static sepoltrans *sepoltransNew(void)
{
sepoltrans *pt = xcalloc(1, sizeof(*pt));
pt->semodulepath = rpmExpand("%{__semodule}", NULL);
pt->execsemodule = (!rpmChrootDone() && access(pt->semodulepath, X_OK) == 0);
pt->changes = 0;
if (pt->execsemodule) {
argvAdd(&pt->semodargs, "semodule");
} else {
pt->sh = semanage_handle_create();
if (!pt->sh) {
rpmlog(RPMLOG_ERR, _("Failed to create semanage handle\n"));
goto err;
}
semanage_set_create_store(pt->sh, 1);
semanage_set_check_contexts(pt->sh, 0);
if (semanage_connect(pt->sh) < 0) {
rpmlog(RPMLOG_ERR, _("Failed to connect to policy handler\n"));
goto err;
}
if (semanage_begin_transaction(pt->sh) < 0) {
rpmlog(RPMLOG_ERR, _("Failed to begin policy transaction: %s\n"),
errno ? strerror(errno) : "");
goto err;
}
semanage_set_reload(pt->sh, !rpmChrootDone());
}
return pt;
err:
if (pt->sh) {
if (semanage_is_connected(pt->sh)) {
semanage_disconnect(pt->sh);
}
semanage_handle_destroy(pt->sh);
}
free(pt);
return NULL;
}
/* Apply permanent boolean changes to policy via libsemanage */
static int semanage_set_boolean_list(size_t boolcnt,
SELboolean * boollist)
{
size_t j;
semanage_handle_t *handle = NULL;
semanage_bool_t *boolean = NULL;
semanage_bool_key_t *bool_key = NULL;
int managed;
handle = semanage_handle_create();
if (handle == NULL) {
fprintf(stderr, "Could not create semanage library handle\n");
goto err;
}
managed = semanage_is_managed(handle);
if (managed < 0) {
fprintf(stderr,
"Error when checking whether policy is managed\n");
goto err;
} else if (managed == 0) {
if (getuid() == 0) {
fprintf(stderr,
"Cannot set persistent booleans without managed policy.\n");
} else {
fprintf(stderr,
"Cannot set persistent booleans, please try as root.\n");
}
goto err;
}
if (semanage_connect(handle) < 0)
goto err;
if (semanage_begin_transaction(handle) < 0)
goto err;
for (j = 0; j < boolcnt; j++) {
if (semanage_bool_create(handle, &boolean) < 0)
goto err;
if (semanage_bool_set_name(handle, boolean, boollist[j].name) <
0)
goto err;
semanage_bool_set_value(boolean, boollist[j].value);
if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
goto err;
if (semanage_bool_modify_local(handle, bool_key,
boolean) < 0)
goto err;
if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
fprintf(stderr, "Could not change boolean %s\n",
boollist[j].name);
goto err;
}
semanage_bool_key_free(bool_key);
semanage_bool_free(boolean);
bool_key = NULL;
boolean = NULL;
}
semanage_set_reload(handle, reload);
if (semanage_commit(handle) < 0)
goto err;
semanage_disconnect(handle);
semanage_handle_destroy(handle);
return 0;
err:
semanage_bool_key_free(bool_key);
semanage_bool_free(boolean);
semanage_handle_destroy(handle);
fprintf(stderr, "Could not change policy booleans\n");
return -1;
}
