Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[William Roberts]

On Sun, Oct 1, 2017 at 8:43 AM, Vit Mojzis  wrote:
>
>
> On 27.9.2017 19:04, William Roberts wrote:
>>
>> 2017-09-27 1:16 GMT-07:00 Vit Mojzis :
>>>
>>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>>> ---
>>>   libsemanage/include/semanage/fcontexts_policy.h |  4 
>>>   libsemanage/src/direct_api.c|  6 ++
>>>   libsemanage/src/fcontexts_policy.c  |  8 
>>>   libsemanage/src/handle.h| 19
>>> +--
>>>   4 files changed, 31 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
>>> b/libsemanage/include/semanage/fcontexts_policy.h
>>> index a50db2b..199a1e1 100644
>>> --- a/libsemanage/include/semanage/fcontexts_policy.h
>>> +++ b/libsemanage/include/semanage/fcontexts_policy.h
>>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t *
>>> handle,
>>>semanage_fcontext_t *** records,
>>>unsigned int *count);
>>>
>>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>>> + semanage_fcontext_t *** records,
>>> + unsigned int *count);
>>> +
>>>   #endif
>>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
>>> index 65842df..886a228 100644
>>> --- a/libsemanage/src/direct_api.c
>>> +++ b/libsemanage/src/direct_api.c
>>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
>>>   semanage_fcontext_dbase_local(sh))
>>> < 0)
>>>  goto err;
>>>
>>> +   if (fcontext_file_dbase_init(sh,
>>> +selinux_file_context_homedir_path(),
>>> +selinux_file_context_homedir_path(),
>>> +
>>> semanage_fcontext_dbase_homedirs(sh)) < 0)
>>> +   goto err;
>>> +
>>>  if (seuser_file_dbase_init(sh,
>>> semanage_path(SEMANAGE_ACTIVE,
>>>
>>> SEMANAGE_SEUSERS_LOCAL),
>>> diff --git a/libsemanage/src/fcontexts_policy.c
>>> b/libsemanage/src/fcontexts_policy.c
>>> index 0b063b1..98490ab 100644
>>> --- a/libsemanage/src/fcontexts_policy.c
>>> +++ b/libsemanage/src/fcontexts_policy.c
>>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
>>>  dbase_config_t *dconfig =
>>> semanage_fcontext_dbase_policy(handle);
>>>  return dbase_list(handle, dconfig, records, count);
>>>   }
>>> +
>>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>>> +  semanage_fcontext_t *** records, unsigned int
>>> *count)
>>> +{
>>> +
>>> +   dbase_config_t *dconfig =
>>> semanage_fcontext_dbase_homedirs(handle);
>>> +   return dbase_list(handle, dconfig, records, count);
>>> +}
>>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
>>> index 889871d..1780ac8 100644
>>> --- a/libsemanage/src/handle.h
>>> +++ b/libsemanage/src/handle.h
>>> @@ -79,7 +79,7 @@ struct semanage_handle {
>>>  struct semanage_policy_table *funcs;
>>>
>>>  /* Object databases */
>>> -#define DBASE_COUNT  23
>>> +#define DBASE_COUNT  24
>>>
>>>   /* Local modifications */
>>>   #define DBASE_LOCAL_USERS_BASE  0
>>> @@ -102,13 +102,14 @@ struct semanage_handle {
>>>   #define DBASE_POLICY_INTERFACES  15
>>>   #define DBASE_POLICY_BOOLEANS16
>>>   #define DBASE_POLICY_FCONTEXTS   17
>>> -#define DBASE_POLICY_SEUSERS 18
>>> -#define DBASE_POLICY_NODES   19
>>> -#define DBASE_POLICY_IBPKEYS 20
>>> -#define DBASE_POLICY_IBENDPORTS  21
>>> +#define DBASE_POLICY_FCONTEXTS_H 18
>>> +#define DBASE_POLICY_SEUSERS 19
>>> +#define DBASE_POLICY_NODES   20
>>> +#define DBASE_POLICY_IBPKEYS 21
>>> +#define DBASE_POLICY_IBENDPORTS  22
>>>
>>>   /* Active kernel policy */
>>> -#define DBASE_ACTIVE_BOOLEANS22
>>> +#define DBASE_ACTIVE_BOOLEANS23
>>
>> Any particular reason to reassign all these defines instead
>> of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
>> setting DBASE_ACTIVE_BOOLEANS to 23 other than just
>> to have DBASE_POLICY_FCONTEXTS_H follow
>> DBASE_POLICY_FCONTEXTS?
>
> Nope, just to keep organized .
> Should I set it to 22 instead?
>

I don't have a major gripe with that other than it makes the patch larger
than needed.

>>
>> I'm also assuming, after looking at the code, that the database
>> itself is built every time so versioning mismatches are not a worry.
>>
>>>  dbase_config_t dbase[DBASE_COUNT];
>>>   };
>>>
>>> @@ -236,6 +237,12 @@ static inline
>>>   }
>>>
>>>   static inline
>>> +dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t
>>> * handle)
>>> +{
>>> +   return >dbase[DBASE_POLICY_FCONTEXTS_H];
>>> +}
>>> +
>>> +static inline
>>>   dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t *
>>> handle)

[PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file

[Vit Mojzis]

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
 libsemanage/include/semanage/fcontexts_policy.h |  4 
 libsemanage/src/direct_api.c|  6 ++
 libsemanage/src/fcontexts_policy.c  |  8 
 libsemanage/src/handle.h| 19 +--
 4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/libsemanage/include/semanage/fcontexts_policy.h 
b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
  semanage_fcontext_t *** records,
  unsigned int *count);
 
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
 #endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 971a08f..334267d 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
 semanage_fcontext_dbase_local(sh)) < 0)
goto err;
 
+   if (fcontext_file_dbase_init(sh,
+semanage_path(SEMANAGE_ACTIVE, 
SEMANAGE_STORE_FC_HOMEDIRS),
+semanage_path(SEMANAGE_TMP, 
SEMANAGE_STORE_FC_HOMEDIRS),
+semanage_fcontext_dbase_homedirs(sh)) < 0)
+   goto err;
+
if (seuser_file_dbase_init(sh,
   semanage_path(SEMANAGE_ACTIVE,
 SEMANAGE_SEUSERS_LOCAL),
diff --git a/libsemanage/src/fcontexts_policy.c 
b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
return dbase_list(handle, dconfig, records, count);
 }
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+  semanage_fcontext_t *** records, unsigned int *count)
+{
+
+   dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+   return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
struct semanage_policy_table *funcs;
 
/* Object databases */
-#define DBASE_COUNT  23
+#define DBASE_COUNT  24
 
 /* Local modifications */
 #define DBASE_LOCAL_USERS_BASE  0
@@ -102,13 +102,14 @@ struct semanage_handle {
 #define DBASE_POLICY_INTERFACES  15
 #define DBASE_POLICY_BOOLEANS16
 #define DBASE_POLICY_FCONTEXTS   17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES   19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS  21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES   20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS  22
 
 /* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS22
+#define DBASE_ACTIVE_BOOLEANS23
dbase_config_t dbase[DBASE_COUNT];
 };
 
@@ -236,6 +237,12 @@ static inline
 }
 
 static inline
+dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * 
handle)
+{
+   return >dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
 dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
 {
return >dbase[DBASE_POLICY_SEUSERS];
-- 
2.9.4

[PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs

[Vit Mojzis]

Include entries from file_contexts.homedirs when listing file contexts
via "semanage fcontext -l"

"semanage fcontext -l" so far ignored content of file_contexts.homedirs
file, which is confusing for users (more specific rules may be ignored in
favor of rules unseen to the user since file_contexts.homedirs has
higher priority than file_contexts).

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
 python/semanage/seobject.py | 5 +
 1 file changed, 5 insertions(+)

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 70fd192..1385315 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
 if rc < 0:
 raise ValueError(_("Could not list file contexts"))
 
+(rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh)
+if rc < 0:
+raise ValueError(_("Could not list file contexts for home 
directories"))
+
 (rc, fclocal) = semanage_fcontext_list_local(self.sh)
 if rc < 0:
 raise ValueError(_("Could not list local file contexts"))
 
+self.flist += fchomedirs
 self.flist += fclocal
 
 ddict = {}
-- 
2.9.4

[PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store

[Vit Mojzis]

This will allow listing the correct file_contexts.homedirs
using libsemanage regardless of selected policy store.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
 libsemanage/src/direct_api.c | 19 ++-
 libsemanage/src/genhomedircon.c  |  4 ++--
 libsemanage/src/semanage_store.c |  1 +
 libsemanage/src/semanage_store.h |  1 +
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 65842df..971a08f 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1577,11 +1577,20 @@ rebuild:
/* run genhomedircon if its enabled, this should be the last operation
 * which requires the out policydb */
if (!sh->conf->disable_genhomedircon) {
-   if (out && (retval =
-   semanage_genhomedircon(sh, out, sh->conf->usepasswd, 
sh->conf->ignoredirs)) != 0) {
-   ERR(sh, "semanage_genhomedircon returned error code 
%d.",
-   retval);
-   goto cleanup;
+   if (out){
+   if ((retval = semanage_genhomedircon(sh, out, 
sh->conf->usepasswd,
+   
sh->conf->ignoredirs)) != 0) {
+   ERR(sh, "semanage_genhomedircon returned error 
code %d.", retval);
+   goto cleanup;
+   }
+   /* file_contexts.homedirs was created in SEMANAGE_TMP 
store */
+   retval = semanage_copy_file(
+   semanage_path(SEMANAGE_TMP, 
SEMANAGE_STORE_FC_HOMEDIRS),
+   
semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS),
+   sh->conf->file_mode);
+   if (retval < 0) {
+   goto cleanup;
+   }
}
} else {
WARN(sh, "WARNING: genhomedircon is disabled. \
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index b9a74b7..27a269e 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
 
s.homedir_template_path =
semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
-   s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
-  SEMANAGE_FC_HOMEDIRS);
+   s.fcfilepath =
+   semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
 
s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
if (s.fallback == NULL) {
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 6158d08..63c80b0 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -116,6 +116,7 @@ static const char 
*semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
"/modules/disabled",
"/policy.kern",
"/file_contexts.local",
+   "/file_contexts.homedirs",
"/file_contexts",
"/seusers"
 };
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
index fcaa505..34bf852 100644
--- a/libsemanage/src/semanage_store.h
+++ b/libsemanage/src/semanage_store.h
@@ -61,6 +61,7 @@ enum semanage_sandbox_defs {
SEMANAGE_MODULES_DISABLED,
SEMANAGE_STORE_KERNEL,
SEMANAGE_STORE_FC_LOCAL,
+   SEMANAGE_STORE_FC_HOMEDIRS,
SEMANAGE_STORE_FC,
SEMANAGE_STORE_SEUSERS,
SEMANAGE_STORE_NUM_PATHS
-- 
2.9.4

[PATCH 1/4] gui: remove the status bar

[Nicolas Iooss]

The status bar of system-config-selinux's main window is not used and
takes some room. Remove it.

Signed-off-by: Nicolas Iooss 
---
 gui/system-config-selinux.ui | 19 ---
 1 file changed, 19 deletions(-)

diff --git a/gui/system-config-selinux.ui b/gui/system-config-selinux.ui
index c3f261a10d8d..7cc1cc532a1f 100644
--- a/gui/system-config-selinux.ui
+++ b/gui/system-config-selinux.ui
@@ -1862,25 +1862,6 @@ Level
 1
   
 
-
-  
-True
-False
-10
-10
-10
-10
-6
-6
-vertical
-2
-  
-  
-False
-False
-2
-  
-
   
 
 
-- 
2.14.2

[PATCH 2/4] gui: fix parsing of "semodule -lfull" in tab Modules

[Nicolas Iooss]

The output of "semodule -lfull" changed from "module version" to
"priority module kind". Update system-config-selinux to use this new
format in its tab "Policy Module".

Signed-off-by: Nicolas Iooss 
---
 gui/modulesPage.py | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index c7fde9ea1ef8..34c5d9e3c488 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -58,7 +58,8 @@ class modulesPage(semanagePage):
 self.module_filter.connect("activate", self.filter_changed)
 self.audit_enabled = False
 
-self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING)
+self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING,
+   GObject.TYPE_STRING)
 self.view.set_model(self.store)
 self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
 col = Gtk.TreeViewColumn(_("Module Name"), Gtk.CellRendererText(), 
text=0)
@@ -66,7 +67,7 @@ class modulesPage(semanagePage):
 col.set_resizable(True)
 self.view.append_column(col)
 self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
-col = Gtk.TreeViewColumn(_("Version"), Gtk.CellRendererText(), text=1)
+col = Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=1)
 self.enable_audit_button = xml.get_object("enableAuditButton")
 self.enable_audit_button.connect("clicked", self.enable_audit)
 self.new_button = xml.get_object("newModuleButton")
@@ -74,6 +75,11 @@ class modulesPage(semanagePage):
 col.set_sort_column_id(1)
 col.set_resizable(True)
 self.view.append_column(col)
+self.store.set_sort_column_id(2, Gtk.SortType.ASCENDING)
+col = Gtk.TreeViewColumn(_("Kind"), Gtk.CellRendererText(), text=2)
+col.set_sort_column_id(2)
+col.set_resizable(True)
+self.view.append_column(col)
 self.store.set_sort_func(1, self.sort_int, "")
 status, self.policy_type = selinux.selinux_getpolicytype()
 
@@ -95,16 +101,17 @@ class modulesPage(semanagePage):
 self.filter = filter
 self.store.clear()
 try:
-fd = Popen("semodule -l", shell=True, stdout=PIPE).stdout
+fd = Popen("semodule -lfull", shell=True, stdout=PIPE).stdout
 l = fd.readlines()
 fd.close()
 for i in l:
-module, ver, newline = i.split('\t')
-if not (self.match(module, filter) or self.match(ver, filter)):
+priority, module, kind = i.decode('utf-8').split()
+if not (self.match(module, filter) or self.match(priority, 
filter)):
 continue
 iter = self.store.append()
 self.store.set_value(iter, 0, module.strip())
-self.store.set_value(iter, 1, ver.strip())
+self.store.set_value(iter, 1, priority.strip())
+self.store.set_value(iter, 2, kind.strip())
 except:
 pass
 self.view.get_selection().select_path((0,))
-- 
2.14.2

[PATCH 4/4] gui: remove mappingsPage

[Nicolas Iooss]

This page is not used anywhere and seems to be an incomplete version of
loginsPage.

Signed-off-by: Nicolas Iooss 
---
 gui/Makefile|  1 -
 gui/mappingsPage.py | 60 -
 2 files changed, 61 deletions(-)
 delete mode 100644 gui/mappingsPage.py

diff --git a/gui/Makefile b/gui/Makefile
index ac844b6b9198..cfe47405e83f 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -11,7 +11,6 @@ domainsPage.py \
 fcontextPage.py \
 html_util.py \
 loginsPage.py \
-mappingsPage.py \
 modulesPage.py \
 polgen.glade \
 portsPage.py \
diff --git a/gui/mappingsPage.py b/gui/mappingsPage.py
deleted file mode 100644
index acf0bb5bfec7..
--- a/gui/mappingsPage.py
+++ /dev/null
@@ -1,60 +0,0 @@
-## mappingsPage.py - show selinux mappings
-## Copyright (C) 2006 Red Hat, Inc.
-
-## This program is free software; you can redistribute it and/or modify
-## it under the terms of the GNU General Public License as published by
-## the Free Software Foundation; either version 2 of the License, or
-## (at your option) any later version.
-
-## This program is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-## GNU General Public License for more details.
-
-## You should have received a copy of the GNU General Public License
-## along with this program; if not, write to the Free Software
-## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-## Author: Dan Walsh
-import string
-import gtk
-import gtk.glade
-import os
-import gobject
-import sys
-import seobject
-
-##
-## I18N
-##
-PROGNAME = "policycoreutils"
-try:
-import gettext
-kwargs = {}
-if sys.version_info < (3,):
-kwargs['unicode'] = True
-gettext.install(PROGNAME,
-localedir="/usr/share/locale",
-codeset='utf-8',
-**kwargs)
-except:
-try:
-import builtins
-builtins.__dict__['_'] = str
-except ImportError:
-import __builtin__
-__builtin__.__dict__['_'] = unicode
-
-
-class loginsPage:
-
-def __init__(self, xml):
-self.xml = xml
-self.view = xml.get_widget("mappingsView")
-self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, 
gobject.TYPE_STRING)
-self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-self.view.set_model(self.store)
-self.login = loginRecords()
-dict = self.login.get_all(0)
-for k in sorted(dict.keys()):
-print("%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])))
-- 
2.14.2

[PATCH 3/4] gui: delete overridden definition of usersPage.delete()

[Nicolas Iooss]

Function delete() is defined twice in class usersPage and the first one
invoke semanagePage.delete(), which does not exist.

Signed-off-by: Nicolas Iooss 
---
 gui/usersPage.py | 4 
 1 file changed, 4 deletions(-)

diff --git a/gui/usersPage.py b/gui/usersPage.py
index 9d09bda2171f..26794ed5c3f3 100644
--- a/gui/usersPage.py
+++ b/gui/usersPage.py
@@ -91,10 +91,6 @@ class usersPage(semanagePage):
 self.store.set_value(iter, 2, dict[k][3])
 self.view.get_selection().select_path((0,))
 
-def delete(self):
-if semanagePage.delete(self) == Gtk.ResponseType.NO:
-return None
-
 def dialogInit(self):
 store, iter = self.view.get_selection().get_selected()
 self.selinuxUserEntry.set_text(store.get_value(iter, 0))
-- 
2.14.2

Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[Vit Mojzis]

On 27.9.2017 19:04, William Roberts wrote:

2017-09-27 1:16 GMT-07:00 Vit Mojzis :

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
  libsemanage/include/semanage/fcontexts_policy.h |  4 
  libsemanage/src/direct_api.c|  6 ++
  libsemanage/src/fcontexts_policy.c  |  8 
  libsemanage/src/handle.h| 19 +--
  4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/libsemanage/include/semanage/fcontexts_policy.h 
b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
   semanage_fcontext_t *** records,
   unsigned int *count);

+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
  #endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 65842df..886a228 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
  semanage_fcontext_dbase_local(sh)) < 0)
 goto err;

+   if (fcontext_file_dbase_init(sh,
+selinux_file_context_homedir_path(),
+selinux_file_context_homedir_path(),
+semanage_fcontext_dbase_homedirs(sh)) < 0)
+   goto err;
+
 if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
  SEMANAGE_SEUSERS_LOCAL),
diff --git a/libsemanage/src/fcontexts_policy.c 
b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
 dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
 return dbase_list(handle, dconfig, records, count);
  }
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+  semanage_fcontext_t *** records, unsigned int *count)
+{
+
+   dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+   return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
 struct semanage_policy_table *funcs;

 /* Object databases */
-#define DBASE_COUNT  23
+#define DBASE_COUNT  24

  /* Local modifications */
  #define DBASE_LOCAL_USERS_BASE  0
@@ -102,13 +102,14 @@ struct semanage_handle {
  #define DBASE_POLICY_INTERFACES  15
  #define DBASE_POLICY_BOOLEANS16
  #define DBASE_POLICY_FCONTEXTS   17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES   19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS  21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES   20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS  22

  /* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS22
+#define DBASE_ACTIVE_BOOLEANS23

Any particular reason to reassign all these defines instead
of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
setting DBASE_ACTIVE_BOOLEANS to 23 other than just
to have DBASE_POLICY_FCONTEXTS_H follow
DBASE_POLICY_FCONTEXTS?

Nope, just to keep organized .
Should I set it to 22 instead?


I'm also assuming, after looking at the code, that the database
itself is built every time so versioning mismatches are not a worry.


 dbase_config_t dbase[DBASE_COUNT];
  };

@@ -236,6 +237,12 @@ static inline
  }

  static inline
+dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * 
handle)
+{
+   return >dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
  dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
  {
 return >dbase[DBASE_POLICY_SEUSERS];
--
2.9.4