findutils/findutils-selinux.patch

--- findutils-4.1.20/find/Makefile.am.selinux	2003-05-26 19:02:34.000000000 +0100
+++ findutils-4.1.20/find/Makefile.am	2004-06-25 15:41:32.551569936 +0100
@@ -3,8 +3,9 @@
 bin_PROGRAMS = find
 find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = testsuite
 
--- findutils-4.1.20/find/defs.h.selinux	2004-06-25 15:39:56.115013659 +0100
+++ findutils-4.1.20/find/defs.h	2004-06-25 15:39:56.209995493 +0100
@@ -127,6 +127,10 @@
 #define MODE_RWX	(S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
 #define MODE_ALL	(S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 /* Not char because of type promotion; NeXT gcc can't handle it.  */
 typedef int boolean;
 #define		true    1
@@ -278,6 +282,9 @@
     struct perm_val perm;	/* perm */
     mode_t type;		/* type */
     FILE *stream;		/* fprint fprint0 */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf */
   } args;
 
@@ -323,6 +330,11 @@
 VOID *xmalloc PARAMS((size_t n));
 VOID *xrealloc PARAMS((VOID *p, size_t n));
 
+#ifdef WITH_SELINUX
+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 /* xstrdup.c */
 char *xstrdup PARAMS((char *string));
 
--- findutils-4.1.20/find/find.1.selinux	2004-06-25 15:39:56.087019013 +0100
+++ findutils-4.1.20/find/find.1	2004-06-25 15:39:56.211995111 +0100
@@ -230,6 +230,9 @@
 file of type \fIc\fR; if \-follow has been given, true if \fIc\fR is
 `l'.  In other words, for symbolic links, \-xtype checks the type of
 the file that \-type does not check.
+.IP "\-context \fIscontext\fR"
+.IP "\--context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
 .SS ACTIONS
 .IP "\-exec \fIcommand\fR ;"
 Execute \fIcommand\fR; true if 0 status is returned.  All following
@@ -419,6 +422,8 @@
 File's user name, or numeric user ID if the user has no name.
 .IP %U
 File's numeric user ID.
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded (but the
 other character is printed).
--- findutils-4.1.20/find/find.c.selinux	2004-06-25 15:39:56.123012130 +0100
+++ findutils-4.1.20/find/find.c	2004-06-25 15:39:56.213994729 +0100
@@ -154,6 +154,9 @@
 
 /* Pointer to the function used to stat files. */
 int (*xstat) ();
+#ifdef WITH_SELINUX
+int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
 
 /* Status value to return to system. */
 int exit_status;
@@ -200,6 +203,10 @@
   xstat = debug_stat;
 #else /* !DEBUG_STAT */
   xstat = lstat;
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag = is_selinux_enabled()>0;
+  x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
 #endif /* !DEBUG_STAT */
 
   human_block_size (getenv ("FIND_BLOCK_SIZE"), 0, &output_block_size);
@@ -221,6 +228,14 @@
       if (strchr ("-!(),", argv[i][0]) == NULL)
 	usage (_("paths must precede expression"));
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+	if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+	    (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+	  error (1, 0,_("Error: invalid predicate %s: the kernel is not selinux-enabled.\n"),predicate_name);
+	}
+      }
+#endif
       parse_function = find_parser (predicate_name);
       if (parse_function == NULL)
 	/* Command line option not recognized */
--- findutils-4.1.20/find/parser.c.selinux	2004-06-25 15:39:56.130010791 +0100
+++ findutils-4.1.20/find/parser.c	2004-06-25 15:39:56.218993772 +0100
@@ -25,6 +25,10 @@
 #include "modetype.h"
 #include "xstrtol.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -115,6 +119,9 @@
 static boolean parse_version PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_xdev PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case));
 static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )()));
@@ -217,7 +224,11 @@
   {"-version", parse_version},	/* GNU */
   {"xdev", parse_xdev},
   {"xtype", parse_xtype},	/* GNU */
-  {0, 0}
+#ifdef WITH_SELINUX
+  {"context", parse_scontext},       /* SELINUX */
+  {"-context", parse_scontext},       /* SELINUX */
+#endif /*WITH_SELINUX*/
+   {0, 0}
 };
 
 /* Return a pointer to the parser function to invoke for predicate
@@ -467,7 +478,10 @@
 {
   dereference = true;
   xstat = stat;
-  no_leaf_check = true;
+#ifdef WITH_SELINUX
+  x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
+   no_leaf_check = true;
   return (true);
 }
 
@@ -572,6 +586,10 @@
       -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
       -size N[bckw] -true -type [bcdpfls] -uid N -used N -user NAME\n\
       -xtype [bcdpfls]\n"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\
       -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls\n"));
@@ -1204,6 +1222,32 @@
   return true;
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext ( argv, arg_ptr )
+     char *argv[];
+     int *arg_ptr;
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary(pred_scontext);
+  our_pred->need_stat = 0;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_xtype (char **argv, int *arg_ptr)
 {
@@ -1363,7 +1407,11 @@
 	  if (*scan2 == '.')
 	    for (scan2++; ISDIGIT (*scan2); scan2++)
 	      /* Do nothing. */ ;
-	  if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2))
+#ifdef WITH_SELINUX
+        if (strchr ("abcdfFgGhHiklmnpPstuUZ", *scan2))
+#else  /* WITH_SELINUX */
+        if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2))
+#endif /* WITH_SELINUX */
 	    {
 	      segmentp = make_segment (segmentp, format, scan2 - format,
 				       (int) *scan2);
--- findutils-4.1.20/find/pred.c.selinux	2004-06-25 15:39:56.120012703 +0100
+++ findutils-4.1.20/find/pred.c	2004-06-25 15:39:56.222993008 +0100
@@ -29,6 +29,14 @@
 #include "modetype.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -71,7 +79,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -198,6 +205,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -723,6 +733,26 @@
 	  fprintf (fp, segment->text,
 		   human_readable ((uintmax_t) stat_buf->st_uid, hbuf, 1, 1));
 	  break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*x_getfilecon)(rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+	      segment->text[segment->text_len] = 's';
+	      (void) fprintf (fp, segment->text, scontext);
+	      freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
 	}
     }
   return (true);
@@ -1231,6 +1261,34 @@
     }
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext ( pathname, stat_buf, pred_ptr )
+     char *pathname;
+     struct stat *stat_buf;
+     struct predicate *pred_ptr;
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (* x_getfilecon)(rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 );
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.1.20/find/Makefile.in.selinux	2003-05-26 19:18:11.000000000 +0100
+++ findutils-4.1.20/find/Makefile.in	2004-06-25 15:42:30.881421141 +0100
@@ -54,7 +54,7 @@
 CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DATADIRNAME = @DATADIRNAME@
-DEFS = @DEFS@
+DEFS = @DEFS@ -DWITH_SELINUX
 DEPDIR = @DEPDIR@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
@@ -145,7 +145,7 @@
 bin_PROGRAMS = find
 find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
 EXTRA_DIST = defs.h $(man_MANS)
-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = testsuite
 subdir = find
--- findutils-4.1.20/find/util.c.selinux	2004-06-25 15:39:56.124011938 +0100
+++ findutils-4.1.20/find/util.c	2004-06-25 15:39:56.228991860 +0100
@@ -67,6 +67,9 @@
   last_pred->no_default_print = false;
   last_pred->need_stat = PRED_NEED_STAT;
   last_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  last_pred->args.scontext = NULL;
+#endif
   last_pred->pred_next = NULL;
   last_pred->pred_left = NULL;
   last_pred->pred_right = NULL;