From 185991a5cde37bada18e68bc236c9a81c96a00f2 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 25 Apr 2025 15:44:06 +0200 Subject: [PATCH] lib/: add SELinux control flag in commonio_unlock() Expand commonio_unlock() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- lib/commonio.c | 4 ++-- lib/commonio.h | 2 +- lib/groupio.c | 2 +- lib/pwio.c | 2 +- lib/sgroupio.c | 2 +- lib/shadowio.c | 2 +- lib/subordinateio.c | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c index 011279801..effe1f7a7 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -467,13 +467,13 @@ static void dec_lock_count (void) } -int commonio_unlock (struct commonio_db *db) +int commonio_unlock (struct commonio_db *db, bool process_selinux) { char lock[1029]; if (db->isopen) { db->readonly = true; - if (commonio_close (db, true) == 0) { + if (commonio_close (db, process_selinux) == 0) { if (db->locked) { dec_lock_count (); } diff --git a/lib/commonio.h b/lib/commonio.h index dadc05008..8b8f5cf47 100644 --- a/lib/commonio.h +++ b/lib/commonio.h @@ -139,7 +139,7 @@ extern int commonio_remove (struct commonio_db *, const char *); extern int commonio_rewind (struct commonio_db *); extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *); extern int commonio_close (struct commonio_db *, bool); -extern int commonio_unlock (struct commonio_db *); +extern int commonio_unlock (struct commonio_db *, bool); extern void commonio_del_entry (struct commonio_db *, const struct commonio_entry *); extern int commonio_sort_wrt (struct commonio_db *shadow, diff --git a/lib/groupio.c b/lib/groupio.c index b5a587aa2..b47d26fc0 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -192,7 +192,7 @@ int gr_close (bool process_selinux) int gr_unlock (void) { - return commonio_unlock (&group_db); + return commonio_unlock (&group_db, true); } void __gr_set_changed (void) diff --git a/lib/pwio.c b/lib/pwio.c index cda2a21ca..ea2324af9 100644 --- a/lib/pwio.c +++ b/lib/pwio.c @@ -165,7 +165,7 @@ int pw_close (bool process_selinux) int pw_unlock (void) { - return commonio_unlock (&passwd_db); + return commonio_unlock (&passwd_db, true); } /*@null@*/struct commonio_entry *__pw_get_head (void) diff --git a/lib/sgroupio.c b/lib/sgroupio.c index f2a5bdaaf..349638522 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -287,7 +287,7 @@ int sgr_close (bool process_selinux) int sgr_unlock (void) { - return commonio_unlock (&gshadow_db); + return commonio_unlock (&gshadow_db, true); } void __sgr_set_changed (void) diff --git a/lib/shadowio.c b/lib/shadowio.c index 903dcf38f..efa33b5bf 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -213,7 +213,7 @@ int spw_unlock (void) if (!getdef_bool ("USE_TCB")) { #endif /* WITH_TCB */ - return commonio_unlock (&shadow_db); + return commonio_unlock (&shadow_db, true); #ifdef WITH_TCB } if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) { diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 405bd2c09..44393d033 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -676,7 +676,7 @@ int sub_uid_close (bool process_selinux) int sub_uid_unlock (void) { - return commonio_unlock (&subordinate_uid_db); + return commonio_unlock (&subordinate_uid_db, true); } uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count) @@ -814,7 +814,7 @@ int sub_gid_close (bool process_selinux) int sub_gid_unlock (void) { - return commonio_unlock (&subordinate_gid_db); + return commonio_unlock (&subordinate_gid_db, true); } gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count) -- 2.47.3