From 997cbe2630d6429ee45f6cfef84ff7509a4ea058 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 29 Jul 2024 21:08:21 +0200
Subject: [PATCH] libsemanage-2.9-10

- Preserve file context and ownership in policy store

Resolves: RHEL-17509
---
 ...erve-file-context-and-ownership-in-p.patch | 146 ++++++++++++++++++
 libsemanage.spec                              |   6 +-
 2 files changed, 151 insertions(+), 1 deletion(-)
 create mode 100644 0015-libsemanage-Preserve-file-context-and-ownership-in-p.patch

diff --git a/0015-libsemanage-Preserve-file-context-and-ownership-in-p.patch b/0015-libsemanage-Preserve-file-context-and-ownership-in-p.patch
new file mode 100644
index 0000000..b27182f
--- /dev/null
+++ b/0015-libsemanage-Preserve-file-context-and-ownership-in-p.patch
@@ -0,0 +1,146 @@
+From 52f19bad2e4a3d5c7599df9afd5e3cd675ecac8c Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Mon, 29 Jul 2024 13:26:45 +0200
+Subject: [PATCH] libsemanage: Preserve file context and ownership in policy
+ store
+
+Make sure that file context (all parts) and ownership of
+files/directories in policy store does not change no matter which user
+and under which context executes policy rebuild.
+
+Fixes:
+  # semodule -B
+  # ls -lZ  /etc/selinux/targeted/contexts/files
+
+-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts
+-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin
+-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  14704 Jul 11 09:57 file_contexts.homedirs
+-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  20289 Jul 11 09:57 file_contexts.homedirs.bin
+
+  SELinux user changed from system_u to the user used to execute semodule
+
+  # capsh --user=testuser --caps="cap_dac_override,cap_chown+eip" --addamb=cap_dac_override,cap_chown -- -c "semodule -B"
+  # ls -lZ  /etc/selinux/targeted/contexts/files
+
+-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 421397 Jul 19 09:10 file_contexts
+-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 593470 Jul 19 09:10 file_contexts.bin
+-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  14704 Jul 19 09:10 file_contexts.homedirs
+-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  20289 Jul 19 09:10 file_contexts.homedirs.bin
+
+  Both file context and ownership changed -- causes remote login
+  failures and other issues in some scenarios.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+---
+ libsemanage/src/semanage_store.c | 32 ++++++++++++++++++++++++++++++++
+ libsemanage/src/semanage_store.h |  1 +
+ 2 files changed, 33 insertions(+)
+
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index 1fff667d..52cc72d7 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -36,6 +36,7 @@ typedef struct dbase_policydb dbase_t;
+ #include "database_policydb.h"
+ #include "handle.h"
+ 
++#include <selinux/restorecon.h>
+ #include <selinux/selinux.h>
+ #include <sepol/policydb.h>
+ #include <sepol/module.h>
+@@ -763,6 +764,7 @@ int semanage_copy_file(const char *src, const char *dst, mode_t mode,
+ 	if (!retval && rename(tmp, dst) == -1)
+ 		return -1;
+ 
++	semanage_setfiles(dst);
+ out:
+ 	errno = errsv;
+ 	return retval;
+@@ -801,6 +803,8 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
+ 			goto cleanup;
+ 		}
+ 		umask(mask);
++
++		semanage_setfiles(dst);
+ 	}
+ 
+ 	for (i = 0; i < len; i++) {
+@@ -819,6 +823,7 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
+ 				goto cleanup;
+ 			}
+ 			umask(mask);
++			semanage_setfiles(path2);
+ 		} else if (S_ISREG(sb.st_mode) && flag == 1) {
+ 			mask = umask(0077);
+ 			if (semanage_copy_file(path, path2, sb.st_mode,
+@@ -920,6 +925,7 @@ int semanage_mkdir(semanage_handle_t *sh, const char *path)
+ 
+ 		}
+ 		umask(mask);
++		semanage_setfiles(path);
+ 	}
+ 	else {
+ 		/* check that it really is a directory */
+@@ -1597,16 +1603,19 @@ static int semanage_validate_and_compile_fcontexts(semanage_handle_t * sh)
+ 		    semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC)) != 0) {
+ 		goto cleanup;
+ 	}
++	semanage_setfiles(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_BIN));
+ 
+ 	if (sefcontext_compile(sh,
+ 		    semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL)) != 0) {
+ 		goto cleanup;
+ 	}
++	semanage_setfiles(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL_BIN));
+ 
+ 	if (sefcontext_compile(sh,
+ 		    semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS)) != 0) {
+ 		goto cleanup;
+ 	}
++	semanage_setfiles(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS_BIN));
+ 
+ 	status = 0;
+ cleanup:
+@@ -3001,3 +3010,26 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+ 
+ 	return 0;
+ }
++
++/* Make sure the file context and ownership of files in the policy
++ * store does not change */
++void semanage_setfiles(const char *path){
++	struct stat sb;
++	int fd;
++	/* Fix the user and role portions of the context, ignore errors
++	 * since this is not a critical operation */
++	selinux_restorecon(path, SELINUX_RESTORECON_SET_SPECFILE_CTX | SELINUX_RESTORECON_IGNORE_NOENTRY);
++
++	/* Make sure "path" is owned by root */
++	if ((geteuid() != 0 || getegid() != 0) &&
++	    ((fd = open(path, O_RDONLY)) != -1)){
++		/* Skip files with the SUID or SGID bit set -- abuse protection */
++		if ((fstat(fd, &sb) != -1) &&
++		    !(S_ISREG(sb.st_mode) &&
++		      (sb.st_mode & (S_ISUID | S_ISGID))) &&
++		    (fchown(fd, 0, 0) == -1))
++			fprintf(stderr, "Warning! Could not set ownership of %s to root\n", path);
++
++		close(fd);
++	}
++}
+diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
+index 1fc77da8..e21dadeb 100644
+--- a/libsemanage/src/semanage_store.h
++++ b/libsemanage/src/semanage_store.h
+@@ -124,6 +124,7 @@ int semanage_get_cil_paths(semanage_handle_t * sh, semanage_module_info_t *modin
+ int semanage_get_active_modules(semanage_handle_t *sh,
+ 			       semanage_module_info_t **modinfo, int *num_modules);
+ 
++void semanage_setfiles(const char *path);
+ 
+ /* lock file routines */
+ int semanage_get_trans_lock(semanage_handle_t * sh);
+-- 
+2.43.0
+
diff --git a/libsemanage.spec b/libsemanage.spec
index bbe808a..fdf509d 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -4,7 +4,7 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.9
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: LGPLv2+
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libsemanage-2.9.tar.gz
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
@@ -22,6 +22,7 @@ Patch0011: 0011-libsemanage-clean-up-semanage_direct_commit-a-bit.patch
 Patch0012: 0012-libsemanage-optionally-rebuild-policy-when-modules-a.patch
 Patch0013: 0013-libsemanage-allow-spaces-in-user-group-names.patch
 Patch0014: 0014-libsemanage-always-write-kernel-policy-when-check_ex.patch
+Patch0015: 0015-libsemanage-Preserve-file-context-and-ownership-in-p.patch
 
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
@@ -168,6 +169,9 @@ rm %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store~
 %{_libexecdir}/selinux/semanage_migrate_store
 
 %changelog
+* Mon Jul 29 2024 Vit Mojzis <vmojzis@redhat.com> - 2.9-10
+- Preserve file context and ownership in policy store (RHEL-17509)
+
 * Thu Jul 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-9
 - allow spaces in user/group names (#2042408)
 - always write kernel policy when check_ext_changes is specified (#2089802)