-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk44GP8ACgkQrlYvE4MpobP6MwCfVAHy2+4K93JcTDegrtRMvAGG 77EAnAkUFerYEqCVcieQMMmmZ5ZV0lFr =2/nl -----END PGP SIGNATURE-----
>From 0d220360086ab6f7bc65d2ba96e906b80e91f7b2 Mon Sep 17 00:00:00 2001
From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Date: Mon, 18 Apr 2011 16:41:40 +0100
Subject: [PATCH 12/92] libselinux: selabel_open fix processing of
substitution files
libselinux selabel_open function always processed the substitution files (if
installed) from the active policy contexts/files/file_contexts.subs and
subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This
patch now processes the correct subs files when selabel_open is called with
SELABEL_CTX_FILE. The other backends could also process their own substitution
files if needed in their own areas.
[move the init declaration to label_internal.h - eparis]
Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
libselinux/src/label.c | 4 +---
libselinux/src/label_file.c | 12 ++++++++++++
libselinux/src/label_internal.h | 3 +++
3 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index ba316df..7d71e72 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -56,7 +56,7 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src)
return NULL;
}
-static struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list)
+struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list)
{
char buf[1024];
FILE *cfg = fopen(path, "r");
@@ -161,8 +161,6 @@ struct selabel_handle *selabel_open(unsigned int backend,
rec->validating = selabel_is_validate_set(opts, nopts);
rec->subs = NULL;
- rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs);
- rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs);
if ((*initfuncs[backend])(rec, opts, nopts)) {
free(rec);
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 937e509..af7fd8f 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -406,6 +406,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
FILE *homedirfp = NULL;
char local_path[PATH_MAX + 1];
char homedir_path[PATH_MAX + 1];
+ char subs_file[PATH_MAX + 1];
char *line_buf = NULL;
size_t line_len = 0;
unsigned int lineno, pass, i, j, maxnspec;
@@ -427,6 +428,17 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
break;
}
+ /* Process local and distribution substitution files */
+ if (!path) {
+ rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs);
+ rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs);
+ } else {
+ snprintf(subs_file, sizeof(subs_file), "%s.subs_dist", path);
+ rec->subs = selabel_subs_init(subs_file, rec->subs);
+ snprintf(subs_file, sizeof(subs_file), "%s.subs", path);
+ rec->subs = selabel_subs_init(subs_file, rec->subs);
+ }
+
/* Open the specification file. */
if (!path)
path = selinux_file_context_path();
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index 008e09d..02dbe73 100644
--- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h
@@ -36,6 +36,9 @@ struct selabel_sub {
struct selabel_sub *next;
};
+extern struct selabel_sub *selabel_subs_init(const char *path,
+ struct selabel_sub *list);
+
struct selabel_lookup_rec {
security_context_t ctx_raw;
security_context_t ctx_trans;
--
1.7.6
Attachment:
0012-libselinux-selabel_open-fix-processing-of-substituti.patch.sig
Description: PGP signature
