Blame SOURCES/0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch

e2ef9d
From b3c63ad0f9c5c35d80fabeb0ca7abd86f34aad0e Mon Sep 17 00:00:00 2001
e2ef9d
From: Ondrej Mosnacek <omosnace@redhat.com>
e2ef9d
Date: Thu, 3 Feb 2022 17:53:25 +0100
e2ef9d
Subject: [PATCH] libsemanage: clean up semanage_direct_commit() a bit
e2ef9d
e2ef9d
Do some minor cosmetic cleanup, mainly to eliminate the 'rebuilt' goto
e2ef9d
label.
e2ef9d
e2ef9d
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
e2ef9d
---
e2ef9d
 libsemanage/src/direct_api.c | 91 ++++++++++++++++++------------------
e2ef9d
 1 file changed, 45 insertions(+), 46 deletions(-)
e2ef9d
e2ef9d
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
e2ef9d
index aa2bfcf35016..bed1e1eda78f 100644
e2ef9d
--- a/libsemanage/src/direct_api.c
e2ef9d
+++ b/libsemanage/src/direct_api.c
e2ef9d
@@ -994,6 +994,16 @@ cleanup:
e2ef9d
 	return status;
e2ef9d
 }
e2ef9d
 
e2ef9d
+/* Files that must exist in order to skip policy rebuild. */
e2ef9d
+static const int semanage_computed_files[] = {
e2ef9d
+	SEMANAGE_STORE_KERNEL,
e2ef9d
+	SEMANAGE_STORE_FC,
e2ef9d
+	SEMANAGE_STORE_SEUSERS,
e2ef9d
+	SEMANAGE_LINKED,
e2ef9d
+	SEMANAGE_SEUSERS_LINKED,
e2ef9d
+	SEMANAGE_USERS_EXTRA_LINKED
e2ef9d
+};
e2ef9d
+
e2ef9d
 /* Copies a file from src to dst. If dst already exists then
e2ef9d
  * overwrite it. If source doesn't exist then return success.
e2ef9d
  * Returns 0 on success, -1 on error. */
e2ef9d
@@ -1053,6 +1063,14 @@ static int semanage_direct_commit(semanage_handle_t * sh)
e2ef9d
 	seusers_modified = seusers->dtable->is_modified(seusers->dbase);
e2ef9d
 	fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase);
e2ef9d
 
e2ef9d
+	/* Before we do anything else, flush the join to its component parts.
e2ef9d
+	 * This *does not* flush to disk automatically */
e2ef9d
+	if (users->dtable->is_modified(users->dbase)) {
e2ef9d
+		retval = users->dtable->flush(sh, users->dbase);
e2ef9d
+		if (retval < 0)
e2ef9d
+			goto cleanup;
e2ef9d
+	}
e2ef9d
+
e2ef9d
 	/* Rebuild if explicitly requested or any module changes occurred. */
e2ef9d
 	do_rebuild = sh->do_rebuild | sh->modules_modified;
e2ef9d
 
e2ef9d
@@ -1119,14 +1137,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
e2ef9d
 		}
e2ef9d
 	}
e2ef9d
 
e2ef9d
-	/* Before we do anything else, flush the join to its component parts.
e2ef9d
-	 * This *does not* flush to disk automatically */
e2ef9d
-	if (users->dtable->is_modified(users->dbase)) {
e2ef9d
-		retval = users->dtable->flush(sh, users->dbase);
e2ef9d
-		if (retval < 0)
e2ef9d
-			goto cleanup;
e2ef9d
-	}
e2ef9d
-
e2ef9d
 	/*
e2ef9d
 	 * This is for systems that have already migrated with an older version
e2ef9d
 	 * of semanage_migrate_store. The older version did not copy
e2ef9d
@@ -1135,48 +1145,20 @@ static int semanage_direct_commit(semanage_handle_t * sh)
e2ef9d
 	 * in order to skip re-linking are present; otherwise, we force
e2ef9d
 	 * a rebuild.
e2ef9d
 	 */
e2ef9d
-	if (!do_rebuild) {
e2ef9d
-		int files[] = {SEMANAGE_STORE_KERNEL,
e2ef9d
-					   SEMANAGE_STORE_FC,
e2ef9d
-					   SEMANAGE_STORE_SEUSERS,
e2ef9d
-					   SEMANAGE_LINKED,
e2ef9d
-					   SEMANAGE_SEUSERS_LINKED,
e2ef9d
-					   SEMANAGE_USERS_EXTRA_LINKED};
e2ef9d
-
e2ef9d
-		for (i = 0; i < (int) ARRAY_SIZE(files); i++) {
e2ef9d
-			path = semanage_path(SEMANAGE_TMP, files[i]);
e2ef9d
-			if (stat(path, &sb) != 0) {
e2ef9d
-				if (errno != ENOENT) {
e2ef9d
-					ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
e2ef9d
-					retval = -1;
e2ef9d
-					goto cleanup;
e2ef9d
-				}
e2ef9d
-
e2ef9d
-				do_rebuild = 1;
e2ef9d
-				goto rebuild;
e2ef9d
+	for (i = 0; !do_rebuild && i < (int)ARRAY_SIZE(semanage_computed_files); i++) {
e2ef9d
+		path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]);
e2ef9d
+		if (stat(path, &sb) != 0) {
e2ef9d
+			if (errno != ENOENT) {
e2ef9d
+				ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
e2ef9d
+				retval = -1;
e2ef9d
+				goto cleanup;
e2ef9d
 			}
e2ef9d
+
e2ef9d
+			do_rebuild = 1;
e2ef9d
+			break;
e2ef9d
 		}
e2ef9d
 	}
e2ef9d
 
e2ef9d
-rebuild:
e2ef9d
-	/*
e2ef9d
-	 * Now that we know whether or not a rebuild is required,
e2ef9d
-	 * we can determine what else needs to be done.
e2ef9d
-	 * We need to write the kernel policy if we are rebuilding
e2ef9d
-	 * or if any other policy component that lives in the kernel
e2ef9d
-	 * policy has been modified.
e2ef9d
-	 * We need to install the policy files if any of the managed files
e2ef9d
-	 * that live under /etc/selinux (kernel policy, seusers, file contexts)
e2ef9d
-	 * will be modified.
e2ef9d
-	 */
e2ef9d
-	do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
e2ef9d
-		ibendports_modified |
e2ef9d
-		bools->dtable->is_modified(bools->dbase) |
e2ef9d
-		ifaces->dtable->is_modified(ifaces->dbase) |
e2ef9d
-		nodes->dtable->is_modified(nodes->dbase) |
e2ef9d
-		users->dtable->is_modified(users_base->dbase);
e2ef9d
-	do_install = do_write_kernel | seusers_modified | fcontexts_modified;
e2ef9d
-
e2ef9d
 	/*
e2ef9d
 	 * If there were policy changes, or explicitly requested, or
e2ef9d
 	 * any required files are missing, rebuild the policy.
e2ef9d
@@ -1330,6 +1312,23 @@ rebuild:
e2ef9d
 		}
e2ef9d
 	}
e2ef9d
 
e2ef9d
+	/*
e2ef9d
+	 * Determine what else needs to be done.
e2ef9d
+	 * We need to write the kernel policy if we are rebuilding
e2ef9d
+	 * or if any other policy component that lives in the kernel
e2ef9d
+	 * policy has been modified.
e2ef9d
+	 * We need to install the policy files if any of the managed files
e2ef9d
+	 * that live under /etc/selinux (kernel policy, seusers, file contexts)
e2ef9d
+	 * will be modified.
e2ef9d
+	 */
e2ef9d
+	do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
e2ef9d
+		ibendports_modified |
e2ef9d
+		bools->dtable->is_modified(bools->dbase) |
e2ef9d
+		ifaces->dtable->is_modified(ifaces->dbase) |
e2ef9d
+		nodes->dtable->is_modified(nodes->dbase) |
e2ef9d
+		users->dtable->is_modified(users_base->dbase);
e2ef9d
+	do_install = do_write_kernel | seusers_modified | fcontexts_modified;
e2ef9d
+
e2ef9d
 	/* Attach our databases to the policydb we just created or loaded. */
e2ef9d
 	dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out);
e2ef9d
 	dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
e2ef9d
-- 
e2ef9d
2.34.1
e2ef9d