Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
This commit is contained in:
rhatdan
parent
91f5677207
commit
70bff091fa
|
|
@ -336082,10 +336082,10 @@ index 0000000..dc3ce6a
|
|||
+
|
||||
diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
|
||||
new file mode 100644
|
||||
index 0000000..e0a5466
|
||||
index 0000000..f4cc0b0
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/info.c
|
||||
@@ -0,0 +1,949 @@
|
||||
@@ -0,0 +1,928 @@
|
||||
+/**
|
||||
+ * @file
|
||||
+ * Command line tool to search TE rules.
|
||||
|
|
@ -336139,7 +336139,6 @@ index 0000000..e0a5466
|
|||
+#include <assert.h>
|
||||
+
|
||||
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
|
||||
+static char *policy_file = NULL;
|
||||
+
|
||||
+enum input
|
||||
+{
|
||||
|
|
@ -336938,34 +336937,16 @@ index 0000000..e0a5466
|
|||
+ return list;
|
||||
+}
|
||||
+
|
||||
+PyObject* info(int type, const char *name, const char *alt_policy_file)
|
||||
+PyObject* info( const char *policy_file, int type, const char *name)
|
||||
+{
|
||||
+ PyObject* output = NULL;
|
||||
+ int rt = -1;
|
||||
+ apol_policy_t *policydb = NULL;
|
||||
+ apol_policy_path_t *pol_path = NULL;
|
||||
+ apol_vector_t *mod_paths = NULL;
|
||||
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
|
||||
+
|
||||
+ if (alt_policy_file) {
|
||||
+ policy_file = strdup(alt_policy_file);
|
||||
+ if (!policy_file) {
|
||||
+ apol_vector_destroy(&mod_paths);
|
||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ else {
|
||||
+ rt = qpol_default_policy_find(&policy_file);
|
||||
+ if (rt != 0) {
|
||||
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
|
||||
+ if (!pol_path) {
|
||||
+ free(policy_file);
|
||||
+ apol_vector_destroy(&mod_paths);
|
||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
||||
+ return NULL;
|
||||
|
|
@ -336976,12 +336957,10 @@ index 0000000..e0a5466
|
|||
+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
|
||||
+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
|
||||
+ if (!policydb) {
|
||||
+ free(policy_file);
|
||||
+ apol_policy_path_destroy(&pol_path);
|
||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ free(policy_file);
|
||||
+
|
||||
+ /* display requested info */
|
||||
+ if (type == TYPE)
|
||||
|
|
@ -337010,12 +336989,12 @@ index 0000000..e0a5466
|
|||
+PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
|
||||
+ unsigned int type;
|
||||
+ char *name;
|
||||
+ char *policy_file;
|
||||
+ const char *policy_file;
|
||||
+
|
||||
+ if (!PyArg_ParseTuple(args, "izz", &type, &name, &policy_file))
|
||||
+ if (!PyArg_ParseTuple(args, "ziz", &policy_file, &type, &name))
|
||||
+ return NULL;
|
||||
+
|
||||
+ return Py_BuildValue("N",info(type, name, policy_file));
|
||||
+ return Py_BuildValue("N",info(policy_file, type, name));
|
||||
+
|
||||
+}
|
||||
+
|
||||
|
|
@ -337037,10 +337016,10 @@ index 0000000..e0a5466
|
|||
+}
|
||||
diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
|
||||
new file mode 100644
|
||||
index 0000000..80421fc
|
||||
index 0000000..a1aaa22
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/search.c
|
||||
@@ -0,0 +1,1022 @@
|
||||
@@ -0,0 +1,1008 @@
|
||||
+// Author: Thomas Liu <tliu@redhat.com>
|
||||
+
|
||||
+/**
|
||||
|
|
@ -337102,7 +337081,6 @@ index 0000000..80421fc
|
|||
+#include <stdbool.h>
|
||||
+
|
||||
+#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC"
|
||||
+static char *policy_file = NULL;
|
||||
+
|
||||
+enum opt_values
|
||||
+{
|
||||
|
|
@ -337827,7 +337805,8 @@ index 0000000..80421fc
|
|||
+ return output;
|
||||
+}
|
||||
+
|
||||
+PyObject* search(bool allow,
|
||||
+PyObject* search(const char *policy_file,
|
||||
+ bool allow,
|
||||
+ bool neverallow,
|
||||
+ bool auditallow,
|
||||
+ bool dontaudit,
|
||||
|
|
@ -337836,8 +337815,7 @@ index 0000000..80421fc
|
|||
+ const char *src_name,
|
||||
+ const char *tgt_name,
|
||||
+ const char *class_name,
|
||||
+ const char *permlist,
|
||||
+ const char *alt_policy_file
|
||||
+ const char *permlist
|
||||
+ )
|
||||
+{
|
||||
+ options_t cmd_opts;
|
||||
|
|
@ -337849,9 +337827,6 @@ index 0000000..80421fc
|
|||
+ apol_vector_t *mod_paths = NULL;
|
||||
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
|
||||
+
|
||||
+ if (alt_policy_file)
|
||||
+ policy_file = strdup(alt_policy_file);
|
||||
+
|
||||
+ memset(&cmd_opts, 0, sizeof(cmd_opts));
|
||||
+ cmd_opts.indirect = true;
|
||||
+ cmd_opts.allow = allow;
|
||||
|
|
@ -337874,19 +337849,11 @@ index 0000000..80421fc
|
|||
+ if (!(cmd_opts.nallow || cmd_opts.all))
|
||||
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
|
||||
+
|
||||
+ if (! policy_file) {
|
||||
+ rt = qpol_default_policy_find(&policy_file);
|
||||
+ if (rt) {
|
||||
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
|
||||
+
|
||||
+ if (apol_file_is_policy_path_list(policy_file) > 0) {
|
||||
+ pol_path = apol_policy_path_create_from_file(policy_file);
|
||||
+ if (!pol_path) {
|
||||
+ free(policy_file);
|
||||
+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
|
||||
+ return NULL;
|
||||
+ }
|
||||
|
|
@ -337895,11 +337862,9 @@ index 0000000..80421fc
|
|||
+ if (!pol_path)
|
||||
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
|
||||
+ if (!pol_path) {
|
||||
+ free(policy_file);
|
||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ free(policy_file);
|
||||
+ apol_vector_destroy(&mod_paths);
|
||||
+
|
||||
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
|
||||
|
|
@ -338051,7 +338016,7 @@ index 0000000..80421fc
|
|||
+ const char *permlist = Dict_ContainsString(dict, "permlist");
|
||||
+ const char *policy_path = Dict_ContainsString(dict, "policy");
|
||||
+
|
||||
+ return Py_BuildValue("N",search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist, policy_path));
|
||||
+ return Py_BuildValue("N",search(policy_path, allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist));
|
||||
+}
|
||||
+
|
||||
+static PyMethodDef methods[] = {
|
||||
|
|
@ -338065,10 +338030,10 @@ index 0000000..80421fc
|
|||
+}
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||
new file mode 100644
|
||||
index 0000000..86b5af1
|
||||
index 0000000..c574a46
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||
@@ -0,0 +1,135 @@
|
||||
@@ -0,0 +1,139 @@
|
||||
+# This file is part of systemd.
|
||||
+#
|
||||
+# Copyright 2011 Dan Walsh
|
||||
|
|
@ -338167,6 +338132,10 @@ index 0000000..86b5af1
|
|||
+ COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
|
||||
+ return 0
|
||||
+ fi
|
||||
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
|
||||
+ COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
|
||||
+ return 0
|
||||
+ fi
|
||||
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
||||
+ return 0
|
||||
+ elif [ "$verb" = "communicate" ]; then
|
||||
|
|
@ -338840,10 +338809,10 @@ index 0000000..5469729
|
|||
+ sys.exit(1)
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
new file mode 100644
|
||||
index 0000000..a55162f
|
||||
index 0000000..fbd011c
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
@@ -0,0 +1,90 @@
|
||||
@@ -0,0 +1,91 @@
|
||||
+#!/usr/bin/env python
|
||||
+
|
||||
+# Author: Thomas Liu <tliu@redhat.com>
|
||||
|
|
@ -338851,6 +338820,7 @@ index 0000000..a55162f
|
|||
+
|
||||
+import _search
|
||||
+import _info
|
||||
+import selinux
|
||||
+
|
||||
+TYPE = _info.TYPE
|
||||
+ROLE = _info.ROLE
|
||||
|
|
@ -338870,7 +338840,7 @@ index 0000000..a55162f
|
|||
+TRANSITION = 'transition'
|
||||
+ROLE_ALLOW = 'role_allow'
|
||||
+
|
||||
+policy_file = None
|
||||
+policy_file = selinux.selinux_current_policy_path()
|
||||
+
|
||||
+def search(types, info = {} ):
|
||||
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
|
||||
|
|
@ -338898,7 +338868,7 @@ index 0000000..a55162f
|
|||
+
|
||||
+def info(setype, name=None):
|
||||
+ global policy_file
|
||||
+ dict_list = _info.info(setype, name, policy_file)
|
||||
+ dict_list = _info.info(policy_file, setype, name)
|
||||
+ return dict_list
|
||||
+
|
||||
+def policy(alt_policy_file):
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.13
|
||||
Release: 18%{?dist}
|
||||
Release: 19%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
|
|
@ -329,7 +329,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Fri Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
|
||||
* Sat Oct 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19
|
||||
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
|
||||
|
||||
* Fri Oct 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
|
||||
- Allow sepolicy to specify the policy to generate content from
|
||||
|
||||
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
|
||||
|
|
|
|||
Loading…
Reference in New Issue