* Wed Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-8

- Speed up audit2allow processing of audit2why comments

policycoreutils-sepolgen.patch

@@ -56,7 +56,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
          if audit_msg:
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py
 --- nsasepolgen/src/sepolgen/audit.py	2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py	2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py	2010-01-06 09:52:35.000000000 -0500
 @@ -23,6 +23,27 @@
  
  # Convenience functions
@@ -103,15 +103,17 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
  # Classes representing audit messages
  
  class AuditMessage:
-@@ -106,6 +138,7 @@
+@@ -106,6 +138,9 @@
              if fields[0] == "path":
                  self.path = fields[1][1:-1]
                  return
 +import selinux.audit2why as audit2why
++
++avcdict = {}
  
  class AVCMessage(AuditMessage):
      """AVC message representing an access denial or granted message.
-@@ -146,6 +179,8 @@
+@@ -146,6 +181,8 @@
          self.path = ""
          self.accesses = []
          self.denial = True
@@ -120,7 +122,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
  
      def __parse_access(self, recs, start):
          # This is kind of sucky - the access that is in a space separated
-@@ -205,7 +240,25 @@
+@@ -205,7 +242,31 @@
  
          if not found_src or not found_tgt or not found_class or not found_access:
              raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -130,24 +132,30 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
 +    def analyze(self):
 +        tcontext = self.tcontext.to_string()
 +        scontext = self.scontext.to_string()
-+        self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
-+        if self.type == audit2why.NOPOLICY:
-+            raise ValueError("Must call policy_init first")
-+        if self.type == audit2why.BADTCON:
-+            raise ValueError("Invalid Target Context %s\n" % tcontext)
-+        if self.type == audit2why.BADSCON:
-+            raise ValueError("Invalid Source Context %s\n" % scontext)
-+        if self.type == audit2why.BADSCON:
-+            raise ValueError("Invalid Type Class %s\n" % self.tclass)
-+        if self.type == audit2why.BADPERM:
-+            raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
-+        if self.type == audit2why.BADCOMPUTE:
-+            raise ValueError("Error during access vector computation")
++        access_tuple = tuple( self.accesses)
++        if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
++            self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
++        else:
++            self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
++            if self.type == audit2why.NOPOLICY:
++                raise ValueError("Must call policy_init first")
++            if self.type == audit2why.BADTCON:
++                raise ValueError("Invalid Target Context %s\n" % tcontext)
++            if self.type == audit2why.BADSCON:
++                raise ValueError("Invalid Source Context %s\n" % scontext)
++            if self.type == audit2why.BADSCON:
++                raise ValueError("Invalid Type Class %s\n" % self.tclass)
++            if self.type == audit2why.BADPERM:
++                raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
++            if self.type == audit2why.BADCOMPUTE:
++                raise ValueError("Error during access vector computation")
++
++            avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
 +
  class PolicyLoadMessage(AuditMessage):
      """Audit message indicating that the policy was reloaded."""
      def __init__(self, message):
-@@ -285,6 +338,9 @@
+@@ -285,6 +346,9 @@
  
      def __initialize(self):
          self.avc_msgs = []
@@ -157,7 +165,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
          self.compute_sid_msgs = []
          self.invalid_msgs = []
          self.policy_load_msgs = []
-@@ -314,7 +370,7 @@
+@@ -314,7 +378,7 @@
              elif i == "security_compute_sid:":
                  msg = ComputeSidMessage(line)
                  found = True
@@ -166,7 +174,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
                  msg = PolicyLoadMessage(line)
                  found = True
              elif i == "type=AVC_PATH":
-@@ -442,16 +498,17 @@
+@@ -442,16 +506,17 @@
             audit logs parsed by this object.
          """
          av_set = access.AccessVectorSet()
@@ -186,7 +194,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
          return av_set
  
  class AVCTypeFilter:
-@@ -477,5 +534,3 @@
+@@ -477,5 +542,3 @@
          if self.regex.match(avc.tcontext.type):
              return True
          return False

policycoreutils.spec

@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.78
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -297,6 +297,9 @@ fi
 exit 0
 
 %changelog
+* Wed Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-8
+- Speed up audit2allow processing of audit2why comments
+
 * Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
 - Fixes to sandbox man page