Compare commits
10 Commits
Author | SHA1 | Date |
---|---|---|
Dan Walsh | f232315525 | |
Dan Walsh | b630dd7b80 | |
Dan Walsh | 25fbe218e0 | |
Dan Walsh | 78434b1ef0 | |
Dan Walsh | fe565f16db | |
Dan Walsh | 0cba7f2bd4 | |
Dan Walsh | 3584dbb2ea | |
Dan Walsh | 9f7395e762 | |
Dan Walsh | fb80498724 | |
Dan Walsh | 69c8368b4d |
|
@ -0,0 +1,59 @@
|
|||
diff -up setools-3.3.7/man/replcon.1.cmdline setools-3.3.7/man/replcon.1
|
||||
--- setools-3.3.7/man/replcon.1.cmdline 2007-08-02 17:16:33.000000000 -0400
|
||||
+++ setools-3.3.7/man/replcon.1 2010-11-17 16:31:01.000000000 -0500
|
||||
@@ -44,6 +44,8 @@ Search for files which include PATH.
|
||||
.IP "-c CLASS, --class=CLASS"
|
||||
Search only files of object class CLASS.
|
||||
.SH OPTIONS
|
||||
+.IP "-R, --regex"
|
||||
+Enable regular expressions
|
||||
.IP "-v, --verbose"
|
||||
Display context info during replacement.
|
||||
.IP "-h, --help"
|
||||
diff -up setools-3.3.7/man/seinfo.1.cmdline setools-3.3.7/man/seinfo.1
|
||||
--- setools-3.3.7/man/seinfo.1.cmdline 2010-05-03 12:39:02.000000000 -0400
|
||||
+++ setools-3.3.7/man/seinfo.1 2010-11-17 16:23:36.000000000 -0500
|
||||
@@ -76,6 +76,10 @@ There is no expanded information for thi
|
||||
.IP "--nodecon[=ADDR]"
|
||||
Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
|
||||
There is no expanded information for this component.
|
||||
+.IP "--polcap"
|
||||
+Print policy capabilities.
|
||||
+.IP "--permissive"
|
||||
+Print permissive types.
|
||||
.IP "--portcon[=PORT]"
|
||||
Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
|
||||
There is no expanded information for this component.
|
||||
@@ -93,7 +97,7 @@ These details include the types assigned
|
||||
This option is not available for all component types; see the description of each component for the details this option will provide.
|
||||
.IP "--stats"
|
||||
Print policy statistics including policy type and version information and counts of all components and rules.
|
||||
-.IP "-l"
|
||||
+.IP "-l, --line-breaks"
|
||||
Print line breaks when displaying constraint statements.
|
||||
.IP "-h, --help"
|
||||
Print help information and exit.
|
||||
diff -up setools-3.3.7/seaudit/seaudit-report.c.cmdline setools-3.3.7/seaudit/seaudit-report.c
|
||||
--- setools-3.3.7/seaudit/seaudit-report.c.cmdline 2010-11-17 16:09:48.000000000 -0500
|
||||
+++ setools-3.3.7/seaudit/seaudit-report.c 2010-11-17 16:11:06.000000000 -0500
|
||||
@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(co
|
||||
printf(" -s, --stdin read log data from standard input\n");
|
||||
printf(" -m, --malformed include malformed log messages\n");
|
||||
printf(" -o FILE, --output=FILE output to FILE\n");
|
||||
- printf(" --config=FILE read configuration from FILE\n");
|
||||
+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
|
||||
printf(" --html set output format to HTML\n");
|
||||
printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
|
||||
printf(" (ignored if --html is not given)\n");
|
||||
diff -up setools-3.3.7/sediff/sediff.c.cmdline setools-3.3.7/sediff/sediff.c
|
||||
--- setools-3.3.7/sediff/sediff.c.cmdline 2007-08-02 17:16:33.000000000 -0400
|
||||
+++ setools-3.3.7/sediff/sediff.c 2010-11-17 16:20:01.000000000 -0500
|
||||
@@ -420,7 +420,7 @@ int main(int argc, char **argv)
|
||||
poldiff_t *diff = NULL;
|
||||
size_t total = 0;
|
||||
|
||||
- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
|
||||
+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
|
||||
switch (optc) {
|
||||
case 0:
|
||||
break;
|
|
@ -0,0 +1,119 @@
|
|||
diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c
|
||||
--- setools-3.3.7/secmds/seinfo.c.exitstatus 2010-05-03 12:39:02.000000000 -0400
|
||||
+++ setools-3.3.7/secmds/seinfo.c 2010-11-05 09:54:39.000000000 -0400
|
||||
@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c
|
||||
*/
|
||||
static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
|
||||
{
|
||||
- int retval = 0;
|
||||
+ int retval = -1;
|
||||
apol_cat_query_t *query = NULL;
|
||||
apol_vector_t *v = NULL;
|
||||
const qpol_cat_t *cat_datum = NULL;
|
||||
@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const
|
||||
fprintf(fp, " %s\n", tmp);
|
||||
free(tmp);
|
||||
}
|
||||
- if (type && !apol_vector_get_size(v))
|
||||
+ if (type && !apol_vector_get_size(v)) {
|
||||
ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
|
||||
-
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
retval = 0;
|
||||
cleanup:
|
||||
apol_fs_use_query_destroy(&query);
|
||||
@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con
|
||||
ERR(policydb, "%s", strerror(ENOMEM));
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
if (apol_genfscon_query_set_filesystem(policydb, query, type))
|
||||
goto cleanup;
|
||||
if (apol_genfscon_get_by_query(policydb, query, &v))
|
||||
@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con
|
||||
free(tmp);
|
||||
}
|
||||
|
||||
- if (type && !apol_vector_get_size(v))
|
||||
+ if (type && !apol_vector_get_size(v)) {
|
||||
ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
retval = 0;
|
||||
cleanup:
|
||||
@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
+ int rc = 0;
|
||||
int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
|
||||
node, port, permissives, polcaps, constrain, linebreaks;
|
||||
apol_policy_t *policydb = NULL;
|
||||
@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
|
||||
|
||||
/* display requested info */
|
||||
if (stats || all)
|
||||
- print_stats(stdout, policydb);
|
||||
+ rc = print_stats(stdout, policydb);
|
||||
if (classes || all)
|
||||
- print_classes(stdout, class_name, expand, policydb);
|
||||
+ rc = print_classes(stdout, class_name, expand, policydb);
|
||||
if (types || all)
|
||||
- print_types(stdout, type_name, expand, policydb);
|
||||
+ rc = print_types(stdout, type_name, expand, policydb);
|
||||
if (attribs || all)
|
||||
- print_attribs(stdout, attrib_name, expand, policydb);
|
||||
+ rc = print_attribs(stdout, attrib_name, expand, policydb);
|
||||
if (roles || all)
|
||||
- print_roles(stdout, role_name, expand, policydb);
|
||||
+ rc = print_roles(stdout, role_name, expand, policydb);
|
||||
if (users || all)
|
||||
- print_users(stdout, user_name, expand, policydb);
|
||||
+ rc = print_users(stdout, user_name, expand, policydb);
|
||||
if (bools || all)
|
||||
- print_booleans(stdout, bool_name, expand, policydb);
|
||||
+ rc = print_booleans(stdout, bool_name, expand, policydb);
|
||||
if (sens || all)
|
||||
- print_sens(stdout, sens_name, expand, policydb);
|
||||
+ rc = print_sens(stdout, sens_name, expand, policydb);
|
||||
if (cats || all)
|
||||
- print_cats(stdout, cat_name, expand, policydb);
|
||||
+ rc = print_cats(stdout, cat_name, expand, policydb);
|
||||
if (fsuse || all)
|
||||
- print_fsuse(stdout, fsuse_type, policydb);
|
||||
+ rc = print_fsuse(stdout, fsuse_type, policydb);
|
||||
if (genfs || all)
|
||||
- print_genfscon(stdout, genfs_type, policydb);
|
||||
+ rc = print_genfscon(stdout, genfs_type, policydb);
|
||||
if (netif || all)
|
||||
- print_netifcon(stdout, netif_name, policydb);
|
||||
+ rc = print_netifcon(stdout, netif_name, policydb);
|
||||
if (node || all)
|
||||
- print_nodecon(stdout, node_addr, policydb);
|
||||
+ rc = print_nodecon(stdout, node_addr, policydb);
|
||||
if (port || all)
|
||||
- print_portcon(stdout, port_num, protocol, policydb);
|
||||
+ rc = print_portcon(stdout, port_num, protocol, policydb);
|
||||
if (isids || all)
|
||||
- print_isids(stdout, isid_name, expand, policydb);
|
||||
+ rc = print_isids(stdout, isid_name, expand, policydb);
|
||||
if (permissives || all)
|
||||
- print_permissives(stdout, permissive_name, expand, policydb);
|
||||
+ rc = print_permissives(stdout, permissive_name, expand, policydb);
|
||||
if (polcaps || all)
|
||||
- print_polcaps(stdout, polcap_name, expand, policydb);
|
||||
+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
|
||||
if (constrain || all)
|
||||
- print_constraints(stdout, expand, policydb, linebreaks);
|
||||
+ rc = print_constraints(stdout, expand, policydb, linebreaks);
|
||||
|
||||
apol_policy_destroy(&policydb);
|
||||
apol_policy_path_destroy(&pol_path);
|
||||
free(policy_file);
|
||||
- exit(0);
|
||||
+ exit(rc);
|
||||
}
|
||||
|
||||
/**
|
|
@ -0,0 +1,15 @@
|
|||
diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c
|
||||
--- setools-3.3.7/libqpol/src/avrule_query.c~ 2010-04-23 12:22:08.000000000 -0400
|
||||
+++ setools-3.3.7/libqpol/src/avrule_query.c 2011-01-06 10:42:50.000000000 -0500
|
||||
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp
|
||||
|
||||
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
|
||||
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
|
||||
- errno = ENOTSUP;
|
||||
- return STATUS_ERR;
|
||||
+/* errno = ENOTSUP;
|
||||
+ return STATUS_ERR; */
|
||||
+ return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
db = &policy->p->p;
|
|
@ -1,7 +1,16 @@
|
|||
diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
|
||||
--- setools-3.3.6/configure.ac.python 2009-07-22 14:07:35.000000000 -0400
|
||||
+++ setools-3.3.6/configure.ac 2009-08-11 13:15:57.000000000 -0400
|
||||
@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then
|
||||
diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac
|
||||
--- setools-3.3.7/configure.ac.python 2010-04-30 10:25:48.000000000 -0400
|
||||
+++ setools-3.3.7/configure.ac 2010-07-30 15:02:10.000000000 -0400
|
||||
@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
|
||||
enable_jswig="$enableval")
|
||||
if test "x${enable_jswig}" = xyes; then
|
||||
if test ${do_swigify} = no; then
|
||||
- AC_PROG_SWIG(1.3.28)
|
||||
+ AC_PROG_SWIG(2.0.0)
|
||||
fi
|
||||
AC_JAVA_OPTIONS
|
||||
if test "x$JAVAPREFIX" = x; then
|
||||
@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then
|
||||
do_swigify_java=yes
|
||||
do_swigify=yes
|
||||
fi
|
||||
|
@ -11,15 +20,33 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
|
|||
AC_ARG_ENABLE(swig-python,
|
||||
AC_HELP_STRING([--enable-swig-python],
|
||||
[build SWIG interfaces for Python]),
|
||||
@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then
|
||||
enable_pyswig="$enableval")
|
||||
if test "x${enable_pyswig}" = xyes; then
|
||||
if test ${do_swigify} = no; then
|
||||
AC_PROG_SWIG(1.3.28)
|
||||
- AC_PROG_SWIG(1.3.28)
|
||||
+ AC_PROG_SWIG(2.0.0)
|
||||
fi
|
||||
- AM_PATH_PYTHON(2.3)
|
||||
SWIG_PYTHON
|
||||
do_swigify_python=yes
|
||||
do_swigify=yes
|
||||
@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \
|
||||
fi
|
||||
if test ${do_swigify} = "yes"; then
|
||||
- AC_PROG_SWIG(1.3.28)
|
||||
+ AC_PROG_SWIG(2.0.0)
|
||||
fi
|
||||
build_apol=yes
|
||||
AC_ARG_ENABLE(swig-tcl,
|
||||
@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
|
||||
enable_tclswig="$enableval", enable_tclswig="yes")
|
||||
if test "x${enable_tclswig}" = xyes; then
|
||||
if test ${do_swigify} = no; then
|
||||
- AC_PROG_SWIG(1.3.28)
|
||||
+ AC_PROG_SWIG(2.0.0)
|
||||
fi
|
||||
TEA_INIT(3.5)
|
||||
TEA_PATH_TCLCONFIG
|
||||
@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \
|
||||
sediff/Makefile \
|
||||
man/Makefile \
|
||||
debian/Makefile \
|
||||
|
@ -28,9 +55,9 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
|
|||
packages/Makefile packages/rpm/Makefile \
|
||||
packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
|
||||
|
||||
diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
|
||||
--- setools-3.3.6/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500
|
||||
+++ setools-3.3.6/Makefile.am 2009-08-11 13:15:57.000000000 -0400
|
||||
diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am
|
||||
--- setools-3.3.7/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500
|
||||
+++ setools-3.3.7/Makefile.am 2010-07-30 15:02:10.000000000 -0400
|
||||
@@ -10,7 +10,7 @@ if BUILD_GUI
|
||||
endif
|
||||
# sediffx is also built conditionally, from sediffx/Makefile.am
|
||||
|
@ -40,9 +67,9 @@ diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
|
|||
|
||||
#old indent opts
|
||||
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
|
||||
diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
|
||||
--- setools-3.3.6/Makefile.in.python 2009-07-22 14:08:36.000000000 -0400
|
||||
+++ setools-3.3.6/Makefile.in 2009-08-11 15:14:56.000000000 -0400
|
||||
diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in
|
||||
--- setools-3.3.7/Makefile.in.python 2010-05-12 10:01:09.000000000 -0400
|
||||
+++ setools-3.3.7/Makefile.in 2010-07-30 15:02:47.000000000 -0400
|
||||
@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE
|
||||
ETAGS = etags
|
||||
CTAGS = ctags
|
||||
|
@ -52,7 +79,7 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
|
|||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
distdir = $(PACKAGE)-$(VERSION)
|
||||
top_distdir = $(distdir)
|
||||
@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
|
||||
@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
|
||||
@BUILD_APOL_TRUE@MAYBE_APOL = apol
|
||||
@BUILD_GUI_TRUE@MAYBE_GUI = seaudit
|
||||
# sediffx is also built conditionally, from sediffx/Makefile.am
|
||||
|
@ -61,16 +88,16 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
|
|||
|
||||
#old indent opts
|
||||
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
|
||||
diff -up /dev/null setools-3.3.6/python/Makefile.am
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/Makefile.am 2009-08-11 15:12:36.000000000 -0400
|
||||
diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am
|
||||
--- setools-3.3.7/python/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/Makefile.am 2010-07-30 15:02:10.000000000 -0400
|
||||
@@ -0,0 +1 @@
|
||||
+SUBDIRS = setools
|
||||
diff -up /dev/null setools-3.3.6/python/Makefile.in
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/Makefile.in 2009-08-11 15:14:56.000000000 -0400
|
||||
@@ -0,0 +1,715 @@
|
||||
+# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in
|
||||
--- setools-3.3.7/python/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/Makefile.in 2010-07-30 15:02:46.000000000 -0400
|
||||
@@ -0,0 +1,716 @@
|
||||
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
+# @configure_input@
|
||||
+
|
||||
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
@ -249,6 +276,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
|
|||
+PACKAGE_NAME = @PACKAGE_NAME@
|
||||
+PACKAGE_STRING = @PACKAGE_STRING@
|
||||
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||
+PACKAGE_URL = @PACKAGE_URL@
|
||||
+PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||
+PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
|
||||
|
@ -482,7 +510,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
|
|||
+# (which will cause the Makefiles to be regenerated when you run `make');
|
||||
+# (2) otherwise, pass the desired values on the `make' command line.
|
||||
+$(RECURSIVE_TARGETS):
|
||||
+ @failcom='exit 1'; \
|
||||
+ @fail= failcom='exit 1'; \
|
||||
+ for f in x $$MAKEFLAGS; do \
|
||||
+ case $$f in \
|
||||
+ *=* | --[!k]*);; \
|
||||
|
@ -507,7 +535,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
|
|||
+ fi; test -z "$$fail"
|
||||
+
|
||||
+$(RECURSIVE_CLEAN_TARGETS):
|
||||
+ @failcom='exit 1'; \
|
||||
+ @fail= failcom='exit 1'; \
|
||||
+ for f in x $$MAKEFLAGS; do \
|
||||
+ case $$f in \
|
||||
+ *=* | --[!k]*);; \
|
||||
|
@ -785,10 +813,10 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
|
|||
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
+# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
+.NOEXPORT:
|
||||
diff -up /dev/null setools-3.3.6/python/setools/__init__.py
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/setools/__init__.py 2009-08-11 13:15:57.000000000 -0400
|
||||
@@ -0,0 +1,49 @@
|
||||
diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py
|
||||
--- setools-3.3.7/python/setools/__init__.py.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/setools/__init__.py 2010-10-14 14:31:06.000000000 -0400
|
||||
@@ -0,0 +1,50 @@
|
||||
+#!/usr/bin/env python
|
||||
+
|
||||
+# Author: Thomas Liu <tliu@redhat.com>
|
||||
|
@ -800,6 +828,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
|
|||
+TYPE = _seinfo.TYPE
|
||||
+ROLE = _seinfo.ROLE
|
||||
+ATTRIBUTE = _seinfo.ATTRIBUTE
|
||||
+PORT = _seinfo.PORT
|
||||
+USER = _seinfo.USER
|
||||
+
|
||||
+ALLOW = 'allow'
|
||||
|
@ -825,7 +854,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
|
|||
+
|
||||
+
|
||||
+ dict_list = _sesearch.sesearch(info)
|
||||
+ if len(perms) != 0:
|
||||
+ if dict_list and len(perms) != 0:
|
||||
+ dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list)
|
||||
+ return dict_list
|
||||
+
|
||||
|
@ -838,9 +867,9 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
|
|||
+def seinfo(setype, name=None):
|
||||
+ dict_list = _seinfo.seinfo(setype, name)
|
||||
+ return dict_list
|
||||
diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/setools/Makefile.am 2009-08-11 17:17:15.000000000 -0400
|
||||
diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am
|
||||
--- setools-3.3.7/python/setools/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/setools/Makefile.am 2010-07-30 15:02:10.000000000 -0400
|
||||
@@ -0,0 +1,36 @@
|
||||
+EXTRA_DIST = \
|
||||
+ sesearch.c \
|
||||
|
@ -878,11 +907,11 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
|
|||
+ $(PYTHON) setup.py clean -a
|
||||
+ rm -f *~
|
||||
+
|
||||
diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/setools/Makefile.in 2009-08-11 17:17:18.000000000 -0400
|
||||
@@ -0,0 +1,549 @@
|
||||
+# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in
|
||||
--- setools-3.3.7/python/setools/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/setools/Makefile.in 2010-07-30 15:02:46.000000000 -0400
|
||||
@@ -0,0 +1,550 @@
|
||||
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
+# @configure_input@
|
||||
+
|
||||
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
@ -1021,6 +1050,7 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
|
|||
+PACKAGE_NAME = @PACKAGE_NAME@
|
||||
+PACKAGE_STRING = @PACKAGE_STRING@
|
||||
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||
+PACKAGE_URL = @PACKAGE_URL@
|
||||
+PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||
+PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
|
||||
|
@ -1431,10 +1461,10 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
|
|||
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
+# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
+.NOEXPORT:
|
||||
diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/setools/seinfo.c 2009-08-11 16:31:05.000000000 -0400
|
||||
@@ -0,0 +1,649 @@
|
||||
diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c
|
||||
--- setools-3.3.7/python/setools/seinfo.c.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/setools/seinfo.c 2010-08-03 18:07:17.000000000 -0400
|
||||
@@ -0,0 +1,769 @@
|
||||
+/**
|
||||
+ * @file
|
||||
+ * Command line tool to search TE rules.
|
||||
|
@ -1492,7 +1522,7 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
|
|||
+
|
||||
+enum input
|
||||
+{
|
||||
+ TYPE, ATTRIBUTE, ROLE, USER
|
||||
+ TYPE, ATTRIBUTE, ROLE, USER, PORT,
|
||||
+};
|
||||
+
|
||||
+/**
|
||||
|
@ -1902,6 +1932,122 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
|
|||
+}
|
||||
+
|
||||
+/**
|
||||
+ * Get statistics regarding a policy's ports.
|
||||
+ * If this function is given a name, it will attempt to
|
||||
+ * get statistics about a particular port; otherwise
|
||||
+ * the function get statistics about all of the policy's ports.
|
||||
+ *
|
||||
+ * @param name Reference to an port's name; if NULL,
|
||||
+ * all ports will be considered
|
||||
+ * @param policydb Reference to a policy
|
||||
+ *
|
||||
+ * @return 0 on success, < 0 on error.
|
||||
+ */
|
||||
+static PyObject* get_ports(const char *num, const apol_policy_t * policydb)
|
||||
+{
|
||||
+ PyObject *list = PyList_New(0);
|
||||
+ int retval = -1;
|
||||
+ const qpol_portcon_t *portcon = NULL;
|
||||
+ qpol_iterator_t *iter = NULL;
|
||||
+ uint16_t low_port, high_port;
|
||||
+ uint8_t ocon_proto;
|
||||
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
|
||||
+ const qpol_context_t *ctxt = NULL;
|
||||
+ const char *proto_str;
|
||||
+ PyObject *dict;
|
||||
+ const char *type = NULL;
|
||||
+ const apol_mls_range_t *range = NULL;
|
||||
+ char *range_str = NULL;
|
||||
+ PyObject *obj = NULL;
|
||||
+ apol_context_t *c = NULL;
|
||||
+
|
||||
+ if (qpol_policy_get_portcon_iter(q, &iter))
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
|
||||
+ if (qpol_iterator_get_item(iter, (void **)&portcon))
|
||||
+ goto cleanup;
|
||||
+ if (qpol_portcon_get_low_port(q, portcon, &low_port))
|
||||
+ goto cleanup;
|
||||
+ if (qpol_portcon_get_high_port(q, portcon, &high_port))
|
||||
+ goto cleanup;
|
||||
+ if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
|
||||
+ goto cleanup;
|
||||
+ if (num) {
|
||||
+ if (atoi(num) < low_port || atoi(num) > high_port)
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ if ((ocon_proto != IPPROTO_TCP) &&
|
||||
+ (ocon_proto != IPPROTO_UDP))
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qpol_portcon_get_context(q, portcon, &ctxt)) {
|
||||
+ PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
|
||||
+ PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if((type = apol_context_get_type(c)) == NULL) {
|
||||
+ apol_context_destroy(&c);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ dict = PyDict_New();
|
||||
+ obj = PyString_FromString(type);
|
||||
+ PyDict_SetItemString(dict, "type", obj);
|
||||
+ Py_DECREF(obj);
|
||||
+
|
||||
+ if((range = apol_context_get_range(c)) == NULL) {
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ range_str = apol_mls_range_render(policydb, range);
|
||||
+ if (range_str == NULL) {
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ obj = PyString_FromString(range_str);
|
||||
+ PyDict_SetItemString(dict, "range", obj);
|
||||
+ Py_DECREF(obj);
|
||||
+
|
||||
+ obj = PyString_FromString(proto_str);
|
||||
+ PyDict_SetItemString(dict, "protocol", obj);
|
||||
+ Py_DECREF(obj);
|
||||
+
|
||||
+ obj = PyInt_FromLong(high_port);
|
||||
+ PyDict_SetItemString(dict, "high", obj);
|
||||
+ Py_DECREF(obj);
|
||||
+
|
||||
+ obj = PyInt_FromLong(low_port);
|
||||
+ PyDict_SetItemString(dict, "low", obj);
|
||||
+ Py_DECREF(obj);
|
||||
+
|
||||
+ PyList_Append(list, dict);
|
||||
+ Py_DECREF(dict);
|
||||
+ }
|
||||
+ retval = 0;
|
||||
+ cleanup:
|
||||
+ free(range_str);
|
||||
+ apol_context_destroy(&c);
|
||||
+ qpol_iterator_destroy(&iter);
|
||||
+
|
||||
+ if (retval) {
|
||||
+ Py_DECREF(list);
|
||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return list;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * Get statistics regarding a policy's roles.
|
||||
+ * If this function is given a name, it will attempt to
|
||||
+ * get statistics about a particular role; otherwise
|
||||
|
@ -2055,6 +2201,9 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
|
|||
+ if (type == USER)
|
||||
+ output = get_users(name, policydb);
|
||||
+
|
||||
+ if (type == PORT)
|
||||
+ output = get_ports(name, policydb);
|
||||
+
|
||||
+ apol_policy_destroy(&policydb);
|
||||
+ apol_policy_path_destroy(&pol_path);
|
||||
+ return output;
|
||||
|
@ -2080,14 +2229,15 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
|
|||
+ PyObject *m;
|
||||
+ m = Py_InitModule("_seinfo", methods);
|
||||
+ PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
|
||||
+ PyModule_AddIntConstant(m, "PORT", PORT);
|
||||
+ PyModule_AddIntConstant(m, "ROLE", ROLE);
|
||||
+ PyModule_AddIntConstant(m, "TYPE", TYPE);
|
||||
+ PyModule_AddIntConstant(m, "USER", USER);
|
||||
+}
|
||||
diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/setools/sesearch.c 2009-08-11 16:31:05.000000000 -0400
|
||||
@@ -0,0 +1,477 @@
|
||||
diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c
|
||||
--- setools-3.3.7/python/setools/sesearch.c.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/setools/sesearch.c 2010-10-14 14:34:47.000000000 -0400
|
||||
@@ -0,0 +1,478 @@
|
||||
+// Author: Thomas Liu <tliu@redhat.com>
|
||||
+
|
||||
+/**
|
||||
|
@ -2521,8 +2671,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
|
|||
+ free(cmd_opts.tgt_role_name);
|
||||
+ apol_vector_destroy(&cmd_opts.perm_vector);
|
||||
+ apol_vector_destroy(&cmd_opts.class_vector);
|
||||
+
|
||||
+ return output;
|
||||
+
|
||||
+ if (output) return output;
|
||||
+ return Py_None;
|
||||
+}
|
||||
+static int Dict_ContainsInt(PyObject *dict, const char *key){
|
||||
+ PyObject *item = PyDict_GetItemString(dict, key);
|
||||
|
@ -2565,9 +2716,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
|
|||
+ PyObject *m;
|
||||
+ m = Py_InitModule("_sesearch", methods);
|
||||
+}
|
||||
diff -up /dev/null setools-3.3.6/python/setools/setup.py
|
||||
--- /dev/null 2009-08-08 15:30:39.325298375 -0400
|
||||
+++ setools-3.3.6/python/setools/setup.py 2009-08-11 17:29:42.000000000 -0400
|
||||
diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py
|
||||
--- setools-3.3.7/python/setools/setup.py.python 2010-07-30 15:02:10.000000000 -0400
|
||||
+++ setools-3.3.7/python/setools/setup.py 2010-07-30 15:02:10.000000000 -0400
|
||||
@@ -0,0 +1,25 @@
|
||||
+#!/usr/bin/env python
|
||||
+
|
||||
|
|
26
setools.spec
26
setools.spec
|
@ -5,7 +5,7 @@
|
|||
|
||||
Name: setools
|
||||
Version: %{setools_maj_ver}.%{setools_min_ver}
|
||||
Release: 4%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: GPLv2
|
||||
URL: http://oss.tresys.com/projects/setools
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
|
@ -15,6 +15,9 @@ Source2: apol.desktop
|
|||
Source3: seaudit.desktop
|
||||
Source4: sediffx.desktop
|
||||
Patch1: setools-python.patch
|
||||
Patch2: setools-exitstatus.patch
|
||||
Patch3: setools-neverallow.patch
|
||||
Patch4: setools-cmdline.patch
|
||||
Summary: Policy analysis tools for SELinux
|
||||
Group: System Environment/Base
|
||||
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
|
||||
|
@ -187,6 +190,9 @@ This package includes the following graphical tools:
|
|||
%prep
|
||||
%setup -q
|
||||
%patch1 -p 1 -b .python
|
||||
%patch2 -p 1 -b .exitstatus
|
||||
%patch3 -p 1 -b .neverallow
|
||||
%patch4 -p 1 -b .cmdline
|
||||
|
||||
# Fixup expected version of SWIG:
|
||||
sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(2.0.0)|g" configure.ac
|
||||
|
@ -353,6 +359,24 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%postun libs-tcl -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-10
|
||||
- Exit seinfo and sesearch with proper status
|
||||
|
||||
* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-9
|
||||
- Rebuild for new libxml2
|
||||
|
||||
* Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
|
||||
- Return None when no records match python setools.sesearch
|
||||
|
||||
* Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
|
||||
- Add range to ports in seinfo python
|
||||
|
||||
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
|
||||
- Return range with ports
|
||||
|
||||
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
|
||||
- Add port support to setools python
|
||||
|
||||
* Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
|
||||
- fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
|
||||
patch 1
|
||||
|
|
Loading…
Reference in New Issue