From 616db16b5729a9473cf27edc32a03f38eca417e7 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 7 Feb 2024 15:46:23 +0100
Subject: [PATCH] python/semanage: Do not sort local fcontext definitions
Content-type: text/plain

Entries in file_contexts.local are processed from the most recent one to
the oldest, with first match being used. Therefore it is important to
preserve their order when listing (semanage fcontext -lC) and exporting
(semanage export).

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 gui/fcontextPage.py         | 6 +++++-
 python/semanage/seobject.py | 9 +++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
index 767664f26ec8..c88df580400f 100644
--- a/gui/fcontextPage.py
+++ b/gui/fcontextPage.py
@@ -133,7 +133,11 @@ class fcontextPage(semanagePage):
         self.fcontext = seobject.fcontextRecords()
         self.store.clear()
         fcon_dict = self.fcontext.get_all(self.local)
-        for k in sorted(fcon_dict.keys()):
+        if self.local:
+            fkeys = fcon_dict.keys()
+        else:
+            fkeys = sorted(fcon_dict.keys())
+        for k in fkeys:
             if not self.match(fcon_dict, k, filter):
                 continue
             iter = self.store.append()
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index dfb15b1d77e4..25ec43154848 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2735,7 +2735,7 @@ class fcontextRecords(semanageRecords):
     def customized(self):
         l = []
         fcon_dict = self.get_all(True)
-        for k in sorted(fcon_dict.keys()):
+        for k in fcon_dict.keys():
             if fcon_dict[k]:
                 if fcon_dict[k][3]:
                     l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
@@ -2752,7 +2752,12 @@ class fcontextRecords(semanageRecords):
         if len(fcon_dict) != 0:
             if heading:
                 print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")))
-            for k in sorted(fcon_dict.keys()):
+            # do not sort local customizations since they are evaluated based on the order they where added in
+            if locallist:
+                fkeys = fcon_dict.keys()
+            else:
+                fkeys = sorted(fcon_dict.keys())
+            for k in fkeys:
                 if fcon_dict[k]:
                     if is_mls_enabled:
                         print("%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3], False)))
-- 
2.43.0