summaryrefslogtreecommitdiff
path: root/lib/rpmts.c
diff options
context:
space:
mode:
authorSteve Lawrence <slawrence@tresys.com>2010-08-30 16:32:30 -0400
committerPanu Matilainen <pmatilai@redhat.com>2010-09-01 09:30:51 +0300
commit34b5d67c2d3d68a48f0975dc6111a8c184d1c2dd (patch)
treee58f17ba0e83e9a17c88f6ba77380ff30e48c0cc /lib/rpmts.c
parent383e27564853fd4c387ca1d4a69f223140a0daca (diff)
downloadlibrpm-tizen-34b5d67c2d3d68a48f0975dc6111a8c184d1c2dd.tar.gz
librpm-tizen-34b5d67c2d3d68a48f0975dc6111a8c184d1c2dd.tar.bz2
librpm-tizen-34b5d67c2d3d68a48f0975dc6111a8c184d1c2dd.zip
Use selabel interfaces instead of matchpathcon
This replaces the old matchpathcon interfaces with the new selabel interfaces for relabeling files, storing an selabel handle in the transaction set. With this change, also comes an added distinction between --nocontexts being specified and a failure to read the load file contexts. Previously, there was no distinction, and both cases used the RPMTRANS_FLAG_NOCONTEXTS flag. However, with the new policy plugin, it is necessary to make such a distinction. This is because matchpathcon_init (now selabel interfaces) can fail at the beginning of the transaction, but succeed later after new policy is installed. Because of this, we may need to enable/disable RPMTRANS_FLAG_NOCONTEXTS multiple times. However, because this flag could also mean --nocontexts, we cannot do that. By storing the selabel handle in the rpmts, we can easily keep track if the handle has been successfully created, rather than overloading RPMTRANS_FLAG_NOCONTEXTS with two meanings.
Diffstat (limited to 'lib/rpmts.c')
-rw-r--r--lib/rpmts.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/lib/rpmts.c b/lib/rpmts.c
index 506742e1c..d225f833e 100644
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -688,6 +688,49 @@ void rpmtsSetScriptFd(rpmts ts, FD_t scriptFd)
}
}
+struct selabel_handle * rpmtsSELabelHandle(rpmts ts)
+{
+#if WITH_SELINUX
+ if (ts != NULL) {
+ return ts->selabelHandle;
+ }
+#endif
+ return NULL;
+}
+
+rpmRC rpmtsSELabelInit(rpmts ts, const char *path)
+{
+#if WITH_SELINUX
+ if (ts == NULL || path == NULL) {
+ return RPMRC_FAIL;
+ }
+
+ struct selinux_opt opts[] = {
+ {SELABEL_OPT_PATH, path}
+ };
+
+ if (ts->selabelHandle) {
+ rpmtsSELabelFini(ts);
+ }
+ ts->selabelHandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
+
+ if (!ts->selabelHandle) {
+ return RPMRC_FAIL;
+ }
+#endif
+ return RPMRC_OK;
+}
+
+void rpmtsSELabelFini(rpmts ts)
+{
+#if WITH_SELINUX
+ if (ts && ts->selabelHandle) {
+ selabel_close(ts->selabelHandle);
+ ts->selabelHandle = NULL;
+ }
+#endif
+}
+
rpm_tid_t rpmtsGetTid(rpmts ts)
{
rpm_tid_t tid = (rpm_tid_t)-1; /* XXX -1 is time(2) error return. */
@@ -906,6 +949,8 @@ rpmts rpmtsCreate(void)
ts->rootDir = NULL;
ts->keyring = NULL;
+ ts->selabelHandle = NULL;
+
ts->nrefs = 0;
ts->plugins = rpmpluginsNew(ts);