[PATCH 23/84] libsemanage: Add sefcontext_compile to compile regex

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlD+pTMACgkQrlYvE4MpobN9igCglmzusnP7MZwuGW6/CEttJ5NZ
sg0AoOHh32hRiaIGkhZfZ/heWP8o1MB5
=Gi4Z
-----END PGP SIGNATURE-----

>From 2f7a0176fcdaf94f0a7a2276e4963c4bf4113970 Mon Sep 17 00:00:00 2001
From: rhatdan <dwalsh@xxxxxxxxxx>
Date: Fri, 14 Sep 2012 10:52:08 -0400
Subject: [PATCH 23/84] libsemanage: Add sefcontext_compile to compile regex
 everytime policy is rebuilt

---
 libsemanage/src/conf-parse.y     | 25 ++++++++++++++++++++++++-
 libsemanage/src/conf-scan.l      |  1 +
 libsemanage/src/semanage_conf.h  |  1 +
 libsemanage/src/semanage_store.c | 26 ++++++++++++++++++++++++++
 4 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index bbdac1d..80d08ec 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -58,7 +58,7 @@ static int parse_errors;
 }
 
 %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
-%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
+%token LOAD_POLICY_START SETFILES_START SEFCONTEXT_COMPILE_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
 %token BZIP_BLOCKSIZE BZIP_SMALL
 %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
 %token PROG_PATH PROG_ARGS
@@ -230,6 +230,14 @@ command_start:
                                 YYABORT;
                         }
                 }
+        |       SEFCONTEXT_COMPILE_START {
+                        semanage_conf_external_prog_destroy(current_conf->sefcontext_compile);
+                        current_conf->sefcontext_compile = NULL;
+                        if (new_external_prog(&current_conf->sefcontext_compile) == -1) {
+                                parse_errors++;
+                                YYABORT;
+                        }
+                }
         ;
 
 verify_block:   verify_start external_opts BLOCK_END  {
@@ -308,6 +316,20 @@ static int semanage_conf_init(semanage_conf_t * conf)
 		return -1;
 	}
 
+	if ((conf->sefcontext_compile =
+	     calloc(1, sizeof(*(current_conf->sefcontext_compile)))) == NULL) {
+		return -1;
+	}
+	if (access("/sbin/sefcontext_compile", X_OK) == 0) {
+		conf->sefcontext_compile->path = strdup("/sbin/sefcontext_compile");
+	} else {
+		conf->sefcontext_compile->path = strdup("/usr/sbin/sefcontext_compile");
+	}
+	if ((conf->sefcontext_compile->path == NULL) ||
+	    (conf->sefcontext_compile->args = strdup("$@")) == NULL) {
+		return -1;
+	}
+
 	return 0;
 }
 
@@ -363,6 +385,7 @@ void semanage_conf_destroy(semanage_conf_t * conf)
 		free(conf->ignoredirs);
 		semanage_conf_external_prog_destroy(conf->load_policy);
 		semanage_conf_external_prog_destroy(conf->setfiles);
+		semanage_conf_external_prog_destroy(conf->sefcontext_compile);
 		semanage_conf_external_prog_destroy(conf->mod_prog);
 		semanage_conf_external_prog_destroy(conf->linked_prog);
 		semanage_conf_external_prog_destroy(conf->kernel_prog);
diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
index 7ef4154..41ba044 100644
--- a/libsemanage/src/conf-scan.l
+++ b/libsemanage/src/conf-scan.l
@@ -53,6 +53,7 @@ bzip-blocksize	return BZIP_BLOCKSIZE;
 bzip-small	return BZIP_SMALL;
 "[load_policy]"   return LOAD_POLICY_START;
 "[setfiles]"      return SETFILES_START;
+"[sefcontext_compile]"      return SEFCONTEXT_COMPILE_START;
 "[verify module]" return VERIFY_MOD_START;
 "[verify linked]" return VERIFY_LINKED_START;
 "[verify kernel]" return VERIFY_KERNEL_START;
diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
index 95f8ec3..9b7852c 100644
--- a/libsemanage/src/semanage_conf.h
+++ b/libsemanage/src/semanage_conf.h
@@ -46,6 +46,7 @@ typedef struct semanage_conf {
 	char *ignoredirs;	/* ";" separated of list for genhomedircon to ignore */
 	struct external_prog *load_policy;
 	struct external_prog *setfiles;
+	struct external_prog *sefcontext_compile;
 	struct external_prog *mod_prog, *linked_prog, *kernel_prog;
 } semanage_conf_t;
 
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 9c4b1fe..2fab63e 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -1100,6 +1100,17 @@ int semanage_split_fc(semanage_handle_t * sh)
 
 }
 
+static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
+
+	int r;
+	if ((r = semanage_exec_prog(sh, sh->conf->sefcontext_compile, path, "")) != 0) {
+		ERR(sh, "sefcontext_compile returned error code %d. Compiling %s", r, path);
+		return -1;
+	}
+
+	return 0;
+}
+
 /* Actually load the contents of the current active directory into the
  * kernel.  Return 0 on success, -3 on error. */
 static int semanage_install_active(semanage_handle_t * sh)
@@ -1232,6 +1243,16 @@ static int semanage_install_active(semanage_handle_t * sh)
 		goto cleanup;
 	}
 
+	if (sefcontext_compile(sh, store_fc) != 0) {
+		goto cleanup;
+	}
+	if (sefcontext_compile(sh, store_fc_loc) != 0) {
+		goto cleanup;
+	}
+	if (sefcontext_compile(sh, store_fc_hd) != 0) {
+		goto cleanup;
+	}
+
 	retval = 0;
       cleanup:
 	free(storepath);
@@ -1370,6 +1391,11 @@ int semanage_install_sandbox(semanage_handle_t * sh)
 		goto cleanup;
 	}
 
+	if (sh->conf->sefcontext_compile == NULL) {
+		ERR(sh, "No sefcontext_compile program specified in configuration file.");
+		goto cleanup;
+	}
+
 	if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
 		retval = commit_num;
 		goto cleanup;
-- 
1.8.1