Example #1
0
/* Similar to semanage_direct_install(), except that it checks that
 * there already exists a module with the same name and that the
 * module is an older version then the one in 'data'.  Returns 0 on
 * success, -1 if out of memory, -2 if the data does not represent a
 * valid module file, -3 if error while writing file or reading
 * modules directory, -4 if there does not exist an older module or if
 * the previous module is same or newer than 'data'.
 */
static int semanage_direct_upgrade(semanage_handle_t *sh,
				   char *data, size_t data_len) {
	int i, retval, num_modules = 0;
	char *module_name = NULL, *version = NULL, *filename = NULL;
	semanage_module_info_t *modinfo = NULL;
	if ((retval = parse_module_headers(sh, data, data_len,
					   &module_name, &version, &filename)) != 0) {
		goto cleanup;
	}
	if (semanage_direct_list(sh, &modinfo, &num_modules) < 0) {
		goto cleanup;
	}
	retval = -4;
	for (i = 0; i < num_modules; i++) {
		semanage_module_info_t *m = semanage_module_list_nth(modinfo, i);
		if (strcmp(semanage_module_get_name(m), module_name) == 0) {
			if (semanage_strverscmp(version, semanage_module_get_version(m)) > 0) {
				retval = 0;
				break;
			}
			else {
				ERR(sh, "Previous module %s is same or newer.", module_name);
				retval = -4;
				goto cleanup;
			}
		}
	}
	if (retval == -4) {
		ERR(sh, "There does not already exist a module named %s.", module_name);
		goto cleanup;
	}
	if (write_file(sh, filename, data, data_len) == -1) {
		retval = -3;
	}
 cleanup:
	free(version);
	free(filename);
	free(module_name);
	for (i = 0; modinfo != NULL && i < num_modules; i++) {
		semanage_module_info_t *m = semanage_module_list_nth(modinfo, i);
		semanage_module_info_datum_destroy(m);
	}
	free(modinfo);
	return retval;
}
Example #2
0
int main(int argc, char *argv[])
{
	int i, commit = 0;
	int result;
	int status = EXIT_FAILURE;
	char *genhomedirconargv[] = { "genhomedircon", "-B", "-n" };
	create_signal_handlers();
	if (strcmp(basename(argv[0]), "genhomedircon") == 0) {
		argc = 3;
		argv=genhomedirconargv;
	}
	parse_command_line(argc, argv);

	if (build)
		commit = 1;

	sh = semanage_handle_create();
	if (!sh) {
		fprintf(stderr, "%s:  Could not create semanage handle\n",
			argv[0]);
		goto cleanup_nohandle;
	}

	if (store) {
		/* Set the store we want to connect to, before connecting.
		 * this will always set a direct connection now, an additional
		 * option will need to be used later to specify a policy server 
		 * location */
		semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
	}

	/* if installing base module create store if necessary, for bootstrapping */
	semanage_set_create_store(sh, create_store);

	if (!create_store) {
		if (!semanage_is_managed(sh)) {
			fprintf(stderr,
				"%s: SELinux policy is not managed or store cannot be accessed.\n",
				argv[0]);
			goto cleanup;
		}

		if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
			fprintf(stderr, "%s: Cannot read policy store.\n",
				argv[0]);
			goto cleanup;
		}
	}

	if ((result = semanage_connect(sh)) < 0) {
		fprintf(stderr, "%s:  Could not connect to policy handler\n",
			argv[0]);
		goto cleanup;
	}

	if (reload) {
		if ((result = semanage_reload_policy(sh)) < 0) {
			fprintf(stderr, "%s:  Could not reload policy\n",
				argv[0]);
			goto cleanup;
		}
	}

	if (build) {
		if ((result = semanage_begin_transaction(sh)) < 0) {
			fprintf(stderr, "%s:  Could not begin transaction:  %s\n",
				argv[0], errno ? strerror(errno) : "");
			goto cleanup;
		}
	}

	for (i = 0; i < num_commands; i++) {
		enum client_modes mode = commands[i].mode;
		char *mode_arg = commands[i].arg;
		switch (mode) {
		case INSTALL_M:{
				if (verbose) {
					printf
					    ("Attempting to install module '%s':\n",
					     mode_arg);
				}
				result =
				    semanage_module_install_file(sh, mode_arg);
				break;
			}
		case UPGRADE_M:{
				if (verbose) {
					printf
					    ("Attempting to upgrade module '%s':\n",
					     mode_arg);
				}
				result =
				    semanage_module_upgrade_file(sh, mode_arg);
				break;
			}
		case BASE_M:{
				if (verbose) {
					printf
					    ("Attempting to install base module '%s':\n",
					     mode_arg);
				}
				result =
				    semanage_module_install_base_file(sh, mode_arg);
				break;
			}
		case ENABLE_M:{
				if (verbose) {
					printf
					    ("Attempting to enable module '%s':\n",
					     mode_arg);
				}
				result = semanage_module_enable(sh, mode_arg);
				if ( result == -2 ) { 
					continue;
				}
				break;
			}
		case DISABLE_M:{
				if (verbose) {
					printf
					    ("Attempting to disable module '%s':\n",
					     mode_arg);
				}
				result = semanage_module_disable(sh, mode_arg);
				if ( result == -2 ) { 
					continue;
				}
				break;
			}
		case REMOVE_M:{
				if (verbose) {
					printf
					    ("Attempting to remove module '%s':\n",
					     mode_arg);
				}
				result = semanage_module_remove(sh, mode_arg);
				if ( result == -2 ) { 
					continue;
				}
				break;
			}
		case LIST_M:{
				semanage_module_info_t *modinfo;
				int num_modules;
				if (verbose) {
					printf
					    ("Attempting to list active modules:\n");
				}
				if ((result =
				     semanage_module_list(sh, &modinfo,
							  &num_modules)) >= 0) {
					int j;
					if (num_modules == 0) {
						printf("No modules.\n");
					}
					for (j = 0; j < num_modules; j++) {
						semanage_module_info_t *m =
						    semanage_module_list_nth
						    (modinfo, j);
						printf("%s\t%s\t%s\n",
						       semanage_module_get_name
						       (m),
						       semanage_module_get_version
						       (m), 
						       (semanage_module_get_enabled(m) ? "" : "Disabled"));
						semanage_module_info_datum_destroy
						    (m);
					}
					free(modinfo);
				}
				break;
			}
		default:{
				fprintf(stderr,
					"%s:  Unknown mode specified.\n",
					argv[0]);
				usage(argv[0]);
				goto cleanup;
			}
		}
		commit += do_commit[mode];
		if (result < 0) {
			fprintf(stderr, "%s:  Failed on %s!\n", argv[0],
				mode_arg ? : "list");
			goto cleanup;
		} else if (verbose) {