summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-05-01 15:40:31 +0300
committerTimo Teräs <timo.teras@iki.fi>2012-05-01 15:40:31 +0300
commitc9a43a14697fa955f31e495a8b03a523975ad285 (patch)
tree411d2a11bf2415f452e5dbae4e72d744b43e4309
parent38c1e65afbb334af0107c6bdd5362303473d866f (diff)
downloadapk-tools-c9a43a14697fa955f31e495a8b03a523975ad285.tar.gz
apk-tools-c9a43a14697fa955f31e495a8b03a523975ad285.tar.bz2
apk-tools-c9a43a14697fa955f31e495a8b03a523975ad285.tar.xz
apk-tools-c9a43a14697fa955f31e495a8b03a523975ad285.zip
audit: apply protected_paths.d masks to individual files
-rw-r--r--src/audit.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/src/audit.c b/src/audit.c
index 071ff4d..03f977b 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -14,6 +14,7 @@
#include <fcntl.h>
#include <unistd.h>
#include <dirent.h>
+#include <fnmatch.h>
#include <sys/stat.h>
#include "apk_applet.h"
#include "apk_database.h"
@@ -199,14 +200,28 @@ recurse_check:
atctx->pathlen--;
} else {
struct apk_db_file *dbf;
+ struct apk_protected_path_array *ppaths = dbd->protected_paths;
+ int i, protected = dbd->protected, symlinks_only = dbd->symlinks_only;
+
+ /* inherit file's protection mask */
+ for (i = 0; i < ppaths->num; i++) {
+ struct apk_protected_path *ppath = &ppaths->item[i];
+ char *slash = strchr(ppath->relative_pattern, '/');
+ if (slash == NULL) {
+ if (fnmatch(ppath->relative_pattern, name, FNM_PATHNAME) != 0)
+ continue;
+ protected = ppath->protected;
+ symlinks_only = ppath->symlinks_only;
+ }
+ }
if (actx->mode == MODE_BACKUP) {
- if (!dbd->protected)
+ if (!protected)
goto done;
- if (dbd->symlinks_only && !S_ISLNK(fi.mode))
+ if (symlinks_only && !S_ISLNK(fi.mode))
goto done;
} else {
- if (dbd->protected)
+ if (protected)
goto done;
}