--- /dev/null	2004-02-23 16:02:56.000000000 -0500

+++ libselinux-1.13/src/selinux_config.c	2004-05-26 15:03:15.506622384 -0400

@@ -0,0 +1,119 @@

+#include <stdio.h>

+#include <string.h>

+#include <ctype.h>

+#include <stdlib.h>

+#include <limits.h>

+

+#define SELINUXDIR "/etc/selinux/"

+#define SELINUXDEFAULT "targeted"

+#define SELINUXTYPETAG "SELINUXTYPE="

+#define SELINUXTAG "SELINUX="

+

+static char *file_context=NULL;

+static char *default_type=NULL;

+static char *default_policy=NULL;

+static char *default_context=NULL;

+static char *failsafe_context=NULL;

+

+int selinux_getenforcemode(int *enforce) {

+  int ret=-1;

+  FILE *cfg = fopen("/etc/sysconfig/selinux","r");

+  char buf[4097];

+  int len=sizeof(SELINUXTAG)-1;

+  if (cfg) {

+    while (fgets(buf, 4096, cfg)) {

+      if (strncmp(buf,SELINUXTAG,len))

+	continue;

+      if (!strncmp(buf+len,"enforcing",sizeof("enforcing")-1)) {

+	*enforce = 1;

+	ret=0;

+	break;

+      } else if (!strncmp(buf+len,"permissive",sizeof("permissive")-1)) {

+	*enforce = 0;

+	ret=0;

+	break;

+      } else if (!strncmp(buf+len,"disabled",sizeof("disabled")-1)) {

+	*enforce = -1;

+	ret=0;

+	break;

+      }

+    }

+    fclose(cfg);

+  }

+  return ret;

+}

+

+static char *selinux_policyroot = NULL;

+

+static void init_selinux_policyroot(void) __attribute__ ((constructor));

+

+static void init_selinux_policyroot(void)

+{

+  char *type=SELINUXDEFAULT;

+  int i=0, len=sizeof(SELINUXTYPETAG)-1;

+  char buf[4097];

+  FILE *cfg;

+  if (selinux_policyroot) return;

+  cfg = fopen("/etc/sysconfig/selinux","r");

+  if (cfg) {

+    while (fgets(buf, 4096, cfg)) {

+      if (strncmp(buf,SELINUXTYPETAG,len))

+	continue;

+      type=buf+len;

+    }

+    fclose(cfg);

+  }

+  i=strlen(type)-1;

+  while ((i>=0) && 

+	 (isspace(type[i]) || iscntrl(type[i]))) {

+    type[i]=0;

+    i--;

+  }

+  len=sizeof(SELINUXDIR) + strlen(type);

+  selinux_policyroot=malloc(len);

+  snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);

+}

+

+char *selinux_default_type_path() {

+  if (!default_type) {

+    default_type=malloc(PATH_MAX);

+    snprintf(default_type, PATH_MAX, "%s/contexts/default_type", selinux_policyroot);

+  }

+  return default_type;

+}

+

+char *selinux_policy_root() {

+  return selinux_policyroot;

+}

+

+char *selinux_default_context_path() {

+  if (!default_context) {

+    default_context=malloc(PATH_MAX);

+    snprintf(default_context, PATH_MAX, "%s/contexts/default_contexts", selinux_policyroot);

+  }

+  return default_context;

+}

+

+char *selinux_failsafe_context_path() {

+  if (!failsafe_context) {

+    failsafe_context=malloc(PATH_MAX);

+    snprintf(failsafe_context, PATH_MAX, "%s/contexts/failsafe_contexts", selinux_policyroot);

+  }

+  return failsafe_context;

+}

+

+char *selinux_binary_policy_path() {

+  if (!default_policy) {

+    default_policy=malloc(PATH_MAX);

+    snprintf(default_policy, PATH_MAX, "%s/policy/policy", selinux_policyroot);

+  }

+  return default_policy;

+}

+

+char *selinux_file_context_path() {

+  if (!file_context) {

+    file_context=malloc(PATH_MAX);

+    snprintf(file_context, PATH_MAX-1, "%s/contexts/file_contexts", selinux_policyroot);

+  }

+  return file_context;

+}

--- libselinux-1.13/src/matchpathcon.c.rhat	2004-05-25 08:52:21.000000000 -0400

+++ libselinux-1.13/src/matchpathcon.c	2004-05-26 14:36:00.588167768 -0400

@@ -196,7 +196,7 @@

 	spec_t *spec_copy;

 	/* Open the specification file. */

-	if ((fp = fopen(FILECONTEXTS, "r")) == NULL)

+	if ((fp = fopen(selinux_file_context_path(), "r")) == NULL)

 		return -1;

 	/* 

--- libselinux-1.13/src/get_context_list.c.rhat	2004-05-25 08:52:21.000000000 -0400

+++ libselinux-1.13/src/get_context_list.c	2004-05-26 14:36:00.591167312 -0400

@@ -255,7 +255,7 @@

     }

     else if (which == SYSTEMPRIORITY)

     {

-        config_file = fopen (_DEFCONTEXT_PATH, "r");

+        config_file = fopen (selinux_default_context_path(), "r");

     }

     else

     {

@@ -390,7 +390,7 @@

 	size_t plen, nlen;

 	int rc;

-	fp = fopen(_FAILSAFECONTEXT_PATH, "r");

+	fp = fopen(selinux_failsafe_context_path(), "r");

 	if (!fp)

 		return -1;

--- libselinux-1.13/src/get_default_type.c.rhat	2004-05-25 08:52:21.000000000 -0400

+++ libselinux-1.13/src/get_default_type.c	2004-05-26 14:36:00.593167008 -0400

@@ -10,7 +10,7 @@

 {

   FILE* fp=NULL;

-  fp = fopen (_DEFTYPE_PATH, "r");

+  fp = fopen (selinux_default_type_path(), "r");

   if (!fp)

 	  return -1;

--- libselinux-1.13/include/selinux/get_default_type.h.rhat	2004-05-25 08:52:21.000000000 -0400

+++ libselinux-1.13/include/selinux/get_default_type.h	2004-05-26 14:37:35.995663624 -0400

@@ -5,7 +5,7 @@

 #ifndef _SELINUX_GET_DEFAULT_TYPE_H_

 #define _SELINUX_GET_DEFAULT_TYPE_H_

-#define _DEFTYPE_PATH "/etc/security/default_type"

+char *selinux_default_type_path();

 /* Get the default type (domain) for 'role' and set 'type' to refer to it.

    Caller must free via free().

--- libselinux-1.13/include/selinux/selinux.h.rhat	2004-05-25 08:52:21.000000000 -0400

+++ libselinux-1.13/include/selinux/selinux.h	2004-05-26 15:06:05.799733896 -0400

@@ -72,12 +72,6 @@

 /* Wrappers for the selinuxfs (policy) API. */

-/* Mount point for selinuxfs. */

-#define SELINUXMNT "/selinux/"

-

-/* Default pathname for policy configuration, without version number. */

-#define SELINUXPOLICY "/etc/security/selinux/policy"

-

 typedef unsigned int access_vector_t;

 typedef unsigned short security_class_t;

@@ -168,4 +162,22 @@

 		 mode_t mode,

 		 security_context_t *con);

+/*

+  selinux_getenforcemode reads the /etc/sysconfig/selinux file and determines 

+  whether the machine should be started in enforcing (1), permissive (0) or 

+  disabled (-1) mode.

+ */

+int selinux_getenforcemode(int *enforce);

+

+/*

+  selinux_policy_root is set within the init_selinux_policyroot constructor 

+  which reads the /etc/sysconfig/selinux file and determines 

+  where the compiled policy file and contexts files exist.

+ */

+char *selinux_policy_root();

+char *selinux_binary_policy_path();

+char *selinux_failsafe_context_path();

+char *selinux_default_context_path();

+char *selinux_file_context_path();

+

 #endif

--- libselinux-1.13/include/selinux/get_context_list.h.rhat	2004-05-25 08:52:21.000000000 -0400

+++ libselinux-1.13/include/selinux/get_context_list.h	2004-05-26 14:36:00.595166704 -0400

@@ -3,8 +3,6 @@

 #include <selinux/selinux.h>

-#define _DEFCONTEXT_PATH "/etc/security/default_contexts"

-#define _FAILSAFECONTEXT_PATH "/etc/security/failsafe_context"

 #define SELINUX_DEFAULTUSER "user_u"

 /* Get an ordered list of authorized security contexts for a user session

--- /dev/null	2004-02-23 16:02:56.000000000 -0500

+++ libselinux-1.13/man/man3/selinux_policyroot.3	2004-05-26 14:36:00.596166552 -0400

@@ -0,0 +1,17 @@

+.TH "selinux_policyroot" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"

+.SH "NAME"

+selinux_policyroot \- return the path of the SELinux policy files for this machine.

+.SH "SYNOPSIS"

+.B #include <selinux/selinux.h>

+.sp

+.B char *selinux_policyroot();

+.br

+

+.SH "DESCRIPTION"

+.B selinux_policyroot

+Reads the contents of the /etc/sysconfig/selinux file to determine which policy files should be used for this machine.

+.SH "RETURN VALUE"

+On success, returns a directory path containing the SELinux policy files.

+On failure, NULL is returned.

+

+

--- /dev/null	2004-02-23 16:02:56.000000000 -0500

+++ libselinux-1.13/man/man3/selinux_getenforcemode.3	2004-05-26 14:36:00.597166400 -0400

@@ -0,0 +1,22 @@

+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"

+.SH "NAME"

+selinux_getenforcemode \- get the enforcing state of SE Linux

+.SH "SYNOPSIS"

+.B #include <selinux/selinux.h>

+.sp

+.B int selinux_getenforcemode(int *enforce);

+.br

+

+.SH "DESCRIPTION"

+.B selinux_getenforcemode

+Reads the contents of the /etc/sysconfig/selinux file to determine how the 

+system was setup to run SELinux.

+.br

+Sets the value of enforce to 1 if SELinux should be run in enforcing mode.

+Sets the value of enforce to 0 if SELinux should be run in permissive mode.

+Sets the value of enforce to -1 if SELinux should be disabled.

+.SH "RETURN VALUE"

+On success, zero is returned.

+On failure, -1 is returned.

+

+

--- /dev/null	2004-02-23 16:02:56.000000000 -0500

+++ libselinux-1.13/utils/getenforcemode.c	2004-05-26 14:36:00.598166248 -0400

@@ -0,0 +1,31 @@

+#include <unistd.h>

+#include <stdio.h>

+#include <stdlib.h>

+#include <selinux/selinux.h>

+

+int main(int argc __attribute__ ((unused)), char **argv) 

+{

+	int ret;

+	int enforce;

+	ret = selinux_getenforcemode(&enforce);

+	if (ret) {

+		fprintf(stderr, "%s:  selinux_getenforcemode() failed\n", argv[0]);

+		exit(2);

+	}

+

+	switch(enforce) {

+	case 1:

+	  printf("Enforcing\n");

+	  break;

+

+	case 0:

+	  printf("Permissive\n");

+	  break;

+

+	case -1:

+	  printf("Disabled\n");

+	  break;

+

+	}

+	exit(0);

+}

--- /dev/null	2004-02-23 16:02:56.000000000 -0500

+++ libselinux-1.13/utils/selinuxconfig.c	2004-05-26 15:05:07.827547008 -0400

@@ -0,0 +1,17 @@

+#include <unistd.h>

+#include <stdio.h>

+#include <stdlib.h>

+#include <selinux/selinux.h>

+#include <selinux/get_default_type.h>

+

+int main(int argc __attribute__ ((unused)), char **argv) 

+{

+	printf("policypath=\"%s\"\n", selinux_policy_root());

+	printf("default_type_path=\"%s\"\n", selinux_default_type_path());

+	printf("default_context_path=\"%s\"\n", selinux_default_context_path());

+	printf("default_failsafe_context_path=\"%s\"\n", selinux_failsafe_context_path());

+	printf("binary_policy_path=\"%s\"\n", selinux_binary_policy_path());

+	printf("file_contexts_path=\"%s\"\n", selinux_file_context_path());

+	exit(0);

+

+}