From 70b23853a87551604474abd9c1b0188d80e7f64e Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Sat, 16 Aug 2014 07:37:42 -0400
Subject: [PATCH] libselinux: Compiled file context files and the original
 should have the same permissions

Currently the compiled file context files can end up with different
permissions then the original.  This can lead to non priv users
not being able to read the compiled versions.
---
 libselinux/utils/sefcontext_compile.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index b414b503..7b781803 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -4,6 +4,9 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 
 #include <linux/limits.h>
 
@@ -334,6 +337,7 @@ int main(int argc, char *argv[])
 	int rc;
 	char *tmp= NULL;
 	int fd;
+	struct stat buf;
 
 	if (argc != 2) {
 		fprintf(stderr, "usage: %s input_file\n", argv[0]);
@@ -344,6 +348,11 @@ int main(int argc, char *argv[])
 
 	path = argv[1];
 
+	if (stat(path, &buf) < 0) {
+		fprintf(stderr, "Can not stat: %s: %m\n", path);
+		exit(EXIT_FAILURE);
+	}
+
 	rc = process_file(&data, path);
 	if (rc < 0)
 		return rc;
@@ -363,6 +372,12 @@ int main(int argc, char *argv[])
 	if (fd < 0)
 		goto err;
 
+	rc = fchmod(fd, buf.st_mode);
+	if (rc < 0) {
+		perror("fchmod failed to set permission on compiled regexs");
+		goto err;
+	}
+
 	rc = write_binary_file(&data, fd);
 
 	if (rc < 0)