setools-4.4.0-0.1.20201102git05e90ee

- Update to 05e90ee
- Add /usr/bin/sechecker
- Adapt to new libsepol filename transition structures
- Rebuild with libsepol.so.2
This commit is contained in:
Petr Lautrbach 2020-11-03 16:07:11 +01:00
parent 1396e21e63
commit 8840b49782
5 changed files with 145 additions and 15 deletions

1
.gitignore vendored
View File

@ -9,3 +9,4 @@ setools-3.3.8-f1e5b20.tar.bz2
/4.2.1.tar.gz
/4.2.2.tar.gz
/4.3.0.tar.gz
/05e90ee.tar.gz

View File

@ -0,0 +1,120 @@
From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 17 Jul 2020 11:28:08 +0200
Subject: [PATCH] Adapt to new libsepol filename transition structures
Adapt setools to the new libsepol internal API for filename transitions
which allows for more efficient filename trans rule representation in
memory and binary policy.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
setools/policyrep/sepol.pxd | 9 ++++----
setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
2 files changed, 39 insertions(+), 11 deletions(-)
diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
index 60bc58c28ebf..b07ddb78350f 100644
--- a/setools/policyrep/sepol.pxd
+++ b/setools/policyrep/sepol.pxd
@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
ctypedef cond_bool_datum cond_bool_datum_t
#
- # filename_trans_t
+ # filename_trans_key_t
#
- cdef struct filename_trans:
- uint32_t stype
+ cdef struct filename_trans_key:
uint32_t ttype
uint32_t tclass
char *name
- ctypedef filename_trans filename_trans_t
+ ctypedef filename_trans_key filename_trans_key_t
#
# filename_trans_datum_t
#
cdef struct filename_trans_datum:
+ ebitmap_t stypes
uint32_t otype
+ filename_trans_datum *next
ctypedef filename_trans_datum filename_trans_datum_t
diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
index 3976586b7985..760c366f6c39 100644
--- a/setools/policyrep/terule.pxi
+++ b/setools/policyrep/terule.pxi
@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
readonly str filename
@staticmethod
- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
- sepol.filename_trans_datum_t *datum):
+ cdef inline FileNameTERule factory(SELinuxPolicy policy,
+ sepol.filename_trans_key_t *key,
+ Type stype, size_t otype):
"""Factory function for creating FileNameTERule objects."""
cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
r.policy = policy
r.key = <uintptr_t>key
r.ruletype = TERuletype.type_transition
- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
+ r.source = stype
r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
r.filename = intern(key.name)
r.origin = None
return r
@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
"""Iterate over FileNameTERules in the policy."""
+ cdef:
+ sepol.filename_trans_datum_t *datum
+ TypeEbitmapIterator stypei
+
@staticmethod
cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
"""Factory function for creating FileNameTERule iterators."""
@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
i.reset()
return i
+ def _next_stype(self):
+ while True:
+ if self.datum == NULL:
+ super().__next__()
+ self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
+ try:
+ return next(self.stypei)
+ except StopIteration:
+ pass
+ self.datum = self.datum.next
+ if self.datum != NULL:
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
+
def __next__(self):
- super().__next__()
- return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
- <sepol.filename_trans_datum_t *>self.curr.datum)
+ stype = self._next_stype()
+ return FileNameTERule.factory(self.policy,
+ <sepol.filename_trans_key_t *>self.curr.key,
+ stype, self.datum.otype)
+
+ def __len__(self):
+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
+
+ def reset(self):
+ super().reset()
+ self.datum = NULL
--
2.29.0

View File

@ -33,7 +33,7 @@ index 60861ca630a5..41e38a237b42 100755
+import setools.dta
def print_transition(trans):
def print_transition(trans: setools.DomainTransition) -> None:
@@ -114,7 +114,7 @@ else:
try:
@ -56,7 +56,7 @@ index f10c39de4d8e..fee749a83bb5 100755
import argparse
import sys
import logging
@@ -101,7 +101,7 @@ elif args.booleans is not None:
@@ -102,7 +102,7 @@ elif args.booleans is not None:
try:
p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map)
@ -66,18 +66,18 @@ index f10c39de4d8e..fee749a83bb5 100755
if args.shortest_path or args.all_paths:
diff --git a/setools/__init__.py b/setools/__init__.py
index 26fa5aa34a19..b7e51c43c4bb 100644
index d72d343e7e79..642485b9018d 100644
--- a/setools/__init__.py
+++ b/setools/__init__.py
@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery
@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis
-from .infoflow import InfoFlowAnalysis
from .permmap import PermissionMap
from .permmap import PermissionMap, RuleWeight, Mapping
-# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis
-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
-
# Policy difference
from .diff import PolicyDifference

View File

@ -1,20 +1,21 @@
# % global setools_pre_ver rc
# % global gitver f1e5b20
%global setools_pre_ver 05e90ee
%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d
%global sepol_ver 2.3-1
%global selinux_ver 2.3-1
%global sepol_ver 3.1-4
%global selinux_ver 3.1-4
Name: setools
Version: 4.3.0
Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
Version: 4.4.0
Release: 0.1.20201102git%{setools_pre_ver}%{?dist}
Summary: Policy analysis tools for SELinux
License: GPLv2
URL: https://github.com/SELinuxProject/setools/wiki
Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
Source1: setools.pam
Source2: apol.desktop
Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch
Patch1001: 1001-Do-not-use-Werror-during-build.patch
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Patch1003: 1003-Require-networkx-on-package-level.patch
@ -95,7 +96,7 @@ Python modules designed to facilitate SELinux policy analysis.
%prep
%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
%autosetup -p 1 -S git -n setools-%{gitver}
%build
@ -114,9 +115,11 @@ Python modules designed to facilitate SELinux policy analysis.
%files
%files console
%{_bindir}/sechecker
%{_bindir}/sediff
%{_bindir}/seinfo
%{_bindir}/sesearch
%{_mandir}/man1/sechecker*
%{_mandir}/man1/sediff*
%{_mandir}/man1/seinfo*
%{_mandir}/man1/sesearch*
@ -144,6 +147,12 @@ Python modules designed to facilitate SELinux policy analysis.
%{_mandir}/ru/man1/apol*
%changelog
* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
- Update to 05e90ee
- Add /usr/bin/sechecker
- Adapt to new libsepol filename transition structures
- Rebuild with libsepol.so.2
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

View File

@ -1 +1 @@
SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a
SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686