!3 replace hard coded permission with DIGEST_LIST_MODE

Merge pull request !3 from nettingsisyphus/mycode

generators/compact.c

@@ -368,9 +368,9 @@ int generator(int dirfd, int pos, struct list_head *head_in,
     }
 
     if (!gen_list_path)
-        fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     else
-        fd = openat(-1, gen_list_path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        fd = openat(-1, gen_list_path, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     if (fd < 0) {
         printf("Cannot open %s\n", filename);
         ret = -EACCES;

generators/copy.c

@@ -51,7 +51,7 @@ int generator(int dirfd, int pos, struct list_head *head_in,
         if (ret < 0)
             goto out;
 
-        fd = openat(dirfd, filename, O_WRONLY | O_CREAT, 0644);
+        fd = openat(dirfd, filename, O_WRONLY | O_CREAT, DIGEST_LIST_MODE);
         if (fd < 0) {
             munmap(buf, size);
             ret = fd;

generators/rpm.c

@@ -70,7 +70,7 @@ static int add_file(int dirfd, char *filename, Header *hdr, u16 type,
     struct list_struct *list = NULL, *list_file = NULL;
     struct stat s;
 
-    fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+    fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     if (fd < 0)
         return -EACCES;
 
@@ -342,7 +342,7 @@ static int gen_rpm_digest_list(Header rpm, int dirfd, char *filename,
     ssize_t ret;
     int fd;
 
-    fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+    fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     if (fd < 0)
         return -EACCES;
 
@@ -384,7 +384,7 @@ static int write_rpm_header_signature(Header rpm, int dirfd, char *filename)
     write_ima_xattr(dirfd, filename, issuer, sizeof(uint32_t), sig, sig_len,
             pgp_algo_mapping[algo]);
 
-    fd = openat(dirfd, filename, O_WRONLY | O_APPEND, 0644);
+    fd = openat(dirfd, filename, O_WRONLY | O_APPEND, DIGEST_LIST_MODE);
     if (fd < 0) {
         ret = -EACCES;
         goto out;

generators/unknown.c

@@ -373,9 +373,9 @@ int generator(int dirfd, int pos, struct list_head *head_in,
             tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min,
             tm.tm_sec);
 
-        fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        fd = openat(dirfd, filename, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     } else {
-        fd = openat(-1, gen_list_path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        fd = openat(-1, gen_list_path, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     }
 
     if (fd < 0) {

include/compact_list.h

@@ -19,6 +19,7 @@
 
 #define COMPACT_LIST_SIZE_MAX 64 * 1024 * 1024 - 1
 #define IMA_KEY_PATH "/etc/keys/x509_ima.der"
+#define DIGEST_LIST_MODE 0644
 
 enum parser_ops { PARSER_OP_ADD_DIGEST, PARSER_OP_ADD_DIGEST_TO_HTABLE,
           PARSER_OP_ADD_META_DIGEST,

lib/compact_list.c

@@ -37,7 +37,6 @@
 #include "selinux.h"
 
 #define DIGEST_LIST_LABEL "system_u:object_r:etc_t:s0"
-#define DIGEST_LIST_MODE 0644
 #define DIGEST_LIST_ALGO HASH_ALGO_SHA256
 
 char *compact_types_str[COMPACT__LAST] = {

lib/lib.c

@@ -26,6 +26,7 @@
 #include <sys/xattr.h>
 
 #include "lib.h"
+#include "compact_list.h"
 
 static const char *file_attrs_str[ATTR__LAST] = {
     [ATTR_PATH] = "path",
@@ -130,7 +131,7 @@ int copy_file(char *src, char *dest)
     if (ret < 0)
         return ret;
 
-    fd = open(dest, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+    fd = open(dest, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     if (fd < 0)
         goto out;
 

src/manage_digest_lists.c

@@ -194,7 +194,7 @@ int main(int argc, char *argv[])
             fd = init_digest_list_upload(&mount_sysfs,
                              &mount_securityfs);
         else
-            fd = open(output, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+            fd = open(output, O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
 
         if (fd < 0) {
             ret = -EACCES;

src/write_rpm_pgp_sig.c

@@ -53,7 +53,7 @@ int main(int argc, char *argv[])
     write_ima_xattr(-1, argv[1], issuer, sizeof(uint32_t), sig, sig_len,
             pgp_algo_mapping[algo]);
 
-    fd = openat(-1, argv[1], O_WRONLY | O_APPEND, 0644);
+    fd = openat(-1, argv[1], O_WRONLY | O_APPEND, DIGEST_LIST_MODE);
     if (fd < 0) {
         ret = -EACCES;
         goto out;

tests/compact_tlv.c

@@ -130,7 +130,7 @@ static void test_compact_tlv_parser(void **state)
     assert_return_code(dirfd, 0);
 
     snprintf(path, sizeof(path), "I:%s", NEW_FILE);
-    fd = open(&path[2], O_WRONLY | O_CREAT, 0644);
+    fd = open(&path[2], O_WRONLY | O_CREAT, DIGEST_LIST_MODE);
     assert_return_code(fd, 0);
 
     ret = write(fd, "0", 1);
@@ -170,7 +170,7 @@ static void test_compact_tlv_parser(void **state)
     assert_non_null(parser_lib);
 
     fd_compact_list = openat(dirfd, NEW_COMPACT_LIST,
-                 O_WRONLY | O_CREAT | O_TRUNC, 0644);
+                 O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     assert_return_code(fd_compact_list, 0);
 
     ret = ((parser_func)parser_lib->func)(fd_compact_list, &list_head,
@@ -196,7 +196,7 @@ static void test_compact_tlv_parser(void **state)
     munmap(buf, size);
 
     fd_compact_list = openat(dirfd, NEW_COMPACT_LIST,
-                 O_WRONLY | O_CREAT | O_TRUNC, 0644);
+                 O_WRONLY | O_CREAT | O_TRUNC, DIGEST_LIST_MODE);
     assert_return_code(fd_compact_list, 0);
 
     ret = ((parser_func)parser_lib->func)(fd_compact_list, &list_head,

tests/rpm.c

@@ -152,7 +152,7 @@ static void test_rpm_parser(void **state)
     assert_non_null(lib);
 
     fd_compact_list = openat(dirfd, NEW_COMPACT_LIST, O_WRONLY | O_CREAT,
-                 0644);
+                 DIGEST_LIST_MODE);
     assert_return_code(fd_compact_list, 0);
 
     ret = read_file_from_path(dirfd, RPM_HEADER, &buf, &size);