Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/setools.git#3c028107aa55cedfca8eaf589a6e26af214713d8
This commit is contained in:
parent
359a46d9b2
commit
06fa8f8533
1
.gitignore
vendored
1
.gitignore
vendored
@ -9,3 +9,4 @@ setools-3.3.8-f1e5b20.tar.bz2
|
||||
/4.2.1.tar.gz
|
||||
/4.2.2.tar.gz
|
||||
/4.3.0.tar.gz
|
||||
/05e90ee.tar.gz
|
||||
|
120
0001-Adapt-to-new-libsepol-filename-transition-structures.patch
Normal file
120
0001-Adapt-to-new-libsepol-filename-transition-structures.patch
Normal file
@ -0,0 +1,120 @@
|
||||
From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Fri, 17 Jul 2020 11:28:08 +0200
|
||||
Subject: [PATCH] Adapt to new libsepol filename transition structures
|
||||
|
||||
Adapt setools to the new libsepol internal API for filename transitions
|
||||
which allows for more efficient filename trans rule representation in
|
||||
memory and binary policy.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
setools/policyrep/sepol.pxd | 9 ++++----
|
||||
setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
|
||||
2 files changed, 39 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
|
||||
index 60bc58c28ebf..b07ddb78350f 100644
|
||||
--- a/setools/policyrep/sepol.pxd
|
||||
+++ b/setools/policyrep/sepol.pxd
|
||||
@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
|
||||
ctypedef cond_bool_datum cond_bool_datum_t
|
||||
|
||||
#
|
||||
- # filename_trans_t
|
||||
+ # filename_trans_key_t
|
||||
#
|
||||
- cdef struct filename_trans:
|
||||
- uint32_t stype
|
||||
+ cdef struct filename_trans_key:
|
||||
uint32_t ttype
|
||||
uint32_t tclass
|
||||
char *name
|
||||
|
||||
- ctypedef filename_trans filename_trans_t
|
||||
+ ctypedef filename_trans_key filename_trans_key_t
|
||||
|
||||
#
|
||||
# filename_trans_datum_t
|
||||
#
|
||||
cdef struct filename_trans_datum:
|
||||
+ ebitmap_t stypes
|
||||
uint32_t otype
|
||||
+ filename_trans_datum *next
|
||||
|
||||
ctypedef filename_trans_datum filename_trans_datum_t
|
||||
|
||||
diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
|
||||
index 3976586b7985..760c366f6c39 100644
|
||||
--- a/setools/policyrep/terule.pxi
|
||||
+++ b/setools/policyrep/terule.pxi
|
||||
@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
|
||||
readonly str filename
|
||||
|
||||
@staticmethod
|
||||
- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
|
||||
- sepol.filename_trans_datum_t *datum):
|
||||
+ cdef inline FileNameTERule factory(SELinuxPolicy policy,
|
||||
+ sepol.filename_trans_key_t *key,
|
||||
+ Type stype, size_t otype):
|
||||
"""Factory function for creating FileNameTERule objects."""
|
||||
cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
|
||||
r.policy = policy
|
||||
r.key = <uintptr_t>key
|
||||
r.ruletype = TERuletype.type_transition
|
||||
- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
|
||||
+ r.source = stype
|
||||
r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
|
||||
r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
|
||||
- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
|
||||
+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
|
||||
r.filename = intern(key.name)
|
||||
r.origin = None
|
||||
return r
|
||||
@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
|
||||
|
||||
"""Iterate over FileNameTERules in the policy."""
|
||||
|
||||
+ cdef:
|
||||
+ sepol.filename_trans_datum_t *datum
|
||||
+ TypeEbitmapIterator stypei
|
||||
+
|
||||
@staticmethod
|
||||
cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
|
||||
"""Factory function for creating FileNameTERule iterators."""
|
||||
@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
|
||||
i.reset()
|
||||
return i
|
||||
|
||||
+ def _next_stype(self):
|
||||
+ while True:
|
||||
+ if self.datum == NULL:
|
||||
+ super().__next__()
|
||||
+ self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
|
||||
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
|
||||
+ try:
|
||||
+ return next(self.stypei)
|
||||
+ except StopIteration:
|
||||
+ pass
|
||||
+ self.datum = self.datum.next
|
||||
+ if self.datum != NULL:
|
||||
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
|
||||
+
|
||||
def __next__(self):
|
||||
- super().__next__()
|
||||
- return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
|
||||
- <sepol.filename_trans_datum_t *>self.curr.datum)
|
||||
+ stype = self._next_stype()
|
||||
+ return FileNameTERule.factory(self.policy,
|
||||
+ <sepol.filename_trans_key_t *>self.curr.key,
|
||||
+ stype, self.datum.otype)
|
||||
+
|
||||
+ def __len__(self):
|
||||
+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
|
||||
+
|
||||
+ def reset(self):
|
||||
+ super().reset()
|
||||
+ self.datum = NULL
|
||||
--
|
||||
2.29.0
|
||||
|
@ -33,7 +33,7 @@ index 60861ca630a5..41e38a237b42 100755
|
||||
+import setools.dta
|
||||
|
||||
|
||||
def print_transition(trans):
|
||||
def print_transition(trans: setools.DomainTransition) -> None:
|
||||
@@ -114,7 +114,7 @@ else:
|
||||
|
||||
try:
|
||||
@ -56,7 +56,7 @@ index f10c39de4d8e..fee749a83bb5 100755
|
||||
import argparse
|
||||
import sys
|
||||
import logging
|
||||
@@ -101,7 +101,7 @@ elif args.booleans is not None:
|
||||
@@ -102,7 +102,7 @@ elif args.booleans is not None:
|
||||
try:
|
||||
p = setools.SELinuxPolicy(args.policy)
|
||||
m = setools.PermissionMap(args.map)
|
||||
@ -66,18 +66,18 @@ index f10c39de4d8e..fee749a83bb5 100755
|
||||
|
||||
if args.shortest_path or args.all_paths:
|
||||
diff --git a/setools/__init__.py b/setools/__init__.py
|
||||
index 26fa5aa34a19..b7e51c43c4bb 100644
|
||||
index d72d343e7e79..642485b9018d 100644
|
||||
--- a/setools/__init__.py
|
||||
+++ b/setools/__init__.py
|
||||
@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery
|
||||
@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
|
||||
from .devicetreeconquery import DevicetreeconQuery
|
||||
|
||||
# Information Flow Analysis
|
||||
-from .infoflow import InfoFlowAnalysis
|
||||
from .permmap import PermissionMap
|
||||
from .permmap import PermissionMap, RuleWeight, Mapping
|
||||
|
||||
-# Domain Transition Analysis
|
||||
-from .dta import DomainTransitionAnalysis
|
||||
-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
|
||||
-
|
||||
# Policy difference
|
||||
from .diff import PolicyDifference
|
||||
|
27
setools.spec
27
setools.spec
@ -1,26 +1,27 @@
|
||||
# % global setools_pre_ver rc
|
||||
# % global gitver f1e5b20
|
||||
%global setools_pre_ver 05e90ee
|
||||
%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d
|
||||
|
||||
%global sepol_ver 2.3-1
|
||||
%global selinux_ver 2.3-1
|
||||
%global sepol_ver 3.1-4
|
||||
%global selinux_ver 3.1-4
|
||||
|
||||
|
||||
Name: setools
|
||||
Version: 4.3.0
|
||||
Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
|
||||
Version: 4.4.0
|
||||
Release: 0.1.20201102git%{setools_pre_ver}%{?dist}
|
||||
Summary: Policy analysis tools for SELinux
|
||||
|
||||
License: GPLv2
|
||||
URL: https://github.com/SELinuxProject/setools/wiki
|
||||
Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
|
||||
Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
|
||||
Source1: setools.pam
|
||||
Source2: apol.desktop
|
||||
Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch
|
||||
Patch1001: 1001-Do-not-use-Werror-during-build.patch
|
||||
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||
Patch1003: 1003-Require-networkx-on-package-level.patch
|
||||
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
||||
BuildRequires: flex, bison
|
||||
BuildRequires: glibc-devel, gcc, git
|
||||
BuildRequires: glibc-devel, gcc, git-core
|
||||
BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
|
||||
BuildRequires: qt5-qtbase-devel
|
||||
BuildRequires: swig
|
||||
@ -95,7 +96,7 @@ Python modules designed to facilitate SELinux policy analysis.
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
|
||||
%autosetup -p 1 -S git -n setools-%{gitver}
|
||||
|
||||
|
||||
%build
|
||||
@ -114,9 +115,11 @@ Python modules designed to facilitate SELinux policy analysis.
|
||||
%files
|
||||
|
||||
%files console
|
||||
%{_bindir}/sechecker
|
||||
%{_bindir}/sediff
|
||||
%{_bindir}/seinfo
|
||||
%{_bindir}/sesearch
|
||||
%{_mandir}/man1/sechecker*
|
||||
%{_mandir}/man1/sediff*
|
||||
%{_mandir}/man1/seinfo*
|
||||
%{_mandir}/man1/sesearch*
|
||||
@ -144,6 +147,12 @@ Python modules designed to facilitate SELinux policy analysis.
|
||||
%{_mandir}/ru/man1/apol*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
|
||||
- Update to 05e90ee
|
||||
- Add /usr/bin/sechecker
|
||||
- Adapt to new libsepol filename transition structures
|
||||
- Rebuild with libsepol.so.2
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a
|
||||
SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686
|
||||
|
Loading…
Reference in New Issue
Block a user