rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

policycoreutils-2.4-8 

- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)

FIXME: some functionality of audit2allow was temporarily disabled until sepolicy is
ported to python 3
This commit is contained in:
Petr Lautrbach 2015-08-06 17:59:17 +02:00
parent 9ef0d2c14c
commit d0392a9475
3 changed files with 275 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
policycoreutils-rhat.patch
View File

@ -655722,10 +655722,10 @@ index 568ebfd..306d9b7 100644
def __init__(self, store): def __init__(self, store):
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
new file mode 100644 new file mode 100644
index 0000000..1cf9681 index 0000000..c23ebef
--- /dev/null --- /dev/null
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py +++ b/policycoreutils-2.4/semanage/seobject/__init__.py
@@ -0,0 +1,2251 @@ @@ -0,0 +1,2271 @@
+#! /usr/bin/python3 -Es +#! /usr/bin/python3 -Es
+# Copyright (C) 2005-2013 Red Hat +# Copyright (C) 2005-2013 Red Hat
+# see file 'COPYING' for use and warranty information +# see file 'COPYING' for use and warranty information
@ -655748,9 +655748,17 @@ index 0000000..1cf9681
+# 02111-1307 USA +# 02111-1307 USA
+# +#
+# +#
+ +import pwd
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil +import grp
+from semanage import *; +import string
+import selinux
+import tempfile
+import os
+import re
+import sys
+import stat
+import shutil
+from semanage import *
+PROGNAME = "policycoreutils" +PROGNAME = "policycoreutils"
+import sepolicy +import sepolicy
+from sepolicy import boolean_desc, boolean_category, gen_bool_dict +from sepolicy import boolean_desc, boolean_category, gen_bool_dict
@ -655758,7 +655766,6 @@ index 0000000..1cf9681
+from IPy import IP +from IPy import IP
+ +
+import gettext +import gettext
+PROGNAME="policycoreutils"
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME) +gettext.textdomain(PROGNAME)
+try: +try:
@ -655778,30 +655785,30 @@ index 0000000..1cf9681
+import syslog +import syslog
+ +
+file_types = {} +file_types = {}
+file_types[""] = SEMANAGE_FCONTEXT_ALL; +file_types[""] = SEMANAGE_FCONTEXT_ALL
+file_types["all files"] = SEMANAGE_FCONTEXT_ALL; +file_types["all files"] = SEMANAGE_FCONTEXT_ALL
+file_types["a"] = SEMANAGE_FCONTEXT_ALL; +file_types["a"] = SEMANAGE_FCONTEXT_ALL
+file_types["regular file"] = SEMANAGE_FCONTEXT_REG; +file_types["regular file"] = SEMANAGE_FCONTEXT_REG
+file_types["--"] = SEMANAGE_FCONTEXT_REG; +file_types["--"] = SEMANAGE_FCONTEXT_REG
+file_types["f"] = SEMANAGE_FCONTEXT_REG; +file_types["f"] = SEMANAGE_FCONTEXT_REG
+file_types["-d"] = SEMANAGE_FCONTEXT_DIR; +file_types["-d"] = SEMANAGE_FCONTEXT_DIR
+file_types["directory"] = SEMANAGE_FCONTEXT_DIR; +file_types["directory"] = SEMANAGE_FCONTEXT_DIR
+file_types["d"] = SEMANAGE_FCONTEXT_DIR; +file_types["d"] = SEMANAGE_FCONTEXT_DIR
+file_types["-c"] = SEMANAGE_FCONTEXT_CHAR; +file_types["-c"] = SEMANAGE_FCONTEXT_CHAR
+file_types["character device"] = SEMANAGE_FCONTEXT_CHAR; +file_types["character device"] = SEMANAGE_FCONTEXT_CHAR
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR; +file_types["c"] = SEMANAGE_FCONTEXT_CHAR
+file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK; +file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK
+file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK; +file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK; +file_types["b"] = SEMANAGE_FCONTEXT_BLOCK
+file_types["-s"] = SEMANAGE_FCONTEXT_SOCK; +file_types["-s"] = SEMANAGE_FCONTEXT_SOCK
+file_types["socket"] = SEMANAGE_FCONTEXT_SOCK; +file_types["socket"] = SEMANAGE_FCONTEXT_SOCK
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK; +file_types["s"] = SEMANAGE_FCONTEXT_SOCK
+file_types["-l"] = SEMANAGE_FCONTEXT_LINK; +file_types["-l"] = SEMANAGE_FCONTEXT_LINK
+file_types["l"] = SEMANAGE_FCONTEXT_LINK; +file_types["l"] = SEMANAGE_FCONTEXT_LINK
+file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK; +file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE; +file_types["p"] = SEMANAGE_FCONTEXT_PIPE
+file_types["-p"] = SEMANAGE_FCONTEXT_PIPE; +file_types["-p"] = SEMANAGE_FCONTEXT_PIPE
+file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE; +file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE
+ +
+file_type_str_to_option = {"all files": "a", +file_type_str_to_option = {"all files": "a",
+ "regular file":"f", + "regular file":"f",
@ -655821,11 +655828,14 @@ index 0000000..1cf9681
+ +
+ sep = "-" + sep = "-"
+ if sename != oldsename: + if sename != oldsename:
+ msg += sep + "sename"; sep = "," + msg += sep + "sename"
+ sep = ","
+ if serole != oldserole: + if serole != oldserole:
+ msg += sep + "role"; sep = "," + msg += sep + "role"
+ sep = ","
+ if serange != oldserange: + if serange != oldserange:
+ msg += sep + "range"; sep = "," + msg += sep + "range"
+ sep = ","
+ +
+ self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_ASSIGN, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""]) + self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_ASSIGN, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""])
+ +
@ -655919,10 +655929,12 @@ index 0000000..1cf9681
+ else: + else:
+ return raw + return raw
+ +
+
+class semanageRecords: +class semanageRecords:
+ transaction = False + transaction = False
+ handle = None + handle = None
+ store = None + store = None
+
+ def __init__(self, store): + def __init__(self, store):
+ global handle + global handle
+ self.load = True + self.load = True
@ -655948,7 +655960,7 @@ index 0000000..1cf9681
+ raise ValueError(_("Could not create semanage handle")) + raise ValueError(_("Could not create semanage handle"))
+ +
+ if not semanageRecords.transaction and store != "": + if not semanageRecords.transaction and store != "":
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT); + semanage_select_store(handle, store, SEMANAGE_CON_DIRECT)
+ semanageRecords.store = store + semanageRecords.store = store
+ +
+ if not semanage_is_managed(handle): + if not semanage_is_managed(handle):
@ -655988,6 +656000,7 @@ index 0000000..1cf9681
+ rc = semanage_begin_transaction(self.sh) + rc = semanage_begin_transaction(self.sh)
+ if rc < 0: + if rc < 0:
+ raise ValueError(_("Could not start semanage transaction")) + raise ValueError(_("Could not start semanage transaction"))
+
+ def customized(self): + def customized(self):
+ raise ValueError(_("Not yet implemented")) + raise ValueError(_("Not yet implemented"))
+ +
@ -656008,7 +656021,9 @@ index 0000000..1cf9681
+ semanageRecords.transaction = False + semanageRecords.transaction = False
+ self.commit() + self.commit()
+ +
+
+class moduleRecords(semanageRecords): +class moduleRecords(semanageRecords):
+
+ def __init__(self, store): + def __init__(self, store):
+ semanageRecords.__init__(self, store) + semanageRecords.__init__(self, store)
+ +
@ -656076,7 +656091,7 @@ index 0000000..1cf9681
+ if rc < 0: + if rc < 0:
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) + raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
+ +
+ rc = semanage_module_install_file(self.sh, module); + rc = semanage_module_install_file(self.sh, module)
+ if rc >= 0: + if rc >= 0:
+ self.commit() + self.commit()
+ +
@ -656101,7 +656116,7 @@ index 0000000..1cf9681
+ def modify(self, file): + def modify(self, file):
+ if not module: + if not module:
+ raise ValueError(_("You did not define module name.")) + raise ValueError(_("You did not define module name."))
+ rc = semanage_module_upgrade_file(self.sh, file); + rc = semanage_module_upgrade_file(self.sh, file)
+ if rc >= 0: + if rc >= 0:
+ self.commit() + self.commit()
+ +
@ -656124,7 +656139,9 @@ index 0000000..1cf9681
+ for m in l: + for m in l:
+ self.set_enabled(m, True) + self.set_enabled(m, True)
+ +
+
+class dontauditClass(semanageRecords): +class dontauditClass(semanageRecords):
+
+ def __init__(self, store): + def __init__(self, store):
+ semanageRecords.__init__(self, store) + semanageRecords.__init__(self, store)
+ +
@ -656132,10 +656149,12 @@ index 0000000..1cf9681
+ if dontaudit not in ["on", "off"]: + if dontaudit not in ["on", "off"]:
+ raise ValueError(_("dontaudit requires either 'on' or 'off'")) + raise ValueError(_("dontaudit requires either 'on' or 'off'"))
+ self.begin() + self.begin()
+ semanage_set_disable_dontaudit(self.sh, dontaudit == "off") + rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
+ self.commit() + self.commit()
+ +
+
+class permissiveRecords(semanageRecords): +class permissiveRecords(semanageRecords):
+
+ def __init__(self, store): + def __init__(self, store):
+ semanageRecords.__init__(self, store) + semanageRecords.__init__(self, store)
+ +
@ -656186,7 +656205,7 @@ index 0000000..1cf9681
+ name = "permissive_%s" % setype + name = "permissive_%s" % setype
+ modtxt = "(typepermissive %s)" % type + modtxt = "(typepermissive %s)" % type
+ +
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil"); + rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil")
+ if rc >= 0: + if rc >= 0:
+ self.commit() + self.commit()
+ +
@ -656274,7 +656293,7 @@ index 0000000..1cf9681
+ +
+ semanage_seuser_key_free(k) + semanage_seuser_key_free(k)
+ semanage_seuser_free(u) + semanage_seuser_free(u)
+ self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange); + self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
+ +
+ def add(self, name, sename, serange): + def add(self, name, sename, serange):
+ try: + try:
@ -656324,6 +656343,7 @@ index 0000000..1cf9681
+ +
+ if sename != "": + if sename != "":
+ semanage_seuser_set_sename(self.sh, u, sename) + semanage_seuser_set_sename(self.sh, u, sename)
+ self.sename = sename
+ else: + else:
+ self.sename = self.oldsename + self.sename = self.oldsename
+ +
@ -656333,7 +656353,7 @@ index 0000000..1cf9681
+ +
+ semanage_seuser_key_free(k) + semanage_seuser_key_free(k)
+ semanage_seuser_free(u) + semanage_seuser_free(u)
+ self.mylog.log("login", name,sename=self.sename,serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange); + self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
+ +
+ def modify(self, name, sename="", serange=None): + def modify(self, name, sename="", serange=None):
+ try: + try:
@ -656374,7 +656394,7 @@ index 0000000..1cf9681
+ rec, self.sename, self.serange = selinux.getseuserbyname("__default__") + rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
+ RANGE, (rc, serole) = userrec.get(self.sename) + RANGE, (rc, serole) = userrec.get(self.sename)
+ +
+ self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange); + self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
+ +
+ def delete(self, name): + def delete(self, name):
+ try: + try:
@ -656560,7 +656580,7 @@ index 0000000..1cf9681
+ def __modify(self, name, roles=[], selevel="", serange=None, prefix=""): + def __modify(self, name, roles=[], selevel="", serange=None, prefix=""):
+ oldserole = "" + oldserole = ""
+ oldserange = "" + oldserange = ""
+ newroles = ' '.join(roles); + newroles = ' '.join(roles)
+ if prefix == "" and len(roles) == 0 and not serange and selevel == "": + if prefix == "" and len(roles) == 0 and not serange and selevel == "":
+ if is_mls_enabled == 1: + if is_mls_enabled == 1:
+ raise ValueError(_("Requires prefix, roles, level or range")) + raise ValueError(_("Requires prefix, roles, level or range"))
@ -656584,7 +656604,7 @@ index 0000000..1cf9681
+ oldserange = semanage_user_get_mlsrange(u) + oldserange = semanage_user_get_mlsrange(u)
+ (rc, rlist) = semanage_user_get_roles(self.sh, u) + (rc, rlist) = semanage_user_get_roles(self.sh, u)
+ if rc >= 0: + if rc >= 0:
+ oldserole = ' '.join(rlist); + oldserole = ' '.join(rlist)
+ +
+ if serange: + if serange:
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange)) + semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
@ -656698,7 +656718,7 @@ index 0000000..1cf9681
+ if rc < 0: + if rc < 0:
+ raise ValueError(_("Could not list roles for user %s") % name) + raise ValueError(_("Could not list roles for user %s") % name)
+ +
+ roles = ' '.join(rlist); + roles = ' '.join(rlist)
+ ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) + ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+ +
+ return ddict + return ddict

7
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.4 Version: 2.4
Release: 7%{?dist} Release: 8%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
# HEAD https://github.com/fedora-selinux/selinux/commit/b7b250d47a5ae70efc95492cda499ee6a8ae12d8 # HEAD https://github.com/fedora-selinux/selinux/commit/38d05b08329cb56bba1e64a37b9b166f2fa9f85c
Patch: policycoreutils-rhat.patch Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch Patch1: sepolgen-rhat.patch
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
@ -399,6 +399,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Thu Aug 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-8
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
* Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-7 * Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-7
- policycoreutils-python3 depends on python-IPy-python3 - policycoreutils-python3 depends on python-IPy-python3

127
sepolgen-rhat.patch
View File

@ -122,10 +122,10 @@ index cf13210..60ff4e9 100644
else: else:
role_type = refpolicy.RoleType() role_type = refpolicy.RoleType()
diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py
index 56919be..ddad682 100644 index 56919be..1c94daa 100644
--- a/sepolgen-1.2.2/src/sepolgen/audit.py --- a/sepolgen-1.2.2/src/sepolgen/audit.py
+++ b/sepolgen-1.2.2/src/sepolgen/audit.py +++ b/sepolgen-1.2.2/src/sepolgen/audit.py
@@ -17,11 +17,11 @@ @@ -17,11 +17,12 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
@ -136,10 +136,38 @@ index 56919be..ddad682 100644
+from . import refpolicy +from . import refpolicy
+from . import access +from . import access
+from . import util
# Convenience functions # Convenience functions
def get_audit_boot_msgs(): def get_audit_boot_msgs():
@@ -169,6 +169,7 @@ class AVCMessage(AuditMessage): @@ -42,6 +43,8 @@ def get_audit_boot_msgs():
boottime = time.strftime("%X", s)
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
return output
def get_audit_msgs():
@@ -55,6 +58,8 @@ def get_audit_msgs():
import subprocess
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
return output
def get_dmesg_msgs():
@@ -66,6 +71,8 @@ def get_dmesg_msgs():
import subprocess
output = subprocess.Popen(["/bin/dmesg"],
stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
return output
# Classes representing audit messages
@@ -169,6 +176,7 @@ class AVCMessage(AuditMessage):
self.exe = "" self.exe = ""
self.path = "" self.path = ""
self.name = "" self.name = ""
@ -147,7 +175,7 @@ index 56919be..ddad682 100644
self.accesses = [] self.accesses = []
self.denial = True self.denial = True
self.type = audit2why.TERULE self.type = audit2why.TERULE
@@ -230,6 +231,10 @@ class AVCMessage(AuditMessage): @@ -230,6 +238,10 @@ class AVCMessage(AuditMessage):
self.exe = fields[1][1:-1] self.exe = fields[1][1:-1]
elif fields[0] == "name": elif fields[0] == "name":
self.name = fields[1][1:-1] self.name = fields[1][1:-1]
@ -158,7 +186,7 @@ index 56919be..ddad682 100644
if not found_src or not found_tgt or not found_class or not found_access: if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message) raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -354,7 +359,9 @@ class AuditParser: @@ -354,7 +366,9 @@ class AuditParser:
self.path_msgs = [] self.path_msgs = []
self.by_header = { } self.by_header = { }
self.check_input_file = False self.check_input_file = False
@ -169,7 +197,7 @@ index 56919be..ddad682 100644
# Low-level parsing function - tries to determine if this audit # Low-level parsing function - tries to determine if this audit
# message is an SELinux related message and then parses it into # message is an SELinux related message and then parses it into
# the appropriate AuditMessage subclass. This function deliberately # the appropriate AuditMessage subclass. This function deliberately
@@ -430,7 +437,7 @@ class AuditParser: @@ -430,7 +444,7 @@ class AuditParser:
# Group by audit header # Group by audit header
if msg.header != "": if msg.header != "":
@ -178,7 +206,7 @@ index 56919be..ddad682 100644
self.by_header[msg.header].append(msg) self.by_header[msg.header].append(msg)
else: else:
self.by_header[msg.header] = [msg] self.by_header[msg.header] = [msg]
@@ -492,6 +499,60 @@ class AuditParser: @@ -492,6 +506,68 @@ class AuditParser:
return role_types return role_types
@ -201,7 +229,11 @@ index 56919be..ddad682 100644
+ try: + try:
+ output = subprocess.check_output(command, + output = subprocess.check_output(command,
+ stderr=subprocess.STDOUT, + stderr=subprocess.STDOUT,
+ shell=True) + shell=True,
+ universal_newlines=True)
+ if util.PY3:
+ output = util.decode_input(output)
+
+ try: + try:
+ ino = int(inode) + ino = int(inode)
+ except ValueError: + except ValueError:
@ -218,11 +250,14 @@ index 56919be..ddad682 100644
+ return path + return path
+ +
+ def __store_base_types(self): + def __store_base_types(self):
+ import sepolicy + # FIXME: this is a temporary workaround until sepolicy is ported to python 3
+ self.base_types = sepolicy.get_types_from_attribute("base_file_type") + # import sepolicy
+ # self.base_types = sepolicy.get_types_from_attribute("base_file_type")
+ self.base_types = []
+ +
+ def __get_base_type(self, tcontext, scontext): + def __get_base_type(self, tcontext, scontext):
+ import sepolicy + # FIXME: uncomment the following code when sepolicy is ported to python 3
+ # import sepolicy
+ # Prevent unnecessary searching + # Prevent unnecessary searching
+ if (self.old_scontext == scontext and + if (self.old_scontext == scontext and
+ self.old_tcontext == tcontext): + self.old_tcontext == tcontext):
@ -231,15 +266,16 @@ index 56919be..ddad682 100644
+ self.old_tcontext = tcontext + self.old_tcontext = tcontext
+ for btype in self.base_types: + for btype in self.base_types:
+ if btype == tcontext: + if btype == tcontext:
+ for writable in sepolicy.get_writable_files(scontext): + # FIXME: uncomment the following code when sepolicy is ported to python 3
+ if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")): + # for writable in sepolicy.get_writable_files(scontext):
+ return writable + # if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
+ # return writable
+ return 0 + return 0
+ +
def to_access(self, avc_filter=None, only_denials=True): def to_access(self, avc_filter=None, only_denials=True):
"""Convert the audit logs access into a an access vector set. """Convert the audit logs access into a an access vector set.
@@ -510,16 +571,23 @@ class AuditParser: @@ -510,16 +586,23 @@ class AuditParser:
audit logs parsed by this object. audit logs parsed by this object.
""" """
av_set = access.AccessVectorSet() av_set = access.AccessVectorSet()
@ -911,7 +947,7 @@ index 88c8a1f..d05d721 100644
self.classes[c] = { } self.classes[c] = { }
cur = self.classes[c] cur = self.classes[c]
diff --git a/sepolgen-1.2.2/src/sepolgen/output.py b/sepolgen-1.2.2/src/sepolgen/output.py diff --git a/sepolgen-1.2.2/src/sepolgen/output.py b/sepolgen-1.2.2/src/sepolgen/output.py
index 739452d..d8daedb 100644 index 739452d..7a83aee 100644
--- a/sepolgen-1.2.2/src/sepolgen/output.py --- a/sepolgen-1.2.2/src/sepolgen/output.py
+++ b/sepolgen-1.2.2/src/sepolgen/output.py +++ b/sepolgen-1.2.2/src/sepolgen/output.py
@@ -27,8 +27,12 @@ generating policy. This keeps the semantic / syntactic issues @@ -27,8 +27,12 @@ generating policy. This keeps the semantic / syntactic issues
@ -929,6 +965,24 @@ index 739452d..d8daedb 100644
class ModuleWriter: class ModuleWriter:
def __init__(self): def __init__(self):
@@ -127,7 +131,7 @@ def sort_filter(module):
rules = []
rules.extend(node.avrules())
rules.extend(node.interface_calls())
- rules.sort(rule_cmp)
+ rules.sort(key=util.cmp_to_key(rule_cmp))
cur = None
sep_rules = []
@@ -151,7 +155,7 @@ def sort_filter(module):
ras = []
ras.extend(node.role_types())
- ras.sort(role_type_cmp)
+ ras.sort(key=util.cmp_to_key(role_type_cmp))
if len(ras):
comment = refpolicy.Comment()
comment.lines.append("============= ROLES ==============")
diff --git a/sepolgen-1.2.2/src/sepolgen/policygen.py b/sepolgen-1.2.2/src/sepolgen/policygen.py diff --git a/sepolgen-1.2.2/src/sepolgen/policygen.py b/sepolgen-1.2.2/src/sepolgen/policygen.py
index 5f38577..89366df 100644 index 5f38577..89366df 100644
--- a/sepolgen-1.2.2/src/sepolgen/policygen.py --- a/sepolgen-1.2.2/src/sepolgen/policygen.py
@ -1256,7 +1310,7 @@ index 8ad64a9..a9bb92d 100644
class Require(Leaf): class Require(Leaf):
def __init__(self, parent=None): def __init__(self, parent=None):
diff --git a/sepolgen-1.2.2/src/sepolgen/util.py b/sepolgen-1.2.2/src/sepolgen/util.py diff --git a/sepolgen-1.2.2/src/sepolgen/util.py b/sepolgen-1.2.2/src/sepolgen/util.py
index 74a11f5..4934bec 100644 index 74a11f5..1fca971 100644
--- a/sepolgen-1.2.2/src/sepolgen/util.py --- a/sepolgen-1.2.2/src/sepolgen/util.py
+++ b/sepolgen-1.2.2/src/sepolgen/util.py +++ b/sepolgen-1.2.2/src/sepolgen/util.py
@@ -16,6 +16,19 @@ @@ -16,6 +16,19 @@
@ -1279,7 +1333,7 @@ index 74a11f5..4934bec 100644
class ConsoleProgressBar: class ConsoleProgressBar:
def __init__(self, out, steps=100, indicator='#'): def __init__(self, out, steps=100, indicator='#'):
@@ -76,6 +89,51 @@ def first(s, sorted=False): @@ -76,6 +89,88 @@ def first(s, sorted=False):
for x in s: for x in s:
return x return x
@ -1297,6 +1351,20 @@ index 74a11f5..4934bec 100644
+ encoded_text = text.encode('utf-8') + encoded_text = text.encode('utf-8')
+ return encoded_text + return encoded_text
+ +
+def decode_input(text):
+ import locale
+ """Decode given text via preferred system encoding"""
+ # locale will often find out the correct encoding
+ encoding = locale.getpreferredencoding()
+ try:
+ decoded_text = text.decode(encoding)
+ except UnicodeError:
+ # if it fails to find correct encoding then ascii is used
+ # which may lead to UnicodeError if `text` contains non ascii signs
+ # utf-8 is our guess to fix the situation
+ decoded_text = text.decode('utf-8')
+ return decoded_text
+
+class Comparison(): +class Comparison():
+ """Class used when implementing rich comparison. + """Class used when implementing rich comparison.
+ +
@ -1325,6 +1393,29 @@ index 74a11f5..4934bec 100644
+ def __ne__(self, other): + def __ne__(self, other):
+ return self._compare(other, lambda a, b: a != b) + return self._compare(other, lambda a, b: a != b)
+ +
+if sys.version_info < (2,7):
+ # cmp_to_key function is missing in python2.6
+ def cmp_to_key(mycmp):
+ 'Convert a cmp= function into a key= function'
+ class K:
+ def __init__(self, obj, *args):
+ self.obj = obj
+ def __lt__(self, other):
+ return mycmp(self.obj, other.obj) < 0
+ def __gt__(self, other):
+ return mycmp(self.obj, other.obj) > 0
+ def __eq__(self, other):
+ return mycmp(self.obj, other.obj) == 0
+ def __le__(self, other):
+ return mycmp(self.obj, other.obj) <= 0
+ def __ge__(self, other):
+ return mycmp(self.obj, other.obj) >= 0
+ def __ne__(self, other):
+ return mycmp(self.obj, other.obj) != 0
+ return K
+else:
+ from functools import cmp_to_key
+
+def cmp(first, second): +def cmp(first, second):
+ return (first > second) - (second > first) + return (first > second) - (second > first)
+ +