*** empty log message ***

This commit is contained in:
Daniel J Walsh 2005-11-17 15:38:45 +00:00
parent 6b6d439e72
commit a770942374
2 changed files with 141 additions and 73 deletions

View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 23:07:04.000000000 -0500
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-17 10:26:24.000000000 -0500
@@ -1,7 +1,12 @@
-#!/usr/bin/perl
-
@ -17,7 +17,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -17,148 +22,255 @@
@@ -17,148 +22,316 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA
@ -268,23 +268,25 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ if type not in self.types:
+ self.types.append(type)
+
+ def module_out(self, module):
+ def gen_module(self, module):
+ return "module %s 1.0;" % module
+
+ def gen_requires(self):
+ self.roles.sort()
+ self.types.sort()
+ keys=self.seclasses.keys()
+ keys.sort()
+ rec="module %s 1.0;" % module
+ rec+="\n\nrequire {\n"
+ rec="\n\nrequire {\n"
+ for i in self.roles:
+ rec += "\trole %s; \n" % i
+ rec += "\n\n"
+ for i in keys:
+ access=self.seclasses[i]
+ access.sort()
+ rec+="\tclass %s { " % i
+ rec += "\tclass %s { " % i
+ for a in access:
+ rec+=" %s" % a
+ rec+=" }; \n"
+ rec += " %s" % a
+ rec += " }; \n"
+ rec += "\n\n"
+
+ for i in self.types:
@ -342,79 +344,139 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
- -o append output to <outputfile>\n";
- exit;
-}
+ def out(self, module):
-
+ def out(self, require=0, module=""):
+ rec=""
+ if len(self.allowRules.keys())==0:
+ raise(ValueError("No AVC messages found."))
+ if module!="":
+ rec+=self.module_out(module)
+ rec += self.gen_module(module)
+ rec += self.gen_requires()
+ else:
+ if requires:
+ rec+=self.gen_requires()
+
+ for i in self.allowRules.keys():
+ rec += self.allowRules[i].out(verbose)+"\n"
+ return rec
+
+def usage():
+ print 'audit2allow [-a] [-d] [-l] [-v] [-i <inputfile> ] [-m <modulename> ] [-o <outputfile>]\n\
+ -a read input from audit and message log\n\
+ -d read input from output of /bin/dmesg\n\
+ -i read input from <inputfile> conflicts with -a\n\
+ -l read input only after last \"load_policy\"\n\
+ -m module output <modulename> \n\
+ -o append output to <outputfile>\n\
+ -v verbose output\n\
+ '
+ sys.exit(1)
+if __name__ == '__main__':
+
+def errorExit(error):
+ sys.stderr.write("%s exiting for: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+#
+# This script will generate home dir file context
+# based off the homedir_template file, entries in the password file, and
+#
+try:
+ last_reload=0
+ input=sys.stdin
+ output=sys.stdout
+ module=""
+ verbose=0
+ auditlogs=0
+ gopts, cmds = getopt.getopt(sys.argv[1:], 'avdo:hli:m:', ['help',
+ 'last_reload='])
+ for o,a in gopts:
+ if o == '--last_reload' or o == "-l":
+ last_reload=1
+ if o == "-v":
+ verbose=1
+ if o == "-a":
+ input=open("/var/log/messages", "r")
+ auditlogs=1
+ if o == "-i":
+ if auditlogs:
+ def usage():
+ print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+ -a, --all read input from audit and message log, conflicts with -i\n\
+ -d, --dmesg read input from output of /bin/dmesg\n\
+ -h, --help display this message\n\
+ -i, --input read input from <inputfile> conflicts with -a\n\
+ -l, --lastreload read input only after last \"load_policy\"\n\
+ -m, --module generate module/require output <modulename> \n\
+ -M generate loadable module package, conflicts with -o\n\
+ -o, --output append output to <outputfile>, conflicts with -M\n\
+ -r, --requires generate require output \n\
+ -v, --verbose verbose output\n\
+ '
+ sys.exit(1)
+
+ def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+
+ #
+ #
+ #
+ try:
+ last_reload=0
+ input=sys.stdin
+ output=sys.stdout
+ module=""
+ requires=0
+ verbose=0
+ auditlogs=0
+ buildPP=0
+ input_ind=0
+ output_ind=0
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+ 'adhi:lm:M:o:rv',
+ ['all',
+ 'dmesg',
+ 'help',
+ 'input=',
+ 'lastreload',
+ 'module=',
+ 'output=',
+ 'requires'
+ 'verbose'
+ ])
+ for o,a in gopts:
+ if o == "-a" or o == "--all":
+ if input_ind:
+ usage()
+ input=open("/var/log/messages", "r")
+ auditlogs=1
+ if o == "-d" or o == "--dmesg":
+ input=os.popen("/bin/dmesg", "r")
+ if o == "-h" or o == "--help":
+ usage()
+ input=open(a, "r")
+ if o == "-m":
+ module=a
+ if o == '--help':
+ usage()
+ if o == "-d":
+ input=os.popen("/bin/dmesg", "r")
+ if o == "-o":
+ output=open(a, "a")
+ if len(cmds) != 0:
+ usage()
+ out=allowRecords(input, last_reload, verbose)
+ if auditlogs:
+ input=open("/var/log/audit/audit.log", "r")
+ out.load(input)
+ output.write(out.out(module))
+ if o == "-i"or o == "--input":
+ if auditlogs:
+ usage()
+ input_ind=1
+ input=open(a, "r")
+ if o == '--lastreload' or o == "-l":
+ last_reload=1
+ if o == "-m" or o == "--module":
+ if module != "":
+ usage()
+ module=a
+ if o == "-M":
+ if module != "" or output_ind:
+ usage()
+ module=a
+ outfile=a+".te"
+ buildPP=1
+ output=open(outfile, "w")
+ if o == "-r" or o == "--requires":
+ requires=1
+ if o == "-o" or o == "--output":
+ if module != "":
+ usage()
+ output=open(a, "a")
+ output_ind=1
+ if o == "-v" or o == "--verbose":
+ verbose=1
+ if len(cmds) != 0:
+ usage()
+ out=allowRecords(input, last_reload, verbose)
+ if auditlogs:
+ input=open("/var/log/audit/audit.log", "r")
+ out.load(input)
+ if buildPP:
+ print ("Generating type enforcment file: %s.te" % module)
+ output.write(out.out(requires, module))
+ if buildPP:
+ print ("Compiling policy: checkmodule -M -m -o %s.mod %s.te" % (module, module))
+ rc=commands.getstatusoutput("checkmodule -M -m -o %s.mod %s.te" % (module, module))
+ if rc[0]==0:
+ print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
+ rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
+ if rc[0]==0:
+ print ("\n*************** IMPORTANT ***********************\n")
+ print ("In order to load this newly created policy package,\nyou are required to execute \n\n\"semodule -i %s.pp\"\n\nto load the policy\n" % module)
+ else:
+ errorExit(rc[1])
+ else:
+ errorExit(rc[1])
+
+except getopt.error, error:
+ errorExit(string.join("Options Error ", error))
+except ValueError, error:
+ errorExit(string.join("ValueError ", error))
+except KeyboardInterrupt, error:
+ sys.exit(0)
+ except getopt.error, error:
+ errorExit("Options Error " + error.msg)
+ except ValueError, error:
+ errorExit(error.args[0])
+ except IOError, error:
+ errorExit(error.args[1])
+ except KeyboardInterrupt, error:
+ sys.exit(0)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl
--- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 22:33:25.000000000 -0500

View File

@ -3,7 +3,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.27.28
Release: 2
Release: 3
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -89,6 +89,12 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-3
- Audit2allow
* Add more error checking
* Add gen policy package
* Add gen requires
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
- Update to match NSA
* Merged genhomedircon rewrite from Dan Walsh.