From 51eb0a7218b8c5edea9b9fe33a538787174a15d7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 21 Jan 2020 17:57:47 -0500 Subject: [PATCH] import setools-4.2.2-2.el8 --- .gitignore | 2 +- .setools.metadata | 2 +- ...eate-a-map-of-aliases-on-policy-load.patch | 479 ------------------ ...otFound-as-it-s-not-implemented-in-n.patch | 93 ++++ SPECS/setools.spec | 14 +- 5 files changed, 105 insertions(+), 485 deletions(-) delete mode 100644 SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch create mode 100644 SOURCES/1003-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch diff --git a/.gitignore b/.gitignore index 23becd3..c99180c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/4.2.1.tar.gz +SOURCES/4.2.2.tar.gz diff --git a/.setools.metadata b/.setools.metadata index 6f1ae89..d477efe 100644 --- a/.setools.metadata +++ b/.setools.metadata @@ -1 +1 @@ -560ffc50e09dcdaaeae7d7621569e70f0195c465 SOURCES/4.2.1.tar.gz +96da818e44293bac44d765453036b624ed573512 SOURCES/4.2.2.tar.gz diff --git a/SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch b/SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch deleted file mode 100644 index 04b6272..0000000 --- a/SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch +++ /dev/null @@ -1,479 +0,0 @@ -From 2fad2d1b1df43ea0d85e25e2ebad88ad02997d7c Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Mon, 29 Apr 2019 07:57:16 -0400 -Subject: [PATCH 1/3] SELinuxPolicy: Create a map of aliases on policy load. - -Addresses a performance regression after the alias fixes in #17. - -Closes #20 ---- - setools/policyrep/mls.pxi | 138 +--------------------------- - setools/policyrep/selinuxpolicy.pxi | 107 +++++++++++++++++---- - setools/policyrep/typeattr.pxi | 70 +------------- - 3 files changed, 95 insertions(+), 220 deletions(-) - -diff --git a/setools/policyrep/mls.pxi b/setools/policyrep/mls.pxi -index c40d032..30464b7 100644 ---- a/setools/policyrep/mls.pxi -+++ b/setools/policyrep/mls.pxi -@@ -1,5 +1,5 @@ - # Copyright 2014-2016, Tresys Technology, LLC --# Copyright 2017-2018, Chris PeBenito -+# Copyright 2017-2019, Chris PeBenito - # - # This file is part of SETools. - # -@@ -65,6 +65,7 @@ cdef class Category(PolicySymbol): - c.key = symbol - c.name = policy.category_value_to_name(symbol.s.value - 1) - c._value = symbol.s.value -+ c._aliases = policy.category_alias_map[symbol.s.value] - _cat_cache[policy][symbol] = c - return c - -@@ -75,14 +76,8 @@ cdef class Category(PolicySymbol): - # Comparison based on their index instead of their names. - return self._value < other._value - -- cdef inline void _load_aliases(self): -- """Helper method to load aliases.""" -- if self._aliases is None: -- self._aliases = list(self.policy.category_aliases(self)) -- - def aliases(self): - """Generator that yields all aliases for this category.""" -- self._load_aliases() - return iter(self._aliases) - - def statement(self): -@@ -90,7 +85,6 @@ cdef class Category(PolicySymbol): - str stmt - size_t count - -- self._load_aliases() - count = len(self._aliases) - - stmt = "category {0}".format(self.name) -@@ -127,6 +121,7 @@ cdef class Sensitivity(PolicySymbol): - s.key = symbol - s.name = policy.level_value_to_name(symbol.level.sens - 1) - s._value = symbol.level.sens -+ s._aliases = policy.sensitivity_alias_map[symbol.level.sens] - return s - - def __hash__(self): -@@ -144,14 +139,8 @@ cdef class Sensitivity(PolicySymbol): - def __lt__(self, other): - return self._value < other._value - -- cdef inline void _load_aliases(self): -- """Helper method to load aliases.""" -- if self._aliases is None: -- self._aliases = list(self.policy.sensitivity_aliases(self)) -- - def aliases(self): - """Generator that yields all aliases for this sensitivity.""" -- self._load_aliases() - return iter(self._aliases) - - def level_decl(self): -@@ -167,7 +156,6 @@ cdef class Sensitivity(PolicySymbol): - str stmt - size_t count - -- self._load_aliases() - count = len(self._aliases) - - stmt = "sensitivity {0}".format(self.name) -@@ -540,66 +528,6 @@ cdef class CategoryHashtabIterator(HashtabIterator): - datum = self.node.datum if self.node else NULL - - --cdef class CategoryAliasHashtabIterator(HashtabIterator): -- -- """Iterate over category aliases in the policy.""" -- -- cdef uint32_t primary -- -- @staticmethod -- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Category primary): -- """Factory function for creating category alias iterators.""" -- i = CategoryAliasHashtabIterator() -- i.policy = policy -- i.table = table -- i.primary = primary._value -- i.reset() -- return i -- -- def __next__(self): -- super().__next__() -- datum = self.curr.datum if self.curr else NULL -- -- while datum != NULL and (not datum.isalias or datum.s.value != self.primary): -- super().__next__() -- datum = self.curr.datum if self.curr else NULL -- -- return intern(self.curr.key) -- -- def __len__(self): -- cdef sepol.cat_datum_t *datum -- cdef sepol.hashtab_node_t *node -- cdef uint32_t bucket = 0 -- cdef size_t count = 0 -- -- while bucket < self.table[0].size: -- node = self.table[0].htable[bucket] -- while node != NULL: -- datum = node.datum if node else NULL -- if datum != NULL and self.primary == datum.s.value and datum.isalias: -- count += 1 -- -- node = node.next -- -- bucket += 1 -- -- return count -- -- def reset(self): -- super().reset() -- -- cdef sepol.cat_datum_t *datum = self.node.datum if self.node else NULL -- -- # advance over any attributes or aliases -- while datum != NULL and (not datum.isalias and self.primary != datum.s.value): -- self._next_node() -- -- if self.node == NULL or self.bucket >= self.table[0].size: -- break -- -- datum = self.node.datum if self.node else NULL -- -- - cdef class SensitivityHashtabIterator(HashtabIterator): - - """Iterate over sensitivity in the policy.""" -@@ -657,66 +585,6 @@ cdef class SensitivityHashtabIterator(HashtabIterator): - datum = self.node.datum if self.node else NULL - - --cdef class SensitivityAliasHashtabIterator(HashtabIterator): -- -- """Iterate over sensitivity aliases in the policy.""" -- -- cdef uint32_t primary -- -- @staticmethod -- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Sensitivity primary): -- """Factory function for creating Sensitivity alias iterators.""" -- i = SensitivityAliasHashtabIterator() -- i.policy = policy -- i.table = table -- i.primary = primary._value -- i.reset() -- return i -- -- def __next__(self): -- super().__next__() -- datum = self.curr.datum if self.curr else NULL -- -- while datum != NULL and (not datum.isalias or datum.level.sens != self.primary): -- super().__next__() -- datum = self.curr.datum if self.curr else NULL -- -- return intern(self.curr.key) -- -- def __len__(self): -- cdef sepol.level_datum_t *datum -- cdef sepol.hashtab_node_t *node -- cdef uint32_t bucket = 0 -- cdef size_t count = 0 -- -- while bucket < self.table[0].size: -- node = self.table[0].htable[bucket] -- while node != NULL: -- datum = node.datum if node else NULL -- if datum != NULL and self.primary == datum.level.sens and datum.isalias: -- count += 1 -- -- node = node.next -- -- bucket += 1 -- -- return count -- -- def reset(self): -- super().reset() -- -- cdef sepol.level_datum_t *datum = self.node.datum if self.node else NULL -- -- # advance over any attributes or aliases -- while datum != NULL and (not datum.isalias and self.primary != datum.level.sens): -- self._next_node() -- -- if self.node == NULL or self.bucket >= self.table[0].size: -- break -- -- datum = self.node.datum if self.node else NULL -- -- - cdef class LevelDeclHashtabIterator(HashtabIterator): - - """Iterate over level declarations in the policy.""" -diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi -index 1a3eb5c..1541549 100644 ---- a/setools/policyrep/selinuxpolicy.pxi -+++ b/setools/policyrep/selinuxpolicy.pxi -@@ -46,6 +46,9 @@ cdef class SELinuxPolicy: - object log - object constraint_counts - object terule_counts -+ dict type_alias_map -+ dict category_alias_map -+ dict sensitivity_alias_map - object __weakref__ - - # Public attributes: -@@ -598,12 +601,6 @@ cdef class SELinuxPolicy: - """Return the category datum for the specified category value.""" - return self.cat_val_to_struct[value] - -- cdef inline category_aliases(self, Category primary): -- """Return an interator for the aliases for the specified category.""" -- return CategoryAliasHashtabIterator.factory(self, -- &self.handle.p.symtab[sepol.SYM_CATS].table, -- primary) -- - cdef inline str category_value_to_name(self, size_t value): - """Return the name of the category by its value.""" - return intern(self.handle.p.sym_val_to_name[sepol.SYM_CATS][value]) -@@ -636,17 +633,6 @@ cdef class SELinuxPolicy: - """Return the name of the role by its value.""" - return intern(self.handle.p.sym_val_to_name[sepol.SYM_ROLES][value]) - -- cdef inline sensitivity_aliases(self, Sensitivity primary): -- """Return an interator for the aliases for the specified sensitivity.""" -- return SensitivityAliasHashtabIterator.factory(self, -- &self.handle.p.symtab[sepol.SYM_LEVELS].table, primary) -- -- cdef inline type_aliases(self, Type primary): -- """Return an iterator for the aliases for the specified type.""" -- return TypeAliasHashtabIterator.factory(self, -- &self.handle.p.symtab[sepol.SYM_TYPES].table, -- primary) -- - cdef inline sepol.type_datum_t* type_value_to_datum(self, size_t value): - """Return the type datum for the specified type value.""" - return self.handle.p.type_val_to_struct[value] -@@ -725,6 +711,15 @@ cdef class SELinuxPolicy: - if self.mls: - self._create_mls_val_to_struct() - -+ # -+ # Create value to alias mappings -+ # -+ self._load_type_aliases() -+ -+ if self.mls: -+ self._load_sensitivity_aliases() -+ self._load_category_aliases() -+ - self.log.info("Successfully opened SELinux policy \"{0}\"".format(filename)) - self.path = filename - -@@ -846,6 +841,84 @@ cdef class SELinuxPolicy: - - bucket += 1 - -+ cdef _load_category_aliases(self): -+ """Build map of aliases to categories""" -+ cdef: -+ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_CATS].table -+ sepol.cat_datum_t *datum -+ sepol.hashtab_node_t *node -+ uint32_t bucket = 0 -+ list entry -+ -+ self.category_alias_map = dict() -+ -+ while bucket < table[0].size: -+ node = table[0].htable[bucket] -+ while node != NULL: -+ datum = node.datum if node else NULL -+ if datum == NULL: -+ continue -+ -+ entry = self.category_alias_map.setdefault(datum.s.value, list()) -+ if datum.isalias: -+ entry.append(intern(node.key)) -+ -+ node = node.next -+ -+ bucket += 1 -+ -+ cdef _load_sensitivity_aliases(self): -+ """Build map of aliases to sensitivities""" -+ cdef: -+ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_LEVELS].table -+ sepol.level_datum_t *datum -+ sepol.hashtab_node_t *node -+ uint32_t bucket = 0 -+ list entry -+ -+ self.sensitivity_alias_map = dict() -+ -+ while bucket < table[0].size: -+ node = table[0].htable[bucket] -+ while node != NULL: -+ datum = node.datum if node else NULL -+ if datum == NULL: -+ continue -+ -+ entry = self.sensitivity_alias_map.setdefault(datum.level.sens, list()) -+ if datum.isalias: -+ entry.append(intern(node.key)) -+ -+ node = node.next -+ -+ bucket += 1 -+ -+ cdef _load_type_aliases(self): -+ """Build map of aliases to types""" -+ cdef: -+ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_TYPES].table -+ sepol.type_datum_t *datum -+ sepol.hashtab_node_t *node -+ uint32_t bucket = 0 -+ list entry -+ -+ self.type_alias_map = dict() -+ -+ while bucket < table[0].size: -+ node = table[0].htable[bucket] -+ while node != NULL: -+ datum = node.datum if node else NULL -+ if datum == NULL: -+ continue -+ -+ entry = self.type_alias_map.setdefault(datum.s.value, list()) -+ if type_is_alias(datum): -+ entry.append(intern(node.key)) -+ -+ node = node.next -+ -+ bucket += 1 -+ - cdef _rebuild_attrs_from_map(self): - """ - Rebuilds data for the attributes and inserts them into the policydb. -diff --git a/setools/policyrep/typeattr.pxi b/setools/policyrep/typeattr.pxi -index d989ca9..1d8901e 100644 ---- a/setools/policyrep/typeattr.pxi -+++ b/setools/policyrep/typeattr.pxi -@@ -1,5 +1,5 @@ - # Copyright 2014, Tresys Technology, LLC --# Copyright 2017-2018, Chris PeBenito -+# Copyright 2017-2019, Chris PeBenito - # - # This file is part of SETools. - # -@@ -86,13 +86,9 @@ cdef class Type(BaseType): - t.value = symbol.s.value - t.name = policy.type_value_to_name(symbol.s.value - 1) - t.ispermissive = symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE -+ t._aliases = policy.type_alias_map[symbol.s.value] - return t - -- cdef inline void _load_aliases(self): -- """Helper method to load aliases.""" -- if self._aliases is None: -- self._aliases = list(self.policy.type_aliases(self)) -- - cdef inline void _load_attributes(self): - """Helper method to load attributes.""" - cdef sepol.type_datum_t *symbol = self.key -@@ -110,7 +106,6 @@ cdef class Type(BaseType): - - def aliases(self): - """Generator that yields all aliases for this type.""" -- self._load_aliases() - return iter(self._aliases) - - def statement(self): -@@ -119,7 +114,6 @@ cdef class Type(BaseType): - str stmt - - self._load_attributes() -- self._load_aliases() - count = len(self._aliases) - - stmt = "type {0}".format(self.name) -@@ -297,66 +291,6 @@ cdef class TypeAttributeHashtabIterator(HashtabIterator): - self._next_node() - - --cdef class TypeAliasHashtabIterator(HashtabIterator): -- -- """Iterate over type aliases in the policy.""" -- -- cdef uint32_t primary -- -- @staticmethod -- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Type primary): -- """Factory function for creating type alias iterators.""" -- i = TypeAliasHashtabIterator() -- i.policy = policy -- i.table = table -- i.primary = primary.value -- i.reset() -- return i -- -- def __next__(self): -- super().__next__() -- datum = self.curr.datum if self.curr else NULL -- -- while datum != NULL and (not type_is_alias(datum) or datum.s.value != self.primary): -- super().__next__() -- datum = self.curr.datum if self.curr else NULL -- -- return intern(self.curr.key) -- -- def __len__(self): -- cdef sepol.type_datum_t *datum -- cdef sepol.hashtab_node_t *node -- cdef uint32_t bucket = 0 -- cdef size_t count = 0 -- -- while bucket < self.table[0].size: -- node = self.table[0].htable[bucket] -- while node != NULL: -- datum = node.datum if node else NULL -- if datum != NULL and self.primary == datum.s.value and type_is_alias(datum): -- count += 1 -- -- node = node.next -- -- bucket += 1 -- -- return count -- -- def reset(self): -- super().reset() -- -- cdef sepol.type_datum_t *datum = self.node.datum if self.node else NULL -- -- # advance over any attributes or aliases -- while datum != NULL and (not type_is_alias(datum) and self.primary != datum.s.value): -- self._next_node() -- -- if self.node == NULL or self.bucket >= self.table[0].size: -- break -- -- datum = self.node.datum if self.node else NULL -- -- - # - # Ebitmap Iterator Classes - # --- -2.17.2 - diff --git a/SOURCES/1003-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch b/SOURCES/1003-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch new file mode 100644 index 0000000..741c5a7 --- /dev/null +++ b/SOURCES/1003-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch @@ -0,0 +1,93 @@ +From acfb532e781d600271e5ab1ebc5d9d6d6ea3a7f8 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 30 Jul 2019 17:13:44 +0200 +Subject: [PATCH] Do not use NoteNotFound as it's not implemented in networkx-1 + +--- + setools/dta.py | 8 ++++---- + setools/infoflow.py | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/setools/dta.py b/setools/dta.py +index 3239d2d..e15d8b8 100644 +--- a/setools/dta.py ++++ b/setools/dta.py +@@ -24,7 +24,7 @@ from collections import defaultdict, namedtuple + from contextlib import suppress + + import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++from networkx.exception import NetworkXError, NetworkXNoPath + + from .descriptors import EdgeAttrDict, EdgeAttrList + from .policyrep import TERuletype +@@ -111,7 +111,7 @@ class DomainTransitionAnalysis: + + self.log.info("Generating one domain transition path from {0} to {1}...".format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. excluded + # NetworkXNoPath: no paths or the target type is + # not in the graph +@@ -146,7 +146,7 @@ class DomainTransitionAnalysis: + self.log.info("Generating all domain transition paths from {0} to {1}, max length {2}...". + format(s, t, maxlen)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. excluded + # NetworkXNoPath: no paths or the target type is + # not in the graph +@@ -177,7 +177,7 @@ class DomainTransitionAnalysis: + self.log.info("Generating all shortest domain transition paths from {0} to {1}...". + format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. excluded + # NetworkXNoPath: no paths or the target type is + # not in the graph +diff --git a/setools/infoflow.py b/setools/infoflow.py +index 1b88efa..4fbe682 100644 +--- a/setools/infoflow.py ++++ b/setools/infoflow.py +@@ -21,7 +21,7 @@ import logging + from contextlib import suppress + + import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++from networkx.exception import NetworkXError, NetworkXNoPath + + from .descriptors import EdgeAttrIntMax, EdgeAttrList + from .policyrep import TERuletype +@@ -118,7 +118,7 @@ class InfoFlowAnalysis: + self.log.info("Generating one shortest information flow path from {0} to {1}...". + format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. + # excluded or disconnected due to min weight + # NetworkXNoPath: no paths or the target type is +@@ -157,7 +157,7 @@ class InfoFlowAnalysis: + self.log.info("Generating all information flow paths from {0} to {1}, max length {2}...". + format(s, t, maxlen)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. + # excluded or disconnected due to min weight + # NetworkXNoPath: no paths or the target type is +@@ -191,7 +191,7 @@ class InfoFlowAnalysis: + self.log.info("Generating all shortest information flow paths from {0} to {1}...". + format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. + # excluded or disconnected due to min weight + # NetworkXNoPath: no paths or the target type is +-- +2.22.0 + diff --git a/SPECS/setools.spec b/SPECS/setools.spec index e19f1e5..09026c0 100644 --- a/SPECS/setools.spec +++ b/SPECS/setools.spec @@ -4,11 +4,11 @@ %global sepol_ver 2.9-1 %global selinux_ver 2.9-1 -%bcond_with networkx +%bcond_without networkx Name: setools -Version: 4.2.1 -Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.2.2 +Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -16,9 +16,9 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +Patch1003: 1003-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -163,6 +163,12 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ %endif %changelog +* Sat Nov 30 2019 Petr Lautrbach - 4.2.2-2 +- Build setools-console-analyses and setools-gui (#1731519) + +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1 +- SETools 4.2.2 release + * Mon May 13 2019 Vit Mojzis - 4.2.1-3 - Use %set_build_flags instead of %optflags