RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-04 23:49:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

genhomedircon: make USERID, USERNAME context lists

Browse Source 
Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2016-04-30 15:58:10 +08:00 committed by Stephen Smalley
parent 3b23f12eb9
commit 08cde98b60
1 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
libsemanage/src/genhomedircon.c
View File

@ -73,8 +73,13 @@
which are searched for and replaced */ which are searched for and replaced */
#define TEMPLATE_HOME_ROOT "HOME_ROOT" #define TEMPLATE_HOME_ROOT "HOME_ROOT"
#define TEMPLATE_HOME_DIR "HOME_DIR" #define TEMPLATE_HOME_DIR "HOME_DIR"
/* these are legacy */
#define TEMPLATE_USER "USER" #define TEMPLATE_USER "USER"
#define TEMPLATE_ROLE "ROLE" #define TEMPLATE_ROLE "ROLE"
/* new names */
#define TEMPLATE_USERNAME "%{USERNAME}"
#define TEMPLATE_USERID "%{USERID}"
#define TEMPLATE_SEUSER "system_u" #define TEMPLATE_SEUSER "system_u"
#define TEMPLATE_LEVEL "s0" #define TEMPLATE_LEVEL "s0"
@ -463,8 +468,21 @@ static int HOME_DIR_PRED(const char *string)
return semanage_is_prefix(string, TEMPLATE_HOME_DIR); return semanage_is_prefix(string, TEMPLATE_HOME_DIR);
} }
/* new names */
static int USERNAME_CONTEXT_PRED(const char *string)
{
return (int)(
(strstr(string, TEMPLATE_USERNAME) != NULL) ||
(strstr(string, TEMPLATE_USERID) != NULL)
);
}
/* This will never match USER if USERNAME or USERID are found. */
static int USER_CONTEXT_PRED(const char *string) static int USER_CONTEXT_PRED(const char *string)
{ {
if (USERNAME_CONTEXT_PRED(string))
return 0;
return (int)(strstr(string, TEMPLATE_USER) != NULL); return (int)(strstr(string, TEMPLATE_USER) != NULL);
} }
@ -950,16 +968,21 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
{ {
semanage_list_t *homedirs = NULL; semanage_list_t *homedirs = NULL;
semanage_list_t *h = NULL; semanage_list_t *h = NULL;
semanage_list_t *user_context_tpl = NULL;
semanage_list_t *homedir_context_tpl = NULL; semanage_list_t *homedir_context_tpl = NULL;
semanage_list_t *homeroot_context_tpl = NULL; semanage_list_t *homeroot_context_tpl = NULL;
semanage_list_t *username_context_tpl = NULL;
semanage_list_t *user_context_tpl = NULL;
int retval = STATUS_SUCCESS; int retval = STATUS_SUCCESS;
homedir_context_tpl = make_template(s, &HOME_DIR_PRED); homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED); homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
username_context_tpl = make_template(s, &USERNAME_CONTEXT_PRED);
user_context_tpl = make_template(s, &USER_CONTEXT_PRED); user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
if (!homedir_context_tpl && !homeroot_context_tpl && !user_context_tpl) if (!homedir_context_tpl
&& !homeroot_context_tpl
&& !username_context_tpl
&& !user_context_tpl)
goto done; goto done;
if (write_file_context_header(out) != STATUS_SUCCESS) { if (write_file_context_header(out) != STATUS_SUCCESS) {
@ -1028,6 +1051,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
done: done:
/* Cleanup */ /* Cleanup */
semanage_list_destroy(&homedirs); semanage_list_destroy(&homedirs);
semanage_list_destroy(&username_context_tpl);
semanage_list_destroy(&user_context_tpl); semanage_list_destroy(&user_context_tpl);
semanage_list_destroy(&homedir_context_tpl); semanage_list_destroy(&homedir_context_tpl);
semanage_list_destroy(&homeroot_context_tpl); semanage_list_destroy(&homeroot_context_tpl);