From aa848d39e856a406edaf6167627871b4d6728d5f Mon Sep 17 00:00:00 2001
From: Jeremy Katz <katzj@redhat.com>
Date: Tue, 10 Feb 2004 19:26:41 +0000
Subject: load selinux policy from the loader

---
 loader2/loader.c | 35 ++++++++++++++++++++++++++++++++++-
 loader2/loader.h |  2 ++
 2 files changed, 36 insertions(+), 1 deletion(-)

(limited to 'loader2')

diff --git a/loader2/loader.c b/loader2/loader.c
index 3e63cf455..88de2b938 100644
--- a/loader2/loader.c
+++ b/loader2/loader.c
@@ -11,7 +11,7 @@
  * Michael Fulbright <msf@redhat.com>
  * Jeremy Katz <katzj@redhat.com>
  *
- * Copyright 1997 - 2003 Red Hat, Inc.
+ * Copyright 1997 - 2004 Red Hat, Inc.
  *
  * This software may be freely redistributed under the terms of the GNU
  * General Public License.
@@ -558,6 +558,8 @@ static int parseCmdLineFlags(int flags, struct loaderData_s * loaderData,
             loaderData->ethtool = strdup(argv[i] + 8);
         else if (!strncasecmp(argv[i], "allowcddma", 10))
             flags |= LOADER_FLAGS_ENABLECDDMA;
+        else if (!strncasecmp(argv[i], "selinux=0", 9))
+            flags |= LOADER_FLAGS_NOSELINUX;
         else if (numExtraArgs < (MAX_EXTRA_ARGS - 1)) {
             /* go through and append args we just want to pass on to */
             /* the anaconda script, but don't want to represent as a */
@@ -1332,6 +1334,37 @@ int main(int argc, char ** argv) {
     if (access("/tmp/updates", F_OK))
 	mkdirChain("/tmp/updates");
 
+    /* now load SELinux policy before exec'ing anaconda (unless we've
+     * specified not to */
+    if (!FL_NOSELINUX(flags)) {
+        char * fn;
+        int pid;
+
+        if (!access("/tmp/updates/policy.15", R_OK))
+            fn = strdup("/tmp/updates/policy.15");
+        else if (!access("/mnt/source/RHupdates/policy.15", R_OK))
+            fn = strdup("/mnt/source/RHupdates/policy.15");
+        else 
+            fn = strdup("/mnt/runtime/etc/security/selinux/policy.15");
+
+        logMessage("Loading SELinux policy from %s", fn);
+        if (!(pid = fork())) {
+            setenv("LD_LIBRARY_PATH", LIBPATH, 1);
+            if (mount("/selinux", "/selinux", "selinuxfs", 0, NULL)) {
+                logMessage("failed to mount /selinux: %s", strerror(errno));
+                exit(1);
+            } else {
+                execl("/usr/sbin/load_policy", 
+                      "/usr/sbin/load_policy", fn, NULL);
+                logMessage("exec of load_policy failed: %s", strerror(errno));
+                exit(1);
+            }
+        }
+
+        waitpid(pid, NULL, 0);
+        free(fn);
+    }
+
     logMessage("Running anaconda script %s", *(argptr-1));
     
     *argptr++ = "-m";
diff --git a/loader2/loader.h b/loader2/loader.h
index db005ab83..cd13ecaeb 100644
--- a/loader2/loader.h
+++ b/loader2/loader.h
@@ -34,6 +34,7 @@
 #define LOADER_FLAGS_GRAPHICAL		(1 << 29)
 /* FIXME: this should go away */
 #define LOADER_FLAGS_ENABLECDDMA       	(1 << 13)
+#define LOADER_FLAGS_NOSELINUX          (1 << 14)
 
 #define FL_TESTING(a)	    ((a) & LOADER_FLAGS_TESTING)
 #define FL_EXPERT(a)	    ((a) & LOADER_FLAGS_EXPERT)
@@ -64,6 +65,7 @@
 #define FL_CMDLINE(a)	    ((a) & LOADER_FLAGS_CMDLINE)
 /* FIXME: this should go away */
 #define FL_ENABLECDDMA(a)   ((a) & LOADER_FLAGS_ENABLECDDMA)
+#define FL_NOSELINUX(a)     ((a) & LOADER_FLAGS_NOSELINUX)
 
 
 void startNewt(int flags);
-- 
cgit