Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
This commit is contained in:
parent
91f5677207
commit
70bff091fa
@ -336082,10 +336082,10 @@ index 0000000..dc3ce6a
|
|||||||
+
|
+
|
||||||
diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
|
diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..e0a5466
|
index 0000000..f4cc0b0
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/info.c
|
+++ b/policycoreutils/sepolicy/info.c
|
||||||
@@ -0,0 +1,949 @@
|
@@ -0,0 +1,928 @@
|
||||||
+/**
|
+/**
|
||||||
+ * @file
|
+ * @file
|
||||||
+ * Command line tool to search TE rules.
|
+ * Command line tool to search TE rules.
|
||||||
@ -336139,7 +336139,6 @@ index 0000000..e0a5466
|
|||||||
+#include <assert.h>
|
+#include <assert.h>
|
||||||
+
|
+
|
||||||
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
|
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
|
||||||
+static char *policy_file = NULL;
|
|
||||||
+
|
+
|
||||||
+enum input
|
+enum input
|
||||||
+{
|
+{
|
||||||
@ -336938,34 +336937,16 @@ index 0000000..e0a5466
|
|||||||
+ return list;
|
+ return list;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+PyObject* info(int type, const char *name, const char *alt_policy_file)
|
+PyObject* info( const char *policy_file, int type, const char *name)
|
||||||
+{
|
+{
|
||||||
+ PyObject* output = NULL;
|
+ PyObject* output = NULL;
|
||||||
+ int rt = -1;
|
|
||||||
+ apol_policy_t *policydb = NULL;
|
+ apol_policy_t *policydb = NULL;
|
||||||
+ apol_policy_path_t *pol_path = NULL;
|
+ apol_policy_path_t *pol_path = NULL;
|
||||||
+ apol_vector_t *mod_paths = NULL;
|
+ apol_vector_t *mod_paths = NULL;
|
||||||
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
|
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
|
||||||
+
|
+
|
||||||
+ if (alt_policy_file) {
|
|
||||||
+ policy_file = strdup(alt_policy_file);
|
|
||||||
+ if (!policy_file) {
|
|
||||||
+ apol_vector_destroy(&mod_paths);
|
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
+ rt = qpol_default_policy_find(&policy_file);
|
|
||||||
+ if (rt != 0) {
|
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
|
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
|
||||||
+ if (!pol_path) {
|
+ if (!pol_path) {
|
||||||
+ free(policy_file);
|
|
||||||
+ apol_vector_destroy(&mod_paths);
|
+ apol_vector_destroy(&mod_paths);
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
@ -336976,12 +336957,10 @@ index 0000000..e0a5466
|
|||||||
+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
|
+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
|
||||||
+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
|
+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
|
||||||
+ if (!policydb) {
|
+ if (!policydb) {
|
||||||
+ free(policy_file);
|
|
||||||
+ apol_policy_path_destroy(&pol_path);
|
+ apol_policy_path_destroy(&pol_path);
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
|
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
+ free(policy_file);
|
|
||||||
+
|
+
|
||||||
+ /* display requested info */
|
+ /* display requested info */
|
||||||
+ if (type == TYPE)
|
+ if (type == TYPE)
|
||||||
@ -337010,12 +336989,12 @@ index 0000000..e0a5466
|
|||||||
+PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
|
+PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
|
||||||
+ unsigned int type;
|
+ unsigned int type;
|
||||||
+ char *name;
|
+ char *name;
|
||||||
+ char *policy_file;
|
+ const char *policy_file;
|
||||||
+
|
+
|
||||||
+ if (!PyArg_ParseTuple(args, "izz", &type, &name, &policy_file))
|
+ if (!PyArg_ParseTuple(args, "ziz", &policy_file, &type, &name))
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+
|
+
|
||||||
+ return Py_BuildValue("N",info(type, name, policy_file));
|
+ return Py_BuildValue("N",info(policy_file, type, name));
|
||||||
+
|
+
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -337037,10 +337016,10 @@ index 0000000..e0a5466
|
|||||||
+}
|
+}
|
||||||
diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
|
diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..80421fc
|
index 0000000..a1aaa22
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/search.c
|
+++ b/policycoreutils/sepolicy/search.c
|
||||||
@@ -0,0 +1,1022 @@
|
@@ -0,0 +1,1008 @@
|
||||||
+// Author: Thomas Liu <tliu@redhat.com>
|
+// Author: Thomas Liu <tliu@redhat.com>
|
||||||
+
|
+
|
||||||
+/**
|
+/**
|
||||||
@ -337102,7 +337081,6 @@ index 0000000..80421fc
|
|||||||
+#include <stdbool.h>
|
+#include <stdbool.h>
|
||||||
+
|
+
|
||||||
+#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC"
|
+#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC"
|
||||||
+static char *policy_file = NULL;
|
|
||||||
+
|
+
|
||||||
+enum opt_values
|
+enum opt_values
|
||||||
+{
|
+{
|
||||||
@ -337827,7 +337805,8 @@ index 0000000..80421fc
|
|||||||
+ return output;
|
+ return output;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+PyObject* search(bool allow,
|
+PyObject* search(const char *policy_file,
|
||||||
|
+ bool allow,
|
||||||
+ bool neverallow,
|
+ bool neverallow,
|
||||||
+ bool auditallow,
|
+ bool auditallow,
|
||||||
+ bool dontaudit,
|
+ bool dontaudit,
|
||||||
@ -337836,8 +337815,7 @@ index 0000000..80421fc
|
|||||||
+ const char *src_name,
|
+ const char *src_name,
|
||||||
+ const char *tgt_name,
|
+ const char *tgt_name,
|
||||||
+ const char *class_name,
|
+ const char *class_name,
|
||||||
+ const char *permlist,
|
+ const char *permlist
|
||||||
+ const char *alt_policy_file
|
|
||||||
+ )
|
+ )
|
||||||
+{
|
+{
|
||||||
+ options_t cmd_opts;
|
+ options_t cmd_opts;
|
||||||
@ -337849,9 +337827,6 @@ index 0000000..80421fc
|
|||||||
+ apol_vector_t *mod_paths = NULL;
|
+ apol_vector_t *mod_paths = NULL;
|
||||||
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
|
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
|
||||||
+
|
+
|
||||||
+ if (alt_policy_file)
|
|
||||||
+ policy_file = strdup(alt_policy_file);
|
|
||||||
+
|
|
||||||
+ memset(&cmd_opts, 0, sizeof(cmd_opts));
|
+ memset(&cmd_opts, 0, sizeof(cmd_opts));
|
||||||
+ cmd_opts.indirect = true;
|
+ cmd_opts.indirect = true;
|
||||||
+ cmd_opts.allow = allow;
|
+ cmd_opts.allow = allow;
|
||||||
@ -337874,19 +337849,11 @@ index 0000000..80421fc
|
|||||||
+ if (!(cmd_opts.nallow || cmd_opts.all))
|
+ if (!(cmd_opts.nallow || cmd_opts.all))
|
||||||
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
|
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
|
||||||
+
|
+
|
||||||
+ if (! policy_file) {
|
|
||||||
+ rt = qpol_default_policy_find(&policy_file);
|
|
||||||
+ if (rt) {
|
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
|
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
|
||||||
+
|
+
|
||||||
+ if (apol_file_is_policy_path_list(policy_file) > 0) {
|
+ if (apol_file_is_policy_path_list(policy_file) > 0) {
|
||||||
+ pol_path = apol_policy_path_create_from_file(policy_file);
|
+ pol_path = apol_policy_path_create_from_file(policy_file);
|
||||||
+ if (!pol_path) {
|
+ if (!pol_path) {
|
||||||
+ free(policy_file);
|
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
|
+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
@ -337895,11 +337862,9 @@ index 0000000..80421fc
|
|||||||
+ if (!pol_path)
|
+ if (!pol_path)
|
||||||
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
|
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
|
||||||
+ if (!pol_path) {
|
+ if (!pol_path) {
|
||||||
+ free(policy_file);
|
|
||||||
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
+ free(policy_file);
|
|
||||||
+ apol_vector_destroy(&mod_paths);
|
+ apol_vector_destroy(&mod_paths);
|
||||||
+
|
+
|
||||||
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
|
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
|
||||||
@ -338051,7 +338016,7 @@ index 0000000..80421fc
|
|||||||
+ const char *permlist = Dict_ContainsString(dict, "permlist");
|
+ const char *permlist = Dict_ContainsString(dict, "permlist");
|
||||||
+ const char *policy_path = Dict_ContainsString(dict, "policy");
|
+ const char *policy_path = Dict_ContainsString(dict, "policy");
|
||||||
+
|
+
|
||||||
+ return Py_BuildValue("N",search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist, policy_path));
|
+ return Py_BuildValue("N",search(policy_path, allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist));
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static PyMethodDef methods[] = {
|
+static PyMethodDef methods[] = {
|
||||||
@ -338065,10 +338030,10 @@ index 0000000..80421fc
|
|||||||
+}
|
+}
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..86b5af1
|
index 0000000..c574a46
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||||
@@ -0,0 +1,135 @@
|
@@ -0,0 +1,139 @@
|
||||||
+# This file is part of systemd.
|
+# This file is part of systemd.
|
||||||
+#
|
+#
|
||||||
+# Copyright 2011 Dan Walsh
|
+# Copyright 2011 Dan Walsh
|
||||||
@ -338167,6 +338132,10 @@ index 0000000..86b5af1
|
|||||||
+ COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
|
+ COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
|
||||||
+ return 0
|
+ return 0
|
||||||
+ fi
|
+ fi
|
||||||
|
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
|
||||||
|
+ COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
|
||||||
|
+ return 0
|
||||||
|
+ fi
|
||||||
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
||||||
+ return 0
|
+ return 0
|
||||||
+ elif [ "$verb" = "communicate" ]; then
|
+ elif [ "$verb" = "communicate" ]; then
|
||||||
@ -338840,10 +338809,10 @@ index 0000000..5469729
|
|||||||
+ sys.exit(1)
|
+ sys.exit(1)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..a55162f
|
index 0000000..fbd011c
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
@@ -0,0 +1,90 @@
|
@@ -0,0 +1,91 @@
|
||||||
+#!/usr/bin/env python
|
+#!/usr/bin/env python
|
||||||
+
|
+
|
||||||
+# Author: Thomas Liu <tliu@redhat.com>
|
+# Author: Thomas Liu <tliu@redhat.com>
|
||||||
@ -338851,6 +338820,7 @@ index 0000000..a55162f
|
|||||||
+
|
+
|
||||||
+import _search
|
+import _search
|
||||||
+import _info
|
+import _info
|
||||||
|
+import selinux
|
||||||
+
|
+
|
||||||
+TYPE = _info.TYPE
|
+TYPE = _info.TYPE
|
||||||
+ROLE = _info.ROLE
|
+ROLE = _info.ROLE
|
||||||
@ -338870,7 +338840,7 @@ index 0000000..a55162f
|
|||||||
+TRANSITION = 'transition'
|
+TRANSITION = 'transition'
|
||||||
+ROLE_ALLOW = 'role_allow'
|
+ROLE_ALLOW = 'role_allow'
|
||||||
+
|
+
|
||||||
+policy_file = None
|
+policy_file = selinux.selinux_current_policy_path()
|
||||||
+
|
+
|
||||||
+def search(types, info = {} ):
|
+def search(types, info = {} ):
|
||||||
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
|
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
|
||||||
@ -338898,7 +338868,7 @@ index 0000000..a55162f
|
|||||||
+
|
+
|
||||||
+def info(setype, name=None):
|
+def info(setype, name=None):
|
||||||
+ global policy_file
|
+ global policy_file
|
||||||
+ dict_list = _info.info(setype, name, policy_file)
|
+ dict_list = _info.info(policy_file, setype, name)
|
||||||
+ return dict_list
|
+ return dict_list
|
||||||
+
|
+
|
||||||
+def policy(alt_policy_file):
|
+def policy(alt_policy_file):
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.13
|
Version: 2.1.13
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -329,7 +329,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
|
* Sat Oct 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19
|
||||||
|
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
|
||||||
|
|
||||||
|
* Fri Oct 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
|
||||||
- Allow sepolicy to specify the policy to generate content from
|
- Allow sepolicy to specify the policy to generate content from
|
||||||
|
|
||||||
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
|
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
|
||||||
|
Loading…
Reference in New Issue
Block a user