diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index b2a38fb1..f110dcf0 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -482,6 +482,7 @@ extern const char *selinux_file_context_path(void); extern const char *selinux_file_context_homedir_path(void); extern const char *selinux_file_context_local_path(void); extern const char *selinux_file_context_subs_path(void); +extern const char *selinux_file_context_subs_dist_path(void); extern const char *selinux_homedir_context_path(void); extern const char *selinux_media_context_path(void); extern const char *selinux_virtual_domain_context_path(void); diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h index ccf43e15..0b001566 100644 --- a/libselinux/src/file_path_suffixes.h +++ b/libselinux/src/file_path_suffixes.h @@ -23,4 +23,5 @@ S_(BINPOLICY, "/policy/policy") S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context") S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") + S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist") S_(SEPGSQL_CONTEXTS, "/contexts/sepgsql_contexts") diff --git a/libselinux/src/label.c b/libselinux/src/label.c index 2fd19c51..ba316df5 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -56,12 +56,11 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src) return NULL; } -static struct selabel_sub *selabel_subs_init(void) +static struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list) { char buf[1024]; - FILE *cfg = fopen(selinux_file_context_subs_path(), "r"); + FILE *cfg = fopen(path, "r"); struct selabel_sub *sub; - struct selabel_sub *list = NULL; if (cfg) { while (fgets_unlocked(buf, sizeof(buf) - 1, cfg)) { @@ -160,7 +159,10 @@ struct selabel_handle *selabel_open(unsigned int backend, memset(rec, 0, sizeof(*rec)); rec->backend = backend; rec->validating = selabel_is_validate_set(opts, nopts); - rec->subs = selabel_subs_init(); + + rec->subs = NULL; + rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs); + rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs); if ((*initfuncs[backend])(rec, opts, nopts)) { free(rec); diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index e0409597..f4c33df1 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -45,7 +45,8 @@ #define VIRTUAL_IMAGE 22 #define FILE_CONTEXT_SUBS 23 #define SEPGSQL_CONTEXTS 24 -#define NEL 25 +#define FILE_CONTEXT_SUBS_DIST 25 +#define NEL 26 /* Part of one-time lazy init */ static pthread_once_t once = PTHREAD_ONCE_INIT; @@ -423,6 +424,12 @@ const char * selinux_file_context_subs_path(void) { hidden_def(selinux_file_context_subs_path) +const char * selinux_file_context_subs_dist_path(void) { + return get_path(FILE_CONTEXT_SUBS_DIST); +} + +hidden_def(selinux_file_context_subs_dist_path) + const char *selinux_sepgsql_context_path() { return get_path(SEPGSQL_CONTEXTS); diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h index 95b40e5e..806e87c6 100644 --- a/libselinux/src/selinux_internal.h +++ b/libselinux/src/selinux_internal.h @@ -66,6 +66,7 @@ hidden_proto(selinux_mkload_policy) hidden_proto(selinux_file_context_path) hidden_proto(selinux_file_context_homedir_path) hidden_proto(selinux_file_context_local_path) + hidden_proto(selinux_file_context_subs_dist_path) hidden_proto(selinux_file_context_subs_path) hidden_proto(selinux_netfilter_context_path) hidden_proto(selinux_homedir_context_path)