[git commit] Convert all selinux/* applets to "new style" applet definitions

Denys Vlasenko vda.linux at googlemail.com
Wed Nov 23 17:46:40 UTC 2016


commit: https://git.busybox.net/busybox/commit/?id=a8e52da7742b2bc8a3993f7f7c3c70da8fe79848
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 include/applets.src.h    |  12 -----
 selinux/Config.src       | 113 -----------------------------------------------
 selinux/Kbuild.src       |  12 -----
 selinux/chcon.c          |  17 +++++++
 selinux/getenforce.c     |  10 +++++
 selinux/getsebool.c      |  10 +++++
 selinux/load_policy.c    |  10 +++++
 selinux/matchpathcon.c   |  11 +++++
 selinux/runcon.c         |  17 +++++++
 selinux/selinuxenabled.c |  11 +++++
 selinux/sestatus.c       |  10 +++++
 selinux/setenforce.c     |  10 +++++
 selinux/setfiles.c       |  31 +++++++++++++
 selinux/setsebool.c      |  11 +++++
 14 files changed, 148 insertions(+), 137 deletions(-)

diff --git a/include/applets.src.h b/include/applets.src.h
index c72dca8..4e78915 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -73,25 +73,13 @@ s     - suid type:
 
 
 INSERT
-IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_DHCPRELAY(APPLET(dhcprelay, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_DUMPLEASES(APPLET(dumpleases, BB_DIR_USR_BIN, BB_SUID_DROP))
 //IF_E2FSCK(APPLET(e2fsck, BB_DIR_SBIN, BB_SUID_DROP))
 //IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label))
 //IF_E2FSCK(APPLET_ODDNAME(fsck.ext2, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext2))
 //IF_E2FSCK(APPLET_ODDNAME(fsck.ext3, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext3))
-IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
 //IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
-IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
-IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_UDHCPC(APPLET(udhcpc, BB_DIR_SBIN, BB_SUID_DROP))
 IF_UDHCPD(APPLET(udhcpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
 
diff --git a/selinux/Config.src b/selinux/Config.src
index d4701f6..9cb755a 100644
--- a/selinux/Config.src
+++ b/selinux/Config.src
@@ -8,117 +8,4 @@ menu "SELinux Utilities"
 
 INSERT
 
-config CHCON
-	bool "chcon"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to change the security context of file.
-
-config FEATURE_CHCON_LONG_OPTIONS
-	bool "Enable long options"
-	default y
-	depends on CHCON && LONG_OPTS
-	help
-	  Support long options for the chcon applet.
-
-config GETENFORCE
-	bool "getenforce"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to get the current mode of SELinux.
-
-config GETSEBOOL
-	bool "getsebool"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to get SELinux boolean values.
-
-config LOAD_POLICY
-	bool "load_policy"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to load SELinux policy.
-
-config MATCHPATHCON
-	bool "matchpathcon"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to get default security context of the
-	  specified path from the file contexts configuration.
-
-config RESTORECON
-	bool "restorecon"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to relabel files. The feature is almost
-	  the same as setfiles, but usage is a little different.
-
-config RUNCON
-	bool "runcon"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to run command in specified security context.
-
-config FEATURE_RUNCON_LONG_OPTIONS
-	bool "Enable long options"
-	default y
-	depends on RUNCON && LONG_OPTS
-	help
-	  Support long options for the runcon applet.
-
-config SELINUXENABLED
-	bool "selinuxenabled"
-	default n
-	depends on SELINUX
-	help
-	  Enable support for this command to be used within shell scripts
-	  to determine if selinux is enabled.
-
-config SETENFORCE
-	bool "setenforce"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to modify the mode SELinux is running in.
-
-config SETFILES
-	bool "setfiles"
-	default n
-	depends on SELINUX
-	help
-	  Enable support to modify to relabel files.
-	  Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
-	  (It is default in libselinux's Makefile), you _must_ enable
-	  CONFIG_LFS.
-
-config FEATURE_SETFILES_CHECK_OPTION
-	bool "Enable check option"
-	default n
-	depends on SETFILES
-	help
-	  Support "-c" option (check the validity of the contexts against
-	  the specified binary policy) for setfiles. Requires libsepol.
-
-config SETSEBOOL
-	bool "setsebool"
-	default n
-	depends on SELINUX
-	help
-	  Enable support for change boolean.
-	  semanage and -P option is not supported yet.
-
-config SESTATUS
-	bool "sestatus"
-	default n
-	depends on SELINUX
-	help
-	  Displays the status of SELinux.
-
 endmenu
diff --git a/selinux/Kbuild.src b/selinux/Kbuild.src
index cdd5f2a..62c9e64 100644
--- a/selinux/Kbuild.src
+++ b/selinux/Kbuild.src
@@ -8,15 +8,3 @@
 lib-y:=
 
 INSERT
-lib-$(CONFIG_CHCON)		+= chcon.o
-lib-$(CONFIG_GETENFORCE)	+= getenforce.o
-lib-$(CONFIG_GETSEBOOL)		+= getsebool.o
-lib-$(CONFIG_LOAD_POLICY)	+= load_policy.o
-lib-$(CONFIG_MATCHPATHCON)	+= matchpathcon.o
-lib-$(CONFIG_RUNCON)		+= runcon.o
-lib-$(CONFIG_SELINUXENABLED)	+= selinuxenabled.o
-lib-$(CONFIG_SETENFORCE)	+= setenforce.o
-lib-$(CONFIG_SETFILES)		+= setfiles.o
-lib-$(CONFIG_RESTORECON)	+= setfiles.o
-lib-$(CONFIG_SETSEBOOL)		+= setsebool.o
-lib-$(CONFIG_SESTATUS)		+= sestatus.o
diff --git a/selinux/chcon.c b/selinux/chcon.c
index f947c2c..c743013 100644
--- a/selinux/chcon.c
+++ b/selinux/chcon.c
@@ -7,6 +7,23 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config CHCON
+//config:	bool "chcon"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to change the security context of file.
+//config:
+//config:config FEATURE_CHCON_LONG_OPTIONS
+//config:	bool "Enable long options"
+//config:	default y
+//config:	depends on CHCON && LONG_OPTS
+//config:	help
+//config:	  Support long options for the chcon applet.
+
+//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_CHCON) += chcon.o
 
 //usage:#define chcon_trivial_usage
 //usage:       "[OPTIONS] CONTEXT FILE..."
diff --git a/selinux/getenforce.c b/selinux/getenforce.c
index 56611d6..3747765 100644
--- a/selinux/getenforce.c
+++ b/selinux/getenforce.c
@@ -6,6 +6,16 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config GETENFORCE
+//config:	bool "getenforce"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to get the current mode of SELinux.
+
+//applet:IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETENFORCE) += getenforce.o
 
 //usage:#define getenforce_trivial_usage NOUSAGE_STR
 //usage:#define getenforce_full_usage ""
diff --git a/selinux/getsebool.c b/selinux/getsebool.c
index e8f0fef..fce478f 100644
--- a/selinux/getsebool.c
+++ b/selinux/getsebool.c
@@ -6,6 +6,16 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config GETSEBOOL
+//config:	bool "getsebool"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to get SELinux boolean values.
+
+//applet:IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETSEBOOL) += getsebool.o
 
 //usage:#define getsebool_trivial_usage
 //usage:       "-a or getsebool boolean..."
diff --git a/selinux/load_policy.c b/selinux/load_policy.c
index ce139db..f969453 100644
--- a/selinux/load_policy.c
+++ b/selinux/load_policy.c
@@ -4,6 +4,16 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config LOAD_POLICY
+//config:	bool "load_policy"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to load SELinux policy.
+
+//applet:IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_LOAD_POLICY) += load_policy.o
 
 //usage:#define load_policy_trivial_usage NOUSAGE_STR
 //usage:#define load_policy_full_usage ""
diff --git a/selinux/matchpathcon.c b/selinux/matchpathcon.c
index 9e5728e..a3b2fcb 100644
--- a/selinux/matchpathcon.c
+++ b/selinux/matchpathcon.c
@@ -5,6 +5,17 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config MATCHPATHCON
+//config:	bool "matchpathcon"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to get default security context of the
+//config:	  specified path from the file contexts configuration.
+
+//applet:IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
 
 //usage:#define matchpathcon_trivial_usage
 //usage:       "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"
diff --git a/selinux/runcon.c b/selinux/runcon.c
index 27f2be3..366834e 100644
--- a/selinux/runcon.c
+++ b/selinux/runcon.c
@@ -28,6 +28,23 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config RUNCON
+//config:	bool "runcon"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to run command in specified security context.
+//config:
+//config:config FEATURE_RUNCON_LONG_OPTIONS
+//config:	bool "Enable long options"
+//config:	default y
+//config:	depends on RUNCON && LONG_OPTS
+//config:	help
+//config:	  Support long options for the runcon applet.
+
+//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
 
 //usage:#define runcon_trivial_usage
 //usage:       "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
diff --git a/selinux/selinuxenabled.c b/selinux/selinuxenabled.c
index ce830dc..b80c4e7 100644
--- a/selinux/selinuxenabled.c
+++ b/selinux/selinuxenabled.c
@@ -6,6 +6,17 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config SELINUXENABLED
+//config:	bool "selinuxenabled"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support for this command to be used within shell scripts
+//config:	  to determine if selinux is enabled.
+
+//applet:IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
 
 //usage:#define selinuxenabled_trivial_usage NOUSAGE_STR
 //usage:#define selinuxenabled_full_usage ""
diff --git a/selinux/sestatus.c b/selinux/sestatus.c
index e594318..ad49c9d 100644
--- a/selinux/sestatus.c
+++ b/selinux/sestatus.c
@@ -7,6 +7,16 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config SESTATUS
+//config:	bool "sestatus"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Displays the status of SELinux.
+
+//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o
 
 //usage:#define sestatus_trivial_usage
 //usage:       "[-vb]"
diff --git a/selinux/setenforce.c b/selinux/setenforce.c
index c5bc0a5..8d18abd 100644
--- a/selinux/setenforce.c
+++ b/selinux/setenforce.c
@@ -6,6 +6,16 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config SETENFORCE
+//config:	bool "setenforce"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to modify the mode SELinux is running in.
+
+//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o
 
 //usage:#define setenforce_trivial_usage
 //usage:       "[Enforcing | Permissive | 1 | 0]"
diff --git a/selinux/setfiles.c b/selinux/setfiles.c
index c9597d5..4fc307f 100644
--- a/selinux/setfiles.c
+++ b/selinux/setfiles.c
@@ -3,6 +3,37 @@
   policycoreutils was released under GPL 2.
   Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam at hitachisoft.jp>
 */
+//config:config SETFILES
+//config:	bool "setfiles"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to modify to relabel files.
+//config:	  Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
+//config:	  (It is default in libselinux's Makefile), you _must_ enable
+//config:	  CONFIG_LFS.
+//config:
+//config:config FEATURE_SETFILES_CHECK_OPTION
+//config:	bool "Enable check option"
+//config:	default n
+//config:	depends on SETFILES
+//config:	help
+//config:	  Support "-c" option (check the validity of the contexts against
+//config:	  the specified binary policy) for setfiles. Requires libsepol.
+//config:
+//config:config RESTORECON
+//config:	bool "restorecon"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support to relabel files. The feature is almost
+//config:	  the same as setfiles, but usage is a little different.
+
+//applet:IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
+
+//kbuild:lib-$(CONFIG_SETFILES) += setfiles.o
+//kbuild:lib-$(CONFIG_RESTORECON) += setfiles.o
 
 //usage:#define setfiles_trivial_usage
 //usage:       "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"
diff --git a/selinux/setsebool.c b/selinux/setsebool.c
index ec682e5..6a6bd03 100644
--- a/selinux/setsebool.c
+++ b/selinux/setsebool.c
@@ -7,6 +7,17 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config SETSEBOOL
+//config:	bool "setsebool"
+//config:	default n
+//config:	depends on SELINUX
+//config:	help
+//config:	  Enable support for change boolean.
+//config:	  semanage and -P option is not supported yet.
+
+//applet:IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SETSEBOOL) += setsebool.o
 
 //usage:#define setsebool_trivial_usage
 //usage:       "boolean value"


More information about the busybox-cvs mailing list