setools-4.4.0-0.1.20201102git05e90ee

- Update to 05e90ee - Add /usr/bin/sechecker - Adapt to new libsepol filename transition structures - Rebuild with libsepol.so.2
2020-11-03 16:07:11 +01:00 · 2020-11-03 16:07:11 +01:00 · 8840b49782
commit 8840b49782
parent 1396e21e63
5 changed files with 145 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,4 @@ setools-3.3.8-f1e5b20.tar.bz2
 /4.2.1.tar.gz
 /4.2.2.tar.gz
 /4.3.0.tar.gz
+/05e90ee.tar.gz
--- a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch
+++ b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch
@ -0,0 +1,120 @@
+From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Fri, 17 Jul 2020 11:28:08 +0200
+Subject: [PATCH] Adapt to new libsepol filename transition structures
+
+Adapt setools to the new libsepol internal API for filename transitions
+which allows for more efficient filename trans rule representation in
+memory and binary policy.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ setools/policyrep/sepol.pxd  |  9 ++++----
+ setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
+ 2 files changed, 39 insertions(+), 11 deletions(-)
+
+diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
+index 60bc58c28ebf..b07ddb78350f 100644
+--- a/setools/policyrep/sepol.pxd
+++ b/setools/policyrep/sepol.pxd
+@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
+     ctypedef cond_bool_datum cond_bool_datum_t
+ 
+     #
+-    # filename_trans_t
+    # filename_trans_key_t
+     #
+-    cdef struct filename_trans:
+-        uint32_t stype
+    cdef struct filename_trans_key:
+         uint32_t ttype
+         uint32_t tclass
+         char *name
+ 
+-    ctypedef filename_trans filename_trans_t
+    ctypedef filename_trans_key filename_trans_key_t
+ 
+     #
+     # filename_trans_datum_t
+     #
+     cdef struct filename_trans_datum:
+        ebitmap_t stypes
+         uint32_t otype
+        filename_trans_datum *next
+ 
+     ctypedef filename_trans_datum filename_trans_datum_t
+ 
+diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
+index 3976586b7985..760c366f6c39 100644
+--- a/setools/policyrep/terule.pxi
+++ b/setools/policyrep/terule.pxi
+@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
+         readonly str filename
+ 
+     @staticmethod
+-    cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
+-                                       sepol.filename_trans_datum_t *datum):
+    cdef inline FileNameTERule factory(SELinuxPolicy policy,
+                                       sepol.filename_trans_key_t *key,
+                                       Type stype, size_t otype):
+         """Factory function for creating FileNameTERule objects."""
+         cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
+         r.policy = policy
+         r.key = <uintptr_t>key
+         r.ruletype = TERuletype.type_transition
+-        r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
+        r.source = stype
+         r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
+         r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
+-        r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
+        r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
+         r.filename = intern(key.name)
+         r.origin = None
+         return r
+@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
+ 
+     """Iterate over FileNameTERules in the policy."""
+ 
+    cdef:
+        sepol.filename_trans_datum_t *datum
+        TypeEbitmapIterator stypei
+
+     @staticmethod
+     cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
+         """Factory function for creating FileNameTERule iterators."""
+@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
+         i.reset()
+         return i
+ 
+    def _next_stype(self):
+        while True:
+            if self.datum == NULL:
+                super().__next__()
+                self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
+                self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
+            try:
+                return next(self.stypei)
+            except StopIteration:
+                pass
+            self.datum = self.datum.next
+            if self.datum != NULL:
+                self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
+
+     def __next__(self):
+-        super().__next__()
+-        return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
+-                                      <sepol.filename_trans_datum_t *>self.curr.datum)
+        stype = self._next_stype()
+        return FileNameTERule.factory(self.policy,
+                                      <sepol.filename_trans_key_t *>self.curr.key,
+                                      stype, self.datum.otype)
+
+    def __len__(self):
+        return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
+
+    def reset(self):
+        super().reset()
+        self.datum = NULL
+-- 
+2.29.0
+
--- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
@ -33,7 +33,7 @@ index 60861ca630a5..41e38a237b42 100755
 +import setools.dta
 
 
- def print_transition(trans):
+ def print_transition(trans: setools.DomainTransition) -> None:
@@ -114,7 +114,7 @@ else:
 
 try:
@ -56,7 +56,7 @@ index f10c39de4d8e..fee749a83bb5 100755
 import argparse
 import sys
 import logging
-@@ -101,7 +101,7 @@ elif args.booleans is not None:
+@@ -102,7 +102,7 @@ elif args.booleans is not None:
 try:
     p = setools.SELinuxPolicy(args.policy)
     m = setools.PermissionMap(args.map)
@ -66,18 +66,18 @@ index f10c39de4d8e..fee749a83bb5 100755
 
     if args.shortest_path or args.all_paths:
 diff --git a/setools/__init__.py b/setools/__init__.py
-index 26fa5aa34a19..b7e51c43c4bb 100644
+index d72d343e7e79..642485b9018d 100644
 --- a/setools/__init__.py
 +++ b/setools/__init__.py
-@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery
+@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
 from .devicetreeconquery import DevicetreeconQuery
 
 # Information Flow Analysis
 -from .infoflow import InfoFlowAnalysis
- from .permmap import PermissionMap
+ from .permmap import PermissionMap, RuleWeight, Mapping
 
 -# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis
+-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
 -
 # Policy difference
 from .diff import PolicyDifference
--- a/setools.spec
+++ b/setools.spec
@ -1,20 +1,21 @@
-# % global setools_pre_ver rc
-# % global gitver f1e5b20
+%global setools_pre_ver 05e90ee
+%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d

-%global sepol_ver 2.3-1
-%global selinux_ver 2.3-1
+%global sepol_ver 3.1-4
+%global selinux_ver 3.1-4


 Name:           setools
-Version:        4.3.0
-Release:        5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Version:        4.4.0
+Release:        0.1.20201102git%{setools_pre_ver}%{?dist}
 Summary:        Policy analysis tools for SELinux

 License:        GPLv2
 URL:            https://github.com/SELinuxProject/setools/wiki
-Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
+Source0:        https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
+Patch0001:      0001-Adapt-to-new-libsepol-filename-transition-structures.patch
 Patch1001:      1001-Do-not-use-Werror-during-build.patch
 Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
 Patch1003:      1003-Require-networkx-on-package-level.patch
@ -95,7 +96,7 @@ Python modules designed to facilitate SELinux policy analysis.


 %prep
-%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
+%autosetup -p 1 -S git -n setools-%{gitver}


 %build
@ -114,9 +115,11 @@ Python modules designed to facilitate SELinux policy analysis.
 %files

 %files console
+%{_bindir}/sechecker
 %{_bindir}/sediff
 %{_bindir}/seinfo
 %{_bindir}/sesearch
+%{_mandir}/man1/sechecker*
 %{_mandir}/man1/sediff*
 %{_mandir}/man1/seinfo*
 %{_mandir}/man1/sesearch*
@ -144,6 +147,12 @@ Python modules designed to facilitate SELinux policy analysis.
 %{_mandir}/ru/man1/apol*

 %changelog
+* Tue Nov  3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
+- Update to 05e90ee
+- Add /usr/bin/sechecker
+- Adapt to new libsepol filename transition structures
+- Rebuild with libsepol.so.2
+
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a
+SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686