From c00e96cc0c7a2d6d2d96c83f4034dfb21d9a2fa0 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 8 Jun 2011 14:46:29 -0400
Subject: [PATCH] More fixes for disabled modules

---
 libsemanage-rhat.patch | 101 +++++++++++++++++++++++++++--------------
 libsemanage.spec       |   5 +-
 2 files changed, 70 insertions(+), 36 deletions(-)

diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index 93e7521..00432d7 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -175,7 +175,7 @@ index 9b261b9..77c00b2 100644
  		free(arg);
  	} else if (*arg == '/') {
 diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index bceb6a7..bfdcdbe 100644
+index bceb6a7..dbdcdae 100644
 --- a/libsemanage/src/direct_api.c
 +++ b/libsemanage/src/direct_api.c
 @@ -2,7 +2,7 @@
@@ -290,7 +290,15 @@ index bceb6a7..bfdcdbe 100644
  		}
  	}
  	ERR(sh, "Module %s was not found.", module_name);
-@@ -1539,7 +1502,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
+@@ -1418,6 +1381,7 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name)
+ 		}
+ 		base++;
+ 		if (memcmp(module_name, base, name_len) == 0) {
++			semanage_enable_module(module_filenames[i]);
+ 			if (unlink(module_filenames[i]) == -1) {
+ 				ERR(sh, "Could not remove module file %s.",
+ 				    module_filenames[i]);
+@@ -1539,7 +1503,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
  {
  	char polpath[PATH_MAX];
  
@@ -549,7 +557,7 @@ index 3cffef7..da0ad71 100644
    return _semanage.semanage_module_install(*args)
  semanage_module_install = _semanage.semanage_module_install
 diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 339bbd0..90af360 100644
+index 339bbd0..602a937 100644
 --- a/libsemanage/src/semanage_store.c
 +++ b/libsemanage/src/semanage_store.c
 @@ -57,7 +57,7 @@ typedef struct dbase_policydb dbase_t;
@@ -598,7 +606,7 @@ index 339bbd0..90af360 100644
  /* Callback used by scandir() to select files. */
  static int semanage_filename_select(const struct dirent *d)
  {
-@@ -435,9 +442,38 @@ static int semanage_filename_select(const struct dirent *d)
+@@ -435,11 +442,41 @@ static int semanage_filename_select(const struct dirent *d)
  	return 1;
  }
  
@@ -638,8 +646,57 @@ index 339bbd0..90af360 100644
 +	return (access(path, F_OK ) != 0);
  }
  
++/* Callback used by scandir() to select module files. */
  static int semanage_modulename_select(const struct dirent *d)
-@@ -1071,14 +1107,14 @@ static int semanage_install_active(semanage_handle_t * sh)
+ {
+ 	if (d->d_name[0] == '.'
+@@ -447,7 +484,7 @@ static int semanage_modulename_select(const struct dirent *d)
+ 		|| (d->d_name[1] == '.' && d->d_name[2] == '\0')))
+ 		return 0;
+ 
+-	return semanage_module_enabled(d->d_name);
++	return (! is_disabled_file(d->d_name));
+ }
+ 
+ /* Copies a file from src to dst.  If dst already exists then
+@@ -684,7 +721,7 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
+ 			       int *len)
+ {
+ 	return semanage_get_modules_names_filter(sh, filenames,
+-						 len, semanage_filename_select);
++						 len, semanage_modulename_select);
+ }
+ 
+ /* Scans the modules directory for the current semanage handler.  This
+@@ -697,8 +734,25 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
+ int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames,
+ 			       int *len)
+ {
+-	return semanage_get_modules_names_filter(sh, filenames,
+-						 len, semanage_modulename_select);
++
++	int rc = semanage_get_modules_names_filter(sh, filenames,
++						   len, semanage_modulename_select);
++	if ( rc != 0 ) return rc;
++
++	int i = 0, num_modules = *len;
++	char **names=*filenames;
++	
++	while ( i < num_modules ) {
++		if (! semanage_module_enabled(names[i])) {
++			free(names[i]);
++			names[i]=names[num_modules-1];
++			names[num_modules-1] = NULL;
++			num_modules--;
++		}
++		i++;
++	}
++	*len = num_modules;
++	return 0;
+ }
+ 
+ /******************* routines that run external programs *******************/
+@@ -1071,14 +1125,14 @@ static int semanage_install_active(semanage_handle_t * sh)
  	const char *active_fc_hd =
  	    semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
  
@@ -662,7 +719,7 @@ index 339bbd0..90af360 100644
  
  	/* This is very unelegant, the right thing to do is export the path 
  	 * building code in libselinux so that you can get paths for a given 
-@@ -1099,11 +1135,11 @@ static int semanage_install_active(semanage_handle_t * sh)
+@@ -1099,11 +1153,11 @@ static int semanage_install_active(semanage_handle_t * sh)
  	running_seusers += len;
  	running_nc += len;
  
@@ -676,42 +733,16 @@ index 339bbd0..90af360 100644
  		 sh->conf->store_path);
  
  	snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
-@@ -1632,18 +1668,21 @@ int semanage_link_sandbox(semanage_handle_t * sh,
- 		num_modules = 0;
+@@ -1633,8 +1687,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
  		goto cleanup;
  	}
-+	int disabled = 0;
  	for (i = 0; i < num_modules; i++) {
 -		if (semanage_load_module(sh, module_filenames[i], mods + i) ==
 -		    -1) {
--			goto cleanup;
-+		if (semanage_module_enabled(module_filenames[i])) {
-+			if (semanage_load_module(sh, module_filenames[i], mods + (i - disabled)) == -1) {
-+				goto cleanup;
-+			}
-+		} else {
-+			disabled++;
++		if (semanage_load_module(sh, module_filenames[i], mods + i) == -1) {
+ 			goto cleanup;
  		}
  	}
- 
--	if (sepol_link_packages(sh->sepolh, *base, mods, num_modules, 0) != 0) {
-+	if (sepol_link_packages(sh->sepolh, *base, mods, num_modules - disabled, 0) != 0) {
- 		ERR(sh, "Link packages failed");
- 		goto cleanup;
- 	}
--
- 	retval = 0;
- 
-       cleanup:
-@@ -1651,7 +1690,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
- 		free(module_filenames[i]);
- 	}
- 	free(module_filenames);
--	for (i = 0; mods != NULL && i < num_modules; i++) {
-+	for (i = 0; mods != NULL && i < num_modules -disabled; i++) {
- 		sepol_module_package_free(mods[i]);
- 	}
- 	free(mods);
 diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
 index 6abb2ee..8470191 100644
 --- a/libsemanage/src/semanage_store.h
diff --git a/libsemanage.spec b/libsemanage.spec
index d771331..3d3aece 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -10,7 +10,7 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.0.46
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
@@ -208,6 +208,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6
+- More fixes for disabled modules
+
 * Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
 - Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module 
 indicating the module is disabled.  MODULE.pp.disabled, it will no longer rename the module.  This way we can