rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

policycoreutils-2.4-9

Browse Source 
- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
- The functionality of audit2allow which was disabled in the previous
  commit should be available again
This commit is contained in:
Petr Lautrbach 2015-08-13 17:36:39 +02:00
parent d0392a9475
commit 8e5935ed03
3 changed files with 185 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

272
policycoreutils-rhat.patch
View File

@ -658532,7 +658532,7 @@ index 2a9e1c7..365e622 100644
+#endif +#endif
} }
diff --git a/policycoreutils-2.4/sepolicy/search.c b/policycoreutils-2.4/sepolicy/search.c diff --git a/policycoreutils-2.4/sepolicy/search.c b/policycoreutils-2.4/sepolicy/search.c
index d9a5aec..513eba8 100644 index d9a5aec..94124c0 100644
--- a/policycoreutils-2.4/sepolicy/search.c --- a/policycoreutils-2.4/sepolicy/search.c
+++ b/policycoreutils-2.4/sepolicy/search.c +++ b/policycoreutils-2.4/sepolicy/search.c
@@ -189,7 +189,7 @@ static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_ @@ -189,7 +189,7 @@ static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_
@ -658571,7 +658571,7 @@ index d9a5aec..513eba8 100644
if (py_tuple_insert_obj(tuple, 0, obj)) if (py_tuple_insert_obj(tuple, 0, obj))
goto err; goto err;
obj = PyBool_FromLong(enabled); obj = PyBool_FromLong(enabled);
@@ -994,14 +994,14 @@ PyObject* search(bool allow, @@ -994,14 +994,25 @@ PyObject* search(bool allow,
static int Dict_ContainsInt(PyObject *dict, const char *key){ static int Dict_ContainsInt(PyObject *dict, const char *key){
PyObject *item = PyDict_GetItemString(dict, key); PyObject *item = PyDict_GetItemString(dict, key);
if (item) if (item)
@ -658582,9 +658582,21 @@ index d9a5aec..513eba8 100644
static const char *Dict_ContainsString(PyObject *dict, const char *key){ static const char *Dict_ContainsString(PyObject *dict, const char *key){
PyObject *item = PyDict_GetItemString(dict, key); PyObject *item = PyDict_GetItemString(dict, key);
if (item) - if (item)
- return PyString_AsString(item); - return PyString_AsString(item);
+ return PyBytes_AsString(item); + if (item) {
+ if (PyUnicode_Check(item)) {
+ char *str = NULL;
+ PyObject *item_utf8 = PyUnicode_AsUTF8String(item);
+ if (item_utf8) {
+ str = strdup(PyBytes_AsString(item_utf8));
+ }
+ Py_XDECREF(item_utf8);
+ return str;
+ } else {
+ return PyBytes_AsString(item);
+ }
+ }
return NULL; return NULL;
} }
@ -658611,15 +658623,21 @@ index 458a4d2..b6088af 100644
+ except dbus.DBusException as e: + except dbus.DBusException as e:
+ print(e) + print(e)
diff --git a/policycoreutils-2.4/sepolicy/selinux_server.py b/policycoreutils-2.4/sepolicy/selinux_server.py diff --git a/policycoreutils-2.4/sepolicy/selinux_server.py b/policycoreutils-2.4/sepolicy/selinux_server.py
index e94c38f..0a91638 100644 index e94c38f..671be1a 100644
--- a/policycoreutils-2.4/sepolicy/selinux_server.py --- a/policycoreutils-2.4/sepolicy/selinux_server.py
+++ b/policycoreutils-2.4/sepolicy/selinux_server.py +++ b/policycoreutils-2.4/sepolicy/selinux_server.py
@@ -1,4 +1,4 @@ @@ -1,9 +1,9 @@
-#!/usr/bin/python -#!/usr/bin/python
+#!/usr/bin/python3 +#!/usr/bin/python3
import dbus import dbus
import dbus.service import dbus.service
import dbus.mainloop.glib
-import gobject
+from gi.repository import GObject, GLib
import slip.dbus.service
from slip.dbus import polkit
import os
@@ -18,7 +18,7 @@ class selinux_server(slip.dbus.service.Object): @@ -18,7 +18,7 @@ class selinux_server(slip.dbus.service.Object):
# #
# The semanage method runs a transaction on a series of semanage commands, # The semanage method runs a transaction on a series of semanage commands,
@ -658687,15 +658705,18 @@ index e94c38f..0a91638 100644
# #
# The change_default_policy method modifies the policy type # The change_default_policy method modifies the policy type
@@ -125,7 +125,7 @@ class selinux_server(slip.dbus.service.Object): @@ -125,9 +125,9 @@ class selinux_server(slip.dbus.service.Object):
if os.path.isdir(path): if os.path.isdir(path):
return self.write_selinux_config(policy=value) return self.write_selinux_config(policy=value)
raise ValueError("%s does not exist" % path) raise ValueError("%s does not exist" % path)
- -
+ +
if __name__ == "__main__": if __name__ == "__main__":
mainloop = gobject.MainLoop() - mainloop = gobject.MainLoop()
+ mainloop = GLib.MainLoop()
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
system_bus = dbus.SystemBus()
name = dbus.service.BusName("org.selinux", system_bus)
diff --git a/policycoreutils-2.4/sepolicy/sepolicy-bash-completion.sh b/policycoreutils-2.4/sepolicy/sepolicy-bash-completion.sh diff --git a/policycoreutils-2.4/sepolicy/sepolicy-bash-completion.sh b/policycoreutils-2.4/sepolicy/sepolicy-bash-completion.sh
index 779fd75..29ccbdf 100644 index 779fd75..29ccbdf 100644
--- a/policycoreutils-2.4/sepolicy/sepolicy-bash-completion.sh --- a/policycoreutils-2.4/sepolicy/sepolicy-bash-completion.sh
@ -658779,7 +658800,7 @@ index 2e67456..0c5f998 100644
.B sepolicy generate \-\-cgi [\-n NAME] command [\-w WRITE_PATH ] .B sepolicy generate \-\-cgi [\-n NAME] command [\-w WRITE_PATH ]
.br .br
diff --git a/policycoreutils-2.4/sepolicy/sepolicy.py b/policycoreutils-2.4/sepolicy/sepolicy.py diff --git a/policycoreutils-2.4/sepolicy/sepolicy.py b/policycoreutils-2.4/sepolicy/sepolicy.py
index 74fb347..6c7639f 100755 index 74fb347..50c10d0 100755
--- a/policycoreutils-2.4/sepolicy/sepolicy.py --- a/policycoreutils-2.4/sepolicy/sepolicy.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy.py +++ b/policycoreutils-2.4/sepolicy/sepolicy.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
@ -658788,7 +658809,15 @@ index 74fb347..6c7639f 100755
# Copyright (C) 2012 Red Hat # Copyright (C) 2012 Red Hat
# AUTHOR: Dan Walsh <dwalsh@redhat.com> # AUTHOR: Dan Walsh <dwalsh@redhat.com>
# see file 'COPYING' for use and warranty information # see file 'COPYING' for use and warranty information
@@ -32,12 +32,15 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale") @@ -25,6 +25,7 @@ import os, sys
import selinux
import sepolicy
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
+from sepolgen import util
import argparse
import gettext
PROGNAME="policycoreutils"
@@ -32,12 +33,15 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME) gettext.textdomain(PROGNAME)
try: try:
gettext.install(PROGNAME, gettext.install(PROGNAME,
@ -658808,7 +658837,7 @@ index 74fb347..6c7639f 100755
usage = "sepolicy generate [-h] [-n NAME] [-p PATH] [" usage = "sepolicy generate [-h] [-n NAME] [-p PATH] ["
usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',"[ -w WRITEPATHS ]",), ' --admin_user':('[-r TRANSITION_ROLE ]',"[ -w WRITEPATHS ]",), ' --application':('COMMAND',"[ -w WRITEPATHS ]",), ' --cgi':('COMMAND',"[ -w WRITEPATHS ]",), ' --confined_admin':('-a ADMIN_DOMAIN',"[ -w WRITEPATHS ]",), ' --dbus':('COMMAND',"[ -w WRITEPATHS ]",), ' --desktop_user':('',"[ -w WRITEPATHS ]",),' --inetd':('COMMAND',"[ -w WRITEPATHS ]",),' --init':('COMMAND',"[ -w WRITEPATHS ]",), ' --sandbox':("[ -w WRITEPATHS ]",), ' --term_user':("[ -w WRITEPATHS ]",), ' --x_user':("[ -w WRITEPATHS ]",)} usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',"[ -w WRITEPATHS ]",), ' --admin_user':('[-r TRANSITION_ROLE ]',"[ -w WRITEPATHS ]",), ' --application':('COMMAND',"[ -w WRITEPATHS ]",), ' --cgi':('COMMAND',"[ -w WRITEPATHS ]",), ' --confined_admin':('-a ADMIN_DOMAIN',"[ -w WRITEPATHS ]",), ' --dbus':('COMMAND',"[ -w WRITEPATHS ]",), ' --desktop_user':('',"[ -w WRITEPATHS ]",),' --inetd':('COMMAND',"[ -w WRITEPATHS ]",),' --init':('COMMAND',"[ -w WRITEPATHS ]",), ' --sandbox':("[ -w WRITEPATHS ]",), ' --term_user':("[ -w WRITEPATHS ]",), ' --x_user':("[ -w WRITEPATHS ]",)}
@@ -45,7 +48,7 @@ usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAI @@ -45,7 +49,7 @@ usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAI
class CheckPath(argparse.Action): class CheckPath(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None): def __call__(self, parser, namespace, values, option_string=None):
if not os.path.exists(values): if not os.path.exists(values):
@ -658817,7 +658846,7 @@ index 74fb347..6c7639f 100755
setattr(namespace, self.dest, values) setattr(namespace, self.dest, values)
class CheckType(argparse.Action): class CheckType(argparse.Action):
@@ -108,7 +111,7 @@ class CheckClass(argparse.Action): @@ -108,7 +112,7 @@ class CheckClass(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None): def __call__(self, parser, namespace, values, option_string=None):
global all_classes global all_classes
if not all_classes: if not all_classes:
@ -658826,7 +658855,7 @@ index 74fb347..6c7639f 100755
if values not in all_classes: if values not in all_classes:
raise ValueError("%s must be an SELinux class:\nValid classes: %s" % (values, ", ".join(all_classes))) raise ValueError("%s must be an SELinux class:\nValid classes: %s" % (values, ", ".join(all_classes)))
@@ -151,16 +154,14 @@ class CheckPortType(argparse.Action): @@ -151,16 +155,14 @@ class CheckPortType(argparse.Action):
class LoadPolicy(argparse.Action): class LoadPolicy(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None): def __call__(self, parser, namespace, values, option_string=None):
@ -658844,7 +658873,7 @@ index 74fb347..6c7639f 100755
setattr(namespace, self.dest, values) setattr(namespace, self.dest, values)
class CheckUser(argparse.Action): class CheckUser(argparse.Action):
@@ -187,21 +188,21 @@ class CheckRole(argparse.Action): @@ -187,21 +189,21 @@ class CheckRole(argparse.Action):
class InterfaceInfo(argparse.Action): class InterfaceInfo(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None): def __call__(self, parser, namespace, values, option_string=None):
@ -658871,7 +658900,16 @@ index 74fb347..6c7639f 100755
usage_text = usage_text[:-1] + "]" usage_text = usage_text[:-1] + "]"
usage_text = _(usage_text) usage_text = _(usage_text)
@@ -226,7 +227,7 @@ def _print_net(src, protocol, perm): @@ -218,7 +220,7 @@ def numcmp(val1,val2):
if v1 < v2:
return -1
except:
- return cmp(val1,val2)
+ return (val1 > val2) - (val1 < val2)
def _print_net(src, protocol, perm):
import sepolicy.network
@@ -226,7 +228,7 @@ def _print_net(src, protocol, perm):
if len(portdict) > 0: if len(portdict) > 0:
bold_start="\033[1m" bold_start="\033[1m"
bold_end="\033[0;0m" bold_end="\033[0;0m"
@ -658880,16 +658918,19 @@ index 74fb347..6c7639f 100755
port_strings=[] port_strings=[]
boolean_text="" boolean_text=""
for p in portdict: for p in portdict:
@@ -239,7 +240,7 @@ def _print_net(src, protocol, perm): @@ -237,9 +239,9 @@ def _print_net(src, protocol, perm):
port_strings.append("%s (%s) %s" % (", ".join(recs), t, boolean_text))
else:
port_strings.append("%s (%s)" % (", ".join(recs), t)) port_strings.append("%s (%s)" % (", ".join(recs), t))
port_strings.sort(numcmp) - port_strings.sort(numcmp)
+ port_strings.sort(key=util.cmp_to_key(numcmp))
for p in port_strings: for p in port_strings:
- print "\t" + p - print "\t" + p
+ print("\t" + p) + print("\t" + p)
def network(args): def network(args):
portrecs, portrecsbynum = sepolicy.gen_port_dict() portrecs, portrecsbynum = sepolicy.gen_port_dict()
@@ -249,29 +250,29 @@ def network(args): @@ -249,29 +251,29 @@ def network(args):
if i[0] not in all_ports: if i[0] not in all_ports:
all_ports.append(i[0]) all_ports.append(i[0])
all_ports.sort() all_ports.sort()
@ -658929,7 +658970,7 @@ index 74fb347..6c7639f 100755
for a in args.applications: for a in args.applications:
d = sepolicy.get_init_transtype(a) d = sepolicy.get_init_transtype(a)
@@ -317,7 +318,7 @@ def manpage(args): @@ -317,7 +319,7 @@ def manpage(args):
for domain in test_domains: for domain in test_domains:
m = ManPage(domain, path, args.root,args.source_files, args.web) m = ManPage(domain, path, args.root,args.source_files, args.web)
@ -658938,7 +658979,7 @@ index 74fb347..6c7639f 100755
if args.web: if args.web:
HTMLManPages(manpage_roles, manpage_domains, path, args.os) HTMLManPages(manpage_roles, manpage_domains, path, args.os)
@@ -375,7 +376,7 @@ def communicate(args): @@ -375,7 +377,7 @@ def communicate(args):
out = list(set(writable) & set(readable)) out = list(set(writable) & set(readable))
for t in out: for t in out:
@ -658947,7 +658988,12 @@ index 74fb347..6c7639f 100755
def gen_communicate_args(parser): def gen_communicate_args(parser):
comm = parser.add_parser("communicate", comm = parser.add_parser("communicate",
@@ -400,7 +401,7 @@ def booleans(args): @@ -397,10 +399,12 @@ def booleans(args):
from sepolicy import boolean_desc
if args.all:
rc, args.booleans = selinux.security_get_boolean_names()
+ if util.PY3:
+ args.booleans = [util.decode_input(x) for x in args.booleans]
args.booleans.sort() args.booleans.sort()
for b in args.booleans: for b in args.booleans:
@ -658956,7 +659002,7 @@ index 74fb347..6c7639f 100755
def gen_booleans_args(parser): def gen_booleans_args(parser):
bools = parser.add_parser("booleans", bools = parser.add_parser("booleans",
@@ -435,19 +436,19 @@ def print_interfaces(interfaces, args, append=""): @@ -435,19 +439,19 @@ def print_interfaces(interfaces, args, append=""):
for i in interfaces: for i in interfaces:
if args.verbose: if args.verbose:
try: try:
@ -658981,7 +659027,7 @@ index 74fb347..6c7639f 100755
if args.list_admin: if args.list_admin:
print_interfaces(get_admin(args.file), args, "_admin") print_interfaces(get_admin(args.file), args, "_admin")
if args.list_user: if args.list_user:
@@ -458,7 +459,7 @@ def interface(args): @@ -458,7 +462,7 @@ def interface(args):
print_interfaces(args.interfaces, args) print_interfaces(args.interfaces, args)
def generate(args): def generate(args):
@ -658990,7 +659036,7 @@ index 74fb347..6c7639f 100755
cmd = None cmd = None
# numbers present POLTYPE defined in sepolicy.generate # numbers present POLTYPE defined in sepolicy.generate
conflict_args = {'TYPES':(NEWTYPE,), 'DOMAIN':(EUSER,), 'ADMIN_DOMAIN':(AUSER, RUSER, EUSER,)} conflict_args = {'TYPES':(NEWTYPE,), 'DOMAIN':(EUSER,), 'ADMIN_DOMAIN':(AUSER, RUSER, EUSER,)}
@@ -469,7 +470,7 @@ def generate(args): @@ -469,7 +473,7 @@ def generate(args):
for k in usage_dict: for k in usage_dict:
error_text += "%s" % (k) error_text += "%s" % (k)
print(generate_usage) print(generate_usage)
@ -658999,7 +659045,7 @@ index 74fb347..6c7639f 100755
sys.exit(1) sys.exit(1)
if args.policytype in APPLICATIONS: if args.policytype in APPLICATIONS:
@@ -514,7 +515,7 @@ def generate(args): @@ -514,7 +518,7 @@ def generate(args):
if args.policytype in APPLICATIONS: if args.policytype in APPLICATIONS:
mypolicy.gen_writeable() mypolicy.gen_writeable()
mypolicy.gen_symbols() mypolicy.gen_symbols()
@ -659008,7 +659054,7 @@ index 74fb347..6c7639f 100755
def gen_interface_args(parser): def gen_interface_args(parser):
itf = parser.add_parser("interface", itf = parser.add_parser("interface",
@@ -542,7 +543,7 @@ def gen_interface_args(parser): @@ -542,7 +546,7 @@ def gen_interface_args(parser):
itf.set_defaults(func=interface) itf.set_defaults(func=interface)
def gen_generate_args(parser): def gen_generate_args(parser):
@ -659017,7 +659063,7 @@ index 74fb347..6c7639f 100755
generate_usage = generate_custom_usage(usage, usage_dict) generate_usage = generate_custom_usage(usage, usage_dict)
@@ -552,7 +553,7 @@ def gen_generate_args(parser): @@ -552,7 +556,7 @@ def gen_generate_args(parser):
action=CheckDomain, nargs="*", action=CheckDomain, nargs="*",
help=_("Enter domain type which you will be extending")) help=_("Enter domain type which you will be extending"))
pol.add_argument("-u", "--user", dest="user", default=[], pol.add_argument("-u", "--user", dest="user", default=[],
@ -659026,7 +659072,7 @@ index 74fb347..6c7639f 100755
help=_("Enter SELinux user(s) which will transition to this domain")) help=_("Enter SELinux user(s) which will transition to this domain"))
pol.add_argument("-r", "--role", dest="role", default=[], pol.add_argument("-r", "--role", dest="role", default=[],
action=CheckRole, action=CheckRole,
@@ -566,7 +567,7 @@ def gen_generate_args(parser): @@ -566,7 +570,7 @@ def gen_generate_args(parser):
pol.add_argument("-T", "--test", dest="test", default=False, action="store_true", pol.add_argument("-T", "--test", dest="test", default=False, action="store_true",
help=argparse.SUPPRESS) help=argparse.SUPPRESS)
pol.add_argument("-t", "--type", dest="types", default=[], nargs="*", pol.add_argument("-t", "--type", dest="types", default=[], nargs="*",
@ -659035,7 +659081,7 @@ index 74fb347..6c7639f 100755
help="Enter type(s) for which you will generate new definition and rule(s)") help="Enter type(s) for which you will generate new definition and rule(s)")
pol.add_argument("-p", "--path", dest="path", default=os.getcwd(), pol.add_argument("-p", "--path", dest="path", default=os.getcwd(),
help=_("path in which the generated policy files will be stored")) help=_("path in which the generated policy files will be stored"))
@@ -590,8 +591,8 @@ def gen_generate_args(parser): @@ -590,8 +594,8 @@ def gen_generate_args(parser):
action="store_const", default=DAEMON, action="store_const", default=DAEMON,
help=_("Generate '%s' policy") % poltype[DAEMON]) help=_("Generate '%s' policy") % poltype[DAEMON])
@ -659046,7 +659092,7 @@ index 74fb347..6c7639f 100755
group.add_argument("--admin_user", dest="policytype", const=AUSER, group.add_argument("--admin_user", dest="policytype", const=AUSER,
action="store_const", action="store_const",
help=_("Generate '%s' policy") % poltype[AUSER]) help=_("Generate '%s' policy") % poltype[AUSER])
@@ -642,12 +643,12 @@ if __name__ == '__main__': @@ -642,12 +646,12 @@ if __name__ == '__main__':
args = parser.parse_args() args = parser.parse_args()
args.func(args) args.func(args)
sys.exit(0) sys.exit(0)
@ -659063,10 +659109,10 @@ index 74fb347..6c7639f 100755
+ print("Out") + print("Out")
sys.exit(0) sys.exit(0)
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
index 679725d..78a5c9e 100644 index 679725d..2e1bfec 100644
--- a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py --- a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py +++ b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
@@ -1,25 +1,29 @@ @@ -1,25 +1,30 @@
-#!/usr/bin/python -#!/usr/bin/python
+#!/usr/bin/python3 +#!/usr/bin/python3
@ -659080,6 +659126,7 @@ index 679725d..78a5c9e 100644
import gettext import gettext
import sepolgen.defaults as defaults import sepolgen.defaults as defaults
import sepolgen.interfaces as interfaces import sepolgen.interfaces as interfaces
+from sepolgen import util
import sys import sys
+import subprocess +import subprocess
gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@ -659102,7 +659149,7 @@ index 679725d..78a5c9e 100644
TYPE = _policy.TYPE TYPE = _policy.TYPE
ROLE = _policy.ROLE ROLE = _policy.ROLE
@@ -28,6 +32,8 @@ PORT = _policy.PORT @@ -28,6 +33,8 @@ PORT = _policy.PORT
USER = _policy.USER USER = _policy.USER
BOOLEAN = _policy.BOOLEAN BOOLEAN = _policy.BOOLEAN
TCLASS = _policy.CLASS TCLASS = _policy.CLASS
@ -659111,7 +659158,7 @@ index 679725d..78a5c9e 100644
ALLOW = 'allow' ALLOW = 'allow'
AUDITALLOW = 'auditallow' AUDITALLOW = 'auditallow'
@@ -44,8 +50,12 @@ def info(setype, name=None): @@ -44,8 +51,12 @@ def info(setype, name=None):
dict_list = _policy.info(setype, name) dict_list = _policy.info(setype, name)
return dict_list return dict_list
@ -659126,7 +659173,7 @@ index 679725d..78a5c9e 100644
valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
for setype in types: for setype in types:
if setype not in valid_types: if setype not in valid_types:
@@ -59,7 +69,7 @@ def search(types, info = {}): @@ -59,7 +70,7 @@ def search(types, info = {}):
dict_list = _policy.search(seinfo) dict_list = _policy.search(seinfo)
if dict_list and len(perms) != 0: if dict_list and len(perms) != 0:
@ -659135,7 +659182,7 @@ index 679725d..78a5c9e 100644
return dict_list return dict_list
def get_conditionals(src,dest,tclass,perm): def get_conditionals(src,dest,tclass,perm):
@@ -75,7 +85,7 @@ def get_conditionals(src,dest,tclass,perm): @@ -75,7 +86,7 @@ def get_conditionals(src,dest,tclass,perm):
allows=[] allows=[]
allows.append(i) allows.append(i)
try: try:
@ -659144,7 +659191,7 @@ index 679725d..78a5c9e 100644
tdict.update({'source':i['source'],'boolean':i['boolean']}) tdict.update({'source':i['source'],'boolean':i['boolean']})
if tdict not in tlist: if tdict not in tlist:
tlist.append(tdict) tlist.append(tdict)
@@ -86,12 +96,42 @@ def get_conditionals(src,dest,tclass,perm): @@ -86,12 +97,42 @@ def get_conditionals(src,dest,tclass,perm):
return (tlist) return (tlist)
def get_conditionals_format_text(cond): def get_conditionals_format_text(cond):
@ -659189,7 +659236,7 @@ index 679725d..78a5c9e 100644
file_type_str = {} file_type_str = {}
file_type_str["a"] = _("all files") file_type_str["a"] = _("all files")
file_type_str["f"] = _("regular file") file_type_str["f"] = _("regular file")
@@ -112,6 +152,44 @@ trans_file_type_str["-s"] = "s" @@ -112,6 +153,44 @@ trans_file_type_str["-s"] = "s"
trans_file_type_str["-l"] = "l" trans_file_type_str["-l"] = "l"
trans_file_type_str["-p"] = "p" trans_file_type_str["-p"] = "p"
@ -659234,7 +659281,7 @@ index 679725d..78a5c9e 100644
def get_file_types(setype): def get_file_types(setype):
flist=[] flist=[]
mpaths={} mpaths={}
@@ -169,7 +247,7 @@ def find_file(reg): @@ -169,7 +248,7 @@ def find_file(reg):
try: try:
pat = re.compile(r"%s$" % reg) pat = re.compile(r"%s$" % reg)
except: except:
@ -659243,7 +659290,7 @@ index 679725d..78a5c9e 100644
return [] return []
p = reg p = reg
if p.endswith("(/.*)?"): if p.endswith("(/.*)?"):
@@ -181,19 +259,19 @@ def find_file(reg): @@ -181,19 +260,19 @@ def find_file(reg):
if path[-1] != "/": # is pass in it breaks without try block if path[-1] != "/": # is pass in it breaks without try block
path += "/" path += "/"
except IndexError: except IndexError:
@ -659266,7 +659313,7 @@ index 679725d..78a5c9e 100644
if exe.endswith("_exec_t") and exe not in exclude_list: if exe.endswith("_exec_t") and exe not in exclude_list:
for path in executable_files[exe]: for path in executable_files[exe]:
for f in find_file(path): for f in find_file(path):
@@ -221,7 +299,7 @@ def read_file_equiv(edict, fc_path, modify): @@ -221,7 +300,7 @@ def read_file_equiv(edict, fc_path, modify):
f = e.split() f = e.split()
edict[f[0]] = { "equiv" : f[1], "modify" : modify } edict[f[0]] = { "equiv" : f[1], "modify" : modify }
return edict return edict
@ -659275,7 +659322,7 @@ index 679725d..78a5c9e 100644
file_equiv_modified=None file_equiv_modified=None
def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()): def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()):
global file_equiv_modified global file_equiv_modified
@@ -239,7 +317,7 @@ def get_file_equiv(fc_path = selinux.selinux_file_context_path()): @@ -239,7 +318,7 @@ def get_file_equiv(fc_path = selinux.selinux_file_context_path()):
file_equiv = get_file_equiv_modified(fc_path) file_equiv = get_file_equiv_modified(fc_path)
file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify = False) file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify = False)
return file_equiv return file_equiv
@ -659284,7 +659331,7 @@ index 679725d..78a5c9e 100644
local_files=None local_files=None
def get_local_file_paths(fc_path = selinux.selinux_file_context_path()): def get_local_file_paths(fc_path = selinux.selinux_file_context_path()):
global local_files global local_files
@@ -309,7 +387,7 @@ def get_fcdict(fc_path = selinux.selinux_file_context_path()): @@ -309,7 +388,7 @@ def get_fcdict(fc_path = selinux.selinux_file_context_path()):
def get_transitions_into(setype): def get_transitions_into(setype):
try: try:
@ -659293,7 +659340,7 @@ index 679725d..78a5c9e 100644
except TypeError: except TypeError:
pass pass
return None return None
@@ -323,7 +401,7 @@ def get_transitions(setype): @@ -323,7 +402,7 @@ def get_transitions(setype):
def get_file_transitions(setype): def get_file_transitions(setype):
try: try:
@ -659302,7 +659349,7 @@ index 679725d..78a5c9e 100644
except TypeError: except TypeError:
pass pass
return None return None
@@ -347,7 +425,7 @@ def get_all_entrypoints(): @@ -347,7 +426,7 @@ def get_all_entrypoints():
def get_entrypoint_types(setype): def get_entrypoint_types(setype):
entrypoints = [] entrypoints = []
try: try:
@ -659311,7 +659358,7 @@ index 679725d..78a5c9e 100644
except TypeError: except TypeError:
pass pass
return entrypoints return entrypoints
@@ -355,7 +433,7 @@ def get_entrypoint_types(setype): @@ -355,7 +434,7 @@ def get_entrypoint_types(setype):
def get_init_transtype(path): def get_init_transtype(path):
entrypoint = selinux.getfilecon(path)[1].split(":")[2] entrypoint = selinux.getfilecon(path)[1].split(":")[2]
try: try:
@ -659320,7 +659367,7 @@ index 679725d..78a5c9e 100644
if len(entrypoints) == 0: if len(entrypoints) == 0:
return None return None
return entrypoints[0]["transtype"] return entrypoints[0]["transtype"]
@@ -365,7 +443,7 @@ def get_init_transtype(path): @@ -365,7 +444,7 @@ def get_init_transtype(path):
def get_init_entrypoint(transtype): def get_init_entrypoint(transtype):
try: try:
@ -659329,7 +659376,7 @@ index 679725d..78a5c9e 100644
if len(entrypoints) == 0: if len(entrypoints) == 0:
return None return None
return entrypoints[0]["target"] return entrypoints[0]["target"]
@@ -375,7 +453,7 @@ def get_init_entrypoint(transtype): @@ -375,7 +454,7 @@ def get_init_entrypoint(transtype):
def get_init_entrypoint_target(entrypoint): def get_init_entrypoint_target(entrypoint):
try: try:
@ -659338,7 +659385,7 @@ index 679725d..78a5c9e 100644
return entrypoints[0] return entrypoints[0]
except TypeError: except TypeError:
pass pass
@@ -413,7 +491,7 @@ def get_methods(): @@ -413,7 +492,7 @@ def get_methods():
# List of per_role_template interfaces # List of per_role_template interfaces
ifs = interfaces.InterfaceSet() ifs = interfaces.InterfaceSet()
ifs.from_file(fd) ifs.from_file(fd)
@ -659347,7 +659394,7 @@ index 679725d..78a5c9e 100644
fd.close() fd.close()
except: except:
sys.stderr.write("could not open interface info [%s]\n" % fn) sys.stderr.write("could not open interface info [%s]\n" % fn)
@@ -426,7 +504,7 @@ all_types = None @@ -426,7 +505,7 @@ all_types = None
def get_all_types(): def get_all_types():
global all_types global all_types
if all_types == None: if all_types == None:
@ -659356,7 +659403,7 @@ index 679725d..78a5c9e 100644
return all_types return all_types
user_types = None user_types = None
@@ -468,7 +546,6 @@ portrecs = None @@ -468,7 +547,6 @@ portrecs = None
portrecsbynum = None portrecsbynum = None
def gen_interfaces(): def gen_interfaces():
@ -659364,7 +659411,7 @@ index 679725d..78a5c9e 100644
ifile = defaults.interface_info() ifile = defaults.interface_info()
headers = defaults.headers() headers = defaults.headers()
rebuild = False rebuild = False
@@ -480,7 +557,9 @@ def gen_interfaces(): @@ -480,7 +558,9 @@ def gen_interfaces():
if os.getuid() != 0: if os.getuid() != 0:
raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen"))
@ -659375,12 +659422,12 @@ index 679725d..78a5c9e 100644
def gen_port_dict(): def gen_port_dict():
global portrecs global portrecs
@@ -514,12 +593,26 @@ def get_all_domains(): @@ -514,12 +594,26 @@ def get_all_domains():
all_domains = info(ATTRIBUTE,"domain")[0]["types"] all_domains = info(ATTRIBUTE,"domain")[0]["types"]
return all_domains return all_domains
+def mls_cmp(x,y): +def mls_cmp(x,y):
+ return cmp(int(x[1:]), int(y[1:])) + return (int(x[1:]) > int(y[1:])) - (int(x[1:]) < int(y[1:]))
+ +
+mls_range = None +mls_range = None
+def get_mls_range(): +def get_mls_range():
@ -659389,7 +659436,7 @@ index 679725d..78a5c9e 100644
+ return mls_rangeroles + return mls_rangeroles
+ range_dict = info(SENS) + range_dict = info(SENS)
+ keys = range_dict.keys() + keys = range_dict.keys()
+ keys.sort(cmp=mls_cmp) + keys.sort(key=util.cmp_to_key(mls_cmp))
+ mls_range = "%s-%s" % (keys[0], range_dict[keys[-1]]) + mls_range = "%s-%s" % (keys[0], range_dict[keys[-1]])
+ return mls_range + return mls_range
+ +
@ -659403,7 +659450,7 @@ index 679725d..78a5c9e 100644
roles.remove("object_r") roles.remove("object_r")
roles.sort() roles.sort()
return roles return roles
@@ -552,7 +645,7 @@ def get_login_mappings(): @@ -552,7 +646,7 @@ def get_login_mappings():
return login_mappings return login_mappings
def get_all_users(): def get_all_users():
@ -659412,7 +659459,7 @@ index 679725d..78a5c9e 100644
users.sort() users.sort()
return users return users
@@ -700,7 +793,7 @@ all_attributes = None @@ -700,7 +794,7 @@ all_attributes = None
def get_all_attributes(): def get_all_attributes():
global all_attributes global all_attributes
if not all_attributes: if not all_attributes:
@ -659421,7 +659468,7 @@ index 679725d..78a5c9e 100644
return all_attributes return all_attributes
def policy(policy_file): def policy(policy_file):
@@ -730,7 +823,7 @@ def policy(policy_file): @@ -730,7 +824,7 @@ def policy(policy_file):
try: try:
policy_file = get_installed_policy() policy_file = get_installed_policy()
policy(policy_file) policy(policy_file)
@ -659430,7 +659477,7 @@ index 679725d..78a5c9e 100644
if selinux.is_selinux_enabled() == 1: if selinux.is_selinux_enabled() == 1:
raise e raise e
@@ -758,7 +851,7 @@ def get_bools(setype): @@ -758,7 +852,7 @@ def get_bools(setype):
bools = [] bools = []
domainbools = [] domainbools = []
domainname, short_name = gen_short_name(setype) domainname, short_name = gen_short_name(setype)
@ -659439,7 +659486,16 @@ index 679725d..78a5c9e 100644
for b in i: for b in i:
if not isinstance(b,tuple): if not isinstance(b,tuple):
continue continue
@@ -821,7 +914,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): @@ -779,6 +873,8 @@ def get_all_booleans():
global booleans
if not booleans:
booleans = selinux.security_get_boolean_names()[1]
+ if util.PY3:
+ booleans = [util.decode_input(x) for x in booleans]
return booleans
booleans_dict = None
@@ -821,7 +917,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
desc = i.find("desc").find("p").text.strip("\n") desc = i.find("desc").find("p").text.strip("\n")
desc = re.sub("\n", " ", desc) desc = re.sub("\n", " ", desc)
booleans_dict[i.get('name')] = ("global", i.get('dftval'), desc) booleans_dict[i.get('name')] = ("global", i.get('dftval'), desc)
@ -659448,7 +659504,7 @@ index 679725d..78a5c9e 100644
pass pass
return booleans_dict return booleans_dict
@@ -841,24 +934,14 @@ def boolean_desc(boolean): @@ -841,24 +937,14 @@ def boolean_desc(boolean):
return "Allow %s to %s" % (desc[0], " ".join(desc[1:])) return "Allow %s to %s" % (desc[0], " ".join(desc[1:]))
def get_os_version(): def get_os_version():
@ -659479,7 +659535,7 @@ index 679725d..78a5c9e 100644
def reinit(): def reinit():
global all_attributes global all_attributes
@@ -871,7 +954,7 @@ def reinit(): @@ -871,7 +957,7 @@ def reinit():
global file_types global file_types
global local_files global local_files
global methods global methods
@ -659526,7 +659582,7 @@ index 9b9a09a..b99b6d4 100755
return tlist return tlist
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/generate.py b/policycoreutils-2.4/sepolicy/sepolicy/generate.py diff --git a/policycoreutils-2.4/sepolicy/sepolicy/generate.py b/policycoreutils-2.4/sepolicy/sepolicy/generate.py
index 6b53035..340a10a 100644 index 6b53035..a06c6c4 100644
--- a/policycoreutils-2.4/sepolicy/sepolicy/generate.py --- a/policycoreutils-2.4/sepolicy/sepolicy/generate.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy/generate.py +++ b/policycoreutils-2.4/sepolicy/sepolicy/generate.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
@ -659535,7 +659591,7 @@ index 6b53035..340a10a 100644
# #
# Copyright (C) 2007-2012 Red Hat # Copyright (C) 2007-2012 Red Hat
# see file 'COPYING' for use and warranty information # see file 'COPYING' for use and warranty information
@@ -27,21 +27,21 @@ import sepolicy @@ -27,23 +27,24 @@ import sepolicy
from sepolicy import get_all_types, get_all_attributes, get_all_roles from sepolicy import get_all_types, get_all_attributes, get_all_roles
import time import time
@ -659571,8 +659627,11 @@ index 6b53035..340a10a 100644
+from .templates import user +from .templates import user
import sepolgen.interfaces as interfaces import sepolgen.interfaces as interfaces
import sepolgen.defaults as defaults import sepolgen.defaults as defaults
+from sepolgen import util
@@ -55,12 +55,15 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale") ##
## I18N
@@ -55,18 +56,26 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME) gettext.textdomain(PROGNAME)
try: try:
gettext.install(PROGNAME, gettext.install(PROGNAME,
@ -659592,7 +659651,18 @@ index 6b53035..340a10a 100644
def get_rpm_nvr_from_header(hdr): def get_rpm_nvr_from_header(hdr):
'Given an RPM header return the package NVR as a string' 'Given an RPM header return the package NVR as a string'
@@ -82,7 +85,7 @@ def get_rpm_nvr_list(package): name = hdr['name']
version = hdr['version']
release = hdr['release']
+ if util.PY3:
+ name = util.decode_input(name)
+ version = util.decode_input(version)
+ release = util.decode_input(release)
+
release_version = version+"-"+release.split(".")[0]
os_version = release.split(".")[1]
@@ -82,7 +91,7 @@ def get_rpm_nvr_list(package):
nvr = get_rpm_nvr_from_header(h) nvr = get_rpm_nvr_from_header(h)
break break
except: except:
@ -659601,7 +659671,7 @@ index 6b53035..340a10a 100644
nvr = None nvr = None
return nvr return nvr
@@ -98,7 +101,7 @@ def get_all_ports(): @@ -98,7 +107,7 @@ def get_all_ports():
return dict return dict
def get_all_users(): def get_all_users():
@ -659610,7 +659680,7 @@ index 6b53035..340a10a 100644
users.remove("system_u") users.remove("system_u")
users.remove("root") users.remove("root")
users.sort() users.sort()
@@ -141,13 +144,13 @@ poltype[RUSER] = _("Confined Root Administrator Role") @@ -141,13 +150,13 @@ poltype[RUSER] = _("Confined Root Administrator Role")
poltype[NEWTYPE] = _("Module information for a new type") poltype[NEWTYPE] = _("Module information for a new type")
def get_poltype_desc(): def get_poltype_desc():
@ -659626,7 +659696,7 @@ index 6b53035..340a10a 100644
APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ] APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ]
USERS = [ XUSER, TUSER, LUSER, AUSER, RUSER] USERS = [ XUSER, TUSER, LUSER, AUSER, RUSER]
@@ -181,7 +184,7 @@ def verify_ports(ports): @@ -181,7 +190,7 @@ def verify_ports(ports):
class policy: class policy:
@ -659635,7 +659705,7 @@ index 6b53035..340a10a 100644
self.rpms = [] self.rpms = []
self.ports = [] self.ports = []
self.all_roles = get_all_roles() self.all_roles = get_all_roles()
@@ -190,14 +193,14 @@ class policy: @@ -190,14 +199,14 @@ class policy:
if type not in poltype: if type not in poltype:
raise ValueError(_("You must enter a valid policy type")) raise ValueError(_("You must enter a valid policy type"))
@ -659655,7 +659725,7 @@ index 6b53035..340a10a 100644
self.symbols = {} self.symbols = {}
self.symbols["openlog"] = "set_use_kerberos(True)" self.symbols["openlog"] = "set_use_kerberos(True)"
@@ -289,32 +292,32 @@ class policy: @@ -289,32 +298,32 @@ class policy:
self.symbols["audit_control"] = "add_capability('audit_control')" self.symbols["audit_control"] = "add_capability('audit_control')"
self.symbols["setfcap"] = "add_capability('setfcap')" self.symbols["setfcap"] = "add_capability('setfcap')"
@ -659711,7 +659781,7 @@ index 6b53035..340a10a 100644
( self.generate_daemon_types, self.generate_daemon_rules), \ ( self.generate_daemon_types, self.generate_daemon_rules), \
( self.generate_dbusd_types, self.generate_dbusd_rules), \ ( self.generate_dbusd_types, self.generate_dbusd_rules), \
( self.generate_inetd_types, self.generate_inetd_rules), \ ( self.generate_inetd_types, self.generate_inetd_rules), \
@@ -331,47 +334,47 @@ class policy: @@ -331,47 +340,47 @@ class policy:
if not re.match(r"^[a-zA-Z0-9-_]+$", name): if not re.match(r"^[a-zA-Z0-9-_]+$", name):
raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
@ -659790,7 +659860,7 @@ index 6b53035..340a10a 100644
self.roles = [] self.roles = []
def __isnetset(self, l): def __isnetset(self, l):
@@ -414,162 +417,162 @@ class policy: @@ -414,162 +423,162 @@ class policy:
return self.use_tcp() or self.use_udp() return self.use_tcp() or self.use_udp()
def find_port(self, port, protocol="tcp"): def find_port(self, port, protocol="tcp"):
@ -660015,7 +660085,7 @@ index 6b53035..340a10a 100644
newte ="" newte =""
if self.use_mail: if self.use_mail:
newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules) newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules)
@@ -589,7 +592,7 @@ allow %s_t %s_t:%s_socket name_%s; @@ -589,7 +598,7 @@ allow %s_t %s_t:%s_socket name_%s;
""" % (port_name, self.name, port_name, protocol, action) """ % (port_name, self.name, port_name, protocol, action)
return line return line
@ -660024,7 +660094,7 @@ index 6b53035..340a10a 100644
for i in self.in_tcp[PORTS]: for i in self.in_tcp[PORTS]:
rec = self.find_port(int(i), "tcp") rec = self.find_port(int(i), "tcp")
if rec == None: if rec == None:
@@ -627,7 +630,7 @@ allow %s_t %s_t:%s_socket name_%s; @@ -627,7 +636,7 @@ allow %s_t %s_t:%s_socket name_%s;
return re.sub("TEMPLATETYPE", self.name, network.te_types) return re.sub("TEMPLATETYPE", self.name, network.te_types)
return "" return ""
@ -660033,7 +660103,7 @@ index 6b53035..340a10a 100644
for d in self.DEFAULT_DIRS: for d in self.DEFAULT_DIRS:
if file.find(d) == 0: if file.find(d) == 0:
self.DEFAULT_DIRS[d][1].append(file) self.DEFAULT_DIRS[d][1].append(file)
@@ -635,34 +638,34 @@ allow %s_t %s_t:%s_socket name_%s; @@ -635,34 +644,34 @@ allow %s_t %s_t:%s_socket name_%s;
self.DEFAULT_DIRS["rw"][1].append(file) self.DEFAULT_DIRS["rw"][1].append(file)
return self.DEFAULT_DIRS["rw"] return self.DEFAULT_DIRS["rw"]
@ -660078,7 +660148,7 @@ index 6b53035..340a10a 100644
newte = "" newte = ""
self.processes.sort() self.processes.sort()
if len(self.processes) > 0: if len(self.processes) > 0:
@@ -670,9 +673,9 @@ allow %s_t %s_t:%s_socket name_%s; @@ -670,9 +679,9 @@ allow %s_t %s_t:%s_socket name_%s;
return newte return newte
@ -660091,7 +660161,7 @@ index 6b53035..340a10a 100644
newte = "\n" newte = "\n"
newte += re.sub("TEMPLATETYPE", self.name, network.te_network) newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
@@ -725,7 +728,7 @@ allow %s_t %s_t:%s_socket name_%s; @@ -725,7 +734,7 @@ allow %s_t %s_t:%s_socket name_%s;
for i in self.found_udp_ports: for i in self.found_udp_ports:
newte += i newte += i
@ -660100,7 +660170,7 @@ index 6b53035..340a10a 100644
def generate_transition_rules(self): def generate_transition_rules(self):
newte = "" newte = ""
@@ -750,11 +753,11 @@ allow %s_t %s_t:%s_socket name_%s; @@ -750,11 +759,11 @@ allow %s_t %s_t:%s_socket name_%s;
tmp = re.sub("TEMPLATETYPE", name, user.te_admin_domain_rules) tmp = re.sub("TEMPLATETYPE", name, user.te_admin_domain_rules)
if role not in self.all_roles: if role not in self.all_roles:
tmp = re.sub(role, "system_r", tmp) tmp = re.sub(role, "system_r", tmp)
@ -660115,7 +660185,7 @@ index 6b53035..340a10a 100644
if self.type == RUSER: if self.type == RUSER:
newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules) newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
@@ -772,7 +775,7 @@ allow %s_t %s_t:%s_socket name_%s; @@ -772,7 +781,7 @@ allow %s_t %s_t:%s_socket name_%s;
return newte return newte
@ -660124,7 +660194,7 @@ index 6b53035..340a10a 100644
newif = "" newif = ""
if self.use_dbus: if self.use_dbus:
newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules) newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules)
@@ -808,31 +811,31 @@ allow %s_t %s_t:%s_socket name_%s; @@ -808,31 +817,31 @@ allow %s_t %s_t:%s_socket name_%s;
return "" return ""
@ -660173,7 +660243,7 @@ index 6b53035..340a10a 100644
if len(self.existing_domains) == 0: if len(self.existing_domains) == 0:
raise ValueError(_("'%s' policy modules require existing domains") % poltype[self.type]) raise ValueError(_("'%s' policy modules require existing domains") % poltype[self.type])
newte = re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types) newte = re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
@@ -844,27 +847,27 @@ allow %s_t %s_t:%s_socket name_%s; @@ -844,27 +853,27 @@ allow %s_t %s_t:%s_socket name_%s;
role = d.split("_t")[0] + "_r" role = d.split("_t")[0] + "_r"
if role in self.all_roles: if role in self.all_roles:
newte += """ newte += """
@ -660210,7 +660280,7 @@ index 6b53035..340a10a 100644
newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types) newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
break break
@@ -876,46 +879,46 @@ allow %s_t %s_t:%s_socket name_%s; @@ -876,46 +885,46 @@ allow %s_t %s_t:%s_socket name_%s;
return newte return newte
@ -660270,7 +660340,7 @@ index 6b53035..340a10a 100644
newif = "" newif = ""
for t in self.types: for t in self.types:
for i in self.DEFAULT_EXT: for i in self.DEFAULT_EXT:
@@ -925,46 +928,46 @@ allow %s_t %s_t:%s_socket name_%s; @@ -925,46 +934,46 @@ allow %s_t %s_t:%s_socket name_%s;
break break
return newif return newif
@ -660342,7 +660412,7 @@ index 6b53035..340a10a 100644
newif ="" newif =""
if self.use_terminal or self.type == USER: if self.use_terminal or self.type == USER:
newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules) newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
@@ -973,7 +976,7 @@ allow %s_t %s_t:%s_socket name_%s; @@ -973,7 +982,7 @@ allow %s_t %s_t:%s_socket name_%s;
newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules) newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules)
return newif return newif
@ -660351,7 +660421,7 @@ index 6b53035..340a10a 100644
newif = "" newif = ""
newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules) newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules)
if self.program: if self.program:
@@ -982,8 +985,8 @@ allow %s_t %s_t:%s_socket name_%s; @@ -982,8 +991,8 @@ allow %s_t %s_t:%s_socket name_%s;
newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules) newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
for d in self.DEFAULT_KEYS: for d in self.DEFAULT_KEYS:
@ -660362,7 +660432,7 @@ index 6b53035..340a10a 100644
for i in self.DEFAULT_DIRS[d][1]: for i in self.DEFAULT_DIRS[d][1]:
if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules) newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
@@ -995,17 +998,17 @@ allow %s_t %s_t:%s_socket name_%s; @@ -995,17 +1004,17 @@ allow %s_t %s_t:%s_socket name_%s;
newif += self.generate_new_type_if() newif += self.generate_new_type_if()
newif += self.generate_new_rules() newif += self.generate_new_rules()
@ -660385,7 +660455,7 @@ index 6b53035..340a10a 100644
newte = "" newte = ""
if self.type in ( TUSER, XUSER, AUSER, LUSER ): if self.type in ( TUSER, XUSER, AUSER, LUSER ):
roles = "" roles = ""
@@ -1017,12 +1020,12 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1017,12 +1026,12 @@ allow %s_t %s_t:%s_socket name_%s;
newte += re.sub("ROLE", role, tmp) newte += re.sub("ROLE", role, tmp)
return newte return newte
@ -660403,7 +660473,7 @@ index 6b53035..340a10a 100644
newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
if self.type != EUSER: if self.type != EUSER:
@@ -1034,14 +1037,14 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1034,14 +1043,14 @@ allow %s_t %s_t:%s_socket name_%s;
""" % self.name """ % self.name
newte += self.generate_capabilities() newte += self.generate_capabilities()
newte += self.generate_process() newte += self.generate_process()
@ -660424,7 +660494,7 @@ index 6b53035..340a10a 100644
if self.type == EUSER: if self.type == EUSER:
newte_tmp = "" newte_tmp = ""
for domain in self.existing_domains: for domain in self.existing_domains:
@@ -1059,40 +1062,40 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1059,40 +1068,40 @@ allow %s_t %s_t:%s_socket name_%s;
newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules) newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
break break
@ -660492,7 +660562,7 @@ index 6b53035..340a10a 100644
fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2)) fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2))
if self.type in USERS + [ SANDBOX ]: if self.type in USERS + [ SANDBOX ]:
@@ -1112,9 +1115,9 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1112,9 +1121,9 @@ allow %s_t %s_t:%s_socket name_%s;
fclist.sort() fclist.sort()
newfc="\n".join(fclist) newfc="\n".join(fclist)
@ -660504,7 +660574,7 @@ index 6b53035..340a10a 100644
newsh = "" newsh = ""
if self.type not in ( TUSER, XUSER, AUSER, LUSER, RUSER): if self.type not in ( TUSER, XUSER, AUSER, LUSER, RUSER):
return newsh return newsh
@@ -1140,7 +1143,7 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1140,7 +1149,7 @@ allow %s_t %s_t:%s_socket name_%s;
return newsh return newsh
@ -660513,7 +660583,7 @@ index 6b53035..340a10a 100644
temp = re.sub("TEMPLATETYPE", self.file_name, script.compile) temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
temp = re.sub("DOMAINTYPE", self.name, temp) temp = re.sub("DOMAINTYPE", self.name, temp)
if self.type == EUSER: if self.type == EUSER:
@@ -1154,11 +1157,11 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1154,11 +1163,11 @@ allow %s_t %s_t:%s_socket name_%s;
if self.initscript != "": if self.initscript != "":
newsh += re.sub("FILENAME", self.initscript, script.restorecon) newsh += re.sub("FILENAME", self.initscript, script.restorecon)
@ -660529,7 +660599,7 @@ index 6b53035..340a10a 100644
for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]: for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
if self.find_port(i,"tcp") == None: if self.find_port(i,"tcp") == None:
@@ -1167,97 +1170,99 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1167,97 +1176,99 @@ allow %s_t %s_t:%s_socket name_%s;
for i in self.in_udp[PORTS]: for i in self.in_udp[PORTS]:
if self.find_port(i,"udp") == None: if self.find_port(i,"udp") == None:
@ -660712,7 +660782,7 @@ index 6b53035..340a10a 100644
for b in self.DEFAULT_DIRS: for b in self.DEFAULT_DIRS:
if b == "/etc": if b == "/etc":
continue continue
@@ -1267,8 +1272,9 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1267,8 +1278,9 @@ allow %s_t %s_t:%s_socket name_%s;
else: else:
self.add_dir(fname) self.add_dir(fname)
@ -660724,7 +660794,7 @@ index 6b53035..340a10a 100644
for b in self.DEFAULT_DIRS: for b in self.DEFAULT_DIRS:
if b == "/etc": if b == "/etc":
continue continue
@@ -1281,8 +1287,8 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1281,8 +1293,8 @@ allow %s_t %s_t:%s_socket name_%s;
# some packages have own systemd subpackage # some packages have own systemd subpackage
# tor-systemd for example # tor-systemd for example
binary_name = self.program.split("/")[-1] binary_name = self.program.split("/")[-1]
@ -660735,7 +660805,7 @@ index 6b53035..340a10a 100644
for b in self.DEFAULT_DIRS: for b in self.DEFAULT_DIRS:
if b == "/etc": if b == "/etc":
continue continue
@@ -1316,10 +1322,10 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1316,10 +1328,10 @@ allow %s_t %s_t:%s_socket name_%s;
if os.path.isfile("/etc/rc.d/init.d/%s" % self.name): if os.path.isfile("/etc/rc.d/init.d/%s" % self.name):
self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name) self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name)
@ -660748,7 +660818,7 @@ index 6b53035..340a10a 100644
temp_dirs = [] temp_dirs = []
try: try:
temp_basepath = self.DEFAULT_DIRS[p][1][0] + "/" temp_basepath = self.DEFAULT_DIRS[p][1][0] + "/"
@@ -1334,9 +1340,9 @@ allow %s_t %s_t:%s_socket name_%s; @@ -1334,9 +1346,9 @@ allow %s_t %s_t:%s_socket name_%s;
if len(temp_dirs) is not 0: if len(temp_dirs) is not 0:
for i in temp_dirs: for i in temp_dirs:
@ -660760,7 +660830,7 @@ index 6b53035..340a10a 100644
del(self.files[i]) del(self.files[i])
else: else:
continue continue
@@ -1358,10 +1364,10 @@ Warning %s does not exist @@ -1358,10 +1370,10 @@ Warning %s does not exist
for s in fd.read().split(): for s in fd.read().split():
for b in self.symbols: for b in self.symbols:
if s.startswith(b): if s.startswith(b):
@ -661563,7 +661633,7 @@ index bbabb3b..29370ee 100644
os.remove(v) os.remove(v)
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py diff --git a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
index ba15b2c..b12f379 100755 index ba15b2c..4da25b9 100755
--- a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py --- a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py +++ b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
@ -661802,7 +661872,7 @@ index ba15b2c..b12f379 100755
+ except subprocess.CalledProcessError as e: + except subprocess.CalledProcessError as e:
+ sys.stderr.write(e.output) + sys.stderr.write(e.output)
+ return + return
+ fd = open(html_manpage,'w') + fd = open(html_manpage,'wb')
+ fd.write(man_page) + fd.write(man_page)
+ fd.close() + fd.close()
+ print(html_manpage) + print(html_manpage)

7
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.4 Version: 2.4
Release: 8%{?dist} Release: 9%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
# HEAD https://github.com/fedora-selinux/selinux/commit/38d05b08329cb56bba1e64a37b9b166f2fa9f85c # HEAD https://github.com/fedora-selinux/selinux/commit/997cfe77c75093964f3952754f767f2d375f5cb5
Patch: policycoreutils-rhat.patch Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch Patch1: sepolgen-rhat.patch
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
@ -399,6 +399,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Thu Aug 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-9
- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
* Thu Aug 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-8 * Thu Aug 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-8
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564) - Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)

25
sepolgen-rhat.patch
View File

@ -122,7 +122,7 @@ index cf13210..60ff4e9 100644
else: else:
role_type = refpolicy.RoleType() role_type = refpolicy.RoleType()
diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py diff --git a/sepolgen-1.2.2/src/sepolgen/audit.py b/sepolgen-1.2.2/src/sepolgen/audit.py
index 56919be..1c94daa 100644 index 56919be..dad0724 100644
--- a/sepolgen-1.2.2/src/sepolgen/audit.py --- a/sepolgen-1.2.2/src/sepolgen/audit.py
+++ b/sepolgen-1.2.2/src/sepolgen/audit.py +++ b/sepolgen-1.2.2/src/sepolgen/audit.py
@@ -17,11 +17,12 @@ @@ -17,11 +17,12 @@
@ -206,7 +206,7 @@ index 56919be..1c94daa 100644
self.by_header[msg.header].append(msg) self.by_header[msg.header].append(msg)
else: else:
self.by_header[msg.header] = [msg] self.by_header[msg.header] = [msg]
@@ -492,6 +506,68 @@ class AuditParser: @@ -492,6 +506,61 @@ class AuditParser:
return role_types return role_types
@ -231,9 +231,6 @@ index 56919be..1c94daa 100644
+ stderr=subprocess.STDOUT, + stderr=subprocess.STDOUT,
+ shell=True, + shell=True,
+ universal_newlines=True) + universal_newlines=True)
+ if util.PY3:
+ output = util.decode_input(output)
+
+ try: + try:
+ ino = int(inode) + ino = int(inode)
+ except ValueError: + except ValueError:
@ -250,14 +247,11 @@ index 56919be..1c94daa 100644
+ return path + return path
+ +
+ def __store_base_types(self): + def __store_base_types(self):
+ # FIXME: this is a temporary workaround until sepolicy is ported to python 3 + import sepolicy
+ # import sepolicy + self.base_types = sepolicy.get_types_from_attribute("base_file_type")
+ # self.base_types = sepolicy.get_types_from_attribute("base_file_type")
+ self.base_types = []
+ +
+ def __get_base_type(self, tcontext, scontext): + def __get_base_type(self, tcontext, scontext):
+ # FIXME: uncomment the following code when sepolicy is ported to python 3 + import sepolicy
+ # import sepolicy
+ # Prevent unnecessary searching + # Prevent unnecessary searching
+ if (self.old_scontext == scontext and + if (self.old_scontext == scontext and
+ self.old_tcontext == tcontext): + self.old_tcontext == tcontext):
@ -266,16 +260,15 @@ index 56919be..1c94daa 100644
+ self.old_tcontext = tcontext + self.old_tcontext = tcontext
+ for btype in self.base_types: + for btype in self.base_types:
+ if btype == tcontext: + if btype == tcontext:
+ # FIXME: uncomment the following code when sepolicy is ported to python 3 + for writable in sepolicy.get_writable_files(scontext):
+ # for writable in sepolicy.get_writable_files(scontext): + if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
+ # if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")): + return writable
+ # return writable
+ return 0 + return 0
+ +
def to_access(self, avc_filter=None, only_denials=True): def to_access(self, avc_filter=None, only_denials=True):
"""Convert the audit logs access into a an access vector set. """Convert the audit logs access into a an access vector set.
@@ -510,16 +586,23 @@ class AuditParser: @@ -510,16 +579,23 @@ class AuditParser:
audit logs parsed by this object. audit logs parsed by this object.
""" """
av_set = access.AccessVectorSet() av_set = access.AccessVectorSet()