[SETSEBOOL] Apply active booleans through libsemanage

All of lore.kernel.org
 help / color / mirror / Atom feed

* [SETSEBOOL] Apply active booleans through libsemanage
@ 2005-12-23 23:47 Ivan Gyurdiev
  0 siblings, 0 replies; only message in thread
From: Ivan Gyurdiev @ 2005-12-23 23:47 UTC (permalink / raw)
  To: SELinux List; +Cc: Stephen Smalley

[-- Attachment #1: Type: text/plain, Size: 272 bytes --]

Hi, this patch changes setsebool to apply active booleans via 
libsemanage. Libselinux is now only used in the fallback (non-managed) 
case... otherwise I could change setsebool not to use SELboolean as an 
intermediary structure, and to use semanage_bool_t directly.





[-- Attachment #2: setsebool2.active_libsemanage.diff --]
[-- Type: text/x-patch, Size: 2361 bytes --]

diff -Naurp --exclude-from excludes old/policycoreutils/setsebool/setsebool.c new/policycoreutils/setsebool/setsebool.c
--- old/policycoreutils/setsebool/setsebool.c	2005-12-23 18:24:55.000000000 -0500
+++ new/policycoreutils/setsebool/setsebool.c	2005-12-23 18:41:12.000000000 -0500
@@ -10,6 +10,7 @@
 #include <selinux/selinux.h>
 #include <semanage/handle.h>
 #include <semanage/booleans_local.h>
+#include <semanage/booleans_active.h>
 #include <semanage/boolean_record.h>
 #include <errno.h>
 
@@ -95,11 +96,13 @@ static int selinux_set_boolean_list(
 /* Apply (permanent) boolean changes to policy via libsemanage */
 static int semanage_set_boolean_list(
 	size_t boolcnt, 
-	SELboolean *boollist) {
+	SELboolean *boollist,
+	int permanent) {
 
 	size_t j;
 	semanage_handle_t* handle = NULL;
 	semanage_bool_t* boolean = NULL;
+	semanage_bool_t* boolean2 = NULL;
 	semanage_bool_key_t* bool_key = NULL;
 	int managed;
 
@@ -139,7 +142,16 @@ static int semanage_set_boolean_list(
 		if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
 			goto err;
 
-		if (semanage_bool_modify_local(handle, bool_key, boolean) < 0)
+		if (permanent) {
+			if (semanage_bool_clone(handle, boolean, &boolean2) < 0)
+				goto err;
+
+			if (semanage_bool_modify_local(handle, bool_key, boolean2) < 0)
+				goto err;
+			boolean2 = NULL;
+		} 
+
+		if (semanage_bool_set_active(handle, bool_key, boolean) < 0)
 			goto err;
 
 		semanage_bool_key_free(bool_key);
@@ -153,9 +165,6 @@ static int semanage_set_boolean_list(
 
 	semanage_disconnect(handle);
 
-	if (selinux_set_boolean_list(boolcnt, boollist, 0))
-		goto err;
-
         out:
 	semanage_handle_destroy(handle);
 	return 0;
@@ -163,6 +172,7 @@ static int semanage_set_boolean_list(
 	err:
 	semanage_bool_key_free(bool_key);
 	semanage_bool_free(boolean);
+	semanage_bool_free(boolean2);
 	semanage_handle_destroy(handle);
 	fprintf(stderr, "Could not change policy booleans\n");
 	return -1;
@@ -217,14 +227,8 @@ int setbool(char **list, size_t start, s
 		*value_ptr = '=';
 	} 
 
-	if (permanent) {
-		if (semanage_set_boolean_list(boolcnt, vallist) < 0)
-			goto err;
-
-	} else {
-		if (selinux_set_boolean_list(boolcnt, vallist, 0) < 0)
-			goto err;
-	}
+	if (semanage_set_boolean_list(boolcnt, vallist, permanent) < 0)
+		goto err;
 
 	/* Now log what was done */
 	pwd = getpwuid(getuid());

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2005-12-23 23:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-23 23:47 [SETSEBOOL] Apply active booleans through libsemanage Ivan Gyurdiev

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.