[ SETSEBOOL ] Cleanup patch

[ SETSEBOOL ] Cleanup patch

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 279 bytes --]

Error handling is different for libselinux interaction depending on -P. 
Fix that by adding a new helper function. Also add a newline and change 
some error messages. Recover the handle.h header #include (I don't think 
we should rely on the boolean headers to include it).






[-- Attachment #2: setsebool.cleanup.diff --]
[-- Type: text/x-patch, Size: 2864 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/policycoreutils/setsebool/setsebool.c new/policycoreutils/setsebool/setsebool.c
--- old/policycoreutils/setsebool/setsebool.c	2005-11-08 23:11:21.000000000 -0500
+++ new/policycoreutils/setsebool/setsebool.c	2005-11-08 23:37:34.000000000 -0500
@@ -8,6 +8,7 @@
 #include <syslog.h>
 #include <pwd.h>
 #include <selinux/selinux.h>
+#include <semanage/handle.h>
 #include <semanage/booleans_local.h>
 #include <semanage/boolean_record.h>
 #include <errno.h>
@@ -72,8 +73,29 @@ int main(int argc, char **argv)
 	return rc;
 }
 
-/* Helper function: applies permanent changes to policy via libsemanage */
-int semanage_set_boolean_list(size_t boolcnt, SELboolean *boollist) {
+/* Apply boolean changes to policy via libselinux */
+static int selinux_set_boolean_list(
+	size_t boolcnt, 
+	SELboolean *boollist, 
+	int permanent) {
+
+	if (security_set_boolean_list(boolcnt, boollist, permanent)) {
+		if (errno == ENOENT)
+			fprintf(stderr, "Could not change active booleans: "
+				"Invalid boolean\n");
+		else if (errno)
+			perror("Could not change active booleans");
+	
+		return -1;
+	}
+	
+	return 0;
+}
+
+/* Apply (permanent) boolean changes to policy via libsemanage */
+static int semanage_set_boolean_list(
+	size_t boolcnt, 
+	SELboolean *boollist) {
 
 	size_t j;
 	semanage_handle_t* handle = NULL;
@@ -91,15 +113,10 @@ int semanage_set_boolean_list(size_t boo
 	if (managed < 0) {
 		fprintf(stderr, "Error when checking whether policy is managed\n"); 
 		goto err;
+
 	} else if (managed == 0) {
-		if (security_set_boolean_list(boolcnt, boollist, 1)) {
-			if (errno == ENOENT) 
-				fprintf(stderr, "Error setting boolean: "
-					"Invalid boolean\n");
-			else if (errno)
-				perror("Error setting booleans");
+		if (selinux_set_boolean_list(boolcnt, boollist, 1) < 0)
 			goto err;
-		}
 		goto out;
 	}
 
@@ -136,7 +153,7 @@ int semanage_set_boolean_list(size_t boo
 
 	semanage_disconnect(handle);
 
-	if (security_set_boolean_list(boolcnt, boollist, 0))
+	if (selinux_set_boolean_list(boolcnt, boollist, 0))
 		goto err;
 
         out:
@@ -147,7 +164,7 @@ int semanage_set_boolean_list(size_t boo
 	semanage_bool_key_free(bool_key);
 	semanage_bool_free(boolean);
 	semanage_handle_destroy(handle);
-	fprintf(stderr, "Could not apply permanent policy change");
+	fprintf(stderr, "Could not change policy booleans\n");
 	return -1;
 }
 
@@ -213,15 +230,8 @@ int setbool(char **list, size_t start, s
 			goto err;
 
 	} else {
-		if (security_set_boolean_list(boolcnt, vallist, 0)) {
-			if (errno == ENOENT) 
-				fprintf(stderr, "Error setting boolean: "
-					"Invalid boolean\n");
-			else if (errno)
-				perror("Error setting booleans");
-
-			goto err;			
-		}
+		if (selinux_set_boolean_list(boolcnt, vallist, 0) < 0)
+			goto err;
 	}
 
 	/* Now log what was done */

Re: [ SETSEBOOL ] Cleanup patch

[Stephen Smalley]

On Tue, 2005-11-08 at 23:57 -0500, Ivan Gyurdiev wrote:
> Error handling is different for libselinux interaction depending on -P. 
> Fix that by adding a new helper function. Also add a newline and change 
> some error messages. Recover the handle.h header #include (I don't think 
> we should rely on the boolean headers to include it).

thanks, merged.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.