Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package

2013-02-22 17:38:59 +01:00 · 2013-02-22 17:38:59 +01:00 · 8c07616121
parent c617c0cebf
commit 8c07616121
2 changed files with 111 additions and 21 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -270,14 +270,6 @@ index 0000000..0c2f399
 +Categories=System;Security;
 +X-Desktop-File-Install-Version=0.2
 +Keywords=policy;security;selinux;avc;permission;mac;
-diff --git a/policycoreutils/gui/sepolgen b/policycoreutils/gui/sepolgen
-deleted file mode 100644
-index 2f0c1cc..0000000
--- a/policycoreutils/gui/sepolgen
-+++ /dev/null
-@@ -1,2 +0,0 @@
-#!/bin/sh
-sepolicy generate $*
 diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux
 new file mode 100755
 index 0000000..5be5ccd
@ -1546,7 +1538,7 @@ index b25d3b2..7a15d88 100755
         sys.exit(0)
     except ValueError,e:
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..e0f5f86 100644
+index 5e7415c..9f4a774 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -37,9 +37,30 @@ CLASS = 'class'
@ -1582,7 +1574,33 @@ index 5e7415c..e0f5f86 100644
         policies = glob.glob ("%s.*" % path )
         policies.sort()
         return policies[-1]
-@@ -54,6 +75,13 @@ def get_all_types():
+@@ -47,6 +68,25 @@ def __get_installed_policy():
+         pass
+     raise ValueError(_("No SELinux Policy installed"))
+         
+methods = []
+def get_methods():
+    global methods
+    if len(methods) > 0:
+        return methods
+    fn = defaults.interface_info()
+    try:
+        fd = open(fn)
+    # List of per_role_template interfaces
+        ifs = interfaces.InterfaceSet()
+        ifs.from_file(fd)
+        methods = ifs.interfaces.keys()
+        fd.close()
+    except:
+        sys.stderr.write("could not open interface info [%s]\n" % fn)
+        sys.exit(1)
+
+    return methods
+
+ all_types = None
+ def get_all_types():
+     global all_types
+@@ -54,6 +94,13 @@ def get_all_types():
         all_types = map(lambda x: x['name'], info(TYPE))
     return all_types
 
@ -1596,7 +1614,7 @@ index 5e7415c..e0f5f86 100644
 role_allows = None
 def get_all_role_allows():
 	global role_allows
-@@ -71,6 +99,7 @@ def get_all_role_allows():
+@@ -71,6 +118,7 @@ def get_all_role_allows():
 	return role_allows
 
 def get_all_entrypoint_domains():
@ -1604,7 +1622,7 @@ index 5e7415c..e0f5f86 100644
     all_domains = []
     types=get_all_types()
     types.sort()
-@@ -81,11 +110,35 @@ def get_all_entrypoint_domains():
+@@ -81,11 +129,35 @@ def get_all_entrypoint_domains():
                 all_domains.append(m[0])
     return all_domains
 
@ -1641,7 +1659,7 @@ index 5e7415c..e0f5f86 100644
 	return all_domains
 
 roles = None
-@@ -139,49 +192,42 @@ def get_all_attributes():
+@@ -139,49 +211,42 @@ def get_all_attributes():
 	return all_attributes
 
 def policy(policy_file):
@ -1711,18 +1729,40 @@ index 5e7415c..e0f5f86 100644
 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
         global booleans_dict
 diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
-index 26f8390..a23ce9b 100644
+index 26f8390..898ec43 100644
 --- a/policycoreutils/sepolicy/sepolicy/generate.py
 +++ b/policycoreutils/sepolicy/sepolicy/generate.py
-@@ -63,7 +63,6 @@ except IOError:
+@@ -63,20 +63,6 @@ except IOError:
     import __builtin__
     __builtin__.__dict__['_'] = unicode
 
 -user_types =  sepolicy.info(sepolicy.ATTRIBUTE,"userdomain")[0]["types"]
- methods = []
- fn = defaults.interface_info()
- try:
-@@ -1037,7 +1036,8 @@ allow %s_t %s_t:%s_socket name_%s;
+-methods = []
+-fn = defaults.interface_info()
+-try:
+-    fd = open(fn)
+-    # List of per_role_template interfaces
+-    ifs = interfaces.InterfaceSet()
+-    ifs.from_file(fd)
+-    methods = ifs.interfaces.keys()
+-    fd.close()
+-except:
+-    sys.stderr.write("could not open interface info [%s]\n" % fn)
+-    sys.exit(1)
+-
+ def get_rpm_nvr_from_header(hdr):
+     'Given an RPM header return the package NVR as a string'
+     name    = hdr['name']
+@@ -587,7 +573,7 @@ class policy:
+         def generate_network_action(self, protocol, action, port_name):
+             line = ""
+             method = "corenet_%s_%s_%s" % (protocol, action, port_name)
+-            if method in methods:
+            if method in sepolicy.get_methods():
+                 line = "%s(%s_t)\n" % (method, self.name)
+             else:
+                 line = """
+@@ -1037,7 +1023,8 @@ allow %s_t %s_t:%s_socket name_%s;
 ########################################
 #
 # %s local policy
@ -1732,6 +1772,53 @@ index 26f8390..a23ce9b 100644
                 newte += self.generate_capabilities()
                 newte += self.generate_process()
 		newte += self.generate_network_types()
+diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
+index 8b063ca..5e92c7c 100644
+--- a/policycoreutils/sepolicy/sepolicy/interface.py
+++ b/policycoreutils/sepolicy/sepolicy/interface.py
+@@ -27,7 +27,7 @@ import sepolgen.interfaces as interfaces
+ import sepolgen.defaults as defaults
+ ADMIN_TRANSITION_INTERFACE = "_admin$"
+ USER_TRANSITION_INTERFACE = "_role$"
+-from sepolicy.generate import get_all_types
+import selinux
+ 
+ __all__ = [ 'get', 'get_admin', 'get_user' ]
+ 
+@@ -48,24 +48,10 @@ except IOError:
+     import __builtin__
+     __builtin__.__dict__['_'] = unicode
+ 
+-def get():
+-    """ Get all Methods """
+-    fn = defaults.interface_info()
+-    try:
+-        fd = open(fn)
+-        ifs = interfaces.InterfaceSet()
+-        ifs.from_file(fd)
+-        methods = ifs.interfaces.keys()
+-        fd.close()
+-    except:
+-        raise ValueError(_("could not open interface info [%s]\n") % fn)
+-
+-    return methods
+-
+ def get_admin():
+     """ Get all domains with an admin interface"""
+     admin_list = []
+-    for i in get():
+    for i in sepolicy.get_methods():
+         if i.endswith("_admin"):
+             admin_list.append(i.split("_admin")[0])
+     return admin_list
+@@ -76,6 +62,6 @@ def get_user():
+     for i in get():
+         m = re.findall("(.*)%s" % USER_TRANSITION_INTERFACE, i)
+         if len(m) > 0:
+-            if "%s_exec_t" % m[0] in get_all_types():
+            if "%s_exec_t" % m[0] in sepolicy.get_all_types():
+                 trans_list.append(m[0])
+     return trans_list
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
 index 25062da..b3c24e6 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -324,6 +324,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-12
+- Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package
+
 * Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-11
 - sepolgen-ifgen should use the current policy path if selinux is enabled

@ -355,7 +358,7 @@ do not drop capabilities when run as root.

 * Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
 - Revert some changes which are causing the wrong policy version file to be created
- Switch sandbox to start using openbox rather then matchpbox
+- Switch sandbox to start using openbox rather then matchbox
 - Make sepolgen a symlink to sepolicy
 - update translations