Beispiel #1
0
static int bool_parse(semanage_handle_t * handle,
		      parse_info_t * info, semanage_bool_t * boolean)
{

	int value = 0;
	char *str = NULL;

	if (parse_skip_space(handle, info) < 0)
		goto err;
	if (!info->ptr)
		goto last;

	/* Extract name */
	if (parse_fetch_string(handle, info, &str, '=') < 0)
		goto err;

	if (semanage_bool_set_name(handle, boolean, str) < 0)
		goto err;
	free(str);
	str = NULL;

	/* Assert = */
	if (parse_skip_space(handle, info) < 0)
		goto err;
	if (parse_assert_ch(handle, info, '=') < 0)
		goto err;

	/* Extract value */
	if (parse_skip_space(handle, info) < 0)
		goto err;
	if (parse_optional_str(info, "true") != STATUS_NODATA)
		value = 1;
	else if (parse_optional_str(info, "TRUE") != STATUS_NODATA)
		value = 1;
	else if (parse_optional_str(info, "false") != STATUS_NODATA)
		value = 0;
	else if (parse_optional_str(info, "FALSE") != STATUS_NODATA)
		value = 0;
	else if (parse_fetch_int(handle, info, &value, ' ') < 0)
		goto err;

	if (value != 0 && value != 1) {
		ERR(handle, "invalid boolean value for \"%s\": %u "
		    "(%s: %u)\n%s", semanage_bool_get_name(boolean),
		    value, info->filename, info->lineno, info->orig_line);
		goto err;
	}
	semanage_bool_set_value(boolean, value);

	if (parse_assert_space(handle, info) < 0)
		goto err;

	return STATUS_SUCCESS;

      last:
	parse_dispose_line(info);
	return STATUS_NODATA;

      err:
	ERR(handle, "could not parse boolean record");
	free(str);
	parse_dispose_line(info);
	return STATUS_ERR;
}
/* Apply permanent boolean changes to policy via libsemanage */
static int semanage_set_boolean_list(size_t boolcnt,
				     SELboolean * boollist)
{

	size_t j;
	semanage_handle_t *handle = NULL;
	semanage_bool_t *boolean = NULL;
	semanage_bool_key_t *bool_key = NULL;
	int managed;

	handle = semanage_handle_create();
	if (handle == NULL) {
		fprintf(stderr, "Could not create semanage library handle\n");
		goto err;
	}

	managed = semanage_is_managed(handle);
	if (managed < 0) {
		fprintf(stderr,
			"Error when checking whether policy is managed\n");
		goto err;

	} else if (managed == 0) {
		if (getuid() == 0) {
			fprintf(stderr,
				"Cannot set persistent booleans without managed policy.\n");
		} else {
			fprintf(stderr,
				"Cannot set persistent booleans, please try as root.\n");
		}
		goto err;
	}

	if (semanage_connect(handle) < 0)
		goto err;

	if (semanage_begin_transaction(handle) < 0)
		goto err;

	for (j = 0; j < boolcnt; j++) {

		if (semanage_bool_create(handle, &boolean) < 0)
			goto err;

		if (semanage_bool_set_name(handle, boolean, boollist[j].name) <
		    0)
			goto err;

		semanage_bool_set_value(boolean, boollist[j].value);

		if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
			goto err;

		if (semanage_bool_modify_local(handle, bool_key,
						  boolean) < 0)
			goto err;

		if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
			fprintf(stderr, "Could not change boolean %s\n",
				boollist[j].name);
			goto err;
		}
		semanage_bool_key_free(bool_key);
		semanage_bool_free(boolean);
		bool_key = NULL;
		boolean = NULL;
	}

	semanage_set_reload(handle, reload);
	if (semanage_commit(handle) < 0)
		goto err;

	semanage_disconnect(handle);
	semanage_handle_destroy(handle);
	return 0;

      err:
	semanage_bool_key_free(bool_key);
	semanage_bool_free(boolean);
	semanage_handle_destroy(handle);
	fprintf(stderr, "Could not change policy booleans\n");
	return -1;
}