From 6c7ca7b42ab18655bf1b8ced8759c0b297fb6405 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Fri, 11 Nov 2005 20:13:44 +0000
Subject: [PATCH] * Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2 -
 Patch genhomedircon to use libsemanage.py stuff

---
 policycoreutils-rhat.patch | 133 ++++++++++++++++++++++++++-----------
 policycoreutils.spec       |   7 +-
 2 files changed, 101 insertions(+), 39 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 9124850..1df2547 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,7 +1,7 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.26/scripts/genhomedircon
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.27/scripts/genhomedircon
 --- nsapolicycoreutils/scripts/genhomedircon	2005-09-12 16:33:30.000000000 -0400
-+++ policycoreutils-1.27.26/scripts/genhomedircon	2005-11-09 17:42:11.000000000 -0500
-@@ -15,30 +15,16 @@
++++ policycoreutils-1.27.27/scripts/genhomedircon	2005-11-11 15:11:37.000000000 -0500
+@@ -15,32 +15,19 @@
  # The file CONTEXTDIR/files/homedir_template exists.  This file is used to
  # set up the home directory context for each real user.
  # 
@@ -34,8 +34,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 -#
  
  import commands, sys, os, pwd, string, getopt, re
++from semanage import *;
  
-@@ -67,169 +53,6 @@
+ EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"]
+ 
+@@ -67,169 +54,6 @@
  		starting_uid = 500
  	return starting_uid
  
@@ -205,12 +208,27 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
  def getDefaultHomeDir():
  	ret = []
  	rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
-@@ -313,11 +136,8 @@
+@@ -287,6 +111,11 @@
+ 
+ class selinuxConfig:
+ 	def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1):
++		self.semanageHandle=semanage_handle_create()
++		self.semanaged=semanage_is_managed(self.semanageHandle)
++		if self.semanaged:
++			semanage_connect(self.semanageHandle)
++			(status, self.ulist, self.usize) = semanage_user_list(self.semanageHandle)
+ 		self.type=type
+ 		self.selinuxdir=selinuxdir +"/"
+ 		self.contextdir="/contexts"
+@@ -313,47 +142,73 @@
  			errorExit(string.join("sed error ", rc[1]))
  
  	def getUsersFile(self):
 -		return self.selinuxdir+self.type+"/users/local.users"
-+		return self.selinuxdir+self.type+"/seusers"
++		if self.semanaged:
++			return self.selinuxdir+self.type+"module/active/seusers"
++		else:
++			return self.selinuxdir+self.type+"/seusers"
  
 -	def getSystemUsersFile(self):
 -		return self.selinuxdir+self.type+"/users/system.users"
@@ -218,56 +236,97 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
  	def heading(self):
  		ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
  		ret += "# edit %s to change file_context\n#\n#\n" % self.getUsersFile()
-@@ -325,10 +145,7 @@
+ 		return ret
  
++
++	def defaultrole(self, name):
++		for idx in range(self.usize):
++			user = semanage_user_by_idx(self.ulist, idx)
++			if semanage_user_get_name(user) == name:
++				role=semanage_user_get_defrole(user)
++				if role=="system_r":
++					# targeted policy
++					return "user_r"
++				else:
++					return  role
++		return name
++	def adduser(self, udict, user, seuser, role, range):
++		try:
++			if seuser == "user_u" or user == "__default__":
++				return
++			# !!! chooses first role in the list to use in the file context !!!
++			if role[-2:] == "_r" or role[-2:] == "_u":
++				role = role[:-2]
++			home = pwd.getpwnam(user)[5]
++			if home == "/":
++				return
++			prefs = {}
++			prefs["role"] = role
++			prefs["home"] = home
++			udict[seuser] = prefs
++		except KeyError:
++			sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
++
  	def getUsers(self):
- 		users=""
+-		users=""
 -		rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile())
 -		if rc[0] == 0:
 -			users+=rc[1]+"\n"
 -		rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile())
-+		rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
- 		if rc[0] == 0:
- 			users+=rc[1]
+-		if rc[0] == 0:
+-			users+=rc[1]
  		udict = {}
-@@ -336,24 +153,27 @@
- 		if users != "":
- 			ulist = users.split("\n")
+-		prefs = {}
+-		if users != "":
+-			ulist = users.split("\n")
++		if self.semanaged:
++			(status, list, lsize) = semanage_seuser_list(self.semanageHandle)
++			for idx in range(lsize):
++				user=[]
++				seuser = semanage_seuser_by_idx(list, idx)
++				seusername=semanage_seuser_get_sename(seuser)
++				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername), semanage_seuser_get_mlsrange(seuser))
++				
++		else:
++			users=""
++			rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
++			if rc[0] == 0 and rc[1] != "":
++				ulist = rc[1].split("\n")
++				
  			for u in ulist:
 -				user = u.split()
-+				if len(u)==0:
-+					continue
-+				user = u.split(":")
- 				try:
+-				try:
 -					if len(user)==0 or user[1] == "user_u" or user[1] == "system_u":
-+					if len(user)==0 or user[1] == "user_u":
- 						continue
- 					# !!! chooses first role in the list to use in the file context !!!
+-						continue
+-					# !!! chooses first role in the list to use in the file context !!!
 -					role = user[3]
 -					if role == "{":
 -						role = user[4]
 -					role = role.split("_r")[0]
 -					home = pwd.getpwnam(user[1])[5]
-+					if user[0] == "root":
-+						role="user_u"
-+					else:
-+						role = user[1]
-+					role = role.split("_u")[0]
-+					home = pwd.getpwnam(user[0])[5]
- 					if home == "/":
- 						continue
- 					prefs = {}
- 					prefs["role"] = role
- 					prefs["home"] = home
+-					if home == "/":
+-						continue
+-					prefs = {}
+-					prefs["role"] = role
+-					prefs["home"] = home
 -					udict[user[1]] = prefs
-+					udict[user[0]] = prefs
- 				except KeyError:
+-				except KeyError:
 -					sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[1])
-+					sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[0])
++				if len(u)==0:
++					continue
++				user = u.split(":")
++				if len(user) < 3:
++					continue
++				if u[0] == "root":
++					role="user"
++				else:
++					role=u[0]
++				self.adduser(udict, u[0], u[1], role, u[2])
++				
  		return udict
  
  	def getHomeDirContext(self, user, home, role):
-@@ -362,9 +182,8 @@
+@@ -362,9 +217,8 @@
  		return ret + rc[1] + "\n"
  
  	def getUserContext(self, user, sel_user, role):
@@ -278,7 +337,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
  
  	def genHomeDirContext(self):
  		users = self.getUsers()
-@@ -478,10 +297,6 @@
+@@ -478,10 +332,6 @@
  	if type==None:
  		type=getSELinuxType(directory)
  
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 4bcdfc3..2ff192b 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,9 +1,9 @@
 %define libsepolver 1.9.39-1
-%define libsemanagever 1.3.52-1
+%define libsemanagever 1.3.53-2
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.27.27
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -88,6 +88,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 
 %changelog
+* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2
+- Patch genhomedircon to use libsemanage.py stuff
+
 * Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-1
 - Update to match NSA
 	* Merged setsebool cleanup patch from Ivan Gyurdiev.