Merge branch 'master' into 137-changlog

ctc-oss · Dec 30, 2023 · c2d554d · c2d554d
2 parents e80fd49 + be2244f
commit c2d554d
Show file tree

Hide file tree

Showing 8 changed files with 112 additions and 47 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/daemon/src/lib.rs b/crates/daemon/src/lib.rs
@@ -9,6 +9,7 @@
 pub mod conf;
 pub mod error;
 pub mod fapolicyd;
+pub mod pipe;
 pub mod profiler;
 pub mod svc;
 pub mod version;

diff --git a/crates/daemon/src/pipe.rs b/crates/daemon/src/pipe.rs
@@ -0,0 +1,50 @@
+/*
+ * Copyright Concurrent Technologies Corporation 2023
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+use crate::error::Error;
+use crate::fapolicyd::FIFO_PIPE;
+use crate::pipe::Commands::{FlushCache, ReloadRules, ReloadTrust};
+use std::io::Write;
+
+#[repr(u8)]
+enum Commands {
+    ReloadTrust = 1,
+    FlushCache = 2,
+    ReloadRules = 3,
+}
+
+type CmdResult = Result<(), Error>;
+
+// 3
+pub fn reload_rules() -> CmdResult {
+    ReloadRules.send()
+}
+
+// 2
+pub fn flush_cache() -> CmdResult {
+    FlushCache.send()
+}
+
+// 1
+pub fn reload_trust() -> CmdResult {
+    ReloadTrust.send()
+}
+
+impl Commands {
+    fn send(self) -> CmdResult {
+        let mut fifo = std::fs::OpenOptions::new()
+            .write(true)
+            .read(false)
+            .open(FIFO_PIPE)?;
+
+        // the new line char is required here
+        fifo.write_all(format!("{}\n", self as u8).as_bytes())?;
+
+        Ok(())
+    }
+}
diff --git a/crates/daemon/src/profiler.rs b/crates/daemon/src/profiler.rs
@@ -70,7 +70,12 @@ impl Profiler {
                 // create a temp file as the backup location
                 let backup = NamedTempFile::new()?;
                 // move original compiled to backup location
-                fs::rename(&compiled, &backup)?;
+                fs::rename(&compiled, &backup).or_else(|x| {
+                    log::debug!("rename fallback copy");
+                    fs::copy(&compiled, &backup)
+                        .and_then(|_| fs::remove_file(&compiled))
+                        .or(Err(x))
+                })?;
                 // write compiled rules for the profiling run
                 write::compiled_rules(db, &compiled)?;
                 log::debug!("rules backed up to {:?}", backup.path());

diff --git a/crates/pyo3/Cargo.toml b/crates/pyo3/Cargo.toml
@@ -10,12 +10,12 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-pyo3 = { version = "0.19", features = ["abi3", "auto-initialize"] }
+pyo3 = { version = "0.20", features = ["abi3", "auto-initialize"] }
 similar = "2.1"
 chrono = "0.4"
 tempfile = "3.3"
 log = "0.4"
-pyo3-log = ">=0.8"
+pyo3-log = "0.9"
 
 fapolicy-analyzer = { path = "../analyzer" }
 fapolicy-auparse = { path = "../auparse" }

diff --git a/crates/pyo3/src/trust.rs b/crates/pyo3/src/trust.rs
@@ -11,6 +11,7 @@ use std::collections::HashMap;
 use std::io::Write;
 
 use fapolicy_daemon::fapolicyd::FIFO_PIPE;
+use fapolicy_daemon::pipe;
 use pyo3::prelude::*;
 
 use fapolicy_trust::ops::{get_path_action_map, Changeset};
@@ -192,23 +193,22 @@ impl PyChangeset {
 /// send signal to fapolicyd FIFO pipe to reload the trust database
 #[pyfunction]
 fn signal_trust_reload() -> PyResult<()> {
-    let mut fifo = std::fs::OpenOptions::new()
-        .write(true)
-        .read(false)
-        .open(FIFO_PIPE)
-        .map_err(|e| PyRuntimeError::new_err(format!("failed to open fifo pipe: {}", e)))?;
-
-    fifo.write_all("1".as_bytes()).map_err(|e| {
-        PyRuntimeError::new_err(format!("failed to write reload byte to pipe: {:?}", e))
-    })?;
+    pipe::reload_trust()
+        .map_err(|e| PyRuntimeError::new_err(format!("failed to signal trust reload: {:?}", e)))
+}
 
-    Ok(())
+/// send signal to fapolicyd FIFO pipe to reload rules
+#[pyfunction]
+fn signal_rule_reload() -> PyResult<()> {
+    pipe::reload_rules()
+        .map_err(|e| PyRuntimeError::new_err(format!("failed to signal rules reload: {:?}", e)))
 }
 
 pub fn init_module(_py: Python, m: &PyModule) -> PyResult<()> {
     m.add_class::<PyChangeset>()?;
     m.add_class::<PyTrust>()?;
     m.add_class::<PyActual>()?;
     m.add_function(wrap_pyfunction!(signal_trust_reload, m)?)?;
+    m.add_function(wrap_pyfunction!(signal_rule_reload, m)?)?;
     Ok(())
 }
diff --git a/fapolicy-analyzer.spec b/fapolicy-analyzer.spec
@@ -2,7 +2,7 @@
 
 Summary:       File Access Policy Analyzer
 Name:          fapolicy-analyzer
-Version:       1.2.0
+Version:       1.2.2
 Release:       1%{?dist}
 
 SourceLicense: GPL-3.0-or-later
@@ -128,5 +128,5 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/%{name}.desktop
 %ghost %attr(640,root,root) %verify(not md5 size mtime) %{_localstatedir}/log/%{name}/%{name}.log
 
 %changelog
-* Mon Nov 06 2023 John Wass <[email protected]> 1.2.0-1
+* Wed Dec 27 2023 John Wass <[email protected]> 1.2.2-1
 - New release
diff --git a/scripts/srpm/fapolicy-analyzer.el9.spec b/scripts/srpm/fapolicy-analyzer.el9.spec
@@ -1,6 +1,6 @@
 Summary:       File Access Policy Analyzer
 Name:          fapolicy-analyzer
-Version:       1.2.0
+Version:       1.2.2
 Release:       1%{?dist}
 License:       GPL-3.0-or-later
 URL:           https://github.com/ctc-oss/fapolicy-analyzer
@@ -53,7 +53,7 @@ BuildRequires: rust-byteorder-devel
 BuildRequires: rust-cc-devel
 BuildRequires: rust-cfg-if-devel
 BuildRequires: rust-chrono-devel
-#BuildRequires: rust-confy-devel
+BuildRequires: rust-confy-devel
 BuildRequires: rust-crossbeam-channel-devel
 BuildRequires: rust-crossbeam-deque-devel
 BuildRequires: rust-crossbeam-epoch-devel
@@ -87,16 +87,13 @@ BuildRequires: rust-parking_lot_core-devel
 BuildRequires: rust-pkg-config-devel
 BuildRequires: rust-proc-macro-hack-devel
 BuildRequires: rust-proc-macro2-devel
-#BuildRequires: (crate(pyo3/default) >= 0.15.0 with crate(pyo3/default) < 0.16.0)
-#BuildRequires: (crate(pyo3-macros/default) >= 0.15.0 with crate(pyo3-macros/default) < 0.16.0)
-#BuildRequires: (crate(pyo3-build-config/default) >= 0.15.0 with crate(pyo3-build-config/default) < 0.16.0)
-#BuildRequires: (crate(pyo3-macros-backend/default) >= 0.15.0 with crate(pyo3-macros-backend/default) < 0.16.0)
+#BuildRequires: rust-pyo3-devel
 #BuildRequires: rust-pyo3-log-devel
 BuildRequires: rust-quote-devel
 BuildRequires: rust-rayon-devel
 BuildRequires: rust-rayon-core-devel
 BuildRequires: rust-remove_dir_all-devel
-#BuildRequires: rust-ring-devel
+BuildRequires: rust-ring-devel
 BuildRequires: rust-scopeguard-devel
 BuildRequires: rust-serde-devel
 BuildRequires: rust-serde_derive-devel
@@ -111,7 +108,7 @@ BuildRequires: rust-time0.1-devel
 BuildRequires: rust-toml-devel
 BuildRequires: rust-unicode-xid-devel
 BuildRequires: rust-unindent-devel
-#BuildRequires: rust-untrusted-devel
+BuildRequires: rust-untrusted-devel
 BuildRequires: rust-paste-devel
 BuildRequires: rust-indoc-devel
 
@@ -233,5 +230,5 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/%{name}.desktop
 %attr(755,root,root) %{_datadir}/applications/%{name}.desktop
 
 %changelog
-* Mon Nov 06 2023 John Wass <[email protected]> 1.2.0-1
+* Wed Dec 27 2023 John Wass <[email protected]> 1.2.2-1
 - New release