fixes to commit 847d27b8385ce77ac71df8aa58a2d298b33d1ea4

- implicit declaration of semanage_module_enabled() - added nicer error messages when disabling or enabling modules already disabled or enabled - fix comment Signed-off-by: Joshua Brindle <method@manicmethod.com>
fedora-selinux · Mar 6, 2010 · c1323f2 · c1323f2
1 parent 654dcb8
commit c1323f2
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 17 deletions.
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
@@ -1304,8 +1304,14 @@ static int semanage_direct_enable(semanage_handle_t * sh, char *module_name)
 			goto cleanup;
 		}
 		base++;
-		if (memcmp(module_name, base, name_len) == 0 &&
-		    strcmp(base + name_len + 3, DISABLESTR) == 0) {
+		if (memcmp(module_name, base, name_len) == 0) {
+
+			if(strcmp(base + name_len + 3, DISABLESTR) != 0) {
+				ERR(sh, "Module %s is already enabled.", module_name);
+				retval = -2;
+				goto cleanup;
+			}
+
 			int len = strlen(module_filenames[i]) - strlen(DISABLESTR);
 			char *enabled_name = calloc(1, len+1);
 			if (!enabled_name) {
@@ -1336,7 +1342,7 @@ static int semanage_direct_enable(semanage_handle_t * sh, char *module_name)
 	return retval;
 }
 
-/* Enables a module from the sandbox.  Returns 0 on success, -1 if out
+/* Disables a module from the sandbox.  Returns 0 on success, -1 if out
  * of memory, -2 if module not found or could not be enabled. */
 static int semanage_direct_disable(semanage_handle_t * sh, char *module_name)
 {
@@ -1356,23 +1362,28 @@ static int semanage_direct_disable(semanage_handle_t * sh, char *module_name)
 			goto cleanup;
 		}
 		base++;
-		if (memcmp(module_name, base, name_len) == 0 &&
-		    strcmp(base + name_len, ".pp") == 0) {
-			char disabled_name[PATH_MAX];
-			if (snprintf(disabled_name, PATH_MAX, "%s%s", 
-				     module_filenames[i], DISABLESTR) == PATH_MAX) {
-				ERR(sh, "Could not disable module file %s.",
-				    module_filenames[i]);
+		if (memcmp(module_name, base, name_len) == 0) {
+			if (strcmp(base + name_len + 3, DISABLESTR) == 0) {
+				ERR(sh, "Module %s is already disabled.", module_name);
 				retval = -2;
 				goto cleanup;
+			} else if (strcmp(base + name_len, ".pp") == 0) {
+				char disabled_name[PATH_MAX];
+				if (snprintf(disabled_name, PATH_MAX, "%s%s", 
+							module_filenames[i], DISABLESTR) == PATH_MAX) {
+					ERR(sh, "Could not disable module file %s.",
+							module_filenames[i]);
+					retval = -2;
+					goto cleanup;
+				}
+				if (rename(module_filenames[i], disabled_name) == -1) {
+					ERR(sh, "Could not disable module file %s.",
+							module_filenames[i]);
+					retval = -2;
+				}
+				retval = 0;
+				goto cleanup;
 			}
-			if (rename(module_filenames[i], disabled_name) == -1) {
-				ERR(sh, "Could not disable module file %s.",
-				    module_filenames[i]);
-				retval = -2;
-			}
-			retval = 0;
-			goto cleanup;
 		}
 	}
 	ERR(sh, "Module %s was not found.", module_name);

diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
@@ -84,6 +84,7 @@ int semanage_make_sandbox(semanage_handle_t * sh);
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
 
+int semanage_module_enabled(const char *file);
 /* lock file routines */
 int semanage_get_trans_lock(semanage_handle_t * sh);
 int semanage_get_active_lock(semanage_handle_t * sh);