policycoreutils-2.4-8
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564) FIXME: some functionality of audit2allow was temporarily disabled until sepolicy is ported to python 3
This commit is contained in:
parent
9ef0d2c14c
commit
d0392a9475
|
@ -655722,10 +655722,10 @@ index 568ebfd..306d9b7 100644
|
||||||
def __init__(self, store):
|
def __init__(self, store):
|
||||||
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
|
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..1cf9681
|
index 0000000..c23ebef
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py
|
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py
|
||||||
@@ -0,0 +1,2251 @@
|
@@ -0,0 +1,2271 @@
|
||||||
+#! /usr/bin/python3 -Es
|
+#! /usr/bin/python3 -Es
|
||||||
+# Copyright (C) 2005-2013 Red Hat
|
+# Copyright (C) 2005-2013 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
|
@ -655748,9 +655748,17 @@ index 0000000..1cf9681
|
||||||
+# 02111-1307 USA
|
+# 02111-1307 USA
|
||||||
+#
|
+#
|
||||||
+#
|
+#
|
||||||
+
|
+import pwd
|
||||||
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil
|
+import grp
|
||||||
+from semanage import *;
|
+import string
|
||||||
|
+import selinux
|
||||||
|
+import tempfile
|
||||||
|
+import os
|
||||||
|
+import re
|
||||||
|
+import sys
|
||||||
|
+import stat
|
||||||
|
+import shutil
|
||||||
|
+from semanage import *
|
||||||
+PROGNAME = "policycoreutils"
|
+PROGNAME = "policycoreutils"
|
||||||
+import sepolicy
|
+import sepolicy
|
||||||
+from sepolicy import boolean_desc, boolean_category, gen_bool_dict
|
+from sepolicy import boolean_desc, boolean_category, gen_bool_dict
|
||||||
|
@ -655758,7 +655766,6 @@ index 0000000..1cf9681
|
||||||
+from IPy import IP
|
+from IPy import IP
|
||||||
+
|
+
|
||||||
+import gettext
|
+import gettext
|
||||||
+PROGNAME="policycoreutils"
|
|
||||||
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||||
+gettext.textdomain(PROGNAME)
|
+gettext.textdomain(PROGNAME)
|
||||||
+try:
|
+try:
|
||||||
|
@ -655778,30 +655785,30 @@ index 0000000..1cf9681
|
||||||
+import syslog
|
+import syslog
|
||||||
+
|
+
|
||||||
+file_types = {}
|
+file_types = {}
|
||||||
+file_types[""] = SEMANAGE_FCONTEXT_ALL;
|
+file_types[""] = SEMANAGE_FCONTEXT_ALL
|
||||||
+file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
|
+file_types["all files"] = SEMANAGE_FCONTEXT_ALL
|
||||||
+file_types["a"] = SEMANAGE_FCONTEXT_ALL;
|
+file_types["a"] = SEMANAGE_FCONTEXT_ALL
|
||||||
+file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
|
+file_types["regular file"] = SEMANAGE_FCONTEXT_REG
|
||||||
+file_types["--"] = SEMANAGE_FCONTEXT_REG;
|
+file_types["--"] = SEMANAGE_FCONTEXT_REG
|
||||||
+file_types["f"] = SEMANAGE_FCONTEXT_REG;
|
+file_types["f"] = SEMANAGE_FCONTEXT_REG
|
||||||
+file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
|
+file_types["-d"] = SEMANAGE_FCONTEXT_DIR
|
||||||
+file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
|
+file_types["directory"] = SEMANAGE_FCONTEXT_DIR
|
||||||
+file_types["d"] = SEMANAGE_FCONTEXT_DIR;
|
+file_types["d"] = SEMANAGE_FCONTEXT_DIR
|
||||||
+file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
|
+file_types["-c"] = SEMANAGE_FCONTEXT_CHAR
|
||||||
+file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
|
+file_types["character device"] = SEMANAGE_FCONTEXT_CHAR
|
||||||
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR;
|
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR
|
||||||
+file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
|
+file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK
|
||||||
+file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
|
+file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK
|
||||||
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK;
|
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK
|
||||||
+file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
|
+file_types["-s"] = SEMANAGE_FCONTEXT_SOCK
|
||||||
+file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
|
+file_types["socket"] = SEMANAGE_FCONTEXT_SOCK
|
||||||
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK;
|
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK
|
||||||
+file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
|
+file_types["-l"] = SEMANAGE_FCONTEXT_LINK
|
||||||
+file_types["l"] = SEMANAGE_FCONTEXT_LINK;
|
+file_types["l"] = SEMANAGE_FCONTEXT_LINK
|
||||||
+file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
|
+file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK
|
||||||
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE;
|
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE
|
||||||
+file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
|
+file_types["-p"] = SEMANAGE_FCONTEXT_PIPE
|
||||||
+file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
|
+file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE
|
||||||
+
|
+
|
||||||
+file_type_str_to_option = {"all files": "a",
|
+file_type_str_to_option = {"all files": "a",
|
||||||
+ "regular file":"f",
|
+ "regular file":"f",
|
||||||
|
@ -655821,11 +655828,14 @@ index 0000000..1cf9681
|
||||||
+
|
+
|
||||||
+ sep = "-"
|
+ sep = "-"
|
||||||
+ if sename != oldsename:
|
+ if sename != oldsename:
|
||||||
+ msg += sep + "sename"; sep = ","
|
+ msg += sep + "sename"
|
||||||
|
+ sep = ","
|
||||||
+ if serole != oldserole:
|
+ if serole != oldserole:
|
||||||
+ msg += sep + "role"; sep = ","
|
+ msg += sep + "role"
|
||||||
|
+ sep = ","
|
||||||
+ if serange != oldserange:
|
+ if serange != oldserange:
|
||||||
+ msg += sep + "range"; sep = ","
|
+ msg += sep + "range"
|
||||||
|
+ sep = ","
|
||||||
+
|
+
|
||||||
+ self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_ASSIGN, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""])
|
+ self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_ASSIGN, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""])
|
||||||
+
|
+
|
||||||
|
@ -655919,10 +655929,12 @@ index 0000000..1cf9681
|
||||||
+ else:
|
+ else:
|
||||||
+ return raw
|
+ return raw
|
||||||
+
|
+
|
||||||
|
+
|
||||||
+class semanageRecords:
|
+class semanageRecords:
|
||||||
+ transaction = False
|
+ transaction = False
|
||||||
+ handle = None
|
+ handle = None
|
||||||
+ store = None
|
+ store = None
|
||||||
|
+
|
||||||
+ def __init__(self, store):
|
+ def __init__(self, store):
|
||||||
+ global handle
|
+ global handle
|
||||||
+ self.load = True
|
+ self.load = True
|
||||||
|
@ -655948,7 +655960,7 @@ index 0000000..1cf9681
|
||||||
+ raise ValueError(_("Could not create semanage handle"))
|
+ raise ValueError(_("Could not create semanage handle"))
|
||||||
+
|
+
|
||||||
+ if not semanageRecords.transaction and store != "":
|
+ if not semanageRecords.transaction and store != "":
|
||||||
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
|
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT)
|
||||||
+ semanageRecords.store = store
|
+ semanageRecords.store = store
|
||||||
+
|
+
|
||||||
+ if not semanage_is_managed(handle):
|
+ if not semanage_is_managed(handle):
|
||||||
|
@ -655988,6 +656000,7 @@ index 0000000..1cf9681
|
||||||
+ rc = semanage_begin_transaction(self.sh)
|
+ rc = semanage_begin_transaction(self.sh)
|
||||||
+ if rc < 0:
|
+ if rc < 0:
|
||||||
+ raise ValueError(_("Could not start semanage transaction"))
|
+ raise ValueError(_("Could not start semanage transaction"))
|
||||||
|
+
|
||||||
+ def customized(self):
|
+ def customized(self):
|
||||||
+ raise ValueError(_("Not yet implemented"))
|
+ raise ValueError(_("Not yet implemented"))
|
||||||
+
|
+
|
||||||
|
@ -656008,7 +656021,9 @@ index 0000000..1cf9681
|
||||||
+ semanageRecords.transaction = False
|
+ semanageRecords.transaction = False
|
||||||
+ self.commit()
|
+ self.commit()
|
||||||
+
|
+
|
||||||
|
+
|
||||||
+class moduleRecords(semanageRecords):
|
+class moduleRecords(semanageRecords):
|
||||||
|
+
|
||||||
+ def __init__(self, store):
|
+ def __init__(self, store):
|
||||||
+ semanageRecords.__init__(self, store)
|
+ semanageRecords.__init__(self, store)
|
||||||
+
|
+
|
||||||
|
@ -656076,7 +656091,7 @@ index 0000000..1cf9681
|
||||||
+ if rc < 0:
|
+ if rc < 0:
|
||||||
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
||||||
+
|
+
|
||||||
+ rc = semanage_module_install_file(self.sh, module);
|
+ rc = semanage_module_install_file(self.sh, module)
|
||||||
+ if rc >= 0:
|
+ if rc >= 0:
|
||||||
+ self.commit()
|
+ self.commit()
|
||||||
+
|
+
|
||||||
|
@ -656101,7 +656116,7 @@ index 0000000..1cf9681
|
||||||
+ def modify(self, file):
|
+ def modify(self, file):
|
||||||
+ if not module:
|
+ if not module:
|
||||||
+ raise ValueError(_("You did not define module name."))
|
+ raise ValueError(_("You did not define module name."))
|
||||||
+ rc = semanage_module_upgrade_file(self.sh, file);
|
+ rc = semanage_module_upgrade_file(self.sh, file)
|
||||||
+ if rc >= 0:
|
+ if rc >= 0:
|
||||||
+ self.commit()
|
+ self.commit()
|
||||||
+
|
+
|
||||||
|
@ -656124,7 +656139,9 @@ index 0000000..1cf9681
|
||||||
+ for m in l:
|
+ for m in l:
|
||||||
+ self.set_enabled(m, True)
|
+ self.set_enabled(m, True)
|
||||||
+
|
+
|
||||||
|
+
|
||||||
+class dontauditClass(semanageRecords):
|
+class dontauditClass(semanageRecords):
|
||||||
|
+
|
||||||
+ def __init__(self, store):
|
+ def __init__(self, store):
|
||||||
+ semanageRecords.__init__(self, store)
|
+ semanageRecords.__init__(self, store)
|
||||||
+
|
+
|
||||||
|
@ -656132,10 +656149,12 @@ index 0000000..1cf9681
|
||||||
+ if dontaudit not in ["on", "off"]:
|
+ if dontaudit not in ["on", "off"]:
|
||||||
+ raise ValueError(_("dontaudit requires either 'on' or 'off'"))
|
+ raise ValueError(_("dontaudit requires either 'on' or 'off'"))
|
||||||
+ self.begin()
|
+ self.begin()
|
||||||
+ semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
|
+ rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
|
||||||
+ self.commit()
|
+ self.commit()
|
||||||
+
|
+
|
||||||
|
+
|
||||||
+class permissiveRecords(semanageRecords):
|
+class permissiveRecords(semanageRecords):
|
||||||
|
+
|
||||||
+ def __init__(self, store):
|
+ def __init__(self, store):
|
||||||
+ semanageRecords.__init__(self, store)
|
+ semanageRecords.__init__(self, store)
|
||||||
+
|
+
|
||||||
|
@ -656186,7 +656205,7 @@ index 0000000..1cf9681
|
||||||
+ name = "permissive_%s" % setype
|
+ name = "permissive_%s" % setype
|
||||||
+ modtxt = "(typepermissive %s)" % type
|
+ modtxt = "(typepermissive %s)" % type
|
||||||
+
|
+
|
||||||
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil");
|
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil")
|
||||||
+ if rc >= 0:
|
+ if rc >= 0:
|
||||||
+ self.commit()
|
+ self.commit()
|
||||||
+
|
+
|
||||||
|
@ -656274,7 +656293,7 @@ index 0000000..1cf9681
|
||||||
+
|
+
|
||||||
+ semanage_seuser_key_free(k)
|
+ semanage_seuser_key_free(k)
|
||||||
+ semanage_seuser_free(u)
|
+ semanage_seuser_free(u)
|
||||||
+ self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
|
+ self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
|
||||||
+
|
+
|
||||||
+ def add(self, name, sename, serange):
|
+ def add(self, name, sename, serange):
|
||||||
+ try:
|
+ try:
|
||||||
|
@ -656324,6 +656343,7 @@ index 0000000..1cf9681
|
||||||
+
|
+
|
||||||
+ if sename != "":
|
+ if sename != "":
|
||||||
+ semanage_seuser_set_sename(self.sh, u, sename)
|
+ semanage_seuser_set_sename(self.sh, u, sename)
|
||||||
|
+ self.sename = sename
|
||||||
+ else:
|
+ else:
|
||||||
+ self.sename = self.oldsename
|
+ self.sename = self.oldsename
|
||||||
+
|
+
|
||||||
|
@ -656333,7 +656353,7 @@ index 0000000..1cf9681
|
||||||
+
|
+
|
||||||
+ semanage_seuser_key_free(k)
|
+ semanage_seuser_key_free(k)
|
||||||
+ semanage_seuser_free(u)
|
+ semanage_seuser_free(u)
|
||||||
+ self.mylog.log("login", name,sename=self.sename,serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
|
+ self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
|
||||||
+
|
+
|
||||||
+ def modify(self, name, sename="", serange=None):
|
+ def modify(self, name, sename="", serange=None):
|
||||||
+ try:
|
+ try:
|
||||||
|
@ -656374,7 +656394,7 @@ index 0000000..1cf9681
|
||||||
+ rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
|
+ rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
|
||||||
+ RANGE, (rc, serole) = userrec.get(self.sename)
|
+ RANGE, (rc, serole) = userrec.get(self.sename)
|
||||||
+
|
+
|
||||||
+ self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
|
+ self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
|
||||||
+
|
+
|
||||||
+ def delete(self, name):
|
+ def delete(self, name):
|
||||||
+ try:
|
+ try:
|
||||||
|
@ -656560,7 +656580,7 @@ index 0000000..1cf9681
|
||||||
+ def __modify(self, name, roles=[], selevel="", serange=None, prefix=""):
|
+ def __modify(self, name, roles=[], selevel="", serange=None, prefix=""):
|
||||||
+ oldserole = ""
|
+ oldserole = ""
|
||||||
+ oldserange = ""
|
+ oldserange = ""
|
||||||
+ newroles = ' '.join(roles);
|
+ newroles = ' '.join(roles)
|
||||||
+ if prefix == "" and len(roles) == 0 and not serange and selevel == "":
|
+ if prefix == "" and len(roles) == 0 and not serange and selevel == "":
|
||||||
+ if is_mls_enabled == 1:
|
+ if is_mls_enabled == 1:
|
||||||
+ raise ValueError(_("Requires prefix, roles, level or range"))
|
+ raise ValueError(_("Requires prefix, roles, level or range"))
|
||||||
|
@ -656584,7 +656604,7 @@ index 0000000..1cf9681
|
||||||
+ oldserange = semanage_user_get_mlsrange(u)
|
+ oldserange = semanage_user_get_mlsrange(u)
|
||||||
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
|
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
|
||||||
+ if rc >= 0:
|
+ if rc >= 0:
|
||||||
+ oldserole = ' '.join(rlist);
|
+ oldserole = ' '.join(rlist)
|
||||||
+
|
+
|
||||||
+ if serange:
|
+ if serange:
|
||||||
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
||||||
|
@ -656698,7 +656718,7 @@ index 0000000..1cf9681
|
||||||
+ if rc < 0:
|
+ if rc < 0:
|
||||||
+ raise ValueError(_("Could not list roles for user %s") % name)
|
+ raise ValueError(_("Could not list roles for user %s") % name)
|
||||||
+
|
+
|
||||||
+ roles = ' '.join(rlist);
|
+ roles = ' '.join(rlist)
|
||||||
+ ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
|
+ ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
|
||||||
+
|
+
|
||||||
+ return ddict
|
+ return ddict
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.4
|
Version: 2.4
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
|
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
|
||||||
Source3: system-config-selinux.png
|
Source3: system-config-selinux.png
|
||||||
Source4: sepolicy-icons.tgz
|
Source4: sepolicy-icons.tgz
|
||||||
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
|
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
|
||||||
# HEAD https://github.com/fedora-selinux/selinux/commit/b7b250d47a5ae70efc95492cda499ee6a8ae12d8
|
# HEAD https://github.com/fedora-selinux/selinux/commit/38d05b08329cb56bba1e64a37b9b166f2fa9f85c
|
||||||
Patch: policycoreutils-rhat.patch
|
Patch: policycoreutils-rhat.patch
|
||||||
Patch1: sepolgen-rhat.patch
|
Patch1: sepolgen-rhat.patch
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
|
@ -399,6 +399,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-8
|
||||||
|
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
|
||||||
|
|
||||||
* Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-7
|
* Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-7
|
||||||
- policycoreutils-python3 depends on python-IPy-python3
|
- policycoreutils-python3 depends on python-IPy-python3
|
||||||
|
|
||||||
|
|
|
@ -122,10 +122,10 @@ index cf13210..60ff4e9 100644
|
||||||
else:
|
else:
|
||||||
role_type = refpolicy.RoleType()
|
role_type = refpolicy.RoleType()
|
||||||
diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py
|
diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py
|
||||||
index 56919be..ddad682 100644
|
index 56919be..1c94daa 100644
|
||||||
--- a/sepolgen-1.2.2/src/sepolgen/audit.py
|
--- a/sepolgen-1.2.2/src/sepolgen/audit.py
|
||||||
+++ b/sepolgen-1.2.2/src/sepolgen/audit.py
|
+++ b/sepolgen-1.2.2/src/sepolgen/audit.py
|
||||||
@@ -17,11 +17,11 @@
|
@@ -17,11 +17,12 @@
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -136,10 +136,38 @@ index 56919be..ddad682 100644
|
||||||
|
|
||||||
+from . import refpolicy
|
+from . import refpolicy
|
||||||
+from . import access
|
+from . import access
|
||||||
|
+from . import util
|
||||||
# Convenience functions
|
# Convenience functions
|
||||||
|
|
||||||
def get_audit_boot_msgs():
|
def get_audit_boot_msgs():
|
||||||
@@ -169,6 +169,7 @@ class AVCMessage(AuditMessage):
|
@@ -42,6 +43,8 @@ def get_audit_boot_msgs():
|
||||||
|
boottime = time.strftime("%X", s)
|
||||||
|
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
||||||
|
stdout=subprocess.PIPE).communicate()[0]
|
||||||
|
+ if util.PY3:
|
||||||
|
+ output = util.decode_input(output)
|
||||||
|
return output
|
||||||
|
|
||||||
|
def get_audit_msgs():
|
||||||
|
@@ -55,6 +58,8 @@ def get_audit_msgs():
|
||||||
|
import subprocess
|
||||||
|
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
|
||||||
|
stdout=subprocess.PIPE).communicate()[0]
|
||||||
|
+ if util.PY3:
|
||||||
|
+ output = util.decode_input(output)
|
||||||
|
return output
|
||||||
|
|
||||||
|
def get_dmesg_msgs():
|
||||||
|
@@ -66,6 +71,8 @@ def get_dmesg_msgs():
|
||||||
|
import subprocess
|
||||||
|
output = subprocess.Popen(["/bin/dmesg"],
|
||||||
|
stdout=subprocess.PIPE).communicate()[0]
|
||||||
|
+ if util.PY3:
|
||||||
|
+ output = util.decode_input(output)
|
||||||
|
return output
|
||||||
|
|
||||||
|
# Classes representing audit messages
|
||||||
|
@@ -169,6 +176,7 @@ class AVCMessage(AuditMessage):
|
||||||
self.exe = ""
|
self.exe = ""
|
||||||
self.path = ""
|
self.path = ""
|
||||||
self.name = ""
|
self.name = ""
|
||||||
|
@ -147,7 +175,7 @@ index 56919be..ddad682 100644
|
||||||
self.accesses = []
|
self.accesses = []
|
||||||
self.denial = True
|
self.denial = True
|
||||||
self.type = audit2why.TERULE
|
self.type = audit2why.TERULE
|
||||||
@@ -230,6 +231,10 @@ class AVCMessage(AuditMessage):
|
@@ -230,6 +238,10 @@ class AVCMessage(AuditMessage):
|
||||||
self.exe = fields[1][1:-1]
|
self.exe = fields[1][1:-1]
|
||||||
elif fields[0] == "name":
|
elif fields[0] == "name":
|
||||||
self.name = fields[1][1:-1]
|
self.name = fields[1][1:-1]
|
||||||
|
@ -158,7 +186,7 @@ index 56919be..ddad682 100644
|
||||||
|
|
||||||
if not found_src or not found_tgt or not found_class or not found_access:
|
if not found_src or not found_tgt or not found_class or not found_access:
|
||||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||||
@@ -354,7 +359,9 @@ class AuditParser:
|
@@ -354,7 +366,9 @@ class AuditParser:
|
||||||
self.path_msgs = []
|
self.path_msgs = []
|
||||||
self.by_header = { }
|
self.by_header = { }
|
||||||
self.check_input_file = False
|
self.check_input_file = False
|
||||||
|
@ -169,7 +197,7 @@ index 56919be..ddad682 100644
|
||||||
# Low-level parsing function - tries to determine if this audit
|
# Low-level parsing function - tries to determine if this audit
|
||||||
# message is an SELinux related message and then parses it into
|
# message is an SELinux related message and then parses it into
|
||||||
# the appropriate AuditMessage subclass. This function deliberately
|
# the appropriate AuditMessage subclass. This function deliberately
|
||||||
@@ -430,7 +437,7 @@ class AuditParser:
|
@@ -430,7 +444,7 @@ class AuditParser:
|
||||||
|
|
||||||
# Group by audit header
|
# Group by audit header
|
||||||
if msg.header != "":
|
if msg.header != "":
|
||||||
|
@ -178,7 +206,7 @@ index 56919be..ddad682 100644
|
||||||
self.by_header[msg.header].append(msg)
|
self.by_header[msg.header].append(msg)
|
||||||
else:
|
else:
|
||||||
self.by_header[msg.header] = [msg]
|
self.by_header[msg.header] = [msg]
|
||||||
@@ -492,6 +499,60 @@ class AuditParser:
|
@@ -492,6 +506,68 @@ class AuditParser:
|
||||||
|
|
||||||
return role_types
|
return role_types
|
||||||
|
|
||||||
|
@ -201,7 +229,11 @@ index 56919be..ddad682 100644
|
||||||
+ try:
|
+ try:
|
||||||
+ output = subprocess.check_output(command,
|
+ output = subprocess.check_output(command,
|
||||||
+ stderr=subprocess.STDOUT,
|
+ stderr=subprocess.STDOUT,
|
||||||
+ shell=True)
|
+ shell=True,
|
||||||
|
+ universal_newlines=True)
|
||||||
|
+ if util.PY3:
|
||||||
|
+ output = util.decode_input(output)
|
||||||
|
+
|
||||||
+ try:
|
+ try:
|
||||||
+ ino = int(inode)
|
+ ino = int(inode)
|
||||||
+ except ValueError:
|
+ except ValueError:
|
||||||
|
@ -218,11 +250,14 @@ index 56919be..ddad682 100644
|
||||||
+ return path
|
+ return path
|
||||||
+
|
+
|
||||||
+ def __store_base_types(self):
|
+ def __store_base_types(self):
|
||||||
+ import sepolicy
|
+ # FIXME: this is a temporary workaround until sepolicy is ported to python 3
|
||||||
+ self.base_types = sepolicy.get_types_from_attribute("base_file_type")
|
+ # import sepolicy
|
||||||
|
+ # self.base_types = sepolicy.get_types_from_attribute("base_file_type")
|
||||||
|
+ self.base_types = []
|
||||||
+
|
+
|
||||||
+ def __get_base_type(self, tcontext, scontext):
|
+ def __get_base_type(self, tcontext, scontext):
|
||||||
+ import sepolicy
|
+ # FIXME: uncomment the following code when sepolicy is ported to python 3
|
||||||
|
+ # import sepolicy
|
||||||
+ # Prevent unnecessary searching
|
+ # Prevent unnecessary searching
|
||||||
+ if (self.old_scontext == scontext and
|
+ if (self.old_scontext == scontext and
|
||||||
+ self.old_tcontext == tcontext):
|
+ self.old_tcontext == tcontext):
|
||||||
|
@ -231,15 +266,16 @@ index 56919be..ddad682 100644
|
||||||
+ self.old_tcontext = tcontext
|
+ self.old_tcontext = tcontext
|
||||||
+ for btype in self.base_types:
|
+ for btype in self.base_types:
|
||||||
+ if btype == tcontext:
|
+ if btype == tcontext:
|
||||||
+ for writable in sepolicy.get_writable_files(scontext):
|
+ # FIXME: uncomment the following code when sepolicy is ported to python 3
|
||||||
+ if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
|
+ # for writable in sepolicy.get_writable_files(scontext):
|
||||||
+ return writable
|
+ # if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
|
||||||
|
+ # return writable
|
||||||
+ return 0
|
+ return 0
|
||||||
+
|
+
|
||||||
def to_access(self, avc_filter=None, only_denials=True):
|
def to_access(self, avc_filter=None, only_denials=True):
|
||||||
"""Convert the audit logs access into a an access vector set.
|
"""Convert the audit logs access into a an access vector set.
|
||||||
|
|
||||||
@@ -510,16 +571,23 @@ class AuditParser:
|
@@ -510,16 +586,23 @@ class AuditParser:
|
||||||
audit logs parsed by this object.
|
audit logs parsed by this object.
|
||||||
"""
|
"""
|
||||||
av_set = access.AccessVectorSet()
|
av_set = access.AccessVectorSet()
|
||||||
|
@ -911,7 +947,7 @@ index 88c8a1f..d05d721 100644
|
||||||
self.classes[c] = { }
|
self.classes[c] = { }
|
||||||
cur = self.classes[c]
|
cur = self.classes[c]
|
||||||
diff --git a/sepolgen-1.2.2/src/sepolgen/output.py b/sepolgen-1.2.2/src/sepolgen/output.py
|
diff --git a/sepolgen-1.2.2/src/sepolgen/output.py b/sepolgen-1.2.2/src/sepolgen/output.py
|
||||||
index 739452d..d8daedb 100644
|
index 739452d..7a83aee 100644
|
||||||
--- a/sepolgen-1.2.2/src/sepolgen/output.py
|
--- a/sepolgen-1.2.2/src/sepolgen/output.py
|
||||||
+++ b/sepolgen-1.2.2/src/sepolgen/output.py
|
+++ b/sepolgen-1.2.2/src/sepolgen/output.py
|
||||||
@@ -27,8 +27,12 @@ generating policy. This keeps the semantic / syntactic issues
|
@@ -27,8 +27,12 @@ generating policy. This keeps the semantic / syntactic issues
|
||||||
|
@ -929,6 +965,24 @@ index 739452d..d8daedb 100644
|
||||||
|
|
||||||
class ModuleWriter:
|
class ModuleWriter:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
@@ -127,7 +131,7 @@ def sort_filter(module):
|
||||||
|
rules = []
|
||||||
|
rules.extend(node.avrules())
|
||||||
|
rules.extend(node.interface_calls())
|
||||||
|
- rules.sort(rule_cmp)
|
||||||
|
+ rules.sort(key=util.cmp_to_key(rule_cmp))
|
||||||
|
|
||||||
|
cur = None
|
||||||
|
sep_rules = []
|
||||||
|
@@ -151,7 +155,7 @@ def sort_filter(module):
|
||||||
|
|
||||||
|
ras = []
|
||||||
|
ras.extend(node.role_types())
|
||||||
|
- ras.sort(role_type_cmp)
|
||||||
|
+ ras.sort(key=util.cmp_to_key(role_type_cmp))
|
||||||
|
if len(ras):
|
||||||
|
comment = refpolicy.Comment()
|
||||||
|
comment.lines.append("============= ROLES ==============")
|
||||||
diff --git a/sepolgen-1.2.2/src/sepolgen/policygen.py b/sepolgen-1.2.2/src/sepolgen/policygen.py
|
diff --git a/sepolgen-1.2.2/src/sepolgen/policygen.py b/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||||
index 5f38577..89366df 100644
|
index 5f38577..89366df 100644
|
||||||
--- a/sepolgen-1.2.2/src/sepolgen/policygen.py
|
--- a/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||||
|
@ -1256,7 +1310,7 @@ index 8ad64a9..a9bb92d 100644
|
||||||
class Require(Leaf):
|
class Require(Leaf):
|
||||||
def __init__(self, parent=None):
|
def __init__(self, parent=None):
|
||||||
diff --git a/sepolgen-1.2.2/src/sepolgen/util.py b/sepolgen-1.2.2/src/sepolgen/util.py
|
diff --git a/sepolgen-1.2.2/src/sepolgen/util.py b/sepolgen-1.2.2/src/sepolgen/util.py
|
||||||
index 74a11f5..4934bec 100644
|
index 74a11f5..1fca971 100644
|
||||||
--- a/sepolgen-1.2.2/src/sepolgen/util.py
|
--- a/sepolgen-1.2.2/src/sepolgen/util.py
|
||||||
+++ b/sepolgen-1.2.2/src/sepolgen/util.py
|
+++ b/sepolgen-1.2.2/src/sepolgen/util.py
|
||||||
@@ -16,6 +16,19 @@
|
@@ -16,6 +16,19 @@
|
||||||
|
@ -1279,7 +1333,7 @@ index 74a11f5..4934bec 100644
|
||||||
|
|
||||||
class ConsoleProgressBar:
|
class ConsoleProgressBar:
|
||||||
def __init__(self, out, steps=100, indicator='#'):
|
def __init__(self, out, steps=100, indicator='#'):
|
||||||
@@ -76,6 +89,51 @@ def first(s, sorted=False):
|
@@ -76,6 +89,88 @@ def first(s, sorted=False):
|
||||||
for x in s:
|
for x in s:
|
||||||
return x
|
return x
|
||||||
|
|
||||||
|
@ -1297,6 +1351,20 @@ index 74a11f5..4934bec 100644
|
||||||
+ encoded_text = text.encode('utf-8')
|
+ encoded_text = text.encode('utf-8')
|
||||||
+ return encoded_text
|
+ return encoded_text
|
||||||
+
|
+
|
||||||
|
+def decode_input(text):
|
||||||
|
+ import locale
|
||||||
|
+ """Decode given text via preferred system encoding"""
|
||||||
|
+ # locale will often find out the correct encoding
|
||||||
|
+ encoding = locale.getpreferredencoding()
|
||||||
|
+ try:
|
||||||
|
+ decoded_text = text.decode(encoding)
|
||||||
|
+ except UnicodeError:
|
||||||
|
+ # if it fails to find correct encoding then ascii is used
|
||||||
|
+ # which may lead to UnicodeError if `text` contains non ascii signs
|
||||||
|
+ # utf-8 is our guess to fix the situation
|
||||||
|
+ decoded_text = text.decode('utf-8')
|
||||||
|
+ return decoded_text
|
||||||
|
+
|
||||||
+class Comparison():
|
+class Comparison():
|
||||||
+ """Class used when implementing rich comparison.
|
+ """Class used when implementing rich comparison.
|
||||||
+
|
+
|
||||||
|
@ -1325,6 +1393,29 @@ index 74a11f5..4934bec 100644
|
||||||
+ def __ne__(self, other):
|
+ def __ne__(self, other):
|
||||||
+ return self._compare(other, lambda a, b: a != b)
|
+ return self._compare(other, lambda a, b: a != b)
|
||||||
+
|
+
|
||||||
|
+if sys.version_info < (2,7):
|
||||||
|
+ # cmp_to_key function is missing in python2.6
|
||||||
|
+ def cmp_to_key(mycmp):
|
||||||
|
+ 'Convert a cmp= function into a key= function'
|
||||||
|
+ class K:
|
||||||
|
+ def __init__(self, obj, *args):
|
||||||
|
+ self.obj = obj
|
||||||
|
+ def __lt__(self, other):
|
||||||
|
+ return mycmp(self.obj, other.obj) < 0
|
||||||
|
+ def __gt__(self, other):
|
||||||
|
+ return mycmp(self.obj, other.obj) > 0
|
||||||
|
+ def __eq__(self, other):
|
||||||
|
+ return mycmp(self.obj, other.obj) == 0
|
||||||
|
+ def __le__(self, other):
|
||||||
|
+ return mycmp(self.obj, other.obj) <= 0
|
||||||
|
+ def __ge__(self, other):
|
||||||
|
+ return mycmp(self.obj, other.obj) >= 0
|
||||||
|
+ def __ne__(self, other):
|
||||||
|
+ return mycmp(self.obj, other.obj) != 0
|
||||||
|
+ return K
|
||||||
|
+else:
|
||||||
|
+ from functools import cmp_to_key
|
||||||
|
+
|
||||||
+def cmp(first, second):
|
+def cmp(first, second):
|
||||||
+ return (first > second) - (second > first)
|
+ return (first > second) - (second > first)
|
||||||
+
|
+
|
||||||
|
|
Loading…
Reference in New Issue