CBL-Mariner/SPECS/busybox/selinux-cp-a.patch

From c2c58cb044b21630eb4aef08a92bb194ab27f20f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Fri, 26 Apr 2019 11:23:09 -0400
Subject: cp: Have -a imply -c when SELinux is enabled.

Have cp preserve SELinux context when using -a.  Coreutils cp also does
this.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>

diff -ur busybox-1.35.0.orig/coreutils/cp.c busybox-1.35.0/coreutils/cp.c
--- busybox-1.35.0.orig/coreutils/cp.c	2021-12-26 16:53:20.000000000 +0000
+++ busybox-1.35.0/coreutils/cp.c	2023-08-16 20:43:47.187763692 +0000
@@ -88,8 +88,7 @@
 //usage:       "or: cp [-arPLHpfinlsu] SOURCE... { -t DIRECTORY | DIRECTORY }"
 //usage:#define cp_full_usage "\n\n"
 //usage:       "Copy SOURCEs to DEST\n"
-//usage:     "\n	-a	Same as -dpR"
-//usage:	IF_SELINUX(
+//usage:     "\n	-a	Same as -dpR" IF_SELINUX("c"
 //usage:     "\n	-c	Preserve security context"
 //usage:	)
 //usage:     "\n	-R,-r	Recurse"
@@ -195,6 +194,12 @@
 		flags |= FILEUTILS_DEREFERENCE;
 
 #if ENABLE_SELINUX
+	/* for -a, imply -c if SELinux is enabled. */
+	if ((flags & FILEUTILS_ARCHIVE) && is_selinux_enabled() > 0) {
+		flags |= FILEUTILS_PRESERVE_SECURITY_CONTEXT;
+	}
+
+	/* -c may be explicitly set */
 	if (flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) {
 		selinux_or_die();
 	}
diff -ur busybox-1.35.0.orig/include/libbb.h busybox-1.35.0/include/libbb.h
--- busybox-1.35.0.orig/include/libbb.h	2021-12-26 16:53:26.000000000 +0000
+++ busybox-1.35.0/include/libbb.h	2023-08-16 20:44:39.681109910 +0000
@@ -472,7 +472,7 @@
 	FILEUTILS_MAKE_SOFTLINK   = 1 << 7, /* -s */
 	FILEUTILS_DEREF_SOFTLINK  = 1 << 8, /* -L */
 	FILEUTILS_DEREFERENCE_L0  = 1 << 9, /* -H */
-	/* -a = -pdR (mapped in cp.c) */
+	FILEUTILS_ARCHIVE         = 1 << 9, /* -a = -pdR, -pdRc if SELinux (mapped in cp.c) */
 	/* -r = -dR  (mapped in cp.c) */
 	/* -P = -d   (mapped in cp.c) */
 	FILEUTILS_VERBOSE         = (1 << 13) * ENABLE_FEATURE_VERBOSE,	/* -v */