Rebuild with latest libsepol

This commit is contained in:
Dan Walsh 2012-11-19 15:17:16 -05:00
parent edd5aaafc0
commit e7604b157b
2 changed files with 115 additions and 12 deletions

View File

@ -126,7 +126,7 @@ index 9f16f77..4835f2f 100644
.SH FILES .SH FILES
/etc/selinux/config /etc/selinux/config
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 02483a3..647ea4c 100644 index 02483a3..d2de4d5 100644
--- a/libselinux/src/audit2why.c --- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c
@@ -164,6 +164,9 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) @@ -164,6 +164,9 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args)
@ -191,32 +191,132 @@ index 02483a3..647ea4c 100644
if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
return NULL; return NULL;
result = __policy_init(init_path); result = __policy_init(init_path);
@@ -306,6 +298,7 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { @@ -302,10 +294,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
return result; }
#define RETURN(X) \
- PyTuple_SetItem(result, 0, Py_BuildValue("i", X)); \
- return result;
+ { \
+ return Py_BuildValue("iO", (X), Py_None); \
+ }
static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) { static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
+ char *reason_buf = NULL; + char *reason_buf = NULL;
security_context_t scon; security_context_t scon;
security_context_t tcon; security_context_t tcon;
char *tclassstr; char *tclassstr;
@@ -376,7 +369,7 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args @@ -320,10 +314,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
struct sepol_av_decision avd;
int rc;
int i=0;
- PyObject *result = PyTuple_New(2);
- if (!result) return NULL;
- Py_INCREF(Py_None);
- PyTuple_SetItem(result, 1, Py_None);
if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
return NULL;
@@ -334,22 +324,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
/* should raise an error here. */
if (numlines < 0) return NULL; /* Not a list */
- if (!avc) {
+ if (!avc)
RETURN(NOPOLICY)
- }
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
- if (rc < 0) {
+ if (rc < 0)
RETURN(BADSCON)
- }
+
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
- if (rc < 0) {
+ if (rc < 0)
RETURN(BADTCON)
- }
+
tclass = string_to_security_class(tclassstr);
- if (!tclass) {
+ if (!tclass)
RETURN(BADTCLASS)
- }
+
/* Convert the permission list to an AV. */
av = 0;
@@ -369,21 +358,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
#endif
perm = string_to_av_perm(tclass, permstr);
- if (!perm) {
+ if (!perm)
RETURN(BADPERM)
- }
+
av |= perm;
} }
/* Reproduce the computation. */ /* Reproduce the computation. */
- rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason); - rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
- if (rc < 0) {
+ rc = sepol_compute_av_reason_buffer(ssid, tsid, tclass, av, &avd, &reason, &reason_buf); + rc = sepol_compute_av_reason_buffer(ssid, tsid, tclass, av, &avd, &reason, &reason_buf);
if (rc < 0) { + if (rc < 0)
RETURN(BADCOMPUTE) RETURN(BADCOMPUTE)
- }
- if (!reason) {
+ if (!reason)
RETURN(ALLOW)
- }
+
if (reason & SEPOL_COMPUTEAV_TE) {
avc->ssid = ssid;
avc->tsid = tsid;
@@ -396,28 +384,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
RETURN(TERULE)
}
} else {
- PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
+ PyObject *outboollist;
struct boolean_t *b = bools;
int len=0;
while (b->name) {
len++; b++;
}
b = bools;
- PyObject *outboollist = PyTuple_New(len);
+ outboollist = PyList_New(len);
len=0;
while(b->name) {
- PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
- PyTuple_SetItem(outboollist, len++, bool);
+ PyObject *bool_ = Py_BuildValue("(si)", b->name, b->active);
+ PyList_SetItem(outboollist, len++, bool_);
b++;
}
free(bools);
- PyTuple_SetItem(result, 1, outboollist);
- return result;
+ /* 'N' steals the reference to outboollist */
+ return Py_BuildValue("iN", BOOLEAN, outboollist);
} }
@@ -417,6 +410,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
} }
if (reason & SEPOL_COMPUTEAV_CONS) { if (reason & SEPOL_COMPUTEAV_CONS) {
+ printf("%s\n", reason_buf); - RETURN(CONSTRAINT);
+ if (reason_buf) {
+ PyObject *result = NULL;
+ result = Py_BuildValue("is", CONSTRAINT, reason_buf);
+ free(reason_buf); + free(reason_buf);
RETURN(CONSTRAINT); + return result;
+ }
+ RETURN(CONSTRAINT)
} }
if (reason & SEPOL_COMPUTEAV_RBAC) {
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
index 802a07f..6ff83a7 100644 index 802a07f..6ff83a7 100644
--- a/libselinux/src/avc.c --- a/libselinux/src/avc.c

View File

@ -4,13 +4,13 @@
%define ruby_inc %(pkg-config --cflags ruby-1.9) %define ruby_inc %(pkg-config --cflags ruby-1.9)
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']") %define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
%define libsepolver 2.1.7-4 %define libsepolver 2.1.8-3
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.1.12 Version: 2.1.12
Release: 8%{?dist} Release: 9%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: %{name}-%{version}.tgz Source: %{name}-%{version}.tgz
@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Mon Nov 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9
- Rebuild with latest libsepol
* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8 * Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8
- Return EPERM if login program can not reach default label for user - Return EPERM if login program can not reach default label for user
- Attempt to return container info from audit2why - Attempt to return container info from audit2why