diff --git a/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch b/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch new file mode 100644 index 0000000..0f40902 --- /dev/null +++ b/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch @@ -0,0 +1,94 @@ +From 97bd46865e12246c00517d1e07aabca530a305ac Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 17 Jun 2020 13:34:19 +0200 +Subject: [PATCH] Support old boolean names in policy queries + +Translate old boolean names based on /etc/selinux/*/booleans.subs_dist +file. The translation is only attempted when "policy" was not specified +to avoid influencing queries of policies from other systems. + +Signed-off-by: Vit Mojzis +--- + seinfo | 6 +++++- + sesearch | 7 ++++++- + setools/policyrep/selinux.pxd | 1 + + setools/policyrep/util.pxi | 22 ++++++++++++++++++++++ + 4 files changed, 34 insertions(+), 2 deletions(-) + +diff --git a/seinfo b/seinfo +index d2caf7c..bc33e12 100755 +--- a/seinfo ++++ b/seinfo +@@ -125,7 +125,11 @@ try: + if args.boolquery or args.all: + q = setools.BoolQuery(p) + if isinstance(args.boolquery, str): +- q.name = args.boolquery ++ if args.policy: ++ q.name = args.boolquery ++ else: ++ # try to find substitutions for old boolean names ++ q.name = setools.policyrep.lookup_boolean_name_sub(args.boolquery) + + components.append(("Booleans", q, lambda x: x.statement())) + +diff --git a/sesearch b/sesearch +index c4b1d38..733f3d3 100755 +--- a/sesearch ++++ b/sesearch +@@ -189,7 +189,12 @@ try: + if args.boolean_regex: + q.boolean = args.boolean + else: +- q.boolean = args.boolean.split(",") ++ if args.policy: ++ q.boolean = args.boolean.split(",") ++ else: ++ # try to find substitutions for old boolean names ++ q.boolean = map(setools.policyrep.lookup_boolean_name_sub, ++ args.boolean.split(",")) + + for r in sorted(q.results()): + print(r) +diff --git a/setools/policyrep/selinux.pxd b/setools/policyrep/selinux.pxd +index a2e8af0..1686831 100644 +--- a/setools/policyrep/selinux.pxd ++++ b/setools/policyrep/selinux.pxd +@@ -24,3 +24,4 @@ cdef extern from "": + bint selinuxfs_exists() + const char* selinux_current_policy_path() + const char* selinux_binary_policy_path() ++ char* selinux_boolean_sub(const char *boolean_name); +diff --git a/setools/policyrep/util.pxi b/setools/policyrep/util.pxi +index 40f21a7..abc7be8 100644 +--- a/setools/policyrep/util.pxi ++++ b/setools/policyrep/util.pxi +@@ -230,3 +230,25 @@ cdef flatten_list(input_list): + ret.append(i) + + return ret ++ ++ ++def lookup_boolean_name_sub(name): ++ """ ++ Read the /etc/selinux/TYPE/booleans.subs_dist file looking ++ for a record with 'name'. ++ Return the translated name if a corresponding substitution exists, ++ otherwise return the original name. ++ """ ++ cdef: ++ char *_name = selinux.selinux_boolean_sub(name) ++ str new_name = name ++ ++ if _name == NULL: ++ raise MemoryError ++ # cast "char *" to "str" and free ++ try: ++ new_name = _name ++ finally: ++ free(_name) ++ ++ return new_name +-- +2.25.4 + diff --git a/SPECS/setools.spec b/SPECS/setools.spec index d46caf1..57a83ac 100644 --- a/SPECS/setools.spec +++ b/SPECS/setools.spec @@ -8,7 +8,7 @@ Name: setools Version: 4.3.0 -Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -16,6 +16,7 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source1: setools.pam Source2: apol.desktop +Patch0001: 0001-Support-old-boolean-names-in-policy-queries.patch Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch @@ -174,6 +175,9 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ %endif %changelog +* Tue Jun 30 2020 Vit Mojzis - 4.3.0-2 +- Support old boolean names in policy queries (#1595572, #1581848) + * Fri Apr 03 2020 Vit Mojzis - 4.3.0-1 - SETools 4.3.0 release (#1820079) - Revised sediff method for TE rules. This drastically reduced memory and run time.