int semanage_direct_access_check(semanage_handle_t *sh) {
char polpath[PATH_MAX];
snprintf(polpath, PATH_MAX, "%s%s", selinux_path(), sh->conf->store_path);
if (semanage_check_init(polpath))
return -1;
return semanage_store_access_check(sh);
}
int semanage_direct_is_managed(semanage_handle_t *sh) {
char polpath[PATH_MAX];
snprintf(polpath, PATH_MAX, "%s%s", selinux_path(), sh->conf->store_path);
if (semanage_check_init(polpath))
goto err;
if (semanage_access_check(sh) < 0)
return 0;
return 1;
err:
ERR(sh, "could not check whether policy is managed");
return STATUS_ERR;
}
/* The suite initialization function.
* Returns zero on success, non-zero otherwise.
*/
int semanage_store_test_init(void)
{
int err;
/* create directories */
err = mkdir(polpath, S_IRUSR | S_IWUSR | S_IXUSR);
if (err != 0)
return -1;
err = mkdir(lockpath, S_IRUSR | S_IWUSR | S_IXUSR);
if (err != 0)
return -1;
err = mkdir(actpath, S_IRUSR | S_IWUSR | S_IXUSR);
if (err != 0)
return -1;
err = mkdir(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
if (err != 0)
return -1;
/* initialize the handle */
sh = semanage_handle_create();
if (sh == NULL)
return -1;
/* hide error messages */
sh->msg_callback = test_msg_handler;
/* initialize paths */
err = semanage_check_init(polpath);
if (err != 0)
return -1;
return 0;
}
/* Check that the module store exists, creating it if necessary.
*/
int semanage_direct_connect(semanage_handle_t *sh) {
char polpath[PATH_MAX];
snprintf(polpath, PATH_MAX, "%s%s", selinux_path(), sh->conf->store_path);
if (semanage_check_init(polpath))
goto err;
if (sh->create_store)
if (semanage_create_store(sh, 1))
goto err;
if (semanage_access_check(sh) < SEMANAGE_CAN_READ)
goto err;
sh->u.direct.translock_file_fd = -1;
sh->u.direct.activelock_file_fd = -1;
/* set up function pointers */
sh->funcs = &direct_funcs;
/* Object databases: local modifications */
if (user_base_file_dbase_init(sh,
semanage_fname(SEMANAGE_USERS_BASE_LOCAL),
semanage_user_base_dbase_local(sh)) < 0)
goto err;
if (user_extra_file_dbase_init(sh,
semanage_fname(SEMANAGE_USERS_EXTRA_LOCAL),
semanage_user_extra_dbase_local(sh)) < 0)
goto err;
if (user_join_dbase_init(sh,
semanage_user_base_dbase_local(sh),
semanage_user_extra_dbase_local(sh),
semanage_user_dbase_local(sh)) < 0)
goto err;
if (port_file_dbase_init(sh,
semanage_fname(SEMANAGE_PORTS_LOCAL),
semanage_port_dbase_local(sh)) < 0)
goto err;
if (iface_file_dbase_init(sh,
semanage_fname(SEMANAGE_INTERFACES_LOCAL),
semanage_iface_dbase_local(sh)) < 0)
goto err;
if (bool_file_dbase_init(sh,
semanage_fname(SEMANAGE_BOOLEANS_LOCAL),
semanage_bool_dbase_local(sh)) < 0)
goto err;
if (fcontext_file_dbase_init(sh,
semanage_fname(SEMANAGE_FC_LOCAL),
semanage_fcontext_dbase_local(sh)) < 0)
goto err;
if (seuser_file_dbase_init(sh,
semanage_fname(SEMANAGE_SEUSERS_LOCAL),
semanage_seuser_dbase_local(sh)) < 0)
goto err;
if (node_file_dbase_init(sh,
semanage_fname(SEMANAGE_NODES_LOCAL),
semanage_node_dbase_local(sh)) < 0)
goto err;
/* Object databases: local modifications + policy */
if (user_base_policydb_dbase_init(sh,
semanage_user_base_dbase_policy(sh)) < 0)
goto err;
if (user_extra_file_dbase_init(sh,
semanage_fname(SEMANAGE_USERS_EXTRA),
semanage_user_extra_dbase_policy(sh)) < 0)
goto err;
if (user_join_dbase_init(sh,
semanage_user_base_dbase_policy(sh),
semanage_user_extra_dbase_policy(sh),
semanage_user_dbase_policy(sh)) < 0)
goto err;
if (port_policydb_dbase_init(sh, semanage_port_dbase_policy(sh)) < 0)
goto err;
if (iface_policydb_dbase_init(sh, semanage_iface_dbase_policy(sh)) < 0)
goto err;
if (bool_policydb_dbase_init(sh, semanage_bool_dbase_policy(sh)) < 0)
goto err;
if (fcontext_file_dbase_init(sh,
semanage_fname(SEMANAGE_FC),
semanage_fcontext_dbase_policy(sh)) < 0)
goto err;
if (seuser_file_dbase_init(sh,
semanage_fname(SEMANAGE_SEUSERS),
semanage_seuser_dbase_policy(sh)) < 0)
goto err;
if (node_policydb_dbase_init(sh, semanage_node_dbase_policy(sh)) < 0)
goto err;
/* Active kernel policy */
if (bool_activedb_dbase_init(sh, semanage_bool_dbase_active(sh)) < 0)
goto err;
return STATUS_SUCCESS;
err:
ERR(sh, "could not establish direct connection");
sepol_handle_destroy(sh->sepolh);
return STATUS_ERR;
}
