policycoreutils-2.4-8
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564) FIXME: some functionality of audit2allow was temporarily disabled until sepolicy is ported to python 3
This commit is contained in:
parent
9ef0d2c14c
commit
d0392a9475
@ -655722,10 +655722,10 @@ index 568ebfd..306d9b7 100644
|
||||
def __init__(self, store):
|
||||
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
|
||||
new file mode 100644
|
||||
index 0000000..1cf9681
|
||||
index 0000000..c23ebef
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py
|
||||
@@ -0,0 +1,2251 @@
|
||||
@@ -0,0 +1,2271 @@
|
||||
+#! /usr/bin/python3 -Es
|
||||
+# Copyright (C) 2005-2013 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -655748,9 +655748,17 @@ index 0000000..1cf9681
|
||||
+# 02111-1307 USA
|
||||
+#
|
||||
+#
|
||||
+
|
||||
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil
|
||||
+from semanage import *;
|
||||
+import pwd
|
||||
+import grp
|
||||
+import string
|
||||
+import selinux
|
||||
+import tempfile
|
||||
+import os
|
||||
+import re
|
||||
+import sys
|
||||
+import stat
|
||||
+import shutil
|
||||
+from semanage import *
|
||||
+PROGNAME = "policycoreutils"
|
||||
+import sepolicy
|
||||
+from sepolicy import boolean_desc, boolean_category, gen_bool_dict
|
||||
@ -655758,7 +655766,6 @@ index 0000000..1cf9681
|
||||
+from IPy import IP
|
||||
+
|
||||
+import gettext
|
||||
+PROGNAME="policycoreutils"
|
||||
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
+gettext.textdomain(PROGNAME)
|
||||
+try:
|
||||
@ -655778,30 +655785,30 @@ index 0000000..1cf9681
|
||||
+import syslog
|
||||
+
|
||||
+file_types = {}
|
||||
+file_types[""] = SEMANAGE_FCONTEXT_ALL;
|
||||
+file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
|
||||
+file_types["a"] = SEMANAGE_FCONTEXT_ALL;
|
||||
+file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
|
||||
+file_types["--"] = SEMANAGE_FCONTEXT_REG;
|
||||
+file_types["f"] = SEMANAGE_FCONTEXT_REG;
|
||||
+file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
|
||||
+file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
|
||||
+file_types["d"] = SEMANAGE_FCONTEXT_DIR;
|
||||
+file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
|
||||
+file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
|
||||
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR;
|
||||
+file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
|
||||
+file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
|
||||
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK;
|
||||
+file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
|
||||
+file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
|
||||
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK;
|
||||
+file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
|
||||
+file_types["l"] = SEMANAGE_FCONTEXT_LINK;
|
||||
+file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
|
||||
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE;
|
||||
+file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
|
||||
+file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
|
||||
+file_types[""] = SEMANAGE_FCONTEXT_ALL
|
||||
+file_types["all files"] = SEMANAGE_FCONTEXT_ALL
|
||||
+file_types["a"] = SEMANAGE_FCONTEXT_ALL
|
||||
+file_types["regular file"] = SEMANAGE_FCONTEXT_REG
|
||||
+file_types["--"] = SEMANAGE_FCONTEXT_REG
|
||||
+file_types["f"] = SEMANAGE_FCONTEXT_REG
|
||||
+file_types["-d"] = SEMANAGE_FCONTEXT_DIR
|
||||
+file_types["directory"] = SEMANAGE_FCONTEXT_DIR
|
||||
+file_types["d"] = SEMANAGE_FCONTEXT_DIR
|
||||
+file_types["-c"] = SEMANAGE_FCONTEXT_CHAR
|
||||
+file_types["character device"] = SEMANAGE_FCONTEXT_CHAR
|
||||
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR
|
||||
+file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK
|
||||
+file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK
|
||||
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK
|
||||
+file_types["-s"] = SEMANAGE_FCONTEXT_SOCK
|
||||
+file_types["socket"] = SEMANAGE_FCONTEXT_SOCK
|
||||
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK
|
||||
+file_types["-l"] = SEMANAGE_FCONTEXT_LINK
|
||||
+file_types["l"] = SEMANAGE_FCONTEXT_LINK
|
||||
+file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK
|
||||
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE
|
||||
+file_types["-p"] = SEMANAGE_FCONTEXT_PIPE
|
||||
+file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE
|
||||
+
|
||||
+file_type_str_to_option = {"all files": "a",
|
||||
+ "regular file":"f",
|
||||
@ -655821,11 +655828,14 @@ index 0000000..1cf9681
|
||||
+
|
||||
+ sep = "-"
|
||||
+ if sename != oldsename:
|
||||
+ msg += sep + "sename"; sep = ","
|
||||
+ msg += sep + "sename"
|
||||
+ sep = ","
|
||||
+ if serole != oldserole:
|
||||
+ msg += sep + "role"; sep = ","
|
||||
+ msg += sep + "role"
|
||||
+ sep = ","
|
||||
+ if serange != oldserange:
|
||||
+ msg += sep + "range"; sep = ","
|
||||
+ msg += sep + "range"
|
||||
+ sep = ","
|
||||
+
|
||||
+ self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_ASSIGN, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""])
|
||||
+
|
||||
@ -655919,10 +655929,12 @@ index 0000000..1cf9681
|
||||
+ else:
|
||||
+ return raw
|
||||
+
|
||||
+
|
||||
+class semanageRecords:
|
||||
+ transaction = False
|
||||
+ handle = None
|
||||
+ store = None
|
||||
+
|
||||
+ def __init__(self, store):
|
||||
+ global handle
|
||||
+ self.load = True
|
||||
@ -655948,7 +655960,7 @@ index 0000000..1cf9681
|
||||
+ raise ValueError(_("Could not create semanage handle"))
|
||||
+
|
||||
+ if not semanageRecords.transaction and store != "":
|
||||
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
|
||||
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT)
|
||||
+ semanageRecords.store = store
|
||||
+
|
||||
+ if not semanage_is_managed(handle):
|
||||
@ -655988,6 +656000,7 @@ index 0000000..1cf9681
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not start semanage transaction"))
|
||||
+
|
||||
+ def customized(self):
|
||||
+ raise ValueError(_("Not yet implemented"))
|
||||
+
|
||||
@ -656008,7 +656021,9 @@ index 0000000..1cf9681
|
||||
+ semanageRecords.transaction = False
|
||||
+ self.commit()
|
||||
+
|
||||
+
|
||||
+class moduleRecords(semanageRecords):
|
||||
+
|
||||
+ def __init__(self, store):
|
||||
+ semanageRecords.__init__(self, store)
|
||||
+
|
||||
@ -656076,7 +656091,7 @@ index 0000000..1cf9681
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
||||
+
|
||||
+ rc = semanage_module_install_file(self.sh, module);
|
||||
+ rc = semanage_module_install_file(self.sh, module)
|
||||
+ if rc >= 0:
|
||||
+ self.commit()
|
||||
+
|
||||
@ -656101,7 +656116,7 @@ index 0000000..1cf9681
|
||||
+ def modify(self, file):
|
||||
+ if not module:
|
||||
+ raise ValueError(_("You did not define module name."))
|
||||
+ rc = semanage_module_upgrade_file(self.sh, file);
|
||||
+ rc = semanage_module_upgrade_file(self.sh, file)
|
||||
+ if rc >= 0:
|
||||
+ self.commit()
|
||||
+
|
||||
@ -656124,7 +656139,9 @@ index 0000000..1cf9681
|
||||
+ for m in l:
|
||||
+ self.set_enabled(m, True)
|
||||
+
|
||||
+
|
||||
+class dontauditClass(semanageRecords):
|
||||
+
|
||||
+ def __init__(self, store):
|
||||
+ semanageRecords.__init__(self, store)
|
||||
+
|
||||
@ -656132,10 +656149,12 @@ index 0000000..1cf9681
|
||||
+ if dontaudit not in ["on", "off"]:
|
||||
+ raise ValueError(_("dontaudit requires either 'on' or 'off'"))
|
||||
+ self.begin()
|
||||
+ semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
|
||||
+ rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
|
||||
+ self.commit()
|
||||
+
|
||||
+
|
||||
+class permissiveRecords(semanageRecords):
|
||||
+
|
||||
+ def __init__(self, store):
|
||||
+ semanageRecords.__init__(self, store)
|
||||
+
|
||||
@ -656186,7 +656205,7 @@ index 0000000..1cf9681
|
||||
+ name = "permissive_%s" % setype
|
||||
+ modtxt = "(typepermissive %s)" % type
|
||||
+
|
||||
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil");
|
||||
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil")
|
||||
+ if rc >= 0:
|
||||
+ self.commit()
|
||||
+
|
||||
@ -656274,7 +656293,7 @@ index 0000000..1cf9681
|
||||
+
|
||||
+ semanage_seuser_key_free(k)
|
||||
+ semanage_seuser_free(u)
|
||||
+ self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
|
||||
+ self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
|
||||
+
|
||||
+ def add(self, name, sename, serange):
|
||||
+ try:
|
||||
@ -656324,6 +656343,7 @@ index 0000000..1cf9681
|
||||
+
|
||||
+ if sename != "":
|
||||
+ semanage_seuser_set_sename(self.sh, u, sename)
|
||||
+ self.sename = sename
|
||||
+ else:
|
||||
+ self.sename = self.oldsename
|
||||
+
|
||||
@ -656333,7 +656353,7 @@ index 0000000..1cf9681
|
||||
+
|
||||
+ semanage_seuser_key_free(k)
|
||||
+ semanage_seuser_free(u)
|
||||
+ self.mylog.log("login", name,sename=self.sename,serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
|
||||
+ self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
|
||||
+
|
||||
+ def modify(self, name, sename="", serange=None):
|
||||
+ try:
|
||||
@ -656374,7 +656394,7 @@ index 0000000..1cf9681
|
||||
+ rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
|
||||
+ RANGE, (rc, serole) = userrec.get(self.sename)
|
||||
+
|
||||
+ self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
|
||||
+ self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
|
||||
+
|
||||
+ def delete(self, name):
|
||||
+ try:
|
||||
@ -656560,7 +656580,7 @@ index 0000000..1cf9681
|
||||
+ def __modify(self, name, roles=[], selevel="", serange=None, prefix=""):
|
||||
+ oldserole = ""
|
||||
+ oldserange = ""
|
||||
+ newroles = ' '.join(roles);
|
||||
+ newroles = ' '.join(roles)
|
||||
+ if prefix == "" and len(roles) == 0 and not serange and selevel == "":
|
||||
+ if is_mls_enabled == 1:
|
||||
+ raise ValueError(_("Requires prefix, roles, level or range"))
|
||||
@ -656584,7 +656604,7 @@ index 0000000..1cf9681
|
||||
+ oldserange = semanage_user_get_mlsrange(u)
|
||||
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
|
||||
+ if rc >= 0:
|
||||
+ oldserole = ' '.join(rlist);
|
||||
+ oldserole = ' '.join(rlist)
|
||||
+
|
||||
+ if serange:
|
||||
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
||||
@ -656698,7 +656718,7 @@ index 0000000..1cf9681
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not list roles for user %s") % name)
|
||||
+
|
||||
+ roles = ' '.join(rlist);
|
||||
+ roles = ' '.join(rlist)
|
||||
+ ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
|
||||
+
|
||||
+ return ddict
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.4
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
|
||||
Source3: system-config-selinux.png
|
||||
Source4: sepolicy-icons.tgz
|
||||
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/b7b250d47a5ae70efc95492cda499ee6a8ae12d8
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/38d05b08329cb56bba1e64a37b9b166f2fa9f85c
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: sepolgen-rhat.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
@ -399,6 +399,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Thu Aug 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-8
|
||||
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
|
||||
|
||||
* Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-7
|
||||
- policycoreutils-python3 depends on python-IPy-python3
|
||||
|
||||
|
@ -122,10 +122,10 @@ index cf13210..60ff4e9 100644
|
||||
else:
|
||||
role_type = refpolicy.RoleType()
|
||||
diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py
|
||||
index 56919be..ddad682 100644
|
||||
index 56919be..1c94daa 100644
|
||||
--- a/sepolgen-1.2.2/src/sepolgen/audit.py
|
||||
+++ b/sepolgen-1.2.2/src/sepolgen/audit.py
|
||||
@@ -17,11 +17,11 @@
|
||||
@@ -17,11 +17,12 @@
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
@ -136,10 +136,38 @@ index 56919be..ddad682 100644
|
||||
|
||||
+from . import refpolicy
|
||||
+from . import access
|
||||
+from . import util
|
||||
# Convenience functions
|
||||
|
||||
def get_audit_boot_msgs():
|
||||
@@ -169,6 +169,7 @@ class AVCMessage(AuditMessage):
|
||||
@@ -42,6 +43,8 @@ def get_audit_boot_msgs():
|
||||
boottime = time.strftime("%X", s)
|
||||
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
+ if util.PY3:
|
||||
+ output = util.decode_input(output)
|
||||
return output
|
||||
|
||||
def get_audit_msgs():
|
||||
@@ -55,6 +58,8 @@ def get_audit_msgs():
|
||||
import subprocess
|
||||
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
+ if util.PY3:
|
||||
+ output = util.decode_input(output)
|
||||
return output
|
||||
|
||||
def get_dmesg_msgs():
|
||||
@@ -66,6 +71,8 @@ def get_dmesg_msgs():
|
||||
import subprocess
|
||||
output = subprocess.Popen(["/bin/dmesg"],
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
+ if util.PY3:
|
||||
+ output = util.decode_input(output)
|
||||
return output
|
||||
|
||||
# Classes representing audit messages
|
||||
@@ -169,6 +176,7 @@ class AVCMessage(AuditMessage):
|
||||
self.exe = ""
|
||||
self.path = ""
|
||||
self.name = ""
|
||||
@ -147,7 +175,7 @@ index 56919be..ddad682 100644
|
||||
self.accesses = []
|
||||
self.denial = True
|
||||
self.type = audit2why.TERULE
|
||||
@@ -230,6 +231,10 @@ class AVCMessage(AuditMessage):
|
||||
@@ -230,6 +238,10 @@ class AVCMessage(AuditMessage):
|
||||
self.exe = fields[1][1:-1]
|
||||
elif fields[0] == "name":
|
||||
self.name = fields[1][1:-1]
|
||||
@ -158,7 +186,7 @@ index 56919be..ddad682 100644
|
||||
|
||||
if not found_src or not found_tgt or not found_class or not found_access:
|
||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||
@@ -354,7 +359,9 @@ class AuditParser:
|
||||
@@ -354,7 +366,9 @@ class AuditParser:
|
||||
self.path_msgs = []
|
||||
self.by_header = { }
|
||||
self.check_input_file = False
|
||||
@ -169,7 +197,7 @@ index 56919be..ddad682 100644
|
||||
# Low-level parsing function - tries to determine if this audit
|
||||
# message is an SELinux related message and then parses it into
|
||||
# the appropriate AuditMessage subclass. This function deliberately
|
||||
@@ -430,7 +437,7 @@ class AuditParser:
|
||||
@@ -430,7 +444,7 @@ class AuditParser:
|
||||
|
||||
# Group by audit header
|
||||
if msg.header != "":
|
||||
@ -178,7 +206,7 @@ index 56919be..ddad682 100644
|
||||
self.by_header[msg.header].append(msg)
|
||||
else:
|
||||
self.by_header[msg.header] = [msg]
|
||||
@@ -492,6 +499,60 @@ class AuditParser:
|
||||
@@ -492,6 +506,68 @@ class AuditParser:
|
||||
|
||||
return role_types
|
||||
|
||||
@ -201,7 +229,11 @@ index 56919be..ddad682 100644
|
||||
+ try:
|
||||
+ output = subprocess.check_output(command,
|
||||
+ stderr=subprocess.STDOUT,
|
||||
+ shell=True)
|
||||
+ shell=True,
|
||||
+ universal_newlines=True)
|
||||
+ if util.PY3:
|
||||
+ output = util.decode_input(output)
|
||||
+
|
||||
+ try:
|
||||
+ ino = int(inode)
|
||||
+ except ValueError:
|
||||
@ -218,11 +250,14 @@ index 56919be..ddad682 100644
|
||||
+ return path
|
||||
+
|
||||
+ def __store_base_types(self):
|
||||
+ import sepolicy
|
||||
+ self.base_types = sepolicy.get_types_from_attribute("base_file_type")
|
||||
+ # FIXME: this is a temporary workaround until sepolicy is ported to python 3
|
||||
+ # import sepolicy
|
||||
+ # self.base_types = sepolicy.get_types_from_attribute("base_file_type")
|
||||
+ self.base_types = []
|
||||
+
|
||||
+ def __get_base_type(self, tcontext, scontext):
|
||||
+ import sepolicy
|
||||
+ # FIXME: uncomment the following code when sepolicy is ported to python 3
|
||||
+ # import sepolicy
|
||||
+ # Prevent unnecessary searching
|
||||
+ if (self.old_scontext == scontext and
|
||||
+ self.old_tcontext == tcontext):
|
||||
@ -231,15 +266,16 @@ index 56919be..ddad682 100644
|
||||
+ self.old_tcontext = tcontext
|
||||
+ for btype in self.base_types:
|
||||
+ if btype == tcontext:
|
||||
+ for writable in sepolicy.get_writable_files(scontext):
|
||||
+ if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
|
||||
+ return writable
|
||||
+ # FIXME: uncomment the following code when sepolicy is ported to python 3
|
||||
+ # for writable in sepolicy.get_writable_files(scontext):
|
||||
+ # if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
|
||||
+ # return writable
|
||||
+ return 0
|
||||
+
|
||||
def to_access(self, avc_filter=None, only_denials=True):
|
||||
"""Convert the audit logs access into a an access vector set.
|
||||
|
||||
@@ -510,16 +571,23 @@ class AuditParser:
|
||||
@@ -510,16 +586,23 @@ class AuditParser:
|
||||
audit logs parsed by this object.
|
||||
"""
|
||||
av_set = access.AccessVectorSet()
|
||||
@ -911,7 +947,7 @@ index 88c8a1f..d05d721 100644
|
||||
self.classes[c] = { }
|
||||
cur = self.classes[c]
|
||||
diff --git a/sepolgen-1.2.2/src/sepolgen/output.py b/sepolgen-1.2.2/src/sepolgen/output.py
|
||||
index 739452d..d8daedb 100644
|
||||
index 739452d..7a83aee 100644
|
||||
--- a/sepolgen-1.2.2/src/sepolgen/output.py
|
||||
+++ b/sepolgen-1.2.2/src/sepolgen/output.py
|
||||
@@ -27,8 +27,12 @@ generating policy. This keeps the semantic / syntactic issues
|
||||
@ -929,6 +965,24 @@ index 739452d..d8daedb 100644
|
||||
|
||||
class ModuleWriter:
|
||||
def __init__(self):
|
||||
@@ -127,7 +131,7 @@ def sort_filter(module):
|
||||
rules = []
|
||||
rules.extend(node.avrules())
|
||||
rules.extend(node.interface_calls())
|
||||
- rules.sort(rule_cmp)
|
||||
+ rules.sort(key=util.cmp_to_key(rule_cmp))
|
||||
|
||||
cur = None
|
||||
sep_rules = []
|
||||
@@ -151,7 +155,7 @@ def sort_filter(module):
|
||||
|
||||
ras = []
|
||||
ras.extend(node.role_types())
|
||||
- ras.sort(role_type_cmp)
|
||||
+ ras.sort(key=util.cmp_to_key(role_type_cmp))
|
||||
if len(ras):
|
||||
comment = refpolicy.Comment()
|
||||
comment.lines.append("============= ROLES ==============")
|
||||
diff --git a/sepolgen-1.2.2/src/sepolgen/policygen.py b/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||
index 5f38577..89366df 100644
|
||||
--- a/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||
@ -1256,7 +1310,7 @@ index 8ad64a9..a9bb92d 100644
|
||||
class Require(Leaf):
|
||||
def __init__(self, parent=None):
|
||||
diff --git a/sepolgen-1.2.2/src/sepolgen/util.py b/sepolgen-1.2.2/src/sepolgen/util.py
|
||||
index 74a11f5..4934bec 100644
|
||||
index 74a11f5..1fca971 100644
|
||||
--- a/sepolgen-1.2.2/src/sepolgen/util.py
|
||||
+++ b/sepolgen-1.2.2/src/sepolgen/util.py
|
||||
@@ -16,6 +16,19 @@
|
||||
@ -1279,7 +1333,7 @@ index 74a11f5..4934bec 100644
|
||||
|
||||
class ConsoleProgressBar:
|
||||
def __init__(self, out, steps=100, indicator='#'):
|
||||
@@ -76,6 +89,51 @@ def first(s, sorted=False):
|
||||
@@ -76,6 +89,88 @@ def first(s, sorted=False):
|
||||
for x in s:
|
||||
return x
|
||||
|
||||
@ -1297,6 +1351,20 @@ index 74a11f5..4934bec 100644
|
||||
+ encoded_text = text.encode('utf-8')
|
||||
+ return encoded_text
|
||||
+
|
||||
+def decode_input(text):
|
||||
+ import locale
|
||||
+ """Decode given text via preferred system encoding"""
|
||||
+ # locale will often find out the correct encoding
|
||||
+ encoding = locale.getpreferredencoding()
|
||||
+ try:
|
||||
+ decoded_text = text.decode(encoding)
|
||||
+ except UnicodeError:
|
||||
+ # if it fails to find correct encoding then ascii is used
|
||||
+ # which may lead to UnicodeError if `text` contains non ascii signs
|
||||
+ # utf-8 is our guess to fix the situation
|
||||
+ decoded_text = text.decode('utf-8')
|
||||
+ return decoded_text
|
||||
+
|
||||
+class Comparison():
|
||||
+ """Class used when implementing rich comparison.
|
||||
+
|
||||
@ -1325,6 +1393,29 @@ index 74a11f5..4934bec 100644
|
||||
+ def __ne__(self, other):
|
||||
+ return self._compare(other, lambda a, b: a != b)
|
||||
+
|
||||
+if sys.version_info < (2,7):
|
||||
+ # cmp_to_key function is missing in python2.6
|
||||
+ def cmp_to_key(mycmp):
|
||||
+ 'Convert a cmp= function into a key= function'
|
||||
+ class K:
|
||||
+ def __init__(self, obj, *args):
|
||||
+ self.obj = obj
|
||||
+ def __lt__(self, other):
|
||||
+ return mycmp(self.obj, other.obj) < 0
|
||||
+ def __gt__(self, other):
|
||||
+ return mycmp(self.obj, other.obj) > 0
|
||||
+ def __eq__(self, other):
|
||||
+ return mycmp(self.obj, other.obj) == 0
|
||||
+ def __le__(self, other):
|
||||
+ return mycmp(self.obj, other.obj) <= 0
|
||||
+ def __ge__(self, other):
|
||||
+ return mycmp(self.obj, other.obj) >= 0
|
||||
+ def __ne__(self, other):
|
||||
+ return mycmp(self.obj, other.obj) != 0
|
||||
+ return K
|
||||
+else:
|
||||
+ from functools import cmp_to_key
|
||||
+
|
||||
+def cmp(first, second):
|
||||
+ return (first > second) - (second > first)
|
||||
+
|
||||
|
Loading…
Reference in New Issue
Block a user