Navigation

← Previous Changeset
Next Changeset →

Changeset 654dcb897e49908a958dae55cf29793412c4b390

Timestamp:

03/06/10 16:56:24 (5 months ago)

Author:

Joshua Brindle <method@manicmethod.com>

Committer:

Joshua Brindle <method@manicmethod.com> 1267916184 -0500

Parent:

[660f70f4c4c169214da8ac670fbecfb37ce3d2d5]

Message:

Last attempt at upstreaming semodule_disable patch.

This patch allows you to disable/Enable policy modules.

It never seems to get upstreamed. :⁽

Signed-off-by: Joshua Brindle <method@manicmethod.com>

Files:

libsemanage/include/semanage/modules.h (modified) (2 diffs)
libsemanage/src/direct_api.c (modified) (7 diffs)
libsemanage/src/libsemanage.map (modified) (1 diff)
libsemanage/src/module_internal.h (modified) (1 diff)
libsemanage/src/modules.c (modified) (2 diffs)
libsemanage/src/modules.h (modified) (1 diff)
libsemanage/src/policy.h (modified) (1 diff)
libsemanage/src/semanage_store.c (modified) (6 diffs)
libsemanage/src/semanage_store.h (modified) (1 diff)
policycoreutils/semodule/semodule.8 (modified) (1 diff)
policycoreutils/semodule/semodule.c (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

libsemanage/include/semanage/modules.h

rdf77db4	r654dcb8
41	41	int semanage_module_install_base_file(semanage_handle_t *,
42	42	const char *module_name);
	43	int semanage_module_enable(semanage_handle_t , char module_name);
	44	int semanage_module_disable(semanage_handle_t , char module_name);
43	45	int semanage_module_remove(semanage_handle_t , char module_name);
44	46
45	47	/* semanage_module_info is for getting information on installed
46		modules, only name and version at this time */
	48	modules, only name and version, and enabled/disabled flag at this time */
47	49	typedef struct semanage_module_info semanage_module_info_t;
48	50
…	…
54	56	const char semanage_module_get_name(semanage_module_info_t );
55	57	const char semanage_module_get_version(semanage_module_info_t );
	58	int semanage_module_get_enabled(semanage_module_info_t *);
56	59
57	60	#endif

libsemanage/src/direct_api.c

rc8d100b	r654dcb8
67	67	size_t data_len);
68	68	static int semanage_direct_install_base_file(semanage_handle_t * sh, const char *module_name);
	69	static int semanage_direct_enable(semanage_handle_t * sh, char *module_name);
	70	static int semanage_direct_disable(semanage_handle_t * sh, char *module_name);
69	71	static int semanage_direct_remove(semanage_handle_t * sh, char *module_name);
70	72	static int semanage_direct_list(semanage_handle_t * sh,
…	…
84	86	.install_base = semanage_direct_install_base,
85	87	.install_base_file = semanage_direct_install_base_file,
	88	.enable = semanage_direct_enable,
	89	.disable = semanage_direct_disable,
86	90	.remove = semanage_direct_remove,
87	91	.list = semanage_direct_list
…	…
349	353	return -1;
350	354	}
351		if (asprintf(filename, "%s/%s.pp~~", module_path, *module_name~~) == -1) {
	355	if (asprintf(filename, "%s/%s.pp%s", module_path, *module_name, DISABLESTR) == -1) {
352	356	ERR(sh, "Out of memory!");
353	357	return -1;
354	358	}
	359
	360	if (access(*filename, F_OK) == -1) {
	361	char ptr = filename;
	362	int len = strlen(ptr) - strlen(DISABLESTR);
	363	if (len > 0) ptr[len]='\0';
	364	}
	365
355	366	return 0;
356	367	}
…	…
1274	1285	}
1275	1286
1276		/* ~~Remov~~es a module from the sandbox. Returns 0 on success, -1 if out
1277		* of memory, -2 if module not found or could not be ~~remov~~ed. */
1278		static int semanage_direct_~~remov~~e(semanage_handle_t * sh, char *module_name)
	1287	/* Enables a module from the sandbox. Returns 0 on success, -1 if out
	1288	* of memory, -2 if module not found or could not be enabled. */
	1289	static int semanage_direct_enable(semanage_handle_t * sh, char *module_name)
1279	1290	{
1280	1291	int i, retval = -1;
…	…
1295	1306	base++;
1296	1307	if (memcmp(module_name, base, name_len) == 0 &&
	1308	strcmp(base + name_len + 3, DISABLESTR) == 0) {
	1309	int len = strlen(module_filenames[i]) - strlen(DISABLESTR);
	1310	char *enabled_name = calloc(1, len+1);
	1311	if (!enabled_name) {
	1312	ERR(sh, "Could not allocate memory");
	1313	retval = -1;
	1314	goto cleanup;
	1315	}
	1316
	1317	strncpy(enabled_name, module_filenames[i],len);
	1318
	1319	if (rename(module_filenames[i], enabled_name) == -1) {
	1320	ERR(sh, "Could not enable module file %s.",
	1321	enabled_name);
	1322	retval = -2;
	1323	}
	1324	retval = 0;
	1325	free(enabled_name);
	1326	goto cleanup;
	1327	}
	1328	}
	1329	ERR(sh, "Module %s was not found.", module_name);
	1330	retval = -2; /* module not found */
	1331	cleanup:
	1332	for (i = 0; module_filenames != NULL && i < num_mod_files; i++) {
	1333	free(module_filenames[i]);
	1334	}
	1335	free(module_filenames);
	1336	return retval;
	1337	}
	1338
	1339	/* Enables a module from the sandbox. Returns 0 on success, -1 if out
	1340	* of memory, -2 if module not found or could not be enabled. */
	1341	static int semanage_direct_disable(semanage_handle_t * sh, char *module_name)
	1342	{
	1343	int i, retval = -1;
	1344	char **module_filenames = NULL;
	1345	int num_mod_files;
	1346	size_t name_len = strlen(module_name);
	1347	if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) ==
	1348	-1) {
	1349	return -1;
	1350	}
	1351	for (i = 0; i < num_mod_files; i++) {
	1352	char *base = strrchr(module_filenames[i], '/');
	1353	if (base == NULL) {
	1354	ERR(sh, "Could not read module names.");
	1355	retval = -2;
	1356	goto cleanup;
	1357	}
	1358	base++;
	1359	if (memcmp(module_name, base, name_len) == 0 &&
1297	1360	strcmp(base + name_len, ".pp") == 0) {
	1361	char disabled_name[PATH_MAX];
	1362	if (snprintf(disabled_name, PATH_MAX, "%s%s",
	1363	module_filenames[i], DISABLESTR) == PATH_MAX) {
	1364	ERR(sh, "Could not disable module file %s.",
	1365	module_filenames[i]);
	1366	retval = -2;
	1367	goto cleanup;
	1368	}
	1369	if (rename(module_filenames[i], disabled_name) == -1) {
	1370	ERR(sh, "Could not disable module file %s.",
	1371	module_filenames[i]);
	1372	retval = -2;
	1373	}
	1374	retval = 0;
	1375	goto cleanup;
	1376	}
	1377	}
	1378	ERR(sh, "Module %s was not found.", module_name);
	1379	retval = -2; /* module not found */
	1380	cleanup:
	1381	for (i = 0; module_filenames != NULL && i < num_mod_files; i++) {
	1382	free(module_filenames[i]);
	1383	}
	1384	free(module_filenames);
	1385	return retval;
	1386	}
	1387
	1388	/* Removes a module from the sandbox. Returns 0 on success, -1 if out
	1389	* of memory, -2 if module not found or could not be removed. */
	1390	static int semanage_direct_remove(semanage_handle_t * sh, char *module_name)
	1391	{
	1392	int i, retval = -1;
	1393	char **module_filenames = NULL;
	1394	int num_mod_files;
	1395	size_t name_len = strlen(module_name);
	1396	if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) ==
	1397	-1) {
	1398	return -1;
	1399	}
	1400	for (i = 0; i < num_mod_files; i++) {
	1401	char *base = strrchr(module_filenames[i], '/');
	1402	if (base == NULL) {
	1403	ERR(sh, "Could not read module names.");
	1404	retval = -2;
	1405	goto cleanup;
	1406	}
	1407	base++;
	1408	if (memcmp(module_name, base, name_len) == 0) {
1298	1409	if (unlink(module_filenames[i]) == -1) {
1299	1410	ERR(sh, "Could not remove module file %s.",
…	…
1370	1481	ssize_t size;
1371	1482	char *data = NULL;
	1483	int enabled = semanage_module_enabled(module_filenames[i]);
1372	1484
1373	1485	if ((size = bunzip(sh, fp, &data)) > 0) {
…	…
1390	1502	(modinfo)[num_modules].name = name;
1391	1503	(modinfo)[num_modules].version = version;
	1504	(modinfo)[num_modules].enabled = enabled;
1392	1505	(*num_modules)++;
1393	1506	} else {

libsemanage/src/libsemanage.map

rbd74c23	r654dcb8
7	7	semanage_module_upgrade; semanage_module_upgrade_file;
8	8	semanage_module_install_base; semanage_module_install_base_file;
	9	semanage_module_enable;
	10	semanage_module_disable;
9	11	semanage_module_remove;
10	12	semanage_module_list; semanage_module_info_datum_destroy;
11	13	semanage_module_list_nth; semanage_module_get_name;
12	14	semanage_module_get_version; semanage_select_store;
	15	semanage_module_get_enabled;
13	16	semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
14	17	semanage_user_; semanage_bool_; semanage_seuser_*;

libsemanage/src/module_internal.h

r13cd4c8	r654dcb8
7	7	hidden_proto(semanage_module_get_name)
8	8	hidden_proto(semanage_module_get_version)
	9	hidden_proto(semanage_module_get_enabled)
9	10	hidden_proto(semanage_module_info_datum_destroy)
10	11	hidden_proto(semanage_module_list_nth)

libsemanage/src/modules.c

rc282c40	r654dcb8
155	155	}
156	156
	157	int semanage_module_enable(semanage_handle_t * sh, char *module_name)
	158	{
	159	if (sh->funcs->enable == NULL) {
	160	ERR(sh, "No enable function defined for this connection type.");
	161	return -1;
	162	} else if (!sh->is_connected) {
	163	ERR(sh, "Not connected.");
	164	return -1;
	165	} else if (!sh->is_in_transaction) {
	166	if (semanage_begin_transaction(sh) < 0) {
	167	return -1;
	168	}
	169	}
	170	sh->modules_modified = 1;
	171	return sh->funcs->enable(sh, module_name);
	172	}
	173
	174	int semanage_module_disable(semanage_handle_t * sh, char *module_name)
	175	{
	176	if (sh->funcs->disable == NULL) {
	177	ERR(sh, "No disable function defined for this connection type.");
	178	return -1;
	179	} else if (!sh->is_connected) {
	180	ERR(sh, "Not connected.");
	181	return -1;
	182	} else if (!sh->is_in_transaction) {
	183	if (semanage_begin_transaction(sh) < 0) {
	184	return -1;
	185	}
	186	}
	187	sh->modules_modified = 1;
	188	return sh->funcs->disable(sh, module_name);
	189	}
	190
157	191	int semanage_module_remove(semanage_handle_t * sh, char *module_name)
158	192	{
…	…
210	244	hidden_def(semanage_module_get_name)
211	245
	246	int semanage_module_get_enabled(semanage_module_info_t * modinfo)
	247	{
	248	return modinfo->enabled;
	249	}
	250
	251	hidden_def(semanage_module_get_enabled)
	252
212	253	const char semanage_module_get_version(semanage_module_info_t modinfo)
213	254	{

libsemanage/src/modules.h

r13cd4c8 r654dcb8

27 27 char *name; /* Key */
28 28 char *version;
29 int enabled;
29 30 };
30 31

libsemanage/src/policy.h

rdf77db4	r654dcb8
59	59	int (upgrade_file) (struct semanage_handle , const char *);
60	60
	61	/* Enable a policy module */
	62	int (enable) (struct semanage_handle , char *);
	63
	64	/* Disable a policy module */
	65	int (disable) (struct semanage_handle , char *);
	66
61	67	/* Remove a policy module */
62	68	int (remove) (struct semanage_handle , char *);

libsemanage/src/semanage_store.c

r0b2f9ef	r654dcb8
57	57
58	58	#include "debug.h"
	59
	60	const char *DISABLESTR=".disabled";
59	61
60	62	#define SEMANAGE_CONF_FILE "semanage.conf"
…	…
434	436	}
435	437
	438	int semanage_module_enabled(const char *file) {
	439	int len = strlen(file) - strlen(DISABLESTR);
	440	return (len < 0 \|\| strcmp(&file[len], DISABLESTR) != 0);
	441	}
	442
	443	static int semanage_modulename_select(const struct dirent *d)
	444	{
	445	if (d->d_name[0] == '.'
	446	&& (d->d_name[1] == '\0'
	447	\|\| (d->d_name[1] == '.' && d->d_name[2] == '\0')))
	448	return 0;
	449
	450	return semanage_module_enabled(d->d_name);
	451	}
	452
436	453	/* Copies a file from src to dst. If dst already exists then
437	454	* overwrite it. Returns 0 on success, -1 on error. */
…	…
600	617	}
601	618
602		/* Scans the modules directory for the current semanage handler. This
603		* might be the active directory or sandbox, depending upon if the
604		* handler has a transaction lock. Allocates and fills in *filenames
605		* with an array of module filenames; length of array is stored in
606		* len. The caller is responsible for free()ing filenames and its
607		* individual elements. Upon success returns 0, -1 on error.
608		*/
609		int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
610		int *len)
	619	static int semanage_get_modules_names_filter(semanage_handle_t * sh, char ***filenames,
	620	int len, int (filter)(const struct dirent *))
611	621	{
612	622	const char *modules_path;
…	…
623	633	*len = 0;
624	634	if ((num_files = scandir(modules_path, &namelist,
625		~~semanage_filename_select~~, alphasort)) == -1) {
	635	filter, alphasort)) == -1) {
626	636	ERR(sh, "Error while scanning directory %s.", modules_path);
627	637	goto cleanup;
…	…
662	672	free(namelist);
663	673	return retval;
	674	}
	675
	676	/* Scans the modules directory for the current semanage handler. This
	677	* might be the active directory or sandbox, depending upon if the
	678	* handler has a transaction lock. Allocates and fills in *filenames
	679	* with an array of module filenames; length of array is stored in
	680	* len. The caller is responsible for free()ing filenames and its
	681	* individual elements. Upon success returns 0, -1 on error.
	682	*/
	683	int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
	684	int *len)
	685	{
	686	return semanage_get_modules_names_filter(sh, filenames,
	687	len, semanage_filename_select);
	688	}
	689
	690	/* Scans the modules directory for the current semanage handler. This
	691	* might be the active directory or sandbox, depending upon if the
	692	* handler has a transaction lock. Allocates and fills in *filenames
	693	* with an array of module filenames; length of array is stored in
	694	* len. The caller is responsible for free()ing filenames and its
	695	* individual elements. Upon success returns 0, -1 on error.
	696	*/
	697	int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames,
	698	int *len)
	699	{
	700	return semanage_get_modules_names_filter(sh, filenames,
	701	len, semanage_modulename_select);
664	702	}
665	703
…	…
1586	1624
1587	1625	/* get list of modules and load them */
1588		if (semanage_get_modules_names(sh, &module_filenames, &num_modules) ==
	1626	if (semanage_get_active_modules_names(sh, &module_filenames, &num_modules) ==
1589	1627	-1 \|\| semanage_load_module(sh, base_filename, base) == -1) {
1590	1628	goto cleanup;

libsemanage/src/semanage_store.h

r200efad	r654dcb8
129	129	char *sorted_buf, size_t sorted_buf_len);
130	130
	131	extern const char *DISABLESTR;
	132
131	133	#endif

policycoreutils/semodule/semodule.8

rc282c40	r654dcb8
35	35	.B \-b,\-\-base=MODULE_PKG
36	36	install/replace base module package
	37	.TP
	38	.B \-d,\-\-disable=MODULE_NAME
	39	disable existing module
	40	.TP
	41	.B \-e,\-\-enable=MODULE_NAME
	42	enable existing module
37	43	.TP
38	44	.B \-r,\-\-remove=MODULE_NAME

policycoreutils/semodule/semodule.c

rc282c40	r654dcb8
23	23	#include <semanage/modules.h>
24	24
25		enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
	25	enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
26	26	LIST_M, RELOAD
27	27	};
28	28	/* list of modes in which one ought to commit afterwards */
29	29	static const int do_commit[] = {
30		0, 1, 1, 1, 1,
	30	0, 1, 1, 1, 1, 1, 1,
31	31	0, 0
32	32	};
…	…
105	105	printf(" -B, --build build and reload policy\n");
106	106	printf(" -i,--install=MODULE_PKG install a new module\n");
107		printf(" -u,--upgrade=MODULE_PKG upgrade~~s or install module to a newer version~~\n");
	107	printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
108	108	printf(" -b,--base=MODULE_PKG install new base module\n");
109		printf(" -r,--remove=MODULE_NAME remove existing module\n");
	109	printf(" -e,--enable=MODULE_PKG enable existing module\n");
	110	printf(" -d,--disable=MODULE_PKG disable existing module\n");
	111	printf(" -r,--remove=MODULE_NAME remove existing module\n");
110	112	printf
111	113	(" -l,--list-modules display list of installed modules\n");
…	…
153	155	{"list-modules", 0, NULL, 'l'},
154	156	{"verbose", 0, NULL, 'v'},
	157	{"enable", required_argument, NULL, 'e'},
	158	{"disable", required_argument, NULL, 'd'},
155	159	{"remove", required_argument, NULL, 'r'},
156	160	{"upgrade", required_argument, NULL, 'u'},
…	…
167	171	create_store = 0;
168	172	while ((i =
169		getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
	173	getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
170	174	NULL)) != -1) {
171	175	switch (i) {
…	…
185	189	case 'v':
186	190	verbose = 1;
	191	break;
	192	case 'e':
	193	set_mode(ENABLE_M, optarg);
	194	break;
	195	case 'd':
	196	set_mode(DISABLE_M, optarg);
187	197	break;
188	198	case 'r':
…	…
239	249	} else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
240	250	mode = REMOVE_M;
	251	} else if (commands && commands[num_commands - 1].mode == ENABLE_M) {
	252	mode = ENABLE_M;
	253	} else if (commands && commands[num_commands - 1].mode == DISABLE_M) {
	254	mode = DISABLE_M;
241	255	} else {
242	256	fprintf(stderr, "unknown additional arguments:\n");
…	…
351	365	result =
352	366	semanage_module_install_base_file(sh, mode_arg);
	367	break;
	368	}
	369	case ENABLE_M:{
	370	if (verbose) {
	371	printf
	372	("Attempting to enable module '%s':\n",
	373	mode_arg);
	374	}
	375	result = semanage_module_enable(sh, mode_arg);
	376	if ( result == -2 ) {
	377	continue;
	378	}
	379	break;
	380	}
	381	case DISABLE_M:{
	382	if (verbose) {
	383	printf
	384	("Attempting to disable module '%s':\n",
	385	mode_arg);
	386	}
	387	result = semanage_module_disable(sh, mode_arg);
	388	if ( result == -2 ) {
	389	continue;
	390	}
353	391	break;
354	392	}
…	…
383	421	semanage_module_list_nth
384	422	(modinfo, j);
385		printf("%s\t%s\n",
	423	printf("%s\t%s\t%s\n",
386	424	semanage_module_get_name
387	425	(m),
388	426	semanage_module_get_version
389		(m));
	427	(m),
	428	(semanage_module_get_enabled(m) ? "" : "Disabled"));
390	429	semanage_module_info_datum_destroy
391	430	(m);

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.

r13cd4c8	r654dcb8
27	27	char name; / Key */
28	28	char *version;
	29	int enabled;
29	30	};
30	31