e54b68
#!/bin/bash
e54b68
#===============================================================================
e54b68
#
e54b68
#          FILE: selinux-policy-migrate-local-changes.sh
e54b68
# 
e54b68
#         USAGE: ./selinux-policy-migrate-local-changes.sh <POLICYTYPE>
e54b68
# 
e54b68
#   DESCRIPTION: This script migrates local changes from pre-2.4 SELinux modules
e54b68
#                store structure to the new structure
e54b68
# 
e54b68
#        AUTHOR: Petr Lautrbach <plautrba@redhat.com>
e54b68
#===============================================================================
e54b68
e54b68
if [ ! -f /etc/selinux/config ]; then
e54b68
    SELINUXTYPE=none
e54b68
else
e54b68
    source /etc/selinux/config
e54b68
fi
e54b68
e54b68
REBUILD=0
e54b68
MIGRATE_SELINUXTYPE=$1
e54b68
e54b68
for local in booleans.local file_contexts.local ports.local users_extra.local users.local; do
e54b68
    if [ -e /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/$local ]; then
e54b68
        REBUILD=1
e54b68
        cp -v --preserve=mode,ownership,timestamps,links /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/$local /etc/selinux/$MIGRATE_SELINUXTYPE/active/$local
e54b68
    fi
e54b68
done
e54b68
if [ -e /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/seusers ]; then
e54b68
    REBUILD=1
e54b68
    cp -v --preserve=mode,ownership,timestamps,links /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/seusers /etc/selinux/$MIGRATE_SELINUXTYPE/active/seusers.local
e54b68
fi
e54b68
e54b68
INSTALL_MODULES=""
e54b68
for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*disabled 2> /dev/null`; do
e54b68
    module=`basename $i | sed 's/\.pp\.disabled$//'`
b830b6
    if [ $module == "pkcsslotd" ] || [ $module == "vbetool" ] || [ $module == "ctdbd" ] || [ $module == "docker" ] || [ $module == "gear" ]; then
f28e0c
        continue
f28e0c
    fi
e54b68
    if [ -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
e54b68
        touch /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/disabled/$module
e54b68
    fi
e54b68
done
e54b68
for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*.pp 2> /dev/null`; do
e54b68
    module=`basename $i | sed 's/\.pp$//'`
db0edf
    if [  $module == "audioentropy" ] || [ $module == "pkcsslotd" ] || [ $module == "vbetool" ] || [ $module == "ctdbd" ] || [ $module == "docker" ] || [ $module == "gear" ]; then
f28e0c
        continue
f28e0c
    fi
e54b68
    if [ ! -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
e54b68
        INSTALL_MODULES="${INSTALL_MODULES} $i"
e54b68
    fi
e54b68
done
e54b68
if [ -n "$INSTALL_MODULES" ]; then
e54b68
    semodule -s $MIGRATE_SELINUXTYPE -n -X 400 -i $INSTALL_MODULES
e54b68
    REBUILD=1
e54b68
fi
e54b68
e54b68
cat > /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/README.migrated <
e54b68
Your old modules store and local changes were migrated to the new structure in
e54b68
in the following directory:
e54b68
e54b68
/etc/selinux/$MIGRATE_SELINUXTYPE/active
e54b68
e54b68
WARNING: Do not remove this file or remove /etc/selinux/$MIGRATE_SELINUXTYPE/modules
e54b68
completely if you are confident that you don't need old files anymore.
e54b68
EOF
e54b68
9a4557
if [ ${DONT_REBUILD:-0} = 0 -a $REBUILD = 1 ]; then
e54b68
    semodule -B -n -s $MIGRATE_SELINUXTYPE
e54b68
    if [ "$MIGRATE_SELINUXTYPE" = "$SELINUXTYPE" ] && selinuxenabled; then
e54b68
        load_policy
ddc3b9
        if [ -x /usr/sbin/semanage ]; then
ddc3b9
            /usr/sbin/semanage export | /usr/sbin/semanage import
ddc3b9
        fi
e54b68
    fi
e54b68
fi