Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network

This commit is contained in:
rhatdan 2012-10-27 07:48:31 -04:00
parent 91f5677207
commit 70bff091fa
2 changed files with 28 additions and 55 deletions

View File

@ -336082,10 +336082,10 @@ index 0000000..dc3ce6a
+ +
diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
new file mode 100644 new file mode 100644
index 0000000..e0a5466 index 0000000..f4cc0b0
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/info.c +++ b/policycoreutils/sepolicy/info.c
@@ -0,0 +1,949 @@ @@ -0,0 +1,928 @@
+/** +/**
+ * @file + * @file
+ * Command line tool to search TE rules. + * Command line tool to search TE rules.
@ -336139,7 +336139,6 @@ index 0000000..e0a5466
+#include <assert.h> +#include <assert.h>
+ +
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" +#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
+static char *policy_file = NULL;
+ +
+enum input +enum input
+{ +{
@ -336938,34 +336937,16 @@ index 0000000..e0a5466
+ return list; + return list;
+} +}
+ +
+PyObject* info(int type, const char *name, const char *alt_policy_file) +PyObject* info( const char *policy_file, int type, const char *name)
+{ +{
+ PyObject* output = NULL; + PyObject* output = NULL;
+ int rt = -1;
+ apol_policy_t *policydb = NULL; + apol_policy_t *policydb = NULL;
+ apol_policy_path_t *pol_path = NULL; + apol_policy_path_t *pol_path = NULL;
+ apol_vector_t *mod_paths = NULL; + apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; + apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+ +
+ if (alt_policy_file) {
+ policy_file = strdup(alt_policy_file);
+ if (!policy_file) {
+ apol_vector_destroy(&mod_paths);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL;
+ }
+ }
+ else {
+ rt = qpol_default_policy_find(&policy_file);
+ if (rt != 0) {
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
+ return NULL;
+ }
+ }
+
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); + pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
+ if (!pol_path) { + if (!pol_path) {
+ free(policy_file);
+ apol_vector_destroy(&mod_paths); + apol_vector_destroy(&mod_paths);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); + PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL; + return NULL;
@ -336976,12 +336957,10 @@ index 0000000..e0a5466
+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM; + policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL); + policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
+ if (!policydb) { + if (!policydb) {
+ free(policy_file);
+ apol_policy_path_destroy(&pol_path); + apol_policy_path_destroy(&pol_path);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL; + return NULL;
+ } + }
+ free(policy_file);
+ +
+ /* display requested info */ + /* display requested info */
+ if (type == TYPE) + if (type == TYPE)
@ -337010,12 +336989,12 @@ index 0000000..e0a5466
+PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){ +PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
+ unsigned int type; + unsigned int type;
+ char *name; + char *name;
+ char *policy_file; + const char *policy_file;
+ +
+ if (!PyArg_ParseTuple(args, "izz", &type, &name, &policy_file)) + if (!PyArg_ParseTuple(args, "ziz", &policy_file, &type, &name))
+ return NULL; + return NULL;
+ +
+ return Py_BuildValue("N",info(type, name, policy_file)); + return Py_BuildValue("N",info(policy_file, type, name));
+ +
+} +}
+ +
@ -337037,10 +337016,10 @@ index 0000000..e0a5466
+} +}
diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
new file mode 100644 new file mode 100644
index 0000000..80421fc index 0000000..a1aaa22
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/search.c +++ b/policycoreutils/sepolicy/search.c
@@ -0,0 +1,1022 @@ @@ -0,0 +1,1008 @@
+// Author: Thomas Liu <tliu@redhat.com> +// Author: Thomas Liu <tliu@redhat.com>
+ +
+/** +/**
@ -337102,7 +337081,6 @@ index 0000000..80421fc
+#include <stdbool.h> +#include <stdbool.h>
+ +
+#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC" +#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC"
+static char *policy_file = NULL;
+ +
+enum opt_values +enum opt_values
+{ +{
@ -337827,7 +337805,8 @@ index 0000000..80421fc
+ return output; + return output;
+} +}
+ +
+PyObject* search(bool allow, +PyObject* search(const char *policy_file,
+ bool allow,
+ bool neverallow, + bool neverallow,
+ bool auditallow, + bool auditallow,
+ bool dontaudit, + bool dontaudit,
@ -337836,8 +337815,7 @@ index 0000000..80421fc
+ const char *src_name, + const char *src_name,
+ const char *tgt_name, + const char *tgt_name,
+ const char *class_name, + const char *class_name,
+ const char *permlist, + const char *permlist
+ const char *alt_policy_file
+ ) + )
+{ +{
+ options_t cmd_opts; + options_t cmd_opts;
@ -337849,9 +337827,6 @@ index 0000000..80421fc
+ apol_vector_t *mod_paths = NULL; + apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; + apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+ +
+ if (alt_policy_file)
+ policy_file = strdup(alt_policy_file);
+
+ memset(&cmd_opts, 0, sizeof(cmd_opts)); + memset(&cmd_opts, 0, sizeof(cmd_opts));
+ cmd_opts.indirect = true; + cmd_opts.indirect = true;
+ cmd_opts.allow = allow; + cmd_opts.allow = allow;
@ -337874,19 +337849,11 @@ index 0000000..80421fc
+ if (!(cmd_opts.nallow || cmd_opts.all)) + if (!(cmd_opts.nallow || cmd_opts.all))
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS; + pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
+ +
+ if (! policy_file) {
+ rt = qpol_default_policy_find(&policy_file);
+ if (rt) {
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
+ return NULL;
+ }
+ }
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM; + pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+ +
+ if (apol_file_is_policy_path_list(policy_file) > 0) { + if (apol_file_is_policy_path_list(policy_file) > 0) {
+ pol_path = apol_policy_path_create_from_file(policy_file); + pol_path = apol_policy_path_create_from_file(policy_file);
+ if (!pol_path) { + if (!pol_path) {
+ free(policy_file);
+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list"); + PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
+ return NULL; + return NULL;
+ } + }
@ -337895,11 +337862,9 @@ index 0000000..80421fc
+ if (!pol_path) + if (!pol_path)
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); + pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
+ if (!pol_path) { + if (!pol_path) {
+ free(policy_file);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); + PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL; + return NULL;
+ } + }
+ free(policy_file);
+ apol_vector_destroy(&mod_paths); + apol_vector_destroy(&mod_paths);
+ +
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL); + policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
@ -338051,7 +338016,7 @@ index 0000000..80421fc
+ const char *permlist = Dict_ContainsString(dict, "permlist"); + const char *permlist = Dict_ContainsString(dict, "permlist");
+ const char *policy_path = Dict_ContainsString(dict, "policy"); + const char *policy_path = Dict_ContainsString(dict, "policy");
+ +
+ return Py_BuildValue("N",search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist, policy_path)); + return Py_BuildValue("N",search(policy_path, allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist));
+} +}
+ +
+static PyMethodDef methods[] = { +static PyMethodDef methods[] = {
@ -338065,10 +338030,10 @@ index 0000000..80421fc
+} +}
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
new file mode 100644 new file mode 100644
index 0000000..86b5af1 index 0000000..c574a46
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh +++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
@@ -0,0 +1,135 @@ @@ -0,0 +1,139 @@
+# This file is part of systemd. +# This file is part of systemd.
+# +#
+# Copyright 2011 Dan Walsh +# Copyright 2011 Dan Walsh
@ -338167,6 +338132,10 @@ index 0000000..86b5af1
+ COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") ) + COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
+ return 0 + return 0
+ fi + fi
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
+ COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
+ return 0
+ fi
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") ) + COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
+ return 0 + return 0
+ elif [ "$verb" = "communicate" ]; then + elif [ "$verb" = "communicate" ]; then
@ -338840,10 +338809,10 @@ index 0000000..5469729
+ sys.exit(1) + sys.exit(1)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644 new file mode 100644
index 0000000..a55162f index 0000000..fbd011c
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -0,0 +1,90 @@ @@ -0,0 +1,91 @@
+#!/usr/bin/env python +#!/usr/bin/env python
+ +
+# Author: Thomas Liu <tliu@redhat.com> +# Author: Thomas Liu <tliu@redhat.com>
@ -338851,6 +338820,7 @@ index 0000000..a55162f
+ +
+import _search +import _search
+import _info +import _info
+import selinux
+ +
+TYPE = _info.TYPE +TYPE = _info.TYPE
+ROLE = _info.ROLE +ROLE = _info.ROLE
@ -338870,7 +338840,7 @@ index 0000000..a55162f
+TRANSITION = 'transition' +TRANSITION = 'transition'
+ROLE_ALLOW = 'role_allow' +ROLE_ALLOW = 'role_allow'
+ +
+policy_file = None +policy_file = selinux.selinux_current_policy_path()
+ +
+def search(types, info = {} ): +def search(types, info = {} ):
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] + valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
@ -338898,7 +338868,7 @@ index 0000000..a55162f
+ +
+def info(setype, name=None): +def info(setype, name=None):
+ global policy_file + global policy_file
+ dict_list = _info.info(setype, name, policy_file) + dict_list = _info.info(policy_file, setype, name)
+ return dict_list + return dict_list
+ +
+def policy(alt_policy_file): +def policy(alt_policy_file):

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.13 Version: 2.1.13
Release: 18%{?dist} Release: 19%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -329,7 +329,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Fri Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18 * Sat Oct 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
* Fri Oct 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
- Allow sepolicy to specify the policy to generate content from - Allow sepolicy to specify the policy to generate content from
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17 * Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17