topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-12-13 22:48:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libsemanage: Add sefcontext_compile to compile regex everytime policy is rebuilt

Browse Source 
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
rhatdan 2012-09-14 10:52:08 -04:00 committed by Eric Paris
parent 44cba24ba6
commit 28baa721e0
4 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
libsemanage/src/conf-parse.y
View File

@ -58,7 +58,7 @@ static int parse_errors;
} }
%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS %token LOAD_POLICY_START SETFILES_START SEFCONTEXT_COMPILE_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
%token BZIP_BLOCKSIZE BZIP_SMALL %token BZIP_BLOCKSIZE BZIP_SMALL
%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
%token PROG_PATH PROG_ARGS %token PROG_PATH PROG_ARGS
@ -230,6 +230,14 @@ command_start:
YYABORT; YYABORT;
} }
} }
| SEFCONTEXT_COMPILE_START {
semanage_conf_external_prog_destroy(current_conf->sefcontext_compile);
current_conf->sefcontext_compile = NULL;
if (new_external_prog(&current_conf->sefcontext_compile) == -1) {
parse_errors++;
YYABORT;
}
}
; ;
verify_block: verify_start external_opts BLOCK_END { verify_block: verify_start external_opts BLOCK_END {
@ -308,6 +316,20 @@ static int semanage_conf_init(semanage_conf_t * conf)
return -1; return -1;
} }
if ((conf->sefcontext_compile =
calloc(1, sizeof(*(current_conf->sefcontext_compile)))) == NULL) {
return -1;
}
if (access("/sbin/sefcontext_compile", X_OK) == 0) {
conf->sefcontext_compile->path = strdup("/sbin/sefcontext_compile");
} else {
conf->sefcontext_compile->path = strdup("/usr/sbin/sefcontext_compile");
}
if ((conf->sefcontext_compile->path == NULL) ||
(conf->sefcontext_compile->args = strdup("$@")) == NULL) {
return -1;
}
return 0; return 0;
} }
@ -363,6 +385,7 @@ void semanage_conf_destroy(semanage_conf_t * conf)
free(conf->ignoredirs); free(conf->ignoredirs);
semanage_conf_external_prog_destroy(conf->load_policy); semanage_conf_external_prog_destroy(conf->load_policy);
semanage_conf_external_prog_destroy(conf->setfiles); semanage_conf_external_prog_destroy(conf->setfiles);
semanage_conf_external_prog_destroy(conf->sefcontext_compile);
semanage_conf_external_prog_destroy(conf->mod_prog); semanage_conf_external_prog_destroy(conf->mod_prog);
semanage_conf_external_prog_destroy(conf->linked_prog); semanage_conf_external_prog_destroy(conf->linked_prog);
semanage_conf_external_prog_destroy(conf->kernel_prog); semanage_conf_external_prog_destroy(conf->kernel_prog);

1
libsemanage/src/conf-scan.l
View File

@ -53,6 +53,7 @@ bzip-blocksize return BZIP_BLOCKSIZE;
bzip-small return BZIP_SMALL; bzip-small return BZIP_SMALL;
"[load_policy]" return LOAD_POLICY_START; "[load_policy]" return LOAD_POLICY_START;
"[setfiles]" return SETFILES_START; "[setfiles]" return SETFILES_START;
"[sefcontext_compile]" return SEFCONTEXT_COMPILE_START;
"[verify module]" return VERIFY_MOD_START; "[verify module]" return VERIFY_MOD_START;
"[verify linked]" return VERIFY_LINKED_START; "[verify linked]" return VERIFY_LINKED_START;
"[verify kernel]" return VERIFY_KERNEL_START; "[verify kernel]" return VERIFY_KERNEL_START;

1
libsemanage/src/semanage_conf.h
View File

@ -46,6 +46,7 @@ typedef struct semanage_conf {
char *ignoredirs; /* ";" separated of list for genhomedircon to ignore */ char *ignoredirs; /* ";" separated of list for genhomedircon to ignore */
struct external_prog *load_policy; struct external_prog *load_policy;
struct external_prog *setfiles; struct external_prog *setfiles;
struct external_prog *sefcontext_compile;
struct external_prog *mod_prog, *linked_prog, *kernel_prog; struct external_prog *mod_prog, *linked_prog, *kernel_prog;
} semanage_conf_t; } semanage_conf_t;

26
libsemanage/src/semanage_store.c
View File

@ -1100,6 +1100,17 @@ int semanage_split_fc(semanage_handle_t * sh)
} }
static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
int r;
if ((r = semanage_exec_prog(sh, sh->conf->sefcontext_compile, path, "")) != 0) {
ERR(sh, "sefcontext_compile returned error code %d. Compiling %s", r, path);
return -1;
}
return 0;
}
/* Actually load the contents of the current active directory into the /* Actually load the contents of the current active directory into the
* kernel. Return 0 on success, -3 on error. */ * kernel. Return 0 on success, -3 on error. */
static int semanage_install_active(semanage_handle_t * sh) static int semanage_install_active(semanage_handle_t * sh)
@ -1233,6 +1244,16 @@ static int semanage_install_active(semanage_handle_t * sh)
goto cleanup; goto cleanup;
} }
if (sefcontext_compile(sh, store_fc) != 0) {
goto cleanup;
}
if (sefcontext_compile(sh, store_fc_loc) != 0) {
goto cleanup;
}
if (sefcontext_compile(sh, store_fc_hd) != 0) {
goto cleanup;
}
retval = 0; retval = 0;
cleanup: cleanup:
free(storepath); free(storepath);
@ -1371,6 +1392,11 @@ int semanage_install_sandbox(semanage_handle_t * sh)
goto cleanup; goto cleanup;
} }
if (sh->conf->sefcontext_compile == NULL) {
ERR(sh, "No sefcontext_compile program specified in configuration file.");
goto cleanup;
}
if ((commit_num = semanage_commit_sandbox(sh)) < 0) { if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
retval = commit_num; retval = commit_num;
goto cleanup; goto cleanup;