int semanage_direct_access_check(semanage_handle_t *sh) { char polpath[PATH_MAX]; snprintf(polpath, PATH_MAX, "%s%s", selinux_path(), sh->conf->store_path); if (semanage_check_init(polpath)) return -1; return semanage_store_access_check(sh); }
int semanage_direct_is_managed(semanage_handle_t *sh) { char polpath[PATH_MAX]; snprintf(polpath, PATH_MAX, "%s%s", selinux_path(), sh->conf->store_path); if (semanage_check_init(polpath)) goto err; if (semanage_access_check(sh) < 0) return 0; return 1; err: ERR(sh, "could not check whether policy is managed"); return STATUS_ERR; }
/* The suite initialization function. * Returns zero on success, non-zero otherwise. */ int semanage_store_test_init(void) { int err; /* create directories */ err = mkdir(polpath, S_IRUSR | S_IWUSR | S_IXUSR); if (err != 0) return -1; err = mkdir(lockpath, S_IRUSR | S_IWUSR | S_IXUSR); if (err != 0) return -1; err = mkdir(actpath, S_IRUSR | S_IWUSR | S_IXUSR); if (err != 0) return -1; err = mkdir(modpath, S_IRUSR | S_IWUSR | S_IXUSR); if (err != 0) return -1; /* initialize the handle */ sh = semanage_handle_create(); if (sh == NULL) return -1; /* hide error messages */ sh->msg_callback = test_msg_handler; /* initialize paths */ err = semanage_check_init(polpath); if (err != 0) return -1; return 0; }
/* Check that the module store exists, creating it if necessary. */ int semanage_direct_connect(semanage_handle_t *sh) { char polpath[PATH_MAX]; snprintf(polpath, PATH_MAX, "%s%s", selinux_path(), sh->conf->store_path); if (semanage_check_init(polpath)) goto err; if (sh->create_store) if (semanage_create_store(sh, 1)) goto err; if (semanage_access_check(sh) < SEMANAGE_CAN_READ) goto err; sh->u.direct.translock_file_fd = -1; sh->u.direct.activelock_file_fd = -1; /* set up function pointers */ sh->funcs = &direct_funcs; /* Object databases: local modifications */ if (user_base_file_dbase_init(sh, semanage_fname(SEMANAGE_USERS_BASE_LOCAL), semanage_user_base_dbase_local(sh)) < 0) goto err; if (user_extra_file_dbase_init(sh, semanage_fname(SEMANAGE_USERS_EXTRA_LOCAL), semanage_user_extra_dbase_local(sh)) < 0) goto err; if (user_join_dbase_init(sh, semanage_user_base_dbase_local(sh), semanage_user_extra_dbase_local(sh), semanage_user_dbase_local(sh)) < 0) goto err; if (port_file_dbase_init(sh, semanage_fname(SEMANAGE_PORTS_LOCAL), semanage_port_dbase_local(sh)) < 0) goto err; if (iface_file_dbase_init(sh, semanage_fname(SEMANAGE_INTERFACES_LOCAL), semanage_iface_dbase_local(sh)) < 0) goto err; if (bool_file_dbase_init(sh, semanage_fname(SEMANAGE_BOOLEANS_LOCAL), semanage_bool_dbase_local(sh)) < 0) goto err; if (fcontext_file_dbase_init(sh, semanage_fname(SEMANAGE_FC_LOCAL), semanage_fcontext_dbase_local(sh)) < 0) goto err; if (seuser_file_dbase_init(sh, semanage_fname(SEMANAGE_SEUSERS_LOCAL), semanage_seuser_dbase_local(sh)) < 0) goto err; if (node_file_dbase_init(sh, semanage_fname(SEMANAGE_NODES_LOCAL), semanage_node_dbase_local(sh)) < 0) goto err; /* Object databases: local modifications + policy */ if (user_base_policydb_dbase_init(sh, semanage_user_base_dbase_policy(sh)) < 0) goto err; if (user_extra_file_dbase_init(sh, semanage_fname(SEMANAGE_USERS_EXTRA), semanage_user_extra_dbase_policy(sh)) < 0) goto err; if (user_join_dbase_init(sh, semanage_user_base_dbase_policy(sh), semanage_user_extra_dbase_policy(sh), semanage_user_dbase_policy(sh)) < 0) goto err; if (port_policydb_dbase_init(sh, semanage_port_dbase_policy(sh)) < 0) goto err; if (iface_policydb_dbase_init(sh, semanage_iface_dbase_policy(sh)) < 0) goto err; if (bool_policydb_dbase_init(sh, semanage_bool_dbase_policy(sh)) < 0) goto err; if (fcontext_file_dbase_init(sh, semanage_fname(SEMANAGE_FC), semanage_fcontext_dbase_policy(sh)) < 0) goto err; if (seuser_file_dbase_init(sh, semanage_fname(SEMANAGE_SEUSERS), semanage_seuser_dbase_policy(sh)) < 0) goto err; if (node_policydb_dbase_init(sh, semanage_node_dbase_policy(sh)) < 0) goto err; /* Active kernel policy */ if (bool_activedb_dbase_init(sh, semanage_bool_dbase_active(sh)) < 0) goto err; return STATUS_SUCCESS; err: ERR(sh, "could not establish direct connection"); sepol_handle_destroy(sh->sepolh); return STATUS_ERR; }