root/libsemanage/example/test_fcontext.c

Revision e319cd8538dca80c4a6f9ad2669b14e02f255853, 1.8 kB (checked in by Joshua Brindle <method@manicmethod.com>, 5 years ago)

Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: libsemage patch to not compile modules for seusers and fcontext
Date: Wed, 10 Sep 2008 10:30:08 -0400

Hash: SHA1

Ivan Gyurdiev wrote:


I'm a little unclear on what this is doing - can you clarify?

This is clearing the existing seusers.final file, otherwise delete was
not working.

I think the previous code was doing more - it was merging the local file
with the shipped base package file, like this:

data = extract_file_from_policy_package( )
write_file ( "seusers.final", data )
if ( data != null ) {
seusers.clear_cache() // thereby forcing reload from
seusers.final when cache() is called again (in merge_components)
} else {
seusers.clear()
}

It's also doing this three times (once for fcontexts, once for seusers,
once for seusers_extra).
The problem is that you're skipping the link_sandbox call, which builds
the base package, containing this information.

Ivan


Ok I found some problems with the previous patch and did some code
reuse. I added a function that only read base.pp in order to handle the

base user_extra and seusers problem.

Signed-off-by: Joshua Brindle <method@manicmethod.com>

  • Property mode set to 100644
Line 
1 #include <semanage/fcontext_record.h>
2 #include <semanage/semanage.h>
3 #include <semanage/fcontexts_local.h>
4 #include <sepol/sepol.h>
5
6 #include <errno.h>
7 #include <stdio.h>
8 #include <stdlib.h>
9
10 int main(const int argc, const char **argv) {
11         semanage_handle_t *sh = NULL;
12         semanage_fcontext_t *fcontext;
13         semanage_context_t *con;
14         semanage_fcontext_key_t *k;
15
16         int exist = 0;
17         sh = semanage_handle_create();
18         if (sh == NULL) {
19                 perror("Can't create semanage handle\n");
20                 return -1;
21         }
22         if (semanage_access_check(sh) < 0) {
23                 perror("Semanage access check failed\n");
24                 return -1;
25         }
26         if (semanage_connect(sh) < 0) {
27                 perror("Semanage connect failed\n");
28                 return -1;
29         }
30
31         if (semanage_fcontext_key_create(sh, argv[2], SEMANAGE_FCONTEXT_REG, &k) < 0) {
32                 fprintf(stderr, "Could not create key for %s", argv[2]);
33                 return -1;
34         }
35
36         if(semanage_fcontext_exists(sh, k, &exist) < 0) {
37                 fprintf(stderr,"Could not check if key exists for %s", argv[2]);
38                 return -1;
39         }
40         if (exist) {
41                 fprintf(stderr,"Could create %s mapping already exists", argv[2]);
42                 return -1;
43         }
44
45         if (semanage_fcontext_create(sh, &fcontext) < 0) {
46                 fprintf(stderr,"Could not create file context for %s", argv[2]);
47                 return -1;
48         }
49         semanage_fcontext_set_expr(sh, fcontext, argv[2]);
50
51         if (semanage_context_from_string(sh, argv[1], &con)) {
52                 fprintf(stderr,"Could not create context using %s for file context %s", argv[1], argv[2]);
53                 return -1;
54         }
55
56         if (semanage_fcontext_set_con(sh, fcontext, con) < 0) {
57                 fprintf(stderr,"Could not set file context for %s", argv[2]);
58                 return -1;
59         }
60
61         semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_REG);
62
63         if(semanage_fcontext_modify_local(sh, k, fcontext) < 0) {
64                 fprintf(stderr,"Could not add file context for %s", argv[2]);
65                 return -1;
66         }
67         semanage_fcontext_key_free(k);
68         semanage_fcontext_free(fcontext);
69
70         return 0;
71 }
72
Note: See TracBrowser for help on using the browser.