libsemanage: add back support for semange_set_root using the new source policy infrastructure

Removed in commits:
- Revert "libsemanage: introduce semanage_set_root and friends"
- Revert "libsemanage: Alternate path for semanage.conf"
- Revert "libsemanage: Use default semanage.conf as a fallback"

Signed-off-by: Steve Lawrence <slawrence@tresys.com>

libsemanage/include/semanage/handle.h

@@ -134,6 +134,12 @@ int semanage_is_connected(semanage_handle_t * sh);
 /* returns 1 if policy is MLS, 0 otherwise. */
 int semanage_mls_enabled(semanage_handle_t *sh);
 
+/* Change to alternate semanage root path */
+int semanage_set_root(const char *path);
+
+/* Get the current semanage root path */
+const char * semanage_root(void);
+
 /* Get whether or not needless unused branch of tunables would be preserved */
 int semanage_get_preserve_tunables(semanage_handle_t * handle);
 

libsemanage/man/man3/semanage_set_root.3

@@ -0,0 +1,25 @@
+.TH semanage_set_root 3 "1 June 2011" "dwalsh@redhat.com" "Libsemanage API documentation"
+
+.SH "NAME"
+semanage_set_root, semanage_root \- SELinux Management API
+
+.SH "SYNOPSIS"
+Set/get the alternate root directory for SELinux configuration directory.
+
+.B	#include <semanage/handle.h>
+
+.B	extern int semanage_set_root(const char *path);
+
+.B	extern const char *semanage_root(void);
+
+.SH "DESCRIPTION"
+.TP
+The function semanage_set_root() sets an alternate root directory for SELinux configuration paths to be used by the semanage library.
+
+.SH "RETURN VALUE"
+The function semanage_set_root() returns \-1 in case of failure. Otherwise, 0 is returned.
+
+The function semanage_root() returns the semanage root. The returned value should not be modified by the caller.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "

libsemanage/man/man5/semanage.conf.5

@@ -27,6 +27,10 @@ If the argument does not begin with a "/" (as in "foo.com:4242"), it should be i
 to be used through a TCP connection (default port is 4242 unless a different one is specified after the server name using the colon to separate
 the two fields).
 
+.TP
+.B root
+Specify an alternative root path to use for the store. The default is "/"
+
 .TP
 .B policy-version 
 When generating the policy, by default

libsemanage/src/handle.c

@@ -38,10 +38,29 @@
 
 #define SEMANAGE_COMMIT_READ_WAIT 5
 
+static char *private_semanage_root = NULL;
+
+int semanage_set_root(const char *root)
+{
+	free(private_semanage_root);
+	private_semanage_root = strdup(root);
+	return 0;
+}
+
+hidden_def(semanage_set_root);
+
+const char * semanage_root(void)
+{
+	if (private_semanage_root == NULL) {
+		return "";
+	}
+	return private_semanage_root;
+}
+
 semanage_handle_t *semanage_handle_create(void)
 {
 	semanage_handle_t *sh = NULL;
-	const char *conf_name = NULL;
+	char *conf_name = NULL;
 
 	/* Allocate handle */
 	if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
@@ -82,9 +101,12 @@ semanage_handle_t *semanage_handle_create(void)
 	sh->msg_callback = semanage_msg_default_handler;
 	sh->msg_callback_arg = NULL;
 
+	free(conf_name);
+
 	return sh;
 
       err:
+	free(conf_name);
 	semanage_handle_destroy(sh);
 	return NULL;
 }

libsemanage/src/handle_internal.h

@@ -8,4 +8,5 @@ hidden_proto(semanage_begin_transaction)
     hidden_proto(semanage_handle_destroy)
     hidden_proto(semanage_reload_policy)
     hidden_proto(semanage_access_check)
+    hidden_proto(semanage_set_root)
 #endif

libsemanage/src/libsemanage.map

@@ -14,6 +14,8 @@ LIBSEMANAGE_1.0 {
 	  semanage_module_get_version; semanage_select_store;
 	  semanage_module_get_enabled;
 	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+	  semanage_set_root;
+	  semanage_root;
 	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
 	  semanage_iface_*; semanage_port_*; semanage_context_*;
 	  semanage_node_*;

libsemanage/src/semanage_store.c

@@ -75,7 +75,6 @@ enum semanage_file_defs {
 
 static char *semanage_paths[SEMANAGE_NUM_STORES][SEMANAGE_STORE_NUM_PATHS];
 static char *semanage_files[SEMANAGE_NUM_FILES] = { NULL };
-static char *semanage_conf;
 static int semanage_paths_initialized = 0;
 
 /* These are paths relative to the bottom of the module store */
@@ -173,13 +172,6 @@ static int semanage_init_paths(const char *root)
 			semanage_relative_files[i]);
 	}
 
-	len = strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE);
-	semanage_conf = calloc(len + 1, sizeof(char));
-	if (!semanage_conf)
-		return -1;
-	snprintf(semanage_conf, len + 1, "%s%s", selinux_path(),
-		 SEMANAGE_CONF_FILE);
-
 	return 0;
 }
 
@@ -225,7 +217,8 @@ static int semanage_init_final(semanage_handle_t *sh, const char *prefix)
 	size_t store_len = strlen(store_path);
 
 	/* SEMANAGE_FINAL_TMP */
-	len = strlen(prefix) +
+	len = strlen(semanage_root()) +
+	      strlen(prefix) +
 	      strlen("/") +
 	      strlen(semanage_final_prefix[SEMANAGE_FINAL_TMP]) +
 	      store_len;
@@ -236,14 +229,16 @@ static int semanage_init_final(semanage_handle_t *sh, const char *prefix)
 	}
 
 	sprintf(semanage_final[SEMANAGE_FINAL_TMP],
-		"%s%s/%s",
+		"%s%s%s/%s",
+		semanage_root(),
 		prefix,
 		semanage_final_prefix[SEMANAGE_FINAL_TMP],
 		store_path);
 
 	/* SEMANAGE_FINAL_SELINUX */
 	const char *selinux_root = selinux_path();
-	len = strlen(selinux_root) +
+	len = strlen(semanage_root()) +
+	      strlen(selinux_root) +
 	      strlen(semanage_final_prefix[SEMANAGE_FINAL_SELINUX]) +
 	      store_len;
 	semanage_final[SEMANAGE_FINAL_SELINUX] = malloc(len + 1);
@@ -253,7 +248,8 @@ static int semanage_init_final(semanage_handle_t *sh, const char *prefix)
 	}
 
 	sprintf(semanage_final[SEMANAGE_FINAL_SELINUX],
-		"%s%s%s",
+		"%s%s%s%s",
+		semanage_root(),
 		selinux_root,
 		semanage_final_prefix[SEMANAGE_FINAL_SELINUX],
 		store_path);
@@ -409,7 +405,8 @@ int semanage_check_init(semanage_handle_t *sh, const char *prefix)
 
 		rc = snprintf(root,
 			      sizeof(root),
-			      "%s/%s",
+			      "%s%s/%s",
+			      semanage_root(),
 			      prefix,
 			      sh->conf->store_path);
 		if (rc < 0 || rc >= (int)sizeof(root))
@@ -483,15 +480,29 @@ const char *semanage_store_root_path(void)
 }
 
 /* Return a fully-qualified path + filename to the semanage
- * configuration file.  The caller must not alter the string returned
- * (and hence why this function return type is const).
+ * configuration file. If semanage.conf file in the semanage
+ * root is cannot be read, use the default semanage.conf as a
+ * fallback.
  *
- * This is going to be hard coded to /etc/selinux/semanage.conf for
- * the time being. FIXME
+ * The caller is responsible for freeing the returned string.
  */
-const char *semanage_conf_path(void)
+char *semanage_conf_path(void)
 {
-	return "/etc/selinux/semanage.conf";
+	char *semanage_conf = NULL;
+	int len;
+
+	len = strlen(semanage_root()) + strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE);
+	semanage_conf = calloc(len + 1, sizeof(char));
+	if (!semanage_conf)
+		return NULL;
+	snprintf(semanage_conf, len + 1, "%s%s%s", semanage_root(), selinux_path(),
+		 SEMANAGE_CONF_FILE);
+
+	if (access(semanage_conf, R_OK) != 0) {
+		snprintf(semanage_conf, len + 1, "%s%s", selinux_path(), SEMANAGE_CONF_FILE);
+	}
+
+	return semanage_conf;
 }
 
 /* Locates the highest priority enabled base module
@@ -973,7 +984,8 @@ int semanage_make_final(semanage_handle_t *sh)
 	/* Create tmp dir if it does not exist. */
 	ret = snprintf(fn,
 		       sizeof(fn),
-		       "%s%s",
+		       "%s%s%s",
+		       semanage_root(),
 		       semanage_store_root_path(),
 		       semanage_final_prefix[SEMANAGE_FINAL_TMP]);
 	if (ret < 0 || ret >= (int)sizeof(fn)) {

libsemanage/src/semanage_store.h

@@ -79,7 +79,7 @@ const char *semanage_store_root_path(void);
 /* FIXME: this needs to be made a module store specific init and the
  * global configuration moved to another file.
  */
-const char *semanage_conf_path(void);
+char *semanage_conf_path(void);
 
 int semanage_check_init(semanage_handle_t *sh, const char *prefix);