[PATCH] loginutils/login.c: libselinux get_default_context() expects seuser

[Dominick Grift]

Use getseuserbyname() to get the seuser associated with username and use that instead with get_default_context()

>From get_default_context.3:
"These functions takes a SELinux user identity that must be defined in the SELinux policy as their input, not a Linux username."

Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
---
 loginutils/login.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/loginutils/login.c b/loginutils/login.c
index 301be4a34..4992bb0e6 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -183,12 +183,16 @@ static void die_if_nologin(void)
 static void initselinux(char *username, char *full_tty,
 						security_context_t *user_sid)
 {
+	char *seuser = NULL, *level = NULL;
 	security_context_t old_tty_sid, new_tty_sid;
 
 	if (!is_selinux_enabled())
 		return;
 
-	if (get_default_context(username, NULL, user_sid)) {
+	if (getseuserbyname(username, &seuser, &level)) {
+		bb_error_msg_and_die("can't get seuser for %s", username);
+	}
+	if (get_default_context(seuser, NULL, user_sid)) {
 		bb_error_msg_and_die("can't get SID for %s", username);
 	}
 	if (getfilecon(full_tty, &old_tty_sid) < 0) {
@@ -201,6 +205,11 @@ static void initselinux(char *username, char *full_tty,
 	if (setfilecon(full_tty, new_tty_sid) != 0) {
 		bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
 	}
+
+	if (ENABLE_FEATURE_CLEAN_UP) {
+		free(seuser);
+		free(level);
+	}
 }
 #endif
 
-- 
2.47.2