_stat;
++#ifdef WITH_SELINUX
++      options.x_getfilecon = optionh_getfilecon;
++#endif
+       options.no_leaf_check = true;
+     }
+ 
+@@ -1807,7 +1902,7 @@ complete_pending_execs(struct predicate *p)
+ static void
+ process_dir (char *pathname, char *name, int pathlen, struct stat *statp, char *parent)
+ {
+-  int subdirs_left;            /* Number of unexamined subdirs in PATHNAME. */
++  int subdirs_left = 0;                /* Number of unexamined subdirs in PATHNAME. */
+   boolean subdirs_unreliable;  /* if true, cannot use dir link count as subdir limif (if false, it may STILL be unreliable) */
+   int idx;                     /* Which entry are we on? */
+   struct stat stat_buf;
+diff --git a/find/parser.c b/find/parser.c
+index fcdb98a..e67e09f 100644
+--- a/find/parser.c
++++ b/find/parser.c
+@@ -48,6 +48,10 @@
+ /* We need <unistd.h> for isatty(). */
+ #include <unistd.h> 
+ 
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ #if ENABLE_NLS
+ # include <libintl.h>
+ # define _(Text) gettext (Text)
+@@ -148,7 +152,9 @@ static boolean parse_noignore_race PARAMS((const struct parser_table*, char *arg
+ static boolean parse_warn          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+ static boolean parse_xtype         PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+ static boolean parse_quit          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+-
++#ifdef WITH_SELINUX
++static boolean parse_context       PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
++#endif
+ 
+ 
+ boolean parse_print             PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+@@ -216,6 +222,9 @@ static struct parser_table const parse_table[] =
+   PARSE_TEST       ("cmin",                  cmin),         /* GNU */
+   PARSE_TEST       ("cnewer",                cnewer),       /* GNU */
+   PARSE_TEST       ("ctime",                 ctime),
++#ifdef WITH_SELINUX
++  PARSE_TEST       ("context",               context),      /* GNU */
++#endif
+   PARSE_POSOPT     ("daystart",              daystart),             /* GNU */
+   PARSE_ACTION     ("delete",                delete), /* GNU, Mac OS, FreeBSD */
+   PARSE_OPTION     ("d",                     d), /* Mac OS X, FreeBSD, NetBSD, OpenBSD, but deprecated  in favour of -depth */
+@@ -801,8 +810,12 @@ tests (N can be +N or -N or N): -amin N -anewer FILE -atime N -cmin N\n\
+   puts (_("\
+       -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
+       -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
+-      -used N -user NAME -xtype [bcdpfls]\n"));
++      -used N -user NAME -xtype [bcdpfls]"));
++#ifdef WITH_SELINUX
+   puts (_("\
++      -context CONTEXT\n"));
++#endif
++  puts (_("\n\
+ actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
+       -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
+       -exec COMMAND ; -exec COMMAND {} + -ok COMMAND ;\n\
+@@ -1718,6 +1731,10 @@ parse_version (const struct parser_table* entry, char **argv, int *arg_ptr)
+   printf("LEAF_OPTIMISATION ");
+   ++features;
+ #endif
++#if defined(WITH_SELINUX)
++  printf("SELINUX ");
++  ++features;
++#endif
+   if (0 == features)
+     {
+       /* For the moment, leave this as English in case someone wants
+@@ -1729,6 +1746,32 @@ parse_version (const struct parser_table* entry, char **argv, int *arg_ptr)
+   exit (0);
+ }
+ 
++#ifdef WITH_SELINUX
++static boolean
++parse_context (const struct parser_table* entry, char **argv, int *arg_ptr)
++{
++  struct predicate *our_pred;
++
++  if ((argv == NULL) || (argv[*arg_ptr] == NULL))
++    return false;
++
++  if (is_selinux_enabled() <= 0)
++    {
++      error (1, 0, _("invalid predicate -context: SELinux is not enabled."));
++      return false;
++    }
++  our_pred = insert_primary (entry);
++  our_pred->need_stat = false;
++#ifdef DEBUG
++  our_pred->p_name = find_pred_name (pred_context);
++#endif /*DEBUG*/
++  our_pred->args.scontext = argv[*arg_ptr];
++
++  (*arg_ptr)++;
++  return true;
++}
++#endif /* WITH_SELINUX */
++
+ static boolean
+ parse_xdev (const struct parser_table* entry, char **argv, int *arg_ptr)
+ {
+@@ -1971,7 +2014,7 @@ insert_fprintf (FILE *fp, const struct parser_table *entry, PRED_FUNC func, char
+          if (*scan2 == '.')
+            for (scan2++; ISDIGIT (*scan2); scan2++)
+              /* Do nothing. */ ;
+-         if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
++         if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
+            {
+              segmentp = make_segment (segmentp, format, scan2 - format,
+                                       (int) *scan2);
+@@ -2046,6 +2089,7 @@ make_segment (struct segment **segment, char *format, int len, int kind)
+     case 'u':                  /* user name */
+     case 'y':                  /* file type */
+     case 'Y':                  /* symlink pointed file type */
++    case 'Z':                  /* SELinux security context */
+       fprintf_stat_needed = true;
+       /* FALLTHROUGH */
+     case 'f':                  /* basename of path */
+diff --git a/find/pred.c b/find/pred.c
+index 9ec10a4..1da49dc 100644
+--- a/find/pred.c
++++ b/find/pred.c
+@@ -38,6 +38,10 @@
+ #include "buildcmd.h"
+ #include "yesno.h"
+ 
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#endif /*WITH_SELINUX*/
++
+ #if ENABLE_NLS
+ # include <libintl.h>
+ # define _(Text) gettext (Text)
+@@ -217,6 +221,9 @@ struct pred_assoc pred_table[] =
+   {pred_used, "used    "},
+   {pred_user, "user    "},
+   {pred_xtype, "xtype   "},
++#ifdef WITH_SELINUX
++  {pred_context, "context"},
++#endif /*WITH_SELINUX*/
+   {0, "none    "}
+ };
+ 
+@@ -905,6 +912,27 @@ pred_fprintf (char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
+                     mode_to_filetype(stat_buf->st_mode & S_IFMT));
+          }
+          break;
++       case 'Z':               /* SELinux security context */
++#ifdef WITH_SELINUX
++         {
++           security_context_t scontext;
++           int rv;
++           rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
++
++           if (rv < 0)
++             {
++               fprintf (stderr, "getfilecon(%s): %s", pathname,
++                        strerror(errno));
++               fflush (stderr);
++             }
++           else
++             {
++               fprintf (fp, segment->text, scontext);
++               freecon (scontext);
++             }
++         }
++#endif /* WITH_SELINUX */
++         break;
+        }
+     }
+   return true;
+@@ -1497,6 +1525,31 @@ pred_xtype (char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
+    */
+   return (pred_type (pathname, &sbuf, pred_ptr));
+ }
++
++#ifdef WITH_SELINUX
++
++boolean
++pred_context (char *pathname, struct stat *stat_buf,
++             struct predicate *pred_ptr)
++{
++  int rv;
++  security_context_t scontext;
++
++  rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
++
++  if (rv < 0)
++    {
++      fprintf (stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
++      fflush (stderr);
++      return false;
++    }
++
++  rv = (fnmatch (pred_ptr->args.scontext, scontext, 0) == 0);
++  freecon (scontext);
++  return rv;
++}
++
++#endif /*WITH_SELINUX*/
+ 
+ /*  1) fork to get a child; parent remembers the child pid
+     2) child execs the command requested
+diff --git a/find/util.c b/find/util.c
+index 97c8687..77bdfa8 100644
+--- a/find/util.c
++++ b/find/util.c
+@@ -78,6 +78,9 @@ get_new_pred (const struct parser_table *entry)
+   last_pred->need_stat = true;
+   last_pred->need_type = true;
+   last_pred->args.str = NULL;
++#ifdef WITH_SELINUX
++  last_pred->args.scontext = NULL;
++#endif
+   last_pred->pred_next = NULL;
+   last_pred->pred_left = NULL;
+   last_pred->pred_right = NULL;
+-- 
+1.7.5.4
+
diff --git a/recipes-extended/findutils/findutils_4.2.31.bbappend b/recipes-extended/findutils/findutils_4.2.31.bbappend
new file mode 100644
index 0000000..c44e103
--- /dev/null
+++ b/recipes-extended/findutils/findutils_4.2.31.bbappend
@@ -0,0 +1,9 @@
+PR .= ".1"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
+
+SRC_URI += "file://findutils-selinux.patch"
+
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}"
+
+EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'selinux', '--with-selinux', '--without-selinux', d)}"