Refactor selinux file mode

joshcooper · joshcooper · commit bd1c0e52cf9b · 2024-08-12T18:16:40.000-07:00
Create private `file_mode` method that returns either the current mode or a
default mode based on the desired `resource_ensure` value.
diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb
@@ -55,23 +55,15 @@ def get_selinux_default_context(file, resource_ensure = nil)
 
     # If the file exists we should pass the mode to matchpathcon for the most specific
     # matching.  If not, we can pass a mode of 0.
-    begin
-      filestat = file_lstat(file)
-      mode = filestat.mode
-    rescue Errno::EACCES
-      mode = 0
-    rescue Errno::ENOENT
-      if resource_ensure
-        mode = get_create_mode(resource_ensure)
-      else
-        mode = 0
-      end
-    end
+    mode = file_mode(file, resource_ensure)
 
     retval = Selinux.matchpathcon(file, mode)
     retval == -1 ? nil : retval[1]
   end
 
+  # Retrieve and return the default context of the file using an selinux handle.
+  # If we don't have SELinux support or if the SELinux call fails to file a
+  # default then return nil.
   def get_selinux_default_context_with_handle(file, handle, resource_ensure = nil)
     return nil unless selinux_support?
     # If the filesystem has no support for SELinux labels, return a default of nil
@@ -83,18 +75,7 @@ def get_selinux_default_context_with_handle(file, handle, resource_ensure = nil)
 
     # If the file exists we should pass the mode to selabel_lookup for the most specific
     # matching.  If not, we can pass a mode of 0.
-    begin
-      filestat = file_lstat(file)
-      mode = filestat.mode
-    rescue Errno::EACCES
-      mode = 0
-    rescue Errno::ENOENT
-      if resource_ensure
-        mode = get_create_mode(resource_ensure)
-      else
-        mode = 0
-      end
-    end
+    mode = file_mode(file, resource_ensure)
 
     retval = Selinux.selabel_lookup(handle, file, mode)
     retval == -1 ? nil : retval[1]
@@ -260,6 +241,22 @@ def get_create_mode(resource_ensure)
     mode
   end
 
+  # If the file/directory/symlink exists, return its mode. Otherwise, get the default mode
+  # that should be used to create the file/directory/symlink taking into account the desired
+  # file type specified in +resource_ensure+.
+  def file_mode(file, resource_ensure)
+    filestat = file_lstat(file)
+    filestat.mode
+  rescue Errno::EACCES
+    0
+  rescue Errno::ENOENT
+    if resource_ensure
+      get_create_mode(resource_ensure)
+    else
+      0
+    end
+  end
+
   # Internal helper function to read and parse /proc/mounts
   def read_mounts
     mounts = ''.dup
