From ff021147fb40279dcf1a46f54b0d179b528c6f58 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <antoniomurdaca@gmail.com>
Date: Wed, 30 Aug 2023 16:59:07 +0200
Subject: [PATCH 1/2] chore: fixup paths for selinux

Using the service-info-api server with selinux requires us to put
anything we want to send to the device under /var/lib/fdo as that
directory, and its files, will now get the correct selinux label.
The previous approach opens up for security issues by leaving the
process basically accessing the whole host.

Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
---
 HOWTO.md                                   | 6 +++---
 examples/config/serviceinfo-api-server.yml | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/HOWTO.md b/HOWTO.md
index 882887d02..80da17b30 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -446,10 +446,10 @@ service_info:
     sshkeys:
     - "testkey"
   files:
-  - path: /device/etc/hosts
+  - path: /var/lib/fdo/service-info-api/files/hosts
     permissions: 644
     source_path: /server/local/etc/hosts
-  - path: /device/etc/resolv.conf
+  - path: /var/lib/fdo/service-info-api/files/resolv.conf
     source_path: /server/local/etc/resolv.conf
   commands:
   - command: ls
@@ -493,7 +493,7 @@ Where:
   - `files`: [OPTIONAL] transfers files to a device.
     - `path`: destination path.
     - `permissions`: permissions to set on the file.
-    - `source_path`: source file path.
+    - `source_path`: source file path, must be a file under `/var/lib/fdo/`.
   - `commands`: [OPTIONAL] executes the given list of commands on the device.
       - `command`: command to execute.
       - `args`: list of arguments for the command.
diff --git a/examples/config/serviceinfo-api-server.yml b/examples/config/serviceinfo-api-server.yml
index e0b399845..812172661 100644
--- a/examples/config/serviceinfo-api-server.yml
+++ b/examples/config/serviceinfo-api-server.yml
@@ -11,10 +11,10 @@ service_info:
     sshkeys:
     - "testkey"
   files:
-  - path: /device/etc/hosts
+  - path: /var/lib/fdo/service-info-api/files/hosts
     permissions: 644
     source_path: /server/local/etc/hosts
-  - path: /device/etc/resolv.conf
+  - path: /var/lib/fdo/service-info-api/files/resolv.conf
     source_path: /server/local/etc/resolv.conf
   commands:
   - command: ls

From 98e9479b4ce72b1105cc229f10f9a6f9e3480c03 Mon Sep 17 00:00:00 2001
From: Irene Diez <idiez@redhat.com>
Date: Thu, 31 Aug 2023 13:50:42 +0200
Subject: [PATCH 2/2] fix(data-formats): fixes redundant pattern matching

Signed-off-by: Irene Diez <idiez@redhat.com>
---
 data-formats/src/messages/v11/diun.rs | 2 +-
 data-formats/src/messages/v11/to0.rs  | 2 +-
 data-formats/src/messages/v11/to1.rs  | 2 +-
 data-formats/src/messages/v11/to2.rs  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/data-formats/src/messages/v11/diun.rs b/data-formats/src/messages/v11/diun.rs
index 724c9ab5e..1b3360098 100644
--- a/data-formats/src/messages/v11/diun.rs
+++ b/data-formats/src/messages/v11/diun.rs
@@ -54,7 +54,7 @@ impl Message for Connect {
     }
 
     fn is_valid_previous_message(message_type: Option<MessageType>) -> bool {
-        matches!(message_type, None)
+        message_type.is_none()
     }
 
     fn encryption_requirement() -> Option<EncryptionRequirement> {
diff --git a/data-formats/src/messages/v11/to0.rs b/data-formats/src/messages/v11/to0.rs
index 79d02dad0..f1f57c74d 100644
--- a/data-formats/src/messages/v11/to0.rs
+++ b/data-formats/src/messages/v11/to0.rs
@@ -26,7 +26,7 @@ impl Message for Hello {
     }
 
     fn is_valid_previous_message(message_type: Option<MessageType>) -> bool {
-        matches!(message_type, None)
+        message_type.is_none()
     }
 
     fn encryption_requirement() -> Option<EncryptionRequirement> {
diff --git a/data-formats/src/messages/v11/to1.rs b/data-formats/src/messages/v11/to1.rs
index e037e798e..41b5939cc 100644
--- a/data-formats/src/messages/v11/to1.rs
+++ b/data-formats/src/messages/v11/to1.rs
@@ -37,7 +37,7 @@ impl Message for HelloRV {
     }
 
     fn is_valid_previous_message(message_type: Option<crate::constants::MessageType>) -> bool {
-        matches!(message_type, None)
+        message_type.is_none()
     }
 
     fn encryption_requirement() -> Option<EncryptionRequirement> {
diff --git a/data-formats/src/messages/v11/to2.rs b/data-formats/src/messages/v11/to2.rs
index 81a88cbf6..cfb2ef52d 100644
--- a/data-formats/src/messages/v11/to2.rs
+++ b/data-formats/src/messages/v11/to2.rs
@@ -75,7 +75,7 @@ impl Message for HelloDevice {
     }
 
     fn is_valid_previous_message(message_type: Option<MessageType>) -> bool {
-        matches!(message_type, None)
+        message_type.is_none()
     }
 
     fn encryption_requirement() -> Option<EncryptionRequirement> {