Fix sepolicy to be able to work on an SELinux disabled system.

- Needed to be able to build man pages in selinux-policy package
2013-02-22 13:06:49 +01:00 · 2013-02-22 13:06:49 +01:00 · 21179e1822
commit 21179e1822
parent 3f69c2f15b
2 changed files with 122 additions and 20 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1363,6 +1363,18 @@ index 11b534f..eb86eae 100644
 	-mkdir -p $(MANDIR)/man8
 	install -m 644 *.8 $(MANDIR)/man8
 	-mkdir -p $(BASHCOMPLETIONDIR)
+diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c
+index 4eca22d..eeee0ab 100644
+--- a/policycoreutils/sepolicy/policy.c
+++ b/policycoreutils/sepolicy/policy.c
+@@ -66,7 +66,6 @@ PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){
+     }
+     apol_vector_destroy(&mod_paths);
+     
+-    policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+     policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
+     apol_policy_path_destroy(&pol_path);
+     if (!policy) {
 diff --git a/policycoreutils/sepolicy/sepolgen.8 b/policycoreutils/sepolicy/sepolgen.8
 new file mode 100644
 index 0000000..3ecf3eb
@ -1520,7 +1532,7 @@ index b25d3b2..7a15d88 100755
         sys.exit(0)
     except ValueError,e:
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..b9cb9cc 100644
+index 5e7415c..e0f5f86 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -37,9 +37,30 @@ CLASS = 'class'
@ -1556,7 +1568,21 @@ index 5e7415c..b9cb9cc 100644
         policies = glob.glob ("%s.*" % path )
         policies.sort()
         return policies[-1]
-@@ -71,6 +92,7 @@ def get_all_role_allows():
+@@ -54,6 +75,13 @@ def get_all_types():
+         all_types = map(lambda x: x['name'], info(TYPE))
+     return all_types
+ 
+user_types =  None
+def get_user_types():
+    global user_types
+    if user_types == None:
+        user_types = info(ATTRIBUTE,"userdomain")[0]["types"]
+    return user_types
+
+ role_allows = None
+ def get_all_role_allows():
+ 	global role_allows
+@@ -71,6 +99,7 @@ def get_all_role_allows():
 	return role_allows
 
 def get_all_entrypoint_domains():
@ -1564,7 +1590,35 @@ index 5e7415c..b9cb9cc 100644
     all_domains = []
     types=get_all_types()
     types.sort()
-@@ -85,7 +107,7 @@ all_domains = None
+@@ -81,11 +110,35 @@ def get_all_entrypoint_domains():
+                 all_domains.append(m[0])
+     return all_domains
+ 
+portrecs = None
+portrecsbynum = None
+
+def gen_port_dict():
+    global portrecs
+    global portrecsbynum
+    if portrecs:
+        return ( portrecs, portrecsbynum )
+    portrecsbynum = {}
+    portrecs = {}
+    for i in info(PORT):
+        if i['low'] == i['high']:
+            port = str(i['low'])
+        else:
+            port = "%s-%s" % (str(i['low']), str(i['high']))
+
+        if (i['type'], i['protocol']) in portrecs:
+            portrecs [(i['type'], i['protocol'])].append(port)
+        else:
+            portrecs [(i['type'], i['protocol'])] = [port]
+
+        portrecsbynum[(i['low'], i['high'],i['protocol'])] = (i['type'], i['range'])
+    return ( portrecs, portrecsbynum )
+
+ all_domains = None
 def get_all_domains():
 	global all_domains
 	if not all_domains:
@ -1573,7 +1627,7 @@ index 5e7415c..b9cb9cc 100644
 	return all_domains
 
 roles = None
-@@ -139,49 +161,43 @@ def get_all_attributes():
+@@ -139,49 +192,42 @@ def get_all_attributes():
 	return all_attributes
 
 def policy(policy_file):
@ -1600,7 +1654,7 @@ index 5e7415c..b9cb9cc 100644
     except:
         raise ValueError(_("Failed to read %s policy file") % policy_file)
 
- 
+-
 -policy_file = selinux.selinux_current_policy_path()
 -if not policy_file:
 -    policy_file = __get_installed_policy()
@ -1643,10 +1697,18 @@ index 5e7415c..b9cb9cc 100644
 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
         global booleans_dict
 diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
-index 26f8390..19f6056 100644
+index 26f8390..a23ce9b 100644
 --- a/policycoreutils/sepolicy/sepolicy/generate.py
 +++ b/policycoreutils/sepolicy/sepolicy/generate.py
-@@ -1037,7 +1037,8 @@ allow %s_t %s_t:%s_socket name_%s;
+@@ -63,7 +63,6 @@ except IOError:
+     import __builtin__
+     __builtin__.__dict__['_'] = unicode
+ 
+-user_types =  sepolicy.info(sepolicy.ATTRIBUTE,"userdomain")[0]["types"]
+ methods = []
+ fn = defaults.interface_info()
+ try:
+@@ -1037,7 +1036,8 @@ allow %s_t %s_t:%s_socket name_%s;
 ########################################
 #
 # %s local policy
@ -1657,15 +1719,10 @@ index 26f8390..19f6056 100644
                 newte += self.generate_process()
 		newte += self.generate_network_types()
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..da17c48 100755
+index 25062da..b3c24e6 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -24,11 +24,12 @@
- #
- __all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
- 
-+from sepolicy import network
- import string
+@@ -28,7 +28,7 @@ import string
 import argparse
 import selinux
 import sepolicy
@ -1674,7 +1731,7 @@ index 25062da..da17c48 100755
 
 import commands
 import sys, os, re, time
-@@ -416,40 +417,33 @@ class ManPage:
+@@ -416,40 +416,33 @@ class ManPage:
     """
 	Generate a Manpage on an SELinux domain in the specified path
     """
@ -1695,14 +1752,15 @@ index 25062da..da17c48 100755
 -    def __init__(self, domainname, path = "/tmp", html = False):
 +    def __init__(self, domainname, path = "/tmp", root="/", html = False):
 	self.html = html
-+	self.root = root
- 	self.portrecs = network.portrecs
+-	self.portrecs = network.portrecs
 -
 -	fcpath = path + "/file_contexts"
 -	if os.path.exists(fcpath):
 -		self.fcpath = fcpath
 -	else:
 -		self.fcpath = selinux.selinux_file_context_path()
+	self.root = root
+	self.portrecs = gen_port_dict()[0]
 +	self.domains = gen_domains()
 +	self.all_domains = get_all_domains()
 +	self.all_attributes = get_all_attributes()
@ -1732,7 +1790,7 @@ index 25062da..da17c48 100755
 	self.booleans_dict = gen_bool_dict(self.xmlpath)
 
 	if domainname.endswith("_t"):
-@@ -947,13 +941,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+@@ -947,13 +940,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
 .B restorecon -F -R -v /var/%(domainname)s
 .pp
 .TP
@ -1749,7 +1807,7 @@ index 25062da..da17c48 100755
 """  % {'domainname':self.domainname})
 	    for b in self.anon_list:
 		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
-@@ -1230,6 +1225,7 @@ The SELinux user %s_u is not able to terminal login.
+@@ -1230,6 +1224,7 @@ The SELinux user %s_u is not able to terminal login.
 """ % self.domainname)
 
     def _network(self):
@ -1757,6 +1815,46 @@ index 25062da..da17c48 100755
 	self.fd.write("""
 .SH NETWORK
 """)
+diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
+index 66efe26..a446d68 100755
+--- a/policycoreutils/sepolicy/sepolicy/network.py
+++ b/policycoreutils/sepolicy/sepolicy/network.py
+@@ -25,27 +25,6 @@ import sepolicy
+ search=sepolicy.search
+ info=sepolicy.info
+ 
+-def _gen_port_dict():
+-    portrecsbynum = {}
+-    portrecs = {}
+-    for i in info(sepolicy.PORT):
+-        if i['low'] == i['high']:
+-            port = str(i['low'])
+-        else:
+-            port = "%s-%s" % (str(i['low']), str(i['high']))
+-
+-        if (i['type'], i['protocol']) in portrecs:
+-            portrecs [(i['type'], i['protocol'])].append(port)
+-        else:
+-            portrecs [(i['type'], i['protocol'])] = [port]
+-
+-        portrecsbynum[(i['low'], i['high'],i['protocol'])] = (i['type'], i['range'])
+-    return ( portrecs, portrecsbynum )
+-portrecs, portrecsbynum = _gen_port_dict()
+-
+-port_types =  sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
+-domains =  sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
+-
+ def get_types(src, tclass, perm):
+     allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
+     nlist=[]
+@@ -57,6 +36,7 @@ def get_types(src, tclass, perm):
+    
+ 
+ def get_network_connect(src, protocol, perm):
+    portrecs, portrecsbynum = sepolicy.gen_port_dict()
+     d={}
+     tlist = get_types(src, "%s_socket" % protocol, [perm])
+     if len(tlist) > 0:
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
 index 80b6d6e..07c5ee2 100644
 --- a/policycoreutils/setfiles/restorecon.8
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -324,6 +324,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-10
+- Fix sepolicy to be able to work on an SELinux disabled system. 
+- Needed to be able to build man pages in selinux-policy package
+
 * Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-9
 - Add yum to requires of policycoreutils-python since sepolicy requires it.