Invert the check for upgrading and early return to remove a level of
nesting. Also, significantly simplify both the construction and the
execution of the semodule command used to remove modules; semodule
supports multiple module arguments passed straight after a single `-r`
argument, allowing us to just use ${MODS} directly.Signed-off-by: Rahul Sandhu <[email protected]> --- eclass/selinux-policy-2.eclass | 58 ++++++++++++++++------------------ 1 file changed, 28 insertions(+), 30 deletions(-) diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass index 96e0ae40f1ca..cd440cc41859 100644 --- a/eclass/selinux-policy-2.eclass +++ b/eclass/selinux-policy-2.eclass @@ -429,41 +429,39 @@ selinux-policy-2_pkg_postinst() { # deactivating the policy on the system. selinux-policy-2_pkg_postrm() { # Only if we are not upgrading - if [[ -z "${REPLACED_BY_VERSION}" ]]; then - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ -n ${ROOT} ]]; then - root_opts="-p ${ROOT} -n" - fi - - # build up the command in the case of multiple modules - local COMMAND - for i in ${MODS}; do - COMMAND="-r ${i} ${COMMAND}" - done + if [[ -n "${REPLACED_BY_VERSION}" ]]; then + return + fi - _selinux_postrm() { - einfo "Removing the following modules from the ${1} module store: ${MODS}" + # Set root path and don't load policy into the kernel when cross compiling + local root_opts=() + if [[ -n ${ROOT} ]]; then + root_opts=( '-p' "${ROOT}" '-n' ) + fi - semodule ${root_opts} -s "${1}" ${COMMAND} - if [[ $? -ne 0 ]]; then - ewarn "SELinux module unload failed." - else - einfo "SELinux modules unloaded successfully." - fi - } + _selinux_postrm() { + einfo "Removing the following modules from the ${1} module store: ${MODS}" - if [[ "${EAPI}" = 7 ]]; then - for i in ${POLICY_TYPES}; do - _selinux_postrm "${i}" - done + # We rely on ${MODS} being split as it's not a bash array. SELinux modules + # can't contain whitespace anyway, so splitting is fine here. + # shellcheck disable=SC2086 + if semodule "${root_opts[@]}" -s "${1}" -r ${MODS}; then + einfo "SELinux modules unloaded successfully." else - for i in targeted strict mcs mls; do - if use "selinux_policy_types_${i}"; then - _selinux_postrm "${i}" - fi - done + ewarn "SELinux module unload failed." fi + } + + if [[ "${EAPI}" = 7 ]]; then + for i in ${POLICY_TYPES}; do + _selinux_postrm "${i}" + done + else + for i in targeted strict mcs mls; do + if use "selinux_policy_types_${i}"; then + _selinux_postrm "${i}" + fi + done fi } -- 2.50.1
