rpms
/
setools
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main-riscv64
rpms:main
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:4.2
rpms:f30
rpms:4.2.0
rpms:f29
rpms:f28
rpms:f26
rpms:f27
rpms:f25
rpms:private-plautrba-4.0.0
rpms:f24
rpms:f23
rpms:private-master-2.5
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:f13
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:setools-3_3_7-4_fc14
rpms:setools-3_3_7-3_fc14
rpms:setools-3_3_7-2_fc13
rpms:setools-3_3_7-2_fc14
rpms:setools-3_3_7-1_fc14
rpms:F-13-start
rpms:F-13-split
rpms:setools-3_3_6-4_fc12
rpms:F-12-start
rpms:F-12-split
rpms:setools-3_3_6-3_fc12
rpms:setools-3_3_6-2_fc12
rpms:setools-3_3_6-1_fc12
rpms:setools-3_3_5-8_fc11
rpms:F-11-start
rpms:F-11-split
rpms:setools-3_3_5-7_fc11
rpms:setools-3_3_5-6_fc11
rpms:setools-3_3_5-5_fc11
rpms:setools-3_3_5-4_fc11
rpms:setools-3_3_5-3_fc11
rpms:setools-3_3_5-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:setools-3_3_4-2_fc9
rpms:setools-3_3_5-1_fc10
rpms:setools-3_3_4-1_fc9
rpms:F-9-start
rpms:F-9-split
rpms:setools-3_3_2-3_fc9
rpms:setools-3_3_2-2_fc9
rpms:setools-3_3_2-1_fc9
rpms:setools-3_3_1-7_fc8
rpms:F-8-start
rpms:F-8-split
rpms:setools-3_3_1-6_fc8
rpms:setools-3_2-3_fc7
rpms:setools-3_2-4_fc8
rpms:setools-3_2-3
rpms:setools-3_2-2
rpms:setools-3_2-1
rpms:F-7-start
rpms:F-7-split
rpms:setools-3_1-4_fc7
rpms:setools-3_1-3_fc7
rpms:setools-3_1-2_fc7
rpms:setools-3_1-1_fc7
rpms:setools-3_0-4_fc7
rpms:setools-3_0-3_fc7
rpms:setools-3_0-2_fc7
rpms:setools-3_0-2
rpms:setools-2_4-2_1
rpms:FC-6-split
rpms:setools-2_4-2
rpms:setools-2_4-1
rpms:setools-2_3-3
rpms:setools-2_3-2
rpms:setools-2_3-1_2
rpms:FC-5-split
rpms:setools-2_3-1_1
rpms:setools-2_3-1
rpms:setools-2_2-4_1
rpms:setools-2_2-4
rpms:setools-2_2-3_1
rpms:setools-2_2-3
rpms:setools-2_2-2
rpms:setools-2_2-1
rpms:setools-2_1_3-1
rpms:setools-2_1_2-3
rpms:setools-2_1_2-2
rpms:setools-2_1_2-1
rpms:setools-2_1_1-4
rpms:setools-2_1_1-3
rpms:setools-2_1_1-1
rpms:FC-4-split
rpms:setools-2_1_0-5
rpms:setools-2_1_0-4
rpms:setools-2_1_0-3
rpms:setools-2_1_0-2
rpms:setools-2_1_0-0
rpms:setools-2_0_0-2
rpms:setools-2_0_0-1
rpms:setools-1_5_1-6
rpms:setools-1_5_1-3
rpms:setools-1_5_1-2
rpms:setools-1_5_1-1
rpms:setools-1_4_1-5
rpms:RHEL-4-split
rpms:FC-3-split
rpms:setools-1_4_1-4
rpms:setools-1_4_1-3
rpms:setools-1_4_1-2
rpms:setools-1_4_1-1
rpms:present-on-devel
rpms:setools-1_4-5
rpms:setools-1_4-4
rpms:setools-1_4-3
rpms:setools-1_4-2
rpms:setools-1_4-1
rpms:setools-1_3_1-3
rpms:setools-1_3-2
rpms:setools-1_2_1-2_1
rpms:setools-1_1_1-1
rpms:FC-2-split
..
compare: rpms:private-master-2.5
Branches Tags
rpms:main-riscv64
rpms:main
rpms:rawhide
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:4.2
rpms:f30
rpms:4.2.0
rpms:f29
rpms:f28
rpms:f26
rpms:f27
rpms:f25
rpms:private-plautrba-4.0.0
rpms:f24
rpms:f23
rpms:private-master-2.5
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:f13
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:setools-3_3_7-4_fc14
rpms:setools-3_3_7-3_fc14
rpms:setools-3_3_7-2_fc13
rpms:setools-3_3_7-2_fc14
rpms:setools-3_3_7-1_fc14
rpms:F-13-start
rpms:F-13-split
rpms:setools-3_3_6-4_fc12
rpms:F-12-start
rpms:F-12-split
rpms:setools-3_3_6-3_fc12
rpms:setools-3_3_6-2_fc12
rpms:setools-3_3_6-1_fc12
rpms:setools-3_3_5-8_fc11
rpms:F-11-start
rpms:F-11-split
rpms:setools-3_3_5-7_fc11
rpms:setools-3_3_5-6_fc11
rpms:setools-3_3_5-5_fc11
rpms:setools-3_3_5-4_fc11
rpms:setools-3_3_5-3_fc11
rpms:setools-3_3_5-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:setools-3_3_4-2_fc9
rpms:setools-3_3_5-1_fc10
rpms:setools-3_3_4-1_fc9
rpms:F-9-start
rpms:F-9-split
rpms:setools-3_3_2-3_fc9
rpms:setools-3_3_2-2_fc9
rpms:setools-3_3_2-1_fc9
rpms:setools-3_3_1-7_fc8
rpms:F-8-start
rpms:F-8-split
rpms:setools-3_3_1-6_fc8
rpms:setools-3_2-3_fc7
rpms:setools-3_2-4_fc8
rpms:setools-3_2-3
rpms:setools-3_2-2
rpms:setools-3_2-1
rpms:F-7-start
rpms:F-7-split
rpms:setools-3_1-4_fc7
rpms:setools-3_1-3_fc7
rpms:setools-3_1-2_fc7
rpms:setools-3_1-1_fc7
rpms:setools-3_0-4_fc7
rpms:setools-3_0-3_fc7
rpms:setools-3_0-2_fc7
rpms:setools-3_0-2
rpms:setools-2_4-2_1
rpms:FC-6-split
rpms:setools-2_4-2
rpms:setools-2_4-1
rpms:setools-2_3-3
rpms:setools-2_3-2
rpms:setools-2_3-1_2
rpms:FC-5-split
rpms:setools-2_3-1_1
rpms:setools-2_3-1
rpms:setools-2_2-4_1
rpms:setools-2_2-4
rpms:setools-2_2-3_1
rpms:setools-2_2-3
rpms:setools-2_2-2
rpms:setools-2_2-1
rpms:setools-2_1_3-1
rpms:setools-2_1_2-3
rpms:setools-2_1_2-2
rpms:setools-2_1_2-1
rpms:setools-2_1_1-4
rpms:setools-2_1_1-3
rpms:setools-2_1_1-1
rpms:FC-4-split
rpms:setools-2_1_0-5
rpms:setools-2_1_0-4
rpms:setools-2_1_0-3
rpms:setools-2_1_0-2
rpms:setools-2_1_0-0
rpms:setools-2_0_0-2
rpms:setools-2_0_0-1
rpms:setools-1_5_1-6
rpms:setools-1_5_1-3
rpms:setools-1_5_1-2
rpms:setools-1_5_1-1
rpms:setools-1_4_1-5
rpms:RHEL-4-split
rpms:FC-3-split
rpms:setools-1_4_1-4
rpms:setools-1_4_1-3
rpms:setools-1_4_1-2
rpms:setools-1_4_1-1
rpms:present-on-devel
rpms:setools-1_4-5
rpms:setools-1_4-4
rpms:setools-1_4-3
rpms:setools-1_4-2
rpms:setools-1_4-1
rpms:setools-1_3_1-3
rpms:setools-1_3-2
rpms:setools-1_2_1-2_1
rpms:setools-1_1_1-1
rpms:FC-2-split

1 Commits
rawhide ... private-ma

Author SHA1 Message Date
Petr Lautrbach 04c16e4e1e setools-3.3.8-8.99.1.fc24 
Update to latest upstream sources from
https://github.com/TresysTechnology/setools3.git
 2016-01-08 23:17:47 +01:00
49 changed files with 28757 additions and 956 deletions
Show Stats Expand all files Collapse all files

12
.gitignore vendored
View File

@ -1,14 +1,2 @@
setools-3.3.7.tar.bz2
setools-3.3.8.tar.bz2
setools-3.3.8-f1e5b20.tar.bz2
/4.1.0.tar.gz
/4.1.1.tar.gz
/4.2.0-beta.tar.gz
/4.2.0-rc.tar.gz
/4.2.0.tar.gz
/4.2.1.tar.gz
/4.2.2.tar.gz
/4.3.0.tar.gz
/05e90ee.tar.gz
/16c0696.tar.gz
/4.4.0.tar.gz

90
0001-Make-seinfo-output-predictable.patch
View File

@ -1,90 +0,0 @@
From 8ed316d6bfb65e5e9b57f3761ea8490022ab3a05 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 18 Nov 2021 13:59:08 +0100
Subject: [PATCH] Make seinfo output predictable
There are few places where frozenset is used. Given that frozenset is an unordered
collection the output generated from this is unpredictable.
The following command outputs are fixed using sorted() on frozensets:
seinfo --constrain
seinfo --common
seinfo -c -x
seinfo -r -x
seinfo -u -x
Fixes: https://github.com/SELinuxProject/setools/issues/65
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
setools/policyrep/constraint.pxi | 2 +-
setools/policyrep/objclass.pxi | 4 ++--
setools/policyrep/role.pxi | 2 +-
setools/policyrep/user.pxi | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi
index 01c63d87425b..0b4c5b9bcf6a 100644
--- a/setools/policyrep/constraint.pxi
+++ b/setools/policyrep/constraint.pxi
@@ -72,7 +72,7 @@ cdef class Constraint(BaseConstraint):
def statement(self):
if len(self.perms) > 1:
- perms = "{{ {0} }}".format(' '.join(self.perms))
+ perms = "{{ {0} }}".format(' '.join(sorted(self.perms)))
else:
# convert to list since sets cannot be indexed
perms = list(self.perms)[0]
diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
index b7ec7b7de5c3..8ed2be5a9bed 100644
--- a/setools/policyrep/objclass.pxi
+++ b/setools/policyrep/objclass.pxi
@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol):
return other in self.perms
def statement(self):
- return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
+ return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms)))
cdef class ObjClass(PolicySymbol):
@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
# a class that inherits may not have additional permissions
if len(self.perms) > 0:
- stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
+ stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
return stmt
diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi
index 9a0dd39f27d9..3af8a3f72a1f 100644
--- a/setools/policyrep/role.pxi
+++ b/setools/policyrep/role.pxi
@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol):
if count == 1:
stmt += " types {0}".format(types[0])
else:
- stmt += " types {{ {0} }}".format(' '.join(types))
+ stmt += " types {{ {0} }}".format(' '.join(sorted(types)))
stmt += ";"
return stmt
diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi
index 9c82aa92eb72..e37af2939820 100644
--- a/setools/policyrep/user.pxi
+++ b/setools/policyrep/user.pxi
@@ -81,7 +81,7 @@ cdef class User(PolicySymbol):
if count == 1:
stmt += roles[0]
else:
- stmt += "{{ {0} }}".format(' '.join(roles))
+ stmt += "{{ {0} }}".format(' '.join(sorted(roles)))
if self._level:
stmt += " level {0.mls_level} range {0.mls_range};".format(self)
--
2.33.1

28
0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch Normal file
View File

@ -0,0 +1,28 @@
From 852dfaa124379e84f6363c30c0ef56f00fa4b235 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:40:28 -0400
Subject: [PATCH 01/11] Since-we-do-not-ship-neverallow-rules-all-always-fail
---
libqpol/src/avrule_query.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
index 749565b..76dcaa3 100644
--- a/libqpol/src/avrule_query.c
+++ b/libqpol/src/avrule_query.c
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
- errno = ENOTSUP;
- return STATUS_ERR;
+/* errno = ENOTSUP;
+ return STATUS_ERR; */
+ return STATUS_SUCCESS;
}
db = &policy->p->p;
--
1.8.5.3

34
0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch Normal file
View File

@ -0,0 +1,34 @@
From 0332c009bd0581ab9a75a4ea80af92bb2d6b8b1f Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:46:38 -0400
Subject: [PATCH 02/11] Fix sepol calls to work with latest libsepol
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 577ce48..2a5b55b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -521,7 +521,7 @@ else
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
int main () {
- return role_set_expand(NULL, NULL, NULL, NULL);
+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
}])],
sepol_new_user_role_mapping="yes",
sepol_new_user_role_mapping="no")
@@ -578,7 +578,7 @@ if test ${sepol_check_boolmap} = "yes"; then
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
int main () {
- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
}])],
AC_MSG_RESULT([yes]),
AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
--
1.8.5.3

133
0002-setools-should-exit-with-an-error-status-if-it-gets-.patch Normal file
View File

@ -0,0 +1,133 @@
From 667fe9187c203ffcba855e821dff11c8f71ef000 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:39:51 -0400
Subject: [PATCH 2/6] setools-should-exit-with-an-error-status-if-it-gets-an
error
---
secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------
1 files changed, 27 insertions(+), 24 deletions(-)
diff --git a/secmds/seinfo.c b/secmds/seinfo.c
index fdf23e9..3088f88 100644
--- a/secmds/seinfo.c
+++ b/secmds/seinfo.c
@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy
*/
static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
{
- int retval = 0;
+ int retval = -1;
apol_cat_query_t *query = NULL;
apol_vector_t *v = NULL;
const qpol_cat_t *cat_datum = NULL;
@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy
fprintf(fp, " %s\n", tmp);
free(tmp);
}
- if (type && !apol_vector_get_size(v))
+ if (type && !apol_vector_get_size(v)) {
ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
-
+ goto cleanup;
+ }
retval = 0;
cleanup:
apol_fs_use_query_destroy(&query);
@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
ERR(policydb, "%s", strerror(ENOMEM));
goto cleanup;
}
-
if (apol_genfscon_query_set_filesystem(policydb, query, type))
goto cleanup;
if (apol_genfscon_get_by_query(policydb, query, &v))
@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
free(tmp);
}
- if (type && !apol_vector_get_size(v))
+ if (type && !apol_vector_get_size(v)) {
ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
+ goto cleanup;
+ }
retval = 0;
cleanup:
@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc.
int main(int argc, char **argv)
{
+ int rc = 0;
int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
node, port, permissives, polcaps, constrain, linebreaks;
apol_policy_t *policydb = NULL;
@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
/* display requested info */
if (stats || all)
- print_stats(stdout, policydb);
+ rc = print_stats(stdout, policydb);
if (classes || all)
- print_classes(stdout, class_name, expand, policydb);
+ rc = print_classes(stdout, class_name, expand, policydb);
if (types || all)
- print_types(stdout, type_name, expand, policydb);
+ rc = print_types(stdout, type_name, expand, policydb);
if (attribs || all)
- print_attribs(stdout, attrib_name, expand, policydb);
+ rc = print_attribs(stdout, attrib_name, expand, policydb);
if (roles || all)
- print_roles(stdout, role_name, expand, policydb);
+ rc = print_roles(stdout, role_name, expand, policydb);
if (users || all)
- print_users(stdout, user_name, expand, policydb);
+ rc = print_users(stdout, user_name, expand, policydb);
if (bools || all)
- print_booleans(stdout, bool_name, expand, policydb);
+ rc = print_booleans(stdout, bool_name, expand, policydb);
if (sens || all)
- print_sens(stdout, sens_name, expand, policydb);
+ rc = print_sens(stdout, sens_name, expand, policydb);
if (cats || all)
- print_cats(stdout, cat_name, expand, policydb);
+ rc = print_cats(stdout, cat_name, expand, policydb);
if (fsuse || all)
- print_fsuse(stdout, fsuse_type, policydb);
+ rc = print_fsuse(stdout, fsuse_type, policydb);
if (genfs || all)
- print_genfscon(stdout, genfs_type, policydb);
+ rc = print_genfscon(stdout, genfs_type, policydb);
if (netif || all)
- print_netifcon(stdout, netif_name, policydb);
+ rc = print_netifcon(stdout, netif_name, policydb);
if (node || all)
- print_nodecon(stdout, node_addr, policydb);
+ rc = print_nodecon(stdout, node_addr, policydb);
if (port || all)
- print_portcon(stdout, port_num, protocol, policydb);
+ rc = print_portcon(stdout, port_num, protocol, policydb);
if (isids || all)
- print_isids(stdout, isid_name, expand, policydb);
+ rc = print_isids(stdout, isid_name, expand, policydb);
if (permissives || all)
- print_permissives(stdout, permissive_name, expand, policydb);
+ rc = print_permissives(stdout, permissive_name, expand, policydb);
if (polcaps || all)
- print_polcaps(stdout, polcap_name, expand, policydb);
+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
if (constrain || all)
- print_constraints(stdout, expand, policydb, linebreaks);
+ rc = print_constraints(stdout, expand, policydb, linebreaks);
apol_policy_destroy(&policydb);
apol_policy_path_destroy(&pol_path);
free(policy_file);
- exit(0);
+ exit(rc);
}
/**
--
1.7.6.2

28
0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch Normal file
View File

@ -0,0 +1,28 @@
From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:40:28 -0400
Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail
---
libqpol/src/avrule_query.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
index 749565b..76dcaa3 100644
--- a/libqpol/src/avrule_query.c
+++ b/libqpol/src/avrule_query.c
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
- errno = ENOTSUP;
- return STATUS_ERR;
+/* errno = ENOTSUP;
+ return STATUS_ERR; */
+ return STATUS_SUCCESS;
}
db = &policy->p->p;
--
1.7.6.2

596
0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch Normal file
View File

@ -0,0 +1,596 @@
From 295cc6c22440038c1b633602c0f1b38ded57e1a0 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 10:47:32 +0200
Subject: [PATCH 03/11] mgrepl patch to Fix swig coding style for structures
related to SWIG changes
---
libqpol/swig/qpol.i | 132 ++++++++++++++++++++++++++--------------------------
1 file changed, 66 insertions(+), 66 deletions(-)
diff --git a/libqpol/swig/qpol.i b/libqpol/swig/qpol.i
index 45a2403..0f937d1 100644
--- a/libqpol/swig/qpol.i
+++ b/libqpol/swig/qpol.i
@@ -228,7 +228,7 @@ SWIGEXPORT int Tqpol_Init(Tcl_Interp *interp) {
#define QPOL_MODULE_OTHER 2
typedef struct qpol_module {} qpol_module_t;
%extend qpol_module_t {
- qpol_module_t(const char *path) {
+ qpol_module(const char *path) {
qpol_module_t *m;
BEGIN_EXCEPTION
if (qpol_module_create_from_file(path, &m)) {
@@ -239,7 +239,7 @@ typedef struct qpol_module {} qpol_module_t;
fail:
return NULL;
};
- ~qpol_module_t() {
+ ~qpol_module() {
qpol_module_destroy(&self);
};
const char *get_path() {
@@ -330,7 +330,7 @@ typedef enum qpol_capability
} qpol_capability_e;
%extend qpol_policy_t {
- qpol_policy_t(const char *path, const int options) {
+ qpol_policy(const char *path, const int options) {
qpol_policy_t *p;
BEGIN_EXCEPTION
if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) {
@@ -341,7 +341,7 @@ typedef enum qpol_capability
fail:
return NULL;
}
- ~qpol_policy_t() {
+ ~qpol_policy() {
qpol_policy_destroy(&self);
};
void reevaluate_conds() {
@@ -687,14 +687,14 @@ typedef enum qpol_capability
typedef struct qpol_iterator {} qpol_iterator_t;
%extend qpol_iterator_t {
/* user never directly creates, but SWIG expects a constructor */
- qpol_iterator_t() {
+ qpol_iterator() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_TypeError, "User may not create iterators difectly");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_iterator_t() {
+ ~qpol_iterator() {
qpol_iterator_destroy(&self);
};
void *get_item() {
@@ -736,7 +736,7 @@ typedef struct qpol_iterator {} qpol_iterator_t;
/* qpol type */
typedef struct qpol_type {} qpol_type_t;
%extend qpol_type_t {
- qpol_type_t(qpol_policy_t *p, const char *name) {
+ qpol_type(qpol_policy_t *p, const char *name) {
BEGIN_EXCEPTION
const qpol_type_t *t;
if (qpol_policy_get_type_by_name(p, name, &t)) {
@@ -747,7 +747,7 @@ typedef struct qpol_type {} qpol_type_t;
fail:
return NULL;
};
- ~qpol_type_t() {
+ ~qpol_type() {
/* no op */
return;
};
@@ -851,7 +851,7 @@ typedef struct qpol_type {} qpol_type_t;
/* qpol role */
typedef struct qpol_role {} qpol_role_t;
%extend qpol_role_t {
- qpol_role_t(qpol_policy_t *p, const char *name) {
+ qpol_role(qpol_policy_t *p, const char *name) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_policy_get_role_by_name(p, name, &r)) {
@@ -862,7 +862,7 @@ typedef struct qpol_role {} qpol_role_t;
fail:
return NULL;
};
- ~qpol_role_t() {
+ ~qpol_role() {
/* no op */
return;
};
@@ -919,7 +919,7 @@ typedef struct qpol_role {} qpol_role_t;
/* qpol level */
typedef struct qpol_level {} qpol_level_t;
%extend qpol_level_t {
- qpol_level_t(qpol_policy_t *p, const char *name) {
+ qpol_level(qpol_policy_t *p, const char *name) {
const qpol_level_t *l;
BEGIN_EXCEPTION
if (qpol_policy_get_level_by_name(p, name, &l)) {
@@ -930,7 +930,7 @@ typedef struct qpol_level {} qpol_level_t;
fail:
return NULL;
};
- ~qpol_level_t() {
+ ~qpol_level() {
/* no op */
return;
};
@@ -997,7 +997,7 @@ typedef struct qpol_level {} qpol_level_t;
/* qpol cat */
typedef struct qpol_cat {} qpol_cat_t;
%extend qpol_cat_t {
- qpol_cat_t(qpol_policy_t *p, const char *name) {
+ qpol_cat(qpol_policy_t *p, const char *name) {
const qpol_cat_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_cat_by_name(p, name, &c)) {
@@ -1008,7 +1008,7 @@ typedef struct qpol_cat {} qpol_cat_t;
fail:
return NULL;
};
- ~qpol_cat_t() {
+ ~qpol_cat() {
/* no op */
return;
};
@@ -1064,14 +1064,14 @@ typedef struct qpol_cat {} qpol_cat_t;
/* qpol mls range */
typedef struct qpol_mls_range {} qpol_mls_range_t;
%extend qpol_mls_range_t {
- qpol_mls_range_t() {
+ qpol_mls_range() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~qpol_mls_range_t() {
+ ~qpol_mls_range() {
/* no op */
return;
};
@@ -1105,14 +1105,14 @@ typedef struct qpol_mls_range {} qpol_mls_range_t;
/* qpol mls level */
typedef struct qpol_mls_level {} qpol_mls_level_t;
%extend qpol_mls_level_t {
- qpol_mls_level_t() {
+ qpol_mls_level() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~qpol_mls_level_t() {
+ ~qpol_mls_level() {
/* no op */
return;
};
@@ -1147,7 +1147,7 @@ typedef struct qpol_mls_level {} qpol_mls_level_t;
/* qpol user */
typedef struct qpol_user {} qpol_user_t;
%extend qpol_user_t {
- qpol_user_t(qpol_policy_t *p, const char *name) {
+ qpol_user(qpol_policy_t *p, const char *name) {
const qpol_user_t *u;
BEGIN_EXCEPTION
if (qpol_policy_get_user_by_name(p, name, &u)) {
@@ -1158,7 +1158,7 @@ typedef struct qpol_user {} qpol_user_t;
fail:
return NULL;
};
- ~qpol_user_t() {
+ ~qpol_user() {
/* no op */
return;
};
@@ -1223,7 +1223,7 @@ typedef struct qpol_user {} qpol_user_t;
/* qpol bool */
typedef struct qpol_bool {} qpol_bool_t;
%extend qpol_bool_t {
- qpol_bool_t(qpol_policy_t *p, const char *name) {
+ qpol_bool(qpol_policy_t *p, const char *name) {
qpol_bool_t *b;
BEGIN_EXCEPTION
if (qpol_policy_get_bool_by_name(p, name, &b)) {
@@ -1233,7 +1233,7 @@ typedef struct qpol_bool {} qpol_bool_t;
fail:
return b;
};
- ~qpol_bool_t() {
+ ~qpol_bool() {
/* no op */
return;
};
@@ -1295,14 +1295,14 @@ typedef struct qpol_bool {} qpol_bool_t;
/* qpol context */
typedef struct qpol_context {} qpol_context_t;
%extend qpol_context_t {
- qpol_context_t() {
+ qpol_context() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_context_t() {
+ ~qpol_context() {
/* no op */
return;
};
@@ -1356,7 +1356,7 @@ typedef struct qpol_context {} qpol_context_t;
/* qpol class */
typedef struct qpol_class {} qpol_class_t;
%extend qpol_class_t {
- qpol_class_t(qpol_policy_t *p, const char *name) {
+ qpol_class(qpol_policy_t *p, const char *name) {
const qpol_class_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_class_by_name(p, name, &c)) {
@@ -1366,7 +1366,7 @@ typedef struct qpol_class {} qpol_class_t;
fail:
return (qpol_class_t*)c;
};
- ~qpol_class_t() {
+ ~qpol_class() {
/* no op */
return;
};
@@ -1443,7 +1443,7 @@ typedef struct qpol_class {} qpol_class_t;
/* qpol common */
typedef struct qpol_common {} qpol_common_t;
%extend qpol_common_t {
- qpol_common_t(qpol_policy_t *p, const char *name) {
+ qpol_common(qpol_policy_t *p, const char *name) {
const qpol_common_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_common_by_name(p, name, &c)) {
@@ -1453,7 +1453,7 @@ typedef struct qpol_common {} qpol_common_t;
fail:
return (qpol_common_t*)c;
};
- ~qpol_common_t() {
+ ~qpol_common() {
/* no op */
return;
};
@@ -1515,7 +1515,7 @@ typedef struct qpol_common {} qpol_common_t;
#define QPOL_FS_USE_PSID 6U
#endif
typedef struct qpol_fs_use {} qpol_fs_use_t;
-%extend qpol_fs_use_t {
+%extend qpol_fs_use {
qpol_fs_use_t(qpol_policy_t *p, const char *name) {
const qpol_fs_use_t *f;
BEGIN_EXCEPTION
@@ -1526,7 +1526,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t;
fail:
return (qpol_fs_use_t*)f;
};
- ~qpol_fs_use_t() {
+ ~qpol_fs_use() {
/* no op */
return;
};
@@ -1594,7 +1594,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t;
#endif
typedef struct qpol_genfscon {} qpol_genfscon_t;
%extend qpol_genfscon_t {
- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) {
+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) {
qpol_genfscon_t *g;
BEGIN_EXCEPTION
if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) {
@@ -1604,7 +1604,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
fail:
return g;
};
- ~qpol_genfscon_t() {
+ ~qpol_genfscon() {
free(self);
};
const char *get_name(qpol_policy_t *p) {
@@ -1656,7 +1656,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t;
/* qpol isid */
typedef struct qpol_isid {} qpol_isid_t;
-%extend qpol_isid_t {
+%extend qpol_isid {
qpol_isid_t(qpol_policy_t *p, const char *name) {
const qpol_isid_t *i;
BEGIN_EXCEPTION
@@ -1667,7 +1667,7 @@ typedef struct qpol_isid {} qpol_isid_t;
fail:
return (qpol_isid_t*)i;
};
- ~qpol_isid_t() {
+ ~qpol_isid() {
/* no op */
return;
};
@@ -1701,7 +1701,7 @@ typedef struct qpol_isid {} qpol_isid_t;
/* qpol netifcon */
typedef struct qpol_netifcon {} qpol_netifcon_t;
%extend qpol_netifcon_t {
- qpol_netifcon_t(qpol_policy_t *p, const char *name) {
+ qpol_netifcon(qpol_policy_t *p, const char *name) {
const qpol_netifcon_t *n;
BEGIN_EXCEPTION
if (qpol_policy_get_netifcon_by_name(p, name, &n)) {
@@ -1711,7 +1711,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t;
fail:
return (qpol_netifcon_t*)n;
};
- ~qpol_netifcon_t() {
+ ~qpol_netifcon() {
/* no op */
return;
};
@@ -1757,7 +1757,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t;
#define QPOL_IPV6 1
typedef struct qpol_nodecon {} qpol_nodecon_t;
%extend qpol_nodecon_t {
- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
uint32_t a[4], m[4];
qpol_nodecon_t *n;
BEGIN_EXCEPTION
@@ -1772,7 +1772,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
fail:
return n;
}
- ~qpol_nodecon_t() {
+ ~qpol_nodecon() {
free(self);
};
uint32_t *get_addr(qpol_policy_t *p) {
@@ -1830,7 +1830,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t;
#define IPPROTO_UDP 17
typedef struct qpol_portcon {} qpol_portcon_t;
%extend qpol_portcon_t {
- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
const qpol_portcon_t *qp;
BEGIN_EXCEPTION
if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) {
@@ -1840,7 +1840,7 @@ typedef struct qpol_portcon {} qpol_portcon_t;
fail:
return (qpol_portcon_t*)qp;
};
- ~qpol_portcon_t() {
+ ~qpol_portcon() {
/* no op */
return;
};
@@ -1893,7 +1893,7 @@ typedef struct qpol_portcon {} qpol_portcon_t;
/* qpol constraint */
typedef struct qpol_constraint {} qpol_constraint_t;
-%extend qpol_constraint_t {
+%extend qpol_constraint {
qpol_constraint_t() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects");
@@ -1901,7 +1901,7 @@ typedef struct qpol_constraint {} qpol_constraint_t;
fail:
return NULL;
};
- ~qpol_constraint_t() {
+ ~qpol_constraint() {
free(self);
};
const qpol_class_t *get_class(qpol_policy_t *p) {
@@ -1945,7 +1945,7 @@ typedef struct qpol_constraint {} qpol_constraint_t;
/* qpol validatetrans */
typedef struct qpol_validatetrans {} qpol_validatetrans_t;
-%extend qpol_validatetrans_t {
+%extend qpol_validatetrans {
qpol_validatetrans_t() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects");
@@ -1953,7 +1953,7 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t;
fail:
return NULL;
};
- ~qpol_validatetrans_t() {
+ ~qpol_validatetrans() {
free(self);
};
const qpol_class_t *get_class(qpol_policy_t *p) {
@@ -2011,14 +2011,14 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t;
#define QPOL_CEXPR_OP_INCOMP 5
typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
%extend qpol_constraint_expr_node_t {
- qpol_constraint_expr_node_t() {
+ qpol_constraint_expr_node() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_constraint_expr_node_t() {
+ ~qpol_constraint_expr_node() {
/* no op */
return;
};
@@ -2073,14 +2073,14 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
/* qpol role allow */
typedef struct qpol_role_allow {} qpol_role_allow_t;
%extend qpol_role_allow_t {
- qpol_role_allow_t() {
+ qpol_role_allow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_role_allow_t() {
+ ~qpol_role_allow() {
/* no op */
return;
};
@@ -2114,14 +2114,14 @@ typedef struct qpol_role_allow {} qpol_role_allow_t;
/* qpol role trans */
typedef struct qpol_role_trans {} qpol_role_trans_t;
%extend qpol_role_trans_t {
- qpol_role_trans_t() {
+ qpol_role_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_role_trans_t() {
+ ~qpol_role_trans() {
/* no op */
return;
};
@@ -2165,14 +2165,14 @@ typedef struct qpol_role_trans {} qpol_role_trans_t;
/* qpol range trans */
typedef struct qpol_range_trans {} qpol_range_trans_t;
%extend qpol_range_trans_t {
- qpol_range_trans_t() {
+ qpol_range_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_range_trans_t() {
+ ~qpol_range_trans() {
/* no op */
return;
};
@@ -2228,14 +2228,14 @@ typedef struct qpol_range_trans {} qpol_range_trans_t;
#define QPOL_RULE_DONTAUDIT 4
typedef struct qpol_avrule {} qpol_avrule_t;
%extend qpol_avrule_t {
- qpol_avrule_t() {
+ qpol_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_avrule_t() {
+ ~qpol_avrule() {
/* no op */
return;
};
@@ -2348,14 +2348,14 @@ typedef struct qpol_avrule {} qpol_avrule_t;
#define QPOL_RULE_TYPE_MEMBER 32
typedef struct qpol_terule {} qpol_terule_t;
%extend qpol_terule_t {
- qpol_terule_t() {
+ qpol_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_terule_t() {
+ ~qpol_terule() {
/* no op */
return;
};
@@ -2464,14 +2464,14 @@ typedef struct qpol_terule {} qpol_terule_t;
/* qpol conditional */
typedef struct qpol_cond {} qpol_cond_t;
%extend qpol_cond_t {
- qpol_cond_t() {
+ qpol_cond() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_cond_t() {
+ ~qpol_cond() {
/* no op */
return;
};
@@ -2557,14 +2557,14 @@ typedef struct qpol_cond {} qpol_cond_t;
#define QPOL_COND_EXPR_NEQ 7 /* bool != bool */
typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
%extend qpol_cond_expr_node_t {
- qpol_cond_expr_node_t() {
+ qpol_cond_expr_node() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_cond_expr_node_t() {
+ ~qpol_cond_expr_node() {
/* no op */
return;
};
@@ -2602,14 +2602,14 @@ typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
/* qpol type set */
typedef struct qpol_type_set {} qpol_type_set_t;
%extend qpol_type_set_t {
- qpol_type_set_t() {
+ qpol_type_set() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_type_set_t() {
+ ~qpol_type_set() {
/* no op */
return;
};
@@ -2665,14 +2665,14 @@ typedef struct qpol_type_set {} qpol_type_set_t;
/* qpol syn av rule */
typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
%extend qpol_syn_avrule_t {
- qpol_syn_avrule_t() {
+ qpol_syn_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_syn_avrule_t() {
+ ~qpol_syn_avrule() {
/* no op */
return;
};
@@ -2778,14 +2778,14 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
/* qpol syn te rule */
typedef struct qpol_syn_terule {} qpol_syn_terule_t;
%extend qpol_syn_terule_t {
- qpol_syn_terule_t() {
+ qpol_syn_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_syn_terule_t() {
+ ~qpol_syn_terule() {
/* no op */
return;
};
--
1.8.5.3

97
0004-Apply-selinux_current_policy_path-patch.patch Normal file
View File

@ -0,0 +1,97 @@
From 85a12d481d664120865b46cd1c4c325307179471 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 10:53:54 +0200
Subject: [PATCH 04/11] Apply selinux_current_policy_path patch
---
libqpol/src/util.c | 73 ++++--------------------------------------------------
1 file changed, 5 insertions(+), 68 deletions(-)
diff --git a/libqpol/src/util.c b/libqpol/src/util.c
index 7c49876..8f74b2b 100644
--- a/libqpol/src/util.c
+++ b/libqpol/src/util.c
@@ -84,75 +84,12 @@ static int get_binpol_version(const char *policy_fname)
static int search_policy_binary_file(char **path)
{
- const char *binary_path;
- if ((binary_path = selinux_binary_policy_path()) == NULL) {
- return -1;
- }
-
- int expected_version = -1, latest_version = -1;
-#ifdef LIBSELINUX
- /* if the system has SELinux enabled, prefer the policy whose
- name matches the current policy version */
- if ((expected_version = security_policyvers()) < 0) {
- return -1;
- }
-#endif
-
- glob_t glob_buf;
- struct stat fs;
- int rt, error = 0, retval = -1;
- size_t i;
- char *pattern = NULL;
- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
- return -1;
- }
- glob_buf.gl_offs = 1;
- glob_buf.gl_pathc = 0;
- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
- if (rt != 0 && rt != GLOB_NOMATCH) {
- errno = EIO;
- return -1;
- }
-
- for (i = 0; i < glob_buf.gl_pathc; i++) {
- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
- if (stat(p, &fs) != 0) {
- error = errno;
- goto cleanup;
- }
- if (S_ISDIR(fs.st_mode))
- continue;
-
- if ((rt = get_binpol_version(p)) < 0) {
- error = errno;
- goto cleanup;
- }
-
- if (rt > latest_version || rt == expected_version) {
- free(*path);
- if ((*path = strdup(p)) == NULL) {
- error = errno;
- goto cleanup;
- }
- if (rt == expected_version) {
- break;
- }
- latest_version = rt;
- }
- }
-
- if (*path == NULL) {
- retval = 1;
- } else {
- retval = 0;
- }
- cleanup:
- free(pattern);
- globfree(&glob_buf);
- if (retval == -1) {
- errno = error;
+ const char *binary_path = selinux_current_policy_path();
+ if (binary_path) {
+ *path = strdup(binary_path);
+ if (*path) return 0;
}
- return retval;
+ return -1;
}
int qpol_default_policy_find(char **path)
--
1.8.5.3

78
0004-Fix-man-pages-and-getoptions.patch Normal file
View File

@ -0,0 +1,78 @@
From b3c8ef5822dbf3e3272fc29627ddac7e20e936d5 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:41:12 -0400
Subject: [PATCH 4/6] Fix-man-pages-and-getoptions
---
man/replcon.1 | 2 ++
man/seinfo.1 | 6 +++++-
seaudit/seaudit-report.c | 2 +-
sediff/sediff.c | 2 +-
4 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/man/replcon.1 b/man/replcon.1
index 8aca08a..478dc51 100644
--- a/man/replcon.1
+++ b/man/replcon.1
@@ -44,6 +44,8 @@ Search for files which include PATH.
.IP "-c CLASS, --class=CLASS"
Search only files of object class CLASS.
.SH OPTIONS
+.IP "-R, --regex"
+Enable regular expressions
.IP "-v, --verbose"
Display context info during replacement.
.IP "-h, --help"
diff --git a/man/seinfo.1 b/man/seinfo.1
index 8612119..6bc17db 100644
--- a/man/seinfo.1
+++ b/man/seinfo.1
@@ -76,6 +76,10 @@ There is no expanded information for this component.
.IP "--nodecon[=ADDR]"
Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
There is no expanded information for this component.
+.IP "--polcap"
+Print policy capabilities.
+.IP "--permissive"
+Print permissive types.
.IP "--portcon[=PORT]"
Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
There is no expanded information for this component.
@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss
This option is not available for all component types; see the description of each component for the details this option will provide.
.IP "--stats"
Print policy statistics including policy type and version information and counts of all components and rules.
-.IP "-l"
+.IP "-l, --line-breaks"
Print line breaks when displaying constraint statements.
.IP "-h, --help"
Print help information and exit.
diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c
index af3c6fb..d436c18 100644
--- a/seaudit/seaudit-report.c
+++ b/seaudit/seaudit-report.c
@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief)
printf(" -s, --stdin read log data from standard input\n");
printf(" -m, --malformed include malformed log messages\n");
printf(" -o FILE, --output=FILE output to FILE\n");
- printf(" --config=FILE read configuration from FILE\n");
+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
printf(" --html set output format to HTML\n");
printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
printf(" (ignored if --html is not given)\n");
diff --git a/sediff/sediff.c b/sediff/sediff.c
index 6022775..341c650 100644
--- a/sediff/sediff.c
+++ b/sediff/sediff.c
@@ -420,7 +420,7 @@ int main(int argc, char **argv)
poldiff_t *diff = NULL;
size_t total = 0;
- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
switch (optc) {
case 0:
break;
--
1.7.6.2

24
0005-Apply-seaudit-patch-for-progress.c.patch Normal file
View File

@ -0,0 +1,24 @@
From ba8e76cd514e8ce92a48931963e97fe79589a71a Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 11:12:37 +0200
Subject: [PATCH 05/11] Apply seaudit patch for progress.c
---
libqpol/swig/java/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/libqpol/swig/java/Makefile.am b/libqpol/swig/java/Makefile.am
index a25eacb..533b55a 100644
--- a/libqpol/swig/java/Makefile.am
+++ b/libqpol/swig/java/Makefile.am
@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \
qpol_type_t.java \
qpol_user_t.java \
qpol_validatetrans_t.java \
- SWIGTYPE_p_int.java \
SWIGTYPE_p_unsigned_int.java \
SWIGTYPE_p_void.java
--
1.8.5.3

34
0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch Normal file
View File

@ -0,0 +1,34 @@
From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:46:38 -0400
Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
---
configure.ac | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index e837e03..3c11e23 100644
--- a/configure.ac
+++ b/configure.ac
@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
int main () {
- return role_set_expand(NULL, NULL, NULL, NULL);
+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
}])],
sepol_new_user_role_mapping="yes",
sepol_new_user_role_mapping="no")
@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
int main () {
- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
}])],
AC_MSG_RESULT([yes]),
AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
--
1.7.6.2

39
0006-Add-support-for-boolean-subs.patch Normal file
View File

@ -0,0 +1,39 @@
From 61d3d40e791a4ac392930f11785e4057f67a5b09 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 11:14:50 +0200
Subject: [PATCH 06/11] Add support for boolean subs
---
secmds/seinfo.c | 2 +-
secmds/sesearch.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/secmds/seinfo.c b/secmds/seinfo.c
index a970890..54b2a6a 100644
--- a/secmds/seinfo.c
+++ b/secmds/seinfo.c
@@ -1720,7 +1720,7 @@ int main(int argc, char **argv)
case 'b': /* conditional booleans */
bools = 1;
if (optarg != 0)
- bool_name = optarg;
+ bool_name = selinux_boolean_sub(optarg);
break;
case OPT_INITIALSID:
isids = 1;
diff --git a/secmds/sesearch.c b/secmds/sesearch.c
index 387d526..e1436a7 100644
--- a/secmds/sesearch.c
+++ b/secmds/sesearch.c
@@ -1067,7 +1067,7 @@ int main(int argc, char **argv)
printf("Missing boolean for -b (--bool)\n");
exit(1);
}
- cmd_opts.bool_name = strdup(optarg);
+ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg));
if (!cmd_opts.bool_name) {
fprintf(stderr, "%s\n", strerror(errno));
exit(1);
--
1.8.5.3

1505
0006-Changes-to-support-named-file_trans-rules.patch Normal file
View File

File diff suppressed because it is too large Load Diff

277
0007-Remove-unused-variables.patch Normal file
View File

@ -0,0 +1,277 @@
From e30036e358b8f1c3f56048b467e8646fa3bfffb6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 16:40:26 -0400
Subject: [PATCH 7/7] Remove unused variables
---
libapol/src/ftrule-query.c | 11 ++----
libqpol/src/ftrule_query.c | 2 -
secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++-----------
3 files changed, 68 insertions(+), 31 deletions(-)
diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
index dc248de..9c7a23b 100644
--- a/libapol/src/ftrule-query.c
+++ b/libapol/src/ftrule-query.c
@@ -45,14 +45,11 @@ struct apol_filename_trans_query
int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
{
apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
- char *bool_name = NULL;
+ int retval = -1, source_as_any = 0, is_regex = 0;
*v = NULL;
- unsigned int flags = 0;
- qpol_iterator_t *iter = NULL, *type_iter = NULL;
+ qpol_iterator_t *iter = NULL;
if (t != NULL) {
- flags = t->flags;
is_regex = t->flags & APOL_QUERY_REGEX;
if (t->source != NULL &&
(source_list =
@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
goto cleanup;
}
- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
+ int match_source = 0, match_target = 0, match_default = 0;
size_t i;
if (source_list == NULL) {
@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
{
char *tmp = NULL;
const char *tmp_name = NULL;
- const char *filename_trans_type_str;
int error = 0;
size_t tmp_sz = 0;
- uint32_t filename_trans_type = 0;
const qpol_type_t *type = NULL;
const qpol_class_t *obj_class = NULL;
diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
index d6db848..3148d30 100644
--- a/libqpol/src/ftrule_query.c
+++ b/libqpol/src/ftrule_query.c
@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
{
- policydb_t *db = NULL;
filename_trans_t *ft = NULL;
if (name) {
@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
return STATUS_ERR;
}
- db = &policy->p->p;
ft = (filename_trans_t *) rule;
*name = ft->name;
diff --git a/secmds/sesearch.c b/secmds/sesearch.c
index e44b3bc..319ffe7 100644
--- a/secmds/sesearch.c
+++ b/secmds/sesearch.c
@@ -72,6 +72,7 @@ static struct option const longopts[] = {
{"source", required_argument, NULL, 's'},
{"target", required_argument, NULL, 't'},
+ {"default", required_argument, NULL, 'D'},
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
{"class", required_argument, NULL, 'c'},
@@ -92,6 +93,7 @@ typedef struct options
{
char *src_name;
char *tgt_name;
+ char *default_name;
char *src_role_name;
char *tgt_role_name;
char *class_name;
@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
tmp = apol_cond_expr_render(policy, cond);
enable_char = (enabled ? 'E' : 'D');
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
qpol_iterator_destroy(&iter);
enable_char = (enabled ? 'E' : 'D');
branch_char = (list ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
tmp = apol_cond_expr_render(policy, cond);
enable_char = (enabled ? 'E' : 'D');
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
qpol_iterator_destroy(&iter);
enable_char = (enabled ? 'E' : 'D');
branch_char = (list ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
return -1;
}
- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
+ if (!opt->type && !opt->all) {
*v = NULL;
return 0; /* no search to do */
}
@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
if (opt->src_name) {
- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
error = errno;
goto err;
}
}
+
if (opt->tgt_name) {
if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
error = errno;
goto err;
}
}
+ if (opt->default_name) {
+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
+ error = errno;
+ goto err;
+ }
+ }
+
+ if (opt->class_name) {
+ if (opt->class_vector == NULL) {
+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
+ error = errno;
+ goto err;
+ }
+ } else {
+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
+ char *class_name;
+ class_name = apol_vector_get_element(opt->class_vector, i);
+ if (!class_name)
+ continue;
+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
+ error = errno;
+ goto err;
+ }
+ }
+ }
+ }
if (apol_filename_trans_get_by_query(policy, ftq, v)) {
error = errno;
@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
{
- qpol_policy_t *q = apol_policy_get_qpol(policy);
- size_t i, num_rules = 0;
- const qpol_filename_trans_t *rule = NULL;
- char *tmp = NULL, *rule_str = NULL, *expr = NULL;
+ size_t i, num_filename_trans = 0;
+ const qpol_filename_trans_t *filename_trans = NULL;
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
char enable_char = ' ', branch_char = ' ';
qpol_iterator_t *iter = NULL;
const qpol_cond_t *cond = NULL;
uint32_t enabled = 0, list = 0;
- if (!(num_rules = apol_vector_get_size(v)))
+ if (!(num_filename_trans = apol_vector_get_size(v)))
goto cleanup;
- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
- for (i = 0; i < num_rules; i++) {
+ for (i = 0; i < num_filename_trans; i++) {
enable_char = branch_char = ' ';
- if (!(rule = apol_vector_get_element(v, i)))
+ if (!(filename_trans = apol_vector_get_element(v, i)))
goto cleanup;
- if (!(rule_str = apol_filename_trans_render(policy, rule)))
+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
goto cleanup;
- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
- free(rule_str);
- rule_str = NULL;
+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
+ free(filename_trans_str);
+ filename_trans_str = NULL;
free(expr);
expr = NULL;
}
cleanup:
free(tmp);
- free(rule_str);
+ free(filename_trans_str);
free(expr);
}
@@ -930,7 +962,7 @@ int main(int argc, char **argv)
memset(&cmd_opts, 0, sizeof(cmd_opts));
cmd_opts.indirect = true;
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
switch (optc) {
case 0:
break;
@@ -946,6 +978,18 @@ int main(int argc, char **argv)
exit(1);
}
break;
+ case 'D': /* source */
+ if (optarg == 0) {
+ usage(argv[0], 1);
+ printf("Missing source default type for -D (--default)\n");
+ exit(1);
+ }
+ cmd_opts.default_name = strdup(optarg);
+ if (!cmd_opts.default_name) {
+
+ exit(1);
+ }
+ break;
case 't': /* target */
if (optarg == 0) {
usage(argv[0], 1);
@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
fprintf(stdout, "\n");
}
- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
+ if (cmd_opts.all || cmd_opts.type) {
apol_vector_destroy(&v);
if (perform_ft_query(policy, &cmd_opts, &v)) {
rt = 1;
--
1.7.6.2

276
0007-Setools-noship.patch Normal file
View File

@ -0,0 +1,276 @@
From a39d0831d654292fb2a1f7b9ee18ecc9239f610f Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 18:38:34 +0200
Subject: [PATCH 07/11] Setools noship
---
Makefile.am | 26 +++-----------------------
configure.ac | 2 +-
man/Makefile.am | 15 +++------------
seaudit/Makefile.am | 31 +++----------------------------
secmds/Makefile.am | 14 +-------------
sediff/Makefile.am | 32 ++------------------------------
6 files changed, 13 insertions(+), 107 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 176c8ea..4cac386 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -10,7 +10,7 @@ if BUILD_GUI
endif
# sediffx is also built conditionally, from sediffx/Makefile.am
-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
@@ -49,12 +49,6 @@ seaudit: libqpol libapol libseaudit
sediff: libqpol libapol libpoldiff
$(MAKE) -C $(top_srcdir)/sediff sediff
-sediffx: libqpol libapol libpoldiff
- $(MAKE) -C $(top_srcdir)/sediff sediffx
-
-sechecker: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/sechecker
-
help:
@echo "Make targets for SETools:"
@echo " all: build everything, but do not install"
@@ -65,8 +59,6 @@ help:
@echo " secmds: build command line tools"
@echo " seaudit: build audit log analysis tools"
@echo " sediff: build semantic policy diff command line tool"
- @echo " sediffx: build semantic policy diff graphical tool"
- @echo " sechecker: build policy checking tool"
@echo ""
@echo " install-logwatch: install LogWatch config files for seaudit-report"
@echo " (requires LogWatch and root privileges)"
@@ -78,9 +70,9 @@ install-logwatch:
$(MAKE) -C $(top_srcdir)/seaudit install-logwatch
.PHONY: libqpol libapol libpoldiff libsefs libseaudit \
- apol secmds seaudit sediff sediffx sechecker \
+ apol secmds seaudit sediff \
install-logwatch help \
- seinfo sesearch indexcon findcon replcon searchcon \
+ seinfo sesearch \
packages
seinfo: libqpol libapol
@@ -89,18 +81,6 @@ seinfo: libqpol libapol
sesearch: libqpol libapol
$(MAKE) -C $(top_srcdir)/secmds sesearch
-indexcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds indexcon
-
-findcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds findcon
-
-replcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds replcon
-
-searchcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds searchcon
-
packages:
$(MAKE) -C $(top_srcdir)/packages
diff --git a/configure.ac b/configure.ac
index 2a5b55b..5b1da5e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; then
fi
AC_PROG_CXX
AC_LANG([C])
-AC_PROG_LIBTOOL
+AC_PROG_RANLIB
AC_PROG_LN_S
AC_PROG_LEX
AC_PROG_YACC
diff --git a/man/Makefile.am b/man/Makefile.am
index 0fafccb..f88e00a 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -1,19 +1,10 @@
if BUILD_GUI
MAYBEMANS = apol.1 \
- seaudit.8 seaudit-report.8 \
- sediffx.1
+ seaudit.8
endif
EXTRA_DIST=$(man_MANS) apol.1 \
- seaudit.8 seaudit-report.8.in \
- sediffx.1
+ seaudit.8
-man_MANS = findcon.1 indexcon.1 replcon.1 \
- sechecker.1 \
- sediff.1 \
+man_MANS = sediff.1 \
seinfo.1 sesearch.1 $(MAYBEMANS)
-
-seaudit-report.8: seaudit-report.8.in Makefile
- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
-
-CLEANFILES = seaudit-report.8
diff --git a/seaudit/Makefile.am b/seaudit/Makefile.am
index 1987c99..3fa4413 100644
--- a/seaudit/Makefile.am
+++ b/seaudit/Makefile.am
@@ -1,5 +1,4 @@
setoolsdir = @setoolsdir@
-bin_PROGRAMS = seaudit-report
sbin_PROGRAMS = seaudit
AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
dist_setools_DATA = \
seaudit.glade \
seaudit_help.txt \
- seaudit-report.conf \
- seaudit-report.css \
seaudit.png seaudit-small.png
nodist_setools_DATA = \
- dot_seaudit \
- seaudit-report-service
+ dot_seaudit
seaudit_SOURCES = \
filter_view.c filter_view.h \
@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \
dot_seaudit: dot_seaudit.in Makefile
sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
-seaudit_report_SOURCES = seaudit-report.c
-seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \
- $(top_builddir)/libapol/src/libapol.so \
- $(top_builddir)/libqpol/src/libqpol.so
-
logwatch = $(DESTDIR)/etc/logwatch
LOGWATCH_GROUP = $(logwatch)/conf/logfiles
LOGWATCH_SERVICE = $(logwatch)/conf/services
LOGWATCH_FILTER = $(logwatch)/scripts/services
-dist_noinst_DATA = dot_seaudit.in \
- seaudit-report-group.conf \
- seaudit-report-service.conf \
- seaudit-report-service.in
-
-seaudit-report-service: seaudit-report-service.in Makefile
- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@
-
-install-logwatch: $(dist_noinst_DATA) seaudit-report-service
- mkdir -p -- $(LOGWATCH_GROUP)
- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP)
- mkdir -p -- $(LOGWATCH_SERVICE)
- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE)
- mkdir -p -- $(LOGWATCH_FILTER)
- install -m 755 seaudit-report-service $(LOGWATCH_FILTER)
+dist_noinst_DATA = dot_seaudit.in
$(top_builddir)/libapol/src/libapol.so:
$(MAKE) -C $(top_builddir)/libapol/src $(notdir $@)
@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so:
$(top_builddir)/libsefs/src/libsefs.so:
$(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@)
-.PHONY: install-logwatch
-
-CLEANFILES = dot_seaudit seaudit-report-service
+CLEANFILES = dot_seaudit
diff --git a/secmds/Makefile.am b/secmds/Makefile.am
index ddc88b1..7fa4364 100644
--- a/secmds/Makefile.am
+++ b/secmds/Makefile.am
@@ -1,6 +1,6 @@
# various setools command line tools
-bin_PROGRAMS = seinfo sesearch findcon replcon indexcon
+bin_PROGRAMS = seinfo sesearch
# These are for indexcon so that it is usable on machines without setools
STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3
@@ -18,18 +18,6 @@ seinfo_SOURCES = seinfo.c
sesearch_SOURCES = sesearch.c
-indexcon_SOURCES = indexcon.cc
-indexcon_LDADD = @SELINUX_LIB_FLAG@ $(STATICLIBS)
-indexcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so
-
-findcon_SOURCES = findcon.cc
-findcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD)
-findcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so
-
-replcon_SOURCES = replcon.cc
-replcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD)
-replcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so
-
$(top_builddir)/libapol/src/libapol.so:
$(MAKE) -C $(top_builddir)/libapol/src $(notdir $@)
diff --git a/sediff/Makefile.am b/sediff/Makefile.am
index 3f53cd3..2d9ce84 100644
--- a/sediff/Makefile.am
+++ b/sediff/Makefile.am
@@ -1,13 +1,6 @@
setoolsdir = @setoolsdir@
-dist_setools_DATA = sediff_help.txt sediffx.glade \
- sediffx.png sediffx-small.png
-
-if BUILD_GUI
- MAYBE_SEDIFFX = sediffx
-endif
-
-bin_PROGRAMS = sediff $(MAYBE_SEDIFFX)
+bin_PROGRAMS = sediff
AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
@QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@
@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@
LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
-sediff_CFLAGS = $(AM_CFLAGS)
-sediffx_CFLAGS = $(AM_CFLAGS) \
- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@
-
-# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks
-sediffx_LDFLAGS = $(AM_LDFLAGS) \
- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \
- -rdynamic
+sediff_CFLAGS = $(AM_CFLAGS)
DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \
$(top_builddir)/libapol/src/libapol.so \
@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \
sediff_SOURCES = sediff.c
-sediffx_SOURCES = \
- find_dialog.c find_dialog.h \
- open_policies_dialog.c open_policies_dialog.h \
- policy_view.c policy_view.h \
- progress.c progress.h \
- remap_types_dialog.c remap_types_dialog.h \
- result_item.c result_item.h \
- result_item_render.c result_item_render.h \
- results.c results.h \
- select_diff_dialog.c select_diff_dialog.h \
- toplevel.c toplevel.h \
- utilgui.c utilgui.h \
- sediffx.c sediffx.h
-
$(top_builddir)/libpoldiff/src/libpoldiff.so:
$(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@)
--
1.8.5.3

92
0008-Add-alias-support-to-seinfo-t.patch Normal file
View File

@ -0,0 +1,92 @@
From 1136e61a9839ad3b60eb2da4d624413c02545c7d Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 18:42:27 +0200
Subject: [PATCH 08/11] Add alias support to seinfo -t
---
secmds/seinfo.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/secmds/seinfo.c b/secmds/seinfo.c
index 54b2a6a..1878c49 100644
--- a/secmds/seinfo.c
+++ b/secmds/seinfo.c
@@ -46,6 +46,7 @@
#include <string.h>
#include <assert.h>
#include <getopt.h>
+#include <selinux/selinux.h>
#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
@@ -54,6 +55,7 @@
static char *policy_file = NULL;
+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb);
static int print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
static int print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
static int print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand);
@@ -514,6 +516,7 @@ static int print_types(FILE * fp, const char *name, int expand, const apol_polic
goto cleanup;
if (print_type_attrs(fp, type_datum, policydb, expand))
goto cleanup;
+ print_type_aliases(fp, type_datum, policydb);
} else {
if (qpol_policy_get_type_iter(q, &iter))
goto cleanup;
@@ -1912,6 +1915,51 @@ int main(int argc, char **argv)
}
/**
+ * Prints the alias of a type.
+ *
+ * @param fp Reference to a file to which to print type information
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ * attributes
+ */
+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb)
+{
+ qpol_iterator_t *iter = NULL;
+ size_t alias_size;
+ unsigned char isattr, isalias;
+ const char *type_name = NULL;
+ const char *alias_name;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ if (qpol_type_get_name(q, type_datum, &type_name))
+ goto cleanup;
+ if (qpol_type_get_isattr(q, type_datum, &isattr))
+ goto cleanup;
+ if (qpol_type_get_isalias(q, type_datum, &isalias))
+ goto cleanup;
+
+ if (isalias) {
+ fprintf(fp, " TypeName %s\n", type_name);
+ }
+ if (qpol_type_get_alias_iter(q, type_datum, &iter))
+ goto cleanup;
+ if (qpol_iterator_get_size(iter, &alias_size))
+ goto cleanup;
+ if (alias_size > 0) {
+ fprintf(fp, " Aliases\n");
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&alias_name))
+ goto cleanup;
+ fprintf(fp, " %s\n", alias_name);
+ }
+ }
+
+ cleanup:
+ qpol_iterator_destroy(&iter);
+ return;
+}
+
+/**
* Prints a textual representation of a type, and possibly
* all of that type's attributes.
*
--
1.8.5.3

34
0008-Fix-output-to-match-policy-lines.patch Normal file
View File

@ -0,0 +1,34 @@
From 2f89d9acc12c0a7b50a94e4247b015242ce712c9 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 21 Sep 2011 15:15:02 -0400
Subject: [PATCH 8/8] Fix output to match policy lines
---
libapol/src/ftrule-query.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
index 9c7a23b..1d5f5c8 100644
--- a/libapol/src/ftrule-query.c
+++ b/libapol/src/ftrule-query.c
@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
error = errno;
goto err;
}
- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
goto err;
}
- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) {
error = errno;
ERR(policy, "%s", strerror(error));
goto err;
--
1.7.6.2

258
0009-Fix-help-message-on-sesearch-D.patch Normal file
View File

@ -0,0 +1,258 @@
From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 18:46:24 +0200
Subject: [PATCH 09/11] Fix help message on sesearch -D
---
man/sesearch.1 | 2 +-
secmds/sesearch.c | 77 +++++++++++++++++--------------------------------------
2 files changed, 25 insertions(+), 54 deletions(-)
diff --git a/man/sesearch.1 b/man/sesearch.1
index 573aedd..dc119eb 100644
--- a/man/sesearch.1
+++ b/man/sesearch.1
@@ -43,7 +43,7 @@ Search for allow rules.
Search for neverallow rules.
.IP "--auditallow"
Search for auditallow rules.
-.IP "--dontaudit"
+.IP "-D, --dontaudit"
Search for dontaudit rules.
.IP "-T, --type"
Search for type_transition, type_member, and type_change rules.
diff --git a/secmds/sesearch.c b/secmds/sesearch.c
index e1436a7..f53d670 100644
--- a/secmds/sesearch.c
+++ b/secmds/sesearch.c
@@ -24,6 +24,7 @@
*/
#include <config.h>
+#include <selinux/selinux.h>
/* libapol */
#include <apol/policy.h>
@@ -61,9 +62,8 @@ enum opt_values
static struct option const longopts[] = {
{"allow", no_argument, NULL, 'A'},
{"neverallow", no_argument, NULL, RULE_NEVERALLOW},
- {"audit", no_argument, NULL, RULE_AUDIT},
{"auditallow", no_argument, NULL, RULE_AUDITALLOW},
- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT},
+ {"dontaudit", no_argument, NULL, 'D'},
{"type", no_argument, NULL, 'T'},
{"role_allow", no_argument, NULL, RULE_ROLE_ALLOW},
{"role_trans", no_argument, NULL, RULE_ROLE_TRANS},
@@ -72,7 +72,6 @@ static struct option const longopts[] = {
{"source", required_argument, NULL, 's'},
{"target", required_argument, NULL, 't'},
- {"default", required_argument, NULL, 'D'},
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
{"class", required_argument, NULL, 'c'},
@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief)
printf(" -A, --allow allow rules\n");
printf(" --neverallow neverallow rules\n");
printf(" --auditallow auditallow rules\n");
- printf(" --dontaudit dontaudit rules\n");
+ printf(" -D, --dontaudit dontaudit rules\n");
printf(" -T, --type type_trans, type_member, and type_change\n");
printf(" --role_allow role allow rules\n");
printf(" --role_trans role_transition rules\n");
@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief)
printf("EXPRESSIONS:\n");
printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n");
printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n");
- printf(" -D NAME, --default=NAME rules with type NAME as default\n");
printf(" --role_source=NAME rules with role NAME as source\n");
printf(" --role_target=NAME rules with role NAME as target\n");
printf(" -c NAME, --class=NAME rules with class NAME as the object class\n");
@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
tmp = apol_cond_expr_render(policy, cond);
enable_char = (enabled ? 'E' : 'D');
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
- expr = NULL;
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
goto cleanup;
- }
free(tmp);
tmp = NULL;
if (!expr)
@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
qpol_iterator_destroy(&iter);
enable_char = (enabled ? 'E' : 'D');
branch_char = (list ? 'T' : 'F');
- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
- expr = NULL;
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
goto cleanup;
- }
free(tmp);
tmp = NULL;
if (!expr)
@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt,
apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect);
if (opt->bool_name)
apol_terule_query_set_bool(policy, teq, opt->bool_name);
- if (opt->default_name)
- apol_terule_query_set_default(policy, teq, opt->default_name);
if (opt->class_name) {
if (opt->class_vector == NULL) {
if (apol_terule_query_append_class(policy, teq, opt->class_name)) {
@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
tmp = apol_cond_expr_render(policy, cond);
enable_char = (enabled ? 'E' : 'D');
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
- expr = NULL;
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
goto cleanup;
- }
free(tmp);
tmp = NULL;
if (!expr)
- goto cleanup;
+ break;
}
}
if (!(rule_str = apol_syn_terule_render(policy, rule)))
@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
qpol_iterator_destroy(&iter);
enable_char = (enabled ? 'E' : 'D');
branch_char = (list ? 'T' : 'F');
- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
- expr = NULL;
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
goto cleanup;
- }
free(tmp);
tmp = NULL;
if (!expr)
@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
goto err;
}
}
-
if (opt->default_name) {
if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
error = errno;
@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt
{
size_t i, num_filename_trans = 0;
const qpol_filename_trans_t *filename_trans = NULL;
- char *filename_trans_str = NULL;
- qpol_iterator_t *iter = NULL;
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
if (!(num_filename_trans = apol_vector_get_size(v)))
goto cleanup;
- fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans);
+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
for (i = 0; i < num_filename_trans; i++) {
if (!(filename_trans = apol_vector_get_element(v, i)))
@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt
if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
goto cleanup;
- fprintf(stdout, "%s\n", filename_trans_str);
+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
free(filename_trans_str);
filename_trans_str = NULL;
+ free(expr);
+ expr = NULL;
}
cleanup:
+ free(tmp);
free(filename_trans_str);
+ free(expr);
}
static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt,
}
}
- if (opt->default_name) {
- if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) {
- error = errno;
- goto err;
- }
- }
-
if (apol_role_trans_get_by_query(policy, rtq, v)) {
error = errno;
goto err;
@@ -973,7 +956,7 @@ int main(int argc, char **argv)
memset(&cmd_opts, 0, sizeof(cmd_opts));
cmd_opts.indirect = true;
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) {
switch (optc) {
case 0:
break;
@@ -1001,18 +984,6 @@ int main(int argc, char **argv)
exit(1);
}
break;
- case 'D': /* default */
- if (optarg == 0) {
- usage(argv[0], 1);
- printf("Missing default type for -D (--default)\n");
- exit(1);
- }
- cmd_opts.default_name = strdup(optarg);
- if (!cmd_opts.default_name) {
-
- exit(1);
- }
- break;
case EXPR_ROLE_SOURCE:
if (optarg == 0) {
usage(argv[0], 1);
@@ -1093,7 +1064,7 @@ int main(int argc, char **argv)
case RULE_AUDITALLOW:
cmd_opts.auditallow = true;
break;
- case RULE_DONTAUDIT:
+ case 'D':
cmd_opts.dontaudit = true;
break;
case 'T': /* type */
@@ -1273,12 +1244,13 @@ int main(int argc, char **argv)
fprintf(stdout, "\n");
}
- apol_vector_destroy(&v);
- if (perform_ft_query(policy, &cmd_opts, &v)) {
- rt = 1;
- goto cleanup;
- }
- if (v) {
+ if (cmd_opts.all || cmd_opts.type) {
+ apol_vector_destroy(&v);
+ if (perform_ft_query(policy, &cmd_opts, &v)) {
+ rt = 1;
+ goto cleanup;
+ }
+
print_ft_results(policy, &cmd_opts, v);
fprintf(stdout, "\n");
}
@@ -1317,7 +1289,6 @@ int main(int argc, char **argv)
apol_policy_path_destroy(&pol_path);
free(cmd_opts.src_name);
free(cmd_opts.tgt_name);
- free(cmd_opts.default_name);
free(cmd_opts.class_name);
free(cmd_opts.permlist);
free(cmd_opts.bool_name);
--
1.8.5.3

583
0009-Fix-swig-coding-style-for-structures.patch Normal file
View File

@ -0,0 +1,583 @@
#diff -Nur old_setools/libqpol/swig/qpol.i setools-3.3.7/libqpol/swig/qpol.i
diff -Nur setools-3.3.7/libqpol/swig/qpol.i.current setools-3.3.7/libqpol/swig/qpol.i
--- old_setools/libqpol/swig/qpol.i 2010-04-30 18:23:28.000000000 +0200
+++ setools-3.3.7/libqpol/swig/qpol.i 2012-07-03 19:20:45.383016553 +0200
@@ -228,7 +228,7 @@
#define QPOL_MODULE_OTHER 2
typedef struct qpol_module {} qpol_module_t;
%extend qpol_module_t {
- qpol_module_t(const char *path) {
+ qpol_module(const char *path) {
qpol_module_t *m;
BEGIN_EXCEPTION
if (qpol_module_create_from_file(path, &m)) {
@@ -239,7 +239,7 @@
fail:
return NULL;
};
- ~qpol_module_t() {
+ ~qpol_module() {
qpol_module_destroy(&self);
};
const char *get_path() {
@@ -330,7 +330,7 @@
} qpol_capability_e;
%extend qpol_policy_t {
- qpol_policy_t(const char *path, const int options) {
+ qpol_policy(const char *path, const int options) {
qpol_policy_t *p;
BEGIN_EXCEPTION
if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) {
@@ -341,7 +341,7 @@
fail:
return NULL;
}
- ~qpol_policy_t() {
+ ~qpol_policy() {
qpol_policy_destroy(&self);
};
void reevaluate_conds() {
@@ -687,14 +687,14 @@
typedef struct qpol_iterator {} qpol_iterator_t;
%extend qpol_iterator_t {
/* user never directly creates, but SWIG expects a constructor */
- qpol_iterator_t() {
+ qpol_iterator() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_TypeError, "User may not create iterators difectly");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_iterator_t() {
+ ~qpol_iterator() {
qpol_iterator_destroy(&self);
};
void *get_item() {
@@ -736,7 +736,7 @@
/* qpol type */
typedef struct qpol_type {} qpol_type_t;
%extend qpol_type_t {
- qpol_type_t(qpol_policy_t *p, const char *name) {
+ qpol_type(qpol_policy_t *p, const char *name) {
BEGIN_EXCEPTION
const qpol_type_t *t;
if (qpol_policy_get_type_by_name(p, name, &t)) {
@@ -747,7 +747,7 @@
fail:
return NULL;
};
- ~qpol_type_t() {
+ ~qpol_type() {
/* no op */
return;
};
@@ -851,7 +851,7 @@
/* qpol role */
typedef struct qpol_role {} qpol_role_t;
%extend qpol_role_t {
- qpol_role_t(qpol_policy_t *p, const char *name) {
+ qpol_role(qpol_policy_t *p, const char *name) {
const qpol_role_t *r;
BEGIN_EXCEPTION
if (qpol_policy_get_role_by_name(p, name, &r)) {
@@ -862,7 +862,7 @@
fail:
return NULL;
};
- ~qpol_role_t() {
+ ~qpol_role() {
/* no op */
return;
};
@@ -919,7 +919,7 @@
/* qpol level */
typedef struct qpol_level {} qpol_level_t;
%extend qpol_level_t {
- qpol_level_t(qpol_policy_t *p, const char *name) {
+ qpol_level(qpol_policy_t *p, const char *name) {
const qpol_level_t *l;
BEGIN_EXCEPTION
if (qpol_policy_get_level_by_name(p, name, &l)) {
@@ -930,7 +930,7 @@
fail:
return NULL;
};
- ~qpol_level_t() {
+ ~qpol_level() {
/* no op */
return;
};
@@ -997,7 +997,7 @@
/* qpol cat */
typedef struct qpol_cat {} qpol_cat_t;
%extend qpol_cat_t {
- qpol_cat_t(qpol_policy_t *p, const char *name) {
+ qpol_cat(qpol_policy_t *p, const char *name) {
const qpol_cat_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_cat_by_name(p, name, &c)) {
@@ -1008,7 +1008,7 @@
fail:
return NULL;
};
- ~qpol_cat_t() {
+ ~qpol_cat() {
/* no op */
return;
};
@@ -1064,14 +1064,14 @@
/* qpol mls range */
typedef struct qpol_mls_range {} qpol_mls_range_t;
%extend qpol_mls_range_t {
- qpol_mls_range_t() {
+ qpol_mls_range() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~qpol_mls_range_t() {
+ ~qpol_mls_range() {
/* no op */
return;
};
@@ -1105,14 +1105,14 @@
/* qpol mls level */
typedef struct qpol_mls_level {} qpol_mls_level_t;
%extend qpol_mls_level_t {
- qpol_mls_level_t() {
+ qpol_mls_level() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects");
END_EXCEPTION
fail:
return NULL;
}
- ~qpol_mls_level_t() {
+ ~qpol_mls_level() {
/* no op */
return;
};
@@ -1147,7 +1147,7 @@
/* qpol user */
typedef struct qpol_user {} qpol_user_t;
%extend qpol_user_t {
- qpol_user_t(qpol_policy_t *p, const char *name) {
+ qpol_user(qpol_policy_t *p, const char *name) {
const qpol_user_t *u;
BEGIN_EXCEPTION
if (qpol_policy_get_user_by_name(p, name, &u)) {
@@ -1158,7 +1158,7 @@
fail:
return NULL;
};
- ~qpol_user_t() {
+ ~qpol_user() {
/* no op */
return;
};
@@ -1223,7 +1223,7 @@
/* qpol bool */
typedef struct qpol_bool {} qpol_bool_t;
%extend qpol_bool_t {
- qpol_bool_t(qpol_policy_t *p, const char *name) {
+ qpol_bool(qpol_policy_t *p, const char *name) {
qpol_bool_t *b;
BEGIN_EXCEPTION
if (qpol_policy_get_bool_by_name(p, name, &b)) {
@@ -1233,7 +1233,7 @@
fail:
return b;
};
- ~qpol_bool_t() {
+ ~qpol_bool() {
/* no op */
return;
};
@@ -1295,14 +1295,14 @@
/* qpol context */
typedef struct qpol_context {} qpol_context_t;
%extend qpol_context_t {
- qpol_context_t() {
+ qpol_context() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_context_t() {
+ ~qpol_context() {
/* no op */
return;
};
@@ -1356,7 +1356,7 @@
/* qpol class */
typedef struct qpol_class {} qpol_class_t;
%extend qpol_class_t {
- qpol_class_t(qpol_policy_t *p, const char *name) {
+ qpol_class(qpol_policy_t *p, const char *name) {
const qpol_class_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_class_by_name(p, name, &c)) {
@@ -1366,7 +1366,7 @@
fail:
return (qpol_class_t*)c;
};
- ~qpol_class_t() {
+ ~qpol_class() {
/* no op */
return;
};
@@ -1443,7 +1443,7 @@
/* qpol common */
typedef struct qpol_common {} qpol_common_t;
%extend qpol_common_t {
- qpol_common_t(qpol_policy_t *p, const char *name) {
+ qpol_common(qpol_policy_t *p, const char *name) {
const qpol_common_t *c;
BEGIN_EXCEPTION
if (qpol_policy_get_common_by_name(p, name, &c)) {
@@ -1453,7 +1453,7 @@
fail:
return (qpol_common_t*)c;
};
- ~qpol_common_t() {
+ ~qpol_common() {
/* no op */
return;
};
@@ -1515,7 +1515,7 @@
#define QPOL_FS_USE_PSID 6U
#endif
typedef struct qpol_fs_use {} qpol_fs_use_t;
-%extend qpol_fs_use_t {
+%extend qpol_fs_use {
qpol_fs_use_t(qpol_policy_t *p, const char *name) {
const qpol_fs_use_t *f;
BEGIN_EXCEPTION
@@ -1526,7 +1526,7 @@
fail:
return (qpol_fs_use_t*)f;
};
- ~qpol_fs_use_t() {
+ ~qpol_fs_use() {
/* no op */
return;
};
@@ -1594,7 +1594,7 @@
#endif
typedef struct qpol_genfscon {} qpol_genfscon_t;
%extend qpol_genfscon_t {
- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) {
+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) {
qpol_genfscon_t *g;
BEGIN_EXCEPTION
if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) {
@@ -1604,7 +1604,7 @@
fail:
return g;
};
- ~qpol_genfscon_t() {
+ ~qpol_genfscon() {
free(self);
};
const char *get_name(qpol_policy_t *p) {
@@ -1656,7 +1656,7 @@
/* qpol isid */
typedef struct qpol_isid {} qpol_isid_t;
-%extend qpol_isid_t {
+%extend qpol_isid {
qpol_isid_t(qpol_policy_t *p, const char *name) {
const qpol_isid_t *i;
BEGIN_EXCEPTION
@@ -1667,7 +1667,7 @@
fail:
return (qpol_isid_t*)i;
};
- ~qpol_isid_t() {
+ ~qpol_isid() {
/* no op */
return;
};
@@ -1701,7 +1701,7 @@
/* qpol netifcon */
typedef struct qpol_netifcon {} qpol_netifcon_t;
%extend qpol_netifcon_t {
- qpol_netifcon_t(qpol_policy_t *p, const char *name) {
+ qpol_netifcon(qpol_policy_t *p, const char *name) {
const qpol_netifcon_t *n;
BEGIN_EXCEPTION
if (qpol_policy_get_netifcon_by_name(p, name, &n)) {
@@ -1711,7 +1711,7 @@
fail:
return (qpol_netifcon_t*)n;
};
- ~qpol_netifcon_t() {
+ ~qpol_netifcon() {
/* no op */
return;
};
@@ -1757,7 +1757,7 @@
#define QPOL_IPV6 1
typedef struct qpol_nodecon {} qpol_nodecon_t;
%extend qpol_nodecon_t {
- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
uint32_t a[4], m[4];
qpol_nodecon_t *n;
BEGIN_EXCEPTION
@@ -1772,7 +1772,7 @@
fail:
return n;
}
- ~qpol_nodecon_t() {
+ ~qpol_nodecon() {
free(self);
};
uint32_t *get_addr(qpol_policy_t *p) {
@@ -1830,7 +1830,7 @@
#define IPPROTO_UDP 17
typedef struct qpol_portcon {} qpol_portcon_t;
%extend qpol_portcon_t {
- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
const qpol_portcon_t *qp;
BEGIN_EXCEPTION
if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) {
@@ -1840,7 +1840,7 @@
fail:
return (qpol_portcon_t*)qp;
};
- ~qpol_portcon_t() {
+ ~qpol_portcon() {
/* no op */
return;
};
@@ -1893,7 +1893,7 @@
/* qpol constraint */
typedef struct qpol_constraint {} qpol_constraint_t;
-%extend qpol_constraint_t {
+%extend qpol_constraint {
qpol_constraint_t() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects");
@@ -1901,7 +1901,7 @@
fail:
return NULL;
};
- ~qpol_constraint_t() {
+ ~qpol_constraint() {
free(self);
};
const qpol_class_t *get_class(qpol_policy_t *p) {
@@ -1945,7 +1945,7 @@
/* qpol validatetrans */
typedef struct qpol_validatetrans {} qpol_validatetrans_t;
-%extend qpol_validatetrans_t {
+%extend qpol_validatetrans {
qpol_validatetrans_t() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects");
@@ -1953,7 +1953,7 @@
fail:
return NULL;
};
- ~qpol_validatetrans_t() {
+ ~qpol_validatetrans() {
free(self);
};
const qpol_class_t *get_class(qpol_policy_t *p) {
@@ -2011,14 +2011,14 @@
#define QPOL_CEXPR_OP_INCOMP 5
typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
%extend qpol_constraint_expr_node_t {
- qpol_constraint_expr_node_t() {
+ qpol_constraint_expr_node() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_constraint_expr_node_t() {
+ ~qpol_constraint_expr_node() {
/* no op */
return;
};
@@ -2073,14 +2073,14 @@
/* qpol role allow */
typedef struct qpol_role_allow {} qpol_role_allow_t;
%extend qpol_role_allow_t {
- qpol_role_allow_t() {
+ qpol_role_allow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_role_allow_t() {
+ ~qpol_role_allow() {
/* no op */
return;
};
@@ -2114,14 +2114,14 @@
/* qpol role trans */
typedef struct qpol_role_trans {} qpol_role_trans_t;
%extend qpol_role_trans_t {
- qpol_role_trans_t() {
+ qpol_role_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_role_trans_t() {
+ ~qpol_role_trans() {
/* no op */
return;
};
@@ -2165,14 +2165,14 @@
/* qpol range trans */
typedef struct qpol_range_trans {} qpol_range_trans_t;
%extend qpol_range_trans_t {
- qpol_range_trans_t() {
+ qpol_range_trans() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_range_trans_t() {
+ ~qpol_range_trans() {
/* no op */
return;
};
@@ -2228,14 +2228,14 @@
#define QPOL_RULE_DONTAUDIT 4
typedef struct qpol_avrule {} qpol_avrule_t;
%extend qpol_avrule_t {
- qpol_avrule_t() {
+ qpol_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_avrule_t() {
+ ~qpol_avrule() {
/* no op */
return;
};
@@ -2348,14 +2348,14 @@
#define QPOL_RULE_TYPE_MEMBER 32
typedef struct qpol_terule {} qpol_terule_t;
%extend qpol_terule_t {
- qpol_terule_t() {
+ qpol_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_terule_t() {
+ ~qpol_terule() {
/* no op */
return;
};
@@ -2464,14 +2464,14 @@
/* qpol conditional */
typedef struct qpol_cond {} qpol_cond_t;
%extend qpol_cond_t {
- qpol_cond_t() {
+ qpol_cond() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_cond_t() {
+ ~qpol_cond() {
/* no op */
return;
};
@@ -2557,14 +2557,14 @@
#define QPOL_COND_EXPR_NEQ 7 /* bool != bool */
typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
%extend qpol_cond_expr_node_t {
- qpol_cond_expr_node_t() {
+ qpol_cond_expr_node() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_cond_expr_node_t() {
+ ~qpol_cond_expr_node() {
/* no op */
return;
};
@@ -2602,14 +2602,14 @@
/* qpol type set */
typedef struct qpol_type_set {} qpol_type_set_t;
%extend qpol_type_set_t {
- qpol_type_set_t() {
+ qpol_type_set() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_type_set_t() {
+ ~qpol_type_set() {
/* no op */
return;
};
@@ -2665,14 +2665,14 @@
/* qpol syn av rule */
typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
%extend qpol_syn_avrule_t {
- qpol_syn_avrule_t() {
+ qpol_syn_avrule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_syn_avrule_t() {
+ ~qpol_syn_avrule() {
/* no op */
return;
};
@@ -2778,14 +2778,14 @@
/* qpol syn te rule */
typedef struct qpol_syn_terule {} qpol_syn_terule_t;
%extend qpol_syn_terule_t {
- qpol_syn_terule_t() {
+ qpol_syn_terule() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~qpol_syn_terule_t() {
+ ~qpol_syn_terule() {
/* no op */
return;
};

964
0010-Apply-swig-patch-to-make-apol-work-again.patch Normal file
View File

@ -0,0 +1,964 @@
From 5d1423e1473bbbcbdd7bba8a57ed7542d1abb285 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 11:13:30 +0200
Subject: [PATCH 10/11] Apply swig patch to make apol work again
---
libapol/swig/apol.i | 218 ++++++++++++++++++++++++++--------------------------
1 file changed, 109 insertions(+), 109 deletions(-)
diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i
index ae1262d..2e9fc55 100644
--- a/libapol/swig/apol.i
+++ b/libapol/swig/apol.i
@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
}
%}
%extend apol_ip_t {
- apol_ip_t(const char *str) {
+ apol_ip(const char *str) {
apol_ip_t *ip = NULL;
BEGIN_EXCEPTION
ip = calloc(1, sizeof(*ip));
@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
fail:
return ip;
};
- ~apol_ip_t() {
+ ~apol_ip() {
free(self);
};
int get_protocol() {
@@ -303,16 +303,16 @@ char *apol_file_find_path(const char *file_name);
%}
typedef struct apol_vector {} apol_vector_t;
%extend apol_vector_t {
- apol_vector_t() {
+ apol_vector() {
return apol_vector_create(NULL);
};
- apol_vector_t(qpol_iterator_t *iter) {
+ apol_vector(qpol_iterator_t *iter) {
return apol_vector_create_from_iter(iter, NULL);
};
- apol_vector_t(apol_vector_t *v) {
+ apol_vector(apol_vector_t *v) {
return apol_vector_create_from_vector(v, NULL, NULL, NULL);
};
- apol_vector_t(apol_vector_t *a, apol_vector_t *b) {
+ apol_vector(apol_vector_t *a, apol_vector_t *b) {
return apol_vector_create_from_intersection(a, b, NULL, NULL);
};
size_t get_size() {
@@ -324,7 +324,7 @@ typedef struct apol_vector {} apol_vector_t;
void *get_element(size_t i) {
return apol_vector_get_element(self, i);
};
- ~apol_vector_t() {
+ ~apol_vector() {
apol_vector_destroy(&self);
};
void append(void *x) {
@@ -379,13 +379,13 @@ typedef struct apol_vector {} apol_vector_t;
%}
typedef struct apol_string_vector {} apol_string_vector_t;
%extend apol_string_vector_t {
- apol_string_vector_t() {
+ apol_string_vector() {
return (apol_string_vector_t*)apol_vector_create(free);
};
- apol_string_vector_t(apol_string_vector_t *v) {
+ apol_string_vector(apol_string_vector_t *v) {
return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free);
};
- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) {
+ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) {
return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL);
};
size_t get_size() {
@@ -397,7 +397,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
char *get_element(size_t i) {
return (char*)apol_vector_get_element((apol_vector_t*)self, i);
};
- ~apol_string_vector_t() {
+ ~apol_string_vector() {
apol_vector_destroy((apol_vector_t**)&self);
};
size_t get_index(char *str) {
@@ -462,7 +462,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
} apol_policy_path_type_e;
typedef struct apol_policy_path {} apol_policy_path_t;
%extend apol_policy_path_t {
- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
+ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) {
@@ -472,7 +472,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(char *path) {
+ apol_policy_path(char *path) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_file(path)) == NULL) {
@@ -482,7 +482,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(char *str, int unused) {
+ apol_policy_path(char *str, int unused) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_string(str)) == NULL) {
@@ -492,7 +492,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(apol_policy_path_t *in) {
+ apol_policy_path(apol_policy_path_t *in) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) {
@@ -502,7 +502,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- ~apol_policy_path_t() {
+ ~apol_policy_path() {
apol_policy_path_destroy(&self);
};
apol_policy_path_type_e get_type() {
@@ -549,7 +549,7 @@ typedef struct apol_policy {} apol_policy_t;
#define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE)
#define APOL_PERMMAP_NONE 0x10
%extend apol_policy_t {
- apol_policy_t(apol_policy_path_t *path, int options = 0) {
+ apol_policy(apol_policy_path_t *path, int options = 0) {
apol_policy_t *p;
BEGIN_EXCEPTION
p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg);
@@ -564,7 +564,7 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return p;
};
- ~apol_policy_t() {
+ ~apol_policy() {
apol_policy_destroy(&self);
};
int get_policy_type() {
@@ -652,7 +652,7 @@ typedef struct apol_policy {} apol_policy_t;
/* apol type query */
typedef struct apol_type_query {} apol_type_query_t;
%extend apol_type_query_t {
- apol_type_query_t() {
+ apol_type_query() {
apol_type_query_t *tq;
BEGIN_EXCEPTION
tq = apol_type_query_create();
@@ -663,7 +663,7 @@ typedef struct apol_type_query {} apol_type_query_t;
fail:
return tq;
};
- ~apol_type_query_t() {
+ ~apol_type_query() {
apol_type_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -694,7 +694,7 @@ typedef struct apol_type_query {} apol_type_query_t;
/* apol attribute query */
typedef struct apol_attr_query {} apol_attr_query_t;
%extend apol_attr_query_t {
- apol_attr_query_t() {
+ apol_attr_query() {
apol_attr_query_t *aq;
BEGIN_EXCEPTION
aq = apol_attr_query_create();
@@ -705,7 +705,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
fail:
return aq;
};
- ~apol_attr_query_t() {
+ ~apol_attr_query() {
apol_attr_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -736,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
/* apol role query */
typedef struct apol_role_query {} apol_role_query_t;
%extend apol_role_query_t {
- apol_role_query_t() {
+ apol_role_query() {
apol_role_query_t *rq;
BEGIN_EXCEPTION
rq = apol_role_query_create();
@@ -747,7 +747,7 @@ typedef struct apol_role_query {} apol_role_query_t;
fail:
return rq;
};
- ~apol_role_query_t() {
+ ~apol_role_query() {
apol_role_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -788,7 +788,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t);
/* apol class query */
typedef struct apol_class_query {} apol_class_query_t;
%extend apol_class_query_t {
- apol_class_query_t() {
+ apol_class_query() {
apol_class_query_t *cq;
BEGIN_EXCEPTION
cq = apol_class_query_create();
@@ -799,7 +799,7 @@ typedef struct apol_class_query {} apol_class_query_t;
fail:
return cq;
};
- ~apol_class_query_t() {
+ ~apol_class_query() {
apol_class_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -839,7 +839,7 @@ typedef struct apol_class_query {} apol_class_query_t;
/* apol common query */
typedef struct apol_common_query {} apol_common_query_t;
%extend apol_common_query_t {
- apol_common_query_t() {
+ apol_common_query() {
apol_common_query_t *cq;
BEGIN_EXCEPTION
cq = apol_common_query_create();
@@ -850,7 +850,7 @@ typedef struct apol_common_query {} apol_common_query_t;
fail:
return cq;
};
- ~apol_common_query_t() {
+ ~apol_common_query() {
apol_common_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -881,7 +881,7 @@ typedef struct apol_common_query {} apol_common_query_t;
/* apol perm query */
typedef struct apol_perm_query {} apol_perm_query_t;
%extend apol_perm_query_t {
- apol_perm_query_t() {
+ apol_perm_query() {
apol_perm_query_t *pq;
BEGIN_EXCEPTION
pq = apol_perm_query_create();
@@ -892,7 +892,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
fail:
return pq;
};
- ~apol_perm_query_t() {
+ ~apol_perm_query() {
apol_perm_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -923,7 +923,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
/* apol bool query */
typedef struct apol_bool_query {} apol_bool_query_t;
%extend apol_bool_query_t {
- apol_bool_query_t() {
+ apol_bool_query() {
apol_bool_query_t *bq;
BEGIN_EXCEPTION
bq = apol_bool_query_create();
@@ -934,7 +934,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
fail:
return bq;
};
- ~apol_bool_query_t() {
+ ~apol_bool_query() {
apol_bool_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -965,7 +965,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
/* apol mls level */
typedef struct apol_mls_level {} apol_mls_level_t;
%extend apol_mls_level_t {
- apol_mls_level_t() {
+ apol_mls_level() {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create();
@@ -976,7 +976,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_mls_level_t *in) {
+ apol_mls_level(apol_mls_level_t *in) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_mls_level(in);
@@ -987,7 +987,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, const char *str) {
+ apol_mls_level(apol_policy_t *p, const char *str) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_string(p, str);
@@ -998,7 +998,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(const char *str) {
+ apol_mls_level(const char *str) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_literal(str);
@@ -1009,7 +1009,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) {
+ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_qpol_mls_level(p, qml);
@@ -1020,7 +1020,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) {
+ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_qpol_level_datum(p, ql);
@@ -1031,7 +1031,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- ~apol_mls_level_t() {
+ ~apol_mls_level() {
apol_mls_level_destroy(&self);
};
void set_sens(apol_policy_t *p, char *sens) {
@@ -1128,7 +1128,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2)
#endif
typedef struct apol_mls_range {} apol_mls_range_t;
%extend apol_mls_range_t {
- apol_mls_range_t() {
+ apol_mls_range() {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create();
@@ -1139,7 +1139,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_mls_range_t *in) {
+ apol_mls_range(apol_mls_range_t *in) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_mls_range(in);
@@ -1150,7 +1150,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_policy_t *p, const char *s) {
+ apol_mls_range(apol_policy_t *p, const char *s) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_string(p, s);
@@ -1161,7 +1161,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(const char *s) {
+ apol_mls_range(const char *s) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_literal(s);
@@ -1172,7 +1172,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) {
+ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_qpol_mls_range(p, in);
@@ -1183,7 +1183,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- ~apol_mls_range_t() {
+ ~apol_mls_range() {
apol_mls_range_destroy(&self);
};
void set_low(apol_policy_t *p, apol_mls_level_t *lvl) {
@@ -1278,7 +1278,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t *
/* apol level query */
typedef struct apol_level_query {} apol_level_query_t;
%extend apol_level_query_t {
- apol_level_query_t() {
+ apol_level_query() {
apol_level_query_t * alq;
BEGIN_EXCEPTION
alq = apol_level_query_create();
@@ -1289,7 +1289,7 @@ typedef struct apol_level_query {} apol_level_query_t;
fail:
return alq;
};
- ~apol_level_query_t() {
+ ~apol_level_query() {
apol_level_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1329,7 +1329,7 @@ typedef struct apol_level_query {} apol_level_query_t;
/* apol cat query */
typedef struct apol_cat_query {} apol_cat_query_t;
%extend apol_cat_query_t {
- apol_cat_query_t() {
+ apol_cat_query() {
apol_cat_query_t * acq;
BEGIN_EXCEPTION
acq = apol_cat_query_create();
@@ -1340,7 +1340,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
fail:
return acq;
};
- ~apol_cat_query_t() {
+ ~apol_cat_query() {
apol_cat_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -1379,7 +1379,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
#endif
typedef struct apol_user_query {} apol_user_query_t;
%extend apol_user_query_t {
- apol_user_query_t() {
+ apol_user_query() {
apol_user_query_t *auq;
BEGIN_EXCEPTION
auq = apol_user_query_create();
@@ -1390,7 +1390,7 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return auq;
};
- ~apol_user_query_t() {
+ ~apol_user_query() {
apol_user_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1448,7 +1448,7 @@ typedef struct apol_user_query {} apol_user_query_t;
/* apol context */
typedef struct apol_context {} apol_context_t;
%extend apol_context_t {
- apol_context_t() {
+ apol_context() {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create();
@@ -1459,7 +1459,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- apol_context_t(apol_policy_t *p, qpol_context_t *in) {
+ apol_context(apol_policy_t *p, qpol_context_t *in) {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create_from_qpol_context(p, in);
@@ -1470,7 +1470,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- apol_context_t(const char *str) {
+ apol_context(const char *str) {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create_from_literal(str);
@@ -1481,7 +1481,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- ~apol_context_t() {
+ ~apol_context() {
apol_context_destroy(&self);
};
void set_user(apol_policy_t *p, char *name) {
@@ -1583,7 +1583,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex
/* apol constraint query */
typedef struct apol_constraint_query {} apol_constraint_query_t;
%extend apol_constraint_query_t {
- apol_constraint_query_t() {
+ apol_constraint_query() {
apol_constraint_query_t *acq;
BEGIN_EXCEPTION
acq = apol_constraint_query_create();
@@ -1594,7 +1594,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
fail:
return acq;
};
- ~apol_constraint_query_t() {
+ ~apol_constraint_query() {
apol_constraint_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1634,7 +1634,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
/* apol validatetrans query */
typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
%extend apol_validatetrans_query_t {
- apol_validatetrans_query_t() {
+ apol_validatetrans_query() {
apol_validatetrans_query_t *avq;
BEGIN_EXCEPTION
avq = apol_validatetrans_query_create();
@@ -1645,7 +1645,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
fail:
return avq;
};
- ~apol_validatetrans_query_t() {
+ ~apol_validatetrans_query() {
apol_validatetrans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1684,7 +1684,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
#endif
typedef struct apol_genfscon_query {} apol_genfscon_query_t;
%extend apol_genfscon_query_t {
- apol_genfscon_query_t() {
+ apol_genfscon_query() {
apol_genfscon_query_t *agq;
BEGIN_EXCEPTION
agq = apol_genfscon_query_create();
@@ -1695,7 +1695,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return agq;
};
- ~apol_genfscon_query_t() {
+ ~apol_genfscon_query() {
apol_genfscon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1746,7 +1746,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon);
/* apol fs_use query */
typedef struct apol_fs_use_query {} apol_fs_use_query_t;
%extend apol_fs_use_query_t {
- apol_fs_use_query_t() {
+ apol_fs_use_query() {
apol_fs_use_query_t *afq;
BEGIN_EXCEPTION
afq = apol_fs_use_query_create();
@@ -1757,7 +1757,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
fail:
return afq;
};
- ~apol_fs_use_query_t() {
+ ~apol_fs_use_query() {
apol_fs_use_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1799,7 +1799,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse);
/* apol initial sid query */
typedef struct apol_isid_query {} apol_isid_query_t;
%extend apol_isid_query_t {
- apol_isid_query_t() {
+ apol_isid_query() {
apol_isid_query_t *aiq;
BEGIN_EXCEPTION
aiq = apol_isid_query_create();
@@ -1810,7 +1810,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
fail:
return aiq;
};
- ~apol_isid_query_t() {
+ ~apol_isid_query() {
apol_isid_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1841,7 +1841,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
/* apol portcon query */
typedef struct apol_portcon_query {} apol_portcon_query_t;
%extend apol_portcon_query_t {
- apol_portcon_query_t() {
+ apol_portcon_query() {
apol_portcon_query_t *apq;
BEGIN_EXCEPTION
apq = apol_portcon_query_create();
@@ -1852,7 +1852,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t;
fail:
return apq;
};
- ~apol_portcon_query_t() {
+ ~apol_portcon_query() {
apol_portcon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1885,7 +1885,7 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon);
/* apol netifcon query */
typedef struct apol_netifcon_query {} apol_netifcon_query_t;
%extend apol_netifcon_query_t {
- apol_netifcon_query_t() {
+ apol_netifcon_query() {
apol_netifcon_query_t *anq;
BEGIN_EXCEPTION
anq = apol_netifcon_query_create();
@@ -1896,7 +1896,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t;
fail:
return anq;
};
- ~apol_netifcon_query_t() {
+ ~apol_netifcon_query() {
apol_netifcon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1932,7 +1932,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon);
/* apol nodecon query */
typedef struct apol_nodecon_query {} apol_nodecon_query_t;
%extend apol_nodecon_query_t {
- apol_nodecon_query_t() {
+ apol_nodecon_query() {
apol_nodecon_query_t *anq;
BEGIN_EXCEPTION
anq = apol_nodecon_query_create();
@@ -1943,7 +1943,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t;
fail:
return anq;
};
- ~apol_nodecon_query_t() {
+ ~apol_nodecon_query() {
apol_nodecon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2012,7 +2012,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon);
/* apol avrule query */
typedef struct apol_avrule_query {} apol_avrule_query_t;
%extend apol_avrule_query_t {
- apol_avrule_query_t() {
+ apol_avrule_query() {
apol_avrule_query_t *avq;
BEGIN_EXCEPTION
avq = apol_avrule_query_create();
@@ -2023,7 +2023,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return avq;
};
- ~apol_avrule_query_t() {
+ ~apol_avrule_query() {
apol_avrule_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2163,7 +2163,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule);
/* apol terule query */
typedef struct apol_terule_query {} apol_terule_query_t;
%extend apol_terule_query_t {
- apol_terule_query_t() {
+ apol_terule_query() {
apol_terule_query_t *atq;
BEGIN_EXCEPTION
atq = apol_terule_query_create();
@@ -2174,7 +2174,7 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return atq;
};
- ~apol_terule_query_t() {
+ ~apol_terule_query() {
apol_terule_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2287,7 +2287,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t
/* apol cond rule query */
typedef struct apol_cond_query {} apol_cond_query_t;
%extend apol_cond_query_t {
- apol_cond_query_t() {
+ apol_cond_query() {
apol_cond_query_t *acq;
BEGIN_EXCEPTION
acq = apol_cond_query_create();
@@ -2298,7 +2298,7 @@ typedef struct apol_cond_query {} apol_cond_query_t;
fail:
return acq;
};
- ~apol_cond_query_t() {
+ ~apol_cond_query() {
apol_cond_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2331,7 +2331,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond);
/* apol role allow query */
typedef struct apol_role_allow_query {} apol_role_allow_query_t;
%extend apol_role_allow_query_t {
- apol_role_allow_query_t() {
+ apol_role_allow_query() {
apol_role_allow_query_t *arq;
BEGIN_EXCEPTION
arq = apol_role_allow_query_create();
@@ -2342,7 +2342,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
fail:
return arq;
};
- ~apol_role_allow_query_t() {
+ ~apol_role_allow_query() {
apol_role_allow_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2387,7 +2387,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule);
/* apol role transition rule query */
typedef struct apol_role_trans_query {} apol_role_trans_query_t;
%extend apol_role_trans_query_t {
- apol_role_trans_query_t() {
+ apol_role_trans_query() {
apol_role_trans_query_t *arq;
BEGIN_EXCEPTION
arq = apol_role_trans_query_create();
@@ -2398,7 +2398,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return arq;
};
- ~apol_role_trans_query_t() {
+ ~apol_role_trans_query() {
apol_role_trans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2452,7 +2452,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule);
/* apol range transition rule query */
typedef struct apol_range_trans_query {} apol_range_trans_query_t;
%extend apol_range_trans_query_t {
- apol_range_trans_query_t() {
+ apol_range_trans_query() {
apol_range_trans_query_t *arq;
BEGIN_EXCEPTION
arq = apol_range_trans_query_create();
@@ -2463,7 +2463,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return arq;
};
- ~apol_range_trans_query_t() {
+ ~apol_range_trans_query() {
apol_range_trans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2531,7 +2531,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule)
#define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID)
typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
%extend apol_domain_trans_analysis_t {
- apol_domain_trans_analysis_t() {
+ apol_domain_trans_analysis() {
apol_domain_trans_analysis_t *dta;
BEGIN_EXCEPTION
dta = apol_domain_trans_analysis_create();
@@ -2542,7 +2542,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return dta;
};
- ~apol_domain_trans_analysis_t() {
+ ~apol_domain_trans_analysis() {
apol_domain_trans_analysis_destroy(&self);
};
void set_direction(apol_policy_t *p, int direction) {
@@ -2622,7 +2622,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
};
typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
%extend apol_domain_trans_result_t {
- apol_domain_trans_result_t(apol_domain_trans_result_t *in) {
+ apol_domain_trans_result(apol_domain_trans_result_t *in) {
apol_domain_trans_result_t *dtr;
BEGIN_EXCEPTION
dtr = apol_domain_trans_result_create_from_domain_trans_result(in);
@@ -2633,7 +2633,7 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
fail:
return dtr;
};
- ~apol_domain_trans_result_t() {
+ ~apol_domain_trans_result() {
apol_domain_trans_result_destroy(&self);
};
const qpol_type_t *get_start_type() {
@@ -2705,14 +2705,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s
%}
typedef struct apol_infoflow {} apol_infoflow_t;
%extend apol_infoflow_t {
- apol_infoflow_t() {
+ apol_infoflow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_t() {
+ ~apol_infoflow() {
apol_infoflow_destroy(&self);
};
%newobject extract_graph();
@@ -2730,7 +2730,7 @@ typedef struct apol_infoflow {} apol_infoflow_t;
};
typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
%extend apol_infoflow_analysis_t {
- apol_infoflow_analysis_t() {
+ apol_infoflow_analysis() {
apol_infoflow_analysis_t *aia;
BEGIN_EXCEPTION
aia = apol_infoflow_analysis_create();
@@ -2741,7 +2741,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return aia;
};
- ~apol_infoflow_analysis_t() {
+ ~apol_infoflow_analysis() {
apol_infoflow_analysis_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2823,14 +2823,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
};
typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
%extend apol_infoflow_graph_t {
- apol_infoflow_graph_t() {
+ apol_infoflow_graph() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_graph_t() {
+ ~apol_infoflow_graph() {
apol_infoflow_graph_destroy(&self);
};
%newobject do_more(apol_policy_t*, char*);
@@ -2867,14 +2867,14 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
};
typedef struct apol_infoflow_result {} apol_infoflow_result_t;
%extend apol_infoflow_result_t {
- apol_infoflow_result_t() {
+ apol_infoflow_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_result_t() {
+ ~apol_infoflow_result() {
/* no op - vector will destroy */
return;
};
@@ -2901,14 +2901,14 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t;
%}
typedef struct apol_infoflow_step {} apol_infoflow_step_t;
%extend apol_infoflow_step_t {
- apol_infoflow_step_t() {
+ apol_infoflow_step() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_step_t() {
+ ~apol_infoflow_step() {
/* no op */
return;
};
@@ -2938,7 +2938,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t;
#define APOL_RELABEL_DIR_SUBJECT 0x04
typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
%extend apol_relabel_analysis_t {
- apol_relabel_analysis_t() {
+ apol_relabel_analysis() {
apol_relabel_analysis_t *ara;
BEGIN_EXCEPTION
ara = apol_relabel_analysis_create();
@@ -2949,7 +2949,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return ara;
};
- ~apol_relabel_analysis_t() {
+ ~apol_relabel_analysis() {
apol_relabel_analysis_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -3011,14 +3011,14 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
};
typedef struct apol_relabel_result {} apol_relabel_result_t;
%extend apol_relabel_result_t {
- apol_relabel_result_t() {
+ apol_relabel_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_relabel_result_t() {
+ ~apol_relabel_result() {
/* no op - vector will destroy */
return;
};
@@ -3042,14 +3042,14 @@ typedef struct apol_relabel_result {} apol_relabel_result_t;
%}
typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
%extend apol_relabel_result_pair_t {
- apol_relabel_result_pair_t() {
+ apol_relabel_result_pair() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_relabel_result_pair_t() {
+ ~apol_relabel_result_pair() {
/* no op - owned and free()'d by apol_relabel_result_t */
return;
};
@@ -3084,7 +3084,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
#define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000
typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
%extend apol_types_relation_analysis_t {
- apol_types_relation_analysis_t() {
+ apol_types_relation_analysis() {
apol_types_relation_analysis_t *atr;
BEGIN_EXCEPTION
atr = apol_types_relation_analysis_create();
@@ -3095,7 +3095,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
fail:
return atr;
};
- ~apol_types_relation_analysis_t() {
+ ~apol_types_relation_analysis() {
apol_types_relation_analysis_destroy(&self);
}
%newobject run(apol_policy_t*);
@@ -3139,14 +3139,14 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
};
typedef struct apol_types_relation_result {} apol_types_relation_result_t;
%extend apol_types_relation_result_t {
- apol_types_relation_result_t() {
+ apol_types_relation_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_types_relation_result_t() {
+ ~apol_types_relation_result() {
apol_types_relation_result_destroy(&self);
};
const apol_vector_t *get_attributes() {
@@ -3194,14 +3194,14 @@ typedef struct apol_types_relation_result {} apol_types_relation_result_t;
};
typedef struct apol_types_relation_access {} apol_types_relation_access_t;
%extend apol_types_relation_access_t {
- apol_types_relation_access_t() {
+ apol_types_relation_access() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_types_relation_access_t() {
+ ~apol_types_relation_access() {
/* no op - vector will destroy */
return;
};
--
1.8.5.3

84
0010-selinux_current_policy_path.patch Normal file
View File

@ -0,0 +1,84 @@
diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c
--- setools-3.3.7/libqpol/src/util.c.current 2010-04-23 12:22:08.000000000 -0400
+++ setools-3.3.7/libqpol/src/util.c 2012-02-16 12:01:33.030434514 -0500
@@ -84,75 +84,12 @@ static int get_binpol_version(const char
static int search_policy_binary_file(char **path)
{
- const char *binary_path;
- if ((binary_path = selinux_binary_policy_path()) == NULL) {
- return -1;
+ const char *binary_path = selinux_current_policy_path();
+ if (binary_path) {
+ *path = strdup(binary_path);
+ if (*path) return 0;
}
-
- int expected_version = -1, latest_version = -1;
-#ifdef LIBSELINUX
- /* if the system has SELinux enabled, prefer the policy whose
- name matches the current policy version */
- if ((expected_version = security_policyvers()) < 0) {
- return -1;
- }
-#endif
-
- glob_t glob_buf;
- struct stat fs;
- int rt, error = 0, retval = -1;
- size_t i;
- char *pattern = NULL;
- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
- return -1;
- }
- glob_buf.gl_offs = 1;
- glob_buf.gl_pathc = 0;
- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
- if (rt != 0 && rt != GLOB_NOMATCH) {
- errno = EIO;
- return -1;
- }
-
- for (i = 0; i < glob_buf.gl_pathc; i++) {
- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
- if (stat(p, &fs) != 0) {
- error = errno;
- goto cleanup;
- }
- if (S_ISDIR(fs.st_mode))
- continue;
-
- if ((rt = get_binpol_version(p)) < 0) {
- error = errno;
- goto cleanup;
- }
-
- if (rt > latest_version || rt == expected_version) {
- free(*path);
- if ((*path = strdup(p)) == NULL) {
- error = errno;
- goto cleanup;
- }
- if (rt == expected_version) {
- break;
- }
- latest_version = rt;
- }
- }
-
- if (*path == NULL) {
- retval = 1;
- } else {
- retval = 0;
- }
- cleanup:
- free(pattern);
- globfree(&glob_buf);
- if (retval == -1) {
- errno = error;
- }
- return retval;
+ return -1;
}
int qpol_default_policy_find(char **path)

154
0011-Fix-Wformat-security-issues.patch Normal file
View File

@ -0,0 +1,154 @@
From 32ede3cc817ee4f6806877a34a6c84ed50c31df7 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 11 Apr 2014 18:49:33 +0200
Subject: [PATCH 11/11] Fix -Wformat-security issues
---
libseaudit/src/bool_message.c | 4 ++--
libseaudit/src/filter.c | 2 +-
libseaudit/src/model.c | 2 +-
seaudit/progress.c | 4 ++--
seaudit/toplevel.c | 2 +-
seaudit/utilgui.c | 2 +-
sediff/progress.c | 4 ++--
sediff/toplevel.c | 2 +-
sediff/utilgui.c | 2 +-
9 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/libseaudit/src/bool_message.c b/libseaudit/src/bool_message.c
index f105cf0..d5b1e33 100644
--- a/libseaudit/src/bool_message.c
+++ b/libseaudit/src/bool_message.c
@@ -101,7 +101,7 @@ char *bool_message_to_string(const seaudit_message_t * msg, const char *date)
return NULL;
}
if ((misc_string = bool_message_to_misc_string(boolm)) == NULL ||
- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) {
+ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) {
free(misc_string);
return NULL;
}
@@ -128,7 +128,7 @@ char *bool_message_to_string_html(const seaudit_message_t * msg, const char *dat
return NULL;
}
if ((misc_string = bool_message_to_misc_string(boolm)) == NULL ||
- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) {
+ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) {
free(misc_string);
return NULL;
}
diff --git a/libseaudit/src/filter.c b/libseaudit/src/filter.c
index 298a309..c710ce4 100644
--- a/libseaudit/src/filter.c
+++ b/libseaudit/src/filter.c
@@ -1108,7 +1108,7 @@ int seaudit_filter_save_to_file(const seaudit_filter_t * filter, const char *fil
if ((file = fopen(filename, "w")) == NULL) {
return -1;
}
- fprintf(file, XML_VER);
+ fprintf(file, "%s", XML_VER);
fprintf(file, "<view xmlns=\"http://oss.tresys.com/projects/setools/seaudit-%s/\">\n", FILTER_FILE_FORMAT_VERSION);
filter_append_to_file(filter, file, 1);
fprintf(file, "</view>\n");
diff --git a/libseaudit/src/model.c b/libseaudit/src/model.c
index 1bc4a23..4a130cb 100644
--- a/libseaudit/src/model.c
+++ b/libseaudit/src/model.c
@@ -514,7 +514,7 @@ int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filena
if ((file = fopen(filename, "w")) == NULL) {
return -1;
}
- fprintf(file, XML_VER);
+ fprintf(file, "%s", XML_VER);
fprintf(file, "<view xmlns=\"http://oss.tresys.com/projects/setools/seaudit-%s/\" name=\"%s\" match=\"%s\" show=\"%s\">\n",
FILTER_FILE_FORMAT_VERSION, model->name,
model->match == SEAUDIT_FILTER_MATCH_ALL ? "all" : "any",
diff --git a/seaudit/progress.c b/seaudit/progress.c
index 2e0abeb..f092858 100644
--- a/seaudit/progress.c
+++ b/seaudit/progress.c
@@ -114,10 +114,10 @@ int progress_wait(progress_t * progress)
}
g_mutex_unlock(progress->mutex);
if (progress->done < 0) {
- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label);
+ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label);
return progress->done;
} else if (progress->done > 1) {
- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label);
+ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label);
return progress->done - 1;
} else {
progress->done = 0;
diff --git a/seaudit/toplevel.c b/seaudit/toplevel.c
index d901a99..27938d5 100644
--- a/seaudit/toplevel.c
+++ b/seaudit/toplevel.c
@@ -902,7 +902,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch
ERR(NULL, "%s", strerror(errno));
return;
}
- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
+ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
free(msg);
gtk_dialog_run(GTK_DIALOG(dialog));
gtk_widget_destroy(dialog);
diff --git a/seaudit/utilgui.c b/seaudit/utilgui.c
index 22028e1..78a1a08 100644
--- a/seaudit/utilgui.c
+++ b/seaudit/utilgui.c
@@ -30,7 +30,7 @@
void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg)
{
GtkWidget *dialog;
- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
+ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
gtk_dialog_run(GTK_DIALOG(dialog));
gtk_widget_destroy(dialog);
}
diff --git a/sediff/progress.c b/sediff/progress.c
index efaa120..312789e 100644
--- a/sediff/progress.c
+++ b/sediff/progress.c
@@ -115,10 +115,10 @@ int progress_wait(progress_t * progress)
}
g_mutex_unlock(progress->mutex);
if (progress->done < 0) {
- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label);
+ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label);
return progress->done;
} else if (progress->done > 1) {
- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label);
+ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label);
return progress->done - 1;
} else {
progress->done = 0;
diff --git a/sediff/toplevel.c b/sediff/toplevel.c
index db6d1f5..aabd039 100644
--- a/sediff/toplevel.c
+++ b/sediff/toplevel.c
@@ -453,7 +453,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch
ERR(NULL, "%s", strerror(errno));
return;
}
- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
+ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
free(msg);
gtk_dialog_run(GTK_DIALOG(dialog));
gtk_widget_destroy(dialog);
diff --git a/sediff/utilgui.c b/sediff/utilgui.c
index 04e1e05..9e183ba 100644
--- a/sediff/utilgui.c
+++ b/sediff/utilgui.c
@@ -31,7 +31,7 @@
void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg)
{
GtkWidget *dialog;
- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
+ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
gtk_dialog_run(GTK_DIALOG(dialog));
gtk_widget_destroy(dialog);
}
--
1.8.5.3

255
0011-setools-noship.patch Normal file
View File

@ -0,0 +1,255 @@
diff -up setools-3.3.7/Makefile.am.noship setools-3.3.7/Makefile.am
--- setools-3.3.7/Makefile.am.noship 2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.7/Makefile.am 2013-01-30 09:18:59.775157146 -0500
@@ -8,9 +8,8 @@ endif
if BUILD_GUI
MAYBE_GUI = seaudit
endif
-# sediffx is also built conditionally, from sediffx/Makefile.am
-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
@@ -49,12 +48,6 @@ seaudit: libqpol libapol libseaudit
sediff: libqpol libapol libpoldiff
$(MAKE) -C $(top_srcdir)/sediff sediff
-sediffx: libqpol libapol libpoldiff
- $(MAKE) -C $(top_srcdir)/sediff sediffx
-
-sechecker: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/sechecker
-
help:
@echo "Make targets for SETools:"
@echo " all: build everything, but do not install"
@@ -65,8 +58,6 @@ help:
@echo " secmds: build command line tools"
@echo " seaudit: build audit log analysis tools"
@echo " sediff: build semantic policy diff command line tool"
- @echo " sediffx: build semantic policy diff graphical tool"
- @echo " sechecker: build policy checking tool"
@echo ""
@echo " install-logwatch: install LogWatch config files for seaudit-report"
@echo " (requires LogWatch and root privileges)"
@@ -78,9 +69,9 @@ install-logwatch:
$(MAKE) -C $(top_srcdir)/seaudit install-logwatch
.PHONY: libqpol libapol libpoldiff libsefs libseaudit \
- apol secmds seaudit sediff sediffx sechecker \
+ apol secmds seaudit sediff \
install-logwatch help \
- seinfo sesearch indexcon findcon replcon searchcon \
+ seinfo sesearch \
packages
seinfo: libqpol libapol
@@ -89,18 +80,6 @@ seinfo: libqpol libapol
sesearch: libqpol libapol
$(MAKE) -C $(top_srcdir)/secmds sesearch
-indexcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds indexcon
-
-findcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds findcon
-
-replcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds replcon
-
-searchcon: libqpol libapol libsefs
- $(MAKE) -C $(top_srcdir)/secmds searchcon
-
packages:
$(MAKE) -C $(top_srcdir)/packages
diff -up setools-3.3.7/man/Makefile.am.noship setools-3.3.7/man/Makefile.am
--- setools-3.3.7/man/Makefile.am.noship 2007-08-02 17:16:33.000000000 -0400
+++ setools-3.3.7/man/Makefile.am 2013-01-30 09:16:13.696871566 -0500
@@ -1,19 +1,10 @@
if BUILD_GUI
MAYBEMANS = apol.1 \
- seaudit.8 seaudit-report.8 \
- sediffx.1
+ seaudit.8
endif
EXTRA_DIST=$(man_MANS) apol.1 \
- seaudit.8 seaudit-report.8.in \
- sediffx.1
+ seaudit.8
-man_MANS = findcon.1 indexcon.1 replcon.1 \
- sechecker.1 \
- sediff.1 \
+man_MANS = sediff.1 \
seinfo.1 sesearch.1 $(MAYBEMANS)
-
-seaudit-report.8: seaudit-report.8.in Makefile
- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
-
-CLEANFILES = seaudit-report.8
diff -up setools-3.3.7/seaudit/Makefile.am.noship setools-3.3.7/seaudit/Makefile.am
--- setools-3.3.7/seaudit/Makefile.am.noship 2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.7/seaudit/Makefile.am 2013-01-30 09:16:13.697871568 -0500
@@ -1,5 +1,4 @@
setoolsdir = @setoolsdir@
-bin_PROGRAMS = seaudit-report
sbin_PROGRAMS = seaudit
AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_
dist_setools_DATA = \
seaudit.glade \
seaudit_help.txt \
- seaudit-report.conf \
- seaudit-report.css \
seaudit.png seaudit-small.png
nodist_setools_DATA = \
- dot_seaudit \
- seaudit-report-service
+ dot_seaudit
seaudit_SOURCES = \
filter_view.c filter_view.h \
@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/l
dot_seaudit: dot_seaudit.in Makefile
sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
-seaudit_report_SOURCES = seaudit-report.c
-seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \
- $(top_builddir)/libapol/src/libapol.so \
- $(top_builddir)/libqpol/src/libqpol.so
-
logwatch = $(DESTDIR)/etc/logwatch
LOGWATCH_GROUP = $(logwatch)/conf/logfiles
LOGWATCH_SERVICE = $(logwatch)/conf/services
LOGWATCH_FILTER = $(logwatch)/scripts/services
-dist_noinst_DATA = dot_seaudit.in \
- seaudit-report-group.conf \
- seaudit-report-service.conf \
- seaudit-report-service.in
-
-seaudit-report-service: seaudit-report-service.in Makefile
- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@
-
-install-logwatch: $(dist_noinst_DATA) seaudit-report-service
- mkdir -p -- $(LOGWATCH_GROUP)
- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP)
- mkdir -p -- $(LOGWATCH_SERVICE)
- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE)
- mkdir -p -- $(LOGWATCH_FILTER)
- install -m 755 seaudit-report-service $(LOGWATCH_FILTER)
+dist_noinst_DATA = dot_seaudit.in
$(top_builddir)/libapol/src/libapol.so:
$(MAKE) -C $(top_builddir)/libapol/src $(notdir $@)
@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so:
$(top_builddir)/libsefs/src/libsefs.so:
$(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@)
-.PHONY: install-logwatch
-
-CLEANFILES = dot_seaudit seaudit-report-service
+CLEANFILES = dot_seaudit
diff -up setools-3.3.7/secmds/Makefile.am.noship setools-3.3.7/secmds/Makefile.am
--- setools-3.3.7/secmds/Makefile.am.noship 2007-08-02 17:16:33.000000000 -0400
+++ setools-3.3.7/secmds/Makefile.am 2013-01-30 09:16:13.698871569 -0500
@@ -1,6 +1,6 @@
# various setools command line tools
-bin_PROGRAMS = seinfo sesearch findcon replcon indexcon
+bin_PROGRAMS = seinfo sesearch
# These are for indexcon so that it is usable on machines without setools
STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3
@@ -18,18 +18,6 @@ seinfo_SOURCES = seinfo.c
sesearch_SOURCES = sesearch.c
-indexcon_SOURCES = indexcon.cc
-indexcon_LDADD = @SELINUX_LIB_FLAG@ $(STATICLIBS)
-indexcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so
-
-findcon_SOURCES = findcon.cc
-findcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD)
-findcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so
-
-replcon_SOURCES = replcon.cc
-replcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD)
-replcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so
-
$(top_builddir)/libapol/src/libapol.so:
$(MAKE) -C $(top_builddir)/libapol/src $(notdir $@)
diff -up setools-3.3.7/sediff/Makefile.am.noship setools-3.3.7/sediff/Makefile.am
--- setools-3.3.7/sediff/Makefile.am.noship 2007-04-25 15:20:20.000000000 -0400
+++ setools-3.3.7/sediff/Makefile.am 2013-01-30 09:16:13.698871569 -0500
@@ -1,13 +1,6 @@
setoolsdir = @setoolsdir@
-dist_setools_DATA = sediff_help.txt sediffx.glade \
- sediffx.png sediffx-small.png
-
-if BUILD_GUI
- MAYBE_SEDIFFX = sediffx
-endif
-
-bin_PROGRAMS = sediff $(MAYBE_SEDIFFX)
+bin_PROGRAMS = sediff
AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
@QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@
@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS
LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
-sediff_CFLAGS = $(AM_CFLAGS)
-sediffx_CFLAGS = $(AM_CFLAGS) \
- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@
-
-# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks
-sediffx_LDFLAGS = $(AM_LDFLAGS) \
- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \
- -rdynamic
+sediff_CFLAGS = $(AM_CFLAGS)
DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \
$(top_builddir)/libapol/src/libapol.so \
@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldif
sediff_SOURCES = sediff.c
-sediffx_SOURCES = \
- find_dialog.c find_dialog.h \
- open_policies_dialog.c open_policies_dialog.h \
- policy_view.c policy_view.h \
- progress.c progress.h \
- remap_types_dialog.c remap_types_dialog.h \
- result_item.c result_item.h \
- result_item_render.c result_item_render.h \
- results.c results.h \
- select_diff_dialog.c select_diff_dialog.h \
- toplevel.c toplevel.h \
- utilgui.c utilgui.h \
- sediffx.c sediffx.h
-
$(top_builddir)/libpoldiff/src/libpoldiff.so:
$(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@)
diff -up setools-3.3.7/configure.ac~ setools-3.3.7/configure.ac
--- setools-3.3.7/configure.ac~ 2013-01-30 09:52:05.689136955 -0500
+++ setools-3.3.7/configure.ac 2013-01-30 09:56:26.853722063 -0500
@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; the
fi
AC_PROG_CXX
AC_LANG([C])
-AC_PROG_LIBTOOL
+AC_PROG_RANLIB
AC_PROG_LN_S
AC_PROG_LEX
AC_PROG_YACC

51
0012-Fix-configure.ac-to-use-SWIG-3.0.0.patch Normal file
View File

@ -0,0 +1,51 @@
From 9fbf625c8606ff4a51d3d797b002bbf698592154 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Sun, 13 Apr 2014 20:58:14 +0200
Subject: [PATCH] Fix configure.ac to use SWIG-3.0.0
---
configure.ac | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5b1da5e..11c0e3e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
enable_jswig="$enableval")
if test "x${enable_jswig}" = xyes; then
if test ${do_swigify} = no; then
- AC_PROG_SWIG(2.0.0)
+ AC_PROG_SWIG(3.0.0)
fi
AC_JAVA_OPTIONS
if test "x$JAVAPREFIX" = x; then
@@ -225,14 +225,14 @@ AC_ARG_ENABLE(swig-python,
enable_pyswig="$enableval")
if test "x${enable_pyswig}" = xyes; then
if test ${do_swigify} = no; then
- AC_PROG_SWIG(2.0.0)
+ AC_PROG_SWIG(3.0.0)
fi
SWIG_PYTHON
do_swigify_python=yes
do_swigify=yes
fi
if test ${do_swigify} = "yes"; then
- AC_PROG_SWIG(2.0.0)
+ AC_PROG_SWIG(3.0.0)
fi
build_apol=yes
AC_ARG_ENABLE(swig-tcl,
@@ -241,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
enable_tclswig="$enableval", enable_tclswig="yes")
if test "x${enable_tclswig}" = xyes; then
if test ${do_swigify} = no; then
- AC_PROG_SWIG(2.0.0)
+ AC_PROG_SWIG(3.0.0)
fi
TEA_INIT(3.5)
TEA_PATH_TCLCONFIG
--
1.8.5.3

28
0012-seaudit.patch Normal file
View File

@ -0,0 +1,28 @@
diff -up setools-3.3.7/libqpol/swig/java/Makefile.am.seaudit setools-3.3.7/libqpol/swig/java/Makefile.am
--- setools-3.3.7/libqpol/swig/java/Makefile.am.seaudit 2010-05-03 12:37:54.000000000 -0400
+++ setools-3.3.7/libqpol/swig/java/Makefile.am 2012-09-28 10:15:56.408912525 -0400
@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \
qpol_type_t.java \
qpol_user_t.java \
qpol_validatetrans_t.java \
- SWIGTYPE_p_int.java \
SWIGTYPE_p_unsigned_int.java \
SWIGTYPE_p_void.java
diff -up setools-3.3.7/seaudit/progress.c.seaudit setools-3.3.7/seaudit/progress.c
--- setools-3.3.7/seaudit/progress.c.seaudit 2007-08-02 17:16:33.000000000 -0400
+++ setools-3.3.7/seaudit/progress.c 2012-09-28 10:15:56.407912521 -0400
@@ -99,10 +99,11 @@ void progress_hide(progress_t * progress
int progress_wait(progress_t * progress)
{
- GTimeVal wait_time = { 0, 50000 };
+ gint64 end_time;
g_mutex_lock(progress->mutex);
while (!progress->done) {
- g_cond_timed_wait(progress->cond, progress->mutex, &wait_time);
+ end_time = g_get_monotonic_time () + 50000; // need to be set before each wait
+ g_cond_wait_until(progress->cond, progress->mutex,end_time);
if (progress->s != NULL) {
gtk_label_set_text(GTK_LABEL(progress->label2), progress->s);
free(progress->s);

956
0013-swig.patch Normal file
View File

@ -0,0 +1,956 @@
@@ -, +, @@
---
libapol/swig/apol.i | 218 ++++++++++++++++++++++++++--------------------------
1 file changed, 109 insertions(+), 109 deletions(-)
--- a/libapol/swig/apol.i
+++ a/libapol/swig/apol.i
@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
}
%}
%extend apol_ip_t {
- apol_ip_t(const char *str) {
+ apol_ip(const char *str) {
apol_ip_t *ip = NULL;
BEGIN_EXCEPTION
ip = calloc(1, sizeof(*ip));
@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
fail:
return ip;
};
- ~apol_ip_t() {
+ ~apol_ip() {
free(self);
};
int get_protocol() {
@@ -303,16 +303,16 @@ char *apol_file_find_path(const char *file_name);
%}
typedef struct apol_vector {} apol_vector_t;
%extend apol_vector_t {
- apol_vector_t() {
+ apol_vector() {
return apol_vector_create(NULL);
};
- apol_vector_t(qpol_iterator_t *iter) {
+ apol_vector(qpol_iterator_t *iter) {
return apol_vector_create_from_iter(iter, NULL);
};
- apol_vector_t(apol_vector_t *v) {
+ apol_vector(apol_vector_t *v) {
return apol_vector_create_from_vector(v, NULL, NULL, NULL);
};
- apol_vector_t(apol_vector_t *a, apol_vector_t *b) {
+ apol_vector(apol_vector_t *a, apol_vector_t *b) {
return apol_vector_create_from_intersection(a, b, NULL, NULL);
};
size_t get_size() {
@@ -324,7 +324,7 @@ typedef struct apol_vector {} apol_vector_t;
void *get_element(size_t i) {
return apol_vector_get_element(self, i);
};
- ~apol_vector_t() {
+ ~apol_vector() {
apol_vector_destroy(&self);
};
void append(void *x) {
@@ -379,13 +379,13 @@ typedef struct apol_vector {} apol_vector_t;
%}
typedef struct apol_string_vector {} apol_string_vector_t;
%extend apol_string_vector_t {
- apol_string_vector_t() {
+ apol_string_vector() {
return (apol_string_vector_t*)apol_vector_create(free);
};
- apol_string_vector_t(apol_string_vector_t *v) {
+ apol_string_vector(apol_string_vector_t *v) {
return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free);
};
- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) {
+ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) {
return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL);
};
size_t get_size() {
@@ -397,7 +397,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
char *get_element(size_t i) {
return (char*)apol_vector_get_element((apol_vector_t*)self, i);
};
- ~apol_string_vector_t() {
+ ~apol_string_vector() {
apol_vector_destroy((apol_vector_t**)&self);
};
size_t get_index(char *str) {
@@ -462,7 +462,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
} apol_policy_path_type_e;
typedef struct apol_policy_path {} apol_policy_path_t;
%extend apol_policy_path_t {
- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
+ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) {
@@ -472,7 +472,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(char *path) {
+ apol_policy_path(char *path) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_file(path)) == NULL) {
@@ -482,7 +482,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(char *str, int unused) {
+ apol_policy_path(char *str, int unused) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_string(str)) == NULL) {
@@ -492,7 +492,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- apol_policy_path_t(apol_policy_path_t *in) {
+ apol_policy_path(apol_policy_path_t *in) {
apol_policy_path_t *p;
BEGIN_EXCEPTION
if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) {
@@ -502,7 +502,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
fail:
return p;
};
- ~apol_policy_path_t() {
+ ~apol_policy_path() {
apol_policy_path_destroy(&self);
};
apol_policy_path_type_e get_type() {
@@ -549,7 +549,7 @@ typedef struct apol_policy {} apol_policy_t;
#define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE)
#define APOL_PERMMAP_NONE 0x10
%extend apol_policy_t {
- apol_policy_t(apol_policy_path_t *path, int options = 0) {
+ apol_policy(apol_policy_path_t *path, int options = 0) {
apol_policy_t *p;
BEGIN_EXCEPTION
p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg);
@@ -564,7 +564,7 @@ typedef struct apol_policy {} apol_policy_t;
fail:
return p;
};
- ~apol_policy_t() {
+ ~apol_policy() {
apol_policy_destroy(&self);
};
int get_policy_type() {
@@ -652,7 +652,7 @@ typedef struct apol_policy {} apol_policy_t;
/* apol type query */
typedef struct apol_type_query {} apol_type_query_t;
%extend apol_type_query_t {
- apol_type_query_t() {
+ apol_type_query() {
apol_type_query_t *tq;
BEGIN_EXCEPTION
tq = apol_type_query_create();
@@ -663,7 +663,7 @@ typedef struct apol_type_query {} apol_type_query_t;
fail:
return tq;
};
- ~apol_type_query_t() {
+ ~apol_type_query() {
apol_type_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -694,7 +694,7 @@ typedef struct apol_type_query {} apol_type_query_t;
/* apol attribute query */
typedef struct apol_attr_query {} apol_attr_query_t;
%extend apol_attr_query_t {
- apol_attr_query_t() {
+ apol_attr_query() {
apol_attr_query_t *aq;
BEGIN_EXCEPTION
aq = apol_attr_query_create();
@@ -705,7 +705,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
fail:
return aq;
};
- ~apol_attr_query_t() {
+ ~apol_attr_query() {
apol_attr_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -736,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
/* apol role query */
typedef struct apol_role_query {} apol_role_query_t;
%extend apol_role_query_t {
- apol_role_query_t() {
+ apol_role_query() {
apol_role_query_t *rq;
BEGIN_EXCEPTION
rq = apol_role_query_create();
@@ -747,7 +747,7 @@ typedef struct apol_role_query {} apol_role_query_t;
fail:
return rq;
};
- ~apol_role_query_t() {
+ ~apol_role_query() {
apol_role_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -788,7 +788,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t);
/* apol class query */
typedef struct apol_class_query {} apol_class_query_t;
%extend apol_class_query_t {
- apol_class_query_t() {
+ apol_class_query() {
apol_class_query_t *cq;
BEGIN_EXCEPTION
cq = apol_class_query_create();
@@ -799,7 +799,7 @@ typedef struct apol_class_query {} apol_class_query_t;
fail:
return cq;
};
- ~apol_class_query_t() {
+ ~apol_class_query() {
apol_class_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -839,7 +839,7 @@ typedef struct apol_class_query {} apol_class_query_t;
/* apol common query */
typedef struct apol_common_query {} apol_common_query_t;
%extend apol_common_query_t {
- apol_common_query_t() {
+ apol_common_query() {
apol_common_query_t *cq;
BEGIN_EXCEPTION
cq = apol_common_query_create();
@@ -850,7 +850,7 @@ typedef struct apol_common_query {} apol_common_query_t;
fail:
return cq;
};
- ~apol_common_query_t() {
+ ~apol_common_query() {
apol_common_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -881,7 +881,7 @@ typedef struct apol_common_query {} apol_common_query_t;
/* apol perm query */
typedef struct apol_perm_query {} apol_perm_query_t;
%extend apol_perm_query_t {
- apol_perm_query_t() {
+ apol_perm_query() {
apol_perm_query_t *pq;
BEGIN_EXCEPTION
pq = apol_perm_query_create();
@@ -892,7 +892,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
fail:
return pq;
};
- ~apol_perm_query_t() {
+ ~apol_perm_query() {
apol_perm_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -923,7 +923,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
/* apol bool query */
typedef struct apol_bool_query {} apol_bool_query_t;
%extend apol_bool_query_t {
- apol_bool_query_t() {
+ apol_bool_query() {
apol_bool_query_t *bq;
BEGIN_EXCEPTION
bq = apol_bool_query_create();
@@ -934,7 +934,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
fail:
return bq;
};
- ~apol_bool_query_t() {
+ ~apol_bool_query() {
apol_bool_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -965,7 +965,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
/* apol mls level */
typedef struct apol_mls_level {} apol_mls_level_t;
%extend apol_mls_level_t {
- apol_mls_level_t() {
+ apol_mls_level() {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create();
@@ -976,7 +976,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_mls_level_t *in) {
+ apol_mls_level(apol_mls_level_t *in) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_mls_level(in);
@@ -987,7 +987,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, const char *str) {
+ apol_mls_level(apol_policy_t *p, const char *str) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_string(p, str);
@@ -998,7 +998,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(const char *str) {
+ apol_mls_level(const char *str) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_literal(str);
@@ -1009,7 +1009,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) {
+ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_qpol_mls_level(p, qml);
@@ -1020,7 +1020,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) {
+ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) {
apol_mls_level_t *aml;
BEGIN_EXCEPTION
aml = apol_mls_level_create_from_qpol_level_datum(p, ql);
@@ -1031,7 +1031,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
fail:
return aml;
};
- ~apol_mls_level_t() {
+ ~apol_mls_level() {
apol_mls_level_destroy(&self);
};
void set_sens(apol_policy_t *p, char *sens) {
@@ -1128,7 +1128,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2)
#endif
typedef struct apol_mls_range {} apol_mls_range_t;
%extend apol_mls_range_t {
- apol_mls_range_t() {
+ apol_mls_range() {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create();
@@ -1139,7 +1139,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_mls_range_t *in) {
+ apol_mls_range(apol_mls_range_t *in) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_mls_range(in);
@@ -1150,7 +1150,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_policy_t *p, const char *s) {
+ apol_mls_range(apol_policy_t *p, const char *s) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_string(p, s);
@@ -1161,7 +1161,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(const char *s) {
+ apol_mls_range(const char *s) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_literal(s);
@@ -1172,7 +1172,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) {
+ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) {
apol_mls_range_t *amr;
BEGIN_EXCEPTION
amr = apol_mls_range_create_from_qpol_mls_range(p, in);
@@ -1183,7 +1183,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
fail:
return amr;
};
- ~apol_mls_range_t() {
+ ~apol_mls_range() {
apol_mls_range_destroy(&self);
};
void set_low(apol_policy_t *p, apol_mls_level_t *lvl) {
@@ -1278,7 +1278,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t *
/* apol level query */
typedef struct apol_level_query {} apol_level_query_t;
%extend apol_level_query_t {
- apol_level_query_t() {
+ apol_level_query() {
apol_level_query_t * alq;
BEGIN_EXCEPTION
alq = apol_level_query_create();
@@ -1289,7 +1289,7 @@ typedef struct apol_level_query {} apol_level_query_t;
fail:
return alq;
};
- ~apol_level_query_t() {
+ ~apol_level_query() {
apol_level_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1329,7 +1329,7 @@ typedef struct apol_level_query {} apol_level_query_t;
/* apol cat query */
typedef struct apol_cat_query {} apol_cat_query_t;
%extend apol_cat_query_t {
- apol_cat_query_t() {
+ apol_cat_query() {
apol_cat_query_t * acq;
BEGIN_EXCEPTION
acq = apol_cat_query_create();
@@ -1340,7 +1340,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
fail:
return acq;
};
- ~apol_cat_query_t() {
+ ~apol_cat_query() {
apol_cat_query_destroy(&self);
};
%newobject run(apol_policy_t *);
@@ -1379,7 +1379,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
#endif
typedef struct apol_user_query {} apol_user_query_t;
%extend apol_user_query_t {
- apol_user_query_t() {
+ apol_user_query() {
apol_user_query_t *auq;
BEGIN_EXCEPTION
auq = apol_user_query_create();
@@ -1390,7 +1390,7 @@ typedef struct apol_user_query {} apol_user_query_t;
fail:
return auq;
};
- ~apol_user_query_t() {
+ ~apol_user_query() {
apol_user_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1448,7 +1448,7 @@ typedef struct apol_user_query {} apol_user_query_t;
/* apol context */
typedef struct apol_context {} apol_context_t;
%extend apol_context_t {
- apol_context_t() {
+ apol_context() {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create();
@@ -1459,7 +1459,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- apol_context_t(apol_policy_t *p, qpol_context_t *in) {
+ apol_context(apol_policy_t *p, qpol_context_t *in) {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create_from_qpol_context(p, in);
@@ -1470,7 +1470,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- apol_context_t(const char *str) {
+ apol_context(const char *str) {
apol_context_t *ctx;
BEGIN_EXCEPTION
ctx = apol_context_create_from_literal(str);
@@ -1481,7 +1481,7 @@ typedef struct apol_context {} apol_context_t;
fail:
return ctx;
};
- ~apol_context_t() {
+ ~apol_context() {
apol_context_destroy(&self);
};
void set_user(apol_policy_t *p, char *name) {
@@ -1583,7 +1583,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex
/* apol constraint query */
typedef struct apol_constraint_query {} apol_constraint_query_t;
%extend apol_constraint_query_t {
- apol_constraint_query_t() {
+ apol_constraint_query() {
apol_constraint_query_t *acq;
BEGIN_EXCEPTION
acq = apol_constraint_query_create();
@@ -1594,7 +1594,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
fail:
return acq;
};
- ~apol_constraint_query_t() {
+ ~apol_constraint_query() {
apol_constraint_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1634,7 +1634,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
/* apol validatetrans query */
typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
%extend apol_validatetrans_query_t {
- apol_validatetrans_query_t() {
+ apol_validatetrans_query() {
apol_validatetrans_query_t *avq;
BEGIN_EXCEPTION
avq = apol_validatetrans_query_create();
@@ -1645,7 +1645,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
fail:
return avq;
};
- ~apol_validatetrans_query_t() {
+ ~apol_validatetrans_query() {
apol_validatetrans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1684,7 +1684,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
#endif
typedef struct apol_genfscon_query {} apol_genfscon_query_t;
%extend apol_genfscon_query_t {
- apol_genfscon_query_t() {
+ apol_genfscon_query() {
apol_genfscon_query_t *agq;
BEGIN_EXCEPTION
agq = apol_genfscon_query_create();
@@ -1695,7 +1695,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
fail:
return agq;
};
- ~apol_genfscon_query_t() {
+ ~apol_genfscon_query() {
apol_genfscon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1746,7 +1746,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon);
/* apol fs_use query */
typedef struct apol_fs_use_query {} apol_fs_use_query_t;
%extend apol_fs_use_query_t {
- apol_fs_use_query_t() {
+ apol_fs_use_query() {
apol_fs_use_query_t *afq;
BEGIN_EXCEPTION
afq = apol_fs_use_query_create();
@@ -1757,7 +1757,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
fail:
return afq;
};
- ~apol_fs_use_query_t() {
+ ~apol_fs_use_query() {
apol_fs_use_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1799,7 +1799,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse);
/* apol initial sid query */
typedef struct apol_isid_query {} apol_isid_query_t;
%extend apol_isid_query_t {
- apol_isid_query_t() {
+ apol_isid_query() {
apol_isid_query_t *aiq;
BEGIN_EXCEPTION
aiq = apol_isid_query_create();
@@ -1810,7 +1810,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
fail:
return aiq;
};
- ~apol_isid_query_t() {
+ ~apol_isid_query() {
apol_isid_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1841,7 +1841,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
/* apol portcon query */
typedef struct apol_portcon_query {} apol_portcon_query_t;
%extend apol_portcon_query_t {
- apol_portcon_query_t() {
+ apol_portcon_query() {
apol_portcon_query_t *apq;
BEGIN_EXCEPTION
apq = apol_portcon_query_create();
@@ -1852,7 +1852,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t;
fail:
return apq;
};
- ~apol_portcon_query_t() {
+ ~apol_portcon_query() {
apol_portcon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1885,7 +1885,7 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon);
/* apol netifcon query */
typedef struct apol_netifcon_query {} apol_netifcon_query_t;
%extend apol_netifcon_query_t {
- apol_netifcon_query_t() {
+ apol_netifcon_query() {
apol_netifcon_query_t *anq;
BEGIN_EXCEPTION
anq = apol_netifcon_query_create();
@@ -1896,7 +1896,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t;
fail:
return anq;
};
- ~apol_netifcon_query_t() {
+ ~apol_netifcon_query() {
apol_netifcon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -1932,7 +1932,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon);
/* apol nodecon query */
typedef struct apol_nodecon_query {} apol_nodecon_query_t;
%extend apol_nodecon_query_t {
- apol_nodecon_query_t() {
+ apol_nodecon_query() {
apol_nodecon_query_t *anq;
BEGIN_EXCEPTION
anq = apol_nodecon_query_create();
@@ -1943,7 +1943,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t;
fail:
return anq;
};
- ~apol_nodecon_query_t() {
+ ~apol_nodecon_query() {
apol_nodecon_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2012,7 +2012,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon);
/* apol avrule query */
typedef struct apol_avrule_query {} apol_avrule_query_t;
%extend apol_avrule_query_t {
- apol_avrule_query_t() {
+ apol_avrule_query() {
apol_avrule_query_t *avq;
BEGIN_EXCEPTION
avq = apol_avrule_query_create();
@@ -2023,7 +2023,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
fail:
return avq;
};
- ~apol_avrule_query_t() {
+ ~apol_avrule_query() {
apol_avrule_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2163,7 +2163,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule);
/* apol terule query */
typedef struct apol_terule_query {} apol_terule_query_t;
%extend apol_terule_query_t {
- apol_terule_query_t() {
+ apol_terule_query() {
apol_terule_query_t *atq;
BEGIN_EXCEPTION
atq = apol_terule_query_create();
@@ -2174,7 +2174,7 @@ typedef struct apol_terule_query {} apol_terule_query_t;
fail:
return atq;
};
- ~apol_terule_query_t() {
+ ~apol_terule_query() {
apol_terule_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2287,7 +2287,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t
/* apol cond rule query */
typedef struct apol_cond_query {} apol_cond_query_t;
%extend apol_cond_query_t {
- apol_cond_query_t() {
+ apol_cond_query() {
apol_cond_query_t *acq;
BEGIN_EXCEPTION
acq = apol_cond_query_create();
@@ -2298,7 +2298,7 @@ typedef struct apol_cond_query {} apol_cond_query_t;
fail:
return acq;
};
- ~apol_cond_query_t() {
+ ~apol_cond_query() {
apol_cond_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2331,7 +2331,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond);
/* apol role allow query */
typedef struct apol_role_allow_query {} apol_role_allow_query_t;
%extend apol_role_allow_query_t {
- apol_role_allow_query_t() {
+ apol_role_allow_query() {
apol_role_allow_query_t *arq;
BEGIN_EXCEPTION
arq = apol_role_allow_query_create();
@@ -2342,7 +2342,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
fail:
return arq;
};
- ~apol_role_allow_query_t() {
+ ~apol_role_allow_query() {
apol_role_allow_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2387,7 +2387,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule);
/* apol role transition rule query */
typedef struct apol_role_trans_query {} apol_role_trans_query_t;
%extend apol_role_trans_query_t {
- apol_role_trans_query_t() {
+ apol_role_trans_query() {
apol_role_trans_query_t *arq;
BEGIN_EXCEPTION
arq = apol_role_trans_query_create();
@@ -2398,7 +2398,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
fail:
return arq;
};
- ~apol_role_trans_query_t() {
+ ~apol_role_trans_query() {
apol_role_trans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2452,7 +2452,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule);
/* apol range transition rule query */
typedef struct apol_range_trans_query {} apol_range_trans_query_t;
%extend apol_range_trans_query_t {
- apol_range_trans_query_t() {
+ apol_range_trans_query() {
apol_range_trans_query_t *arq;
BEGIN_EXCEPTION
arq = apol_range_trans_query_create();
@@ -2463,7 +2463,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
fail:
return arq;
};
- ~apol_range_trans_query_t() {
+ ~apol_range_trans_query() {
apol_range_trans_query_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2531,7 +2531,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule)
#define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID)
typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
%extend apol_domain_trans_analysis_t {
- apol_domain_trans_analysis_t() {
+ apol_domain_trans_analysis() {
apol_domain_trans_analysis_t *dta;
BEGIN_EXCEPTION
dta = apol_domain_trans_analysis_create();
@@ -2542,7 +2542,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
fail:
return dta;
};
- ~apol_domain_trans_analysis_t() {
+ ~apol_domain_trans_analysis() {
apol_domain_trans_analysis_destroy(&self);
};
void set_direction(apol_policy_t *p, int direction) {
@@ -2622,7 +2622,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
};
typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
%extend apol_domain_trans_result_t {
- apol_domain_trans_result_t(apol_domain_trans_result_t *in) {
+ apol_domain_trans_result(apol_domain_trans_result_t *in) {
apol_domain_trans_result_t *dtr;
BEGIN_EXCEPTION
dtr = apol_domain_trans_result_create_from_domain_trans_result(in);
@@ -2633,7 +2633,7 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
fail:
return dtr;
};
- ~apol_domain_trans_result_t() {
+ ~apol_domain_trans_result() {
apol_domain_trans_result_destroy(&self);
};
const qpol_type_t *get_start_type() {
@@ -2705,14 +2705,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s
%}
typedef struct apol_infoflow {} apol_infoflow_t;
%extend apol_infoflow_t {
- apol_infoflow_t() {
+ apol_infoflow() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_t() {
+ ~apol_infoflow() {
apol_infoflow_destroy(&self);
};
%newobject extract_graph();
@@ -2730,7 +2730,7 @@ typedef struct apol_infoflow {} apol_infoflow_t;
};
typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
%extend apol_infoflow_analysis_t {
- apol_infoflow_analysis_t() {
+ apol_infoflow_analysis() {
apol_infoflow_analysis_t *aia;
BEGIN_EXCEPTION
aia = apol_infoflow_analysis_create();
@@ -2741,7 +2741,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
fail:
return aia;
};
- ~apol_infoflow_analysis_t() {
+ ~apol_infoflow_analysis() {
apol_infoflow_analysis_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -2823,14 +2823,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
};
typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
%extend apol_infoflow_graph_t {
- apol_infoflow_graph_t() {
+ apol_infoflow_graph() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_graph_t() {
+ ~apol_infoflow_graph() {
apol_infoflow_graph_destroy(&self);
};
%newobject do_more(apol_policy_t*, char*);
@@ -2867,14 +2867,14 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
};
typedef struct apol_infoflow_result {} apol_infoflow_result_t;
%extend apol_infoflow_result_t {
- apol_infoflow_result_t() {
+ apol_infoflow_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_result_t() {
+ ~apol_infoflow_result() {
/* no op - vector will destroy */
return;
};
@@ -2901,14 +2901,14 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t;
%}
typedef struct apol_infoflow_step {} apol_infoflow_step_t;
%extend apol_infoflow_step_t {
- apol_infoflow_step_t() {
+ apol_infoflow_step() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_infoflow_step_t() {
+ ~apol_infoflow_step() {
/* no op */
return;
};
@@ -2938,7 +2938,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t;
#define APOL_RELABEL_DIR_SUBJECT 0x04
typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
%extend apol_relabel_analysis_t {
- apol_relabel_analysis_t() {
+ apol_relabel_analysis() {
apol_relabel_analysis_t *ara;
BEGIN_EXCEPTION
ara = apol_relabel_analysis_create();
@@ -2949,7 +2949,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
fail:
return ara;
};
- ~apol_relabel_analysis_t() {
+ ~apol_relabel_analysis() {
apol_relabel_analysis_destroy(&self);
};
%newobject run(apol_policy_t*);
@@ -3011,14 +3011,14 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
};
typedef struct apol_relabel_result {} apol_relabel_result_t;
%extend apol_relabel_result_t {
- apol_relabel_result_t() {
+ apol_relabel_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_relabel_result_t() {
+ ~apol_relabel_result() {
/* no op - vector will destroy */
return;
};
@@ -3042,14 +3042,14 @@ typedef struct apol_relabel_result {} apol_relabel_result_t;
%}
typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
%extend apol_relabel_result_pair_t {
- apol_relabel_result_pair_t() {
+ apol_relabel_result_pair() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_relabel_result_pair_t() {
+ ~apol_relabel_result_pair() {
/* no op - owned and free()'d by apol_relabel_result_t */
return;
};
@@ -3084,7 +3084,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
#define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000
typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
%extend apol_types_relation_analysis_t {
- apol_types_relation_analysis_t() {
+ apol_types_relation_analysis() {
apol_types_relation_analysis_t *atr;
BEGIN_EXCEPTION
atr = apol_types_relation_analysis_create();
@@ -3095,7 +3095,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
fail:
return atr;
};
- ~apol_types_relation_analysis_t() {
+ ~apol_types_relation_analysis() {
apol_types_relation_analysis_destroy(&self);
}
%newobject run(apol_policy_t*);
@@ -3139,14 +3139,14 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
};
typedef struct apol_types_relation_result {} apol_types_relation_result_t;
%extend apol_types_relation_result_t {
- apol_types_relation_result_t() {
+ apol_types_relation_result() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_types_relation_result_t() {
+ ~apol_types_relation_result() {
apol_types_relation_result_destroy(&self);
};
const apol_vector_t *get_attributes() {
@@ -3194,14 +3194,14 @@ typedef struct apol_types_relation_result {} apol_types_relation_result_t;
};
typedef struct apol_types_relation_access {} apol_types_relation_access_t;
%extend apol_types_relation_access_t {
- apol_types_relation_access_t() {
+ apol_types_relation_access() {
BEGIN_EXCEPTION
SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects");
END_EXCEPTION
fail:
return NULL;
};
- ~apol_types_relation_access_t() {
+ ~apol_types_relation_access() {
/* no op - vector will destroy */
return;
};
--

24
0014-boolsub.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up ./setools-3.3.7/secmds/seinfo.c~ ./setools-3.3.7/secmds/seinfo.c
--- ./setools-3.3.7/secmds/seinfo.c~ 2013-03-14 15:26:31.467121596 -0400
+++ ./setools-3.3.7/secmds/seinfo.c 2013-03-14 15:35:20.154650517 -0400
@@ -1705,7 +1705,7 @@ int main(int argc, char **argv)
case 'b': /* conditional booleans */
bools = 1;
if (optarg != 0)
- bool_name = optarg;
+ bool_name = selinux_boolean_sub(optarg);
break;
case OPT_INITIALSID:
isids = 1;
diff -up ./setools-3.3.7/secmds/sesearch.c~ ./setools-3.3.7/secmds/sesearch.c
--- ./setools-3.3.7/secmds/sesearch.c~ 2013-03-14 15:26:31.539121944 -0400
+++ ./setools-3.3.7/secmds/sesearch.c 2013-03-14 15:34:36.615445562 -0400
@@ -1056,7 +1056,7 @@ int main(int argc, char **argv)
printf("Missing boolean for -b (--bool)\n");
exit(1);
}
- cmd_opts.bool_name = strdup(optarg);
+ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg));
if (!cmd_opts.bool_name) {
fprintf(stderr, "%s\n", strerror(errno));
exit(1);

82
0015-aliases.patch Normal file
View File

@ -0,0 +1,82 @@
diff -up setools-3.3.7/libapol/src/policy-query.c~ setools-3.3.7/libapol/src/policy-query.c
diff -up setools-3.3.7/libqpol/include/qpol/type_query.h~ setools-3.3.7/libqpol/include/qpol/type_query.h
diff -up setools-3.3.7/libqpol/tests/iterators-tests.c~ setools-3.3.7/libqpol/tests/iterators-tests.c
diff -up setools-3.3.7/secmds/seinfo.c~ setools-3.3.7/secmds/seinfo.c
--- setools-3.3.7/secmds/seinfo.c~ 2013-03-25 11:30:23.161633059 -0400
+++ setools-3.3.7/secmds/seinfo.c 2013-03-28 13:08:07.281751011 -0400
@@ -46,6 +46,7 @@
#include <string.h>
#include <assert.h>
#include <getopt.h>
+#include <selinux/selinux.h>
#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
@@ -54,6 +55,7 @@
static char *policy_file = NULL;
+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb);
static void print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
static void print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
static void print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand);
@@ -511,6 +513,7 @@ static int print_types(FILE * fp, const
if (qpol_policy_get_type_by_name(q, name, &type_datum))
goto cleanup;
print_type_attrs(fp, type_datum, policydb, expand);
+ print_type_aliases(fp, type_datum, policydb);
} else {
if (qpol_policy_get_type_iter(q, &iter))
goto cleanup;
@@ -1897,6 +1900,51 @@ int main(int argc, char **argv)
}
/**
+ * Prints the alias of a type.
+ *
+ * @param fp Reference to a file to which to print type information
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ * attributes
+ */
+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb)
+{
+ qpol_iterator_t *iter = NULL;
+ size_t alias_size;
+ unsigned char isattr, isalias;
+ const char *type_name = NULL;
+ const char *alias_name;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ if (qpol_type_get_name(q, type_datum, &type_name))
+ goto cleanup;
+ if (qpol_type_get_isattr(q, type_datum, &isattr))
+ goto cleanup;
+ if (qpol_type_get_isalias(q, type_datum, &isalias))
+ goto cleanup;
+
+ if (isalias) {
+ fprintf(fp, " TypeName %s\n", type_name);
+ }
+ if (qpol_type_get_alias_iter(q, type_datum, &iter))
+ goto cleanup;
+ if (qpol_iterator_get_size(iter, &alias_size))
+ goto cleanup;
+ if (alias_size > 0) {
+ fprintf(fp, " Aliases\n");
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&alias_name))
+ goto cleanup;
+ fprintf(fp, " %s\n", alias_name);
+ }
+ }
+
+ cleanup:
+ qpol_iterator_destroy(&iter);
+ return;
+}
+
+/**
* Prints a textual representation of a type, and possibly
* all of that type's attributes.
*

107
0016-cmdline.patch Normal file
View File

@ -0,0 +1,107 @@
diff -up setools-3.3.7/man/sesearch.1.cmdline setools-3.3.7/man/sesearch.1
--- setools-3.3.7/man/sesearch.1.cmdline 2008-02-22 14:06:28.000000000 -0500
+++ setools-3.3.7/man/sesearch.1 2013-07-19 06:46:21.314068667 -0400
@@ -43,7 +43,7 @@ Search for allow rules.
Search for neverallow rules.
.IP "--auditallow"
Search for auditallow rules.
-.IP "--dontaudit"
+.IP "-D, --dontaudit"
Search for dontaudit rules.
.IP "-T, --type"
Search for type_transition, type_member, and type_change rules.
diff -up setools-3.3.7/secmds/sesearch.c.cmdline setools-3.3.7/secmds/sesearch.c
--- setools-3.3.7/secmds/sesearch.c.cmdline 2013-07-19 06:46:21.291068510 -0400
+++ setools-3.3.7/secmds/sesearch.c 2013-07-19 06:48:12.962830868 -0400
@@ -24,6 +24,7 @@
*/
#include <config.h>
+#include <selinux/selinux.h>
/* libapol */
#include <apol/policy.h>
@@ -61,9 +62,8 @@ enum opt_values
static struct option const longopts[] = {
{"allow", no_argument, NULL, 'A'},
{"neverallow", no_argument, NULL, RULE_NEVERALLOW},
- {"audit", no_argument, NULL, RULE_AUDIT},
{"auditallow", no_argument, NULL, RULE_AUDITALLOW},
- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT},
+ {"dontaudit", no_argument, NULL, 'D'},
{"type", no_argument, NULL, 'T'},
{"role_allow", no_argument, NULL, RULE_ROLE_ALLOW},
{"role_trans", no_argument, NULL, RULE_ROLE_TRANS},
@@ -72,7 +72,6 @@ static struct option const longopts[] =
{"source", required_argument, NULL, 's'},
{"target", required_argument, NULL, 't'},
- {"default", required_argument, NULL, 'D'},
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
{"class", required_argument, NULL, 'c'},
@@ -129,7 +128,7 @@ void usage(const char *program_name, int
printf(" -A, --allow allow rules\n");
printf(" --neverallow neverallow rules\n");
printf(" --auditallow auditallow rules\n");
- printf(" --dontaudit dontaudit rules\n");
+ printf(" -D, --dontaudit dontaudit rules\n");
printf(" -T, --type type_trans, type_member, and type_change\n");
printf(" --role_allow role allow rules\n");
printf(" --role_trans role_transition rules\n");
@@ -666,10 +665,6 @@ static void print_ft_results(const apol_
size_t i, num_filename_trans = 0;
const qpol_filename_trans_t *filename_trans = NULL;
char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
- char enable_char = ' ', branch_char = ' ';
- qpol_iterator_t *iter = NULL;
- const qpol_cond_t *cond = NULL;
- uint32_t enabled = 0, list = 0;
if (!(num_filename_trans = apol_vector_get_size(v)))
goto cleanup;
@@ -677,7 +672,6 @@ static void print_ft_results(const apol_
fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
for (i = 0; i < num_filename_trans; i++) {
- enable_char = branch_char = ' ';
if (!(filename_trans = apol_vector_get_element(v, i)))
goto cleanup;
@@ -962,7 +956,7 @@ int main(int argc, char **argv)
memset(&cmd_opts, 0, sizeof(cmd_opts));
cmd_opts.indirect = true;
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) {
switch (optc) {
case 0:
break;
@@ -978,18 +972,6 @@ int main(int argc, char **argv)
exit(1);
}
break;
- case 'D': /* source */
- if (optarg == 0) {
- usage(argv[0], 1);
- printf("Missing source default type for -D (--default)\n");
- exit(1);
- }
- cmd_opts.default_name = strdup(optarg);
- if (!cmd_opts.default_name) {
-
- exit(1);
- }
- break;
case 't': /* target */
if (optarg == 0) {
usage(argv[0], 1);
@@ -1082,7 +1064,7 @@ int main(int argc, char **argv)
case RULE_AUDITALLOW:
cmd_opts.auditallow = true;
break;
- case RULE_DONTAUDIT:
+ case 'D':
cmd_opts.dontaudit = true;
break;
case 'T': /* type */

142
1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
View File

@ -1,142 +0,0 @@
From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 26 Apr 2019 15:27:25 +0200
Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
setools.DomainTransitionAnalysis
dta and infoflow modules require networkx which brings lot of dependencies.
These dependencies are not necessary for setools module itself as it's
used in policycoreutils.
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
setools.dta.DomainTransitionAnalysis and let the package containing
sedta and seinfoflow to require python3-networkx
---
sedta | 5 +++--
seinfoflow | 4 ++--
setools/__init__.py | 4 ----
setoolsgui/apol/dta.py | 2 +-
setoolsgui/apol/infoflow.py | 2 +-
tests/dta.py | 2 +-
tests/infoflow.py | 2 +-
7 files changed, 9 insertions(+), 12 deletions(-)
diff --git a/sedta b/sedta
index 57070098fe10..51890ea8ea73 100755
--- a/sedta
+++ b/sedta
@@ -23,9 +23,10 @@ import logging
import signal
import setools
+import setools.dta
-def print_transition(trans: setools.DomainTransition) -> None:
+def print_transition(trans: setools.dta.DomainTransition) -> None:
if trans.transition:
print("Domain transition rule(s):")
for t in trans.transition:
@@ -114,7 +115,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/seinfoflow b/seinfoflow
index 0ddcfdc7c1fb..8321718b2640 100755
--- a/seinfoflow
+++ b/seinfoflow
@@ -17,7 +17,7 @@
# along with SETools. If not, see <http://www.gnu.org/licenses/>.
#
-import setools
+import setools.infoflow
import argparse
import sys
import logging
@@ -102,7 +102,7 @@ elif args.booleans is not None:
try:
p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map)
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
booleans=booleans)
if args.shortest_path or args.all_paths:
diff --git a/setools/__init__.py b/setools/__init__.py
index d72d343e7e79..642485b9018d 100644
--- a/setools/__init__.py
+++ b/setools/__init__.py
@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis
-from .infoflow import InfoFlowAnalysis
from .permmap import PermissionMap, RuleWeight, Mapping
-# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
-
# Policy difference
from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
index 62dbf04d9a5e..0ea000e790f0 100644
--- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py
@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import DomainTransitionAnalysis
+from setools.dta import DomainTransitionAnalysis
from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisSection, AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
index 28009aa2329c..92d350bf727c 100644
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import InfoFlowAnalysis
+from setools.infoflow import InfoFlowAnalysis
from setools.exception import UnmappedClass, UnmappedPermission
from ..logtosignal import LogHandlerToSignal
diff --git a/tests/dta.py b/tests/dta.py
index a0cc9381469c..177e6fb0b961 100644
--- a/tests/dta.py
+++ b/tests/dta.py
@@ -18,7 +18,7 @@
import os
import unittest
-from setools import DomainTransitionAnalysis
+from setools.dta import DomainTransitionAnalysis
from setools import TERuletype as TERT
from setools.exception import InvalidType
from setools.policyrep import Type
diff --git a/tests/infoflow.py b/tests/infoflow.py
index aa0e44a7e4f8..fca2848aeca5 100644
--- a/tests/infoflow.py
+++ b/tests/infoflow.py
@@ -18,7 +18,7 @@
import os
import unittest
-from setools import InfoFlowAnalysis
+from setools.infoflow import InfoFlowAnalysis
from setools import TERuletype as TERT
from setools.exception import InvalidType
from setools.permmap import PermissionMap
--
2.30.0

24
1003-Require-networkx-on-package-level.patch
View File

@ -1,24 +0,0 @@
From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 2 Apr 2020 16:06:14 +0200
Subject: [PATCH 2/2] Require networkx on package level
It allows us to ship python3-setools without dependency on python3-networkx
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index c593b786cc61..0551811e3fd1 100644
--- a/setup.py
+++ b/setup.py
@@ -163,5 +163,5 @@ setup(name='setools',
# setup also requires libsepol and libselinux
# C libraries and headers to compile.
setup_requires=['setuptools', 'Cython>=0.27'],
- install_requires=['setuptools', 'networkx>=2.0']
+ install_requires=['setuptools']
)
--
2.30.0

16
gating.yaml
View File

@ -1,16 +0,0 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

3
rpminspect.yaml
View File

@ -1,3 +0,0 @@
emptyrpm:
expected_empty:
- setools

18398
setools-TresysTechnology-setools3.patch Normal file
View File

File diff suppressed because it is too large Load Diff

119
setools-exitstatus.patch Normal file
View File

@ -0,0 +1,119 @@
diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c
--- setools-3.3.7/secmds/seinfo.c.exitstatus 2010-05-03 12:39:02.000000000 -0400
+++ setools-3.3.7/secmds/seinfo.c 2010-11-05 09:54:39.000000000 -0400
@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c
*/
static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
{
- int retval = 0;
+ int retval = -1;
apol_cat_query_t *query = NULL;
apol_vector_t *v = NULL;
const qpol_cat_t *cat_datum = NULL;
@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const
fprintf(fp, " %s\n", tmp);
free(tmp);
}
- if (type && !apol_vector_get_size(v))
+ if (type && !apol_vector_get_size(v)) {
ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
-
+ goto cleanup;
+ }
retval = 0;
cleanup:
apol_fs_use_query_destroy(&query);
@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con
ERR(policydb, "%s", strerror(ENOMEM));
goto cleanup;
}
-
if (apol_genfscon_query_set_filesystem(policydb, query, type))
goto cleanup;
if (apol_genfscon_get_by_query(policydb, query, &v))
@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con
free(tmp);
}
- if (type && !apol_vector_get_size(v))
+ if (type && !apol_vector_get_size(v)) {
ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
+ goto cleanup;
+ }
retval = 0;
cleanup:
@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators
int main(int argc, char **argv)
{
+ int rc = 0;
int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
node, port, permissives, polcaps, constrain, linebreaks;
apol_policy_t *policydb = NULL;
@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
/* display requested info */
if (stats || all)
- print_stats(stdout, policydb);
+ rc = print_stats(stdout, policydb);
if (classes || all)
- print_classes(stdout, class_name, expand, policydb);
+ rc = print_classes(stdout, class_name, expand, policydb);
if (types || all)
- print_types(stdout, type_name, expand, policydb);
+ rc = print_types(stdout, type_name, expand, policydb);
if (attribs || all)
- print_attribs(stdout, attrib_name, expand, policydb);
+ rc = print_attribs(stdout, attrib_name, expand, policydb);
if (roles || all)
- print_roles(stdout, role_name, expand, policydb);
+ rc = print_roles(stdout, role_name, expand, policydb);
if (users || all)
- print_users(stdout, user_name, expand, policydb);
+ rc = print_users(stdout, user_name, expand, policydb);
if (bools || all)
- print_booleans(stdout, bool_name, expand, policydb);
+ rc = print_booleans(stdout, bool_name, expand, policydb);
if (sens || all)
- print_sens(stdout, sens_name, expand, policydb);
+ rc = print_sens(stdout, sens_name, expand, policydb);
if (cats || all)
- print_cats(stdout, cat_name, expand, policydb);
+ rc = print_cats(stdout, cat_name, expand, policydb);
if (fsuse || all)
- print_fsuse(stdout, fsuse_type, policydb);
+ rc = print_fsuse(stdout, fsuse_type, policydb);
if (genfs || all)
- print_genfscon(stdout, genfs_type, policydb);
+ rc = print_genfscon(stdout, genfs_type, policydb);
if (netif || all)
- print_netifcon(stdout, netif_name, policydb);
+ rc = print_netifcon(stdout, netif_name, policydb);
if (node || all)
- print_nodecon(stdout, node_addr, policydb);
+ rc = print_nodecon(stdout, node_addr, policydb);
if (port || all)
- print_portcon(stdout, port_num, protocol, policydb);
+ rc = print_portcon(stdout, port_num, protocol, policydb);
if (isids || all)
- print_isids(stdout, isid_name, expand, policydb);
+ rc = print_isids(stdout, isid_name, expand, policydb);
if (permissives || all)
- print_permissives(stdout, permissive_name, expand, policydb);
+ rc = print_permissives(stdout, permissive_name, expand, policydb);
if (polcaps || all)
- print_polcaps(stdout, polcap_name, expand, policydb);
+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
if (constrain || all)
- print_constraints(stdout, expand, policydb, linebreaks);
+ rc = print_constraints(stdout, expand, policydb, linebreaks);
apol_policy_destroy(&policydb);
apol_policy_path_destroy(&pol_path);
free(policy_file);
- exit(0);
+ exit(rc);
}
/**

15
setools-neverallow.patch Normal file
View File

@ -0,0 +1,15 @@
diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c
--- setools-3.3.7/libqpol/src/avrule_query.c~ 2010-04-23 12:22:08.000000000 -0400
+++ setools-3.3.7/libqpol/src/avrule_query.c 2011-01-06 10:42:50.000000000 -0500
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
- errno = ENOTSUP;
- return STATUS_ERR;
+/* errno = ENOTSUP;
+ return STATUS_ERR; */
+ return STATUS_SUCCESS;
}
db = &policy->p->p;

2747
setools-python.patch Normal file
View File

File diff suppressed because it is too large Load Diff

879
setools.spec
View File

@ -1,43 +1,123 @@
%global sepol_ver 3.4-1
%global selinux_ver 3.4-1
%define setools_maj_ver 3.3
%define setools_min_ver 8
Name: setools
Version: 4.4.0
Release: 9%{?dist}
Summary: Policy analysis tools for SELinux
Name: setools
Version: %{setools_maj_ver}.%{setools_min_ver}
Release: 8.99.1%{?dist}
License: GPLv2
URL: http://oss.tresys.com/projects/setools
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Source: http://oss.tresys.com/projects/setools/chrome/site/dists/setools-%{version}/setools-%{version}.tar.bz2
Source1: setools.pam
Source2: apol.desktop
Source3: seaudit.desktop
Patch0: setools-TresysTechnology-setools3.patch
Patch1: 0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
Patch2: 0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch
Patch3: 0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch
Patch4: 0004-Apply-selinux_current_policy_path-patch.patch
Patch5: 0005-Apply-seaudit-patch-for-progress.c.patch
Patch6: 0006-Add-support-for-boolean-subs.patch
Patch7: 0007-Setools-noship.patch
Patch8: 0008-Add-alias-support-to-seinfo-t.patch
Patch9: 0009-Fix-help-message-on-sesearch-D.patch
Patch10: 0010-Apply-swig-patch-to-make-apol-work-again.patch
Patch11: 0011-Fix-Wformat-security-issues.patch
Patch12: 0012-Fix-configure.ac-to-use-SWIG-3.0.0.patch
License: GPLv2
URL: https://github.com/SELinuxProject/setools/wiki
Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz
Source1: setools.pam
Source2: apol.desktop
Patch0001: 0001-Make-seinfo-output-predictable.patch
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Patch1003: 1003-Require-networkx-on-package-level.patch
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
BuildRequires: flex, bison
BuildRequires: glibc-devel, gcc, git-core
BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
BuildRequires: qt5-qtbase-devel
BuildRequires: swig
BuildRequires: python3-Cython
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: libselinux-devel
Summary: Policy analysis tools for SELinux
Group: System Environment/Base
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
Requires: %{name}-console = %{version}-%{release}
Requires: %{name}-console-analyses = %{version}-%{release}
Requires: %{name}-gui = %{version}-%{release}
# external requirements
%define autoconf_ver 2.59
%define bwidget_ver 1.8
%define gtk_ver 2.8
%define sepol_ver 2.1.8-5
%define selinux_ver 2.1.12-10
%define sqlite_ver 3.2.0
%define swig_ver 3.0.0
%define tcltk_ver 8.4.9
%description
SETools is a collection of graphical tools, command-line tools, and
Python modules designed to facilitate SELinux policy analysis.
libraries designed to facilitate SELinux policy analysis.
%package console
Summary: Policy analysis command-line tools for SELinux
License: GPLv2
Requires: python3-setools = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
This meta-package depends upon the main packages necessary to run
SETools.
%package libs
License: LGPLv2
Summary: Policy analysis support libraries for SELinux
Group: System Environment/Libraries
Requires: libselinux >= %{selinux_ver} libsepol >= %{sepol_ver} sqlite >= %{sqlite_ver}
Obsoletes: setools-libs-java
Obsoletes: setools-libs-python < 3.3.7-36
BuildRequires: flex bison pkgconfig bzip2-devel
BuildRequires: glibc-devel libstdc++-devel gcc gcc-c++
BuildRequires: libselinux-devel >= %{selinux_ver} libsepol-devel >= %{sepol_ver}
BuildRequires: libsepol-static >= %{sepol_ver}
BuildRequires: sqlite-devel >= %{sqlite_ver} libxml2-devel
BuildRequires: tcl-devel >= %{tcltk_ver}
BuildRequires: autoconf >= %{autoconf_ver} automake
%description libs
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following run-time libraries:
libapol policy analysis library
libpoldiff semantic policy difference library
libqpol library that abstracts policy internals
libseaudit parse and filter SELinux audit messages in log files
libsefs SELinux file contexts library
%package libs-tcl
License: LGPLv2
Summary: Tcl bindings for SELinux policy analysis
Group: Development/Languages
Requires: setools-libs = %{version}-%{release} tcl >= %{tcltk_ver}
BuildRequires: tcl-devel >= %{tcltk_ver} swig >= %{swig_ver}
%description libs-tcl
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes Tcl bindings for the following libraries:
libapol policy analysis library
libpoldiff semantic policy difference library
libqpol library that abstracts policy internals
libseaudit parse and filter SELinux audit messages in log files
libsefs SELinux file contexts library
%package devel
License: LGPLv2
Summary: Policy analysis development files for SELinux
Group: Development/Libraries
Requires: libselinux-devel >= %{selinux_ver} libsepol-devel >= %{sepol_ver} setools-libs = %{version}-%{release}
BuildRequires: sqlite-devel >= %{sqlite_ver} libxml2-devel
%description devel
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes header files and archives for the following
libraries:
libapol policy analysis library
libpoldiff semantic policy difference library
libqpol library that abstracts policy internals
libseaudit parse and filter SELinux audit messages in log files
libsefs SELinux file contexts library
%package console
Summary: Policy analysis command-line tools for SELinux
Group: System Environment/Base
License: GPLv2
Requires: setools-libs = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
%description console
SETools is a collection of graphical tools, command-line tools, and
@ -45,264 +125,617 @@ libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools:
sediff Compare two policies to find differences.
seinfo List policy components.
sesearch Search rules (allow, type_transition, etc.)
secmds command line tools: seinfo, sesearch
sediff semantic policy difference tool
%package console-analyses
Summary: Policy analysis command-line tools for SELinux
License: GPLv2
Requires: python3-setools = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
Requires: python3-networkx
%description console-analyses
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools:
sedta Perform domain transition analyses.
seinfoflow Perform information flow analyses.
%package -n python3-setools
Summary: Policy analysis tools for SELinux
Obsoletes: setools-libs < 4.0.0
%{?python_provide:%python_provide python3-setools}
Requires: python3-setuptools
%description -n python3-setools
SETools is a collection of graphical tools, command-line tools, and
Python 3 modules designed to facilitate SELinux policy analysis.
%package gui
Summary: Policy analysis graphical tools for SELinux
Requires: python3-setools = %{version}-%{release}
Requires: python3-qt5
Requires: python3-networkx
%package gui
Summary: Policy analysis graphical tools for SELinux
Group: System Environment/Base
Requires: tcl >= %{tcltk_ver} tk >= %{tcltk_ver} bwidget >= %{bwidget_ver}
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release}
Requires: glib2 gtk2 >= %{gtk_ver} usermode
BuildRequires: gtk2-devel >= %{gtk_ver} libglade2-devel libxml2-devel tk-devel >= %{tcltk_ver}
BuildRequires: desktop-file-utils
%description gui
SETools is a collection of graphical tools, command-line tools, and
Python modules designed to facilitate SELinux policy analysis.
libraries designed to facilitate SELinux policy analysis.
This package includes the following graphical tools:
apol policy analysis tool
seaudit audit log analysis tool
%define setoolsdir %{_datadir}/setools-%{setools_maj_ver}
%define tcllibdir %{_libdir}/setools
%prep
%autosetup -p 1 -S git -n setools-%{version}
%setup -q
%patch0 -p 1 -b .TresysTechnology-setools3
%patch1 -p 1 -b .neverallow
%patch2 -p 1 -b .libsepol
# %patch3 -p 1 -b .swig
%patch4 -p 1 -b .current_policy
%patch5 -p 1 -b .seaudit
%patch6 -p 1 -b .boolean-subs
%patch7 -p 1 -b .noship
%patch8 -p 1 -b .seinfo-t
%patch9 -p 1 -b .sesearch-D
# %patch10 -p 1 -b .wig-patch
%patch11 -p 1 -b .Wformat-security
%patch12 -p 1 -b .version
%ifarch sparc sparcv9 sparc64 s390 s390x
for file in `find . -name Makefile.am`; do
sed -i -e 's:-fpic:-fPIC:' $file;
done
%endif
# Fixup expected version of SWIG:
sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(3.0.0)|g" configure.ac
# and rebuild the autotooled files:
aclocal
autoreconf -if
%build
%py3_build
automake
%configure --libdir=%{_libdir} --disable-bwidget-check --disable-selinux-check \
--enable-swig-tcl
# work around issue with gcc 4.3 + gnu99 + swig-generated code:
make %{?_smp_mflags}
%install
%py3_install
%check
%if %{?_with_check:1}%{!?_with_check:0}
%{__python3} setup.py test
%endif
rm -rf ${RPM_BUILD_ROOT}
make DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" install
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/applications
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/pixmaps
install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d
install -p -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/seaudit
install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps
install -p -m 644 packages/rpm/seaudit.console ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/seaudit
install -d -m 755 ${RPM_BUILD_ROOT}%{_datadir}/applications
install -p -m 644 apol/apol.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/apol.png
install -p -m 644 seaudit/seaudit.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/seaudit.png
desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications %{SOURCE2}
ln -sf consolehelper ${RPM_BUILD_ROOT}/%{_bindir}/seaudit
# remove static libs
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/*.a
# ensure permissions are correct
chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/*.so.*
chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/%{name}/*/*.so.*
chmod 0644 ${RPM_BUILD_ROOT}/%{tcllibdir}/*/pkgIndex.tcl
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root,-)
%files libs
%defattr(-,root,root,-)
%{!?_licensedir:%global license %%doc}
%license COPYING COPYING.GPL COPYING.LGPL
%doc AUTHORS ChangeLog KNOWN-BUGS NEWS README
%{_libdir}/libqpol.so.*
%{_libdir}/libapol.so.*
%{_libdir}/libpoldiff.so.*
%{_libdir}/libsefs.so.*
%{_libdir}/libseaudit.so.*
%dir %{setoolsdir}
%files libs-tcl
%defattr(-,root,root,-)
%dir %{tcllibdir}
%{tcllibdir}/qpol/
%{tcllibdir}/apol/
%{tcllibdir}/poldiff/
%{tcllibdir}/seaudit/
%{tcllibdir}/sefs/
%files devel
%defattr(-,root,root,-)
%{_libdir}/*.so
%{_libdir}/pkgconfig/*
%{_includedir}/qpol/
%{_includedir}/apol/
%{_includedir}/poldiff/
%{_includedir}/seaudit/
%{_includedir}/sefs/
%files console
%{_bindir}/sechecker
%{_bindir}/sediff
%defattr(-,root,root,-)
%{_bindir}/seinfo
%{_bindir}/sesearch
%{_mandir}/man1/sechecker*
%{_mandir}/man1/sediff*
%{_mandir}/man1/seinfo*
%{_mandir}/man1/sesearch*
%{_mandir}/ru/man1/sediff*
%{_mandir}/ru/man1/seinfo*
%{_mandir}/ru/man1/sesearch*
%files console-analyses
%{_bindir}/sedta
%{_bindir}/seinfoflow
%{_mandir}/man1/sedta*
%{_mandir}/man1/seinfoflow*
%{_mandir}/ru/man1/sedta*
%{_mandir}/ru/man1/seinfoflow*
%files -n python3-setools
%license COPYING COPYING.GPL COPYING.LGPL
%{python3_sitearch}/setools
%{python3_sitearch}/setools-*
%{_bindir}/sediff
%{_mandir}/man1/sediff.1.gz
%{_mandir}/man1/seinfo.1.gz
%{_mandir}/man1/sesearch.1.gz
%files gui
%defattr(-,root,root,-)
%{_bindir}/seaudit
%{_bindir}/apol
%{python3_sitearch}/setoolsgui
%{_mandir}/man1/apol*
%{_mandir}/ru/man1/apol*
%{tcllibdir}/apol_tcl/
%{setoolsdir}/apol_help.txt
%{setoolsdir}/domaintrans_help.txt
%{setoolsdir}/file_relabel_help.txt
%{setoolsdir}/infoflow_help.txt
%{setoolsdir}/types_relation_help.txt
%{setoolsdir}/apol_perm_mapping_*
%{setoolsdir}/seaudit_help.txt
%{setoolsdir}/*.glade
%{setoolsdir}/*.png
%{setoolsdir}/apol.gif
%{setoolsdir}/dot_seaudit
%{_mandir}/man1/apol.1.gz
%{_mandir}/man8/seaudit.8.gz
%{_sbindir}/seaudit
%config(noreplace) %{_sysconfdir}/pam.d/seaudit
%config(noreplace) %{_sysconfdir}/security/console.apps/seaudit
%{_datadir}/applications/*
%attr(0644,root,root) %{_datadir}/pixmaps/*.png
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%post libs-tcl -p /sbin/ldconfig
%postun libs-tcl -p /sbin/ldconfig
%changelog
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 08 2016 Petr Lautrbach <plautrba@redhat.com> 3.3.8-8.99.1
- Update to latest upstream sources from https://github.com/TresysTechnology/setools3.git
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.4.0-8
- Rebuilt for Python 3.11
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.8-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Jun 13 2022 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-7
- Update required userspace versions to 3.4
- Drop unnecessary Recommends
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 3.3.8-6
- Rebuilt for GCC 5 C++11 ABI change
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.4.0-6
- Rebuilt for Python 3.11
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Aug 4 2014 Tom Callaway <spot@fedoraproject.org> - 3.3.8-4
- fix license handling
* Fri Nov 19 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-4
- Make seinfo output predictable
https://github.com/SELinuxProject/setools/issues/65
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed May 21 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 3.3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 4.4.0-2
- Rebuilt for Python 3.10
* Fri Apr 11 2014 Miroslav Grepl <mgrepl@redhat.com> - 3.3.8-1
- Update to upstream
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-1
- SETools 4.4.0 release
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-41
- Cleanup Destop files.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-0.3.20210121git16c0696
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jul 19 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-40
- Fix help message on sesearch -D
* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
- Rebuild with SELinux userspace 3.2-rc1
- Update to 16c0696
* Thu May 16 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-39
- Remove --default and --audit from sesearch
- Make -D == --dontaudit in sesearch
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
- Fix imports in /usr/bin/sedta
* Thu Mar 28 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-38
- Add alias support to seinfo -t
* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
- Update to 05e90ee
- Add /usr/bin/sechecker
- Adapt to new libsepol filename transition structures
- Rebuild with libsepol.so.2
* Wed Mar 27 2013 Kalev Lember <kalevlember@gmail.com> - 3.3.7-37
- Obsolete the removed setools-libs-python subpackage
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Mar 15 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-36
- Drop support for python bindings
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Mar 14 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-35
- Add support for substituting bools to sesearch and seinfo
* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-3
- rebuild with SELinux userspace 3.1 release
* Wed Jan 30 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-34
- Rebuild using pristine source from Tresys
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.3.0-2
- Rebuilt for Python 3.9
* Tue Jan 29 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-33
- Apply swig patch to make apol work again.
* Thu Apr 2 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-1
- SETools 4.3.0 release
- Revised sediff method for TE rules. This drastically reduced memory and run time.
- Added infiniband context support to seinfo, sediff, and apol.
- Added apol configuration for location of Qt assistant.
- Fixed sediff issue where properties header would display when not requested.
- Fixed sediff issue with type_transition file name comparison.
- Fixed permission map socket sendto information flow direction.
- Added methods to TypeAttribute class to make it a complete Python collection.
- Genfscon now will look up classes rather than using fixed values which
were dropped from libsepol.
* Mon Jan 7 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-32
- Rebuild with new tool chain
* Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5
- setools requires -console, -console-analyses and -gui packages (#1794314)
* Fri Sep 28 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-31
- Add filename_trans to python/setools/sesearch bindings
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Sep 28 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-30
- Apply Lars Jensen patch to fix seaudit
- Remove java bindings, not supported
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-3
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-29
- Remove tools that we do not want to support
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-2
- Rebuilt for Python 3.8
* Mon Aug 20 2012 Dan Horák <dan[at]danny.cz> - 3.3.7-28
- use autoreconf to rebuild all autotooled files (FTBFS)
* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1}
- SETools 4.2.2 release
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
- Use %set_build_flags instead of %optflags
* Wed Jul 11 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-26
- mgrepl patch to Fix swig coding style for structures related to SWIG changes
* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-25
- Fix swig coding style for structures related to SWIG changes
* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
- SETools 4.2.1 release (#1581761, #1595582)
* Wed May 2 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-24
- Revert setools current patch
* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
- Update source to SETools 4.2.0 release
- Rebuild to get latest libsepol which fixes the file_name transition problems
- Use selinux_current_policy_path to read by default policy
* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
- Update upstream source to 4.2.0-rc
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-22
- Rebuilt for c++ ABI breakage
* Wed Sep 19 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.2.beta
- Require userspace release 2.8
- setools-gui requires python3-setools
- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
- Drop python2 subpackage (4.2.0 no longer supports python2)
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Aug 29 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-13
- Add Requires for python[23]-setuptools - no longer required (just recommended)
by python[23] (#1623371)
* Tue Dec 20 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-20
- Rebuild to use latest libsepol
* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-12.1
- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
* Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-19
- Add ftrule*h in apol and qpol
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Sep 21 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-18
- Fix output to match input in policy
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 4.1.1-10
- Rebuilt for Python 3.7
* Tue Sep 20 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-17
- Fix to build with latest libsepol
- Show filename transition files
* Thu Jun 14 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-9
- Move gui python files to -gui subpackage
* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-16
- Rebuild for new sepol
* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
- Add support for SCTP protocol (#1568333)
* Fri Apr 15 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-15
- Rebuild for new sepol
* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Sat Apr 9 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-14
- Rebuild for new sepol
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sun Feb 27 2011 Dennis Gilmore <dennis@ausil.us> - 3.3.7-13
- switch in -fPIC in Makefile.am in prep stage
* Mon Sep 04 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-5
- setools-python2 requires python2-enum34
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-4
- Add Provides for the old name without %%_isa
* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-10
- Exit seinfo and sesearch with proper status
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-3
- Python 2 binary package renamed to python2-setools
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
- Python 3 binary package renamed to python3-setools
* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-9
- Rebuild for new libxml2
* Thu Aug 10 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-2
- bswap_* macros are defined in byteswap.h
* Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
- Return None when no records match python setools.sesearch
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-1
- New upstream release
* Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
- Add range to ports in seinfo python
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
- Return range with ports
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
- Add port support to setools python
* Mon May 22 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-3
- setools-python{,3} packages should have a weak dependency on libselinux-python{,3}
(#1447747)
* Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
- fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
patch 1
* Thu Feb 23 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-2
- Move python networkx dependency to -gui and -console-analyses
- Ship sedta and seinfoflow in setools-console-analyses
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-1
* Wed May 12 2010 Chris PeBenito <cpebenito@tresys.com> 3.3.7-2
- Add missing bzip2 dependencies.
* Wed May 12 2010 Chris PeBenito <cpebenito@tresys.com> 3.3.7-1
- New upstream release.
* Tue Aug 11 2009 Dan Walsh <dwalsh@redhat.com> 3.3.6-4
- Add python bindings for sesearch and seinfo
* Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.3.6-3
- Fix qpol install of include files
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Jul 22 2009 Chris PeBenito <cpebenito@tresys.com> 3.3.6-1
- New upstream release.
* Sun Apr 5 2009 Dan Horák <dan[at]danny.cz> - 3.3.5-8
- don't expect that java-devel resolves as gcj
* Sun Apr 5 2009 Dan Horák <dan[at]danny.cz> - 3.3.5-7
- add support for s390x
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 3.3.5-5
- Rebuild for Python 2.6
* Mon Dec 1 2008 Michael Schwendt <mschwendt@fedoraproject.org> - 3.3.5-4
- Include %%tcllibdir directory in -libs-tcl package.
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 3.3.5-3
- Rebuild for Python 2.6
* Wed Sep 17 2008 Dennis Gilmore <dennis@ausil.us> 3.3.5-2
- fix building in sparc and s390 arches
* Tue Aug 26 2008 Chris PeBenito <cpebenito@tresys.com> 3.3.5-1
- Update to upstream version 3.3.5.
* Wed Feb 27 2008 Chris PeBenito <cpebenito@tresys.com> 3.3.4-1
- Fixes gcc 4.3, glibc 2.7, tcl 8.5, and libsepol 2.0.20 issues.
- Fix policy loading when policy on disk is higher version than the kernel.
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.3.2-3
- Autorebuild for GCC 4.3
* Tue Jan 29 2008 Chris Pebenito <cpebenito@tresys.com> 3.3.2-2.fc9
- Bump to pick up new libsepol and policy 22.
* Wed Nov 28 2007 Chris Pebenito <cpebenito@tresys.com> 3.3.2-1.fc9
- Update for 3.3.2.
* Thu Oct 18 2007 Chris PeBenito <cpebenito@tresys.com> 3.3.1-7.fc8
- Rebuild to fix ppc64 issue.
* Wed Oct 17 2007 Chris PeBenito <cpebenito@tresys.com> 3.3.1-6.fc8
- Update for 3.3.1.
* Tue Aug 28 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 3.2-4
- Rebuild for selinux ppc32 issue.
* Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 3.2-3
- Move to Tresys spec file
* Wed Jun 13 2007 Dan Walsh <dwalsh@redhat.com> 3.2-2
- Bump for rebuild
* Mon Apr 30 2007 Dan Walsh <dwalsh@redhat.com> 3.2-1
- Start shipping the rest of the setools command line apps
* Wed Apr 25 2007 Jason Tang <jtang@tresys.com> 3.2-0
- update to SETools 3.2 release
* Fri Feb 02 2007 Jason Tang <jtang@tresys.com> 3.1-1
- update to SETools 3.1 release
* Mon Oct 30 2006 Dan Walsh <dwalsh@redhat.com> 3.0-2.fc6
- bump for fc6
* Thu Oct 26 2006 Dan Walsh <dwalsh@redhat.com> 3.0-2
- Build on rawhide
* Sun Oct 15 2006 Dan Walsh <dwalsh@redhat.com> 3.0-1
- Update to upstream
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
- rebuild
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-2
- Remove sqlite include directory
* Wed May 3 2006 Dan Walsh <dwalsh@redhat.com> 2.4-1
- Update from upstream
* Mon Apr 10 2006 Dan Walsh <dwalsh@redhat.com> 2.3-3
- Fix help
- Add icons
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 2.3-2
- Remove console apps for sediff, sediffx and apol
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.3-1.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.3-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Tue Jan 31 2006 Dan Walsh <dwalsh@redhat.com> 2.3-1
- Update from upstream
* apol:
added new MLS components tab for sensitivities,
levels, and categories.
Changed users tab to support ranges and default
levels.
added range transition tab for searching range
Transition rules.
added new tab for network context components.
added new tab for file system context components.
* libapol:
added binpol support for MLS, network contexts,
and file system contexts.
* seinfo:
added command line options for MLS components.
added command line options for network contexts
and file system contexts.
* sesearch:
added command line option for searching for rules
by conditional boolean name.
* seaudit:
added new column in the log view for the 'comm'
field found in auditd log files.
added filters for the 'comm' field and 'message'
field.
* manpages:
added manpages for all tools.
* Fri Dec 16 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt for new gcj
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.2-4
- Fix dessktop files
- Apply fixes from bkyoung
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-3
- Move more gui files out of base into gui
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-2
- Move sediff from gui to main package
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-1
- Upgrade to upstream version
* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 2.1.3-1
- Upgrade to upstream version
* Mon Oct 10 2005 Tomas Mraz <tmraz@redhat.com> 2.1.2-3
- use include instead of pam_stack in pam config
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-2
- Fix spec file
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
- Upgrade to upstream version
* Thu Aug 18 2005 Florian La Roche <laroche@redhat.com>
- do not package debug files into the -devel package
* Wed Aug 17 2005 Jeremy Katz <katzj@redhat.com> - 2.1.1-3
- rebuild against new cairo
* Wed May 25 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-0
- Upgrade to upstream version
* Mon May 23 2005 Bill Nottingham <notting@redhat.com> 2.1.0-5
- put libraries in the right place (also puts debuginfo in the right
package)
- add %%defattr for -devel too
* Thu May 12 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-4
- Move sepcut to gui apps.
* Fri May 6 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-3
- Fix Missing return code.
* Wed Apr 20 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-2
- Fix requires line
* Tue Apr 19 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-1
- Update to latest from tresys
* Tue Apr 5 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-2
- Fix buildrequires lines in spec file
* Wed Mar 2 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
- Update to latest from tresys
* Mon Nov 29 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-6
- add FALLBACK=true to /etc/security/console.apps/apol
* Wed Nov 10 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-3
- Add badtcl patch from Tresys.
* Mon Nov 8 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-2
- Apply malloc problem patch provided by Sami Farin
* Mon Nov 1 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-1
- Update to latest from Upstream
* Wed Oct 6 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-5
- Update tresys patch
* Mon Oct 4 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-4
- Fix directory ownership
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-1
- Latest from Tresys
* Wed Jun 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
- Add build requires libselinux
* Tue Jun 22 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
- Add support for policy.18
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Jun 10 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Fix install locations of policy_src_dir
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 1.4-1
- Update to latest from TRESYS.
* Tue Jun 1 2004 Dan Walsh <dwalsh@redhat.com> 1.3-3
- Make changes to work with targeted/strict policy
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-2
- Take out requirement for policy file
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1
- Fix doc location
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1
- Latest from TRESYS
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-8
- fix location of policy.conf file
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-7
- Obsolete setools-devel
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-6
- Fix location of
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-5
- Remove devel libraries
- Fix installdir for lib64
* Sat Apr 3 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-4
- Add usr_t file read to policy
* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-3
- Use tcl8.4
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-1
- New patch
* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2-1
- Latest upstream version
* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1.1-1
- New version from upstream
- Remove seuser.te. Now in policy file.
* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
- Add Defattr to devel
- move libs to base kit
* Fri Dec 19 2003 Dan Walsh <dwalsh@redhat.com> 1.1-1
- Update to latest code from tresys
- Break into three separate packages for cmdline, devel and gui
- Incorporate the tcl patch
* Mon Dec 15 2003 Jens Petersen <petersen@redhat.com> - 1.0.1-3
- apply setools-1.0.1-tcltk.patch to build against tcl/tk 8.4
- buildrequire tk-devel
* Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-2
- Add Bwidgets to this RPM
* Tue Nov 4 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-1
- Upgrade to 1.0.1
* Wed Oct 15 2003 Dan Walsh <dwalsh@redhat.com> 1.0-6
- Clean up build
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.0-5
- Update with correct seuser.te
* Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.0-4
- Update with final release from Tresys
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version

2
sources
View File

@ -1 +1 @@
SHA512 (4.4.0.tar.gz) = 4033ce54213e47e3afd1bdb03b99b0ee3d977f085310d746b34dcfcfe48ac3a562ae0aa2f730d629a298b56dbf295ad219669d13f82578521866b465f8c976e8
d68d0d4e4da0f01da0f208782ff04b91 setools-3.3.8.tar.bz2

63
tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile
View File

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
# Description: Make sure setools requires setools-console and setools-gui
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Make sure setools requires setools-console and setools-gui" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setools" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1820078" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA)
rhts-lint $(METADATA)

54
tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh
View File

@ -1,54 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools
# Description: Make sure setools requires setools-console and setools-gui
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setools"
rlJournalStart
rlPhaseStartSetup
rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console"
OUTPUT_FILE=`mktemp`
rlPhaseEnd
rlPhaseStartTest "bz#1820078"
rlRun "dnf -y install ${PACKAGE}" 0
rlAssertRpm "${PACKAGE}-gui"
rlAssertRpm "${PACKAGE}-console"
# make sure that setools-* packages do not require setools
rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1
rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1
if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi
rlPhaseEnd
rlPhaseStartCleanup
rm -f ${OUTPUT_FILE}
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

63
tests/Sanity/sedta/Makefile
View File

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setools/Sanity/sedta
# Description: Does sedta work as expected? Does it support all features?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setools/Sanity/sedta
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Does sedta work as expected? Does it support all features?" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 1h" >> $(METADATA)
@echo "RunFor: setools" >> $(METADATA)
@echo "Requires: policycoreutils setools-console-analyses" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/Sanity/sedta/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/setools/Sanity/sedta
Description: Does sedta work as expected? Does it support all features?
Author: Milos Malik <mmalik@redhat.com>

88
tests/Sanity/sedta/runtest.sh
View File

@ -1,88 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setools/Sanity/sedta
# Description: Does sedta work as expected? Does it support all features?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setools"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm ${PACKAGE}-console-analyses
OUTPUT_FILE=`mktemp`
rlRun "semodule -i testpolicy.cil"
rlRun "semodule -l | grep testpolicy"
rlPhaseEnd
rlPhaseStartTest "invalid values"
rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}"
rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'must be positive' ${OUTPUT_FILE}"
rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}"
rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}"
rlPhaseEnd
rlPhaseStartTest "valid values"
# transitivity
rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
# reflexivity
rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
# path is longer than limit
rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}"
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
# non-existent relation
rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}"
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
# non-existent relation
rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "semodule -r testpolicy"
rlRun "semodule -l | grep testpolicy" 1
rm -f ${OUTPUT_FILE}
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

21
tests/Sanity/sedta/testpolicy.cil
View File

@ -1,21 +0,0 @@
( type xyz_t )
( type first_t )
( type first_exec_t )
( type second_t )
( type second_exec_t )
( type third_t )
( type third_exec_t )
( typetransition first_t second_exec_t process second_t )
( typetransition second_t third_exec_t process third_t )
( allow first_t second_exec_t ( file ( getattr open read execute )))
( allow first_t second_t ( process ( transition )))
( allow second_t third_exec_t ( file ( getattr open read execute )))
( allow second_t third_t ( process ( transition )))
( allow first_t first_exec_t ( file ( entrypoint )))
( allow second_t second_exec_t ( file ( entrypoint )))
( allow third_t third_exec_t ( file ( entrypoint )))

64
tests/Sanity/seinfo-consistent-output/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of Sanity/seinfo-consistent-output
# Description: Check whether different 2 or more runs of same seinfo commands produce same output
# Author: Petr Lautrbach <plautrba@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2021 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=Sanity/seinfo-consistent-output
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setools" >> $(METADATA)
@echo "Requires: setools-console" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 2019962" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/Sanity/seinfo-consistent-output/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of Sanity/seinfo-consistent-output
Description: Check whether different 2 or more runs of same seinfo commands produce same output
Author: Petr Lautrbach <plautrba@redhat.com>

64
tests/Sanity/seinfo-consistent-output/runtest.sh
View File

@ -1,64 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of Sanity/seinfo-consistent-output
# Description: Check whether different 2 or more runs of same seinfo commands produce same output
# Author: Petr Lautrbach <plautrba@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2021 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setools-console"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
commands=(
"seinfo --all -x"
"seinfo --constrain"
"seinfo --common"
"seinfo -c -x"
"seinfo -r -x"
"seinfo -u -x"
)
for c in "${commands[@]}"; do
rlPhaseStartTest "$c"
rlRun "$c > 1.out"
rlRun "$c > 2.out"
rlRun "cmp 1.out 2.out" 0
rlPhaseEnd
done
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

22
tests/tests.yml
View File

@ -1,22 +0,0 @@
---
# Test to run in classic context
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
repositories:
- repo: "https://src.fedoraproject.org/tests/selinux.git"
dest: "selinux"
fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy"
# Test to run in classic context
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- Sanity/sedta
- Regression/The-setools-package-doesn-t-install-any-tools
- Sanity/seinfo-consistent-output