static rpmRC sepoltransInstall(sepoltrans * pt, const sepol * pol) { rpmRC rc = RPMRC_OK; char *path = NULL; rc = sepolWritePolicy(pol, &path); if (rc != RPMRC_OK) { return rc; } argvAdd(&pt->filelist, path); if (pt->execsemodule) { const char *flag = (pol->flags & RPMPOL_FLAG_BASE) ? "-b" : "-i"; if (argvAdd(&pt->semodargs, flag) < 0 || argvAdd(&pt->semodargs, path) < 0) { rc = RPMRC_FAIL; } } else { if (pol->flags & RPMPOL_FLAG_BASE) { if (semanage_module_install_base_file(pt->sh, path) < 0) { rc = RPMRC_FAIL; } } else { if (semanage_module_install_file(pt->sh, path) < 0) { rc = RPMRC_FAIL; } } } if (rc != RPMRC_OK) { rpmlog(RPMLOG_ERR, _("Failed to install policy module: %s (%s)\n"), pol->name, path); } else { pt->changes++; } _free(path); return rc; }
int main(int argc, char *argv[]) { int i, commit = 0; int result; int status = EXIT_FAILURE; char *genhomedirconargv[] = { "genhomedircon", "-B", "-n" }; create_signal_handlers(); if (strcmp(basename(argv[0]), "genhomedircon") == 0) { argc = 3; argv=genhomedirconargv; } parse_command_line(argc, argv); if (build) commit = 1; sh = semanage_handle_create(); if (!sh) { fprintf(stderr, "%s: Could not create semanage handle\n", argv[0]); goto cleanup_nohandle; } if (store) { /* Set the store we want to connect to, before connecting. * this will always set a direct connection now, an additional * option will need to be used later to specify a policy server * location */ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT); } /* if installing base module create store if necessary, for bootstrapping */ semanage_set_create_store(sh, create_store); if (!create_store) { if (!semanage_is_managed(sh)) { fprintf(stderr, "%s: SELinux policy is not managed or store cannot be accessed.\n", argv[0]); goto cleanup; } if (semanage_access_check(sh) < SEMANAGE_CAN_READ) { fprintf(stderr, "%s: Cannot read policy store.\n", argv[0]); goto cleanup; } } if ((result = semanage_connect(sh)) < 0) { fprintf(stderr, "%s: Could not connect to policy handler\n", argv[0]); goto cleanup; } if (reload) { if ((result = semanage_reload_policy(sh)) < 0) { fprintf(stderr, "%s: Could not reload policy\n", argv[0]); goto cleanup; } } if (build) { if ((result = semanage_begin_transaction(sh)) < 0) { fprintf(stderr, "%s: Could not begin transaction: %s\n", argv[0], errno ? strerror(errno) : ""); goto cleanup; } } for (i = 0; i < num_commands; i++) { enum client_modes mode = commands[i].mode; char *mode_arg = commands[i].arg; switch (mode) { case INSTALL_M:{ if (verbose) { printf ("Attempting to install module '%s':\n", mode_arg); } result = semanage_module_install_file(sh, mode_arg); break; } case UPGRADE_M:{ if (verbose) { printf ("Attempting to upgrade module '%s':\n", mode_arg); } result = semanage_module_upgrade_file(sh, mode_arg); break; } case BASE_M:{ if (verbose) { printf ("Attempting to install base module '%s':\n", mode_arg); } result = semanage_module_install_base_file(sh, mode_arg); break; } case ENABLE_M:{ if (verbose) { printf ("Attempting to enable module '%s':\n", mode_arg); } result = semanage_module_enable(sh, mode_arg); if ( result == -2 ) { continue; } break; } case DISABLE_M:{ if (verbose) { printf ("Attempting to disable module '%s':\n", mode_arg); } result = semanage_module_disable(sh, mode_arg); if ( result == -2 ) { continue; } break; } case REMOVE_M:{ if (verbose) { printf ("Attempting to remove module '%s':\n", mode_arg); } result = semanage_module_remove(sh, mode_arg); if ( result == -2 ) { continue; } break; } case LIST_M:{ semanage_module_info_t *modinfo; int num_modules; if (verbose) { printf ("Attempting to list active modules:\n"); } if ((result = semanage_module_list(sh, &modinfo, &num_modules)) >= 0) { int j; if (num_modules == 0) { printf("No modules.\n"); } for (j = 0; j < num_modules; j++) { semanage_module_info_t *m = semanage_module_list_nth (modinfo, j); printf("%s\t%s\t%s\n", semanage_module_get_name (m), semanage_module_get_version (m), (semanage_module_get_enabled(m) ? "" : "Disabled")); semanage_module_info_datum_destroy (m); } free(modinfo); } break; } default:{ fprintf(stderr, "%s: Unknown mode specified.\n", argv[0]); usage(argv[0]); goto cleanup; } } commit += do_commit[mode]; if (result < 0) { fprintf(stderr, "%s: Failed on %s!\n", argv[0], mode_arg ? : "list"); goto cleanup; } else if (verbose) {