On Thu, Jan 3, 2019 at 1:03 PM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote:
>
> The sorting order seems to be fragile because '100' < '99', so the policy
> filename needs to be parsed in order to extract the version as an integer and
> sort according to it.
>
> Based on idea from Nicolas Iooss <nicolas.iooss@xxxxxxx>
>
> Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
Thanks, merged all 5 commits.
Nicolas
> ---
> python/sepolicy/sepolicy/__init__.py | 25 ++++++++++++++++++-------
> 1 file changed, 18 insertions(+), 7 deletions(-)
>
> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
> index b69a6b94..6f729472 100644
> --- a/python/sepolicy/sepolicy/__init__.py
> +++ b/python/sepolicy/sepolicy/__init__.py
> @@ -119,23 +119,34 @@ all_allow_rules = None
> all_transitions = None
>
>
> +def policy_sortkey(policy_path):
> + # Parse the extension of a policy path which looks like .../policy/policy.31
> + extension = policy_path.rsplit('/policy.', 1)[1]
> + try:
> + return int(extension), policy_path
> + except ValueError:
> + # Fallback with sorting on the full path
> + return 0, policy_path
> +
> def get_installed_policy(root="/"):
> try:
> path = root + selinux.selinux_binary_policy_path()
> policies = glob.glob("%s.*" % path)
> - policies.sort()
> + policies.sort(key=policy_sortkey)
> return policies[-1]
> except:
> pass
> raise ValueError(_("No SELinux Policy installed"))
>
> -def get_store_policy(store, root="/"):
> - try:
> - policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store))
> - policies.sort()
> - return policies[-1]
> - except:
> +def get_store_policy(store):
> + """Get the path to the policy file located in the given store name"""
> + policies = glob.glob("%s%s/policy/policy.*" %
> + (selinux.selinux_path(), store))
> + if not policies:
> return None
> + # Return the policy with the higher version number
> + policies.sort(key=policy_sortkey)
> + return policies[-1]
>
> def policy(policy_file):
> global all_domains
> --
> 2.20.1
>
