From 7fd6024816bbeb4adc35cb5b0cb87d5057f23f43 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Thu, 14 Feb 2019 15:42:36 +0100
Subject: [PATCH] Add check for config file consistency

Make sure the config is consistent with what packages are (being)
installed in the system.

This should ensure that the package corresponding to SELINUXTYPE
in the config is always present in the system, or selinux is DISABLED
(both before policy_load is called and after any RPM transaction involving
selinux-policy-* package). Targeted mode is used when possible.

Resolves: rhbz#1641631

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 selinux-policy.spec | 73 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4c94852f..b2e95a5e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -337,6 +337,58 @@ mkdir -p %{buildroot}/%{_libexecdir}/selinux/ \
 #install -m 644 -p %{SOURCE101} %{buildroot}/%{_unitdir}/ \
 #ln -s ../selinux-factory-reset@.service %{buildroot}/%{_unitdir}/basic.target.wants/selinux-factory-reset@%1.service
 
+# Make sure the config is consistent with what packages are installed in the system
+# this covers cases when system is installed with selinux-policy-{mls,minimal}
+# or selinux-policy-{targeted,mls,minimal} where switched but the machine has not
+# been rebooted yet.
+# The macro should be called at the beginning of "post" (to make sure load_policy does not fail)
+# and in "posttrans" (to make sure that the store is consistent when all package transitions are done)
+# Parameter determines the policy type to be set in case of miss-configuration (if backup value is not usable)
+# Steps:
+# * load values from config and its backup
+# * check whether SELINUXTYPE from backup is usable and make sure that it's set in the config if so
+# * use "targeted" if it's being installed and BACKUP_SELINUXTYPE cannot be used
+# * check whether SELINUXTYPE in the config is usable and change it to newly installed policy if it isn't
+%define checkConfigConsistency() \
+. %{_sysconfdir}/selinux/config; \
+if [ -f %{_sysconfdir}/selinux/.config_backup ]; then \
+     . %{_sysconfdir}/selinux/.config_backup; \
+else \
+     BACKUP_SELINUXTYPE=targeted; \
+fi; \
+if ls %{_sysconfdir}/selinux/$BACKUP_SELINUXTYPE/policy/policy.* &>/dev/null; then \
+     if [ "$BACKUP_SELINUXTYPE" != "$SELINUXTYPE" ]; then \
+          sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE='"$BACKUP_SELINUXTYPE"'/g' %{_sysconfdir}/selinux/config; \
+     fi; \
+elif [ "%1" = "targeted" ]; then \
+     if [ "%1" != "$SELINUXTYPE" ]; then \
+          sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=%1/g' %{_sysconfdir}/selinux/config; \
+     fi; \
+elif ! ls  %{_sysconfdir}/selinux/$SELINUXTYPE/policy/policy.* &>/dev/null; then \
+     if [ "%1" != "$SELINUXTYPE" ]; then \
+          sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=%1/g' %{_sysconfdir}/selinux/config; \
+     fi; \
+fi;
+
+# Create hidden backup of /etc/selinux/config and prepend BACKUP_ to names
+# of variables inside so that they are easy to use later
+# This should be done in "pretrans" because config content can change during RPM operations
+# The macro has to be used in a script slot with "-p <lua>"
+%define backupConfigLua() \
+local sysconfdir = rpm.expand("%{_sysconfdir}") \
+local config_file = sysconfdir .. "/selinux/config" \
+local config_backup = sysconfdir .. "/selinux/.config_backup" \
+os.remove(config_backup) \
+if posix.stat(config_file) then \
+    local f = assert(io.open(config_file, "r"), "Failed to read " .. config_file) \
+    local content = f:read("*all") \
+    f:close() \
+    local backup = content:gsub("SELINUX", "BACKUP_SELINUX") \
+    local bf = assert(io.open(config_backup, "w"), "Failed to open " .. config_backup) \
+    bf:write(backup) \
+    bf:close() \
+end
+
 %build
 
 %prep 
@@ -493,13 +545,20 @@ Conflicts: container-selinux < 2:1.12.1-22
 %description targeted
 SELinux Reference policy targeted base module.
 
+%pretrans targeted -p <lua>
+%backupConfigLua
+
 %pre targeted
 %preInstall targeted
 
 %post targeted
+%checkConfigConsistency targeted
 %postInstall $1 targeted
 exit 0
 
+%posttrans targeted
+%checkConfigConsistency targeted
+
 %postun targeted
 if [ $1 = 0 ]; then
     source /etc/selinux/config
@@ -565,6 +624,9 @@ Conflicts: container-selinux <= 1.9.0-9
 %description minimum
 SELinux Reference policy minimum base module.
 
+%pretrans minimum -p <lua>
+%backupConfigLua
+
 %pre minimum
 %preInstall minimum
 if [ $1 -ne 1 ]; then
@@ -572,6 +634,7 @@ if [ $1 -ne 1 ]; then
 fi
 
 %post minimum
+%checkConfigConsistency minimum
 contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
 basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
 if [ ! -d /var/lib/selinux/minimum/active/modules/disabled ]; then
@@ -603,6 +666,9 @@ done
 fi
 exit 0
 
+%posttrans minimum
+%checkConfigConsistency minimum
+
 %postun minimum
 if [ $1 = 0 ]; then
     source /etc/selinux/config
@@ -660,13 +726,20 @@ Conflicts: container-selinux <= 1.9.0-9
 %description mls 
 SELinux Reference policy mls base module.
 
+%pretrans mls -p <lua>
+%backupConfigLua
+
 %pre mls 
 %preInstall mls
 
 %post mls 
+%checkConfigConsistency mls
 %postInstall $1 mls
 exit 0
 
+%posttrans mls
+%checkConfigConsistency mls
+
 %postun mls
 if [ $1 = 0 ]; then
     source /etc/selinux/config