hal/tools Makefile.am,1.9,1.10 fstab-sync.c,1.15,1.16

Sun Aug 29 15:31:41 PDT 2004

Update of /cvs/hal/hal/tools
In directory gabe:/tmp/cvs-serv19553/tools

Modified Files:
	Makefile.am fstab-sync.c 
Log Message:
2004-08-30  David Zeuthen  <david at fubar.dk>

	* configure.in: Add SELinux checks
	
	* tools/Makefile.am: Build fstab-sync with selinux support if applicable
	
	* tools/fstab-sync.c: 
	(restore_selinux_context): New functions
	(add_udi): Use restore_selinux_context
	(remove_udi): Use restore_selinux_context
	
	* tools/linux/Makefile.am: Install hal.hotplug and hal.dev symlinks
	prefixed with 20- respectively 10-.



Index: Makefile.am
===================================================================
RCS file: /cvs/hal/hal/tools/Makefile.am,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10

--- Makefile.am	25 Aug 2004 20:55:13 -0000	1.9
+++ Makefile.am	29 Aug 2004 22:31:39 -0000	1.10
@@ -24,6 +24,10 @@
 fstab_sync_SOURCES = fstab-sync.c
 fstab_sync_LDADD = -lpopt $(top_builddir)/libhal/libhal.la
 
+if HAVE_SELINUX
+fstab_sync_LDADD += -lselinux
+endif
+
 if FSTAB_SYNC_ENABLED
 install-data-local :
 	$(mkinstalldirs) $(DESTDIR)$(SYSCONFDIR)/hal/device.d

Index: fstab-sync.c
===================================================================
RCS file: /cvs/hal/hal/tools/fstab-sync.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- fstab-sync.c	25 Aug 2004 23:56:09 -0000	1.15
+++ fstab-sync.c	29 Aug 2004 22:31:39 -0000	1.16
@@ -58,6 +58,10 @@
 #define DBUS_API_SUBJECT_TO_CHANGE
 #include "libhal/libhal.h"
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 typedef int boolean;
 
 static boolean verbose = FALSE;
@@ -179,6 +183,101 @@
 static boolean remove_udi (const char *udi);
 static boolean clean (void);
 
+
+#ifdef HAVE_SELINUX
+/* largely based on restorecon.c in policycoreutils, GPLv2 license, Author: Dan Walsh */
+static int restore_selinux_context(char *filename)
+{
+  int retcontext=0;
+  int retval=0;
+  int errors=0;
+  security_context_t scontext;
+  security_context_t prev_context;
+  int len=strlen(filename);
+  struct stat st;
+  char path[256+1]; /* PATH_MAX */
+
+  /* 
+     Eliminate trailing /
+  */
+  if (len > 0 && filename[len-1]=='/' && (strcmp(filename,"/") != 0)) {
+    filename[len-1]=0;
+  }
+  if (lstat(filename, &st)!=0) {
+    fstab_update_debug ("%d: lstat(%s) failed: %s\n", pid, filename,strerror(errno));
+    return 1;
+  }
+  if (S_ISLNK(st.st_mode)) {
+    fstab_update_debug ("%d: Warning! %s refers to a symbolic link, not following last component.\n", pid, filename);
+    char *p = NULL, *file_sep;
+    char *tmp_path = strdup(filename);
+    if (!tmp_path) {
+      fstab_update_debug ("%d: strdup on %s failed:  %s\n", pid, filename,strerror(errno));
+      return 1;
+    }
+    file_sep = strrchr(tmp_path, '/');
+    if(file_sep)
+    {
+      *file_sep = 0;
+      file_sep++;
+      p = realpath(tmp_path, path);
+    }
+    if (!p || strlen(path) + strlen(file_sep) + 1 > 256) {
+      fstab_update_debug ("%d: realpath(%s) failed %s\n", pid, filename, strerror(errno));
+      free(tmp_path);
+      return 1;
+    }
+    sprintf(p + strlen(p), "/%s", file_sep);
+    filename = p;
+    free(tmp_path);
+  } else {
+    char *p;
+    p = realpath(filename, path);
+    if (!p) {
+      fstab_update_debug ("%d: realpath(%s) failed %s\n", pid, filename, strerror(errno));
+      return 1;
+    }
+    filename = p;
+  }
+
+  retval = matchpathcon(filename, st.st_mode, &scontext);
+  if (retval < 0) {
+    fstab_update_debug ("%d: matchpathcon(%s) failed %s\n", pid, filename,strerror(errno));
+    return 1;
+  } 
+  if (strcmp(scontext,"<<none>>")==0) {
+    freecon(scontext);
+    return 0;
+  }
+  retcontext=lgetfilecon(filename,&prev_context);
+  
+  if (retcontext >= 0 || errno == ENODATA) {
+    if (retcontext < 0 || strcmp(prev_context,scontext) != 0) {
+      retval=lsetfilecon(filename,scontext);
+      if (retval<0) {
+	  fstab_update_debug ("%d: %s set context %s->%s failed:'%s'\n",
+			      pid, PROGRAM_NAME, filename, scontext, strerror(errno));
+	  if (retcontext >= 0)
+	    freecon(prev_context);
+	  freecon(scontext);
+	  return 1;
+      } else 	
+	fstab_update_debug ("%d: %s reset context %s->%s\n",
+			    pid, PROGRAM_NAME, filename, scontext);
+    } 
+    if (retcontext >= 0)
+      freecon(prev_context);
+  } 
+  else {
+    errors++;
+    fstab_update_debug ("%d: %s get context on %s failed: '%s'\n",
+			pid, PROGRAM_NAME, filename, strerror(errno));
+  }
+  freecon(scontext);
+  return errors;
+}
+#endif /* HAVE_SELINUX */
+
 static FSTableField *
 fs_table_field_new (FSTableFieldType type, const char *value)
 {
@@ -1427,6 +1526,10 @@
   close (fd);
   volume_free (volume);
 
+#ifdef HAVE_SELINUX
+  restore_selinux_context(_PATH_FSTAB);
+#endif
+
   return TRUE;
 
 error:
@@ -1521,6 +1624,10 @@
   free (block_device);
   fs_table_line_free (line);
 
+#ifdef HAVE_SELINUX
+  restore_selinux_context(_PATH_FSTAB);
+#endif
+
   return TRUE;
 
 error:


