- Return None when no records match python setools.sesearch

This commit is contained in:
Dan Walsh 2010-10-14 14:25:23 -04:00
parent d926e676b2
commit 764e7165c1
2 changed files with 215 additions and 51 deletions

View File

@ -1,7 +1,16 @@
diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
--- setools-3.3.6/configure.ac.python 2009-07-22 14:07:35.000000000 -0400
+++ setools-3.3.6/configure.ac 2009-08-11 13:15:57.000000000 -0400
@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then
diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac
--- setools-3.3.7/configure.ac.python 2010-04-30 10:25:48.000000000 -0400
+++ setools-3.3.7/configure.ac 2010-07-30 15:02:10.000000000 -0400
@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
enable_jswig="$enableval")
if test "x${enable_jswig}" = xyes; then
if test ${do_swigify} = no; then
- AC_PROG_SWIG(1.3.28)
+ AC_PROG_SWIG(2.0.0)
fi
AC_JAVA_OPTIONS
if test "x$JAVAPREFIX" = x; then
@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then
do_swigify_java=yes
do_swigify=yes
fi
@ -11,15 +20,33 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
AC_ARG_ENABLE(swig-python,
AC_HELP_STRING([--enable-swig-python],
[build SWIG interfaces for Python]),
@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then
enable_pyswig="$enableval")
if test "x${enable_pyswig}" = xyes; then
if test ${do_swigify} = no; then
AC_PROG_SWIG(1.3.28)
- AC_PROG_SWIG(1.3.28)
+ AC_PROG_SWIG(2.0.0)
fi
- AM_PATH_PYTHON(2.3)
SWIG_PYTHON
do_swigify_python=yes
do_swigify=yes
@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \
fi
if test ${do_swigify} = "yes"; then
- AC_PROG_SWIG(1.3.28)
+ AC_PROG_SWIG(2.0.0)
fi
build_apol=yes
AC_ARG_ENABLE(swig-tcl,
@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
enable_tclswig="$enableval", enable_tclswig="yes")
if test "x${enable_tclswig}" = xyes; then
if test ${do_swigify} = no; then
- AC_PROG_SWIG(1.3.28)
+ AC_PROG_SWIG(2.0.0)
fi
TEA_INIT(3.5)
TEA_PATH_TCLCONFIG
@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \
sediff/Makefile \
man/Makefile \
debian/Makefile \
@ -28,9 +55,9 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
packages/Makefile packages/rpm/Makefile \
packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
--- setools-3.3.6/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.6/Makefile.am 2009-08-11 13:15:57.000000000 -0400
diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am
--- setools-3.3.7/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.7/Makefile.am 2010-07-30 15:02:10.000000000 -0400
@@ -10,7 +10,7 @@ if BUILD_GUI
endif
# sediffx is also built conditionally, from sediffx/Makefile.am
@ -40,9 +67,9 @@ diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
--- setools-3.3.6/Makefile.in.python 2009-07-22 14:08:36.000000000 -0400
+++ setools-3.3.6/Makefile.in 2009-08-11 15:14:56.000000000 -0400
diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in
--- setools-3.3.7/Makefile.in.python 2010-05-12 10:01:09.000000000 -0400
+++ setools-3.3.7/Makefile.in 2010-07-30 15:02:47.000000000 -0400
@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE
ETAGS = etags
CTAGS = ctags
@ -52,7 +79,7 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
@BUILD_APOL_TRUE@MAYBE_APOL = apol
@BUILD_GUI_TRUE@MAYBE_GUI = seaudit
# sediffx is also built conditionally, from sediffx/Makefile.am
@ -61,16 +88,16 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
diff -up /dev/null setools-3.3.6/python/Makefile.am
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/Makefile.am 2009-08-11 15:12:36.000000000 -0400
diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am
--- setools-3.3.7/python/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/Makefile.am 2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1 @@
+SUBDIRS = setools
diff -up /dev/null setools-3.3.6/python/Makefile.in
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/Makefile.in 2009-08-11 15:14:56.000000000 -0400
@@ -0,0 +1,715 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in
--- setools-3.3.7/python/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/Makefile.in 2010-07-30 15:02:46.000000000 -0400
@@ -0,0 +1,716 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -249,6 +276,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -482,7 +510,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
@ -507,7 +535,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
@ -785,10 +813,10 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff -up /dev/null setools-3.3.6/python/setools/__init__.py
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/setools/__init__.py 2009-08-11 13:15:57.000000000 -0400
@@ -0,0 +1,49 @@
diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py
--- setools-3.3.7/python/setools/__init__.py.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/__init__.py 2010-08-03 15:52:27.000000000 -0400
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu@redhat.com>
@ -800,6 +828,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
+TYPE = _seinfo.TYPE
+ROLE = _seinfo.ROLE
+ATTRIBUTE = _seinfo.ATTRIBUTE
+PORT = _seinfo.PORT
+USER = _seinfo.USER
+
+ALLOW = 'allow'
@ -838,9 +867,9 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
+def seinfo(setype, name=None):
+ dict_list = _seinfo.seinfo(setype, name)
+ return dict_list
diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/setools/Makefile.am 2009-08-11 17:17:15.000000000 -0400
diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am
--- setools-3.3.7/python/setools/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.am 2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,36 @@
+EXTRA_DIST = \
+ sesearch.c \
@ -878,11 +907,11 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
+ $(PYTHON) setup.py clean -a
+ rm -f *~
+
diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/setools/Makefile.in 2009-08-11 17:17:18.000000000 -0400
@@ -0,0 +1,549 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in
--- setools-3.3.7/python/setools/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.in 2010-07-30 15:02:46.000000000 -0400
@@ -0,0 +1,550 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -1021,6 +1050,7 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -1431,10 +1461,10 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/setools/seinfo.c 2009-08-11 16:31:05.000000000 -0400
@@ -0,0 +1,649 @@
diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c
--- setools-3.3.7/python/setools/seinfo.c.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/seinfo.c 2010-08-03 18:07:17.000000000 -0400
@@ -0,0 +1,769 @@
+/**
+ * @file
+ * Command line tool to search TE rules.
@ -1492,7 +1522,7 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
+
+enum input
+{
+ TYPE, ATTRIBUTE, ROLE, USER
+ TYPE, ATTRIBUTE, ROLE, USER, PORT,
+};
+
+/**
@ -1902,6 +1932,122 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
+}
+
+/**
+ * Get statistics regarding a policy's ports.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular port; otherwise
+ * the function get statistics about all of the policy's ports.
+ *
+ * @param name Reference to an port's name; if NULL,
+ * all ports will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_ports(const char *num, const apol_policy_t * policydb)
+{
+ PyObject *list = PyList_New(0);
+ int retval = -1;
+ const qpol_portcon_t *portcon = NULL;
+ qpol_iterator_t *iter = NULL;
+ uint16_t low_port, high_port;
+ uint8_t ocon_proto;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+ const qpol_context_t *ctxt = NULL;
+ const char *proto_str;
+ PyObject *dict;
+ const char *type = NULL;
+ const apol_mls_range_t *range = NULL;
+ char *range_str = NULL;
+ PyObject *obj = NULL;
+ apol_context_t *c = NULL;
+
+ if (qpol_policy_get_portcon_iter(q, &iter))
+ goto cleanup;
+
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&portcon))
+ goto cleanup;
+ if (qpol_portcon_get_low_port(q, portcon, &low_port))
+ goto cleanup;
+ if (qpol_portcon_get_high_port(q, portcon, &high_port))
+ goto cleanup;
+ if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
+ goto cleanup;
+ if (num) {
+ if (atoi(num) < low_port || atoi(num) > high_port)
+ continue;
+ }
+
+ if ((ocon_proto != IPPROTO_TCP) &&
+ (ocon_proto != IPPROTO_UDP))
+ goto cleanup;
+
+ if (qpol_portcon_get_context(q, portcon, &ctxt)) {
+ PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
+ goto cleanup;
+ }
+
+ if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
+ PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
+ goto cleanup;
+ }
+
+ if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
+ goto cleanup;
+ }
+
+ if((type = apol_context_get_type(c)) == NULL) {
+ apol_context_destroy(&c);
+ goto cleanup;
+ }
+
+ dict = PyDict_New();
+ obj = PyString_FromString(type);
+ PyDict_SetItemString(dict, "type", obj);
+ Py_DECREF(obj);
+
+ if((range = apol_context_get_range(c)) == NULL) {
+ goto cleanup;
+ }
+
+ range_str = apol_mls_range_render(policydb, range);
+ if (range_str == NULL) {
+ goto cleanup;
+ }
+ obj = PyString_FromString(range_str);
+ PyDict_SetItemString(dict, "range", obj);
+ Py_DECREF(obj);
+
+ obj = PyString_FromString(proto_str);
+ PyDict_SetItemString(dict, "protocol", obj);
+ Py_DECREF(obj);
+
+ obj = PyInt_FromLong(high_port);
+ PyDict_SetItemString(dict, "high", obj);
+ Py_DECREF(obj);
+
+ obj = PyInt_FromLong(low_port);
+ PyDict_SetItemString(dict, "low", obj);
+ Py_DECREF(obj);
+
+ PyList_Append(list, dict);
+ Py_DECREF(dict);
+ }
+ retval = 0;
+ cleanup:
+ free(range_str);
+ apol_context_destroy(&c);
+ qpol_iterator_destroy(&iter);
+
+ if (retval) {
+ Py_DECREF(list);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ return list;
+}
+
+/**
+ * Get statistics regarding a policy's roles.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular role; otherwise
@ -2055,6 +2201,9 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
+ if (type == USER)
+ output = get_users(name, policydb);
+
+ if (type == PORT)
+ output = get_ports(name, policydb);
+
+ apol_policy_destroy(&policydb);
+ apol_policy_path_destroy(&pol_path);
+ return output;
@ -2080,14 +2229,15 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
+ PyObject *m;
+ m = Py_InitModule("_seinfo", methods);
+ PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
+ PyModule_AddIntConstant(m, "PORT", PORT);
+ PyModule_AddIntConstant(m, "ROLE", ROLE);
+ PyModule_AddIntConstant(m, "TYPE", TYPE);
+ PyModule_AddIntConstant(m, "USER", USER);
+}
diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/setools/sesearch.c 2009-08-11 16:31:05.000000000 -0400
@@ -0,0 +1,477 @@
diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c
--- setools-3.3.7/python/setools/sesearch.c.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/sesearch.c 2010-10-14 11:04:53.000000000 -0400
@@ -0,0 +1,479 @@
+// Author: Thomas Liu <tliu@redhat.com>
+
+/**
@ -2506,6 +2656,7 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
+ goto cleanup;
+ }
+ if (v) {
+ printf("Dan 1\n");
+ output = get_av_results(policy, &cmd_opts, v);
+ }
+ apol_vector_destroy(&v);
@ -2521,8 +2672,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
+ free(cmd_opts.tgt_role_name);
+ apol_vector_destroy(&cmd_opts.perm_vector);
+ apol_vector_destroy(&cmd_opts.class_vector);
+
+ return output;
+
+ if (output) return output;
+ return Py_None;
+}
+static int Dict_ContainsInt(PyObject *dict, const char *key){
+ PyObject *item = PyDict_GetItemString(dict, key);
@ -2565,9 +2717,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
+ PyObject *m;
+ m = Py_InitModule("_sesearch", methods);
+}
diff -up /dev/null setools-3.3.6/python/setools/setup.py
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
+++ setools-3.3.6/python/setools/setup.py 2009-08-11 17:29:42.000000000 -0400
diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py
--- setools-3.3.7/python/setools/setup.py.python 2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/setup.py 2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+

View File

@ -5,7 +5,7 @@
Name: setools
Version: %{setools_maj_ver}.%{setools_min_ver}
Release: 4%{?dist}
Release: 8%{?dist}
License: GPLv2
URL: http://oss.tresys.com/projects/setools
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -353,6 +353,18 @@ rm -rf ${RPM_BUILD_ROOT}
%postun libs-tcl -p /sbin/ldconfig
%changelog
* Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
- Return None when no records match python setools.sesearch
* Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
- Add range to ports in seinfo python
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
- Return range with ports
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
- Add port support to setools python
* Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
- fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
patch 1