ps: fix -Z (by Yuichi Nakamura <ynakam@hitachisoft.jp>)

include/libbb.h

@@ -830,6 +830,9 @@ typedef struct {
 	DIR *dir;
 /* Fields are set to 0/NULL if failed to determine (or not requested) */
 	char *cmd;
+	USE_SELINUX(char *context;)
+	/* Everything below must contain no ptrs to malloc'ed data:
+	 * it is memset(0) for each process in procps_scan() */
 	unsigned vsz, rss; /* we round it to kbytes */
 	unsigned long stime, utime;
 	unsigned pid;
@@ -859,6 +862,7 @@ enum {
 	PSSCAN_STIME    = 1 << 10,
 	PSSCAN_UTIME    = 1 << 11,
 	PSSCAN_TTY      = 1 << 12,
+	USE_SELINUX(PSSCAN_CONTEXT  = 1 << 13,)
 	/* These are all retrieved from proc/NN/stat in one go: */
 	PSSCAN_STAT     = PSSCAN_PPID | PSSCAN_PGID | PSSCAN_SID
 	                | PSSCAN_COMM | PSSCAN_STATE

libbb/procps.c

@@ -4,7 +4,8 @@
  *
  * Copyright 1998 by Albert Cahalan; all rights reserved.
  * Copyright (C) 2002 by Vladimir Oleynik <dzo@simtreas.ru>
- *
+ * SELinux support: (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
+ * 
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
  */
 
@@ -95,6 +96,7 @@ void free_procps_scan(procps_status_t* sp)
 {
 	closedir(sp->dir);
 	free(sp->cmd);
+	USE_SELINUX(free(sp->context);)
 	free(sp);
 }
 
@@ -132,6 +134,13 @@ procps_status_t* procps_scan(procps_status_t* sp, int flags)
 		sp->pid = pid;
 		if (!(flags & ~PSSCAN_PID)) break;
 
+#if ENABLE_SELINUX
+		if (flags & PSSCAN_CONTEXT) {
+			if (getpidcon(sp->pid, &sp->context) < 0)
+				sp->context = NULL;
+		}	
+#endif	
+
 		filename_tail = filename + sprintf(filename, "/proc/%d", pid);
 
 		if (flags & PSSCAN_UIDGID) {

procps/ps.c

@@ -3,6 +3,8 @@
  * Mini ps implementation(s) for busybox
  *
  * Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
+ * Fix for SELinux Support:(c)2007 Hiroshi Shinji <shiroshi@my.email.ne.jp>
+                           (c)2007 Yuichi Nakamura <ynakam@hitachisoft.jp>
  *
  * Licensed under the GPL version 2, see the file LICENSE in this tarball.
  */
@@ -68,6 +70,14 @@ static void func_tty(char *buf, int size, const procps_status_t *ps)
 {
 	safe_strncpy(buf, ps->tty_str, size+1);
 }
+
+#if ENABLE_SELINUX
+static void func_label(char *buf, int size, const procps_status_t *ps)
+{
+	safe_strncpy(buf, ps->context ? ps->context : "unknown", size+1);
+}
+#endif
+
 /*
 static void func_nice(char *buf, int size, const procps_status_t *ps)
 {
@@ -116,11 +126,19 @@ static const ps_out_t out_spec[] = {
 	{ 4                  , "vsz"   ,"VSZ"    ,func_vsz   ,PSSCAN_VSZ             },
 // Not mandated by POSIX, but useful:
 	{ 4                  , "rss"   ,"RSS"    ,func_rss   ,PSSCAN_RSS             },
+#if ENABLE_SELINUX
+	{ 35                 , "label" ,"LABEL"  ,func_label ,PSSCAN_CONTEXT         },
+#endif
 };
 
 #define VEC_SIZE(v) ( sizeof(v) / sizeof((v)[0]) )
 
-#define DEFAULT_O_STR "pid,user" /* TODO: ,vsz,stat */ ",args"
+#if ENABLE_SELINUX
+#define SELINIX_O_PREFIX "label,"
+#define DEFAULT_O_STR    SELINIX_O_PREFIX "pid,user" /* TODO: ,vsz,stat */ ",args"
+#else
+#define DEFAULT_O_STR    "pid,user" /* TODO: ,vsz,stat */ ",args"
+#endif
 
 struct globals {
 	ps_out_t* out;
@@ -207,6 +225,10 @@ static void post_process(void)
 		}
 		width += out[i].width + 1; /* "FIELD " */
 	}
+#if ENABLE_SELINUX
+	if (!is_selinux_enabled())
+		need_flags &= ~PSSCAN_CONTEXT;
+#endif
 	buffer = xmalloc(width + 1); /* for trailing \0 */
 }
 
@@ -261,9 +283,7 @@ int ps_main(int argc, char **argv)
 {
 	procps_status_t *p;
 	llist_t* opt_o = NULL;
-
+	USE_SELINUX(int opt;)
-	/* Cannot be const: parse_o() will choke */
-	strcpy(default_o, DEFAULT_O_STR);
 
 	// POSIX:
 	// -a  Write information for all processes associated with terminals
@@ -277,14 +297,25 @@ int ps_main(int argc, char **argv)
 	//     Select which columns to display
 	/* We allow (and ignore) most of the above. FIXME */
 	opt_complementary = "o::";
-	getopt32(argc, argv, "o:aAdefl", &opt_o);
+	USE_SELINUX(opt =) getopt32(argc, argv, "Zo:aAdefl", &opt_o);
 	if (opt_o) {
 		do {
 			parse_o(opt_o->data);
 			opt_o = opt_o->link;
 		} while (opt_o);
-	} else
+	} else {
+		/* Below: parse_o() needs char*, NOT const char*... */
+#if ENABLE_SELINUX
+		if (!(opt & 1) || !is_selinux_enabled()) {
+			/* no -Z or no SELinux: do not show LABEL */
+			strcpy(default_o, DEFAULT_O_STR + sizeof(SELINIX_O_PREFIX)-1);
+		} else
+#endif
+		{
+			strcpy(default_o, DEFAULT_O_STR);
+		}
 		parse_o(default_o);
+	}
 	post_process();
 
 	/* Was INT_MAX, but some libc's go belly up with printf("%.*s")
@@ -314,7 +345,6 @@ int ps_main(int argc, char **argv)
 	procps_status_t *p = NULL;
 	int i, len;
 	SKIP_SELINUX(const) int use_selinux = 0;
-	USE_SELINUX(security_context_t sid = NULL;)
 #if !ENABLE_FEATURE_PS_WIDE
 	enum { terminal_width = 79 };
 #else
@@ -341,7 +371,7 @@ int ps_main(int argc, char **argv)
 #endif
 #if ENABLE_SELINUX
 	if ((i & 1) && is_selinux_enabled())
-		use_selinux = 1;
+		use_selinux = PSSCAN_CONTEXT;
 #endif
 #endif /* ENABLE_FEATURE_PS_WIDE || ENABLE_SELINUX */
 
@@ -356,28 +386,15 @@ int ps_main(int argc, char **argv)
 			| PSSCAN_STATE
 			| PSSCAN_VSZ
 			| PSSCAN_CMD
+			| use_selinux
 	))) {
 		char *namecmd = p->cmd;
 #if ENABLE_SELINUX
 		if (use_selinux) {
-			char sbuf[128];
+			len = printf("%5u %-32s %s ",
-			len = sizeof(sbuf);
+					p->pid,
-
+					p->context ? p->context : "unknown",
-			if (is_selinux_enabled()) {
+					p->state);
-				if (getpidcon(p->pid, &sid) < 0)
-					sid = NULL;
-			}
-
-			if (sid) {
-				/* I assume sid initialized with NULL */
-				len = strlen(sid) + 1;
-				safe_strncpy(sbuf, sid, len);
-				freecon(sid);
-				sid = NULL;
-			} else {
-				safe_strncpy(sbuf, "unknown", 7);
-			}
-			len = printf("%5u %-32s %s ", p->pid, sbuf, p->state);
 		} else
 #endif
 		{
@@ -396,14 +413,14 @@ int ps_main(int argc, char **argv)
 			if (i < 0)
 				i = 0;
 			if (strlen(namecmd) > (size_t)i)
-				namecmd[i] = 0;
+				namecmd[i] = '\0';
 			puts(namecmd);
 		} else {
 			namecmd = p->comm;
 			if (i < 2)
 				i = 2;
 			if (strlen(namecmd) > ((size_t)i-2))
-				namecmd[i-2] = 0;
+				namecmd[i-2] = '\0';
 			printf("[%s]\n", namecmd);
 		}
 	}