- Exit seinfo and sesearch with proper status

- Return None when no records match python setools.sesearch
2011-01-06 16:56:49 -05:00 · 2011-01-06 15:31:13 -05:00 · 2010-10-14 14:35:28 -04:00 · 2010-10-14 14:31:50 -04:00 · 2010-10-14 14:23:42 -04:00 · 2010-08-19 06:26:15 -04:00
5 changed files with 420 additions and 52 deletions
--- a/setools-cmdline.patch
+++ b/setools-cmdline.patch
@ -0,0 +1,59 @@
+diff -up setools-3.3.7/man/replcon.1.cmdline setools-3.3.7/man/replcon.1
+--- setools-3.3.7/man/replcon.1.cmdline	2007-08-02 17:16:33.000000000 -0400
+++ setools-3.3.7/man/replcon.1	2010-11-17 16:31:01.000000000 -0500
+@@ -44,6 +44,8 @@ Search for files which include PATH.
+ .IP "-c CLASS, --class=CLASS"
+ Search only files of object class CLASS.
+ .SH OPTIONS
+.IP "-R, --regex"
+Enable regular expressions
+ .IP "-v, --verbose"
+ Display context info during replacement.
+ .IP "-h, --help"
+diff -up setools-3.3.7/man/seinfo.1.cmdline setools-3.3.7/man/seinfo.1
+--- setools-3.3.7/man/seinfo.1.cmdline	2010-05-03 12:39:02.000000000 -0400
+++ setools-3.3.7/man/seinfo.1	2010-11-17 16:23:36.000000000 -0500
+@@ -76,6 +76,10 @@ There is no expanded information for thi
+ .IP "--nodecon[=ADDR]"
+ Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
+ There is no expanded information for this component.
+.IP "--polcap"
+Print policy capabilities.
+.IP "--permissive"
+Print permissive types.
+ .IP "--portcon[=PORT]"
+ Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
+ There is no expanded information for this component.
+@@ -93,7 +97,7 @@ These details include the types assigned
+ This option is not available for all component types; see the description of each component for the details this option will provide.
+ .IP "--stats"
+ Print policy statistics including policy type and version information and counts of all components and rules.
+-.IP "-l"
+.IP "-l, --line-breaks"
+ Print line breaks when displaying constraint statements.
+ .IP "-h, --help"
+ Print help information and exit.
+diff -up setools-3.3.7/seaudit/seaudit-report.c.cmdline setools-3.3.7/seaudit/seaudit-report.c
+--- setools-3.3.7/seaudit/seaudit-report.c.cmdline	2010-11-17 16:09:48.000000000 -0500
+++ setools-3.3.7/seaudit/seaudit-report.c	2010-11-17 16:11:06.000000000 -0500
+@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(co
+ 	printf("  -s, --stdin              read log data from standard input\n");
+ 	printf("  -m, --malformed          include malformed log messages\n");
+ 	printf("  -o FILE, --output=FILE   output to FILE\n");
+-	printf("  --config=FILE            read configuration from FILE\n");
+	printf("  -c FILE, --config=FILE   read configuration from FILE\n");
+ 	printf("  --html                   set output format to HTML\n");
+ 	printf("  --stylesheet=FILE        HTML style sheet for formatting HTML report\n");
+ 	printf("                           (ignored if --html is not given)\n");
+diff -up setools-3.3.7/sediff/sediff.c.cmdline setools-3.3.7/sediff/sediff.c
+--- setools-3.3.7/sediff/sediff.c.cmdline	2007-08-02 17:16:33.000000000 -0400
+++ setools-3.3.7/sediff/sediff.c	2010-11-17 16:20:01.000000000 -0500
+@@ -420,7 +420,7 @@ int main(int argc, char **argv)
+ 	poldiff_t *diff = NULL;
+ 	size_t total = 0;
+ 
+-	while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
+	while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
+ 		switch (optc) {
+ 		case 0:
+ 			break;
--- a/setools-exitstatus.patch
+++ b/setools-exitstatus.patch
@ -0,0 +1,119 @@
+diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c
+--- setools-3.3.7/secmds/seinfo.c.exitstatus	2010-05-03 12:39:02.000000000 -0400
+++ setools-3.3.7/secmds/seinfo.c	2010-11-05 09:54:39.000000000 -0400
+@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c
+  */
+ static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
+ {
+-	int retval = 0;
+	int retval = -1;
+ 	apol_cat_query_t *query = NULL;
+ 	apol_vector_t *v = NULL;
+ 	const qpol_cat_t *cat_datum = NULL;
+@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const 
+ 		fprintf(fp, "   %s\n", tmp);
+ 		free(tmp);
+ 	}
+-	if (type && !apol_vector_get_size(v))
+	if (type && !apol_vector_get_size(v)) {
+ 		ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
+-
+		goto cleanup;
+	}
+ 	retval = 0;
+       cleanup:
+ 	apol_fs_use_query_destroy(&query);
+@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con
+ 		ERR(policydb, "%s", strerror(ENOMEM));
+ 		goto cleanup;
+ 	}
+-
+ 	if (apol_genfscon_query_set_filesystem(policydb, query, type))
+ 		goto cleanup;
+ 	if (apol_genfscon_get_by_query(policydb, query, &v))
+@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con
+ 		free(tmp);
+ 	}
+ 
+-	if (type && !apol_vector_get_size(v))
+	if (type && !apol_vector_get_size(v)) {
+ 		ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
+		goto cleanup;
+	}
+ 
+ 	retval = 0;
+       cleanup:
+@@ -1646,6 +1648,7 @@ cleanup:	// close and destroy iterators 
+ 
+ int main(int argc, char **argv)
+ {
+	int rc = 0;
+ 	int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
+ 		node, port, permissives, polcaps, constrain, linebreaks;
+ 	apol_policy_t *policydb = NULL;
+@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
+ 
+ 	/* display requested info */
+ 	if (stats || all)
+-		print_stats(stdout, policydb);
+		rc = print_stats(stdout, policydb);
+ 	if (classes || all)
+-		print_classes(stdout, class_name, expand, policydb);
+		rc = print_classes(stdout, class_name, expand, policydb);
+ 	if (types || all)
+-		print_types(stdout, type_name, expand, policydb);
+		rc = print_types(stdout, type_name, expand, policydb);
+ 	if (attribs || all)
+-		print_attribs(stdout, attrib_name, expand, policydb);
+		rc = print_attribs(stdout, attrib_name, expand, policydb);
+ 	if (roles || all)
+-		print_roles(stdout, role_name, expand, policydb);
+		rc = print_roles(stdout, role_name, expand, policydb);
+ 	if (users || all)
+-		print_users(stdout, user_name, expand, policydb);
+		rc = print_users(stdout, user_name, expand, policydb);
+ 	if (bools || all)
+-		print_booleans(stdout, bool_name, expand, policydb);
+		rc = print_booleans(stdout, bool_name, expand, policydb);
+ 	if (sens || all)
+-		print_sens(stdout, sens_name, expand, policydb);
+		rc = print_sens(stdout, sens_name, expand, policydb);
+ 	if (cats || all)
+-		print_cats(stdout, cat_name, expand, policydb);
+		rc = print_cats(stdout, cat_name, expand, policydb);
+ 	if (fsuse || all)
+-		print_fsuse(stdout, fsuse_type, policydb);
+		rc = print_fsuse(stdout, fsuse_type, policydb);
+ 	if (genfs || all)
+-		print_genfscon(stdout, genfs_type, policydb);
+		rc = print_genfscon(stdout, genfs_type, policydb);
+ 	if (netif || all)
+-		print_netifcon(stdout, netif_name, policydb);
+		rc = print_netifcon(stdout, netif_name, policydb);
+ 	if (node || all)
+-		print_nodecon(stdout, node_addr, policydb);
+		rc = print_nodecon(stdout, node_addr, policydb);
+ 	if (port || all)
+-		print_portcon(stdout, port_num, protocol, policydb);
+		rc = print_portcon(stdout, port_num, protocol, policydb);
+ 	if (isids || all)
+-		print_isids(stdout, isid_name, expand, policydb);
+		rc = print_isids(stdout, isid_name, expand, policydb);
+ 	if (permissives || all)
+-		print_permissives(stdout, permissive_name, expand, policydb);
+		rc = print_permissives(stdout, permissive_name, expand, policydb);
+ 	if (polcaps || all)
+-		print_polcaps(stdout, polcap_name, expand, policydb);
+		rc = print_polcaps(stdout, polcap_name, expand, policydb);
+ 	if (constrain || all)
+-		print_constraints(stdout, expand, policydb, linebreaks);
+		rc = print_constraints(stdout, expand, policydb, linebreaks);
+ 
+ 	apol_policy_destroy(&policydb);
+ 	apol_policy_path_destroy(&pol_path);
+ 	free(policy_file);
+-	exit(0);
+	exit(rc);
+ }
+ 
+ /**
--- a/setools-neverallow.patch
+++ b/setools-neverallow.patch
@ -0,0 +1,15 @@
+diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c
+--- setools-3.3.7/libqpol/src/avrule_query.c~	2010-04-23 12:22:08.000000000 -0400
+++ setools-3.3.7/libqpol/src/avrule_query.c	2011-01-06 10:42:50.000000000 -0500
+@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp
+ 
+ 	if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
+ 		ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
+-		errno = ENOTSUP;
+-		return STATUS_ERR;
+/*		errno = ENOTSUP;
+		return STATUS_ERR; */
+		return STATUS_SUCCESS;
+ 	}
+ 
+ 	db = &policy->p->p;
--- a/setools-python.patch
+++ b/setools-python.patch
@ -1,7 +1,16 @@
-diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
--- setools-3.3.6/configure.ac.python	2009-07-22 14:07:35.000000000 -0400
-+++ setools-3.3.6/configure.ac	2009-08-11 13:15:57.000000000 -0400
-@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then
+diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac
+--- setools-3.3.7/configure.ac.python	2010-04-30 10:25:48.000000000 -0400
+++ setools-3.3.7/configure.ac	2010-07-30 15:02:10.000000000 -0400
+@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
+               enable_jswig="$enableval")
+ if test "x${enable_jswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
+      AC_PROG_SWIG(2.0.0)
+    fi
+    AC_JAVA_OPTIONS
+    if test "x$JAVAPREFIX" = x; then
+@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then
    do_swigify_java=yes
    do_swigify=yes
 fi
@ -11,15 +20,33 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
 AC_ARG_ENABLE(swig-python,
               AC_HELP_STRING([--enable-swig-python],
                              [build SWIG interfaces for Python]),
-@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then
+               enable_pyswig="$enableval")
+ if test "x${enable_pyswig}" = xyes; then
    if test ${do_swigify} = no; then
-       AC_PROG_SWIG(1.3.28)
+-      AC_PROG_SWIG(1.3.28)
+      AC_PROG_SWIG(2.0.0)
    fi
 -   AM_PATH_PYTHON(2.3)
    SWIG_PYTHON
    do_swigify_python=yes
    do_swigify=yes
-@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \
+ fi
+ if test ${do_swigify} = "yes"; then
+-   AC_PROG_SWIG(1.3.28)
+   AC_PROG_SWIG(2.0.0)
+ fi
+ build_apol=yes
+ AC_ARG_ENABLE(swig-tcl,
+@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
+               enable_tclswig="$enableval", enable_tclswig="yes")
+ if test "x${enable_tclswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
+      AC_PROG_SWIG(2.0.0)
+    fi
+    TEA_INIT(3.5)
+    TEA_PATH_TCLCONFIG
+@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \
                  sediff/Makefile \
                  man/Makefile \
                  debian/Makefile \
@ -28,9 +55,9 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
                  packages/Makefile packages/rpm/Makefile \
                  packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
 
-diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
--- setools-3.3.6/Makefile.am.python	2008-02-22 14:06:28.000000000 -0500
-+++ setools-3.3.6/Makefile.am	2009-08-11 13:15:57.000000000 -0400
+diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am
+--- setools-3.3.7/Makefile.am.python	2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.7/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -10,7 +10,7 @@ if BUILD_GUI
 endif
 # sediffx is also built conditionally, from sediffx/Makefile.am
@ -40,9 +67,9 @@ diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
 
 #old indent opts
 #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
-diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
--- setools-3.3.6/Makefile.in.python	2009-07-22 14:08:36.000000000 -0400
-+++ setools-3.3.6/Makefile.in	2009-08-11 15:14:56.000000000 -0400
+diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in
+--- setools-3.3.7/Makefile.in.python	2010-05-12 10:01:09.000000000 -0400
+++ setools-3.3.7/Makefile.in	2010-07-30 15:02:47.000000000 -0400
@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE
 ETAGS = etags
 CTAGS = ctags
@ -52,7 +79,7 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
-@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
+@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
 @BUILD_APOL_TRUE@MAYBE_APOL = apol
 @BUILD_GUI_TRUE@MAYBE_GUI = seaudit
 # sediffx is also built conditionally, from sediffx/Makefile.am
@ -61,16 +88,16 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
 
 #old indent opts
 #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
-diff -up /dev/null setools-3.3.6/python/Makefile.am
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/Makefile.am	2009-08-11 15:12:36.000000000 -0400
+diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am
+--- setools-3.3.7/python/Makefile.am.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1 @@
 +SUBDIRS = setools
-diff -up /dev/null setools-3.3.6/python/Makefile.in
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/Makefile.in	2009-08-11 15:14:56.000000000 -0400
-@@ -0,0 +1,715 @@
-+# Makefile.in generated by automake 1.11 from Makefile.am.
+diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in
+--- setools-3.3.7/python/Makefile.in.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/Makefile.in	2010-07-30 15:02:46.000000000 -0400
+@@ -0,0 +1,716 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
 +# @configure_input@
 +
 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -249,6 +276,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +PACKAGE_NAME = @PACKAGE_NAME@
 +PACKAGE_STRING = @PACKAGE_STRING@
 +PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
 +PACKAGE_VERSION = @PACKAGE_VERSION@
 +PATH_SEPARATOR = @PATH_SEPARATOR@
 +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -482,7 +510,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +#     (which will cause the Makefiles to be regenerated when you run `make');
 +# (2) otherwise, pass the desired values on the `make' command line.
 +$(RECURSIVE_TARGETS):
-+	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
 +	for f in x $$MAKEFLAGS; do \
 +	  case $$f in \
 +	    *=* | --[!k]*);; \
@ -507,7 +535,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +	fi; test -z "$$fail"
 +
 +$(RECURSIVE_CLEAN_TARGETS):
-+	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
 +	for f in x $$MAKEFLAGS; do \
 +	  case $$f in \
 +	    *=* | --[!k]*);; \
@ -785,10 +813,10 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
 +# Otherwise a system limit (for SysV at least) may be exceeded.
 +.NOEXPORT:
-diff -up /dev/null setools-3.3.6/python/setools/__init__.py
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/__init__.py	2009-08-11 13:15:57.000000000 -0400
-@@ -0,0 +1,49 @@
+diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py
+--- setools-3.3.7/python/setools/__init__.py.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/__init__.py	2010-10-14 14:31:06.000000000 -0400
+@@ -0,0 +1,50 @@
 +#!/usr/bin/env python
 +
 +# Author: Thomas Liu <tliu@redhat.com>
@ -800,6 +828,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +TYPE = _seinfo.TYPE
 +ROLE = _seinfo.ROLE
 +ATTRIBUTE = _seinfo.ATTRIBUTE
+PORT = _seinfo.PORT
 +USER = _seinfo.USER
 +
 +ALLOW = 'allow'
@ -825,7 +854,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +     
 +    
 +    dict_list = _sesearch.sesearch(info)
-+    if len(perms) != 0:
+    if dict_list and len(perms) != 0:
 +        dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list)
 +    return dict_list
 +
@ -838,9 +867,9 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +def seinfo(setype, name=None):
 +    dict_list = _seinfo.seinfo(setype, name)
 +    return dict_list
-diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/Makefile.am	2009-08-11 17:17:15.000000000 -0400
+diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am
+--- setools-3.3.7/python/setools/Makefile.am.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,36 @@
 +EXTRA_DIST =				\
 +	sesearch.c			\
@ -878,11 +907,11 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
 +	$(PYTHON) setup.py clean -a 
 +	rm -f *~
 +
-diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/Makefile.in	2009-08-11 17:17:18.000000000 -0400
-@@ -0,0 +1,549 @@
-+# Makefile.in generated by automake 1.11 from Makefile.am.
+diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in
+--- setools-3.3.7/python/setools/Makefile.in.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.in	2010-07-30 15:02:46.000000000 -0400
+@@ -0,0 +1,550 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
 +# @configure_input@
 +
 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -1021,6 +1050,7 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
 +PACKAGE_NAME = @PACKAGE_NAME@
 +PACKAGE_STRING = @PACKAGE_STRING@
 +PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
 +PACKAGE_VERSION = @PACKAGE_VERSION@
 +PATH_SEPARATOR = @PATH_SEPARATOR@
 +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -1431,10 +1461,10 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
 +# Otherwise a system limit (for SysV at least) may be exceeded.
 +.NOEXPORT:
-diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/seinfo.c	2009-08-11 16:31:05.000000000 -0400
-@@ -0,0 +1,649 @@
+diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c
+--- setools-3.3.7/python/setools/seinfo.c.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/seinfo.c	2010-08-03 18:07:17.000000000 -0400
+@@ -0,0 +1,769 @@
 +/**
 + *  @file
 + *  Command line tool to search TE rules.
@ -1492,7 +1522,7 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +
 +enum input
 +{
-+	TYPE, ATTRIBUTE, ROLE, USER
+	TYPE, ATTRIBUTE, ROLE, USER, PORT,
 +};
 +
 +/**
@ -1902,6 +1932,122 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +}
 +
 +/**
+ * Get statistics regarding a policy's ports.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular port; otherwise
+ * the function get statistics about all of the policy's ports.
+ *
+ * @param name Reference to an port's name; if NULL,
+ * all ports will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject*  get_ports(const char *num, const apol_policy_t * policydb)
+{
+	PyObject *list = PyList_New(0);
+	int retval = -1;
+	const qpol_portcon_t *portcon = NULL;
+	qpol_iterator_t *iter = NULL;
+	uint16_t low_port, high_port;
+	uint8_t ocon_proto;
+	qpol_policy_t *q = apol_policy_get_qpol(policydb);
+	const qpol_context_t *ctxt = NULL;
+	const char *proto_str;
+	PyObject *dict;
+	const char *type = NULL;
+	const apol_mls_range_t *range = NULL;
+	char *range_str = NULL;
+	PyObject *obj = NULL;
+	apol_context_t *c = NULL;
+
+	if (qpol_policy_get_portcon_iter(q, &iter))
+		goto cleanup;
+
+	for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+		if (qpol_iterator_get_item(iter, (void **)&portcon))
+			goto cleanup;
+		if (qpol_portcon_get_low_port(q, portcon, &low_port))
+			goto cleanup;
+		if (qpol_portcon_get_high_port(q, portcon, &high_port))
+			goto cleanup;
+		if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
+			goto cleanup;
+		if (num) {
+			if (atoi(num) < low_port || atoi(num) > high_port)
+				continue;
+		}
+
+		if ((ocon_proto != IPPROTO_TCP) &&
+		    (ocon_proto != IPPROTO_UDP)) 
+			goto cleanup;
+
+		if (qpol_portcon_get_context(q, portcon, &ctxt)) {
+			PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
+			goto cleanup;
+		}
+
+		if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
+			PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
+			goto cleanup;
+		}
+
+		if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
+			goto cleanup;
+		}
+		
+		if((type = apol_context_get_type(c)) == NULL) {
+			apol_context_destroy(&c);
+			goto cleanup;
+		}
+			
+		dict = PyDict_New(); 
+		obj = PyString_FromString(type);
+		PyDict_SetItemString(dict, "type", obj);
+		Py_DECREF(obj);
+
+		if((range = apol_context_get_range(c)) == NULL) {
+			goto cleanup;
+		}
+			
+		range_str = apol_mls_range_render(policydb, range);
+		if (range_str == NULL) {
+			goto cleanup;
+		}
+		obj = PyString_FromString(range_str);
+		PyDict_SetItemString(dict, "range", obj);
+		Py_DECREF(obj);
+
+		obj = PyString_FromString(proto_str);
+		PyDict_SetItemString(dict, "protocol", obj);
+		Py_DECREF(obj);
+
+		obj = PyInt_FromLong(high_port);
+		PyDict_SetItemString(dict, "high", obj);
+		Py_DECREF(obj);
+
+		obj = PyInt_FromLong(low_port);
+		PyDict_SetItemString(dict, "low", obj);
+		Py_DECREF(obj);
+
+		PyList_Append(list, dict);
+		Py_DECREF(dict);
+	}
+	retval = 0;
+      cleanup:
+	free(range_str);
+	apol_context_destroy(&c);
+	qpol_iterator_destroy(&iter);
+
+	if (retval) {
+		Py_DECREF(list);
+		PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+		return NULL;
+	}
+	return list;
+}
+
+/**
 + * Get statistics regarding a policy's roles.
 + * If this function is given a name, it will attempt to
 + * get statistics about a particular role; otherwise
@ -2055,6 +2201,9 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +	if (type == USER)
 +		output = get_users(name, policydb);
 +
+	if (type == PORT)
+		output = get_ports(name, policydb);
+
 +	apol_policy_destroy(&policydb);
 +	apol_policy_path_destroy(&pol_path);
 +	return output;
@ -2080,14 +2229,15 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +    PyObject *m;
 +    m = Py_InitModule("_seinfo", methods);
 +    PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
+    PyModule_AddIntConstant(m, "PORT", PORT);
 +    PyModule_AddIntConstant(m, "ROLE", ROLE);
 +    PyModule_AddIntConstant(m, "TYPE", TYPE);
 +    PyModule_AddIntConstant(m, "USER", USER);
 +}
-diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/sesearch.c	2009-08-11 16:31:05.000000000 -0400
-@@ -0,0 +1,477 @@
+diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c
+--- setools-3.3.7/python/setools/sesearch.c.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/sesearch.c	2010-10-14 14:34:47.000000000 -0400
+@@ -0,0 +1,478 @@
 +// Author: Thomas Liu <tliu@redhat.com>
 +
 +/**
@ -2521,8 +2671,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +	free(cmd_opts.tgt_role_name);
 +	apol_vector_destroy(&cmd_opts.perm_vector);
 +	apol_vector_destroy(&cmd_opts.class_vector);
-+	
-+	return output;
+
+	if (output) return output;
+	return Py_None;
 +}
 +static int Dict_ContainsInt(PyObject *dict, const char *key){
 +    PyObject *item = PyDict_GetItemString(dict, key);
@ -2565,9 +2716,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +    PyObject *m;
 +    m = Py_InitModule("_sesearch", methods);
 +}
-diff -up /dev/null setools-3.3.6/python/setools/setup.py
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
-+++ setools-3.3.6/python/setools/setup.py	2009-08-11 17:29:42.000000000 -0400
+diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py
+--- setools-3.3.7/python/setools/setup.py.python	2010-07-30 15:02:10.000000000 -0400
+++ setools-3.3.7/python/setools/setup.py	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,25 @@
 +#!/usr/bin/env python
 +
--- a/setools.spec
+++ b/setools.spec
@ -5,7 +5,7 @@

 Name: setools
 Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 4%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 URL: http://oss.tresys.com/projects/setools
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -15,6 +15,9 @@ Source2: apol.desktop
 Source3: seaudit.desktop
 Source4: sediffx.desktop
 Patch1: setools-python.patch
+Patch2: setools-exitstatus.patch
+Patch3: setools-neverallow.patch
+Patch4: setools-cmdline.patch
 Summary: Policy analysis tools for SELinux
 Group: System Environment/Base
 Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
@ -187,6 +190,9 @@ This package includes the following graphical tools:
 %prep
 %setup -q
 %patch1 -p 1 -b .python
+%patch2 -p 1 -b .exitstatus
+%patch3 -p 1 -b .neverallow
+%patch4 -p 1 -b .cmdline

 # Fixup expected version of SWIG:
 sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(2.0.0)|g" configure.ac
@ -353,6 +359,24 @@ rm -rf ${RPM_BUILD_ROOT}
 %postun libs-tcl -p /sbin/ldconfig

 %changelog
+* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-10
+- Exit seinfo and sesearch with proper status
+
+* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-9
+- Rebuild for new libxml2
+
+* Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
+- Return None when no records match python setools.sesearch
+
+* Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
+- Add range to ports in seinfo python
+
+* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
+- Return range with ports
+
+* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
+- Add port support to setools python 
+
 * Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
 - fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
 patch 1
Author	SHA1	Message	Date
Dan Walsh	f232315525	- Exit seinfo and sesearch with proper status	2011-01-06 16:56:49 -05:00
Dan Walsh	b630dd7b80	- Exit seinfo and sesearch with proper status	2011-01-06 15:31:13 -05:00
Dan Walsh	25fbe218e0	- Return None when no records match python setools.sesearch	2010-10-14 14:35:28 -04:00
Dan Walsh	78434b1ef0	- Return None when no records match python setools.sesearch	2010-10-14 14:31:50 -04:00
Dan Walsh	fe565f16db	- Return None when no records match python setools.sesearch	2010-10-14 14:23:42 -04:00
Dan Walsh	0cba7f2bd4	- Add range to ports in seinfo python	2010-08-19 06:26:15 -04:00
Dan Walsh	3584dbb2ea	* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6 - Return range with ports	2010-08-03 18:10:37 -04:00
Dan Walsh	9f7395e762	* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5 - Add port support to setools python	2010-08-03 17:28:12 -04:00
Dan Walsh	fb80498724	* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5 - Add port support to setools python	2010-08-03 16:58:37 -04:00
Dan Walsh	69c8368b4d	* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5 - Add port support to setools python	2010-08-03 16:05:51 -04:00