-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. This patch allows us to build a policy to ship within the RPM rather then always requiring us to build at install time. Probably useful for embedded users also. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5D5QcACgkQrlYvE4MpobN9xwCgjBmkNvmarovifeR2yDHEzxis WOAAn3ZhNsGamdqVHvIbSAyitljX5Is2 =qeoY -----END PGP SIGNATURE-----
>From ee8d3b02998c01495777cd98c385c784f5b4c92e Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Wed, 29 Jun 2011 01:12:25 -0400
Subject: [PATCH 12/96] libsemanage: introduce semanage_set_root and friends
Allow applications to specify an alternate root for selinux stores.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
libsemanage/include/semanage/handle.h | 3 +
libsemanage/man/man3/semanage_set_root.3 | 22 +++++
libsemanage/src/conf-parse.y | 5 +-
libsemanage/src/direct_api.c | 8 +-
libsemanage/src/handle.c | 133 ++++++++++++++++++++++++++++++
libsemanage/src/handle_internal.h | 17 +++-
libsemanage/src/libsemanage.map | 1 +
libsemanage/src/semanage_store.c | 26 +++---
8 files changed, 193 insertions(+), 22 deletions(-)
create mode 100644 libsemanage/man/man3/semanage_set_root.3
diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h
index a482cdd..e303713 100644
--- a/libsemanage/include/semanage/handle.h
+++ b/libsemanage/include/semanage/handle.h
@@ -126,6 +126,9 @@ int semanage_is_connected(semanage_handle_t * sh);
/* returns 1 if policy is MLS, 0 otherwise. */
int semanage_mls_enabled(semanage_handle_t *sh);
+/* Change to alternate selinux root path */
+int semanage_set_root(const char *path);
+
/* META NOTES
*
* For all functions a non-negative number indicates success. For some
diff --git a/libsemanage/man/man3/semanage_set_root.3 b/libsemanage/man/man3/semanage_set_root.3
new file mode 100644
index 0000000..2ae0f17
--- /dev/null
+++ b/libsemanage/man/man3/semanage_set_root.3
@@ -0,0 +1,22 @@
+.TH semanage_set_root 3 "1 June 2011" "dwalsh@xxxxxxxxxx" "Libsemanage API documentation"
+
+.SH "NAME"
+semanage_set_root \- SELinux Management API
+
+.SH "SYNOPSIS"
+Set the alternate root directory for SELinux configuration directory.
+
+.B #include <semanage/handle.h>
+
+.B extern const char *semanage_set_root(const char *path);
+
+.SH "DESCRIPTION"
+.TP
+This function sets an alternate root directory to for SELinux configuration paths to be used by the semanage library.
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned.
+Otherwise 0 is returned.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 9b261b9..77c00b2 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -21,6 +21,7 @@
%{
#include "semanage_conf.h"
+#include "handle.h"
#include <sepol/policydb.h>
#include <selinux/selinux.h>
@@ -260,7 +261,7 @@ external_opt: PROG_PATH '=' ARG { PASSIGN(new_external->path, $3); }
static int semanage_conf_init(semanage_conf_t * conf)
{
conf->store_type = SEMANAGE_CON_DIRECT;
- conf->store_path = strdup(basename(selinux_policy_root()));
+ conf->store_path = strdup(basename(semanage_policy_root()));
conf->policyvers = sepol_policy_kern_vers_max();
conf->expand_check = 1;
conf->handle_unknown = -1;
@@ -390,7 +391,7 @@ static int parse_module_store(char *arg)
if (strcmp(arg, "direct") == 0) {
current_conf->store_type = SEMANAGE_CON_DIRECT;
current_conf->store_path =
- strdup(basename(selinux_policy_root()));
+ strdup(basename(semanage_policy_root()));
current_conf->server_port = -1;
free(arg);
} else if (*arg == '/') {
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 5f82328..aac1974 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -2,7 +2,7 @@
* Christopher Ashworth <cashworth@xxxxxxxxxx>
*
* Copyright (C) 2004-2006 Tresys Technology, LLC
- * Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2005-2011 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -95,7 +95,7 @@ int semanage_direct_is_managed(semanage_handle_t * sh)
{
char polpath[PATH_MAX];
- snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
+ snprintf(polpath, PATH_MAX, "%s%s", semanage_selinux_path(),
sh->conf->store_path);
if (semanage_check_init(polpath))
@@ -118,7 +118,7 @@ int semanage_direct_connect(semanage_handle_t * sh)
char polpath[PATH_MAX];
const char *path;
- snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
+ snprintf(polpath, PATH_MAX, "%s%s", semanage_selinux_path(),
sh->conf->store_path);
if (semanage_check_init(polpath))
@@ -1539,7 +1539,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
{
char polpath[PATH_MAX];
- snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
+ snprintf(polpath, PATH_MAX, "%s%s", semanage_selinux_path(),
sh->conf->store_path);
if (semanage_check_init(polpath))
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
index 76caefd..647f0ee 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -38,6 +38,139 @@
#define SEMANAGE_COMMIT_READ_WAIT 5
+#include <string.h>
+#include <selinux/selinux.h>
+static char *private_selinux_path = NULL;
+static char *private_file_context_path = NULL;
+static char *private_file_context_local_path = NULL;
+static char *private_file_context_homedir_path = NULL;
+static char *private_homedir_context_path = NULL;
+static char *private_binary_policy_path = NULL;
+static char *private_usersconf_path = NULL;
+static char *private_netfilter_context_path = NULL;
+static char *private_policy_root = NULL;
+
+void semanage_free_root() {
+ free(private_selinux_path); private_selinux_path = NULL;
+ free(private_file_context_path); private_file_context_path = NULL;
+ free(private_file_context_local_path); private_file_context_local_path = NULL;
+ free(private_file_context_homedir_path); private_file_context_homedir_path = NULL;
+ free(private_homedir_context_path); private_homedir_context_path = NULL;
+ free(private_binary_policy_path); private_binary_policy_path = NULL;
+ free(private_usersconf_path); private_usersconf_path = NULL;
+ free(private_netfilter_context_path); private_netfilter_context_path = NULL;
+ free(private_policy_root); private_policy_root = NULL;
+}
+
+int semanage_set_root(const char *path) {
+ semanage_free_root();
+ if ( asprintf(&private_selinux_path, "%s/%s", path, selinux_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_file_context_path, "%s/%s", path, selinux_file_context_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_file_context_local_path, "%s/%s", path, selinux_file_context_local_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_homedir_context_path, "%s/%s", path, selinux_homedir_context_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_file_context_homedir_path, "%s/%s", path, selinux_file_context_homedir_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_binary_policy_path, "%s/%s", path, selinux_binary_policy_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_usersconf_path, "%s/%s", path, selinux_usersconf_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_netfilter_context_path, "%s/%s", path, selinux_netfilter_context_path()) < 0 ) {
+ goto error;
+ }
+
+ if ( asprintf(&private_policy_root, "%s/%s", path, selinux_policy_root()) < 0 ) {
+ goto error;
+ }
+
+ return 0;
+error:
+ semanage_free_root();
+ return -1;
+}
+hidden_def(semanage_set_root)
+
+const char *semanage_file_context_path() {
+// printf("private_file_context_path %s\n", private_file_context_path);
+ if (private_file_context_path)
+ return private_file_context_path;
+ return selinux_file_context_path();
+}
+
+const char *semanage_file_context_local_path() {
+// printf("private_file_context_local_path %s\n", private_file_context_local_path);
+ if (private_file_context_local_path)
+ return private_file_context_local_path;
+ return selinux_file_context_local_path();
+}
+
+const char *semanage_file_context_homedir_path() {
+// printf("private_file_context_homedir_path %s\n", private_file_context_homedir_path);
+ if (private_file_context_homedir_path)
+ return private_file_context_homedir_path;
+
+ return selinux_file_context_homedir_path();
+}
+
+const char *semanage_homedir_context_path() {
+// printf("private_homedir_context_path %s\n", private_homedir_context_path);
+ if (private_homedir_context_path)
+ return private_homedir_context_path;
+ return selinux_homedir_context_path();
+}
+
+const char *semanage_binary_policy_path() {
+// printf("private_binary_policy_path %s\n", private_binary_policy_path);
+ if (private_binary_policy_path)
+ return private_binary_policy_path;
+ return selinux_binary_policy_path();
+}
+
+const char *semanage_usersconf_path() {
+// printf("private_usersconf_path %s\n", private_usersconf_path);
+ if (private_usersconf_path)
+ return private_usersconf_path;
+ return selinux_usersconf_path();
+}
+
+const char *semanage_netfilter_context_path() {
+// printf("private_netfilter_context_path %s\n", private_netfilter_context_path);
+ if (private_netfilter_context_path)
+ return private_netfilter_context_path;
+ return selinux_netfilter_context_path();
+}
+
+const char *semanage_policy_root() {
+// printf("private_policy_root %s\n", private_policy_root);
+ if (private_policy_root)
+ return private_policy_root;
+ return selinux_policy_root();
+}
+
+const char *semanage_selinux_path(void) {
+// printf("private_selinux_path %s\n", private_selinux_path);
+ if (private_selinux_path)
+ return private_selinux_path;
+ return selinux_path();
+}
+
semanage_handle_t *semanage_handle_create(void)
{
semanage_handle_t *sh = NULL;
diff --git a/libsemanage/src/handle_internal.h b/libsemanage/src/handle_internal.h
index 8493a39..2971600 100644
--- a/libsemanage/src/handle_internal.h
+++ b/libsemanage/src/handle_internal.h
@@ -5,7 +5,18 @@
#include "dso.h"
hidden_proto(semanage_begin_transaction)
- hidden_proto(semanage_handle_destroy)
- hidden_proto(semanage_reload_policy)
- hidden_proto(semanage_access_check)
+hidden_proto(semanage_handle_destroy)
+hidden_proto(semanage_reload_policy)
+hidden_proto(semanage_access_check)
+hidden_proto(semanage_set_root)
+
+extern const char *semanage_selinux_path(void);
+extern const char *semanage_file_context_path();
+extern const char *semanage_file_context_local_path();
+extern const char *semanage_file_context_homedir_path();
+extern const char *semanage_homedir_context_path();
+extern const char *semanage_binary_policy_path();
+extern const char *semanage_usersconf_path();
+extern const char *semanage_netfilter_context_path();
+extern const char *semanage_policy_root();
#endif
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
index 762e20e..3222e3d 100644
--- a/libsemanage/src/libsemanage.map
+++ b/libsemanage/src/libsemanage.map
@@ -14,6 +14,7 @@ LIBSEMANAGE_1.0 {
semanage_module_get_version; semanage_select_store;
semanage_module_get_enabled;
semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+ semanage_set_root;
semanage_user_*; semanage_bool_*; semanage_seuser_*;
semanage_iface_*; semanage_port_*; semanage_context_*;
semanage_node_*;
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 3321609..eb375ba 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -90,7 +90,7 @@ static const char *semanage_store_paths[SEMANAGE_NUM_STORES] = {
"/tmp"
};
-/* this is the module store path relative to selinux_policy_root() */
+/* this is the module store path relative to semanage_policy_root() */
#define SEMANAGE_MOD_DIR "/modules"
/* relative path names to enum sandbox_paths for special files within
* a sandbox */
@@ -170,11 +170,11 @@ static int semanage_init_paths(const char *root)
semanage_relative_files[i]);
}
- len = strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE);
+ len = strlen(semanage_selinux_path()) + strlen(SEMANAGE_CONF_FILE);
semanage_conf = calloc(len + 1, sizeof(char));
if (!semanage_conf)
return -1;
- snprintf(semanage_conf, len, "%s%s", selinux_path(),
+ snprintf(semanage_conf, len, "%s%s", semanage_selinux_path(),
SEMANAGE_CONF_FILE);
return 0;
@@ -1071,14 +1071,14 @@ static int semanage_install_active(semanage_handle_t * sh)
const char *active_fc_hd =
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
- const char *running_fc = selinux_file_context_path();
- const char *running_fc_loc = selinux_file_context_local_path();
- const char *running_fc_hd = selinux_file_context_homedir_path();
- const char *running_hd = selinux_homedir_context_path();
- const char *running_policy = selinux_binary_policy_path();
- const char *running_seusers = selinux_usersconf_path();
- const char *running_nc = selinux_netfilter_context_path();
- const char *really_active_store = selinux_policy_root();
+ const char *running_fc = semanage_file_context_path();
+ const char *running_fc_loc = semanage_file_context_local_path();
+ const char *running_fc_hd = semanage_file_context_homedir_path();
+ const char *running_hd = semanage_homedir_context_path();
+ const char *running_policy = semanage_binary_policy_path();
+ const char *running_seusers = semanage_usersconf_path();
+ const char *running_nc = semanage_netfilter_context_path();
+ const char *really_active_store = semanage_policy_root();
/* This is very unelegant, the right thing to do is export the path
* building code in libselinux so that you can get paths for a given
@@ -1099,11 +1099,11 @@ static int semanage_install_active(semanage_handle_t * sh)
running_seusers += len;
running_nc += len;
- len = strlen(selinux_path()) + strlen(sh->conf->store_path) + 1;
+ len = strlen(semanage_selinux_path()) + strlen(sh->conf->store_path) + 1;
storepath = (char *)malloc(len);
if (!storepath)
goto cleanup;
- snprintf(storepath, PATH_MAX, "%s%s", selinux_path(),
+ snprintf(storepath, PATH_MAX, "%s%s", semanage_selinux_path(),
sh->conf->store_path);
snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
--
1.7.6
Attachment:
0012-libsemanage-introduce-semanage_set_root-and-friends.patch.sig
Description: PGP signature
