sepolicy: Add better private API for setfscreatecon

Use `g_auto()` more sanely with a struct implmenting the "is initialized"
pattern.  This is way less ugly for callers, and fixes bugs like
us calling `setfscreatecon()` even if an error occurred beforehand.

Also fold in the logic for "NULL or not loaded" sepolicy into the setup rather
than requiring callers to inline it.

Prep for more users of this function.

Closes: #746
Approved by: jlebon

src/libostree/ostree-sepolicy-private.h

@@ -0,0 +1,41 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
+ *
+ * Copyright (C) 2017 Colin Walters <walters@verbum.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#pragma once
+
+#include "ostree-types.h"
+
+G_BEGIN_DECLS
+
+typedef struct {
+  gboolean initialized;
+} OstreeSepolicyFsCreatecon;
+
+void _ostree_sepolicy_fscreatecon_clear (OstreeSepolicyFsCreatecon *con);
+G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(OstreeSepolicyFsCreatecon, _ostree_sepolicy_fscreatecon_clear)
+
+gboolean _ostree_sepolicy_preparefscreatecon (OstreeSepolicyFsCreatecon *con,
+                                              OstreeSePolicy   *self,
+                                              const char       *path,
+                                              guint32           mode,
+                                              GError          **error);
+
+
+G_END_DECLS

src/libostree/ostree-sepolicy.c

@@ -28,6 +28,7 @@
 #include "otutil.h"
 
 #include "ostree-sepolicy.h"
+#include "ostree-sepolicy-private.h"
 #include "ostree-bootloader-uboot.h"
 #include "ostree-bootloader-syslinux.h"
 
@@ -690,3 +691,31 @@ ostree_sepolicy_fscreatecon_cleanup (void **unused)
   setfscreatecon (NULL);
 #endif
 }
+
+/* Currently private copy of the older sepolicy/fscreatecon API with a nicer
+ * g_auto() cleanup. May be made public later.
+ */
+gboolean
+_ostree_sepolicy_preparefscreatecon (OstreeSepolicyFsCreatecon *con,
+                                     OstreeSePolicy   *self,
+                                     const char       *path,
+                                     guint32           mode,
+                                     GError          **error)
+{
+  if (!self || ostree_sepolicy_get_name (self) == NULL)
+    return TRUE;
+
+  if (!ostree_sepolicy_setfscreatecon (self, path, mode, error))
+    return FALSE;
+
+  con->initialized = TRUE;
+  return TRUE;
+}
+
+void
+_ostree_sepolicy_fscreatecon_clear (OstreeSepolicyFsCreatecon *con)
+{
+  if (!con->initialized)
+    return;
+  ostree_sepolicy_fscreatecon_cleanup (NULL);
+}

src/libostree/ostree-sysroot-deploy.c

@@ -30,6 +30,7 @@
 #endif
 
 #include "ostree-sysroot-private.h"
+#include "ostree-sepolicy-private.h"
 #include "ostree-deployment-private.h"
 #include "ostree-core-private.h"
 #include "ostree-linuxfsutil.h"
@@ -733,21 +734,13 @@ selinux_relabel_var_if_needed (OstreeSysroot                 *sysroot,
           return FALSE;
         }
 
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunused-variable"
-      { ostree_cleanup_sepolicy_fscreatecon gpointer dummy = NULL;
-#pragma GCC diagnostic pop
+      { g_auto(OstreeSepolicyFsCreatecon) con = { 0, };
+        const char *selabeled_abspath = glnx_strjoina ("/", selabeled);
 
-        if (sysroot->sepolicy != NULL
-            && ostree_sepolicy_get_name (sysroot->sepolicy) != NULL)
-          {
-            const char *selabeled_abspath = glnx_strjoina ("/", selabeled);
-            if (!ostree_sepolicy_setfscreatecon (sysroot->sepolicy,
-                                                 selabeled_abspath,
-                                                 0644,
-                                                 error))
-              return FALSE;
-          }
+        if (!_ostree_sepolicy_preparefscreatecon (&con, sysroot->sepolicy,
+                                                  selabeled_abspath,
+                                                  0644, error))
+          return FALSE;
 
         if (!glnx_file_replace_contents_at (os_deploy_dfd, selabeled, (guint8*)"", 0,
                                             GLNX_FILE_REPLACE_DATASYNC_NEW,
@@ -2112,23 +2105,12 @@ ostree_sysroot_deploy_tree (OstreeSysroot     *self,
         return FALSE;
     }
 
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunused-variable"
-  { ostree_cleanup_sepolicy_fscreatecon gpointer dummy = NULL;
-#pragma GCC diagnostic pop
+  { g_auto(OstreeSepolicyFsCreatecon) con = { 0, };
 
-    /* Explicitly override the label for the origin file to ensure
-     * it's system_conf_t.
-     */
-    if (self->sepolicy != NULL
-        && ostree_sepolicy_get_name (self->sepolicy) != NULL)
-      {
-        if (!ostree_sepolicy_setfscreatecon (self->sepolicy,
-                                             "/etc/ostree/remotes.d/dummy.conf",
-                                             0644,
-                                             error))
-          return FALSE;
-      }
+    if (!_ostree_sepolicy_preparefscreatecon (&con, self->sepolicy,
+                                              "/etc/ostree/remotes.d/dummy.conf",
+                                              0644, error))
+      return FALSE;
 
     /* Don't fsync here, as we assume that's all done in
      * ostree_sysroot_write_deployments().