Signed-off-by: Yi Zhao <yi.z...@windriver.com>
---
.../findutils-4.2.31/findutils-selinux.patch | 499 ---------------------
1 file changed, 499 deletions(-)
delete mode 100644
recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch
diff --git
a/recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch
b/recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch
deleted file mode 100644
index 73a9747..0000000
--- a/recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch
+++ /dev/null
@@ -1,499 +0,0 @@
-From: Xin Ouyang <xin.ouy...@windriver.com>
-Date: Thu, 21 Jun 2012 17:01:39 +0800
-Subject: [PATCH] findutils: support selinux.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <xin.ouy...@windriver.com>
----
- configure.in | 10 +++++
- doc/find.texi | 12 +++++++
- find/Makefile.am | 2 +-
- find/defs.h | 15 ++++++++-
- find/find.1 | 4 ++
- find/find.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
- find/parser.c | 50 ++++++++++++++++++++++++++--
- find/pred.c | 53 +++++++++++++++++++++++++++++
- find/util.c | 3 ++
- 9 files changed, 240 insertions(+), 6 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 6a20f15..00dd7f8 100644
---- a/configure.in
-+++ b/configure.in
-@@ -101,6 +101,16 @@ dnl C library, try -lsun.
- AC_CHECK_FUNC(getpwnam, [],
- [AC_CHECK_LIB(sun, getpwnam)])
-
-+AC_ARG_WITH([selinux],
-+ AS_HELP_STRING([--without-selinux], [disable SELinux support]),
-+ [:],
-+[AC_CHECK_LIB([selinux], [is_selinux_enabled],
-+ [with_selinux=yes], [with_selinux=no])])
-+if test x$with_selinux != xno; then
-+ AC_DEFINE([WITH_SELINUX], [1], [Define to support SELinux])
-+ AC_SUBST([LIBSELINUX], [-lselinux])
-+fi
-+
- dnl Checks for header files.
- AC_HEADER_STDC
- dnl Assume unistd.h is present - coreutils does too.
-diff --git a/doc/find.texi b/doc/find.texi
-index 5b5f0cf..e1ad433 100644
---- a/doc/find.texi
-+++ b/doc/find.texi
-@@ -1091,6 +1091,14 @@ will probably be made in early 2006.
-
- @end deffn
-
-+@deffn Test -context pattern
-+True if file's SELinux context matches the pattern @var{pattern}.
-+The pattern uses shell glob matching.
-+
-+This predicate is supported only on @code{find} versions compiled with
-+SELinux support and only when SELinux is enabled.
-+@end deffn
-+
- @node Contents
- @section Contents
-
-@@ -1599,6 +1607,10 @@ semantics, you will see a difference between the mode
as printed by
- @item %M
- File's permissions (in symbolic form, as for @code{ls}). This
- directive is supported in findutils 4.2.5 and later.
-+
-+@item %Z
-+File's SELinux context, or empty string if the file has no SELinux context
-+or this version of find does not support SELinux.
- @end table
-
- @node Size Directives
-diff --git a/find/Makefile.am b/find/Makefile.am
-index 8e71a32..405955a 100644
---- a/find/Makefile.am
-+++ b/find/Makefile.am
-@@ -6,7 +6,7 @@ bin_PROGRAMS = find
- find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
- EXTRA_DIST = defs.h $(man_MANS)
- INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib
-I../intl -DLOCALEDIR=\"$(localedir)\"
--LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
-+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIBSELINUX@
- man_MANS = find.1
- SUBDIRS = testsuite
-
-diff --git a/find/defs.h b/find/defs.h
-index 9369c9a..8a8cf28 100644
---- a/find/defs.h
-+++ b/find/defs.h
-@@ -131,6 +131,10 @@ int get_statinfo PARAMS((const char *pathname, const char
*name, struct stat *p)
- #define MODE_RWX (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
- #define MODE_ALL (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
-
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#endif
-+
- #if 1
- #include <stdbool.h>
- typedef bool boolean;
-@@ -320,6 +324,9 @@ struct predicate
- struct dir_id fileid; /* samefile */
- mode_t type; /* type */
- FILE *stream; /* ls fls fprint0 */
-+#ifdef WITH_SELINUX
-+ security_context_t scontext; /* scontext */
-+#endif
- struct format_val printf_vec; /* printf fprintf fprint */
- } args;
-
-@@ -481,7 +488,9 @@ boolean pred_uid PARAMS((char *pathname, struct stat
*stat_buf, struct predicate
- boolean pred_used PARAMS((char *pathname, struct stat *stat_buf, struct
predicate *pred_ptr));
- boolean pred_user PARAMS((char *pathname, struct stat *stat_buf, struct
predicate *pred_ptr));
- boolean pred_xtype PARAMS((char *pathname, struct stat *stat_buf, struct
predicate *pred_ptr));
--
-+#ifdef WITH_SELINUX
-+boolean pred_context PARAMS((char *pathname, struct stat *stat_buf, struct
predicate *pred_ptr));
-+#endif
-
-
- int launch PARAMS((const struct buildcmd_control *ctl,
-@@ -570,6 +579,10 @@ struct options
- * can be changed with the positional option, -regextype.
- */
- int regex_options;
-+
-+#ifdef WITH_SELINUX
-+ int (*x_getfilecon) ();
-+#endif
- };
- extern struct options options;
-
-diff --git a/find/find.1 b/find/find.1
-index 9be362f..2753d47 100644
---- a/find/find.1
-+++ b/find/find.1
-@@ -487,6 +487,8 @@ links: if the \-H or \-P option was specified, true if the
file is a
- link to a file of type \fIc\fR; if the \-L option has been given, true
- if \fIc\fR is `l'. In other words, for symbolic links, \-xtype checks
- the type of the file that \-type does not check.
-+.IP "\-context \fIpattern\fR"
-+(SELinux only) Security context of the file matches glob \fIpattern\fR.
-
- .SS ACTIONS
- .IP "\-delete\fR"
-@@ -789,6 +791,8 @@ File's numeric user ID.
- File's type (like in ls \-l), U=unknown type (shouldn't happen)
- .IP %Y
- File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
-+.IP %Z
-+(SELinux only) file's security context
- .PP
- A `%' character followed by any other character is discarded, but the
- other character is printed (don't rely on this, as further format
-diff --git a/find/find.c b/find/find.c
-index df28db6..6b3a2de 100644
---- a/find/find.c
-+++ b/find/find.c
-@@ -245,6 +245,92 @@ optionp_stat(const char *name, struct stat *p)
- return lstat(name, p);
- }
- �
-+#ifdef WITH_SELINUX
-+static int
-+fallback_getfilecon(const char *name, security_context_t *p, int prev_rv)
-+{
-+ /* Our original getfilecon() call failed. Perhaps we can't follow a
-+ * symbolic link. If that might be the problem, lgetfilecon() the link.
-+ * Otherwise, admit defeat.
-+ */
-+ switch (errno)
-+ {
-+ case ENOENT:
-+ case ENOTDIR:
-+#ifdef DEBUG_STAT
-+ fprintf(stderr, "fallback_getfilecon(): getfilecon(%s) failed; falling
back on lgetfilecon()\n", name);
-+#endif
-+ return lgetfilecon(name, p);
-+
-+ case EACCES:
-+ case EIO:
-+ case ELOOP:
-+ case ENAMETOOLONG:
-+#ifdef EOVERFLOW
-+ case EOVERFLOW: /* EOVERFLOW is not #defined on UNICOS. */
-+#endif
-+ default:
-+ return prev_rv;
-+ }
-+}
-+�
-+/* optionh_getfilecon() implements the getfilecon operation when the
-+ * -H option is in effect.
-+ *
-+ * If the item to be examined is a command-line argument, we follow
-+ * symbolic links. If the getfilecon() call fails on the command-line
-+ * item, we fall back on the properties of the symbolic link.
-+ *
-+ * If the item to be examined is not a command-line argument, we
-+ * examine the link itself.
-+ */
-+int
-+optionh_getfilecon(const char *name, security_context_t *p)
-+{
-+ if (0 == state.curdepth)
-+ {
-+ /* This file is from the command line; deference the link (if it
-+ * is a link).
-+ */
-+ int rv = getfilecon(name, p);
-+ if (0 == rv)
-+ return 0; /* success */
-+ else
-+ return fallback_getfilecon(name, p, rv);
-+ }
-+ else
-+ {
-+ /* Not a file on the command line; do not derefernce the link.
-+ */
-+ return lgetfilecon(name, p);
-+ }
-+}
-+�
-+/* optionl_getfilecon() implements the getfilecon operation when the
-+ * -L option is in effect. That option makes us examine the thing the
-+ * symbolic link points to, not the symbolic link itself.
-+ */
-+int
-+optionl_getfilecon(const char *name, security_context_t *p)
-+{
-+ int rv = getfilecon(name, p);
-+ if (0 == rv)
-+ return 0; /* normal case. */
-+ else
-+ return fallback_getfilecon(name, p, rv);
-+}
-+�
-+/* optionp_getfilecon() implements the stat operation when the -P
-+ * option is in effect (this is also the default). That option makes
-+ * us examine the symbolic link itself, not the thing it points to.
-+ */
-+int
-+optionp_getfilecon(const char *name, security_context_t *p)
-+{
-+ return lgetfilecon(name, p);
-+}
-+#endif /* WITH_SELINUX */
-+�
- #ifdef DEBUG_STAT
- static uintmax_t stat_count = 0u;
-
-@@ -272,11 +358,17 @@ set_follow_state(enum SymlinkOption opt)
- {
- case SYMLINK_ALWAYS_DEREF: /* -L */
- options.xstat = optionl_stat;
-+#ifdef WITH_SELINUX
-+ options.x_getfilecon = optionl_getfilecon;
-+#endif
- options.no_leaf_check = true;
- break;
-
- case SYMLINK_NEVER_DEREF: /* -P (default) */
- options.xstat = optionp_stat;
-+#ifdef WITH_SELINUX
-+ options.x_getfilecon = optionp_getfilecon;
-+#endif
- /* Can't turn no_leaf_check off because the user might have specified
- * -noleaf anyway
- */
-@@ -284,6 +376,9 @@ set_follow_state(enum SymlinkOption opt)
-
- case SYMLINK_DEREF_ARGSONLY: /* -H */
- options.xstat = optionh_stat;
-+#ifdef WITH_SELINUX
-+ options.x_getfilecon = optionh_getfilecon;
-+#endif
- options.no_leaf_check = true;
- }
-
-@@ -1807,7 +1902,7 @@ complete_pending_execs(struct predicate *p)
- static void
- process_dir (char *pathname, char *name, int pathlen, struct stat *statp,
char *parent)
- {
-- int subdirs_left; /* Number of unexamined subdirs in PATHNAME. */
-+ int subdirs_left = 0; /* Number of unexamined subdirs in
PATHNAME. */
- boolean subdirs_unreliable; /* if true, cannot use dir link count as subdir
limif (if false, it may STILL be unreliable) */
- int idx; /* Which entry are we on? */
- struct stat stat_buf;
-diff --git a/find/parser.c b/find/parser.c
-index fcdb98a..e67e09f 100644
---- a/find/parser.c
-+++ b/find/parser.c
-@@ -48,6 +48,10 @@
- /* We need <unistd.h> for isatty(). */
- #include <unistd.h>
-
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#endif
-+
- #if ENABLE_NLS
- # include <libintl.h>
- # define _(Text) gettext (Text)
-@@ -148,7 +152,9 @@ static boolean parse_noignore_race PARAMS((const struct
parser_table*, char *arg
- static boolean parse_warn PARAMS((const struct parser_table*, char
*argv[], int *arg_ptr));
- static boolean parse_xtype PARAMS((const struct parser_table*, char
*argv[], int *arg_ptr));
- static boolean parse_quit PARAMS((const struct parser_table*, char
*argv[], int *arg_ptr));
--
-+#ifdef WITH_SELINUX
-+static boolean parse_context PARAMS((const struct parser_table*, char
*argv[], int *arg_ptr));
-+#endif
-
-
- boolean parse_print PARAMS((const struct parser_table*, char
*argv[], int *arg_ptr));
-@@ -216,6 +222,9 @@ static struct parser_table const parse_table[] =
- PARSE_TEST ("cmin", cmin), /* GNU */
- PARSE_TEST ("cnewer", cnewer), /* GNU */
- PARSE_TEST ("ctime", ctime),
-+#ifdef WITH_SELINUX
-+ PARSE_TEST ("context", context), /* GNU */
-+#endif
- PARSE_POSOPT ("daystart", daystart), /* GNU */
- PARSE_ACTION ("delete", delete), /* GNU, Mac OS, FreeBSD
*/
- PARSE_OPTION ("d", d), /* Mac OS X, FreeBSD,
NetBSD, OpenBSD, but deprecated in favour of -depth */
-@@ -801,8 +810,12 @@ tests (N can be +N or -N or N): -amin N -anewer FILE
-atime N -cmin N\n\
- puts (_("\
- -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
- -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
-- -used N -user NAME -xtype [bcdpfls]\n"));
-+ -used N -user NAME -xtype [bcdpfls]"));
-+#ifdef WITH_SELINUX
- puts (_("\
-+ -context CONTEXT\n"));
-+#endif
-+ puts (_("\n\
- actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
- -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
- -exec COMMAND ; -exec COMMAND {} + -ok COMMAND ;\n\
-@@ -1718,6 +1731,10 @@ parse_version (const struct parser_table* entry, char
**argv, int *arg_ptr)
- printf("LEAF_OPTIMISATION ");
- ++features;
- #endif
-+#if defined(WITH_SELINUX)
-+ printf("SELINUX ");
-+ ++features;
-+#endif
- if (0 == features)
- {
- /* For the moment, leave this as English in case someone wants
-@@ -1729,6 +1746,32 @@ parse_version (const struct parser_table* entry, char
**argv, int *arg_ptr)
- exit (0);
- }
-
-+#ifdef WITH_SELINUX
-+static boolean
-+parse_context (const struct parser_table* entry, char **argv, int *arg_ptr)
-+{
-+ struct predicate *our_pred;
-+
-+ if ((argv == NULL) || (argv[*arg_ptr] == NULL))
-+ return false;
-+
-+ if (is_selinux_enabled() <= 0)
-+ {
-+ error (1, 0, _("invalid predicate -context: SELinux is not enabled."));
-+ return false;
-+ }
-+ our_pred = insert_primary (entry);
-+ our_pred->need_stat = false;
-+#ifdef DEBUG
-+ our_pred->p_name = find_pred_name (pred_context);
-+#endif /*DEBUG*/
-+ our_pred->args.scontext = argv[*arg_ptr];
-+
-+ (*arg_ptr)++;
-+ return true;
-+}
-+#endif /* WITH_SELINUX */
-+
- static boolean
- parse_xdev (const struct parser_table* entry, char **argv, int *arg_ptr)
- {
-@@ -1971,7 +2014,7 @@ insert_fprintf (FILE *fp, const struct parser_table
*entry, PRED_FUNC func, char
- if (*scan2 == '.')
- for (scan2++; ISDIGIT (*scan2); scan2++)
- /* Do nothing. */ ;
-- if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
-+ if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
- {
- segmentp = make_segment (segmentp, format, scan2 - format,
- (int) *scan2);
-@@ -2046,6 +2089,7 @@ make_segment (struct segment **segment, char *format,
int len, int kind)
- case 'u': /* user name */
- case 'y': /* file type */
- case 'Y': /* symlink pointed file type */
-+ case 'Z': /* SELinux security context */
- fprintf_stat_needed = true;
- /* FALLTHROUGH */
- case 'f': /* basename of path */
-diff --git a/find/pred.c b/find/pred.c
-index 9ec10a4..1da49dc 100644
---- a/find/pred.c
-+++ b/find/pred.c
-@@ -38,6 +38,10 @@
- #include "buildcmd.h"
- #include "yesno.h"
-
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#endif /*WITH_SELINUX*/
-+
- #if ENABLE_NLS
- # include <libintl.h>
- # define _(Text) gettext (Text)
-@@ -217,6 +221,9 @@ struct pred_assoc pred_table[] =
- {pred_used, "used "},
- {pred_user, "user "},
- {pred_xtype, "xtype "},
-+#ifdef WITH_SELINUX
-+ {pred_context, "context"},
-+#endif /*WITH_SELINUX*/
- {0, "none "}
- };
-
-@@ -905,6 +912,27 @@ pred_fprintf (char *pathname, struct stat *stat_buf,
struct predicate *pred_ptr)
- mode_to_filetype(stat_buf->st_mode & S_IFMT));
- }
- break;
-+ case 'Z': /* SELinux security context */
-+#ifdef WITH_SELINUX
-+ {
-+ security_context_t scontext;
-+ int rv;
-+ rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
-+
-+ if (rv < 0)
-+ {
-+ fprintf (stderr, "getfilecon(%s): %s", pathname,
-+ strerror(errno));
-+ fflush (stderr);
-+ }
-+ else
-+ {
-+ fprintf (fp, segment->text, scontext);
-+ freecon (scontext);
-+ }
-+ }
-+#endif /* WITH_SELINUX */
-+ break;
- }
- }
- return true;
-@@ -1497,6 +1525,31 @@ pred_xtype (char *pathname, struct stat *stat_buf,
struct predicate *pred_ptr)
- */
- return (pred_type (pathname, &sbuf, pred_ptr));
- }
-+
-+#ifdef WITH_SELINUX
-+
-+boolean
-+pred_context (char *pathname, struct stat *stat_buf,
-+ struct predicate *pred_ptr)
-+{
-+ int rv;
-+ security_context_t scontext;
-+
-+ rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
-+
-+ if (rv < 0)
-+ {
-+ fprintf (stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
-+ fflush (stderr);
-+ return false;
-+ }
-+
-+ rv = (fnmatch (pred_ptr->args.scontext, scontext, 0) == 0);
-+ freecon (scontext);
-+ return rv;
-+}
-+
-+#endif /*WITH_SELINUX*/
- �
- /* 1) fork to get a child; parent remembers the child pid
- 2) child execs the command requested
-diff --git a/find/util.c b/find/util.c
-index 97c8687..77bdfa8 100644
---- a/find/util.c
-+++ b/find/util.c
-@@ -78,6 +78,9 @@ get_new_pred (const struct parser_table *entry)
- last_pred->need_stat = true;
- last_pred->need_type = true;
- last_pred->args.str = NULL;
-+#ifdef WITH_SELINUX
-+ last_pred->args.scontext = NULL;
-+#endif
- last_pred->pred_next = NULL;
- last_pred->pred_left = NULL;
- last_pred->pred_right = NULL;
---
-1.7.5.4
-
--
2.7.4
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
