- Return None when no records match python setools.sesearch

2010-10-14 14:25:23 -04:00 · 2010-10-14 14:25:23 -04:00 · 764e7165c1
parent d926e676b2
commit 764e7165c1
2 changed files with 215 additions and 51 deletions
--- a/setools-python.patch
+++ b/setools-python.patch
@ -1,7 +1,16 @@
-diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
--- setools-3.3.6/configure.ac.python	2009-07-22 14:07:35.000000000 -0400
-+++ setools-3.3.6/configure.ac	2009-08-11 13:15:57.000000000 -0400
-@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then
+diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac
+--- setools-3.3.7/configure.ac.python	2010-04-30 10:25:48.000000000 -0400
+++ setools-3.3.7/configure.ac	2010-07-30 15:02:10.000000000 -0400
+@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
+               enable_jswig="$enableval")
+ if test "x${enable_jswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
+      AC_PROG_SWIG(2.0.0)
+    fi
+    AC_JAVA_OPTIONS
+    if test "x$JAVAPREFIX" = x; then
+@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then
    do_swigify_java=yes
    do_swigify=yes
 fi
@ -11,15 +20,33 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
 AC_ARG_ENABLE(swig-python,
               AC_HELP_STRING([--enable-swig-python],
                              [build SWIG interfaces for Python]),
-@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then
+               enable_pyswig="$enableval")
+ if test "x${enable_pyswig}" = xyes; then
    if test ${do_swigify} = no; then
-       AC_PROG_SWIG(1.3.28)
+-      AC_PROG_SWIG(1.3.28)
+      AC_PROG_SWIG(2.0.0)
    fi
 -   AM_PATH_PYTHON(2.3)
    SWIG_PYTHON
    do_swigify_python=yes
    do_swigify=yes
-@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \
+ fi
+ if test ${do_swigify} = "yes"; then
+-   AC_PROG_SWIG(1.3.28)
+   AC_PROG_SWIG(2.0.0)
+ fi
+ build_apol=yes
+ AC_ARG_ENABLE(swig-tcl,
+@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
+               enable_tclswig="$enableval", enable_tclswig="yes")
+ if test "x${enable_tclswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
+      AC_PROG_SWIG(2.0.0)
+    fi
+    TEA_INIT(3.5)
+    TEA_PATH_TCLCONFIG
+@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \
                  sediff/Makefile \
                  man/Makefile \
                  debian/Makefile \
@ -28,9 +55,9 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
                  packages/Makefile packages/rpm/Makefile \
                  packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
 
-diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
--- setools-3.3.6/Makefile.am.python	2008-02-22 14:06:28.000000000 -0500
-+++ setools-3.3.6/Makefile.am	2009-08-11 13:15:57.000000000 -0400
+diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am
+--- setools-3.3.7/Makefile.am.python	2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.7/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -10,7 +10,7 @@ if BUILD_GUI
 endif
 # sediffx is also built conditionally, from sediffx/Makefile.am
@ -40,9 +67,9 @@ diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
 
 #old indent opts
 #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
-diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
--- setools-3.3.6/Makefile.in.python	2009-07-22 14:08:36.000000000 -0400
-+++ setools-3.3.6/Makefile.in	2009-08-11 15:14:56.000000000 -0400
+diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in
+--- setools-3.3.7/Makefile.in.python	2010-05-12 10:01:09.000000000 -0400
+++ setools-3.3.7/Makefile.in	2010-07-30 15:02:47.000000000 -0400
@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE
 ETAGS = etags
 CTAGS = ctags
@ -52,7 +79,7 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
-@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
+@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
 @BUILD_APOL_TRUE@MAYBE_APOL = apol
 @BUILD_GUI_TRUE@MAYBE_GUI = seaudit
 # sediffx is also built conditionally, from sediffx/Makefile.am
@ -61,16 +88,16 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
 
 #old indent opts
 #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
-diff -up /dev/null setools-3.3.6/python/Makefile.am
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/Makefile.am	2009-08-11 15:12:36.000000000 -0400
+diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am
+--- setools-3.3.7/python/Makefile.am.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1 @@
 +SUBDIRS = setools
-diff -up /dev/null setools-3.3.6/python/Makefile.in
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/Makefile.in	2009-08-11 15:14:56.000000000 -0400
-@@ -0,0 +1,715 @@
-+# Makefile.in generated by automake 1.11 from Makefile.am.
+diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in
+--- setools-3.3.7/python/Makefile.in.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/Makefile.in	2010-07-30 15:02:46.000000000 -0400
+@@ -0,0 +1,716 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
 +# @configure_input@
 +
 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -249,6 +276,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +PACKAGE_NAME = @PACKAGE_NAME@
 +PACKAGE_STRING = @PACKAGE_STRING@
 +PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
 +PACKAGE_VERSION = @PACKAGE_VERSION@
 +PATH_SEPARATOR = @PATH_SEPARATOR@
 +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -482,7 +510,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +#     (which will cause the Makefiles to be regenerated when you run `make');
 +# (2) otherwise, pass the desired values on the `make' command line.
 +$(RECURSIVE_TARGETS):
-+	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
 +	for f in x $$MAKEFLAGS; do \
 +	  case $$f in \
 +	    *=* | --[!k]*);; \
@ -507,7 +535,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +	fi; test -z "$$fail"
 +
 +$(RECURSIVE_CLEAN_TARGETS):
-+	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
 +	for f in x $$MAKEFLAGS; do \
 +	  case $$f in \
 +	    *=* | --[!k]*);; \
@ -785,10 +813,10 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
 +# Otherwise a system limit (for SysV at least) may be exceeded.
 +.NOEXPORT:
-diff -up /dev/null setools-3.3.6/python/setools/__init__.py
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/__init__.py	2009-08-11 13:15:57.000000000 -0400
-@@ -0,0 +1,49 @@
+diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py
+--- setools-3.3.7/python/setools/__init__.py.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/__init__.py	2010-08-03 15:52:27.000000000 -0400
+@@ -0,0 +1,50 @@
 +#!/usr/bin/env python
 +
 +# Author: Thomas Liu <tliu@redhat.com>
@ -800,6 +828,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +TYPE = _seinfo.TYPE
 +ROLE = _seinfo.ROLE
 +ATTRIBUTE = _seinfo.ATTRIBUTE
+PORT = _seinfo.PORT
 +USER = _seinfo.USER
 +
 +ALLOW = 'allow'
@ -838,9 +867,9 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +def seinfo(setype, name=None):
 +    dict_list = _seinfo.seinfo(setype, name)
 +    return dict_list
-diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/Makefile.am	2009-08-11 17:17:15.000000000 -0400
+diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am
+--- setools-3.3.7/python/setools/Makefile.am.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,36 @@
 +EXTRA_DIST =				\
 +	sesearch.c			\
@ -878,11 +907,11 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
 +	$(PYTHON) setup.py clean -a 
 +	rm -f *~
 +
-diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/Makefile.in	2009-08-11 17:17:18.000000000 -0400
-@@ -0,0 +1,549 @@
-+# Makefile.in generated by automake 1.11 from Makefile.am.
+diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in
+--- setools-3.3.7/python/setools/Makefile.in.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.in	2010-07-30 15:02:46.000000000 -0400
+@@ -0,0 +1,550 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
 +# @configure_input@
 +
 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -1021,6 +1050,7 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
 +PACKAGE_NAME = @PACKAGE_NAME@
 +PACKAGE_STRING = @PACKAGE_STRING@
 +PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
 +PACKAGE_VERSION = @PACKAGE_VERSION@
 +PATH_SEPARATOR = @PATH_SEPARATOR@
 +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -1431,10 +1461,10 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
 +# Otherwise a system limit (for SysV at least) may be exceeded.
 +.NOEXPORT:
-diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/seinfo.c	2009-08-11 16:31:05.000000000 -0400
-@@ -0,0 +1,649 @@
+diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c
+--- setools-3.3.7/python/setools/seinfo.c.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/seinfo.c	2010-08-03 18:07:17.000000000 -0400
+@@ -0,0 +1,769 @@
 +/**
 + *  @file
 + *  Command line tool to search TE rules.
@ -1492,7 +1522,7 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +
 +enum input
 +{
-+	TYPE, ATTRIBUTE, ROLE, USER
+	TYPE, ATTRIBUTE, ROLE, USER, PORT,
 +};
 +
 +/**
@ -1902,6 +1932,122 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +}
 +
 +/**
+ * Get statistics regarding a policy's ports.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular port; otherwise
+ * the function get statistics about all of the policy's ports.
+ *
+ * @param name Reference to an port's name; if NULL,
+ * all ports will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject*  get_ports(const char *num, const apol_policy_t * policydb)
+{
+	PyObject *list = PyList_New(0);
+	int retval = -1;
+	const qpol_portcon_t *portcon = NULL;
+	qpol_iterator_t *iter = NULL;
+	uint16_t low_port, high_port;
+	uint8_t ocon_proto;
+	qpol_policy_t *q = apol_policy_get_qpol(policydb);
+	const qpol_context_t *ctxt = NULL;
+	const char *proto_str;
+	PyObject *dict;
+	const char *type = NULL;
+	const apol_mls_range_t *range = NULL;
+	char *range_str = NULL;
+	PyObject *obj = NULL;
+	apol_context_t *c = NULL;
+
+	if (qpol_policy_get_portcon_iter(q, &iter))
+		goto cleanup;
+
+	for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+		if (qpol_iterator_get_item(iter, (void **)&portcon))
+			goto cleanup;
+		if (qpol_portcon_get_low_port(q, portcon, &low_port))
+			goto cleanup;
+		if (qpol_portcon_get_high_port(q, portcon, &high_port))
+			goto cleanup;
+		if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
+			goto cleanup;
+		if (num) {
+			if (atoi(num) < low_port || atoi(num) > high_port)
+				continue;
+		}
+
+		if ((ocon_proto != IPPROTO_TCP) &&
+		    (ocon_proto != IPPROTO_UDP)) 
+			goto cleanup;
+
+		if (qpol_portcon_get_context(q, portcon, &ctxt)) {
+			PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
+			goto cleanup;
+		}
+
+		if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
+			PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
+			goto cleanup;
+		}
+
+		if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
+			goto cleanup;
+		}
+		
+		if((type = apol_context_get_type(c)) == NULL) {
+			apol_context_destroy(&c);
+			goto cleanup;
+		}
+			
+		dict = PyDict_New(); 
+		obj = PyString_FromString(type);
+		PyDict_SetItemString(dict, "type", obj);
+		Py_DECREF(obj);
+
+		if((range = apol_context_get_range(c)) == NULL) {
+			goto cleanup;
+		}
+			
+		range_str = apol_mls_range_render(policydb, range);
+		if (range_str == NULL) {
+			goto cleanup;
+		}
+		obj = PyString_FromString(range_str);
+		PyDict_SetItemString(dict, "range", obj);
+		Py_DECREF(obj);
+
+		obj = PyString_FromString(proto_str);
+		PyDict_SetItemString(dict, "protocol", obj);
+		Py_DECREF(obj);
+
+		obj = PyInt_FromLong(high_port);
+		PyDict_SetItemString(dict, "high", obj);
+		Py_DECREF(obj);
+
+		obj = PyInt_FromLong(low_port);
+		PyDict_SetItemString(dict, "low", obj);
+		Py_DECREF(obj);
+
+		PyList_Append(list, dict);
+		Py_DECREF(dict);
+	}
+	retval = 0;
+      cleanup:
+	free(range_str);
+	apol_context_destroy(&c);
+	qpol_iterator_destroy(&iter);
+
+	if (retval) {
+		Py_DECREF(list);
+		PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+		return NULL;
+	}
+	return list;
+}
+
+/**
 + * Get statistics regarding a policy's roles.
 + * If this function is given a name, it will attempt to
 + * get statistics about a particular role; otherwise
@ -2055,6 +2201,9 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +	if (type == USER)
 +		output = get_users(name, policydb);
 +
+	if (type == PORT)
+		output = get_ports(name, policydb);
+
 +	apol_policy_destroy(&policydb);
 +	apol_policy_path_destroy(&pol_path);
 +	return output;
@ -2080,14 +2229,15 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +    PyObject *m;
 +    m = Py_InitModule("_seinfo", methods);
 +    PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
+    PyModule_AddIntConstant(m, "PORT", PORT);
 +    PyModule_AddIntConstant(m, "ROLE", ROLE);
 +    PyModule_AddIntConstant(m, "TYPE", TYPE);
 +    PyModule_AddIntConstant(m, "USER", USER);
 +}
-diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/sesearch.c	2009-08-11 16:31:05.000000000 -0400
-@@ -0,0 +1,477 @@
+diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c
+--- setools-3.3.7/python/setools/sesearch.c.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/sesearch.c	2010-10-14 11:04:53.000000000 -0400
+@@ -0,0 +1,479 @@
 +// Author: Thomas Liu <tliu@redhat.com>
 +
 +/**
@ -2506,6 +2656,7 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +		goto cleanup;
 +	}
 +	if (v) {
+		printf("Dan 1\n");
 +		output =  get_av_results(policy, &cmd_opts, v);
 +	}
 +	apol_vector_destroy(&v);
@ -2521,8 +2672,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +	free(cmd_opts.tgt_role_name);
 +	apol_vector_destroy(&cmd_opts.perm_vector);
 +	apol_vector_destroy(&cmd_opts.class_vector);
-+	
-+	return output;
+
+	if (output) return output;
+	return Py_None;
 +}
 +static int Dict_ContainsInt(PyObject *dict, const char *key){
 +    PyObject *item = PyDict_GetItemString(dict, key);
@ -2565,9 +2717,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +    PyObject *m;
 +    m = Py_InitModule("_sesearch", methods);
 +}
-diff -up /dev/null setools-3.3.6/python/setools/setup.py
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/setup.py	2009-08-11 17:29:42.000000000 -0400
+diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py
+--- setools-3.3.7/python/setools/setup.py.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/setup.py	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,25 @@
 +#!/usr/bin/env python
 +
--- a/setools.spec
+++ b/setools.spec
@ -5,7 +5,7 @@

 Name: setools
 Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 4%{?dist}
+Release: 8%{?dist}
 License: GPLv2
 URL: http://oss.tresys.com/projects/setools
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -353,6 +353,18 @@ rm -rf ${RPM_BUILD_ROOT}
 %postun libs-tcl -p /sbin/ldconfig

 %changelog
+* Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
+- Return None when no records match python setools.sesearch
+
+* Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
+- Add range to ports in seinfo python
+
+* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
+- Return range with ports
+
+* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
+- Add port support to setools python 
+
 * Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
 - fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
 patch 1