Bring back selinux_current_policy_path

2013-02-15 11:02:20 -05:00 · 2013-02-15 11:02:20 -05:00 · ade34f3e98
parent 72cdfcb7ad
commit ade34f3e98
2 changed files with 146 additions and 7 deletions
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -1,8 +1,90 @@
+diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
+index a4079aa..82954c2 100644
+--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
+@@ -498,6 +498,7 @@ extern const char *selinux_policy_root(void);
+ 
+ /* These functions return the paths to specific files under the 
+    policy root directory. */
+extern const char *selinux_current_policy_path(void);
+ extern const char *selinux_binary_policy_path(void);
+ extern const char *selinux_failsafe_context_path(void);
+ extern const char *selinux_removable_context_path(void);
+diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
+index ec97dcf..503c52c 100644
+--- a/libselinux/man/man3/selinux_binary_policy_path.3
+++ b/libselinux/man/man3/selinux_binary_policy_path.3
+@@ -1,6 +1,6 @@
+ .TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+ .SH "NAME"
+-selinux_path, selinux_policy_root, selinux_binary_policy_path,
+selinux_path, selinux_policy_root, selinux_binary_policy_path, selinux_current_policy_path,
+ selinux_failsafe_context_path, selinux_removable_context_path,
+ selinux_default_context_path, selinux_user_contexts_path,
+ selinux_file_context_path, selinux_media_context_path,
+@@ -17,6 +17,8 @@ directories and files
+ .sp
+ .B const char *selinux_binary_policy_path(void);
+ .sp
+.B const char *selinux_current_policy_path(void);
+.sp
+ .B const char *selinux_failsafe_context_path(void);
+ .sp
+ .B const char *selinux_removable_context_path(void);
+@@ -55,6 +57,9 @@ returns the top-level policy directory.
+ .BR selinux_binary_policy_path ()
+ returns the binary policy file loaded into kernel.
+ .sp
+.BR selinux_current_policy_path ()
+returns the currently loaded policy file from the kernel.
+.sp
+ .BR selinux_default_type_path ()
+ returns the context file mapping roles to default types.
+ .sp
+diff --git a/libselinux/man/man3/selinux_current_policy_path.3 b/libselinux/man/man3/selinux_current_policy_path.3
+new file mode 100644
+index 0000000..175a611
+--- /dev/null
+++ b/libselinux/man/man3/selinux_current_policy_path.3
+@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
 diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
-index ffe381b..2d68482 100644
+index ffe381b..560bc25 100644
 --- a/libselinux/src/audit2why.c
 +++ b/libselinux/src/audit2why.c
-@@ -310,10 +310,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
+@@ -210,27 +210,12 @@ static int __policy_init(const char *init_path)
+ 			return 1;
+ 		}
+ 	} else {
+-		vers = sepol_policy_kern_vers_max();
+-		if (vers < 0) {
+-			snprintf(errormsg, sizeof(errormsg), 
+-				 "Could not get policy version:  %s\n",
+-				 strerror(errno));
+-			PyErr_SetString( PyExc_ValueError, errormsg);
+-			return 1;
+-		}
+-		snprintf(path, PATH_MAX, "%s.%d",
+-			 selinux_binary_policy_path(), vers);
+-		fp = fopen(path, "r");
+-		while (!fp && errno == ENOENT && --vers) {
+-			snprintf(path, PATH_MAX, "%s.%d",
+-				 selinux_binary_policy_path(), vers);
+-			fp = fopen(path, "r");
+-		}
+		fp = fopen(selinux_current_policy_path(), "r");
+ 		if (!fp) {
+ 			snprintf(errormsg, sizeof(errormsg), 
+-				 "unable to open %s.%d:  %s\n",
+-				 selinux_binary_policy_path(),
+-				 security_policyvers(), strerror(errno));
+				 "unable to open %s:  %s\n",
+				 selinux_current_policy_path(),
+				 strerror(errno));
+ 			PyErr_SetString( PyExc_ValueError, errormsg);
+ 			return 1;
+ 		}
+@@ -310,10 +295,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
 }
 
 #define RETURN(X) \
@ -17,7 +99,7 @@ index ffe381b..2d68482 100644
 	security_context_t scon; 
 	security_context_t tcon;
 	char *tclassstr; 
-@@ -328,10 +330,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
+@@ -328,10 +315,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 	struct sepol_av_decision avd;
 	int rc;
 	int i=0;
@ -28,7 +110,7 @@ index ffe381b..2d68482 100644
 
 	if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj)) 
 		return NULL;
-@@ -342,22 +340,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
+@@ -342,22 +325,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 	/* should raise an error here. */
 	if (numlines < 0)	return NULL; /* Not a list */
 
@ -58,7 +140,7 @@ index ffe381b..2d68482 100644
 	/* Convert the permission list to an AV. */
 	av = 0;
 
-@@ -377,21 +374,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
+@@ -377,21 +359,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 #endif
 		
 		perm = string_to_av_perm(tclass, permstr);
@ -86,7 +168,7 @@ index ffe381b..2d68482 100644
 	if (reason & SEPOL_COMPUTEAV_TE) {
 		avc->ssid = ssid;
 		avc->tsid = tsid;
-@@ -404,28 +400,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
+@@ -404,28 +385,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 				RETURN(TERULE)
 			}
 		} else {
@ -245,3 +327,57 @@ index 2d7369e..2a00807 100644
 	va_end(ap);
 }
 
+diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
+index 296f357..4913c55 100644
+--- a/libselinux/src/selinux_config.c
+++ b/libselinux/src/selinux_config.c
+@@ -8,6 +8,7 @@
+ #include <limits.h>
+ #include <unistd.h>
+ #include <pthread.h>
+#include "policy.h"
+ #include "selinux_internal.h"
+ #include "get_default_type_internal.h"
+ 
+@@ -303,6 +304,29 @@ const char *selinux_binary_policy_path(void)
+ 
+ hidden_def(selinux_binary_policy_path)
+ 
+const char *selinux_current_policy_path(void)
+{
+	int rc = 0;
+	int vers = 0;
+	static char policy_path[PATH_MAX];
+
+	snprintf(policy_path, sizeof(policy_path), "%s/policy", selinux_mnt);
+	if (access(policy_path, F_OK) != 0 ) {
+		vers = security_policyvers();
+		do {
+			/* Check prior versions to see if old policy is available */
+			snprintf(policy_path, sizeof(policy_path), "%s.%d",
+				 selinux_binary_policy_path(), vers);
+		} while ((rc = access(policy_path, F_OK)) && --vers > 0);
+
+		if (rc) return NULL;
+	}
+
+	return policy_path;
+}
+
+hidden_def(selinux_current_policy_path)
+
+ const char *selinux_file_context_path(void)
+ {
+ 	return get_path(FILE_CONTEXTS);
+diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
+index 2c7c85c..4a4aebc 100644
+--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
+@@ -60,6 +60,7 @@ hidden_proto(selinux_mkload_policy)
+     hidden_proto(security_setenforce)
+     hidden_proto(security_deny_unknown)
+     hidden_proto(selinux_boolean_sub)
+    hidden_proto(selinux_current_policy_path)
+     hidden_proto(selinux_binary_policy_path)
+     hidden_proto(selinux_booleans_subs_path)
+     hidden_proto(selinux_default_context_path)
--- a/libselinux.spec
+++ b/libselinux.spec
@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.13
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so

 %changelog
+* Fri Feb 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-3
+- Bring back selinux_current_policy_path
+
 * Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-2
 - Revert some changes which are causing the wrong policy version file to be created