From 934834e6cbd20dc6b9f134862c5f21706953ce0d Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 20 Nov 2013 09:19:24 -0500 Subject: [PATCH] Fix selinux-polgengui, get_all_modules call --- policycoreutils-rhat.patch | 237 ++++++++++++++++++++++++++++--------- 1 file changed, 178 insertions(+), 59 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index affaded..0937df8 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -982,11 +982,105 @@ index 9ff0766..a52863e 100644 + except subprocess.CalledProcessError as e: + self.error(e.output) + self.ready() +diff --git a/policycoreutils/gui/polgen.glade b/policycoreutils/gui/polgen.glade +index 37c1472..9854fb2 100644 +--- a/policycoreutils/gui/polgen.glade ++++ b/policycoreutils/gui/polgen.glade +@@ -758,7 +758,7 @@ + True + False + True +- ++ + + + 2 +@@ -840,7 +840,7 @@ + True + False + True +- ++ + + + 2 +@@ -1983,7 +1983,7 @@ Tab + True + True + False +- ++ + + + True +@@ -2036,7 +2036,7 @@ Tab + True + True + False +- ++ + + + True +@@ -2091,7 +2091,7 @@ Tab + True + False + True +- ++ + + + +@@ -2188,7 +2188,7 @@ Tab + True + True + False +- ++ + + + True +@@ -2243,7 +2243,7 @@ Tab + True + False + True +- ++ + + + +@@ -2414,7 +2414,7 @@ Tab + True + False + True +- ++ + + + False +@@ -2430,7 +2430,7 @@ Tab + True + False + True +- ++ + + + False +@@ -2446,7 +2446,7 @@ Tab + True + False + True +- ++ + + + False diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py -index 0f0e564..ab2b9c5 100644 +index 0f0e564..1b88c47 100644 --- a/policycoreutils/gui/polgengui.py +++ b/policycoreutils/gui/polgengui.py -@@ -30,25 +30,29 @@ import gnome +@@ -30,29 +30,15 @@ import gnome import sys try: from sepolicy import generate @@ -1002,10 +1096,8 @@ index 0f0e564..ab2b9c5 100644 import re - def get_all_modules(): -+ all_modules = [] -+ cmd = "semodule -l 2>/dev/null" - try: +-def get_all_modules(): +- try: - all_modules = [] - rc, output=commands.getstatusoutput("semodule -l 2>/dev/null") - if rc == 0: @@ -1014,20 +1106,14 @@ index 0f0e564..ab2b9c5 100644 - all_modules.append(i.split()[0]) - except: - pass -+ output = subprocess.check_output(cmd, -+ stderr=subprocess.STDOUT, -+ shell=True) -+ l = output.split("\n") -+ for i in l: -+ all_modules.append(i.split()[0]) -+ -+ except subprocess.CalledProcessError as e: -+ self.error(e.output) -+ self.ready() - - return all_modules - -@@ -67,8 +71,8 @@ try: +- +- return all_modules +- +- + ## + ## I18N + ## +@@ -67,8 +53,8 @@ try: unicode=False, codeset = 'utf-8') except IOError: @@ -1038,8 +1124,12 @@ index 0f0e564..ab2b9c5 100644 gnome.program_init("SELinux Policy Generation Tool", "5") -@@ -194,7 +198,7 @@ class childWindow: - self.all_modules = get_all_modules() +@@ -191,10 +177,10 @@ class childWindow: + + try: + self.all_types = generate.get_all_types() +- self.all_modules = get_all_modules() ++ self.all_modules = sepolicy.get_all_modules() self.all_roles = generate.get_all_roles() self.all_users = generate.get_all_users() - except RuntimeError, e: @@ -1047,7 +1137,7 @@ index 0f0e564..ab2b9c5 100644 self.all_types = [] self.all_modules = [] self.all_roles = [] -@@ -262,7 +266,7 @@ class childWindow: +@@ -262,7 +248,7 @@ class childWindow: self.out_udp_entry = self.xml.get_widget("out_udp_entry") self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ] @@ -1056,7 +1146,7 @@ index 0f0e564..ab2b9c5 100644 b.connect("clicked",self.network_all_clicked) self.boolean_treeview = self.xml.get_widget("boolean_treeview") -@@ -333,7 +337,7 @@ class childWindow: +@@ -333,7 +319,7 @@ class childWindow: for a in sepolicy.interface.get_admin(): iter = self.admin_store.append() self.admin_store.set_value(iter, 0, a) @@ -1065,7 +1155,7 @@ index 0f0e564..ab2b9c5 100644 self.error(e.message) def confine_application(self): -@@ -519,7 +523,7 @@ class childWindow: +@@ -519,7 +505,7 @@ class childWindow: self.info(my_policy.generate(outputdir)) return False @@ -1074,7 +1164,7 @@ index 0f0e564..ab2b9c5 100644 self.error(e.message) def delete(self, args): -@@ -687,7 +691,7 @@ class childWindow: +@@ -687,7 +673,7 @@ class childWindow: try: generate.verify_ports(self.in_tcp_entry.get_text()) generate.verify_ports(self.in_udp_entry.get_text()) @@ -1083,7 +1173,7 @@ index 0f0e564..ab2b9c5 100644 self.error(e.message) return True -@@ -695,7 +699,7 @@ class childWindow: +@@ -695,7 +681,7 @@ class childWindow: try: generate.verify_ports(self.out_tcp_entry.get_text()) generate.verify_ports(self.out_udp_entry.get_text()) @@ -1092,7 +1182,7 @@ index 0f0e564..ab2b9c5 100644 self.error(e.message) return True -@@ -734,12 +738,12 @@ class childWindow: +@@ -734,12 +720,12 @@ class childWindow: policy.set_program(exe) policy.gen_writeable() policy.gen_symbols() @@ -259690,10 +259780,10 @@ index 74fb347..adb6ca5 100755 + print("Out") sys.exit(0) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index fd95c16..e7607fd 100644 +index fd95c16..7ef8adf 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py -@@ -3,7 +3,7 @@ +@@ -3,23 +3,27 @@ # Author: Dan Walsh # Author: Ryan Hallisey @@ -259702,7 +259792,11 @@ index fd95c16..e7607fd 100644 import selinux, glob PROGNAME="policycoreutils" import gettext -@@ -14,12 +14,15 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale") + import sepolgen.defaults as defaults + import sepolgen.interfaces as interfaces + import sys ++import subprocess + gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) try: gettext.install(PROGNAME, @@ -259722,7 +259816,7 @@ index fd95c16..e7607fd 100644 TYPE = _policy.TYPE ROLE = _policy.ROLE -@@ -28,6 +31,8 @@ PORT = _policy.PORT +@@ -28,6 +32,8 @@ PORT = _policy.PORT USER = _policy.USER BOOLEAN = _policy.BOOLEAN TCLASS = _policy.CLASS @@ -259731,7 +259825,7 @@ index fd95c16..e7607fd 100644 ALLOW = 'allow' AUDITALLOW = 'auditallow' -@@ -59,7 +64,7 @@ def search(types, info = {}): +@@ -59,7 +65,7 @@ def search(types, info = {}): dict_list = _policy.search(seinfo) if dict_list and len(perms) != 0: @@ -259740,7 +259834,7 @@ index fd95c16..e7607fd 100644 return dict_list def get_conditionals(src,dest,tclass,perm): -@@ -75,7 +80,7 @@ def get_conditionals(src,dest,tclass,perm): +@@ -75,7 +81,7 @@ def get_conditionals(src,dest,tclass,perm): allows=[] allows.append(i) try: @@ -259749,7 +259843,7 @@ index fd95c16..e7607fd 100644 tdict.update({'source':i['source'],'boolean':i['boolean']}) if tdict not in tlist: tlist.append(tdict) -@@ -86,8 +91,8 @@ def get_conditionals(src,dest,tclass,perm): +@@ -86,8 +92,8 @@ def get_conditionals(src,dest,tclass,perm): return (tlist) def get_conditionals_format_text(cond): @@ -259760,7 +259854,33 @@ index fd95c16..e7607fd 100644 def get_types_from_attribute(attribute): return info(ATTRIBUTE,attribute)[0]["types"] -@@ -141,6 +146,9 @@ def get_writable_files(setype): +@@ -112,6 +118,25 @@ trans_file_type_str["-s"] = "s" + trans_file_type_str["-l"] = "l" + trans_file_type_str["-p"] = "p" + ++def get_all_modules(): ++ all_modules = [] ++ cmd = "semodule -l 2>/dev/null" ++ try: ++ output = subprocess.check_output(cmd, ++ stderr=subprocess.STDOUT, ++ shell=True) ++ l = output.split("\n") ++ ++ except subprocess.CalledProcessError as e: ++ from .sedbus import SELinuxDBus ++ l = SELinuxDBus().semodule_list().split("\n") ++ ++ for i in l: ++ if len(i): ++ all_modules.append(i.split()[0]) ++ ++ return all_modules ++ + def get_file_types(setype): + flist=[] + mpaths={} +@@ -141,6 +166,9 @@ def get_writable_files(setype): for i in permlist: if i['target'] in attributes: continue @@ -259770,7 +259890,7 @@ index fd95c16..e7607fd 100644 if i['target'].endswith("_t"): if i['target'] not in file_types: continue -@@ -166,7 +174,7 @@ def find_file(reg): +@@ -166,7 +194,7 @@ def find_file(reg): try: pat = re.compile(r"%s$" % reg) except: @@ -259779,7 +259899,7 @@ index fd95c16..e7607fd 100644 return [] p = reg if p.endswith("(/.*)?"): -@@ -178,19 +186,19 @@ def find_file(reg): +@@ -178,19 +206,19 @@ def find_file(reg): if path[-1] != "/": # is pass in it breaks without try block path += "/" except IndexError: @@ -259802,7 +259922,7 @@ index fd95c16..e7607fd 100644 if exe.endswith("_exec_t") and exe not in exclude_list: for path in executable_files[exe]: for f in find_file(path): -@@ -218,7 +226,7 @@ def read_file_equiv(edict, fc_path, modify): +@@ -218,7 +246,7 @@ def read_file_equiv(edict, fc_path, modify): f = e.split() edict[f[0]] = { "equiv" : f[1], "modify" : modify } return edict @@ -259811,7 +259931,7 @@ index fd95c16..e7607fd 100644 file_equiv_modified=None def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()): global file_equiv_modified -@@ -236,7 +244,7 @@ def get_file_equiv(fc_path = selinux.selinux_file_context_path()): +@@ -236,7 +264,7 @@ def get_file_equiv(fc_path = selinux.selinux_file_context_path()): file_equiv = get_file_equiv_modified(fc_path) file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify = False) return file_equiv @@ -259820,7 +259940,7 @@ index fd95c16..e7607fd 100644 local_files=None def get_local_file_paths(fc_path = selinux.selinux_file_context_path()): global local_files -@@ -306,7 +314,7 @@ def get_fcdict(fc_path = selinux.selinux_file_context_path()): +@@ -306,7 +334,7 @@ def get_fcdict(fc_path = selinux.selinux_file_context_path()): def get_transitions_into(setype): try: @@ -259829,7 +259949,7 @@ index fd95c16..e7607fd 100644 except TypeError: pass return None -@@ -320,7 +328,7 @@ def get_transitions(setype): +@@ -320,7 +348,7 @@ def get_transitions(setype): def get_file_transitions(setype): try: @@ -259838,7 +259958,7 @@ index fd95c16..e7607fd 100644 except TypeError: pass return None -@@ -344,7 +352,7 @@ def get_all_entrypoints(): +@@ -344,7 +372,7 @@ def get_all_entrypoints(): def get_entrypoint_types(setype): entrypoints = [] try: @@ -259847,7 +259967,7 @@ index fd95c16..e7607fd 100644 except TypeError: pass return entrypoints -@@ -352,7 +360,7 @@ def get_entrypoint_types(setype): +@@ -352,7 +380,7 @@ def get_entrypoint_types(setype): def get_init_transtype(path): entrypoint = selinux.getfilecon(path)[1].split(":")[2] try: @@ -259856,7 +259976,7 @@ index fd95c16..e7607fd 100644 if len(entrypoints) == 0: return None return entrypoints[0]["transtype"] -@@ -362,7 +370,7 @@ def get_init_transtype(path): +@@ -362,7 +390,7 @@ def get_init_transtype(path): def get_init_entrypoint(transtype): try: @@ -259865,7 +259985,7 @@ index fd95c16..e7607fd 100644 if len(entrypoints) == 0: return None return entrypoints[0]["target"] -@@ -372,7 +380,7 @@ def get_init_entrypoint(transtype): +@@ -372,7 +400,7 @@ def get_init_entrypoint(transtype): def get_init_entrypoint_target(entrypoint): try: @@ -259874,7 +259994,7 @@ index fd95c16..e7607fd 100644 return entrypoints[0] except TypeError: pass -@@ -410,7 +418,7 @@ def get_methods(): +@@ -410,7 +438,7 @@ def get_methods(): # List of per_role_template interfaces ifs = interfaces.InterfaceSet() ifs.from_file(fd) @@ -259883,7 +260003,7 @@ index fd95c16..e7607fd 100644 fd.close() except: sys.stderr.write("could not open interface info [%s]\n" % fn) -@@ -423,7 +431,7 @@ all_types = None +@@ -423,7 +451,7 @@ all_types = None def get_all_types(): global all_types if all_types == None: @@ -259892,16 +260012,15 @@ index fd95c16..e7607fd 100644 return all_types user_types = None -@@ -465,7 +473,7 @@ portrecs = None +@@ -465,7 +493,6 @@ portrecs = None portrecsbynum = None def gen_interfaces(): - import commands -+ import subprocess ifile = defaults.interface_info() headers = defaults.headers() rebuild = False -@@ -477,7 +485,9 @@ def gen_interfaces(): +@@ -477,7 +504,9 @@ def gen_interfaces(): if os.getuid() != 0: raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) @@ -259912,7 +260031,7 @@ index fd95c16..e7607fd 100644 def gen_port_dict(): global portrecs -@@ -511,12 +521,26 @@ def get_all_domains(): +@@ -511,12 +540,26 @@ def get_all_domains(): all_domains = info(ATTRIBUTE,"domain")[0]["types"] return all_domains @@ -259940,7 +260059,7 @@ index fd95c16..e7607fd 100644 roles.remove("object_r") roles.sort() return roles -@@ -549,7 +573,7 @@ def get_login_mappings(): +@@ -549,7 +592,7 @@ def get_login_mappings(): return login_mappings def get_all_users(): @@ -259949,7 +260068,7 @@ index fd95c16..e7607fd 100644 users.sort() return users -@@ -697,7 +721,7 @@ all_attributes = None +@@ -697,7 +740,7 @@ all_attributes = None def get_all_attributes(): global all_attributes if not all_attributes: @@ -259958,7 +260077,7 @@ index fd95c16..e7607fd 100644 return all_attributes def policy(policy_file): -@@ -727,7 +751,7 @@ def policy(policy_file): +@@ -727,7 +770,7 @@ def policy(policy_file): try: policy_file = get_installed_policy() policy(policy_file) @@ -259967,7 +260086,7 @@ index fd95c16..e7607fd 100644 if selinux.is_selinux_enabled() == 1: raise e -@@ -755,7 +779,7 @@ def get_bools(setype): +@@ -755,7 +798,7 @@ def get_bools(setype): bools = [] domainbools = [] domainname, short_name = gen_short_name(setype) @@ -259976,7 +260095,7 @@ index fd95c16..e7607fd 100644 for b in i: if not isinstance(b,tuple): continue -@@ -818,7 +842,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): +@@ -818,7 +861,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): desc = i.find("desc").find("p").text.strip("\n") desc = re.sub("\n", " ", desc) booleans_dict[i.get('name')] = ("global", i.get('dftval'), desc) @@ -259985,7 +260104,7 @@ index fd95c16..e7607fd 100644 pass return booleans_dict -@@ -841,12 +865,13 @@ def get_os_version(): +@@ -841,12 +884,13 @@ def get_os_version(): os_version = "" pkg_name = "selinux-policy" try: @@ -260005,7 +260124,7 @@ index fd95c16..e7607fd 100644 if os_version[0:2] == "fc": os_version = "Fedora"+os_version[2:] -@@ -868,7 +893,7 @@ def reinit(): +@@ -868,7 +912,7 @@ def reinit(): global file_types global local_files global methods