Separate out the calling of local subs and dist subs in selabel_sub

We want to allow users to setup their substitions to run fist and then run
the distro subs second.  This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it.  We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
This commit is contained in:
Dan Walsh 2013-10-09 15:22:54 -04:00 committed by Stephen Smalley
parent 51d9a078c2
commit fd56c5230c
3 changed files with 18 additions and 4 deletions

View File

@ -58,7 +58,7 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src)
return NULL;
}
struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list)
struct selabel_sub *selabel_subs_init(const char *path, struct selabel_sub *list)
{
char buf[1024];
FILE *cfg = fopen(path, "r");
@ -171,6 +171,7 @@ struct selabel_handle *selabel_open(unsigned int backend,
rec->validating = selabel_is_validate_set(opts, nopts);
rec->subs = NULL;
rec->dist_subs = NULL;
if ((*initfuncs[backend])(rec, opts, nopts)) {
free(rec);
@ -186,13 +187,24 @@ selabel_lookup_common(struct selabel_handle *rec, int translating,
const char *key, int type)
{
struct selabel_lookup_rec *lr;
char *ptr = NULL;
char *dptr = NULL;
if (key == NULL) {
errno = EINVAL;
return NULL;
}
char *ptr = selabel_sub(rec->subs, key);
ptr = selabel_sub(rec->subs, key);
if (ptr) {
dptr = selabel_sub(rec->dist_subs, ptr);
if (dptr) {
free(ptr);
ptr = dptr;
}
} else {
ptr = selabel_sub(rec->dist_subs, key);
}
if (ptr) {
lr = rec->func_lookup(rec, ptr, type);
free(ptr);
@ -241,6 +253,7 @@ int selabel_lookup_raw(struct selabel_handle *rec, security_context_t *con,
void selabel_close(struct selabel_handle *rec)
{
selabel_subs_fini(rec->subs);
selabel_subs_fini(rec->dist_subs);
rec->func_close(rec);
free(rec->spec_file);
free(rec);

View File

@ -496,12 +496,12 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
/* Process local and distribution substitution files */
if (!path) {
rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs);
rec->dist_subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->dist_subs);
rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs);
path = selinux_file_context_path();
} else {
snprintf(subs_file, sizeof(subs_file), "%s.subs_dist", path);
rec->subs = selabel_subs_init(subs_file, rec->subs);
rec->dist_subs = selabel_subs_init(subs_file, rec->dist_subs);
snprintf(subs_file, sizeof(subs_file), "%s.subs", path);
rec->subs = selabel_subs_init(subs_file, rec->subs);
}

View File

@ -68,6 +68,7 @@ struct selabel_handle {
char *spec_file;
/* substitution support */
struct selabel_sub *dist_subs;
struct selabel_sub *subs;
};