python/sepolicy: Make policy files sorting more robust

The sorting order seems to be fragile because '100' < '99', so the policy filename needs to be parsed in order to extract the version as an integer and sort according to it. Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2024-12-14 06:58:44 +00:00 · 2019-01-03 13:03:40 +01:00 · 2019-01-03 13:03:40 +01:00 · 1015aef5cf
commit 1015aef5cf
parent 2d825c616d
1 changed files with 18 additions and 7 deletions
--- a/python/sepolicy/sepolicy/init.py
+++ b/python/sepolicy/sepolicy/init.py
@ -119,23 +119,34 @@ all_allow_rules = None
 all_transitions = None


+def policy_sortkey(policy_path):
+    # Parse the extension of a policy path which looks like .../policy/policy.31
+    extension = policy_path.rsplit('/policy.', 1)[1]
+    try:
+        return int(extension), policy_path
+    except ValueError:
+        # Fallback with sorting on the full path
+        return 0, policy_path
+
 def get_installed_policy(root="/"):
    try:
        path = root + selinux.selinux_binary_policy_path()
        policies = glob.glob("%s.*" % path)
-        policies.sort()
+        policies.sort(key=policy_sortkey)
        return policies[-1]
    except:
        pass
    raise ValueError(_("No SELinux Policy installed"))

-def get_store_policy(store, root="/"):
-    try:
-        policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store))
-        policies.sort()
-        return policies[-1]
-    except:
+def get_store_policy(store):
+    """Get the path to the policy file located in the given store name"""
+    policies = glob.glob("%s%s/policy/policy.*" %
+                         (selinux.selinux_path(), store))
+    if not policies:
        return None
+    # Return the policy with the higher version number
+    policies.sort(key=policy_sortkey)
+    return policies[-1]

 def policy(policy_file):
    global all_domains