Bring back selinux_current_policy_path
This commit is contained in:
		
							parent
							
								
									72cdfcb7ad
								
							
						
					
					
						commit
						ade34f3e98
					
				| @ -1,8 +1,90 @@ | ||||
| diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
 | ||||
| index a4079aa..82954c2 100644
 | ||||
| --- a/libselinux/include/selinux/selinux.h
 | ||||
| +++ b/libselinux/include/selinux/selinux.h
 | ||||
| @@ -498,6 +498,7 @@ extern const char *selinux_policy_root(void);
 | ||||
|   | ||||
|  /* These functions return the paths to specific files under the  | ||||
|     policy root directory. */ | ||||
| +extern const char *selinux_current_policy_path(void);
 | ||||
|  extern const char *selinux_binary_policy_path(void); | ||||
|  extern const char *selinux_failsafe_context_path(void); | ||||
|  extern const char *selinux_removable_context_path(void); | ||||
| diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
 | ||||
| index ec97dcf..503c52c 100644
 | ||||
| --- a/libselinux/man/man3/selinux_binary_policy_path.3
 | ||||
| +++ b/libselinux/man/man3/selinux_binary_policy_path.3
 | ||||
| @@ -1,6 +1,6 @@
 | ||||
|  .TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation" | ||||
|  .SH "NAME" | ||||
| -selinux_path, selinux_policy_root, selinux_binary_policy_path,
 | ||||
| +selinux_path, selinux_policy_root, selinux_binary_policy_path, selinux_current_policy_path,
 | ||||
|  selinux_failsafe_context_path, selinux_removable_context_path, | ||||
|  selinux_default_context_path, selinux_user_contexts_path, | ||||
|  selinux_file_context_path, selinux_media_context_path, | ||||
| @@ -17,6 +17,8 @@ directories and files
 | ||||
|  .sp | ||||
|  .B const char *selinux_binary_policy_path(void); | ||||
|  .sp | ||||
| +.B const char *selinux_current_policy_path(void);
 | ||||
| +.sp
 | ||||
|  .B const char *selinux_failsafe_context_path(void); | ||||
|  .sp | ||||
|  .B const char *selinux_removable_context_path(void); | ||||
| @@ -55,6 +57,9 @@ returns the top-level policy directory.
 | ||||
|  .BR selinux_binary_policy_path () | ||||
|  returns the binary policy file loaded into kernel. | ||||
|  .sp | ||||
| +.BR selinux_current_policy_path ()
 | ||||
| +returns the currently loaded policy file from the kernel.
 | ||||
| +.sp
 | ||||
|  .BR selinux_default_type_path () | ||||
|  returns the context file mapping roles to default types. | ||||
|  .sp | ||||
| diff --git a/libselinux/man/man3/selinux_current_policy_path.3 b/libselinux/man/man3/selinux_current_policy_path.3
 | ||||
| new file mode 100644 | ||||
| index 0000000..175a611
 | ||||
| --- /dev/null
 | ||||
| +++ b/libselinux/man/man3/selinux_current_policy_path.3
 | ||||
| @@ -0,0 +1 @@
 | ||||
| +.so man3/selinux_binary_policy_path.3
 | ||||
| diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
 | ||||
| index ffe381b..2d68482 100644
 | ||||
| index ffe381b..560bc25 100644
 | ||||
| --- a/libselinux/src/audit2why.c
 | ||||
| +++ b/libselinux/src/audit2why.c
 | ||||
| @@ -310,10 +310,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
 | ||||
| @@ -210,27 +210,12 @@ static int __policy_init(const char *init_path)
 | ||||
|  			return 1; | ||||
|  		} | ||||
|  	} else { | ||||
| -		vers = sepol_policy_kern_vers_max();
 | ||||
| -		if (vers < 0) {
 | ||||
| -			snprintf(errormsg, sizeof(errormsg), 
 | ||||
| -				 "Could not get policy version:  %s\n",
 | ||||
| -				 strerror(errno));
 | ||||
| -			PyErr_SetString( PyExc_ValueError, errormsg);
 | ||||
| -			return 1;
 | ||||
| -		}
 | ||||
| -		snprintf(path, PATH_MAX, "%s.%d",
 | ||||
| -			 selinux_binary_policy_path(), vers);
 | ||||
| -		fp = fopen(path, "r");
 | ||||
| -		while (!fp && errno == ENOENT && --vers) {
 | ||||
| -			snprintf(path, PATH_MAX, "%s.%d",
 | ||||
| -				 selinux_binary_policy_path(), vers);
 | ||||
| -			fp = fopen(path, "r");
 | ||||
| -		}
 | ||||
| +		fp = fopen(selinux_current_policy_path(), "r");
 | ||||
|  		if (!fp) { | ||||
|  			snprintf(errormsg, sizeof(errormsg),  | ||||
| -				 "unable to open %s.%d:  %s\n",
 | ||||
| -				 selinux_binary_policy_path(),
 | ||||
| -				 security_policyvers(), strerror(errno));
 | ||||
| +				 "unable to open %s:  %s\n",
 | ||||
| +				 selinux_current_policy_path(),
 | ||||
| +				 strerror(errno));
 | ||||
|  			PyErr_SetString( PyExc_ValueError, errormsg); | ||||
|  			return 1; | ||||
|  		} | ||||
| @@ -310,10 +295,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
 | ||||
|  } | ||||
|   | ||||
|  #define RETURN(X) \ | ||||
| @ -17,7 +99,7 @@ index ffe381b..2d68482 100644 | ||||
|  	security_context_t scon;  | ||||
|  	security_context_t tcon; | ||||
|  	char *tclassstr;  | ||||
| @@ -328,10 +330,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
| @@ -328,10 +315,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
|  	struct sepol_av_decision avd; | ||||
|  	int rc; | ||||
|  	int i=0; | ||||
| @ -28,7 +110,7 @@ index ffe381b..2d68482 100644 | ||||
|   | ||||
|  	if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))  | ||||
|  		return NULL; | ||||
| @@ -342,22 +340,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
| @@ -342,22 +325,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
|  	/* should raise an error here. */ | ||||
|  	if (numlines < 0)	return NULL; /* Not a list */ | ||||
|   | ||||
| @ -58,7 +140,7 @@ index ffe381b..2d68482 100644 | ||||
|  	/* Convert the permission list to an AV. */ | ||||
|  	av = 0; | ||||
|   | ||||
| @@ -377,21 +374,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
| @@ -377,21 +359,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
|  #endif | ||||
|  		 | ||||
|  		perm = string_to_av_perm(tclass, permstr); | ||||
| @ -86,7 +168,7 @@ index ffe381b..2d68482 100644 | ||||
|  	if (reason & SEPOL_COMPUTEAV_TE) { | ||||
|  		avc->ssid = ssid; | ||||
|  		avc->tsid = tsid; | ||||
| @@ -404,28 +400,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
| @@ -404,28 +385,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 | ||||
|  				RETURN(TERULE) | ||||
|  			} | ||||
|  		} else { | ||||
| @ -245,3 +327,57 @@ index 2d7369e..2a00807 100644 | ||||
|  	va_end(ap); | ||||
|  } | ||||
|   | ||||
| diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
 | ||||
| index 296f357..4913c55 100644
 | ||||
| --- a/libselinux/src/selinux_config.c
 | ||||
| +++ b/libselinux/src/selinux_config.c
 | ||||
| @@ -8,6 +8,7 @@
 | ||||
|  #include <limits.h> | ||||
|  #include <unistd.h> | ||||
|  #include <pthread.h> | ||||
| +#include "policy.h"
 | ||||
|  #include "selinux_internal.h" | ||||
|  #include "get_default_type_internal.h" | ||||
|   | ||||
| @@ -303,6 +304,29 @@ const char *selinux_binary_policy_path(void)
 | ||||
|   | ||||
|  hidden_def(selinux_binary_policy_path) | ||||
|   | ||||
| +const char *selinux_current_policy_path(void)
 | ||||
| +{
 | ||||
| +	int rc = 0;
 | ||||
| +	int vers = 0;
 | ||||
| +	static char policy_path[PATH_MAX];
 | ||||
| +
 | ||||
| +	snprintf(policy_path, sizeof(policy_path), "%s/policy", selinux_mnt);
 | ||||
| +	if (access(policy_path, F_OK) != 0 ) {
 | ||||
| +		vers = security_policyvers();
 | ||||
| +		do {
 | ||||
| +			/* Check prior versions to see if old policy is available */
 | ||||
| +			snprintf(policy_path, sizeof(policy_path), "%s.%d",
 | ||||
| +				 selinux_binary_policy_path(), vers);
 | ||||
| +		} while ((rc = access(policy_path, F_OK)) && --vers > 0);
 | ||||
| +
 | ||||
| +		if (rc) return NULL;
 | ||||
| +	}
 | ||||
| +
 | ||||
| +	return policy_path;
 | ||||
| +}
 | ||||
| +
 | ||||
| +hidden_def(selinux_current_policy_path)
 | ||||
| +
 | ||||
|  const char *selinux_file_context_path(void) | ||||
|  { | ||||
|  	return get_path(FILE_CONTEXTS); | ||||
| diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
 | ||||
| index 2c7c85c..4a4aebc 100644
 | ||||
| --- a/libselinux/src/selinux_internal.h
 | ||||
| +++ b/libselinux/src/selinux_internal.h
 | ||||
| @@ -60,6 +60,7 @@ hidden_proto(selinux_mkload_policy)
 | ||||
|      hidden_proto(security_setenforce) | ||||
|      hidden_proto(security_deny_unknown) | ||||
|      hidden_proto(selinux_boolean_sub) | ||||
| +    hidden_proto(selinux_current_policy_path)
 | ||||
|      hidden_proto(selinux_binary_policy_path) | ||||
|      hidden_proto(selinux_booleans_subs_path) | ||||
|      hidden_proto(selinux_default_context_path) | ||||
|  | ||||
| @ -10,7 +10,7 @@ | ||||
| Summary: SELinux library and simple utilities | ||||
| Name: libselinux | ||||
| Version: 2.1.13 | ||||
| Release: 2%{?dist} | ||||
| Release: 3%{?dist} | ||||
| License: Public Domain | ||||
| Group: System Environment/Libraries | ||||
| Source: %{name}-%{version}.tgz | ||||
| @ -241,6 +241,9 @@ rm -rf %{buildroot} | ||||
| %{ruby_sitearch}/selinux.so | ||||
| 
 | ||||
| %changelog | ||||
| * Fri Feb 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-3 | ||||
| - Bring back selinux_current_policy_path | ||||
| 
 | ||||
| * Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-2 | ||||
| - Revert some changes which are causing the wrong policy version file to be created | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user