diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h index 349a50e2..e169279d 100644 --- a/libsemanage/include/semanage/modules.h +++ b/libsemanage/include/semanage/modules.h @@ -40,12 +40,10 @@ int semanage_module_install_base(semanage_handle_t *, char *module_data, size_t data_len); int semanage_module_install_base_file(semanage_handle_t *, const char *module_name); -int semanage_module_enable(semanage_handle_t *, char *module_name); -int semanage_module_disable(semanage_handle_t *, char *module_name); int semanage_module_remove(semanage_handle_t *, char *module_name); /* semanage_module_info is for getting information on installed - modules, only name and version, and enabled/disabled flag at this time */ + modules, only name and version at this time */ typedef struct semanage_module_info semanage_module_info_t; int semanage_module_list(semanage_handle_t *, @@ -55,6 +53,5 @@ semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list, int n); const char *semanage_module_get_name(semanage_module_info_t *); const char *semanage_module_get_version(semanage_module_info_t *); -int semanage_module_get_enabled(semanage_module_info_t *); #endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 8177a7ad..75980eaa 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -66,8 +66,6 @@ static int semanage_direct_upgrade_file(semanage_handle_t * sh, const char *modu static int semanage_direct_install_base(semanage_handle_t * sh, char *base_data, size_t data_len); static int semanage_direct_install_base_file(semanage_handle_t * sh, const char *module_name); -static int semanage_direct_enable(semanage_handle_t * sh, char *module_name); -static int semanage_direct_disable(semanage_handle_t * sh, char *module_name); static int semanage_direct_remove(semanage_handle_t * sh, char *module_name); static int semanage_direct_list(semanage_handle_t * sh, semanage_module_info_t ** modinfo, @@ -85,8 +83,6 @@ static struct semanage_policy_table direct_funcs = { .upgrade_file = semanage_direct_upgrade_file, .install_base = semanage_direct_install_base, .install_base_file = semanage_direct_install_base_file, - .enable = semanage_direct_enable, - .disable = semanage_direct_disable, .remove = semanage_direct_remove, .list = semanage_direct_list }; @@ -353,17 +349,10 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data, semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) { return -1; } - if (asprintf(filename, "%s/%s.pp%s", module_path, *module_name, DISABLESTR) == -1) { + if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) { ERR(sh, "Out of memory!"); return -1; } - - if (access(*filename, F_OK) == -1) { - char *ptr = *filename; - int len = strlen(ptr) - strlen(DISABLESTR); - if (len > 0) ptr[len]='\0'; - } - return 0; } @@ -1316,107 +1305,6 @@ static int semanage_direct_install_base_file(semanage_handle_t * sh, return retval; } -/* Enables a module from the sandbox. Returns 0 on success, -1 if out - * of memory, -2 if module not found or could not be enabled. */ -static int semanage_direct_enable(semanage_handle_t * sh, char *module_name) -{ - int i, retval = -1; - char **module_filenames = NULL; - int num_mod_files; - size_t name_len = strlen(module_name); - if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) == - -1) { - return -1; - } - for (i = 0; i < num_mod_files; i++) { - char *base = strrchr(module_filenames[i], '/'); - if (base == NULL) { - ERR(sh, "Could not read module names."); - retval = -2; - goto cleanup; - } - base++; - if (memcmp(module_name, base, name_len) == 0 && - strcmp(base + name_len + 3, DISABLESTR) == 0) { - int len = strlen(module_filenames[i]) - strlen(DISABLESTR); - char *enabled_name = calloc(1, len+1); - if (!enabled_name) { - ERR(sh, "Could not allocate memory"); - retval = -1; - goto cleanup; - } - - strncpy(enabled_name, module_filenames[i],len); - - if (rename(module_filenames[i], enabled_name) == -1) { - ERR(sh, "Could not enable module file %s.", - enabled_name); - retval = -2; - } - retval = 0; - free(enabled_name); - goto cleanup; - } - } - ERR(sh, "Module %s was not found.", module_name); - retval = -2; /* module not found */ - cleanup: - for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { - free(module_filenames[i]); - } - free(module_filenames); - return retval; -} - -/* Enables a module from the sandbox. Returns 0 on success, -1 if out - * of memory, -2 if module not found or could not be enabled. */ -static int semanage_direct_disable(semanage_handle_t * sh, char *module_name) -{ - int i, retval = -1; - char **module_filenames = NULL; - int num_mod_files; - size_t name_len = strlen(module_name); - if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) == - -1) { - return -1; - } - for (i = 0; i < num_mod_files; i++) { - char *base = strrchr(module_filenames[i], '/'); - if (base == NULL) { - ERR(sh, "Could not read module names."); - retval = -2; - goto cleanup; - } - base++; - if (memcmp(module_name, base, name_len) == 0 && - strcmp(base + name_len, ".pp") == 0) { - char disabled_name[PATH_MAX]; - if (snprintf(disabled_name, PATH_MAX, "%s%s", - module_filenames[i], DISABLESTR) == PATH_MAX) { - ERR(sh, "Could not disable module file %s.", - module_filenames[i]); - retval = -2; - goto cleanup; - } - if (rename(module_filenames[i], disabled_name) == -1) { - ERR(sh, "Could not disable module file %s.", - module_filenames[i]); - retval = -2; - } - retval = 0; - goto cleanup; - } - } - ERR(sh, "Module %s was not found.", module_name); - retval = -2; /* module not found */ - cleanup: - for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { - free(module_filenames[i]); - } - free(module_filenames); - return retval; -} - /* Removes a module from the sandbox. Returns 0 on success, -1 if out * of memory, -2 if module not found or could not be removed. */ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) @@ -1437,7 +1325,8 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) goto cleanup; } base++; - if (memcmp(module_name, base, name_len) == 0) { + if (memcmp(module_name, base, name_len) == 0 && + strcmp(base + name_len, ".pp") == 0) { if (unlink(module_filenames[i]) == -1) { ERR(sh, "Could not remove module file %s.", module_filenames[i]); @@ -1512,7 +1401,6 @@ static int semanage_direct_list(semanage_handle_t * sh, } ssize_t size; char *data = NULL; - int enabled = semanage_module_enabled(module_filenames[i]); if ((size = bunzip(sh, fp, &data)) > 0) { sepol_policy_file_set_mem(pf, data, size); @@ -1533,7 +1421,6 @@ static int semanage_direct_list(semanage_handle_t * sh, if (type == SEPOL_POLICY_MOD) { (*modinfo)[*num_modules].name = name; (*modinfo)[*num_modules].version = version; - (*modinfo)[*num_modules].enabled = enabled; (*num_modules)++; } else { /* file was not a module, so don't report it */ diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index 2827abec..c6622f36 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -6,13 +6,10 @@ LIBSEMANAGE_1.0 { semanage_module_install; semanage_module_install_file; semanage_module_upgrade; semanage_module_upgrade_file; semanage_module_install_base; semanage_module_install_base_file; - semanage_module_enable; - semanage_module_disable; semanage_module_remove; semanage_module_list; semanage_module_info_datum_destroy; semanage_module_list_nth; semanage_module_get_name; semanage_module_get_version; semanage_select_store; - semanage_module_get_enabled; semanage_reload_policy; semanage_set_reload; semanage_set_rebuild; semanage_set_root; semanage_user_*; semanage_bool_*; semanage_seuser_*; diff --git a/libsemanage/src/module_internal.h b/libsemanage/src/module_internal.h index 04f767b4..f074a3a8 100644 --- a/libsemanage/src/module_internal.h +++ b/libsemanage/src/module_internal.h @@ -6,7 +6,6 @@ hidden_proto(semanage_module_get_name) hidden_proto(semanage_module_get_version) - hidden_proto(semanage_module_get_enabled) hidden_proto(semanage_module_info_datum_destroy) hidden_proto(semanage_module_list_nth) #endif diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c index 6b2e6df0..d99ee5bb 100644 --- a/libsemanage/src/modules.c +++ b/libsemanage/src/modules.c @@ -154,40 +154,6 @@ int semanage_module_install_base_file(semanage_handle_t * sh, return sh->funcs->install_base_file(sh, module_name); } -int semanage_module_enable(semanage_handle_t * sh, char *module_name) -{ - if (sh->funcs->enable == NULL) { - ERR(sh, "No enable function defined for this connection type."); - return -1; - } else if (!sh->is_connected) { - ERR(sh, "Not connected."); - return -1; - } else if (!sh->is_in_transaction) { - if (semanage_begin_transaction(sh) < 0) { - return -1; - } - } - sh->modules_modified = 1; - return sh->funcs->enable(sh, module_name); -} - -int semanage_module_disable(semanage_handle_t * sh, char *module_name) -{ - if (sh->funcs->disable == NULL) { - ERR(sh, "No disable function defined for this connection type."); - return -1; - } else if (!sh->is_connected) { - ERR(sh, "Not connected."); - return -1; - } else if (!sh->is_in_transaction) { - if (semanage_begin_transaction(sh) < 0) { - return -1; - } - } - sh->modules_modified = 1; - return sh->funcs->disable(sh, module_name); -} - int semanage_module_remove(semanage_handle_t * sh, char *module_name) { if (sh->funcs->remove == NULL) { @@ -243,13 +209,6 @@ const char *semanage_module_get_name(semanage_module_info_t * modinfo) hidden_def(semanage_module_get_name) -int semanage_module_get_enabled(semanage_module_info_t * modinfo) -{ - return modinfo->enabled; -} - -hidden_def(semanage_module_get_enabled) - const char *semanage_module_get_version(semanage_module_info_t * modinfo) { return modinfo->version; diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h index 8d2e60cb..381b1083 100644 --- a/libsemanage/src/modules.h +++ b/libsemanage/src/modules.h @@ -26,7 +26,6 @@ struct semanage_module_info { char *name; /* Key */ char *version; - int enabled; }; #endif diff --git a/libsemanage/src/policy.h b/libsemanage/src/policy.h index 627b5261..ebefc022 100644 --- a/libsemanage/src/policy.h +++ b/libsemanage/src/policy.h @@ -58,12 +58,6 @@ struct semanage_policy_table { /* Upgrade a policy module */ int (*upgrade_file) (struct semanage_handle *, const char *); - /* Enable a policy module */ - int (*enable) (struct semanage_handle *, char *); - - /* Disable a policy module */ - int (*disable) (struct semanage_handle *, char *); - /* Remove a policy module */ int (*remove) (struct semanage_handle *, char *); diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 154df3d9..eb7648f3 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -57,8 +57,6 @@ typedef struct dbase_policydb dbase_t; #include "debug.h" -const char *DISABLESTR=".disabled"; - #define SEMANAGE_CONF_FILE "semanage.conf" /* relative path names to enum semanage_paths to special files and * directories for the module store */ @@ -437,21 +435,6 @@ static int semanage_filename_select(const struct dirent *d) return 1; } -int semanage_module_enabled(const char *file) { - int len = strlen(file) - strlen(DISABLESTR); - return (len < 0 || strcmp(&file[len], DISABLESTR) != 0); -} - -static int semanage_modulename_select(const struct dirent *d) -{ - if (d->d_name[0] == '.' - && (d->d_name[1] == '\0' - || (d->d_name[1] == '.' && d->d_name[2] == '\0'))) - return 0; - - return semanage_module_enabled(d->d_name); -} - /* Copies a file from src to dst. If dst already exists then * overwrite it. Returns 0 on success, -1 on error. */ static int semanage_copy_file(const char *src, const char *dst, mode_t mode) @@ -622,8 +605,15 @@ int semanage_make_sandbox(semanage_handle_t * sh) return -1; } -static int semanage_get_modules_names_filter(semanage_handle_t * sh, char ***filenames, - int *len, int (*filter)(const struct dirent *)) +/* Scans the modules directory for the current semanage handler. This + * might be the active directory or sandbox, depending upon if the + * handler has a transaction lock. Allocates and fills in *filenames + * with an array of module filenames; length of array is stored in + * *len. The caller is responsible for free()ing *filenames and its + * individual elements. Upon success returns 0, -1 on error. + */ +int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, + int *len) { const char *modules_path; struct dirent **namelist = NULL; @@ -638,7 +628,7 @@ static int semanage_get_modules_names_filter(semanage_handle_t * sh, char ***fil *filenames = NULL; *len = 0; if ((num_files = scandir(modules_path, &namelist, - filter, alphasort)) == -1) { + semanage_filename_select, alphasort)) == -1) { ERR(sh, "Error while scanning directory %s.", modules_path); goto cleanup; } @@ -679,34 +669,6 @@ static int semanage_get_modules_names_filter(semanage_handle_t * sh, char ***fil return retval; } -/* Scans the modules directory for the current semanage handler. This - * might be the active directory or sandbox, depending upon if the - * handler has a transaction lock. Allocates and fills in *filenames - * with an array of module filenames; length of array is stored in - * *len. The caller is responsible for free()ing *filenames and its - * individual elements. Upon success returns 0, -1 on error. - */ -int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, - int *len) -{ - return semanage_get_modules_names_filter(sh, filenames, - len, semanage_filename_select); -} - -/* Scans the modules directory for the current semanage handler. This - * might be the active directory or sandbox, depending upon if the - * handler has a transaction lock. Allocates and fills in *filenames - * with an array of module filenames; length of array is stored in - * *len. The caller is responsible for free()ing *filenames and its - * individual elements. Upon success returns 0, -1 on error. - */ -int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames, - int *len) -{ - return semanage_get_modules_names_filter(sh, filenames, - len, semanage_modulename_select); -} - /******************* routines that run external programs *******************/ /* Appends a single character to a string. Returns a pointer to the @@ -1633,7 +1595,7 @@ int semanage_link_sandbox(semanage_handle_t * sh, } /* get list of modules and load them */ - if (semanage_get_active_modules_names(sh, &module_filenames, &num_modules) == + if (semanage_get_modules_names(sh, &module_filenames, &num_modules) == -1 || semanage_load_module(sh, base_filename, base) == -1) { goto cleanup; } diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h index 7476fb3c..58e2a6aa 100644 --- a/libsemanage/src/semanage_store.h +++ b/libsemanage/src/semanage_store.h @@ -129,6 +129,4 @@ int semanage_nc_sort(semanage_handle_t * sh, size_t buf_len, char **sorted_buf, size_t * sorted_buf_len); -extern const char *DISABLESTR; - #endif diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 index 2a91697a..fd8f3d54 100644 --- a/policycoreutils/semodule/semodule.8 +++ b/policycoreutils/semodule/semodule.8 @@ -35,15 +35,6 @@ upgrade an existing module package, or install if the module does not exist .B \-b,\-\-base=MODULE_PKG install/replace base module package .TP -.B \-d,\-\-disable=MODULE_NAME -disable existing module -.TP -.B \-e,\-\-enable=MODULE_NAME -enable existing module -.TP -.B \-p,\-\-path=ROOTPATH -use an alternate root path -.TP .B \-r,\-\-remove=MODULE_NAME remove existing module .TP diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index 6aa11818..a58e9da9 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -23,12 +23,12 @@ #include -enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M, +enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M, LIST_M, RELOAD }; /* list of modes in which one ought to commit afterwards */ static const int do_commit[] = { - 0, 1, 1, 1, 1, 1, 1, + 0, 1, 1, 1, 1, 0, 0 }; @@ -106,11 +106,9 @@ static void usage(char *progname) printf(" -R, --reload reload policy\n"); printf(" -B, --build build and reload policy\n"); printf(" -i,--install=MODULE_PKG install a new module\n"); - printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n"); + printf(" -u,--upgrade=MODULE_PKG upgrades or install module to a newer version\n"); printf(" -b,--base=MODULE_PKG install new base module\n"); - printf(" -e,--enable=MODULE_PKG enable existing module\n"); - printf(" -d,--disable=MODULE_PKG disable existing module\n"); - printf(" -r,--remove=MODULE_NAME remove existing module\n"); + printf(" -r,--remove=MODULE_NAME remove existing module\n"); printf (" -l,--list-modules display list of installed modules\n"); printf("Other options:\n"); @@ -158,8 +156,6 @@ static void parse_command_line(int argc, char **argv) {"install", required_argument, NULL, 'i'}, {"list-modules", 0, NULL, 'l'}, {"verbose", 0, NULL, 'v'}, - {"enable", required_argument, NULL, 'e'}, - {"disable", required_argument, NULL, 'd'}, {"remove", required_argument, NULL, 'r'}, {"upgrade", required_argument, NULL, 'u'}, {"reload", 0, NULL, 'R'}, @@ -176,7 +172,7 @@ static void parse_command_line(int argc, char **argv) no_reload = 0; create_store = 0; while ((i = - getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnNBDP", opts, + getopt_long(argc, argv, "p:s:b:hi:lvqr:u:RnNBDP", opts, NULL)) != -1) { switch (i) { case 'b': @@ -195,12 +191,6 @@ static void parse_command_line(int argc, char **argv) case 'v': verbose = 1; break; - case 'e': - set_mode(ENABLE_M, optarg); - break; - case 'd': - set_mode(DISABLE_M, optarg); - break; case 'r': set_mode(REMOVE_M, optarg); break; @@ -263,10 +253,6 @@ static void parse_command_line(int argc, char **argv) mode = UPGRADE_M; } else if (commands && commands[num_commands - 1].mode == REMOVE_M) { mode = REMOVE_M; - } else if (commands && commands[num_commands - 1].mode == ENABLE_M) { - mode = ENABLE_M; - } else if (commands && commands[num_commands - 1].mode == DISABLE_M) { - mode = DISABLE_M; } else { fprintf(stderr, "unknown additional arguments:\n"); while (optind < argc) @@ -385,30 +371,6 @@ int main(int argc, char *argv[]) semanage_module_install_base_file(sh, mode_arg); break; } - case ENABLE_M:{ - if (verbose) { - printf - ("Attempting to enable module '%s':\n", - mode_arg); - } - result = semanage_module_enable(sh, mode_arg); - if ( result == -2 ) { - continue; - } - break; - } - case DISABLE_M:{ - if (verbose) { - printf - ("Attempting to disable module '%s':\n", - mode_arg); - } - result = semanage_module_disable(sh, mode_arg); - if ( result == -2 ) { - continue; - } - break; - } case REMOVE_M:{ if (verbose) { printf @@ -439,12 +401,11 @@ int main(int argc, char *argv[]) semanage_module_info_t *m = semanage_module_list_nth (modinfo, j); - printf("%s\t%s\t%s\n", + printf("%s\t%s\n", semanage_module_get_name (m), semanage_module_get_version - (m), - (semanage_module_get_enabled(m) ? "" : "Disabled")); + (m)); semanage_module_info_datum_destroy (m); }