updated for version 7.1-296

1 files changed, 61 insertions, 0 deletions

diff --git a/src/os_unix.c b/src/os_unix.c
index 1b0ec703e..b9bab9478 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -45,6 +45,11 @@
 # include <X11/SM/SMlib.h>
 #endif
 
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+static int selinux_enabled = -1;
+#endif
+
 /*
  * Use this prototype for select, some include files have a wrong prototype
  */
@@ -2557,6 +2562,62 @@ typedef struct vim_acl_solaris_T {
 } vim_acl_solaris_T;
 # endif
 
+#if defined(HAVE_SELINUX) || defined(PROTO)
+/*
+ * Copy security info from "from_file" to "to_file".
+ */
+    void
+mch_copy_sec(from_file, to_file)
+    char_u	*from_file;
+    char_u	*to_file;
+{
+    if (from_file == NULL)
+	return;
+
+    if (selinux_enabled == -1)
+	selinux_enabled = is_selinux_enabled();
+
+    if (selinux_enabled > 0)
+    {
+	security_context_t from_context = NULL;
+	security_context_t to_context = NULL;
+
+	if (getfilecon((char *)from_file, &from_context) < 0)
+	{
+	    /* If the filesystem doesn't support extended attributes,
+	       the original had no special security context and the
+	       target cannot have one either.  */
+	    if (errno == EOPNOTSUPP)
+		return;
+
+	    MSG_PUTS(_("\nCould not get security context for "));
+	    msg_outtrans(from_file);
+	    msg_putchar('\n');
+	    return;
+	}
+	if (getfilecon((char *)to_file, &to_context) < 0)
+	{
+	    MSG_PUTS(_("\nCould not get security context for "));
+	    msg_outtrans(to_file);
+	    msg_putchar('\n');
+	    freecon (from_context);
+	    return ;
+	}
+	if (strcmp(from_context, to_context) != 0)
+	{
+	    if (setfilecon((char *)to_file, from_context) < 0)
+	    {
+		MSG_PUTS(_("\nCould not set security context for "));
+		msg_outtrans(to_file);
+		msg_putchar('\n');
+	    }
+	}
+	freecon(to_context);
+	freecon(from_context);
+    }
+}
+#endif /* HAVE_SELINUX */
+
 /*
  * Return a pointer to the ACL of file "fname" in allocated memory.
  * Return NULL if the ACL is not available for whatever reason.