Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package

policycoreutils-rhat.patch

@@ -270,14 +270,6 @@ index 0000000..0c2f399
 +Categories=System;Security;
 +X-Desktop-File-Install-Version=0.2
 +Keywords=policy;security;selinux;avc;permission;mac;
-diff --git a/policycoreutils/gui/sepolgen b/policycoreutils/gui/sepolgen
-deleted file mode 100644
-index 2f0c1cc..0000000
---- a/policycoreutils/gui/sepolgen
-+++ /dev/null
-@@ -1,2 +0,0 @@
--#!/bin/sh
--sepolicy generate $*
 diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux
 new file mode 100755
 index 0000000..5be5ccd
@@ -1546,7 +1538,7 @@ index b25d3b2..7a15d88 100755
          sys.exit(0)
      except ValueError,e:
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..e0f5f86 100644
+index 5e7415c..9f4a774 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
 @@ -37,9 +37,30 @@ CLASS = 'class'
@@ -1582,7 +1574,33 @@ index 5e7415c..e0f5f86 100644
          policies = glob.glob ("%s.*" % path )
          policies.sort()
          return policies[-1]
-@@ -54,6 +75,13 @@ def get_all_types():
+@@ -47,6 +68,25 @@ def __get_installed_policy():
+         pass
+     raise ValueError(_("No SELinux Policy installed"))
+         
++methods = []
++def get_methods():
++    global methods
++    if len(methods) > 0:
++        return methods
++    fn = defaults.interface_info()
++    try:
++        fd = open(fn)
++    # List of per_role_template interfaces
++        ifs = interfaces.InterfaceSet()
++        ifs.from_file(fd)
++        methods = ifs.interfaces.keys()
++        fd.close()
++    except:
++        sys.stderr.write("could not open interface info [%s]\n" % fn)
++        sys.exit(1)
++
++    return methods
++
+ all_types = None
+ def get_all_types():
+     global all_types
+@@ -54,6 +94,13 @@ def get_all_types():
          all_types = map(lambda x: x['name'], info(TYPE))
      return all_types
  
@@ -1596,7 +1614,7 @@ index 5e7415c..e0f5f86 100644
  role_allows = None
  def get_all_role_allows():
  	global role_allows
-@@ -71,6 +99,7 @@ def get_all_role_allows():
+@@ -71,6 +118,7 @@ def get_all_role_allows():
  	return role_allows
  
  def get_all_entrypoint_domains():
@@ -1604,7 +1622,7 @@ index 5e7415c..e0f5f86 100644
      all_domains = []
      types=get_all_types()
      types.sort()
-@@ -81,11 +110,35 @@ def get_all_entrypoint_domains():
+@@ -81,11 +129,35 @@ def get_all_entrypoint_domains():
                  all_domains.append(m[0])
      return all_domains
  
@@ -1641,7 +1659,7 @@ index 5e7415c..e0f5f86 100644
  	return all_domains
  
  roles = None
-@@ -139,49 +192,42 @@ def get_all_attributes():
+@@ -139,49 +211,42 @@ def get_all_attributes():
  	return all_attributes
  
  def policy(policy_file):
@@ -1711,18 +1729,40 @@ index 5e7415c..e0f5f86 100644
  def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
          global booleans_dict
 diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
-index 26f8390..a23ce9b 100644
+index 26f8390..898ec43 100644
 --- a/policycoreutils/sepolicy/sepolicy/generate.py
 +++ b/policycoreutils/sepolicy/sepolicy/generate.py
-@@ -63,7 +63,6 @@ except IOError:
+@@ -63,20 +63,6 @@ except IOError:
      import __builtin__
      __builtin__.__dict__['_'] = unicode
  
 -user_types =  sepolicy.info(sepolicy.ATTRIBUTE,"userdomain")[0]["types"]
- methods = []
+-methods = []
- fn = defaults.interface_info()
+-fn = defaults.interface_info()
- try:
+-try:
-@@ -1037,7 +1036,8 @@ allow %s_t %s_t:%s_socket name_%s;
+-    fd = open(fn)
+-    # List of per_role_template interfaces
+-    ifs = interfaces.InterfaceSet()
+-    ifs.from_file(fd)
+-    methods = ifs.interfaces.keys()
+-    fd.close()
+-except:
+-    sys.stderr.write("could not open interface info [%s]\n" % fn)
+-    sys.exit(1)
+-
+ def get_rpm_nvr_from_header(hdr):
+     'Given an RPM header return the package NVR as a string'
+     name    = hdr['name']
+@@ -587,7 +573,7 @@ class policy:
+         def generate_network_action(self, protocol, action, port_name):
+             line = ""
+             method = "corenet_%s_%s_%s" % (protocol, action, port_name)
+-            if method in methods:
++            if method in sepolicy.get_methods():
+                 line = "%s(%s_t)\n" % (method, self.name)
+             else:
+                 line = """
+@@ -1037,7 +1023,8 @@ allow %s_t %s_t:%s_socket name_%s;
  ########################################
  #
  # %s local policy
@@ -1732,6 +1772,53 @@ index 26f8390..a23ce9b 100644
                  newte += self.generate_capabilities()
                  newte += self.generate_process()
  		newte += self.generate_network_types()
+diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
+index 8b063ca..5e92c7c 100644
+--- a/policycoreutils/sepolicy/sepolicy/interface.py
++++ b/policycoreutils/sepolicy/sepolicy/interface.py
+@@ -27,7 +27,7 @@ import sepolgen.interfaces as interfaces
+ import sepolgen.defaults as defaults
+ ADMIN_TRANSITION_INTERFACE = "_admin$"
+ USER_TRANSITION_INTERFACE = "_role$"
+-from sepolicy.generate import get_all_types
++import selinux
+ 
+ __all__ = [ 'get', 'get_admin', 'get_user' ]
+ 
+@@ -48,24 +48,10 @@ except IOError:
+     import __builtin__
+     __builtin__.__dict__['_'] = unicode
+ 
+-def get():
+-    """ Get all Methods """
+-    fn = defaults.interface_info()
+-    try:
+-        fd = open(fn)
+-        ifs = interfaces.InterfaceSet()
+-        ifs.from_file(fd)
+-        methods = ifs.interfaces.keys()
+-        fd.close()
+-    except:
+-        raise ValueError(_("could not open interface info [%s]\n") % fn)
+-
+-    return methods
+-
+ def get_admin():
+     """ Get all domains with an admin interface"""
+     admin_list = []
+-    for i in get():
++    for i in sepolicy.get_methods():
+         if i.endswith("_admin"):
+             admin_list.append(i.split("_admin")[0])
+     return admin_list
+@@ -76,6 +62,6 @@ def get_user():
+     for i in get():
+         m = re.findall("(.*)%s" % USER_TRANSITION_INTERFACE, i)
+         if len(m) > 0:
+-            if "%s_exec_t" % m[0] in get_all_types():
++            if "%s_exec_t" % m[0] in sepolicy.get_all_types():
+                 trans_list.append(m[0])
+     return trans_list
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
 index 25062da..b3c24e6 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py

policycoreutils.spec

@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -324,6 +324,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-12
+- Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package
+
 * Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-11
 - sepolgen-ifgen should use the current policy path if selinux is enabled
 
@@ -355,7 +358,7 @@ do not drop capabilities when run as root.
 
 * Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
 - Revert some changes which are causing the wrong policy version file to be created
-- Switch sandbox to start using openbox rather then matchpbox
+- Switch sandbox to start using openbox rather then matchbox
 - Make sepolgen a symlink to sepolicy
 - update translations