policycoreutils-2.8-11

- sepolicy: Fix get_real_type_name to handle query failure properly - sepolicy: search() for dontaudit rules as well
2018-10-16 12:11:18 +02:00 · 2018-10-16 12:11:18 +02:00 · d0a54fbf96
commit d0a54fbf96
parent 10ed19a560
2 changed files with 20 additions and 8 deletions
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -12,7 +12,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 2.8
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
@ -37,7 +37,7 @@ Source22: gui-po.tgz
 Source23: sandbox-po.tgz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
-# HEAD https://github.com/fedora-selinux/selinux/commit/db1433d3b785eadb4eecf5c82430d57c92855a35
+# HEAD https://github.com/fedora-selinux/selinux/commit/f63677145675024f6a1dbdab595c0be1403bd592
 # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
 #   VERSION=2.8 ./make-fedora-selinux-patch.sh $i
 # done
@ -531,6 +531,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service

 %changelog
+* Tue Oct 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-11
+- sepolicy: Fix get_real_type_name to handle query failure properly
+- sepolicy: search() for dontaudit rules as well
+
 * Tue Oct  2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
 - semanage: "semanage user" does not use -s, fix documentation
 - semanage: add a missing space in ibendport help
--- a/selinux-python-fedora.patch
+++ b/selinux-python-fedora.patch
@ -1540,7 +1540,7 @@ index 141f64e..6287502 100755
             newval.append(v)
         setattr(namespace, self.dest, values)
 diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
-index 89346ab..e338af1 100644
+index 89346ab..c4f03f4 100644
 --- selinux-python-2.8/sepolicy/sepolicy/__init__.py
 +++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
@@ -15,7 +15,7 @@ import os
@ -1625,7 +1625,16 @@ index 89346ab..e338af1 100644
         pass
 
     return d
-@@ -437,6 +447,15 @@ def get_file_types(setype):
+@@ -334,6 +344,8 @@ def search(types, seinfo=None):
+         tertypes.append(NEVERALLOW)
+     if AUDITALLOW in types:
+         tertypes.append(AUDITALLOW)
+    if DONTAUDIT in types:
+        tertypes.append(DONTAUDIT)
+ 
+     if len(tertypes) > 0:
+         q = setools.TERuleQuery(_pol,
+@@ -437,6 +449,14 @@ def get_file_types(setype):
     return mpaths
 
 
@ -1634,14 +1643,13 @@ index 89346ab..e338af1 100644
 +def get_real_type_name(name):
 +    try:
 +        return next(info(TYPE, name))["name"]
-+    except RuntimeError:
+    except (RuntimeError, StopIteration):
 +        return None
-+
 +
 def get_writable_files(setype):
     file_types = get_all_file_types()
     all_writes = []
-@@ -1051,7 +1070,7 @@ def gen_short_name(setype):
+@@ -1051,7 +1071,7 @@ def gen_short_name(setype):
         domainname = setype[:-2]
     else:
         domainname = setype
@ -1650,7 +1658,7 @@ index 89346ab..e338af1 100644
         raise ValueError("domain %s_t does not exist" % domainname)
     if domainname[-1] == 'd':
         short_name = domainname[:-1] + "_"
-@@ -1160,27 +1179,14 @@ def boolean_desc(boolean):
+@@ -1160,27 +1180,14 @@ def boolean_desc(boolean):
 
 
 def get_os_version():