libsemanage/backport-libsemanage-check-closing-written-files.patch

From 2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 25 Nov 2024 12:18:36 +0100
Subject: [PATCH] libsemanage: check closing written files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Check that closing a file that has been written to is successful, to
avoid potential unsuccessful writes/syncs.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504

---
 src/database_file.c  |  5 ++++-
 src/direct_api.c     | 15 +++++++++------
 src/genhomedircon.c  |  3 ++-
 src/semanage_store.c | 18 +++++++++++++-----
 4 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/src/database_file.c b/src/database_file.c
index 47814254..214dbe6c 100644
--- a/src/database_file.c
+++ b/src/database_file.c
@@ -149,7 +149,10 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
 	}
 
 	dbase_llist_set_modified(&dbase->llist, 0);
-	fclose(str);
+	if (fclose(str) != 0 && errno != EINTR) {
+		str = NULL;
+		goto err;
+	}
 	return STATUS_SUCCESS;
 
       err:
diff --git a/src/direct_api.c b/src/direct_api.c
index 0e7ef4da..87c7627d 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -467,7 +467,10 @@ static int write_file(semanage_handle_t * sh,
 		close(out);
 		return -1;
 	}
-	close(out);
+	if (close(out) == -1 && errno != EINTR) {
+		ERR(sh, "Error while closing %s.", filename);
+		return -1;
+	}
 	return 0;
 }
 
@@ -839,7 +842,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
 		goto cleanup;
 	}
 
-	if (fclose(fp) != 0) {
+	if (fclose(fp) != 0 && errno != EINTR) {
 		ERR(sh, "Unable to close %s module ext file.", modinfo->name);
 		fp = NULL;
 		ret = -1;
@@ -1216,7 +1219,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		FILE *touch;
 		touch = fopen(path, "we");
 		if (touch != NULL) {
-			if (fclose(touch) != 0) {
+			if (fclose(touch) != 0 && errno != EINTR) {
 				ERR(sh, "Error attempting to create disable_dontaudit flag.");
 				goto cleanup;
 			}
@@ -1248,7 +1251,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		FILE *touch;
 		touch = fopen(path, "we");
 		if (touch != NULL) {
-			if (fclose(touch) != 0) {
+			if (fclose(touch) != 0 && errno != EINTR) {
 				ERR(sh, "Error attempting to create preserve_tunable flag.");
 				goto cleanup;
 			}
@@ -2120,7 +2123,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
 
 			ret = fclose(fp);
 			fp = NULL;
-			if (ret != 0) {
+			if (ret != 0 && errno != EINTR) {
 				ERR(sh,
 				    "Unable to close disabled file for module %s",
 				    modkey->name);
@@ -2321,7 +2324,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
 	free(tmp);
 	tmp = NULL;
 
-	if (fclose(fp) != 0) {
+	if (fclose(fp) != 0 && errno != EINTR) {
 		fp = NULL;
 		ERR(sh,
 		    "Unable to close %s module lang ext file.",
diff --git a/src/genhomedircon.c b/src/genhomedircon.c
index 4949bc75..19543799 100644
--- a/src/genhomedircon.c
+++ b/src/genhomedircon.c
@@ -1429,7 +1429,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
 
 done:
 	if (out != NULL)
-		fclose(out);
+		if (fclose(out) != 0 && errno != EINTR)
+			retval = STATUS_ERR;
 
 	while (s.fallback)
 		pop_user_entry(&(s.fallback));
diff --git a/src/semanage_store.c b/src/semanage_store.c
index cdb495cb..e44efc16 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -717,7 +717,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
 		errsv = errno;
 		retval = -1;
 	}
-	if (close(out) < 0) {
+	if (close(out) < 0 && errno != EINTR) {
 		errsv = errno;
 		retval = -1;
 	}
@@ -1536,9 +1536,11 @@ int semanage_split_fc(semanage_handle_t * sh)
 	if (file_con)
 		fclose(file_con);
 	if (fc >= 0)
-		close(fc);
+		if (close(fc) == -1 && errno != EINTR)
+			retval = -1;
 	if (hd >= 0)
-		close(hd);
+		if (close(hd) == -1 && errno != EINTR)
+			retval = -1;
 
 	return retval;
 
@@ -1732,7 +1734,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 		close(fd);
 		return -1;
 	}
-	close(fd);
+	if (close(fd) == -1 && errno != EINTR) {
+		ERR(sh, "Error while closing commit number file %s.",
+		    commit_filename);
+		return -1;
+	}
 
 	/* sync changes in sandbox to filesystem */
 	fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
@@ -2157,7 +2163,9 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
 
       cleanup:
 	if (outfile != NULL) {
-		fclose(outfile);
+		if (fclose(outfile) != 0 && errno != EINTR) {
+			retval = STATUS_ERR;
+		}
 	}
 	umask(mask);
 	sepol_policy_file_free(pf);
-- 
2.33.0