policycoreutils/policycoreutils-sepolgen.patch

diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py
--- nsasepolgen/src/sepolgen/audit.py	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py	2009-08-18 15:21:13.000000000 -0400
@@ -23,6 +23,27 @@
 
 # Convenience functions
 
+def get_audit_boot_msgs():
+    """Obtain all of the avc and policy load messages from the audit
+    log. This function uses ausearch and requires that the current
+    process have sufficient rights to run ausearch.
+
+    Returns:
+       string contain all of the audit messages returned by ausearch.
+    """
+    import subprocess
+    import time
+    fd=open("/proc/uptime", "r")
+    off=float(fd.read().split()[0])
+    fd.close
+    s = time.localtime(time.time() - off)
+    date = time.strftime("%D/%Y", s).split("/")
+    bootdate="%s/%s/%s" % (date[0], date[1], date[3])
+    boottime = time.strftime("%X", s)
+    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+                              stdout=subprocess.PIPE).communicate()[0]
+    return output
+
 def get_audit_msgs():
     """Obtain all of the avc and policy load messages from the audit
     log. This function uses ausearch and requires that the current
@@ -47,6 +68,17 @@
                               stdout=subprocess.PIPE).communicate()[0]
     return output
 
+def get_log_msgs():
+    """Obtain all of the avc and policy load messages from /var/log/messages.
+
+    Returns:
+       string contain all of the audit messages returned by /var/log/messages.
+    """
+    import subprocess
+    output = subprocess.Popen(["/bin/grep", "avc",  "/var/log/messages"],
+                              stdout=subprocess.PIPE).communicate()[0]
+    return output
+
 # Classes representing audit messages
 
 class AuditMessage:
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py	2009-08-13 17:57:55.000000000 -0400
@@ -919,7 +919,7 @@
 def list_headers(root):
     modules = []
     support_macros = None
-    blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
+    blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
 
     for dirpath, dirnames, filenames in os.walk(root):
         for name in filenames:
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-19 13:08:28 +00:00			`diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py`
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-18 19:25:04 +00:00			`--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400`
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-19 13:08:28 +00:00			`+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py 2009-08-18 15:21:13.000000000 -0400`
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-18 19:25:04 +00:00			`@@ -23,6 +23,27 @@`
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-8 - Update po files - Add --equiv command for semanage 2009-04-09 02:05:21 +00:00
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-18 19:25:04 +00:00			`# Convenience functions`
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-8 - Update po files - Add --equiv command for semanage 2009-04-09 02:05:21 +00:00
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-18 19:25:04 +00:00			`+def get_audit_boot_msgs():`
			`+ """Obtain all of the avc and policy load messages from the audit`
			`+ log. This function uses ausearch and requires that the current`
			`+ process have sufficient rights to run ausearch.`
			`+`
			`+ Returns:`
			`+ string contain all of the audit messages returned by ausearch.`
			`+ """`
			`+ import subprocess`
			`+ import time`
			`+ fd=open("/proc/uptime", "r")`
			`+ off=float(fd.read().split()[0])`
			`+ fd.close`
			`+ s = time.localtime(time.time() - off)`
			`+ date = time.strftime("%D/%Y", s).split("/")`
			`+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])`
			`+ boottime = time.strftime("%X", s)`
			`+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],`
			`+ stdout=subprocess.PIPE).communicate()[0]`
			`+ return output`
			`+`
			`def get_audit_msgs():`
			`"""Obtain all of the avc and policy load messages from the audit`
			`log. This function uses ausearch and requires that the current`
			`@@ -47,6 +68,17 @@`
* Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14 - Fix audit2allow -a to retun /var/log/messages 2009-05-05 18:51:52 +00:00			`stdout=subprocess.PIPE).communicate()[0]`
			`return output`

			`+def get_log_msgs():`
			`+ """Obtain all of the avc and policy load messages from /var/log/messages.`
			`+`
			`+ Returns:`
			`+ string contain all of the audit messages returned by /var/log/messages.`
			`+ """`
			`+ import subprocess`
			`+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],`
			`+ stdout=subprocess.PIPE).communicate()[0]`
			`+ return output`
			`+`
			`# Classes representing audit messages`

			`class AuditMessage:`
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-19 13:08:28 +00:00			`diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py`
* Thu Sep 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-8 - Only call gen_requires once in sepolgen 2008-09-11 13:55:11 +00:00			`--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400`
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4 - Add --boot flag to audit2allow to get all AVC messages since last boot 2009-08-19 13:08:28 +00:00			`+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py 2009-08-13 17:57:55.000000000 -0400`
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1 - Update to upstream * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh. * Merged sepolgen fixes from Dan Walsh. 2008-01-23 20:23:24 +00:00			`@@ -919,7 +919,7 @@`
* Tue Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-4 - Fix sepolgen to be able to parse Fedora 9 policy Handle ifelse statements Handle refpolicywarn inside of define Add init.if and inetd.if into parse Add parse_file to syntax error message 2007-12-19 10:40:23 +00:00			`def list_headers(root):`
			`modules = []`
			`support_macros = None`
			`- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]`
* Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-5 - Fix sepolgen again 2009-08-19 19:02:29 +00:00			`+ blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]`
* Tue Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-4 - Fix sepolgen to be able to parse Fedora 9 policy Handle ifelse statements Handle refpolicywarn inside of define Add init.if and inetd.if into parse Add parse_file to syntax error message 2007-12-19 10:40:23 +00:00
			`for dirpath, dirnames, filenames in os.walk(root):`
			`for name in filenames:`