diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index aac1974..3dfa279 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -353,17 +353,11 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) { return -1; } - if (asprintf(filename, "%s/%s.pp%s", module_path, *module_name, DISABLESTR) == -1) { + if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) { ERR(sh, "Out of memory!"); return -1; } - if (access(*filename, F_OK) == -1) { - char *ptr = *filename; - int len = strlen(ptr) - strlen(DISABLESTR); - if (len > 0) ptr[len]='\0'; - } - return 0; } @@ -1307,29 +1301,12 @@ static int semanage_direct_enable(semanage_handle_t * sh, char *module_name) base++; if (memcmp(module_name, base, name_len) == 0) { - if(strcmp(base + name_len + 3, DISABLESTR) != 0) { - ERR(sh, "Module %s is already enabled.", module_name); + if (semanage_enable_module(module_filenames[i]) < 0) { + ERR(sh, "Could not enable module %s.", module_name); retval = -2; goto cleanup; } - - int len = strlen(module_filenames[i]) - strlen(DISABLESTR); - char *enabled_name = calloc(1, len+1); - if (!enabled_name) { - ERR(sh, "Could not allocate memory"); - retval = -1; - goto cleanup; - } - - strncpy(enabled_name, module_filenames[i],len); - - if (rename(module_filenames[i], enabled_name) == -1) { - ERR(sh, "Could not enable module file %s.", - enabled_name); - retval = -2; - } retval = 0; - free(enabled_name); goto cleanup; } } @@ -1363,28 +1340,14 @@ static int semanage_direct_disable(semanage_handle_t * sh, char *module_name) goto cleanup; } base++; - if (memcmp(module_name, base, name_len) == 0) { - if (strcmp(base + name_len + 3, DISABLESTR) == 0) { - ERR(sh, "Module %s is already disabled.", module_name); + if ((memcmp(module_name, base, name_len) == 0) && + (strcmp(base + name_len, ".pp") == 0)) { + if (semanage_disable_module(module_filenames[i]) < 0) { retval = -2; goto cleanup; - } else if (strcmp(base + name_len, ".pp") == 0) { - char disabled_name[PATH_MAX]; - if (snprintf(disabled_name, PATH_MAX, "%s%s", - module_filenames[i], DISABLESTR) == PATH_MAX) { - ERR(sh, "Could not disable module file %s.", - module_filenames[i]); - retval = -2; - goto cleanup; - } - if (rename(module_filenames[i], disabled_name) == -1) { - ERR(sh, "Could not disable module file %s.", - module_filenames[i]); - retval = -2; - } - retval = 0; - goto cleanup; } + retval=0; + goto cleanup; } } ERR(sh, "Module %s was not found.", module_name); @@ -1418,6 +1381,7 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) } base++; if (memcmp(module_name, base, name_len) == 0) { + semanage_enable_module(module_filenames[i]); if (unlink(module_filenames[i]) == -1) { ERR(sh, "Could not remove module file %s.", module_filenames[i]); diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 847d87e..2870fa8 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -314,6 +314,8 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) } if (strcmp(pwbuf->pw_dir, "/") == 0) continue; + if (strcmp(pwbuf->pw_dir, "/root") == 0) + continue; if (semanage_str_count(pwbuf->pw_dir, '/') <= 1) continue; if (!(path = strdup(pwbuf->pw_dir))) { @@ -829,6 +831,8 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, * /root */ continue; } + if (strcmp(pwent->pw_dir, "/root") == 0) + continue; if (push_user_entry(&head, name, seuname, prefix, pwent->pw_dir, level) != STATUS_SUCCESS) { *errors = STATUS_ERR; diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 8d6ff1c..37b0c7a 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -57,7 +57,7 @@ typedef struct dbase_policydb dbase_t; #include "debug.h" -const char *DISABLESTR=".disabled"; +static const char *DISABLESTR="disabled"; #define SEMANAGE_CONF_FILE "semanage.conf" /* relative path names to enum semanage_paths to special files and @@ -425,6 +425,13 @@ int semanage_store_access_check(void) /********************* other I/O functions *********************/ +static int is_disabled_file(const char *file) { + char *ptr = strrchr(file, '.'); + if (! ptr) return 0; + ptr++; + return (strcmp(ptr, DISABLESTR) == 0); +} + /* Callback used by scandir() to select files. */ static int semanage_filename_select(const struct dirent *d) { @@ -435,11 +442,41 @@ static int semanage_filename_select(const struct dirent *d) return 1; } +int semanage_disable_module(const char *file) { + char path[PATH_MAX]; + int in; + int n = snprintf(path, PATH_MAX, "%s.%s", file, DISABLESTR); + if (n < 0 || n >= PATH_MAX) + return -1; + if ((in = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1) { + return -1; + } + close(in); + return 0; +} + +int semanage_enable_module(const char *file) { + char path[PATH_MAX]; + int n = snprintf(path, PATH_MAX, "%s.%s", file, DISABLESTR); + if (n < 0 || n >= PATH_MAX) + return 1; + + if ((unlink(path) < 0) && (errno != ENOENT)) + return -1; + return 0; +} + int semanage_module_enabled(const char *file) { - int len = strlen(file) - strlen(DISABLESTR); - return (len < 0 || strcmp(&file[len], DISABLESTR) != 0); + char path[PATH_MAX]; + if (is_disabled_file(file)) return 0; + int n = snprintf(path, PATH_MAX, "%s.%s", file, DISABLESTR); + if (n < 0 || n >= PATH_MAX) + return 1; + + return (access(path, F_OK ) != 0); } +/* Callback used by scandir() to select module files. */ static int semanage_modulename_select(const struct dirent *d) { if (d->d_name[0] == '.' @@ -447,7 +484,7 @@ static int semanage_modulename_select(const struct dirent *d) || (d->d_name[1] == '.' && d->d_name[2] == '\0'))) return 0; - return semanage_module_enabled(d->d_name); + return (! is_disabled_file(d->d_name)); } /* Copies a file from src to dst. If dst already exists then @@ -684,7 +721,7 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, int *len) { return semanage_get_modules_names_filter(sh, filenames, - len, semanage_filename_select); + len, semanage_modulename_select); } /* Scans the modules directory for the current semanage handler. This @@ -697,8 +734,25 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames, int *len) { - return semanage_get_modules_names_filter(sh, filenames, - len, semanage_modulename_select); + + int rc = semanage_get_modules_names_filter(sh, filenames, + len, semanage_modulename_select); + if ( rc != 0 ) return rc; + + int i = 0, num_modules = *len; + char **names=*filenames; + + while ( i < num_modules ) { + if (! semanage_module_enabled(names[i])) { + free(names[i]); + names[i]=names[num_modules-1]; + names[num_modules-1] = NULL; + num_modules--; + } + i++; + } + *len = num_modules; + return 0; } /******************* routines that run external programs *******************/ diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h index a0b2dd8..e980cdc 100644 --- a/libsemanage/src/semanage_store.h +++ b/libsemanage/src/semanage_store.h @@ -85,6 +85,8 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, int *len); int semanage_module_enabled(const char *file); +int semanage_enable_module(const char *file); +int semanage_disable_module(const char *file); /* lock file routines */ int semanage_get_trans_lock(semanage_handle_t * sh); int semanage_get_active_lock(semanage_handle_t * sh); @@ -129,6 +131,4 @@ int semanage_nc_sort(semanage_handle_t * sh, size_t buf_len, char **sorted_buf, size_t * sorted_buf_len); -extern const char *DISABLESTR; - #endif