libsemanage: move the module store to /var/lib/selinux

This patch moves the module store from /etc/selinux/<store>/modules to /var/lib/selinux/<store>. This move will allow for the use of a read-only /etc/selinux. Currently that is not possible with semanage because of the lock files. A consequence of this move is that packagers of libsemanage should create the /var/lib/selinux directory. Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-12-23 18:25:50 -05:00 · 2009-12-23 18:25:50 -05:00 · aea047c769
commit aea047c769
parent 565ea9832e
3 changed files with 32 additions and 32 deletions
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@ -89,12 +89,7 @@ static struct semanage_policy_table direct_funcs = {

 int semanage_direct_is_managed(semanage_handle_t * sh)
 {
-	char polpath[PATH_MAX];
-
-	snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
-		 sh->conf->store_path);
-
-	if (semanage_check_init(polpath))
+	if (semanage_check_init(sh, semanage_store_root_path()))
 		goto err;

 	if (semanage_access_check(sh) < 0)
@ -111,13 +106,9 @@ int semanage_direct_is_managed(semanage_handle_t * sh)
 */
 int semanage_direct_connect(semanage_handle_t * sh)
 {
-	char polpath[PATH_MAX];
 	const char *path;

-	snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
-		 sh->conf->store_path);
-
-	if (semanage_check_init(polpath))
+	if (semanage_check_init(sh, semanage_store_root_path()))
 		goto err;

 	if (sh->create_store)
@ -1444,12 +1435,7 @@ static int semanage_direct_list(semanage_handle_t * sh,

 int semanage_direct_access_check(semanage_handle_t * sh)
 {
-	char polpath[PATH_MAX];
-
-	snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
-		 sh->conf->store_path);
-
-	if (semanage_check_init(polpath))
+	if (semanage_check_init(sh, semanage_store_root_path()))
 		return -1;

 	return semanage_store_access_check();
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@ -3,8 +3,9 @@
 *	    Jason Tang <jtang@tresys.com>
 *          Christopher Ashworth <cashworth@tresys.com>
 *          Chris PeBenito <cpebenito@tresys.com>
+ *	    Caleb Case <ccase@tresys.com>
 *
- * Copyright (C) 2004-2006 Tresys Technology, LLC
+ * Copyright (C) 2004-2006,2009 Tresys Technology, LLC
 * Copyright (C) 2005 Red Hat, Inc.
 *
 *  This library is free software; you can redistribute it and/or
@ -88,8 +89,6 @@ static const char *semanage_store_paths[SEMANAGE_NUM_STORES] = {
 	"/tmp"
 };

-/* this is the module store path relative to selinux_policy_root() */
-#define SEMANAGE_MOD_DIR "/modules"
 /* relative path names to enum sandbox_paths for special files within
 * a sandbox */
 static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
@ -158,14 +157,14 @@ static int semanage_init_paths(const char *root)
 	if (!root)
 		return -1;

-	prefix_len = (strlen(root) + strlen(SEMANAGE_MOD_DIR));
+	prefix_len = strlen(root);

 	for (i = 0; i < SEMANAGE_NUM_FILES; i++) {
 		len = (strlen(semanage_relative_files[i]) + prefix_len);
 		semanage_files[i] = calloc(len + 1, sizeof(char));
 		if (!semanage_files[i])
 			return -1;
-		sprintf(semanage_files[i], "%s%s%s", root, SEMANAGE_MOD_DIR,
+		sprintf(semanage_files[i], "%s%s", root,
 			semanage_relative_files[i]);
 	}

@ -187,16 +186,11 @@ static int semanage_init_store_paths(const char *root)
 	int i, j;
 	size_t len;
 	size_t prefix_len;
-	char *prefix;

 	if (!root)
 		return -1;

-	prefix_len = (strlen(root) + strlen(SEMANAGE_MOD_DIR));
-	prefix = calloc(prefix_len + 1, sizeof(char));
-	if (!prefix)
-		return -1;
-	sprintf(prefix, "%s%s", root, SEMANAGE_MOD_DIR);
+	prefix_len = strlen(root);

 	for (i = 0; i < SEMANAGE_NUM_STORES; i++) {
 		for (j = 0; j < SEMANAGE_STORE_NUM_PATHS; j++) {
@ -205,14 +199,13 @@ static int semanage_init_store_paths(const char *root)
 			semanage_paths[i][j] = calloc(len + 1, sizeof(char));
 			if (!semanage_paths[i][j])
 				goto cleanup;
-			sprintf(semanage_paths[i][j], "%s%s%s", prefix,
+			sprintf(semanage_paths[i][j], "%s%s%s", root,
 				semanage_store_paths[i],
 				semanage_sandbox_paths[j]);
 		}
 	}

      cleanup:
-	free(prefix);
 	return 0;
 }

@ -224,16 +217,28 @@ static int semanage_init_store_paths(const char *root)
 *
 * Note that this function is NOT thread-safe.
 */
-int semanage_check_init(const char *root)
+int semanage_check_init(semanage_handle_t *sh, const char *prefix)
 {
 	int rc;
 	if (semanage_paths_initialized == 0) {
+		char root[PATH_MAX];
+
+		rc = snprintf(root,
+			      sizeof(root),
+			      "%s/%s",
+			      prefix,
+			      sh->conf->store_path);
+		if (rc < 0 || rc >= (int)sizeof(root))
+			return -1;
+
 		rc = semanage_init_paths(root);
 		if (rc)
 			return rc;
+
 		rc = semanage_init_store_paths(root);
 		if (rc)
 			return rc;
+
 		semanage_paths_initialized = 1;
 	}
 	return 0;
@ -260,6 +265,12 @@ const char *semanage_path(enum semanage_store_defs store,
 	return semanage_paths[store][path_name];
 }

+/* Return the root of the semanage store. */
+const char *semanage_store_root_path(void)
+{
+	return "/var/lib/selinux";
+}
+
 /* Return a fully-qualified path + filename to the semanage
 * configuration file.  The caller must not alter the string returned
 * (and hence why this function return type is const).
--- a/libsemanage/src/semanage_store.h
+++ b/libsemanage/src/semanage_store.h
@ -63,11 +63,14 @@ enum semanage_sandbox_defs {
 	SEMANAGE_STORE_NUM_PATHS
 };

+const char *semanage_store_root_path(void);
+
 /* FIXME: this needs to be made a module store specific init and the
 * global configuration moved to another file.
 */
 const char *semanage_conf_path(void);
-int semanage_check_init(const char *root);
+
+int semanage_check_init(semanage_handle_t *sh, const char *prefix);

 extern const char *semanage_fname(enum semanage_sandbox_defs file_enum);