From a7709423743a012413e633dd4114e18da092bcb6 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Thu, 17 Nov 2005 15:38:45 +0000
Subject: [PATCH] *** empty log message ***

---
 policycoreutils-rhat.patch | 206 ++++++++++++++++++++++++-------------
 policycoreutils.spec       |   8 +-
 2 files changed, 141 insertions(+), 73 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index aa755f1..dc21a26 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow
 --- nsapolicycoreutils/audit2allow/audit2allow	2005-09-12 16:33:30.000000000 -0400
-+++ policycoreutils-1.27.28/audit2allow/audit2allow	2005-11-16 23:07:04.000000000 -0500
++++ policycoreutils-1.27.28/audit2allow/audit2allow	2005-11-17 10:26:24.000000000 -0500
 @@ -1,7 +1,12 @@
 -#!/usr/bin/perl
 -
@@ -17,7 +17,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
  #
  #    This program is free software; you can redistribute it and/or
  #    modify it under the terms of the GNU General Public License as
-@@ -17,148 +22,255 @@
+@@ -17,148 +22,316 @@
  #    along with this program; if not, write to the Free Software
  #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
  #                                        02111-1307  USA
@@ -268,23 +268,25 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
 +		if type not in self.types:
 +				self.types.append(type)
 +
-+	def module_out(self, module):
++	def gen_module(self, module):
++		return "module %s 1.0;" % module
++
++	def gen_requires(self):
 +		self.roles.sort()
 +		self.types.sort()
 +		keys=self.seclasses.keys()
 +		keys.sort()
-+		rec="module %s 1.0;" % module
-+		rec+="\n\nrequire {\n"
++		rec="\n\nrequire {\n"
 +		for i in self.roles:
 +			rec += "\trole %s; \n" % i
 +		rec += "\n\n" 
 +		for i in keys:
 +			access=self.seclasses[i]
 +			access.sort()
-+			rec+="\tclass %s { " % i
++			rec += "\tclass %s { " % i
 +			for a in access:
-+				rec+=" %s" % a
-+			rec+=" }; \n"
++				rec += " %s" % a
++			rec += " }; \n"
 +		rec += "\n\n" 
 +			
 +		for i in self.types:
@@ -342,79 +344,139 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
 -        -o      append output to <outputfile>\n";
 -	exit;
 -}
-+	def out(self, module):
+-
++	def out(self, require=0, module=""):
 +		rec=""
++		if len(self.allowRules.keys())==0:
++		       raise(ValueError("No AVC messages found."))
 +		if module!="":
-+			rec+=self.module_out(module)
++			rec += self.gen_module(module)
++			rec += self.gen_requires()
++		else:
++			if requires:
++				rec+=self.gen_requires()
++			
 +		for i in self.allowRules.keys():
 +			rec += self.allowRules[i].out(verbose)+"\n"
 +		return rec
 +
-+def usage():
-+	print 'audit2allow [-a] [-d] [-l] [-v] [-i <inputfile> ] [-m <modulename> ] [-o <outputfile>]\n\
-+        -a      read input from audit and message log\n\
-+        -d      read input from output of /bin/dmesg\n\
-+        -i      read input from <inputfile> conflicts with -a\n\
-+        -l      read input only after last \"load_policy\"\n\
-+        -m      module output <modulename> \n\
-+        -o      append output to <outputfile>\n\
-+        -v      verbose output\n\
-+	'
-+	sys.exit(1)
++if __name__ == '__main__':
 +
-+def errorExit(error):
-+	sys.stderr.write("%s exiting for: " % sys.argv[0])
-+	sys.stderr.write("%s\n" % error)
-+	sys.stderr.flush()
-+	sys.exit(1)
- 
-+#
-+# This script will generate home dir file context
-+# based off the homedir_template file, entries in the password file, and
-+#
-+try:
-+	last_reload=0
-+	input=sys.stdin
-+	output=sys.stdout
-+	module=""
-+	verbose=0
-+	auditlogs=0
-+	gopts, cmds = getopt.getopt(sys.argv[1:], 'avdo:hli:m:', ['help',
-+						'last_reload='])
-+	for o,a in gopts:
-+		if o == '--last_reload' or o == "-l":
-+			last_reload=1
-+		if o == "-v":
-+			verbose=1
-+		if o == "-a":
-+			input=open("/var/log/messages", "r")
-+			auditlogs=1
-+		if o == "-i":
-+			if auditlogs:
++	def usage():
++		print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
++		-a, --all        read input from audit and message log, conflicts with -i\n\
++		-d, --dmesg      read input from output of /bin/dmesg\n\
++		-h, --help       display this message\n\
++		-i, --input      read input from <inputfile> conflicts with -a\n\
++		-l, --lastreload read input only after last \"load_policy\"\n\
++		-m, --module     generate module/require output <modulename> \n\
++		-M               generate loadable module package, conflicts with -o\n\
++		-o, --output     append output to <outputfile>, conflicts with -M\n\
++		-r, --requires   generate require output \n\
++		-v, --verbose    verbose output\n\
++		'
++		sys.exit(1)
++		
++	def errorExit(error):
++		sys.stderr.write("%s: " % sys.argv[0])
++		sys.stderr.write("%s\n" % error)
++		sys.stderr.flush()
++		sys.exit(1)
++
++	#
++	# 
++	#
++	try:
++		last_reload=0
++		input=sys.stdin
++		output=sys.stdout
++		module=""
++		requires=0
++		verbose=0
++		auditlogs=0
++		buildPP=0
++		input_ind=0
++		output_ind=0
++		gopts, cmds = getopt.getopt(sys.argv[1:],
++					    'adhi:lm:M:o:rv',
++					    ['all',
++					     'dmesg',
++					     'help',
++					     'input=',
++					     'lastreload',
++					     'module=',
++					     'output=',
++					     'requires'
++					     'verbose'
++					     ])
++		for o,a in gopts:
++			if o == "-a" or o == "--all":
++				if input_ind:
++					usage()
++				input=open("/var/log/messages", "r")
++				auditlogs=1
++			if o == "-d"  or o == "--dmesg":
++				input=os.popen("/bin/dmesg", "r")
++			if o == "-h" or o == "--help":
 +				usage()
-+			input=open(a, "r")
-+		if o == "-m":
-+			module=a
-+		if o == '--help':
-+			usage()
-+		if o == "-d":
-+			input=os.popen("/bin/dmesg", "r")
-+		if o == "-o":
-+			output=open(a, "a")
-+	if len(cmds) != 0:
-+		usage()
-+	out=allowRecords(input, last_reload, verbose)
-+	if auditlogs:
-+		input=open("/var/log/audit/audit.log", "r")
-+	out.load(input)
-+	output.write(out.out(module))
++			if o == "-i"or o == "--input":
++				if auditlogs:
++					usage()
++				input_ind=1
++				input=open(a, "r")
++			if o == '--lastreload' or o == "-l":
++				last_reload=1
++			if o == "-m" or o == "--module":
++				if module != "":
++					usage()
++				module=a
++			if o == "-M":
++				if module != "" or output_ind:
++					usage()
++				module=a
++				outfile=a+".te"
++				buildPP=1
++				output=open(outfile, "w")
++			if o == "-r" or o == "--requires":
++				requires=1
++			if o == "-o" or o == "--output":
++				if module != "":
++					usage()
++				output=open(a, "a")
++				output_ind=1
++			if o == "-v" or o == "--verbose":
++				verbose=1
++			if len(cmds) != 0:
++				usage()
++		out=allowRecords(input, last_reload, verbose)
++		if auditlogs:
++			input=open("/var/log/audit/audit.log", "r")
++		out.load(input)
++		if buildPP:
++			print ("Generating type enforcment file: %s.te" % module)
++		output.write(out.out(requires, module))
++		if buildPP:
++			print ("Compiling policy: checkmodule -M -m -o %s.mod %s.te" % (module, module))
++			rc=commands.getstatusoutput("checkmodule -M -m -o %s.mod %s.te" % (module, module))
++			if rc[0]==0:
++				print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
++				rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
++				if rc[0]==0:
++					print ("\n*************** IMPORTANT ***********************\n")
++					print ("In order to load this newly created policy package,\nyou are required to execute \n\n\"semodule -i %s.pp\"\n\nto load the policy\n" % module)
++				else:
++					errorExit(rc[1])
++			else:
++				errorExit(rc[1])
 +
-+except getopt.error, error:
-+	errorExit(string.join("Options Error ", error))
-+except ValueError, error:
-+	errorExit(string.join("ValueError ", error))
-+except KeyboardInterrupt, error:
-+	sys.exit(0)
++	except getopt.error, error:
++		errorExit("Options Error " + error.msg)
++	except ValueError, error:
++		errorExit(error.args[0])
++	except IOError, error:
++		errorExit(error.args[1])
++	except KeyboardInterrupt, error:
++		sys.exit(0)
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl
 --- nsapolicycoreutils/audit2allow/audit2allow.perl	1969-12-31 19:00:00.000000000 -0500
 +++ policycoreutils-1.27.28/audit2allow/audit2allow.perl	2005-11-16 22:33:25.000000000 -0500
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2a854a2..e70f06b 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -3,7 +3,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.27.28
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -89,6 +89,12 @@ rm -rf ${RPM_BUILD_ROOT}
 
 %changelog
 
+* Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-3
+- Audit2allow
+	* Add more error checking
+	* Add gen policy package
+	* Add gen requires
+
 * Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
 - Update to match NSA
 	* Merged genhomedircon rewrite from Dan Walsh.