diff options
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/Makefile.am | 23 | ||||
| -rw-r--r-- | plugins/Makefile.in | 658 | ||||
| -rw-r--r-- | plugins/exec.c | 51 | ||||
| -rw-r--r-- | plugins/plugin.h | 15 | ||||
| -rw-r--r-- | plugins/sepolicy.c | 680 |
5 files changed, 1427 insertions, 0 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am new file mode 100644 index 0000000..69230de --- /dev/null +++ b/plugins/Makefile.am @@ -0,0 +1,23 @@ +# Makefile for rpm library. + +include $(top_srcdir)/rpm.am + +AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ +AM_CPPFLAGS += -I$(top_srcdir)/misc +AM_CPPFLAGS += -DLOCALEDIR="\"$(localedir)\"" +AM_CPPFLAGS += -DSYSCONFDIR="\"$(sysconfdir)\"" +AM_CPPFLAGS += -DLOCALSTATEDIR="\"$(localstatedir)\"" +AM_CPPFLAGS += -DLIBRPMALIAS_FILENAME="\"rpmpopt-${VERSION}\"" + +AM_LDFLAGS = -avoid-version -module -shared + +pluginsdir = $(libdir)/rpm-plugins + +plugins_LTLIBRARIES = exec.la sepolicy.la + +exec_la_SOURCES = plugin.h exec.c +exec_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la + +sepolicy_la_SOURCES = plugin.h sepolicy.c +sepolicy_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la @WITH_SELINUX_LIB@ @WITH_SEMANAGE_LIB@ + diff --git a/plugins/Makefile.in b/plugins/Makefile.in new file mode 100644 index 0000000..1fb6b98 --- /dev/null +++ b/plugins/Makefile.in @@ -0,0 +1,658 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Makefile for rpm library. + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/rpm.am +subdir = plugins +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(pluginsdir)" +LTLIBRARIES = $(plugins_LTLIBRARIES) +exec_la_DEPENDENCIES = $(top_builddir)/lib/librpm.la \ + $(top_builddir)/rpmio/librpmio.la +am_exec_la_OBJECTS = exec.lo +exec_la_OBJECTS = $(am_exec_la_OBJECTS) +sepolicy_la_DEPENDENCIES = $(top_builddir)/lib/librpm.la \ + $(top_builddir)/rpmio/librpmio.la +am_sepolicy_la_OBJECTS = sepolicy.lo +sepolicy_la_OBJECTS = $(am_sepolicy_la_OBJECTS) +DEFAULT_INCLUDES = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(exec_la_SOURCES) $(sepolicy_la_SOURCES) +DIST_SOURCES = $(exec_la_SOURCES) $(sepolicy_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AS = @AS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOM4TE = @AUTOM4TE@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DOXYGEN = @DOXYGEN@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIXPERMS = @FIXPERMS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +HAVE_DOT = @HAVE_DOT@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POSUB = @POSUB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RPMCANONARCH = @RPMCANONARCH@ +RPMCANONCOLOR = @RPMCANONCOLOR@ +RPMCANONGNU = @RPMCANONGNU@ +RPMCANONOS = @RPMCANONOS@ +RPMCANONVENDOR = @RPMCANONVENDOR@ +RPMCONFIGDIR = @RPMCONFIGDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +WITH_ACL_LIB = @WITH_ACL_LIB@ +WITH_BZ2_LIB = @WITH_BZ2_LIB@ +WITH_CAP_LIB = @WITH_CAP_LIB@ +WITH_DB_LIB = @WITH_DB_LIB@ +WITH_LIBELF_LIB = @WITH_LIBELF_LIB@ +WITH_LZMA_LIB = @WITH_LZMA_LIB@ +WITH_MAGIC_INCLUDE = @WITH_MAGIC_INCLUDE@ +WITH_MAGIC_LIB = @WITH_MAGIC_LIB@ +WITH_NSS_INCLUDE = @WITH_NSS_INCLUDE@ +WITH_NSS_LIB = @WITH_NSS_LIB@ +WITH_POPT_INCLUDE = @WITH_POPT_INCLUDE@ +WITH_POPT_LIB = @WITH_POPT_LIB@ +WITH_PYTHON_INCLUDE = @WITH_PYTHON_INCLUDE@ +WITH_PYTHON_LIB = @WITH_PYTHON_LIB@ +WITH_SELINUX_LIB = @WITH_SELINUX_LIB@ +WITH_SEMANAGE_LIB = @WITH_SEMANAGE_LIB@ +WITH_ZLIB_INCLUDE = @WITH_ZLIB_INCLUDE@ +WITH_ZLIB_LIB = @WITH_ZLIB_LIB@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +__BZIP2 = @__BZIP2@ +__CAT = @__CAT@ +__CC = @__CC@ +__CHGRP = @__CHGRP@ +__CHMOD = @__CHMOD@ +__CHOWN = @__CHOWN@ +__CP = @__CP@ +__CPIO = @__CPIO@ +__CURL = @__CURL@ +__FAKECHROOT = @__FAKECHROOT@ +__FILE = @__FILE@ +__GPG = @__GPG@ +__GREP = @__GREP@ +__GZIP = @__GZIP@ +__ID = @__ID@ +__INSTALL = @__INSTALL@ +__LD = @__LD@ +__LRZIP = @__LRZIP@ +__LZIP = @__LZIP@ +__MAKE = @__MAKE@ +__MKDIR = @__MKDIR@ +__MKDIR_P = @__MKDIR_P@ +__MV = @__MV@ +__NM = @__NM@ +__OBJCOPY = @__OBJCOPY@ +__OBJDUMP = @__OBJDUMP@ +__PATCH = @__PATCH@ +__PERL = @__PERL@ +__PGP = @__PGP@ +__PYTHON = @__PYTHON@ +__RESTORECON = @__RESTORECON@ +__RM = @__RM@ +__RSH = @__RSH@ +__SED = @__SED@ +__SEMODULE = @__SEMODULE@ +__SSH = @__SSH@ +__STRIP = @__STRIP@ +__TAR = @__TAR@ +__UNZIP = @__UNZIP@ +__XZ = @__XZ@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dirstamp = @dirstamp@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ + +# Internal binaries +rpmlibexecdir = $(prefix)/lib/rpm + +# Host independent config files +rpmconfigdir = $(prefix)/lib/rpm +AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) \ + -I$(top_builddir)/include/ -I$(top_srcdir)/misc \ + -DLOCALEDIR="\"$(localedir)\"" \ + -DSYSCONFDIR="\"$(sysconfdir)\"" \ + -DLOCALSTATEDIR="\"$(localstatedir)\"" \ + -DLIBRPMALIAS_FILENAME="\"rpmpopt-${VERSION}\"" +AM_LDFLAGS = -avoid-version -module -shared +pluginsdir = $(libdir)/rpm-plugins +plugins_LTLIBRARIES = exec.la sepolicy.la +exec_la_SOURCES = plugin.h exec.c +exec_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la +sepolicy_la_SOURCES = plugin.h sepolicy.c +sepolicy_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la @WITH_SELINUX_LIB@ @WITH_SEMANAGE_LIB@ +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/rpm.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign plugins/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign plugins/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginsLTLIBRARIES: $(plugins_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(pluginsdir)" || $(MKDIR_P) "$(DESTDIR)$(pluginsdir)" + @list='$(plugins_LTLIBRARIES)'; test -n "$(pluginsdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pluginsdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pluginsdir)"; \ + } + +uninstall-pluginsLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugins_LTLIBRARIES)'; test -n "$(pluginsdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pluginsdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pluginsdir)/$$f"; \ + done + +clean-pluginsLTLIBRARIES: + -test -z "$(plugins_LTLIBRARIES)" || rm -f $(plugins_LTLIBRARIES) + @list='$(plugins_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +exec.la: $(exec_la_OBJECTS) $(exec_la_DEPENDENCIES) + $(LINK) -rpath $(pluginsdir) $(exec_la_OBJECTS) $(exec_la_LIBADD) $(LIBS) +sepolicy.la: $(sepolicy_la_OBJECTS) $(sepolicy_la_DEPENDENCIES) + $(LINK) -rpath $(pluginsdir) $(sepolicy_la_OBJECTS) $(sepolicy_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exec.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sepolicy.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(pluginsdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginsLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginsLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginsLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginsLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginsLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginsLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/plugins/exec.c b/plugins/exec.c new file mode 100644 index 0000000..49a4cae --- /dev/null +++ b/plugins/exec.c @@ -0,0 +1,51 @@ +#include "plugin.h" + +#include <sys/wait.h> + +static char * options; +static char * name; + +rpmPluginHook PLUGIN_HOOKS = \ + PLUGINHOOK_INIT | \ + PLUGINHOOK_CLEANUP | \ + PLUGINHOOK_COLL_POST_ANY; + +rpmRC PLUGINHOOK_INIT_FUNC(rpmts ts, const char *name, const char *opts) +{ + options = strdup(opts); + name = strdup(name); + return RPMRC_OK; +} + +rpmRC PLUGINHOOK_CLEANUP_FUNC(void) +{ + options = _free(options); + name = _free(name); + return RPMRC_OK; +} + +rpmRC PLUGINHOOK_COLL_POST_ANY_FUNC(void) +{ + rpmRC rc = RPMRC_FAIL; + + if (rpmChrootIn()) { + goto exit; + } + + if (options) { + int status = system(options); + if (!WIFEXITED(status) || WEXITSTATUS(status)) { + rpmlog(RPMLOG_ERR, "%s collection action failed\n", name); + goto exit; + } + } + + rc = RPMRC_OK; + + exit: + if (rpmChrootOut()) { + rc = RPMRC_FAIL; + } + + return rc; +} diff --git a/plugins/plugin.h b/plugins/plugin.h new file mode 100644 index 0000000..5156f93 --- /dev/null +++ b/plugins/plugin.h @@ -0,0 +1,15 @@ +#include "system.h" + +#include <rpm/rpmlib.h> +#include <rpm/rpmlog.h> +#include <rpm/rpmts.h> + +#include "lib/rpmplugins.h" +#include "lib/rpmchroot.h" + +rpmRC PLUGINHOOK_INIT_FUNC(rpmts ts, const char * name, const char * opts); +rpmRC PLUGINHOOK_CLEANUP_FUNC(void); +rpmRC PLUGINHOOK_OPENTE_FUNC(rpmte te); +rpmRC PLUGINHOOK_COLL_POST_ANY_FUNC(void); +rpmRC PLUGINHOOK_COLL_POST_ADD_FUNC(void); +rpmRC PLUGINHOOK_COLL_PRE_REMOVE_FUNC(void); diff --git a/plugins/sepolicy.c b/plugins/sepolicy.c new file mode 100644 index 0000000..7f8ba5d --- /dev/null +++ b/plugins/sepolicy.c @@ -0,0 +1,680 @@ +#include "plugin.h" + +#if WITH_SELINUX + +#include <errno.h> +#include <selinux/selinux.h> +#include <semanage/semanage.h> +#include <sys/types.h> +#include <sys/wait.h> + +#include <rpm/rpmpol.h> +#include <rpm/rpmfileutil.h> +#include <rpm/rpmmacro.h> + +#include "rpmio/base64.h" +#include "lib/rpmte_internal.h" +#include "lib/rpmts_internal.h" /* rpmtsSELabelFoo() */ + +rpmPluginHook PLUGIN_HOOKS = \ + PLUGINHOOK_INIT | \ + PLUGINHOOK_CLEANUP | \ + PLUGINHOOK_OPENTE | \ + PLUGINHOOK_COLL_POST_ADD | \ + PLUGINHOOK_COLL_PRE_REMOVE; + +typedef enum sepolAction { + SEPOL_ACTION_IGNORE, + SEPOL_ACTION_INSTALL, + SEPOL_ACTION_REMOVE +} sepolAction; + +typedef struct sepol { + char *data; /*!< policy data */ + char *name; /*!< policy names */ + ARGV_t types; /*!< policy types */ + uint32_t flags; /*!< policy flags */ + sepolAction action; /*!< install/remove/ignore */ + struct sepol *next; /*!< next in linked list */ +} sepol; + +typedef struct sepoltrans { + int execsemodule; /*!< 0 = use libsemanage to install policy; non-zero = use semodule */ + semanage_handle_t *sh; /*!< handle to libsemanage, only used when execsemodule is zero */ + char *semodulepath; /*!< path to semodule binary */ + ARGV_t semodargs; /*!< argument list to pass to semodule, only used when execsemodule is non-zero */ + ARGV_t filelist; /*!< list of temporary files that have been written to disk during the transaction */ + int changes; /*!< number of changes made during the transaction */ +} sepoltrans; + + +static char * name; +static rpmts ts; + +static sepol * policiesHead; +static sepol * policiesTail; + + +static sepol *sepolNew(rpmte te); +static sepol *sepolFree(sepol * pol); +static int sepolHasType(const sepol * pol, const char *type); + +static rpmRC sepolPreparePolicies(sepol * pols, const char *policytype); +static rpmRC sepolWritePolicy(const sepol * pol, char **path); +static rpmRC sepolLoadPolicies(const sepol * pols); + +static sepoltrans *sepoltransNew(void); +static sepoltrans *sepoltransFree(sepoltrans * pt); + +static rpmRC sepoltransInstall(sepoltrans * pt, const sepol * pol); +static rpmRC sepoltransRemove(sepoltrans * pt, const sepol * pol); +static rpmRC sepoltransCommit(sepoltrans * pt); + + +static sepol *sepolNew(rpmte te) +{ + sepol *head = NULL; + sepol *ret = NULL; + sepolAction action; + Header h; + struct rpmtd_s policies, names, types, typesidx, flags; + int i, j; + int count; + + rpmtdReset(&policies); + rpmtdReset(&names); + rpmtdReset(&types); + rpmtdReset(&typesidx); + rpmtdReset(&flags); + + h = rpmteHeader(te); + if (!h) { + goto exit; + } + + if (!headerIsEntry(h, RPMTAG_POLICIES)) { + goto exit; + } + + if (!headerGet(h, RPMTAG_POLICIES, &policies, HEADERGET_MINMEM)) { + goto exit; + } + + count = rpmtdCount(&policies); + if (count <= 0) { + goto exit; + } + + if (!headerGet(h, RPMTAG_POLICYNAMES, &names, HEADERGET_MINMEM) + || rpmtdCount(&names) != count) { + goto exit; + } + + if (!headerGet(h, RPMTAG_POLICYFLAGS, &flags, HEADERGET_MINMEM) + || rpmtdCount(&flags) != count) { + goto exit; + } + + if (!headerGet(h, RPMTAG_POLICYTYPES, &types, HEADERGET_MINMEM)) { + goto exit; + } + + if (!headerGet(h, RPMTAG_POLICYTYPESINDEXES, &typesidx, HEADERGET_MINMEM) + || rpmtdCount(&types) != rpmtdCount(&typesidx)) { + goto exit; + } + + action = (rpmteType(te) == TR_ADDED) ? SEPOL_ACTION_INSTALL : SEPOL_ACTION_REMOVE; + + for (i = 0; i < count; i++) { + sepol *pol = xcalloc(1, sizeof(*pol)); + pol->next = head; + head = pol; + + pol->data = xstrdup(rpmtdNextString(&policies)); + pol->name = xstrdup(rpmtdNextString(&names)); + pol->flags = *rpmtdNextUint32(&flags); + pol->action = action; + + for (j = 0; j < rpmtdCount(&types); j++) { + uint32_t index = ((uint32_t *) typesidx.data)[j]; + if (index < 0 || index >= count) { + goto exit; + } + if (index != i) { + continue; + } + argvAdd(&pol->types, rpmtdNextString(&types)); + } + argvSort(pol->types, NULL); + } + + ret = head; + + exit: + headerFree(h); + + rpmtdFreeData(&policies); + rpmtdFreeData(&names); + rpmtdFreeData(&types); + rpmtdFreeData(&typesidx); + rpmtdFreeData(&flags); + + if (!ret) { + sepolFree(head); + } + + return ret; +} + +static sepol *sepolFree(sepol * pol) +{ + while (pol) { + sepol *next = pol->next; + + pol->data = _free(pol->data); + pol->name = _free(pol->name); + pol->types = argvFree(pol->types); + pol->next = NULL; + _free(pol); + + pol = next; + } + + return NULL; +} + +int sepolHasType(const sepol * pol, const char *type) +{ + if (!pol || !type) { + return 0; + } + + return (argvSearch(pol->types, type, NULL) != NULL) || + (argvSearch(pol->types, RPMPOL_TYPE_DEFAULT, NULL) != NULL); +} + +static rpmRC sepolPreparePolicies(sepol * pols, const char *policytype) +{ + sepol *pol; + rpmRC rc = RPMRC_OK; + + for (pol = pols; pol; pol = pol->next) { + if (!sepolHasType(pol, policytype)) { + pol->action = SEPOL_ACTION_IGNORE; + } + } + + return rc; +} + +static rpmRC sepolWritePolicy(const sepol * pol, char **path) +{ + char *tmppath = NULL; + FD_t fd = NULL; + char *policy = NULL; + size_t policylen; + rpmRC rc = RPMRC_FAIL; + + if (b64decode(pol->data, (void **) &policy, &policylen) != 0) { + rpmlog(RPMLOG_ERR, _("Failed to decode policy for %s\n"), + pol->name); + goto exit; + } + + fd = rpmMkTempFile(NULL, &tmppath); + if (fd == NULL || Ferror(fd)) { + rpmlog(RPMLOG_ERR, _("Failed to create temporary file for %s: %s\n"), + pol->name, strerror(errno)); + goto exit; + } + + if (!Fwrite(policy, sizeof(*policy), policylen, fd)) { + rpmlog(RPMLOG_ERR, _("Failed to write %s policy to file %s\n"), + pol->name, tmppath); + goto exit; + } + + *path = tmppath; + rc = RPMRC_OK; + + exit: + if (fd) + Fclose(fd); + _free(policy); + if (rc != RPMRC_OK) + _free(tmppath); + + return rc; +} + +static rpmRC sepolLoadPolicies(const sepol * pols) +{ + const sepol *pol; + sepoltrans *pt; + rpmRC rc = RPMRC_FAIL; + + pt = sepoltransNew(); + if (!pt) { + rc = RPMRC_FAIL; + goto err; + } + + for (pol = pols; pol; pol = pol->next) { + switch (pol->action) { + case SEPOL_ACTION_REMOVE: + rc = sepoltransRemove(pt, pol); + break; + case SEPOL_ACTION_INSTALL: + rc = sepoltransInstall(pt, pol); + break; + case SEPOL_ACTION_IGNORE: + default: + rc = RPMRC_OK; + break; + } + + if (rc != RPMRC_OK) { + goto err; + } + } + + rc = sepoltransCommit(pt); + if (rc != RPMRC_OK) { + goto err; + } + + err: + pt = sepoltransFree(pt); + + return rc; +} + +static sepoltrans *sepoltransNew(void) +{ + sepoltrans *pt = xcalloc(1, sizeof(*pt)); + pt->semodulepath = rpmExpand("%{__semodule}", NULL); + pt->execsemodule = (!rpmChrootDone() && access(pt->semodulepath, X_OK) == 0); + pt->changes = 0; + + if (pt->execsemodule) { + argvAdd(&pt->semodargs, "semodule"); + } else { + pt->sh = semanage_handle_create(); + if (!pt->sh) { + rpmlog(RPMLOG_ERR, _("Failed to create semanage handle\n")); + goto err; + } + semanage_set_create_store(pt->sh, 1); + semanage_set_check_contexts(pt->sh, 0); + if (semanage_connect(pt->sh) < 0) { + rpmlog(RPMLOG_ERR, _("Failed to connect to policy handler\n")); + goto err; + } + if (semanage_begin_transaction(pt->sh) < 0) { + rpmlog(RPMLOG_ERR, _("Failed to begin policy transaction: %s\n"), + errno ? strerror(errno) : ""); + goto err; + } + semanage_set_reload(pt->sh, !rpmChrootDone()); + } + + return pt; + + err: + if (pt->sh) { + if (semanage_is_connected(pt->sh)) { + semanage_disconnect(pt->sh); + } + semanage_handle_destroy(pt->sh); + } + pt = _free(pt); + + return pt; +} + +static sepoltrans *sepoltransFree(sepoltrans * pt) +{ + ARGV_t file; + + if (!pt) { + return NULL; + } + + for (file = pt->filelist; file && *file; file++) { + if (unlink(*file) < 0) { + rpmlog(RPMLOG_WARNING, _("Failed to remove temporary policy file %s: %s\n"), + *file, strerror(errno)); + } + } + argvFree(pt->filelist); + + if (pt->execsemodule) { + argvFree(pt->semodargs); + } else { + semanage_disconnect(pt->sh); + semanage_handle_destroy(pt->sh); + } + + pt->semodulepath = _free(pt->semodulepath); + + pt = _free(pt); + return NULL; +} + +static rpmRC sepoltransInstall(sepoltrans * pt, const sepol * pol) +{ + rpmRC rc = RPMRC_OK; + char *path = NULL; + + rc = sepolWritePolicy(pol, &path); + if (rc != RPMRC_OK) { + return rc; + } + argvAdd(&pt->filelist, path); + + if (pt->execsemodule) { + const char *flag = (pol->flags & RPMPOL_FLAG_BASE) ? "-b" : "-i"; + if (argvAdd(&pt->semodargs, flag) < 0 || argvAdd(&pt->semodargs, path) < 0) { + rc = RPMRC_FAIL; + } + } else { + if (pol->flags & RPMPOL_FLAG_BASE) { + if (semanage_module_install_base_file(pt->sh, path) < 0) { + rc = RPMRC_FAIL; + } + } else { + if (semanage_module_install_file(pt->sh, path) < 0) { + rc = RPMRC_FAIL; + } + } + } + + if (rc != RPMRC_OK) { + rpmlog(RPMLOG_ERR, _("Failed to install policy module: %s (%s)\n"), + pol->name, path); + } else { + pt->changes++; + } + + _free(path); + + return rc; +} + +static rpmRC sepoltransRemove(sepoltrans * pt, const sepol * pol) +{ + rpmRC rc = RPMRC_OK; + + if (pol->flags & RPMPOL_FLAG_BASE) { + return RPMRC_FAIL; + } + + if (pt->execsemodule) { + if (argvAdd(&pt->semodargs, "-r") < 0 || argvAdd(&pt->semodargs, pol->name) < 0) { + rc = RPMRC_FAIL; + } + } else { + if (semanage_module_remove(pt->sh, (char *) pol->name) < 0) { + rc = RPMRC_FAIL; + } + } + + if (rc != RPMRC_OK) { + rpmlog(RPMLOG_ERR, _("Failed to remove policy module: %s\n"), + pol->name); + } else { + pt->changes++; + } + + return rc; +} + +static rpmRC sepoltransCommit(sepoltrans * pt) +{ + rpmRC rc = RPMRC_OK; + + if (pt->changes == 0) { + return rc; + } + + if (pt->execsemodule) { + int status; + pid_t pid = fork(); + int fd; + + switch (pid) { + case -1: + rpmlog(RPMLOG_ERR, _("Failed to fork process: %s\n"), + strerror(errno)); + rc = RPMRC_FAIL; + break; + case 0: + fd = open("/dev/null", O_RDWR); + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + dup2(fd, STDERR_FILENO); + execv(pt->semodulepath, pt->semodargs); + rpmlog(RPMLOG_ERR, _("Failed to execute %s: %s\n"), + pt->semodulepath, strerror(errno)); + exit(1); + default: + waitpid(pid, &status, 0); + if (!WIFEXITED(status)) { + rpmlog(RPMLOG_ERR, _("%s terminated abnormally\n"), + pt->semodulepath); + rc = RPMRC_FAIL; + } else if (WEXITSTATUS(status)) { + rpmlog(RPMLOG_ERR, _("%s failed with exit code %i\n"), + pt->semodulepath, WEXITSTATUS(status)); + rc = RPMRC_FAIL; + } + } + } else { + if (semanage_commit(pt->sh) < 0) { + rpmlog(RPMLOG_ERR, _("Failed to commit policy changes\n")); + rc = RPMRC_FAIL; + } + } + + return rc; +} + +static rpmRC sepolRelabelFiles(void) +{ + rpmRC rc = RPMRC_OK; + pid_t pid; + int fd; + int status; + char *restoreconPath = rpmExpand("%{__restorecon}", NULL); + + if (!restoreconPath) { + rpmlog(RPMLOG_ERR, _("Failed to expand restorecon path")); + return RPMRC_FAIL; + } + + /* execute restorecon -R / */ + pid = fork(); + switch (pid) { + case -1: + rpmlog(RPMLOG_ERR, _("Failed to fork process: %s\n"), + strerror(errno)); + rc = RPMRC_FAIL; + break; + case 0: + fd = open("/dev/null", O_RDWR); + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + dup2(fd, STDERR_FILENO); + execl(restoreconPath, "restorecon", "-R", "/", NULL); + rpmlog(RPMLOG_ERR, _("Failed to execute %s: %s\n"), restoreconPath, + strerror(errno)); + exit(1); + default: + waitpid(pid, &status, 0); + if (!WIFEXITED(status)) { + rpmlog(RPMLOG_ERR, _("%s terminated abnormally\n"), + restoreconPath); + rc = RPMRC_FAIL; + } else if (WEXITSTATUS(status)) { + rpmlog(RPMLOG_ERR, _("%s failed with exit code %i\n"), + restoreconPath, WEXITSTATUS(status)); + rc = RPMRC_FAIL; + } + } + + _free(restoreconPath); + + return rc; +} + +static rpmRC sepolGo() +{ + semanage_handle_t *sh; + int existingPolicy; + char *policytype = NULL; + rpmRC rc = RPMRC_FAIL; + + static int performed = 0; + if (performed) { + return RPMRC_OK; + } + performed = 1; + + if (rpmChrootIn()) { + goto exit; + } + + if (selinux_getpolicytype(&policytype) < 0) { + goto exit; + } + + sepolPreparePolicies(policiesHead, policytype); + + /* determine if this is the first time installing policy */ + sh = semanage_handle_create(); + existingPolicy = (semanage_is_managed(sh) == 1); + semanage_handle_destroy(sh); + + /* now load the policies */ + rc = sepolLoadPolicies(policiesHead); + + /* re-init selinux and re-read the files contexts, since things may have changed */ + selinux_reset_config(); + if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) { + if (rpmtsSELabelInit(ts, selinux_file_context_path()) == RPMRC_OK) { + /* if this was the first time installing policy, every package before + * policy was installed will be mislabeled (e.g. semodule). So, relabel + * the entire filesystem if this is the case */ + if (!existingPolicy) { + if (sepolRelabelFiles() != RPMRC_OK) { + rpmlog(RPMLOG_WARNING, _("Failed to relabel filesystem. Files may be mislabeled\n")); + } + } + } else { + rpmlog(RPMLOG_WARNING, _("Failed to reload file contexts. Files may be mislabeled\n")); + } + } + + exit: + if (rpmChrootOut()) { + rc = RPMRC_FAIL; + } + + _free(policytype); + + return rc; +} + +static rpmRC sepolAddTE(rpmte te) +{ + sepol *pol; + sepol *polTail; + + if (!rpmteHasCollection(te, name)) { + return RPMRC_OK; + } + + pol = sepolNew(te); + if (!pol) { + /* something's wrong with the policy information, either missing or + * corrupt. abort */ + rpmlog(RPMLOG_ERR, _("Failed to extract policy from %s\n"), + rpmteNEVRA(te)); + return RPMRC_FAIL; + } + + /* find the tail of pol */ + polTail = pol; + while (polTail->next) { + polTail = polTail->next; + } + + /* add the new policy to the list */ + if (!policiesHead) { + policiesHead = pol; + policiesTail = polTail; + } else { + if (rpmteType(te) == TR_ADDED) { + /* add to the end of the list */ + policiesTail->next = pol; + policiesTail = polTail; + } else { + /* add to the beginning of the list */ + polTail->next = policiesHead; + policiesHead = pol; + } + } + + return RPMRC_OK; +} + +#endif /* WITH_SELINUX */ + + +rpmRC PLUGINHOOK_INIT_FUNC(rpmts _ts, const char *_name, const char *_opts) +{ +#if WITH_SELINUX + ts = _ts; + name = strdup(_name); + policiesHead = policiesTail = NULL; +#endif + return RPMRC_OK; +} + +rpmRC PLUGINHOOK_CLEANUP_FUNC(void) +{ +#if WITH_SELINUX + _free(name); + ts = NULL; + policiesHead = policiesTail = sepolFree(policiesHead); +#endif + return RPMRC_OK; +} + +rpmRC PLUGINHOOK_OPENTE_FUNC(rpmte te) +{ + rpmRC rc = RPMRC_OK; +#if WITH_SELINUX + rc = sepolAddTE(te); +#endif + return rc; +} + +rpmRC PLUGINHOOK_COLL_POST_ADD_FUNC(void) +{ + rpmRC rc = RPMRC_OK; +#if WITH_SELINUX + rc = sepolGo(); +#endif + return rc; +} + +rpmRC PLUGINHOOK_COLL_PRE_REMOVE_FUNC(void) +{ + rpmRC rc = RPMRC_OK; +#if WITH_SELINUX + rc = sepolGo(); +#endif + return rc; +} |