*** empty log message ***

This commit is contained in:
Daniel J Walsh 2005-11-17 15:38:45 +00:00
parent 6b6d439e72
commit a770942374
2 changed files with 141 additions and 73 deletions

View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400 --- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 23:07:04.000000000 -0500 +++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-17 10:26:24.000000000 -0500
@@ -1,7 +1,12 @@ @@ -1,7 +1,12 @@
-#!/usr/bin/perl -#!/usr/bin/perl
- -
@ -17,7 +17,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as # modify it under the terms of the GNU General Public License as
@@ -17,148 +22,255 @@ @@ -17,148 +22,316 @@
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA # 02111-1307 USA
@ -268,23 +268,25 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ if type not in self.types: + if type not in self.types:
+ self.types.append(type) + self.types.append(type)
+ +
+ def module_out(self, module): + def gen_module(self, module):
+ return "module %s 1.0;" % module
+
+ def gen_requires(self):
+ self.roles.sort() + self.roles.sort()
+ self.types.sort() + self.types.sort()
+ keys=self.seclasses.keys() + keys=self.seclasses.keys()
+ keys.sort() + keys.sort()
+ rec="module %s 1.0;" % module + rec="\n\nrequire {\n"
+ rec+="\n\nrequire {\n"
+ for i in self.roles: + for i in self.roles:
+ rec += "\trole %s; \n" % i + rec += "\trole %s; \n" % i
+ rec += "\n\n" + rec += "\n\n"
+ for i in keys: + for i in keys:
+ access=self.seclasses[i] + access=self.seclasses[i]
+ access.sort() + access.sort()
+ rec+="\tclass %s { " % i + rec += "\tclass %s { " % i
+ for a in access: + for a in access:
+ rec+=" %s" % a + rec += " %s" % a
+ rec+=" }; \n" + rec += " }; \n"
+ rec += "\n\n" + rec += "\n\n"
+ +
+ for i in self.types: + for i in self.types:
@ -342,79 +344,139 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
- -o append output to <outputfile>\n"; - -o append output to <outputfile>\n";
- exit; - exit;
-} -}
+ def out(self, module): -
+ def out(self, require=0, module=""):
+ rec="" + rec=""
+ if len(self.allowRules.keys())==0:
+ raise(ValueError("No AVC messages found."))
+ if module!="": + if module!="":
+ rec+=self.module_out(module) + rec += self.gen_module(module)
+ rec += self.gen_requires()
+ else:
+ if requires:
+ rec+=self.gen_requires()
+
+ for i in self.allowRules.keys(): + for i in self.allowRules.keys():
+ rec += self.allowRules[i].out(verbose)+"\n" + rec += self.allowRules[i].out(verbose)+"\n"
+ return rec + return rec
+ +
+def usage(): +if __name__ == '__main__':
+ print 'audit2allow [-a] [-d] [-l] [-v] [-i <inputfile> ] [-m <modulename> ] [-o <outputfile>]\n\
+ -a read input from audit and message log\n\
+ -d read input from output of /bin/dmesg\n\
+ -i read input from <inputfile> conflicts with -a\n\
+ -l read input only after last \"load_policy\"\n\
+ -m module output <modulename> \n\
+ -o append output to <outputfile>\n\
+ -v verbose output\n\
+ '
+ sys.exit(1)
+ +
+def errorExit(error): + def usage():
+ sys.stderr.write("%s exiting for: " % sys.argv[0]) + print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+ sys.stderr.write("%s\n" % error) + -a, --all read input from audit and message log, conflicts with -i\n\
+ sys.stderr.flush() + -d, --dmesg read input from output of /bin/dmesg\n\
+ sys.exit(1) + -h, --help display this message\n\
+ -i, --input read input from <inputfile> conflicts with -a\n\
+# + -l, --lastreload read input only after last \"load_policy\"\n\
+# This script will generate home dir file context + -m, --module generate module/require output <modulename> \n\
+# based off the homedir_template file, entries in the password file, and + -M generate loadable module package, conflicts with -o\n\
+# + -o, --output append output to <outputfile>, conflicts with -M\n\
+try: + -r, --requires generate require output \n\
+ last_reload=0 + -v, --verbose verbose output\n\
+ input=sys.stdin + '
+ output=sys.stdout + sys.exit(1)
+ module="" +
+ verbose=0 + def errorExit(error):
+ auditlogs=0 + sys.stderr.write("%s: " % sys.argv[0])
+ gopts, cmds = getopt.getopt(sys.argv[1:], 'avdo:hli:m:', ['help', + sys.stderr.write("%s\n" % error)
+ 'last_reload=']) + sys.stderr.flush()
+ for o,a in gopts: + sys.exit(1)
+ if o == '--last_reload' or o == "-l": +
+ last_reload=1 + #
+ if o == "-v": + #
+ verbose=1 + #
+ if o == "-a": + try:
+ input=open("/var/log/messages", "r") + last_reload=0
+ auditlogs=1 + input=sys.stdin
+ if o == "-i": + output=sys.stdout
+ if auditlogs: + module=""
+ requires=0
+ verbose=0
+ auditlogs=0
+ buildPP=0
+ input_ind=0
+ output_ind=0
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+ 'adhi:lm:M:o:rv',
+ ['all',
+ 'dmesg',
+ 'help',
+ 'input=',
+ 'lastreload',
+ 'module=',
+ 'output=',
+ 'requires'
+ 'verbose'
+ ])
+ for o,a in gopts:
+ if o == "-a" or o == "--all":
+ if input_ind:
+ usage()
+ input=open("/var/log/messages", "r")
+ auditlogs=1
+ if o == "-d" or o == "--dmesg":
+ input=os.popen("/bin/dmesg", "r")
+ if o == "-h" or o == "--help":
+ usage() + usage()
+ input=open(a, "r") + if o == "-i"or o == "--input":
+ if o == "-m": + if auditlogs:
+ module=a + usage()
+ if o == '--help': + input_ind=1
+ usage() + input=open(a, "r")
+ if o == "-d": + if o == '--lastreload' or o == "-l":
+ input=os.popen("/bin/dmesg", "r") + last_reload=1
+ if o == "-o": + if o == "-m" or o == "--module":
+ output=open(a, "a") + if module != "":
+ if len(cmds) != 0: + usage()
+ usage() + module=a
+ out=allowRecords(input, last_reload, verbose) + if o == "-M":
+ if auditlogs: + if module != "" or output_ind:
+ input=open("/var/log/audit/audit.log", "r") + usage()
+ out.load(input) + module=a
+ output.write(out.out(module)) + outfile=a+".te"
+ buildPP=1
+ output=open(outfile, "w")
+ if o == "-r" or o == "--requires":
+ requires=1
+ if o == "-o" or o == "--output":
+ if module != "":
+ usage()
+ output=open(a, "a")
+ output_ind=1
+ if o == "-v" or o == "--verbose":
+ verbose=1
+ if len(cmds) != 0:
+ usage()
+ out=allowRecords(input, last_reload, verbose)
+ if auditlogs:
+ input=open("/var/log/audit/audit.log", "r")
+ out.load(input)
+ if buildPP:
+ print ("Generating type enforcment file: %s.te" % module)
+ output.write(out.out(requires, module))
+ if buildPP:
+ print ("Compiling policy: checkmodule -M -m -o %s.mod %s.te" % (module, module))
+ rc=commands.getstatusoutput("checkmodule -M -m -o %s.mod %s.te" % (module, module))
+ if rc[0]==0:
+ print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
+ rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
+ if rc[0]==0:
+ print ("\n*************** IMPORTANT ***********************\n")
+ print ("In order to load this newly created policy package,\nyou are required to execute \n\n\"semodule -i %s.pp\"\n\nto load the policy\n" % module)
+ else:
+ errorExit(rc[1])
+ else:
+ errorExit(rc[1])
+ +
+except getopt.error, error: + except getopt.error, error:
+ errorExit(string.join("Options Error ", error)) + errorExit("Options Error " + error.msg)
+except ValueError, error: + except ValueError, error:
+ errorExit(string.join("ValueError ", error)) + errorExit(error.args[0])
+except KeyboardInterrupt, error: + except IOError, error:
+ sys.exit(0) + errorExit(error.args[1])
+ except KeyboardInterrupt, error:
+ sys.exit(0)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl
--- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 22:33:25.000000000 -0500 +++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 22:33:25.000000000 -0500

View File

@ -3,7 +3,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.27.28 Version: 1.27.28
Release: 2 Release: 3
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -89,6 +89,12 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog %changelog
* Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-3
- Audit2allow
* Add more error checking
* Add gen policy package
* Add gen requires
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2 * Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
- Update to match NSA - Update to match NSA
* Merged genhomedircon rewrite from Dan Walsh. * Merged genhomedircon rewrite from Dan Walsh.