|
Packit |
366192 |
/* Author: Joshua Brindle
|
|
Packit |
366192 |
* Jason Tang <jtang@tresys.com>
|
|
Packit |
366192 |
* Caleb Case <ccase@tresys.com>
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* Copyright (C) 2004-2005,2009 Tresys Technology, LLC
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* This library is free software; you can redistribute it and/or
|
|
Packit |
366192 |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit |
366192 |
* License as published by the Free Software Foundation; either
|
|
Packit |
366192 |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* This library is distributed in the hope that it will be useful,
|
|
Packit |
366192 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
366192 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
366192 |
* Lesser General Public License for more details.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
366192 |
* License along with this library; if not, write to the Free Software
|
|
Packit |
366192 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* This file implements only the publicly-visible module functions to libsemanage. */
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#include "direct_api.h"
|
|
Packit |
366192 |
#include "semanage_conf.h"
|
|
Packit |
366192 |
#include "semanage_store.h"
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#include <stdarg.h>
|
|
Packit |
366192 |
#include <assert.h>
|
|
Packit |
366192 |
#include <stdlib.h>
|
|
Packit |
366192 |
#include <stdio.h>
|
|
Packit |
366192 |
#include <string.h>
|
|
Packit |
366192 |
#include <limits.h>
|
|
Packit |
366192 |
#include <fcntl.h>
|
|
Packit |
366192 |
#include <sys/types.h>
|
|
Packit |
366192 |
#include <sys/stat.h>
|
|
Packit |
366192 |
#include <errno.h>
|
|
Packit |
366192 |
#include <ctype.h>
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#include "handle.h"
|
|
Packit |
366192 |
#include "modules.h"
|
|
Packit |
366192 |
#include "debug.h"
|
|
Packit |
366192 |
|
|
Packit |
366192 |
asm(".symver semanage_module_get_enabled_1_1,semanage_module_get_enabled@@LIBSEMANAGE_1.1");
|
|
Packit |
366192 |
asm(".symver semanage_module_get_enabled_1_0,semanage_module_get_enabled@LIBSEMANAGE_1.0");
|
|
Packit |
366192 |
asm(".symver semanage_module_install_pp,semanage_module_install@LIBSEMANAGE_1.0");
|
|
Packit |
366192 |
asm(".symver semanage_module_install_hll,semanage_module_install@@LIBSEMANAGE_1.1");
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Takes a module stored in 'module_data' and parses its headers.
|
|
Packit |
366192 |
* Sets reference variables 'module_name' to module's name and
|
|
Packit |
366192 |
* 'version' to module's version. The caller is responsible for
|
|
Packit |
366192 |
* free()ing 'module_name' and 'version'; they will be
|
|
Packit |
366192 |
* set to NULL upon entering this function. Returns 0 on success, -1
|
|
Packit |
366192 |
* if out of memory, or -2 if data did not represent a module.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
static int parse_module_headers(semanage_handle_t * sh, char *module_data,
|
|
Packit |
366192 |
size_t data_len, char **module_name, char **version)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
struct sepol_policy_file *pf;
|
|
Packit |
366192 |
int file_type;
|
|
Packit |
366192 |
*version = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (sepol_policy_file_create(&pf)) {
|
|
Packit |
366192 |
ERR(sh, "Out of memory!");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sepol_policy_file_set_mem(pf, module_data, data_len);
|
|
Packit |
366192 |
sepol_policy_file_set_handle(pf, sh->sepolh);
|
|
Packit |
366192 |
if (module_data == NULL ||
|
|
Packit |
366192 |
data_len == 0 ||
|
|
Packit |
366192 |
sepol_module_package_info(pf, &file_type, module_name, version) == -1) {
|
|
Packit |
366192 |
sepol_policy_file_free(pf);
|
|
Packit |
366192 |
ERR(sh, "Could not parse module data.");
|
|
Packit |
366192 |
return -2;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sepol_policy_file_free(pf);
|
|
Packit |
366192 |
if (file_type != SEPOL_POLICY_MOD) {
|
|
Packit |
366192 |
ERR(sh, "Data did not represent a pp module. Please upgrade to the latest version of libsemanage to support hll modules.");
|
|
Packit |
366192 |
return -2;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* This function is used to preserve ABI compatibility with
|
|
Packit |
366192 |
* versions of semodule using LIBSEMANAGE_1.0
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_install_pp(semanage_handle_t * sh,
|
|
Packit |
366192 |
char *module_data, size_t data_len)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
char *name = NULL;
|
|
Packit |
366192 |
char *version = NULL;
|
|
Packit |
366192 |
int status;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if ((status = parse_module_headers(sh, module_data, data_len, &name, &version)) != 0) {
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
status = semanage_module_install_hll(sh, module_data, data_len, name, "pp");
|
|
Packit |
366192 |
|
|
Packit |
366192 |
cleanup:
|
|
Packit |
366192 |
free(name);
|
|
Packit |
366192 |
free(version);
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_install_hll(semanage_handle_t * sh,
|
|
Packit |
366192 |
char *module_data, size_t data_len, const char *name, const char *ext_lang)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (sh->funcs->install == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No install function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_in_transaction) {
|
|
Packit |
366192 |
if (semanage_begin_transaction(sh) < 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sh->modules_modified = 1;
|
|
Packit |
366192 |
return sh->funcs->install(sh, module_data, data_len, name, ext_lang);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_install_file(semanage_handle_t * sh,
|
|
Packit |
366192 |
const char *module_name) {
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (sh->funcs->install_file == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No install function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_in_transaction) {
|
|
Packit |
366192 |
if (semanage_begin_transaction(sh) < 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sh->modules_modified = 1;
|
|
Packit |
366192 |
return sh->funcs->install_file(sh, module_name);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_extract(semanage_handle_t * sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey,
|
|
Packit |
366192 |
int extract_cil,
|
|
Packit |
366192 |
void **mapped_data,
|
|
Packit |
366192 |
size_t *data_len,
|
|
Packit |
366192 |
semanage_module_info_t **modinfo) {
|
|
Packit |
366192 |
if (sh->funcs->extract == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No get function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
return sh->funcs->extract(sh, modkey, extract_cil, mapped_data, data_len, modinfo);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Legacy function that remains to preserve ABI
|
|
Packit |
366192 |
* compatibility. Please use semanage_module_install instead.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_upgrade(semanage_handle_t * sh,
|
|
Packit |
366192 |
char *module_data, size_t data_len)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return semanage_module_install_pp(sh, module_data, data_len);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Legacy function that remains to preserve ABI
|
|
Packit |
366192 |
* compatibility. Please use semanage_module_install_file instead.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_upgrade_file(semanage_handle_t * sh,
|
|
Packit |
366192 |
const char *module_name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return semanage_module_install_file(sh, module_name);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Legacy function that remains to preserve ABI
|
|
Packit |
366192 |
* compatibility. Please use semanage_module_install instead.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_install_base(semanage_handle_t * sh,
|
|
Packit |
366192 |
char *module_data, size_t data_len)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return semanage_module_install_pp(sh, module_data, data_len);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Legacy function that remains to preserve ABI
|
|
Packit |
366192 |
* compatibility. Please use semanage_module_install_file instead.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_install_base_file(semanage_handle_t * sh,
|
|
Packit |
366192 |
const char *module_name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return semanage_module_install_file(sh, module_name);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_remove(semanage_handle_t * sh, char *module_name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (sh->funcs->remove == NULL) {
|
|
Packit |
366192 |
ERR(sh, "No remove function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_in_transaction) {
|
|
Packit |
366192 |
if (semanage_begin_transaction(sh) < 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sh->modules_modified = 1;
|
|
Packit |
366192 |
return sh->funcs->remove(sh, module_name);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_list(semanage_handle_t * sh,
|
|
Packit |
366192 |
semanage_module_info_t ** modinfo, int *num_modules)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (sh->funcs->list == NULL) {
|
|
Packit |
366192 |
ERR(sh, "No list function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
return sh->funcs->list(sh, modinfo, num_modules);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
void semanage_module_info_datum_destroy(semanage_module_info_t * modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (modinfo != NULL) {
|
|
Packit |
366192 |
modinfo->priority = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modinfo->name);
|
|
Packit |
366192 |
modinfo->name = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modinfo->lang_ext);
|
|
Packit |
366192 |
modinfo->lang_ext = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modinfo->enabled = -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_datum_destroy)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list,
|
|
Packit |
366192 |
int n)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return list + n;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_list_nth)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
const char *semanage_module_get_name(semanage_module_info_t * modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return modinfo->name;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_get_name)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Legacy function that remains to preserve ABI
|
|
Packit |
366192 |
* compatibility.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
const char *semanage_module_get_version(semanage_module_info_t * modinfo
|
|
Packit |
366192 |
__attribute__ ((unused)))
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return "";
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_create(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t **modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*modinfo = malloc(sizeof(semanage_module_info_t));
|
|
Packit |
366192 |
if (*modinfo == NULL) return -1;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return semanage_module_info_init(sh, *modinfo);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_create)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_destroy(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (!modinfo) {
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modinfo->name);
|
|
Packit |
366192 |
free(modinfo->lang_ext);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return semanage_module_info_init(sh, modinfo);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_destroy)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_init(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modinfo->priority = 0;
|
|
Packit |
366192 |
modinfo->name = NULL;
|
|
Packit |
366192 |
modinfo->lang_ext = NULL;
|
|
Packit |
366192 |
modinfo->enabled = -1;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_clone(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_info_t *source,
|
|
Packit |
366192 |
semanage_module_info_t *target)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(source);
|
|
Packit |
366192 |
assert(target);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int status = 0;
|
|
Packit |
366192 |
int ret = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_info_destroy(sh, target);
|
|
Packit |
366192 |
if (ret != 0) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_info_set_priority(sh, target, source->priority);
|
|
Packit |
366192 |
if (ret != 0) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_info_set_name(sh, target, source->name);
|
|
Packit |
366192 |
if (ret != 0) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_info_set_lang_ext(sh, target, source->lang_ext);
|
|
Packit |
366192 |
if (ret != 0) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_info_set_enabled(sh, target, source->enabled);
|
|
Packit |
366192 |
if (ret != 0) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
cleanup:
|
|
Packit |
366192 |
if (status != 0) semanage_module_info_destroy(sh, target);
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_get_priority(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
uint16_t *priority)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(priority);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*priority = modinfo->priority;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_get_priority)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_get_name(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
const char **name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(name);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*name = modinfo->name;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_get_name)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_get_lang_ext(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
const char **lang_ext)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(lang_ext);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*lang_ext = modinfo->lang_ext;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_get_lang_ext)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_get_enabled(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
int *enabled)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(enabled);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*enabled = modinfo->enabled;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_get_enabled)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_set_priority(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
uint16_t priority)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Verify priority */
|
|
Packit |
366192 |
if (semanage_module_validate_priority(priority) < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Priority %d is invalid.", priority);
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modinfo->priority = priority;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_set_priority)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_set_name(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
const char *name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(name);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
char * tmp;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Verify name */
|
|
Packit |
366192 |
if (semanage_module_validate_name(name) < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Name %s is invalid.", name);
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
tmp = strdup(name);
|
|
Packit |
366192 |
if (!tmp) {
|
|
Packit |
366192 |
ERR(sh, "No memory available for strdup");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modinfo->name);
|
|
Packit |
366192 |
modinfo->name = tmp;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_set_name)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_set_lang_ext(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
const char *lang_ext)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(lang_ext);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
char * tmp;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Verify extension */
|
|
Packit |
366192 |
if (semanage_module_validate_lang_ext(lang_ext) < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Language extensions %s is invalid.", lang_ext);
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
tmp = strdup(lang_ext);
|
|
Packit |
366192 |
if (!tmp) {
|
|
Packit |
366192 |
ERR(sh, "No memory available for strdup");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modinfo->lang_ext);
|
|
Packit |
366192 |
modinfo->lang_ext = tmp;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_set_lang_ext)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_info_set_enabled(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
int enabled)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Verify enabled */
|
|
Packit |
366192 |
if (semanage_module_validate_enabled(enabled) < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Enabled status %d is invalid.", enabled);
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modinfo->enabled = enabled;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_info_set_enabled)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_get_path(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
enum semanage_module_path_type type,
|
|
Packit |
366192 |
char *path,
|
|
Packit |
366192 |
size_t len)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
assert(path);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int status = 0;
|
|
Packit |
366192 |
int ret = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
const char *modules_path = NULL;
|
|
Packit |
366192 |
const char *file = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modules_path = sh->is_in_transaction ?
|
|
Packit |
366192 |
semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES):
|
|
Packit |
366192 |
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_MODULES);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
switch (type) {
|
|
Packit |
366192 |
case SEMANAGE_MODULE_PATH_PRIORITY:
|
|
Packit |
366192 |
/* verify priority */
|
|
Packit |
366192 |
ret = semanage_module_validate_priority(modinfo->priority);
|
|
Packit |
366192 |
if (ret < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"Priority %d is invalid.",
|
|
Packit |
366192 |
modinfo->priority);
|
|
Packit |
366192 |
status = ret;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = snprintf(path,
|
|
Packit |
366192 |
len,
|
|
Packit |
366192 |
"%s/%03u",
|
|
Packit |
366192 |
modules_path,
|
|
Packit |
366192 |
modinfo->priority);
|
|
Packit |
366192 |
if (ret < 0 || (size_t)ret >= len) {
|
|
Packit |
366192 |
ERR(sh, "Unable to compose priority path.");
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
break;
|
|
Packit |
366192 |
case SEMANAGE_MODULE_PATH_NAME:
|
|
Packit |
366192 |
/* verify priority and name */
|
|
Packit |
366192 |
ret = semanage_module_validate_priority(modinfo->priority);
|
|
Packit |
366192 |
if (ret < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"Priority %d is invalid.",
|
|
Packit |
366192 |
modinfo->priority);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_validate_name(modinfo->name);
|
|
Packit |
366192 |
if (ret < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Name %s is invalid.", modinfo->name);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = snprintf(path,
|
|
Packit |
366192 |
len,
|
|
Packit |
366192 |
"%s/%03u/%s",
|
|
Packit |
366192 |
modules_path,
|
|
Packit |
366192 |
modinfo->priority,
|
|
Packit |
366192 |
modinfo->name);
|
|
Packit |
366192 |
if (ret < 0 || (size_t)ret >= len) {
|
|
Packit |
366192 |
ERR(sh, "Unable to compose name path.");
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
break;
|
|
Packit |
366192 |
case SEMANAGE_MODULE_PATH_HLL:
|
|
Packit |
366192 |
if (file == NULL) file = "hll";
|
|
Packit |
366192 |
/* FALLTHRU */
|
|
Packit |
366192 |
case SEMANAGE_MODULE_PATH_CIL:
|
|
Packit |
366192 |
if (file == NULL) file = "cil";
|
|
Packit |
366192 |
/* FALLTHRU */
|
|
Packit |
366192 |
case SEMANAGE_MODULE_PATH_LANG_EXT:
|
|
Packit |
366192 |
if (file == NULL) file = "lang_ext";
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* verify priority and name */
|
|
Packit |
366192 |
ret = semanage_module_validate_priority(modinfo->priority);
|
|
Packit |
366192 |
if (ret < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"Priority %d is invalid.",
|
|
Packit |
366192 |
modinfo->priority);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = semanage_module_validate_name(modinfo->name);
|
|
Packit |
366192 |
if (ret < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Name %s is invalid.", modinfo->name);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = snprintf(path,
|
|
Packit |
366192 |
len,
|
|
Packit |
366192 |
"%s/%03u/%s/%s",
|
|
Packit |
366192 |
modules_path,
|
|
Packit |
366192 |
modinfo->priority,
|
|
Packit |
366192 |
modinfo->name,
|
|
Packit |
366192 |
file);
|
|
Packit |
366192 |
if (ret < 0 || (size_t)ret >= len) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"Unable to compose path for %s file.",
|
|
Packit |
366192 |
file);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
break;
|
|
Packit |
366192 |
case SEMANAGE_MODULE_PATH_DISABLED:
|
|
Packit |
366192 |
/* verify name */
|
|
Packit |
366192 |
ret = semanage_module_validate_name(modinfo->name);
|
|
Packit |
366192 |
if (ret < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Name %s is invalid.", modinfo->name);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
ret = snprintf(path,
|
|
Packit |
366192 |
len,
|
|
Packit |
366192 |
"%s/disabled/%s",
|
|
Packit |
366192 |
modules_path,
|
|
Packit |
366192 |
modinfo->name);
|
|
Packit |
366192 |
if (ret < 0 || (size_t)ret >= len) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"Unable to compose disabled status path.");
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
break;
|
|
Packit |
366192 |
default:
|
|
Packit |
366192 |
ERR(sh, "Invalid module path type %d.", type);
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
cleanup:
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_create(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t **modkey)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*modkey = malloc(sizeof(semanage_module_key_t));
|
|
Packit |
366192 |
if (*modkey == NULL) return -1;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return semanage_module_key_init(sh, *modkey);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_key_create)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_destroy(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (!modkey) {
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modkey->name);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return semanage_module_key_init(sh, modkey);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_key_destroy)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_init(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modkey->name = NULL;
|
|
Packit |
366192 |
modkey->priority = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_get_name(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey,
|
|
Packit |
366192 |
const char **name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
assert(name);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*name = modkey->name;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_key_get_name)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_get_priority(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey,
|
|
Packit |
366192 |
uint16_t *priority)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
assert(priority);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*priority = modkey->priority;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_key_get_priority)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_set_name(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey,
|
|
Packit |
366192 |
const char *name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
assert(name);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int status = 0;
|
|
Packit |
366192 |
char *tmp = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (semanage_module_validate_name(name) < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Name %s is invalid.", name);
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
tmp = strdup(name);
|
|
Packit |
366192 |
if (tmp == NULL) {
|
|
Packit |
366192 |
ERR(sh, "No memory available for strdup");
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto cleanup;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
free(modkey->name);
|
|
Packit |
366192 |
modkey->name = tmp;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
cleanup:
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_key_set_name)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_key_set_priority(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_key_t *modkey,
|
|
Packit |
366192 |
uint16_t priority)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (semanage_module_validate_priority(priority) < 0) {
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
ERR(sh, "Priority %d is invalid.", priority);
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
modkey->priority = priority;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_key_set_priority)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_key_t *modkey,
|
|
Packit |
366192 |
int *enabled)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
assert(enabled);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (sh->funcs->get_enabled == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No get_enabled function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return sh->funcs->get_enabled(sh, modkey, enabled);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_get_enabled_1_0(semanage_module_info_t *modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
return modinfo->enabled;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_set_enabled(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_key_t *modkey,
|
|
Packit |
366192 |
int enabled)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (sh->funcs->set_enabled == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No set_enabled function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_in_transaction) {
|
|
Packit |
366192 |
if (semanage_begin_transaction(sh) < 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
sh->modules_modified = 1;
|
|
Packit |
366192 |
return sh->funcs->set_enabled(sh, modkey, enabled);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
hidden_def(semanage_module_set_enabled)
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* This function exists only for ABI compatability. It has been deprecated and
|
|
Packit |
366192 |
* should not be used. Instead, use semanage_module_set_enabled() */
|
|
Packit |
366192 |
int semanage_module_enable(semanage_handle_t *sh, char *module_name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
int rc = -1;
|
|
Packit |
366192 |
semanage_module_key_t *modkey = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = semanage_module_key_create(sh, &modkey);
|
|
Packit |
366192 |
if (rc != 0)
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = semanage_module_key_set_name(sh, modkey, module_name);
|
|
Packit |
366192 |
if (rc != 0)
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = semanage_module_set_enabled(sh, modkey, 1);
|
|
Packit |
366192 |
if (rc != 0)
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
exit:
|
|
Packit |
366192 |
semanage_module_key_destroy(sh, modkey);
|
|
Packit |
366192 |
free(modkey);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return rc;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* This function exists only for ABI compatability. It has been deprecated and
|
|
Packit |
366192 |
* should not be used. Instead, use semanage_module_set_enabled() */
|
|
Packit |
366192 |
int semanage_module_disable(semanage_handle_t *sh, char *module_name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
int rc = -1;
|
|
Packit |
366192 |
semanage_module_key_t *modkey = NULL;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = semanage_module_key_create(sh, &modkey);
|
|
Packit |
366192 |
if (rc != 0)
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = semanage_module_key_set_name(sh, modkey, module_name);
|
|
Packit |
366192 |
if (rc != 0)
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = semanage_module_set_enabled(sh, modkey, 0);
|
|
Packit |
366192 |
if (rc != 0)
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
rc = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
exit:
|
|
Packit |
366192 |
semanage_module_key_destroy(sh, modkey);
|
|
Packit |
366192 |
free(modkey);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return rc;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Converts a string to a priority
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* returns -1 if str is not a valid priority.
|
|
Packit |
366192 |
* returns 0 and sets priority if str is a valid priority
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_string_to_priority(const char *str, uint16_t *priority)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
unsigned long val;
|
|
Packit |
366192 |
char *endptr = NULL;
|
|
Packit |
366192 |
int status = -1;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (str == NULL || priority == NULL) {
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
errno = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
val = strtoul(str, &endptr, 10);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (errno != 0 || endptr == str || *endptr != '\0' || val > UINT16_MAX) {
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (semanage_module_validate_priority((uint16_t)val) < 0) {
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
*priority = val;
|
|
Packit |
366192 |
status = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
exit:
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Validates a module info struct.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* Returns -1 if module is invalid, 0 otherwise.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_info_validate(const semanage_module_info_t *modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (semanage_module_validate_priority(modinfo->priority) != 0 ||
|
|
Packit |
366192 |
semanage_module_validate_name(modinfo->name) != 0 ||
|
|
Packit |
366192 |
semanage_module_validate_lang_ext(modinfo->lang_ext) != 0 ||
|
|
Packit |
366192 |
semanage_module_validate_enabled(modinfo->enabled) != 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#define PRIORITY_MIN 1
|
|
Packit |
366192 |
#define PRIORITY_MAX 999
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Validates priority.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* returns -1 if priority is not in the valid range, returns 0 otherwise
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_validate_priority(uint16_t priority)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (priority >= PRIORITY_MIN && priority <= PRIORITY_MAX) {
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Validates module name.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* A module name must match one of the following regular expressions
|
|
Packit |
366192 |
* to be considered valid:
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* ^[a-zA-Z](\.?[a-zA-Z0-9_-])*$
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* returns -1 if name is not valid, returns 0 otherwise
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_validate_name(const char * name)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
int status = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (name == NULL) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (!isalpha(*name)) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#define ISVALIDCHAR(c) (isalnum(c) || c == '_' || c == '-')
|
|
Packit |
366192 |
|
|
Packit |
366192 |
for (name++; *name; name++) {
|
|
Packit |
366192 |
if (ISVALIDCHAR(*name)) {
|
|
Packit |
366192 |
continue;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
if (*name == '.' && name++ && ISVALIDCHAR(*name)) {
|
|
Packit |
366192 |
continue;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#undef ISVALIDCHAR
|
|
Packit |
366192 |
|
|
Packit |
366192 |
exit:
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Validates module enabled status.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* Valid enabled values are 1, 0, and -1.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* returns 0 if enabled is a valid value, returns -1 otherwise.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_validate_enabled(int enabled)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (enabled == 1 || enabled == 0 || enabled == -1) {
|
|
Packit |
366192 |
return 0;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
/* Validate extension.
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* An extension must match the following regular expression to be
|
|
Packit |
366192 |
* considered valid:
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* ^[a-zA-Z0-9][a-zA-Z0-9_-]*$
|
|
Packit |
366192 |
*
|
|
Packit |
366192 |
* returns 0 if ext is a valid value, returns -1 otherwise.
|
|
Packit |
366192 |
*/
|
|
Packit |
366192 |
int semanage_module_validate_lang_ext(const char *ext)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
int status = 0;
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (ext == NULL) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (!isalnum(*ext)) {
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#define ISVALIDCHAR(c) (isalnum(c) || c == '_' || c == '-')
|
|
Packit |
366192 |
|
|
Packit |
366192 |
for (ext++; *ext; ext++) {
|
|
Packit |
366192 |
if (ISVALIDCHAR(*ext)) {
|
|
Packit |
366192 |
continue;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
status = -1;
|
|
Packit |
366192 |
goto exit;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
#undef ISVALIDCHAR
|
|
Packit |
366192 |
|
|
Packit |
366192 |
exit:
|
|
Packit |
366192 |
return status;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_get_module_info(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_key_t *modkey,
|
|
Packit |
366192 |
semanage_module_info_t **modinfo)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modkey);
|
|
Packit |
366192 |
assert(modinfo);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (sh->funcs->get_module_info == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No get module info function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return sh->funcs->get_module_info(sh, modkey, modinfo);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_list_all(semanage_handle_t *sh,
|
|
Packit |
366192 |
semanage_module_info_t **modinfos,
|
|
Packit |
366192 |
int *modinfos_len)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
assert(sh);
|
|
Packit |
366192 |
assert(modinfos);
|
|
Packit |
366192 |
assert(modinfos_len);
|
|
Packit |
366192 |
|
|
Packit |
366192 |
if (sh->funcs->list_all == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No list all function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
return sh->funcs->list_all(sh, modinfos, modinfos_len);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_install_info(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_info_t *modinfo,
|
|
Packit |
366192 |
char *data,
|
|
Packit |
366192 |
size_t data_len)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (sh->funcs->install_info == NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No install info function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_in_transaction) {
|
|
Packit |
366192 |
if (semanage_begin_transaction(sh) < 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sh->modules_modified = 1;
|
|
Packit |
366192 |
return sh->funcs->install_info(sh, modinfo, data, data_len);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|
|
Packit |
366192 |
int semanage_module_remove_key(semanage_handle_t *sh,
|
|
Packit |
366192 |
const semanage_module_key_t *modkey)
|
|
Packit |
366192 |
{
|
|
Packit |
366192 |
if (sh->funcs->remove_key== NULL) {
|
|
Packit |
366192 |
ERR(sh,
|
|
Packit |
366192 |
"No remove key function defined for this connection type.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_connected) {
|
|
Packit |
366192 |
ERR(sh, "Not connected.");
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
} else if (!sh->is_in_transaction) {
|
|
Packit |
366192 |
if (semanage_begin_transaction(sh) < 0) {
|
|
Packit |
366192 |
return -1;
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
sh->modules_modified = 1;
|
|
Packit |
366192 |
return sh->funcs->remove_key(sh, modkey);
|
|
Packit |
366192 |
}
|
|
Packit |
366192 |
|