- Base64 is present in headers and all, it's only reasonable that
our API users have access to this functionality without having
to link to other libraries. Even if we didn't want to carry the
implementation forever in our codebase, we should provide a wrapping
for this (much like the other crypto stuff) for the reason stated above.
- A bigger issue is that our dirty little (badly hidden) secret was using
non-namespaced function names, clashing with at least beecrypt. And we
couldn't have made these internal-only symbols even on platforms that
support it, because they are used all over the place outside rpmio.
So... rename the b64 functions to rpmLikeNamingStyle and make 'em public.
No functional changes, just trivial renaming despite touching numerous
places.
- Having an err label which we fall through on success too seems
a bit funny, rename the label to exit
- Initialize the sepoltrans at declaration already
- Remove redundant RPMRC_FAIL assignment on sepoltransNew() fail
case, this already assumes failure
- Remove redundant jump to exit from sepoltransCommit() error
- Eliminate trailing dead NULL assignment of the local pt variable
- The sepolicy plugin needs them so the symbols can't be hidden, but
these are not something external API-users should be messing with.
- Ultimately we'll want to push the actual labeling from FSM to
the plugin, insulating rpm from all SELinux specifics, this is
just a band-aid temporary "solution" to keep this out of the API.
This adds a new plugin specifically for a collection to load SELinux
policy. This implements the post_add and pre_remove plugin hooks. The
only time anything happens during the pre_remove hook is if post_add was
not called (i.e. if the transaction only removes policies).
This plugin extracts all the policy information from packages in the
sepolicy collection during the open te hook. It then determines which
policies should be installed/removed based on if the package is being
installed/removed and the type of the policy and the system policy. It
then executes semodule (or uses libsemanage if semodule cannot be
executed or installing in a chroot) to remove and install the necessary
policies. It then reloads the selinux state, reloads the file contexts,
and if necessary, relabels the file system.
Panu Matilainen