|
|
e2ef9d |
From b3c63ad0f9c5c35d80fabeb0ca7abd86f34aad0e Mon Sep 17 00:00:00 2001
|
|
|
e2ef9d |
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
e2ef9d |
Date: Thu, 3 Feb 2022 17:53:25 +0100
|
|
|
e2ef9d |
Subject: [PATCH] libsemanage: clean up semanage_direct_commit() a bit
|
|
|
e2ef9d |
|
|
|
e2ef9d |
Do some minor cosmetic cleanup, mainly to eliminate the 'rebuilt' goto
|
|
|
e2ef9d |
label.
|
|
|
e2ef9d |
|
|
|
e2ef9d |
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
e2ef9d |
---
|
|
|
e2ef9d |
libsemanage/src/direct_api.c | 91 ++++++++++++++++++------------------
|
|
|
e2ef9d |
1 file changed, 45 insertions(+), 46 deletions(-)
|
|
|
e2ef9d |
|
|
|
e2ef9d |
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
|
|
e2ef9d |
index aa2bfcf35016..bed1e1eda78f 100644
|
|
|
e2ef9d |
--- a/libsemanage/src/direct_api.c
|
|
|
e2ef9d |
+++ b/libsemanage/src/direct_api.c
|
|
|
e2ef9d |
@@ -994,6 +994,16 @@ cleanup:
|
|
|
e2ef9d |
return status;
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
|
|
|
e2ef9d |
+/* Files that must exist in order to skip policy rebuild. */
|
|
|
e2ef9d |
+static const int semanage_computed_files[] = {
|
|
|
e2ef9d |
+ SEMANAGE_STORE_KERNEL,
|
|
|
e2ef9d |
+ SEMANAGE_STORE_FC,
|
|
|
e2ef9d |
+ SEMANAGE_STORE_SEUSERS,
|
|
|
e2ef9d |
+ SEMANAGE_LINKED,
|
|
|
e2ef9d |
+ SEMANAGE_SEUSERS_LINKED,
|
|
|
e2ef9d |
+ SEMANAGE_USERS_EXTRA_LINKED
|
|
|
e2ef9d |
+};
|
|
|
e2ef9d |
+
|
|
|
e2ef9d |
/* Copies a file from src to dst. If dst already exists then
|
|
|
e2ef9d |
* overwrite it. If source doesn't exist then return success.
|
|
|
e2ef9d |
* Returns 0 on success, -1 on error. */
|
|
|
e2ef9d |
@@ -1053,6 +1063,14 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
|
|
e2ef9d |
seusers_modified = seusers->dtable->is_modified(seusers->dbase);
|
|
|
e2ef9d |
fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase);
|
|
|
e2ef9d |
|
|
|
e2ef9d |
+ /* Before we do anything else, flush the join to its component parts.
|
|
|
e2ef9d |
+ * This *does not* flush to disk automatically */
|
|
|
e2ef9d |
+ if (users->dtable->is_modified(users->dbase)) {
|
|
|
e2ef9d |
+ retval = users->dtable->flush(sh, users->dbase);
|
|
|
e2ef9d |
+ if (retval < 0)
|
|
|
e2ef9d |
+ goto cleanup;
|
|
|
e2ef9d |
+ }
|
|
|
e2ef9d |
+
|
|
|
e2ef9d |
/* Rebuild if explicitly requested or any module changes occurred. */
|
|
|
e2ef9d |
do_rebuild = sh->do_rebuild | sh->modules_modified;
|
|
|
e2ef9d |
|
|
|
e2ef9d |
@@ -1119,14 +1137,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
|
|
|
e2ef9d |
- /* Before we do anything else, flush the join to its component parts.
|
|
|
e2ef9d |
- * This *does not* flush to disk automatically */
|
|
|
e2ef9d |
- if (users->dtable->is_modified(users->dbase)) {
|
|
|
e2ef9d |
- retval = users->dtable->flush(sh, users->dbase);
|
|
|
e2ef9d |
- if (retval < 0)
|
|
|
e2ef9d |
- goto cleanup;
|
|
|
e2ef9d |
- }
|
|
|
e2ef9d |
-
|
|
|
e2ef9d |
/*
|
|
|
e2ef9d |
* This is for systems that have already migrated with an older version
|
|
|
e2ef9d |
* of semanage_migrate_store. The older version did not copy
|
|
|
e2ef9d |
@@ -1135,48 +1145,20 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
|
|
e2ef9d |
* in order to skip re-linking are present; otherwise, we force
|
|
|
e2ef9d |
* a rebuild.
|
|
|
e2ef9d |
*/
|
|
|
e2ef9d |
- if (!do_rebuild) {
|
|
|
e2ef9d |
- int files[] = {SEMANAGE_STORE_KERNEL,
|
|
|
e2ef9d |
- SEMANAGE_STORE_FC,
|
|
|
e2ef9d |
- SEMANAGE_STORE_SEUSERS,
|
|
|
e2ef9d |
- SEMANAGE_LINKED,
|
|
|
e2ef9d |
- SEMANAGE_SEUSERS_LINKED,
|
|
|
e2ef9d |
- SEMANAGE_USERS_EXTRA_LINKED};
|
|
|
e2ef9d |
-
|
|
|
e2ef9d |
- for (i = 0; i < (int) ARRAY_SIZE(files); i++) {
|
|
|
e2ef9d |
- path = semanage_path(SEMANAGE_TMP, files[i]);
|
|
|
e2ef9d |
- if (stat(path, &sb) != 0) {
|
|
|
e2ef9d |
- if (errno != ENOENT) {
|
|
|
e2ef9d |
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
|
|
|
e2ef9d |
- retval = -1;
|
|
|
e2ef9d |
- goto cleanup;
|
|
|
e2ef9d |
- }
|
|
|
e2ef9d |
-
|
|
|
e2ef9d |
- do_rebuild = 1;
|
|
|
e2ef9d |
- goto rebuild;
|
|
|
e2ef9d |
+ for (i = 0; !do_rebuild && i < (int)ARRAY_SIZE(semanage_computed_files); i++) {
|
|
|
e2ef9d |
+ path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]);
|
|
|
e2ef9d |
+ if (stat(path, &sb) != 0) {
|
|
|
e2ef9d |
+ if (errno != ENOENT) {
|
|
|
e2ef9d |
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
|
|
|
e2ef9d |
+ retval = -1;
|
|
|
e2ef9d |
+ goto cleanup;
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
+
|
|
|
e2ef9d |
+ do_rebuild = 1;
|
|
|
e2ef9d |
+ break;
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
|
|
|
e2ef9d |
-rebuild:
|
|
|
e2ef9d |
- /*
|
|
|
e2ef9d |
- * Now that we know whether or not a rebuild is required,
|
|
|
e2ef9d |
- * we can determine what else needs to be done.
|
|
|
e2ef9d |
- * We need to write the kernel policy if we are rebuilding
|
|
|
e2ef9d |
- * or if any other policy component that lives in the kernel
|
|
|
e2ef9d |
- * policy has been modified.
|
|
|
e2ef9d |
- * We need to install the policy files if any of the managed files
|
|
|
e2ef9d |
- * that live under /etc/selinux (kernel policy, seusers, file contexts)
|
|
|
e2ef9d |
- * will be modified.
|
|
|
e2ef9d |
- */
|
|
|
e2ef9d |
- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
|
|
|
e2ef9d |
- ibendports_modified |
|
|
|
e2ef9d |
- bools->dtable->is_modified(bools->dbase) |
|
|
|
e2ef9d |
- ifaces->dtable->is_modified(ifaces->dbase) |
|
|
|
e2ef9d |
- nodes->dtable->is_modified(nodes->dbase) |
|
|
|
e2ef9d |
- users->dtable->is_modified(users_base->dbase);
|
|
|
e2ef9d |
- do_install = do_write_kernel | seusers_modified | fcontexts_modified;
|
|
|
e2ef9d |
-
|
|
|
e2ef9d |
/*
|
|
|
e2ef9d |
* If there were policy changes, or explicitly requested, or
|
|
|
e2ef9d |
* any required files are missing, rebuild the policy.
|
|
|
e2ef9d |
@@ -1330,6 +1312,23 @@ rebuild:
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
}
|
|
|
e2ef9d |
|
|
|
e2ef9d |
+ /*
|
|
|
e2ef9d |
+ * Determine what else needs to be done.
|
|
|
e2ef9d |
+ * We need to write the kernel policy if we are rebuilding
|
|
|
e2ef9d |
+ * or if any other policy component that lives in the kernel
|
|
|
e2ef9d |
+ * policy has been modified.
|
|
|
e2ef9d |
+ * We need to install the policy files if any of the managed files
|
|
|
e2ef9d |
+ * that live under /etc/selinux (kernel policy, seusers, file contexts)
|
|
|
e2ef9d |
+ * will be modified.
|
|
|
e2ef9d |
+ */
|
|
|
e2ef9d |
+ do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
|
|
|
e2ef9d |
+ ibendports_modified |
|
|
|
e2ef9d |
+ bools->dtable->is_modified(bools->dbase) |
|
|
|
e2ef9d |
+ ifaces->dtable->is_modified(ifaces->dbase) |
|
|
|
e2ef9d |
+ nodes->dtable->is_modified(nodes->dbase) |
|
|
|
e2ef9d |
+ users->dtable->is_modified(users_base->dbase);
|
|
|
e2ef9d |
+ do_install = do_write_kernel | seusers_modified | fcontexts_modified;
|
|
|
e2ef9d |
+
|
|
|
e2ef9d |
/* Attach our databases to the policydb we just created or loaded. */
|
|
|
e2ef9d |
dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out);
|
|
|
e2ef9d |
dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
|
|
|
e2ef9d |
--
|
|
|
e2ef9d |
2.34.1
|
|
|
e2ef9d |
|