Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[William Roberts]

On Sun, Oct 1, 2017 at 8:43 AM, Vit Mojzis  wrote:
>
>
> On 27.9.2017 19:04, William Roberts wrote:
>>
>> 2017-09-27 1:16 GMT-07:00 Vit Mojzis :
>>>
>>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>>> ---
>>>   libsemanage/include/semanage/fcontexts_policy.h |  4 
>>>   libsemanage/src/direct_api.c|  6 ++
>>>   libsemanage/src/fcontexts_policy.c  |  8 
>>>   libsemanage/src/handle.h| 19
>>> +--
>>>   4 files changed, 31 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
>>> b/libsemanage/include/semanage/fcontexts_policy.h
>>> index a50db2b..199a1e1 100644
>>> --- a/libsemanage/include/semanage/fcontexts_policy.h
>>> +++ b/libsemanage/include/semanage/fcontexts_policy.h
>>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t *
>>> handle,
>>>semanage_fcontext_t *** records,
>>>unsigned int *count);
>>>
>>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>>> + semanage_fcontext_t *** records,
>>> + unsigned int *count);
>>> +
>>>   #endif
>>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
>>> index 65842df..886a228 100644
>>> --- a/libsemanage/src/direct_api.c
>>> +++ b/libsemanage/src/direct_api.c
>>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
>>>   semanage_fcontext_dbase_local(sh))
>>> < 0)
>>>  goto err;
>>>
>>> +   if (fcontext_file_dbase_init(sh,
>>> +selinux_file_context_homedir_path(),
>>> +selinux_file_context_homedir_path(),
>>> +
>>> semanage_fcontext_dbase_homedirs(sh)) < 0)
>>> +   goto err;
>>> +
>>>  if (seuser_file_dbase_init(sh,
>>> semanage_path(SEMANAGE_ACTIVE,
>>>
>>> SEMANAGE_SEUSERS_LOCAL),
>>> diff --git a/libsemanage/src/fcontexts_policy.c
>>> b/libsemanage/src/fcontexts_policy.c
>>> index 0b063b1..98490ab 100644
>>> --- a/libsemanage/src/fcontexts_policy.c
>>> +++ b/libsemanage/src/fcontexts_policy.c
>>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
>>>  dbase_config_t *dconfig =
>>> semanage_fcontext_dbase_policy(handle);
>>>  return dbase_list(handle, dconfig, records, count);
>>>   }
>>> +
>>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>>> +  semanage_fcontext_t *** records, unsigned int
>>> *count)
>>> +{
>>> +
>>> +   dbase_config_t *dconfig =
>>> semanage_fcontext_dbase_homedirs(handle);
>>> +   return dbase_list(handle, dconfig, records, count);
>>> +}
>>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
>>> index 889871d..1780ac8 100644
>>> --- a/libsemanage/src/handle.h
>>> +++ b/libsemanage/src/handle.h
>>> @@ -79,7 +79,7 @@ struct semanage_handle {
>>>  struct semanage_policy_table *funcs;
>>>
>>>  /* Object databases */
>>> -#define DBASE_COUNT  23
>>> +#define DBASE_COUNT  24
>>>
>>>   /* Local modifications */
>>>   #define DBASE_LOCAL_USERS_BASE  0
>>> @@ -102,13 +102,14 @@ struct semanage_handle {
>>>   #define DBASE_POLICY_INTERFACES  15
>>>   #define DBASE_POLICY_BOOLEANS16
>>>   #define DBASE_POLICY_FCONTEXTS   17
>>> -#define DBASE_POLICY_SEUSERS 18
>>> -#define DBASE_POLICY_NODES   19
>>> -#define DBASE_POLICY_IBPKEYS 20
>>> -#define DBASE_POLICY_IBENDPORTS  21
>>> +#define DBASE_POLICY_FCONTEXTS_H 18
>>> +#define DBASE_POLICY_SEUSERS 19
>>> +#define DBASE_POLICY_NODES   20
>>> +#define DBASE_POLICY_IBPKEYS 21
>>> +#define DBASE_POLICY_IBENDPORTS  22
>>>
>>>   /* Active kernel policy */
>>> -#define DBASE_ACTIVE_BOOLEANS22
>>> +#define DBASE_ACTIVE_BOOLEANS23
>>
>> Any particular reason to reassign all these defines instead
>> of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
>> setting DBASE_ACTIVE_BOOLEANS to 23 other than just
>> to have DBASE_POLICY_FCONTEXTS_H follow
>> DBASE_POLICY_FCONTEXTS?
>
> Nope, just to keep organized .
> Should I set it to 22 instead?
>

I don't have a major gripe with that other than it makes the patch larger
than needed.

>>
>> I'm also assuming, after looking at the code, that the database
>> itself is built every time so versioning mismatches are not a worry.
>>
>>>  dbase_config_t dbase[DBASE_COUNT];
>>>   };
>>>
>>> @@ -236,6 +237,12 @@ static inline
>>>   }
>>>
>>>   static inline
>>> +dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t
>>> * handle)
>>> +{
>>> +   return >dbase[DBASE_POLICY_FCONTEXTS_H];
>>> +}
>>> +
>>> +static inline
>>>   dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t *
>>> handle)

Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[Vit Mojzis]

On 27.9.2017 19:04, William Roberts wrote:

2017-09-27 1:16 GMT-07:00 Vit Mojzis :

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
  libsemanage/include/semanage/fcontexts_policy.h |  4 
  libsemanage/src/direct_api.c|  6 ++
  libsemanage/src/fcontexts_policy.c  |  8 
  libsemanage/src/handle.h| 19 +--
  4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/libsemanage/include/semanage/fcontexts_policy.h 
b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
   semanage_fcontext_t *** records,
   unsigned int *count);

+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
  #endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 65842df..886a228 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
  semanage_fcontext_dbase_local(sh)) < 0)
 goto err;

+   if (fcontext_file_dbase_init(sh,
+selinux_file_context_homedir_path(),
+selinux_file_context_homedir_path(),
+semanage_fcontext_dbase_homedirs(sh)) < 0)
+   goto err;
+
 if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
  SEMANAGE_SEUSERS_LOCAL),
diff --git a/libsemanage/src/fcontexts_policy.c 
b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
 dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
 return dbase_list(handle, dconfig, records, count);
  }
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+  semanage_fcontext_t *** records, unsigned int *count)
+{
+
+   dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+   return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
 struct semanage_policy_table *funcs;

 /* Object databases */
-#define DBASE_COUNT  23
+#define DBASE_COUNT  24

  /* Local modifications */
  #define DBASE_LOCAL_USERS_BASE  0
@@ -102,13 +102,14 @@ struct semanage_handle {
  #define DBASE_POLICY_INTERFACES  15
  #define DBASE_POLICY_BOOLEANS16
  #define DBASE_POLICY_FCONTEXTS   17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES   19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS  21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES   20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS  22

  /* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS22
+#define DBASE_ACTIVE_BOOLEANS23

Any particular reason to reassign all these defines instead
of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
setting DBASE_ACTIVE_BOOLEANS to 23 other than just
to have DBASE_POLICY_FCONTEXTS_H follow
DBASE_POLICY_FCONTEXTS?

Nope, just to keep organized .
Should I set it to 22 instead?


I'm also assuming, after looking at the code, that the database
itself is built every time so versioning mismatches are not a worry.


 dbase_config_t dbase[DBASE_COUNT];
  };

@@ -236,6 +237,12 @@ static inline
  }

  static inline
+dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * 
handle)
+{
+   return >dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
  dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
  {
 return >dbase[DBASE_POLICY_SEUSERS];
--
2.9.4

Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[Stephen Smalley]

On Wed, 2017-09-27 at 13:42 -0400, Stephen Smalley wrote:
> On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> > ---
> >  libsemanage/include/semanage/fcontexts_policy.h |  4 
> >  libsemanage/src/direct_api.c|  6 ++
> >  libsemanage/src/fcontexts_policy.c  |  8 
> >  libsemanage/src/handle.h| 19 +
> > --
> >  4 files changed, 31 insertions(+), 6 deletions(-)
> > 
> > diff --git a/libsemanage/include/semanage/fcontexts_policy.h
> > b/libsemanage/include/semanage/fcontexts_policy.h
> > index a50db2b..199a1e1 100644
> > --- a/libsemanage/include/semanage/fcontexts_policy.h
> > +++ b/libsemanage/include/semanage/fcontexts_policy.h
> > @@ -26,4 +26,8 @@ extern int
> > semanage_fcontext_list(semanage_handle_t
> > * handle,
> >       semanage_fcontext_t *** records,
> >       unsigned int *count);
> >  
> > +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
> > handle,
> > +     semanage_fcontext_t *** records,
> > +     unsigned int *count);
> > +
> >  #endif
> > diff --git a/libsemanage/src/direct_api.c
> > b/libsemanage/src/direct_api.c
> > index 65842df..886a228 100644
> > --- a/libsemanage/src/direct_api.c
> > +++ b/libsemanage/src/direct_api.c
> > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t
> > *
> > sh)
> >      semanage_fcontext_dbase_local
> > (s
> > h)) < 0)
> >     goto err;
> >  
> > +   if (fcontext_file_dbase_init(sh,
> > +    selinux_file_context_homedir_
> > pa
> > th(),
> > +    selinux_file_context_homedir_
> > pa
> > th(),
> 
> This will return the wrong results if one specifies a policy store
> other than the active one to semodule (via -s) or semanage (via -S),
> e.g. semanage fcontext -S mls -l.  You shouldn't be using the path of
> the active, installed file_contexts.homedirs file but rather one from
> the per-policy-store sandbox.  The libsemanage functions always act
> on
> the sandbox. Also, you shouldn't be passing the same path as the ro
> and
> rw paths here, as you don't want a dbase flush to suddenly overwrite
> the installed file_contexts.homedirs file.
> 
> I guess the problem you currently have is we aren't keeping around a
> copy of the generated file_contexts.homedirs in the sandbox; it is
> only
> created in the final tmp location and that entire directory tree is
> deleted once we complete the transaction.  You'd need to regenerate
> it
> on demand or keep it around if you want to do this.

The easiest way to do this would likely be to add a
SEMANAGE_STORE_FC_HOMEDIRS definition to semanage_sandbox_defs, add
"/file_contexts.homedirs" to semanage_sandbox_paths[] at the
corresponding index, and change semanage_genhomedircon() to set
s.fcfilepath to semanage_path(SEMANAGE_TMP,
SEMANAGE_STORE_FC_HOMEDIRS), and then semanage_copy_file() it to
semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS).  Then
you can call dbase_init on semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_STORE_FC_HOMEDIRS) as the ro path and
semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS) as the rw path.
Requires an extra copy of file_contexts.homedirs to stay around, but
that's not significant.

> 
> > +    semanage_fcontext_dbase_homed
> > ir
> > s(sh)) < 0)
> > +   goto err;
> > +
> >     if (seuser_file_dbase_init(sh,
> >        semanage_path(SEMANAGE_ACTIVE,
> >      SEMANAGE_SEUSERS_
> > LO
> > CAL),
> > diff --git a/libsemanage/src/fcontexts_policy.c
> > b/libsemanage/src/fcontexts_policy.c
> > index 0b063b1..98490ab 100644
> > --- a/libsemanage/src/fcontexts_policy.c
> > +++ b/libsemanage/src/fcontexts_policy.c
> > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
> > handle,
> >     dbase_config_t *dconfig =
> > semanage_fcontext_dbase_policy(handle);
> >     return dbase_list(handle, dconfig, records, count);
> >  }
> > +
> > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> > +      semanage_fcontext_t *** records,
> > unsigned
> > int *count)
> > +{
> > +
> > +   dbase_config_t *dconfig =
> > semanage_fcontext_dbase_homedirs(handle);
> > +   return dbase_list(handle, dconfig, records, count);
> > +}
> > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> > index 889871d..1780ac8 100644
> > --- a/libsemanage/src/handle.h
> > +++ b/libsemanage/src/handle.h
> > @@ -79,7 +79,7 @@ struct semanage_handle {
> >     struct semanage_policy_table *funcs;
> >  
> >     /* Object databases */
> > -#define DBASE_COUNT  23
> > +#define DBASE_COUNT  24
> >  
> >  /* Local modifications */
> >  #define DBASE_LOCAL_USERS_BASE  0
> > @@ -102,13 +102,14 @@ struct 

Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[Stephen Smalley]

On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
>  libsemanage/include/semanage/fcontexts_policy.h |  4 
>  libsemanage/src/direct_api.c|  6 ++
>  libsemanage/src/fcontexts_policy.c  |  8 
>  libsemanage/src/handle.h| 19 +
> --
>  4 files changed, 31 insertions(+), 6 deletions(-)
> 
> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
> b/libsemanage/include/semanage/fcontexts_policy.h
> index a50db2b..199a1e1 100644
> --- a/libsemanage/include/semanage/fcontexts_policy.h
> +++ b/libsemanage/include/semanage/fcontexts_policy.h
> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t
> * handle,
>     semanage_fcontext_t *** records,
>     unsigned int *count);
>  
> +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
> handle,
> +   semanage_fcontext_t *** records,
> +   unsigned int *count);
> +
>  #endif
> diff --git a/libsemanage/src/direct_api.c
> b/libsemanage/src/direct_api.c
> index 65842df..886a228 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t *
> sh)
>    semanage_fcontext_dbase_local(s
> h)) < 0)
>   goto err;
>  
> + if (fcontext_file_dbase_init(sh,
> +  selinux_file_context_homedir_pa
> th(),
> +  selinux_file_context_homedir_pa
> th(),

This will return the wrong results if one specifies a policy store
other than the active one to semodule (via -s) or semanage (via -S),
e.g. semanage fcontext -S mls -l.  You shouldn't be using the path of
the active, installed file_contexts.homedirs file but rather one from
the per-policy-store sandbox.  The libsemanage functions always act on
the sandbox. Also, you shouldn't be passing the same path as the ro and
rw paths here, as you don't want a dbase flush to suddenly overwrite
the installed file_contexts.homedirs file.

I guess the problem you currently have is we aren't keeping around a
copy of the generated file_contexts.homedirs in the sandbox; it is only
created in the final tmp location and that entire directory tree is
deleted once we complete the transaction.  You'd need to regenerate it
on demand or keep it around if you want to do this.

> +  semanage_fcontext_dbase_homedir
> s(sh)) < 0)
> + goto err;
> +
>   if (seuser_file_dbase_init(sh,
>      semanage_path(SEMANAGE_ACTIVE,
>    SEMANAGE_SEUSERS_LO
> CAL),
> diff --git a/libsemanage/src/fcontexts_policy.c
> b/libsemanage/src/fcontexts_policy.c
> index 0b063b1..98490ab 100644
> --- a/libsemanage/src/fcontexts_policy.c
> +++ b/libsemanage/src/fcontexts_policy.c
> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
> handle,
>   dbase_config_t *dconfig =
> semanage_fcontext_dbase_policy(handle);
>   return dbase_list(handle, dconfig, records, count);
>  }
> +
> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> +    semanage_fcontext_t *** records, unsigned
> int *count)
> +{
> +
> + dbase_config_t *dconfig =
> semanage_fcontext_dbase_homedirs(handle);
> + return dbase_list(handle, dconfig, records, count);
> +}
> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> index 889871d..1780ac8 100644
> --- a/libsemanage/src/handle.h
> +++ b/libsemanage/src/handle.h
> @@ -79,7 +79,7 @@ struct semanage_handle {
>   struct semanage_policy_table *funcs;
>  
>   /* Object databases */
> -#define DBASE_COUNT  23
> +#define DBASE_COUNT  24
>  
>  /* Local modifications */
>  #define DBASE_LOCAL_USERS_BASE  0
> @@ -102,13 +102,14 @@ struct semanage_handle {
>  #define DBASE_POLICY_INTERFACES  15
>  #define DBASE_POLICY_BOOLEANS16
>  #define DBASE_POLICY_FCONTEXTS   17
> -#define DBASE_POLICY_SEUSERS 18
> -#define DBASE_POLICY_NODES   19
> -#define DBASE_POLICY_IBPKEYS 20
> -#define DBASE_POLICY_IBENDPORTS  21
> +#define DBASE_POLICY_FCONTEXTS_H 18
> +#define DBASE_POLICY_SEUSERS 19
> +#define DBASE_POLICY_NODES   20
> +#define DBASE_POLICY_IBPKEYS 21
> +#define DBASE_POLICY_IBENDPORTS  22
>  
>  /* Active kernel policy */
> -#define DBASE_ACTIVE_BOOLEANS22
> +#define DBASE_ACTIVE_BOOLEANS23
>   dbase_config_t dbase[DBASE_COUNT];
>  };
>  
> @@ -236,6 +237,12 @@ static inline
>  }
>  
>  static inline
> +dbase_config_t *
> semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
> +{
> + return >dbase[DBASE_POLICY_FCONTEXTS_H];
> +}
> +
> +static inline
>  dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t
> * 

Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file

[William Roberts]

2017-09-27 1:16 GMT-07:00 Vit Mojzis :
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
>  libsemanage/include/semanage/fcontexts_policy.h |  4 
>  libsemanage/src/direct_api.c|  6 ++
>  libsemanage/src/fcontexts_policy.c  |  8 
>  libsemanage/src/handle.h| 19 +--
>  4 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/libsemanage/include/semanage/fcontexts_policy.h 
> b/libsemanage/include/semanage/fcontexts_policy.h
> index a50db2b..199a1e1 100644
> --- a/libsemanage/include/semanage/fcontexts_policy.h
> +++ b/libsemanage/include/semanage/fcontexts_policy.h
> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * 
> handle,
>   semanage_fcontext_t *** records,
>   unsigned int *count);
>
> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> + semanage_fcontext_t *** records,
> + unsigned int *count);
> +
>  #endif
> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> index 65842df..886a228 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
>  semanage_fcontext_dbase_local(sh)) < 0)
> goto err;
>
> +   if (fcontext_file_dbase_init(sh,
> +selinux_file_context_homedir_path(),
> +selinux_file_context_homedir_path(),
> +semanage_fcontext_dbase_homedirs(sh)) < 
> 0)
> +   goto err;
> +
> if (seuser_file_dbase_init(sh,
>semanage_path(SEMANAGE_ACTIVE,
>  SEMANAGE_SEUSERS_LOCAL),
> diff --git a/libsemanage/src/fcontexts_policy.c 
> b/libsemanage/src/fcontexts_policy.c
> index 0b063b1..98490ab 100644
> --- a/libsemanage/src/fcontexts_policy.c
> +++ b/libsemanage/src/fcontexts_policy.c
> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
> dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
> return dbase_list(handle, dconfig, records, count);
>  }
> +
> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> +  semanage_fcontext_t *** records, unsigned int 
> *count)
> +{
> +
> +   dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
> +   return dbase_list(handle, dconfig, records, count);
> +}
> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> index 889871d..1780ac8 100644
> --- a/libsemanage/src/handle.h
> +++ b/libsemanage/src/handle.h
> @@ -79,7 +79,7 @@ struct semanage_handle {
> struct semanage_policy_table *funcs;
>
> /* Object databases */
> -#define DBASE_COUNT  23
> +#define DBASE_COUNT  24
>
>  /* Local modifications */
>  #define DBASE_LOCAL_USERS_BASE  0
> @@ -102,13 +102,14 @@ struct semanage_handle {
>  #define DBASE_POLICY_INTERFACES  15
>  #define DBASE_POLICY_BOOLEANS16
>  #define DBASE_POLICY_FCONTEXTS   17
> -#define DBASE_POLICY_SEUSERS 18
> -#define DBASE_POLICY_NODES   19
> -#define DBASE_POLICY_IBPKEYS 20
> -#define DBASE_POLICY_IBENDPORTS  21
> +#define DBASE_POLICY_FCONTEXTS_H 18
> +#define DBASE_POLICY_SEUSERS 19
> +#define DBASE_POLICY_NODES   20
> +#define DBASE_POLICY_IBPKEYS 21
> +#define DBASE_POLICY_IBENDPORTS  22
>
>  /* Active kernel policy */
> -#define DBASE_ACTIVE_BOOLEANS22
> +#define DBASE_ACTIVE_BOOLEANS23

Any particular reason to reassign all these defines instead
of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
setting DBASE_ACTIVE_BOOLEANS to 23 other than just
to have DBASE_POLICY_FCONTEXTS_H follow
DBASE_POLICY_FCONTEXTS?

I'm also assuming, after looking at the code, that the database
itself is built every time so versioning mismatches are not a worry.

> dbase_config_t dbase[DBASE_COUNT];
>  };
>
> @@ -236,6 +237,12 @@ static inline
>  }
>
>  static inline
> +dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * 
> handle)
> +{
> +   return >dbase[DBASE_POLICY_FCONTEXTS_H];
> +}
> +
> +static inline
>  dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
>  {
> return >dbase[DBASE_POLICY_SEUSERS];
> --
> 2.9.4
>
>



-- 
Respectfully,

William C Roberts