From 8d4dec1b531f8cb6080887362a897f78c13fd098 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 30 Mar 2017 13:38:08 -0400
Subject: [PATCH] sepolicy: Fix regressions from introduction of
 sepolicy_new_at()

Being bitten by lack of PR testing here.  There are two bugs:

- First and foremost, I forgot that GObject will call the property setters with
  the defaults.  This meant we were getting both path="/var/tmp/blah" and fd=-1,
  and we were accepting -1 as a fd, which then got converted into AT_FDCWD
  which was wrong.
- Since these properties are construct only and mutually exclusive, don't
  try to handle one resetting the other.  Assert that exactly one of them is set.

Closes: #769
Approved by: jlebon
---
 src/libostree/ostree-sepolicy.c | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/libostree/ostree-sepolicy.c b/src/libostree/ostree-sepolicy.c
index ea4e46b1..2013f523 100644
--- a/src/libostree/ostree-sepolicy.c
+++ b/src/libostree/ostree-sepolicy.c
@@ -112,15 +112,18 @@ ostree_sepolicy_set_property(GObject         *object,
           {
             /* Canonicalize */
             self->path = g_file_new_for_path (gs_file_get_path_cached (path));
+            g_assert_cmpint (self->rootfs_dfd, ==, -1);
           }
-        self->rootfs_dfd = -1;
       }
       break;
     case PROP_ROOTFS_DFD:
       {
-        self->rootfs_dfd = g_value_get_int (value);
-        g_clear_object (&self->path);
-        self->path = ot_fdrel_to_gfile (self->rootfs_dfd, ".");
+        int fd = g_value_get_int (value);
+        if (fd != -1)
+          {
+            g_assert (self->path == NULL);
+            self->rootfs_dfd = fd;
+          }
       }
       break;
     default:
@@ -282,6 +285,7 @@ initable_init (GInitable     *initable,
 #ifdef HAVE_SELINUX
   gboolean ret = FALSE;
   OstreeSePolicy *self = OSTREE_SEPOLICY (initable);
+  g_autoptr(GFile) path = NULL;
   g_autoptr(GFile) etc_selinux_dir = NULL;
   g_autoptr(GFile) policy_config_path = NULL;
   g_autoptr(GFile) policy_root = NULL;
@@ -293,19 +297,27 @@ initable_init (GInitable     *initable,
   const char *selinuxtype_prefix = "SELINUXTYPE=";
 
   /* TODO - use this below */
-  if (self->rootfs_dfd == -1)
+  if (self->rootfs_dfd != -1)
+    path = ot_fdrel_to_gfile (self->rootfs_dfd, ".");
+  else if (self->path)
     {
+      path = g_object_ref (self->path);
+#if 0
+      /* TODO - use this below */
       if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (self->path), TRUE,
                            &self->rootfs_dfd_owned, error))
         goto out;
       self->rootfs_dfd = self->rootfs_dfd_owned;
+#endif
     }
+  else
+    g_assert_not_reached ();
 
-  etc_selinux_dir = g_file_resolve_relative_path (self->path, "etc/selinux");
+  etc_selinux_dir = g_file_resolve_relative_path (path, "etc/selinux");
   if (!g_file_query_exists (etc_selinux_dir, NULL))
     {
       g_object_unref (etc_selinux_dir);
-      etc_selinux_dir = g_file_resolve_relative_path (self->path, "usr/etc/selinux");
+      etc_selinux_dir = g_file_resolve_relative_path (path, "usr/etc/selinux");
     }
   policy_config_path = g_file_get_child (etc_selinux_dir, "config");