Lines Matching full:sh
67 static void semanage_direct_destroy(semanage_handle_t * sh);
68 static int semanage_direct_disconnect(semanage_handle_t * sh);
69 static int semanage_direct_begintrans(semanage_handle_t * sh);
70 static int semanage_direct_commit(semanage_handle_t * sh);
71 static int semanage_direct_install(semanage_handle_t * sh, char *data,
73 static int semanage_direct_install_file(semanage_handle_t * sh, const char *module_name);
74 static int semanage_direct_extract(semanage_handle_t * sh,
80 static int semanage_direct_remove(semanage_handle_t * sh, char *module_name);
81 static int semanage_direct_list(semanage_handle_t * sh,
84 static int semanage_direct_get_enabled(semanage_handle_t *sh,
87 static int semanage_direct_set_enabled(semanage_handle_t *sh,
91 static int semanage_direct_get_module_info(semanage_handle_t *sh,
95 static int semanage_direct_list_all(semanage_handle_t *sh,
99 static int semanage_direct_install_info(semanage_handle_t *sh,
104 static int semanage_direct_remove_key(semanage_handle_t *sh,
126 int semanage_direct_is_managed(semanage_handle_t * sh) in semanage_direct_is_managed() argument
128 if (semanage_check_init(sh, sh->conf->store_root_path)) in semanage_direct_is_managed()
131 if (semanage_access_check(sh) < 0) in semanage_direct_is_managed()
137 ERR(sh, "could not check whether policy is managed"); in semanage_direct_is_managed()
143 int semanage_direct_connect(semanage_handle_t * sh) in semanage_direct_connect() argument
148 if (semanage_check_init(sh, sh->conf->store_root_path)) in semanage_direct_connect()
151 if (sh->create_store) in semanage_direct_connect()
152 if (semanage_create_store(sh, 1)) in semanage_direct_connect()
155 sh->u.direct.translock_file_fd = -1; in semanage_direct_connect()
156 sh->u.direct.activelock_file_fd = -1; in semanage_direct_connect()
159 sh->funcs = &direct_funcs; in semanage_direct_connect()
162 if (user_base_file_dbase_init(sh, in semanage_direct_connect()
167 semanage_user_base_dbase_local(sh)) < 0) in semanage_direct_connect()
170 if (user_extra_file_dbase_init(sh, in semanage_direct_connect()
175 semanage_user_extra_dbase_local(sh)) < 0) in semanage_direct_connect()
178 if (user_join_dbase_init(sh, in semanage_direct_connect()
179 semanage_user_base_dbase_local(sh), in semanage_direct_connect()
180 semanage_user_extra_dbase_local(sh), in semanage_direct_connect()
181 semanage_user_dbase_local(sh)) < 0) in semanage_direct_connect()
184 if (port_file_dbase_init(sh, in semanage_direct_connect()
189 semanage_port_dbase_local(sh)) < 0) in semanage_direct_connect()
192 if (iface_file_dbase_init(sh, in semanage_direct_connect()
197 semanage_iface_dbase_local(sh)) < 0) in semanage_direct_connect()
200 if (bool_file_dbase_init(sh, in semanage_direct_connect()
205 semanage_bool_dbase_local(sh)) < 0) in semanage_direct_connect()
208 if (fcontext_file_dbase_init(sh, in semanage_direct_connect()
211 semanage_fcontext_dbase_local(sh)) < 0) in semanage_direct_connect()
214 if (fcontext_file_dbase_init(sh, in semanage_direct_connect()
217 semanage_fcontext_dbase_homedirs(sh)) < 0) in semanage_direct_connect()
220 if (seuser_file_dbase_init(sh, in semanage_direct_connect()
225 semanage_seuser_dbase_local(sh)) < 0) in semanage_direct_connect()
228 if (node_file_dbase_init(sh, in semanage_direct_connect()
233 semanage_node_dbase_local(sh)) < 0) in semanage_direct_connect()
236 if (ibpkey_file_dbase_init(sh, in semanage_direct_connect()
241 semanage_ibpkey_dbase_local(sh)) < 0) in semanage_direct_connect()
244 if (ibendport_file_dbase_init(sh, in semanage_direct_connect()
249 semanage_ibendport_dbase_local(sh)) < 0) in semanage_direct_connect()
253 if (user_base_policydb_dbase_init(sh, in semanage_direct_connect()
254 semanage_user_base_dbase_policy(sh)) < in semanage_direct_connect()
258 if (user_extra_file_dbase_init(sh, in semanage_direct_connect()
263 semanage_user_extra_dbase_policy(sh)) < in semanage_direct_connect()
267 if (user_join_dbase_init(sh, in semanage_direct_connect()
268 semanage_user_base_dbase_policy(sh), in semanage_direct_connect()
269 semanage_user_extra_dbase_policy(sh), in semanage_direct_connect()
270 semanage_user_dbase_policy(sh)) < 0) in semanage_direct_connect()
273 if (port_policydb_dbase_init(sh, semanage_port_dbase_policy(sh)) < 0) in semanage_direct_connect()
276 if (ibpkey_policydb_dbase_init(sh, semanage_ibpkey_dbase_policy(sh)) < 0) in semanage_direct_connect()
279 if (ibendport_policydb_dbase_init(sh, semanage_ibendport_dbase_policy(sh)) < 0) in semanage_direct_connect()
282 if (iface_policydb_dbase_init(sh, semanage_iface_dbase_policy(sh)) < 0) in semanage_direct_connect()
285 if (bool_policydb_dbase_init(sh, semanage_bool_dbase_policy(sh)) < 0) in semanage_direct_connect()
288 if (fcontext_file_dbase_init(sh, in semanage_direct_connect()
291 semanage_fcontext_dbase_policy(sh)) < 0) in semanage_direct_connect()
294 if (seuser_file_dbase_init(sh, in semanage_direct_connect()
297 semanage_seuser_dbase_policy(sh)) < 0) in semanage_direct_connect()
300 if (node_policydb_dbase_init(sh, semanage_node_dbase_policy(sh)) < 0) in semanage_direct_connect()
304 if (bool_activedb_dbase_init(sh, semanage_bool_dbase_active(sh)) < 0) in semanage_direct_connect()
311 sepol_set_disable_dontaudit(sh->sepolh, 1); in semanage_direct_connect()
314 sepol_set_disable_dontaudit(sh->sepolh, 0); in semanage_direct_connect()
316 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_connect()
323 ERR(sh, "could not establish direct connection"); in semanage_direct_connect()
327 static void semanage_direct_destroy(semanage_handle_t * sh in semanage_direct_destroy() argument
333 static int semanage_remove_tmps(semanage_handle_t *sh) in semanage_remove_tmps() argument
335 if (sh->commit_err) in semanage_remove_tmps()
342 ERR(sh, "Could not cleanly remove sandbox %s.", in semanage_remove_tmps()
353 ERR(sh, "Could not cleanly remove tmp %s.", in semanage_remove_tmps()
363 static int semanage_direct_disconnect(semanage_handle_t *sh) in semanage_direct_disconnect() argument
368 if (sh->is_in_transaction) { in semanage_direct_disconnect()
369 retval = semanage_remove_tmps(sh); in semanage_direct_disconnect()
370 semanage_release_trans_lock(sh); in semanage_direct_disconnect()
374 user_base_file_dbase_release(semanage_user_base_dbase_local(sh)); in semanage_direct_disconnect()
375 user_extra_file_dbase_release(semanage_user_extra_dbase_local(sh)); in semanage_direct_disconnect()
376 user_join_dbase_release(semanage_user_dbase_local(sh)); in semanage_direct_disconnect()
377 port_file_dbase_release(semanage_port_dbase_local(sh)); in semanage_direct_disconnect()
378 ibpkey_file_dbase_release(semanage_ibpkey_dbase_local(sh)); in semanage_direct_disconnect()
379 ibendport_file_dbase_release(semanage_ibendport_dbase_local(sh)); in semanage_direct_disconnect()
380 iface_file_dbase_release(semanage_iface_dbase_local(sh)); in semanage_direct_disconnect()
381 bool_file_dbase_release(semanage_bool_dbase_local(sh)); in semanage_direct_disconnect()
382 fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh)); in semanage_direct_disconnect()
383 fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh)); in semanage_direct_disconnect()
384 seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); in semanage_direct_disconnect()
385 node_file_dbase_release(semanage_node_dbase_local(sh)); in semanage_direct_disconnect()
388 user_base_policydb_dbase_release(semanage_user_base_dbase_policy(sh)); in semanage_direct_disconnect()
389 user_extra_file_dbase_release(semanage_user_extra_dbase_policy(sh)); in semanage_direct_disconnect()
390 user_join_dbase_release(semanage_user_dbase_policy(sh)); in semanage_direct_disconnect()
391 port_policydb_dbase_release(semanage_port_dbase_policy(sh)); in semanage_direct_disconnect()
392 ibpkey_policydb_dbase_release(semanage_ibpkey_dbase_policy(sh)); in semanage_direct_disconnect()
393 ibendport_policydb_dbase_release(semanage_ibendport_dbase_policy(sh)); in semanage_direct_disconnect()
394 iface_policydb_dbase_release(semanage_iface_dbase_policy(sh)); in semanage_direct_disconnect()
395 bool_policydb_dbase_release(semanage_bool_dbase_policy(sh)); in semanage_direct_disconnect()
396 fcontext_file_dbase_release(semanage_fcontext_dbase_policy(sh)); in semanage_direct_disconnect()
397 seuser_file_dbase_release(semanage_seuser_dbase_policy(sh)); in semanage_direct_disconnect()
398 node_policydb_dbase_release(semanage_node_dbase_policy(sh)); in semanage_direct_disconnect()
401 bool_activedb_dbase_release(semanage_bool_dbase_active(sh)); in semanage_direct_disconnect()
406 static int semanage_direct_begintrans(semanage_handle_t * sh) in semanage_direct_begintrans() argument
408 if (semanage_get_trans_lock(sh) < 0) { in semanage_direct_begintrans()
411 if ((semanage_make_sandbox(sh)) < 0) { in semanage_direct_begintrans()
414 if ((semanage_make_final(sh)) < 0) { in semanage_direct_begintrans()
429 static int parse_module_headers(semanage_handle_t * sh, char *module_data, in parse_module_headers() argument
438 ERR(sh, "Out of memory!"); in parse_module_headers()
442 sepol_policy_file_set_handle(pf, sh->sepolh); in parse_module_headers()
453 static int write_file(semanage_handle_t * sh, in write_file() argument
461 ERR(sh, "Could not open %s for writing.", filename); in write_file()
465 ERR(sh, "Error while writing to %s.", filename); in write_file()
473 static int semanage_direct_update_user_extra(semanage_handle_t * sh, cil_db_t *cildb) in semanage_direct_update_user_extra() argument
480 dbase_config_t *pusers_extra = semanage_user_extra_dbase_policy(sh); in semanage_direct_update_user_extra()
499 retval = write_file(sh, ofilename, data, size); in semanage_direct_update_user_extra()
512 retval = write_file(sh, ofilename, data, size); in semanage_direct_update_user_extra()
519 retval = pusers_extra->dtable->clear(sh, pusers_extra->dbase); in semanage_direct_update_user_extra()
528 static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb) in semanage_direct_update_seuser() argument
535 dbase_config_t *pseusers = semanage_seuser_dbase_policy(sh); in semanage_direct_update_seuser()
554 retval = write_file(sh, ofilename, data, size); in semanage_direct_update_seuser()
567 retval = write_file(sh, ofilename, data, size); in semanage_direct_update_seuser()
573 retval = pseusers->dtable->clear(sh, pseusers->dbase); in semanage_direct_update_seuser()
582 static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int fd, char **out_dat… in read_from_pipe_to_data() argument
594 ERR(sh, "Failed to malloc, out of memory.\n"); in read_from_pipe_to_data()
604 ERR(sh, "Failed to realloc, out of memory.\n"); in read_from_pipe_to_data()
616 static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data, size_t in_data_len,… in semanage_pipe_data() argument
644 ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno)); in semanage_pipe_data()
649 ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno)); in semanage_pipe_data()
654 ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno)); in semanage_pipe_data()
660 ERR(sh, "Unable to fork from parent: %s.", strerror(errno)); in semanage_pipe_data()
666 ERR(sh, "Unable to dup2 input pipe: %s\n", strerror(errno)); in semanage_pipe_data()
671 ERR(sh, "Unable to dup2 output pipe: %s\n", strerror(errno)); in semanage_pipe_data()
676 ERR(sh, "Unable to dup2 error pipe: %s\n", strerror(errno)); in semanage_pipe_data()
682 ERR(sh, "Unable to close input pipe: %s\n", strerror(errno)); in semanage_pipe_data()
687 ERR(sh, "Unable to close output pipe: %s\n", strerror(errno)); in semanage_pipe_data()
692 ERR(sh, "Unable to close error pipe: %s\n", strerror(errno)); in semanage_pipe_data()
697 ERR(sh, "Unable to execute %s : %s\n", path, strerror(errno)); in semanage_pipe_data()
704 ERR(sh, "Unable to close read end of input pipe: %s\n", strerror(errno)); in semanage_pipe_data()
711 ERR(sh, "Unable to close write end of output pipe: %s\n", strerror(errno)); in semanage_pipe_data()
718 ERR(sh, "Unable to close write end of error pipe: %s\n", strerror(errno)); in semanage_pipe_data()
724 ERR(sh, "Failed to write data to input pipe: %s\n", strerror(errno)); in semanage_pipe_data()
730 ERR(sh, "Unable to close write end of input pipe: %s\n", strerror(errno)); in semanage_pipe_data()
735 …retval = read_from_pipe_to_data(sh, initial_len, output_fd[PIPE_READ], &data_read, &data_read_len); in semanage_pipe_data()
742 ERR(sh, "Unable to close read end of output pipe: %s\n", strerror(errno)); in semanage_pipe_data()
747 …retval = read_from_pipe_to_data(sh, initial_len, err_fd[PIPE_READ], &err_data_read, &err_data_read… in semanage_pipe_data()
754 ERR(sh, "Unable to close read end of error pipe: %s\n", strerror(errno)); in semanage_pipe_data()
759 ERR(sh, "Child process %s did not exit cleanly.", path); in semanage_pipe_data()
764 ERR(sh, "Child process %s failed with code: %d.", path, WEXITSTATUS(status)); in semanage_pipe_data()
807 static int semanage_direct_write_langext(semanage_handle_t *sh, in semanage_direct_write_langext() argument
815 ret = semanage_module_get_path(sh, in semanage_direct_write_langext()
826 ERR(sh, "Unable to open %s module ext file.", modinfo->name); in semanage_direct_write_langext()
832 ERR(sh, "Unable to write %s module ext file.", modinfo->name); in semanage_direct_write_langext()
838 ERR(sh, "Unable to close %s module ext file.", modinfo->name); in semanage_direct_write_langext()
874 static int semanage_compile_module(semanage_handle_t *sh, in semanage_compile_module() argument
894 status = semanage_get_hll_compiler_path(sh, modinfo->lang_ext, &compiler_path); in semanage_compile_module()
900 sh, in semanage_compile_module()
910 sh, in semanage_compile_module()
919 status = map_compressed_file(sh, hll_path, &hll_contents); in semanage_compile_module()
921 ERR(sh, "Unable to read file %s\n", hll_path); in semanage_compile_module()
925 status = semanage_pipe_data(sh, compiler_path, hll_contents.data, in semanage_compile_module()
952 status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); in semanage_compile_module()
954 ERR(sh, "Failed to write %s\n", cil_path); in semanage_compile_module()
958 if (sh->conf->remove_hll == 1) { in semanage_compile_module()
961 ERR(sh, "Error while removing HLL file %s: %s", hll_path, strerror(errno)); in semanage_compile_module()
965 status = semanage_direct_write_langext(sh, "cil", modinfo); in semanage_compile_module()
995 static int semanage_compile_hll_modules(semanage_handle_t *sh, in semanage_compile_hll_modules() argument
1011 assert(sh); in semanage_compile_hll_modules()
1028 sh, in semanage_compile_hll_modules()
1036 if (!semanage_get_ignore_module_cache(sh)) { in semanage_compile_hll_modules()
1039 status = map_compressed_file(sh, cil_path, &contents); in semanage_compile_hll_modules()
1041 ERR(sh, "Error mapping file: %s", cil_path); in semanage_compile_hll_modules()
1052 ERR(sh, "Unable to access %s: %s\n", cil_path, in semanage_compile_hll_modules()
1058 status = semanage_compile_module(sh, &modinfos[i], &context); in semanage_compile_hll_modules()
1068 static int semanage_compare_checksum(semanage_handle_t *sh, const char *reference) in semanage_compare_checksum() argument
1078 ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); in semanage_compare_checksum()
1086 ERR(sh, "Unable to stat %s\n", path); in semanage_compare_checksum()
1093 WARN(sh, "Module checksum invalid - forcing a rebuild\n"); in semanage_compare_checksum()
1100 ERR(sh, "Unable to mmap %s\n", path); in semanage_compare_checksum()
1112 static int semanage_write_modules_checksum(semanage_handle_t *sh, in semanage_write_modules_checksum() argument
1117 return write_file(sh, path, checksum, CHECKSUM_CONTENT_SIZE); in semanage_write_modules_checksum()
1143 static int semanage_direct_commit(semanage_handle_t * sh) in semanage_direct_commit() argument
1163 dbase_config_t *users = semanage_user_dbase_local(sh); in semanage_direct_commit()
1164 dbase_config_t *users_base = semanage_user_base_dbase_local(sh); in semanage_direct_commit()
1165 dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh); in semanage_direct_commit()
1166 dbase_config_t *pusers_extra = semanage_user_extra_dbase_policy(sh); in semanage_direct_commit()
1167 dbase_config_t *ports = semanage_port_dbase_local(sh); in semanage_direct_commit()
1168 dbase_config_t *pports = semanage_port_dbase_policy(sh); in semanage_direct_commit()
1169 dbase_config_t *ibpkeys = semanage_ibpkey_dbase_local(sh); in semanage_direct_commit()
1170 dbase_config_t *pibpkeys = semanage_ibpkey_dbase_policy(sh); in semanage_direct_commit()
1171 dbase_config_t *ibendports = semanage_ibendport_dbase_local(sh); in semanage_direct_commit()
1172 dbase_config_t *pibendports = semanage_ibendport_dbase_policy(sh); in semanage_direct_commit()
1173 dbase_config_t *bools = semanage_bool_dbase_local(sh); in semanage_direct_commit()
1174 dbase_config_t *pbools = semanage_bool_dbase_policy(sh); in semanage_direct_commit()
1175 dbase_config_t *ifaces = semanage_iface_dbase_local(sh); in semanage_direct_commit()
1176 dbase_config_t *pifaces = semanage_iface_dbase_policy(sh); in semanage_direct_commit()
1177 dbase_config_t *nodes = semanage_node_dbase_local(sh); in semanage_direct_commit()
1178 dbase_config_t *pnodes = semanage_node_dbase_policy(sh); in semanage_direct_commit()
1179 dbase_config_t *fcontexts = semanage_fcontext_dbase_local(sh); in semanage_direct_commit()
1180 dbase_config_t *pfcontexts = semanage_fcontext_dbase_policy(sh); in semanage_direct_commit()
1181 dbase_config_t *seusers = semanage_seuser_dbase_local(sh); in semanage_direct_commit()
1182 dbase_config_t *pseusers = semanage_seuser_dbase_policy(sh); in semanage_direct_commit()
1194 retval = users->dtable->flush(sh, users->dbase); in semanage_direct_commit()
1200 do_rebuild = sh->do_rebuild | sh->modules_modified; in semanage_direct_commit()
1205 do_rebuild |= !(sepol_get_disable_dontaudit(sh->sepolh) == 1); in semanage_direct_commit()
1208 do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1); in semanage_direct_commit()
1210 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_commit()
1214 if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { in semanage_direct_commit()
1219 ERR(sh, "Error attempting to create disable_dontaudit flag."); in semanage_direct_commit()
1223 ERR(sh, "Error attempting to create disable_dontaudit flag."); in semanage_direct_commit()
1228 ERR(sh, "Error removing the disable_dontaudit flag."); in semanage_direct_commit()
1236 do_rebuild |= !(sepol_get_preserve_tunables(sh->sepolh) == 1); in semanage_direct_commit()
1239 do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1); in semanage_direct_commit()
1241 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_commit()
1246 if (sepol_get_preserve_tunables(sh->sepolh) == 1) { in semanage_direct_commit()
1251 ERR(sh, "Error attempting to create preserve_tunable flag."); in semanage_direct_commit()
1255 ERR(sh, "Error attempting to create preserve_tunable flag."); in semanage_direct_commit()
1260 ERR(sh, "Error removing the preserve_tunables flag."); in semanage_direct_commit()
1277 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_commit()
1287 if (do_rebuild || sh->check_ext_changes) { in semanage_direct_commit()
1288 retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos); in semanage_direct_commit()
1299 .disable_dontaudit = sepol_get_disable_dontaudit(sh->sepolh), in semanage_direct_commit()
1300 .preserve_tunables = sepol_get_preserve_tunables(sh->sepolh), in semanage_direct_commit()
1301 .target_platform = sh->conf->target_platform, in semanage_direct_commit()
1302 .policyvers = sh->conf->policyvers, in semanage_direct_commit()
1304 retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, in semanage_direct_commit()
1307 ERR(sh, "Failed to compile hll files into cil files.\n"); in semanage_direct_commit()
1311 if (!do_rebuild && sh->check_ext_changes) { in semanage_direct_commit()
1312 retval = semanage_compare_checksum(sh, modules_checksum); in semanage_direct_commit()
1318 retval = semanage_write_modules_checksum(sh, modules_checksum); in semanage_direct_commit()
1320 ERR(sh, "Failed to write module checksum file.\n"); in semanage_direct_commit()
1332 retval = semanage_get_cil_paths(sh, modinfos, num_modinfos, &mod_filenames); in semanage_direct_commit()
1336 retval = semanage_verify_modules(sh, mod_filenames, num_modinfos); in semanage_direct_commit()
1342 disable_dontaudit = sepol_get_disable_dontaudit(sh->sepolh); in semanage_direct_commit()
1343 preserve_tunables = sepol_get_preserve_tunables(sh->sepolh); in semanage_direct_commit()
1345 cil_set_disable_neverallow(cildb, !(sh->conf->expand_check)); in semanage_direct_commit()
1347 cil_set_target_platform(cildb, sh->conf->target_platform); in semanage_direct_commit()
1348 cil_set_policy_version(cildb, sh->conf->policyvers); in semanage_direct_commit()
1350 if (sh->conf->handle_unknown != -1) { in semanage_direct_commit()
1351 cil_set_handle_unknown(cildb, sh->conf->handle_unknown); in semanage_direct_commit()
1354 retval = semanage_load_files(sh, cildb, mod_filenames, num_modinfos); in semanage_direct_commit()
1378 retval = write_file(sh, ofilename, fc_buffer, fc_buffer_len); in semanage_direct_commit()
1383 retval = semanage_split_fc(sh); in semanage_direct_commit()
1393 retval = semanage_direct_update_seuser(sh, cildb); in semanage_direct_commit()
1398 retval = semanage_direct_update_user_extra(sh, cildb); in semanage_direct_commit()
1405 if (sh->conf->optimize_policy) { in semanage_direct_commit()
1412 retval = semanage_write_policydb(sh, out, in semanage_direct_commit()
1422 retval = semanage_read_policydb(sh, out, SEMANAGE_LINKED); in semanage_direct_commit()
1437 pseusers->dtable->clear(sh, pseusers->dbase); in semanage_direct_commit()
1439 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_commit()
1455 pusers_extra->dtable->clear(sh, pusers_extra->dbase); in semanage_direct_commit()
1457 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_commit()
1474 do_write_kernel = do_rebuild | sh->check_ext_changes | in semanage_direct_commit()
1492 retval = semanage_base_merge_components(sh); in semanage_direct_commit()
1498 retval = semanage_write_policydb(sh, out, in semanage_direct_commit()
1504 retval = semanage_verify_kernel(sh); in semanage_direct_commit()
1516 retval = semanage_fcontext_validate_local(sh, out); in semanage_direct_commit()
1523 retval = semanage_seuser_validate_local(sh, out); in semanage_direct_commit()
1530 retval = semanage_port_validate_local(sh); in semanage_direct_commit()
1537 retval = semanage_ibpkey_validate_local(sh); in semanage_direct_commit()
1544 retval = semanage_ibendport_validate_local(sh); in semanage_direct_commit()
1551 retval = semanage_commit_components(sh); in semanage_direct_commit()
1557 sh->conf->file_mode, false); in semanage_direct_commit()
1564 sh->conf->file_mode); in semanage_direct_commit()
1571 sh->conf->file_mode); in semanage_direct_commit()
1578 sh->conf->file_mode); in semanage_direct_commit()
1585 if (!sh->conf->disable_genhomedircon) { in semanage_direct_commit()
1587 if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd, in semanage_direct_commit()
1588 sh->conf->ignoredirs)) != 0) { in semanage_direct_commit()
1589 ERR(sh, "semanage_genhomedircon returned error code %d.", retval); in semanage_direct_commit()
1596 sh->conf->file_mode, false); in semanage_direct_commit()
1602 WARN(sh, "WARNING: genhomedircon is disabled. \ in semanage_direct_commit()
1612 retval = semanage_install_sandbox(sh); in semanage_direct_commit()
1616 semanage_module_info_destroy(sh, &modinfos[i]); in semanage_direct_commit()
1643 sh->commit_err = retval; in semanage_direct_commit()
1645 if (semanage_remove_tmps(sh) != 0) in semanage_direct_commit()
1648 semanage_release_trans_lock(sh); in semanage_direct_commit()
1660 static int semanage_direct_install(semanage_handle_t * sh, in semanage_direct_install() argument
1668 ret = semanage_module_info_init(sh, &modinfo); in semanage_direct_install()
1674 ret = semanage_module_info_set_priority(sh, &modinfo, sh->priority); in semanage_direct_install()
1680 ret = semanage_module_info_set_name(sh, &modinfo, module_name); in semanage_direct_install()
1686 ret = semanage_module_info_set_lang_ext(sh, &modinfo, lang_ext); in semanage_direct_install()
1692 ret = semanage_module_info_set_enabled(sh, &modinfo, -1); in semanage_direct_install()
1698 status = semanage_direct_install_info(sh, &modinfo, data, data_len); in semanage_direct_install()
1702 semanage_module_info_destroy(sh, &modinfo); in semanage_direct_install()
1712 static int semanage_direct_install_file(semanage_handle_t * sh, in semanage_direct_install_file() argument
1725 retval = map_compressed_file(sh, install_filename, &contents); in semanage_direct_install_file()
1727 ERR(sh, "Unable to read file %s\n", install_filename); in semanage_direct_install_file()
1733 ERR(sh, "No memory available for strdup.\n"); in semanage_direct_install_file()
1743 ERR(sh, "Compressed module does not have a valid extension."); in semanage_direct_install_file()
1754 ERR(sh, "Module does not have a valid extension."); in semanage_direct_install_file()
1764 retval = parse_module_headers(sh, contents.data, contents.len, in semanage_direct_install_file()
1774 ERR(sh, "No memory available for module_name.\n"); in semanage_direct_install_file()
1782 retval = semanage_direct_install(sh, contents.data, contents.len, in semanage_direct_install_file()
1793 static int semanage_direct_extract(semanage_handle_t * sh, in semanage_direct_extract() argument
1810 sh, in semanage_direct_extract()
1820 ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno)); in semanage_direct_extract()
1825 rc = semanage_module_get_module_info(sh, in semanage_direct_extract()
1840 sh, in semanage_direct_extract()
1851 ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno)); in semanage_direct_extract()
1856 rc = semanage_compile_module(sh, _modinfo, NULL); in semanage_direct_extract()
1862 rc = map_compressed_file(sh, input_file, &contents); in semanage_direct_extract()
1864 ERR(sh, "Error mapping file: %s", input_file); in semanage_direct_extract()
1873 ERR(sh, "Unable to map memory"); in semanage_direct_extract()
1889 semanage_module_info_destroy(sh, _modinfo); in semanage_direct_extract()
1898 static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) in semanage_direct_remove() argument
1904 ret = semanage_module_key_init(sh, &modkey); in semanage_direct_remove()
1910 ret = semanage_module_key_set_priority(sh, &modkey, sh->priority); in semanage_direct_remove()
1916 ret = semanage_module_key_set_name(sh, &modkey, module_name); in semanage_direct_remove()
1922 status = semanage_direct_remove_key(sh, &modkey); in semanage_direct_remove()
1925 semanage_module_key_destroy(sh, &modkey); in semanage_direct_remove()
1936 static int semanage_direct_list(semanage_handle_t * sh, in semanage_direct_list() argument
1946 if (!sh->is_in_transaction) in semanage_direct_list()
1947 if (semanage_get_active_lock(sh) < 0) in semanage_direct_list()
1950 if (semanage_get_active_modules(sh, modinfo, num_modules) == -1) { in semanage_direct_list()
1955 retval = semanage_direct_get_serial(sh); in semanage_direct_list()
1959 retval = semanage_direct_get_serial(sh); in semanage_direct_list()
1964 semanage_module_info_destroy(sh, &(*modinfo[i])); in semanage_direct_list()
1971 if (!sh->is_in_transaction) { in semanage_direct_list()
1972 semanage_release_active_lock(sh); in semanage_direct_list()
1977 static int semanage_direct_get_enabled(semanage_handle_t *sh, in semanage_direct_get_enabled() argument
1981 assert(sh); in semanage_direct_get_enabled()
1994 sh, in semanage_direct_get_enabled()
2004 sh, in semanage_direct_get_enabled()
2016 ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); in semanage_direct_get_enabled()
2028 semanage_module_info_destroy(sh, modinfo); in semanage_direct_get_enabled()
2034 static int semanage_direct_set_enabled(semanage_handle_t *sh, in semanage_direct_set_enabled() argument
2038 assert(sh); in semanage_direct_set_enabled()
2051 if (!sh->is_in_transaction) { in semanage_direct_set_enabled()
2052 if (semanage_begin_transaction(sh) < 0) { in semanage_direct_set_enabled()
2062 ERR(sh, "Name %s is invalid.", modkey->name); in semanage_direct_set_enabled()
2071 ERR(sh, "Enabled status %d is invalid.", enabled); in semanage_direct_set_enabled()
2079 ret = semanage_mkdir(sh, path); in semanage_direct_set_enabled()
2087 sh, in semanage_direct_set_enabled()
2097 sh, in semanage_direct_set_enabled()
2114 ERR(sh, in semanage_direct_set_enabled()
2124 ERR(sh, in semanage_direct_set_enabled()
2135 ERR(sh, in semanage_direct_set_enabled()
2149 WARN(sh, in semanage_direct_set_enabled()
2156 semanage_module_info_destroy(sh, modinfo); in semanage_direct_set_enabled()
2163 int semanage_direct_access_check(semanage_handle_t * sh) in semanage_direct_access_check() argument
2165 if (semanage_check_init(sh, sh->conf->store_root_path)) in semanage_direct_access_check()
2171 int semanage_direct_mls_enabled(semanage_handle_t * sh) in semanage_direct_mls_enabled() argument
2180 retval = semanage_read_policydb(sh, p, SEMANAGE_STORE_KERNEL); in semanage_direct_mls_enabled()
2190 static int semanage_direct_get_module_info(semanage_handle_t *sh, in semanage_direct_get_module_info() argument
2194 assert(sh); in semanage_direct_get_module_info()
2217 ERR(sh, "Name %s is invalid.", modkey->name); in semanage_direct_get_module_info()
2224 ret = semanage_direct_list_all(sh, &modinfos, &modinfos_len); in semanage_direct_get_module_info()
2243 ret = semanage_module_info_create(sh, modinfo); in semanage_direct_get_module_info()
2249 ret = semanage_module_info_clone(sh, highest, *modinfo); in semanage_direct_get_module_info()
2262 ERR(sh, "Priority %d is invalid.", modkey->priority); in semanage_direct_get_module_info()
2268 ret = semanage_module_info_create(sh, modinfo); in semanage_direct_get_module_info()
2274 ret = semanage_module_info_set_priority(sh, *modinfo, modkey->priority); in semanage_direct_get_module_info()
2280 ret = semanage_module_info_set_name(sh, *modinfo, modkey->name); in semanage_direct_get_module_info()
2287 ret = semanage_module_get_path(sh, in semanage_direct_get_module_info()
2300 ERR(sh, in semanage_direct_get_module_info()
2309 ERR(sh, in semanage_direct_get_module_info()
2316 ret = semanage_module_info_set_lang_ext(sh, *modinfo, tmp); in semanage_direct_get_module_info()
2326 ERR(sh, in semanage_direct_get_module_info()
2336 ret = semanage_module_get_path(sh, in semanage_direct_get_module_info()
2349 ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno)); in semanage_direct_get_module_info()
2354 ret = semanage_module_info_set_enabled(sh, *modinfo, 1); in semanage_direct_get_module_info()
2361 ret = semanage_module_info_set_enabled(sh, *modinfo, 0); in semanage_direct_get_module_info()
2373 semanage_module_info_destroy(sh, &modinfos[i]); in semanage_direct_get_module_info()
2382 static int semanage_direct_set_module_info(semanage_handle_t *sh, in semanage_direct_set_module_info() argument
2394 ret = semanage_module_key_init(sh, &modkey); in semanage_direct_set_module_info()
2401 if (!sh->is_in_transaction) { in semanage_direct_set_module_info()
2402 if (semanage_begin_transaction(sh) < 0) { in semanage_direct_set_module_info()
2415 sh->modules_modified = 1; in semanage_direct_set_module_info()
2420 ret = semanage_mkdir(sh, path); in semanage_direct_set_module_info()
2427 ret = semanage_module_get_path(sh, in semanage_direct_set_module_info()
2437 ret = semanage_mkdir(sh, fn); in semanage_direct_set_module_info()
2444 ret = semanage_module_get_path(sh, in semanage_direct_set_module_info()
2454 ret = semanage_mkdir(sh, fn); in semanage_direct_set_module_info()
2461 ret = semanage_direct_write_langext(sh, modinfo->lang_ext, modinfo); in semanage_direct_set_module_info()
2472 ret = semanage_mkdir(sh, path); in semanage_direct_set_module_info()
2478 ret = semanage_module_get_path(sh, in semanage_direct_set_module_info()
2488 ret = semanage_module_key_set_name(sh, &modkey, modinfo->name); in semanage_direct_set_module_info()
2499 ret = semanage_module_get_module_info(sh, in semanage_direct_set_module_info()
2511 ret = semanage_module_set_enabled(sh, &modkey, enabled); in semanage_direct_set_module_info()
2518 semanage_module_key_destroy(sh, &modkey); in semanage_direct_set_module_info()
2520 semanage_module_info_destroy(sh, modinfo_tmp); in semanage_direct_set_module_info()
2541 static int semanage_direct_list_all(semanage_handle_t *sh, in semanage_direct_list_all() argument
2545 assert(sh); in semanage_direct_list_all()
2573 ret = semanage_module_info_init(sh, &modinfo); in semanage_direct_list_all()
2579 if (sh->is_in_transaction) { in semanage_direct_list_all()
2591 ERR(sh, "Error while scanning directory %s.", toplevel); in semanage_direct_list_all()
2608 ret = semanage_module_info_set_priority(sh, in semanage_direct_list_all()
2617 ret = semanage_module_get_path(sh, in semanage_direct_list_all()
2644 ERR(sh, in semanage_direct_list_all()
2658 ERR(sh, "Error allocating memory for module array."); in semanage_direct_list_all()
2668 sh, in semanage_direct_list_all()
2678 sh, in semanage_direct_list_all()
2689 sh, in semanage_direct_list_all()
2697 sh, in semanage_direct_list_all()
2705 semanage_module_info_destroy(sh, modinfo_tmp); in semanage_direct_list_all()
2714 semanage_module_info_destroy(sh, &modinfo); in semanage_direct_list_all()
2730 semanage_module_info_destroy(sh, modinfo_tmp); in semanage_direct_list_all()
2738 sh, in semanage_direct_list_all()
2750 static int semanage_direct_install_info(semanage_handle_t *sh, in semanage_direct_install_info() argument
2755 assert(sh); in semanage_direct_install_info()
2769 ret = semanage_module_key_init(sh, &higher_key); in semanage_direct_install_info()
2778 ERR(sh, "%s failed module validation.\n", modinfo->name); in semanage_direct_install_info()
2786 ret = semanage_module_key_set_name(sh, &higher_key, modinfo->name); in semanage_direct_install_info()
2792 ret = semanage_direct_get_module_info(sh, &higher_key, &higher_info); in semanage_direct_install_info()
2796 WARN(sh, in semanage_direct_install_info()
2804 INFO(sh, in semanage_direct_install_info()
2813 WARN(sh, in semanage_direct_install_info()
2820 ret = semanage_direct_set_module_info(sh, modinfo); in semanage_direct_install_info()
2833 sh, in semanage_direct_install_info()
2843 ret = write_compressed_file(sh, path, data, data_len); in semanage_direct_install_info()
2845 ERR(sh, "Error while writing to %s.", path); in semanage_direct_install_info()
2853 sh, in semanage_direct_install_info()
2866 ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno)); in semanage_direct_install_info()
2874 semanage_module_key_destroy(sh, &higher_key); in semanage_direct_install_info()
2875 semanage_module_info_destroy(sh, higher_info); in semanage_direct_install_info()
2882 static int semanage_direct_remove_key(semanage_handle_t *sh, in semanage_direct_remove_key() argument
2885 assert(sh); in semanage_direct_remove_key()
2895 ret = semanage_module_key_init(sh, &modkey_tmp); in semanage_direct_remove_key()
2905 ERR(sh, "Priority %d is invalid.", modkey->priority); in semanage_direct_remove_key()
2913 ERR(sh, "Name %s is invalid.", modkey->name); in semanage_direct_remove_key()
2918 ret = semanage_module_key_set_name(sh, &modkey_tmp, modkey->name); in semanage_direct_remove_key()
2926 sh, in semanage_direct_remove_key()
2939 ERR(sh, "Unable to remove module %s at priority %d.", modkey->name, modkey->priority); in semanage_direct_remove_key()
2945 ret = semanage_module_get_module_info(sh, &modkey_tmp, &modinfo); in semanage_direct_remove_key()
2949 INFO(sh, in semanage_direct_remove_key()
2956 sh, in semanage_direct_remove_key()
2980 INFO(sh, in semanage_direct_remove_key()
2988 semanage_module_key_destroy(sh, &modkey_tmp); in semanage_direct_remove_key()
2990 semanage_module_info_destroy(sh, modinfo); in semanage_direct_remove_key()