--- busybox-1.5.1/scripts/defconfig.selinux 2007-05-20 18:54:41.000000000 +0200
+++ busybox-1.5.1/scripts/defconfig 2007-05-23 15:13:06.000000000 +0200
@@ -27,7 +27,8 @@
CONFIG_FEATURE_SUID_CONFIG=y
CONFIG_FEATURE_SUID_CONFIG_QUIET=y
# CONFIG_FEATURE_HAVE_RPC is not set
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
+CONFIG_LOAD_POLICY=y
# CONFIG_FEATURE_EXEC_PREFER_APPLETS is not set
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
--- busybox-1.5.1/include/usage.h.selinux 2007-05-20 18:57:20.000000000 +0200
+++ busybox-1.5.1/include/usage.h 2007-05-23 15:13:06.000000000 +0200
@@ -2574,6 +2574,14 @@
#define USAGE_PS "\nOptions:"
#endif
+#define load_policy_trivial_usage \
+ ""
+#define load_policy_full_usage \
+ "load SELinux policy\n"
+
+#define load_policy_example_usage \
+ "$ load_policy /etc/selinux/strict/policy/policy.17\n"
+
#define ps_trivial_usage \
""
#define ps_full_usage \
--- busybox-1.5.1/include/applets.h.selinux 2007-05-20 18:57:20.000000000 +0200
+++ busybox-1.5.1/include/applets.h 2007-05-23 15:13:06.000000000 +0200
@@ -180,6 +180,7 @@
USE_SETARCH(APPLET_NOUSAGE(linux64, setarch, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_FEATURE_INITRD(APPLET_NOUSAGE(linuxrc, init, _BB_DIR_ROOT, _BB_SUID_NEVER))
USE_LN(APPLET(ln, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_LOAD_POLICY(APPLET(load_policy, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_LOADFONT(APPLET(loadfont, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_LOADKMAP(APPLET(loadkmap, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_LOGGER(APPLET(logger, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
--- /dev/null 2007-05-21 09:50:45.581956304 +0200
+++ busybox-1.5.1/selinux/load_policy.c 2007-05-23 15:13:06.000000000 +0200
@@ -0,0 +1,55 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <selinux/selinux.h>
+#include <locale.h> /* for setlocale() */
+#include <libintl.h> /* for gettext() */
+#define _(msgid) gettext (msgid)
+#ifndef PACKAGE
+#define PACKAGE "policycoreutils" /* the name of this package lang translation */
+#endif
+
+extern int load_policy_main(int argc, char **argv)
+{
+ int fd, ret;
+ struct stat sb;
+ void *map;
+
+ if (argc != 2) {
+ fprintf(stderr, _("usage: %s policyfile\n"), argv[0]);
+ return 1;
+ }
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, _("Can't open '%s': %s\n"),
+ argv[1], strerror(errno));
+ return 2;
+ }
+
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, _("Can't stat '%s': %s\n"),
+ argv[1], strerror(errno));
+ return 2;
+ }
+
+ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr, _("Can't map '%s': %s\n"),
+ argv[1], strerror(errno));
+ return 2;
+ }
+
+ ret = security_load_policy(map, sb.st_size);
+ if (ret < 0) {
+ fprintf(stderr, _("%s: security_load_policy failed\n"), argv[0]);
+ return 3;
+ }
+ return EXIT_SUCCESS;
+}
--- busybox-1.5.1/selinux/Config.in.selinux 2007-05-20 18:57:21.000000000 +0200
+++ busybox-1.5.1/selinux/Config.in 2007-05-23 15:13:06.000000000 +0200
@@ -71,5 +71,11 @@
help
Enable support to modify the mode SELinux is running in.
+config LOAD_POLICY
+ bool "load_policy"
+ default n
+ help
+ Enable support for loading SE Linux into the kernel.
+
endmenu
--- busybox-1.5.1/selinux/Kbuild.selinux 2007-05-20 18:57:21.000000000 +0200
+++ busybox-1.5.1/selinux/Kbuild 2007-05-23 15:13:06.000000000 +0200
@@ -13,3 +13,4 @@
lib-$(CONFIG_RUNCON) += runcon.o
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
lib-$(CONFIG_SETENFORCE) += setenforce.o
+lib-$(CONFIG_LOAD_POLICY) += load_policy.o
\ No newline at end of file