rpms/setools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import setools-4.3.0-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-03-30 07:09:06 -04:00 committed by Stepan Oksanichenko
parent b6113583a7
commit 52d3658759
2 changed files with 99 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch Normal file
View File

@ -0,0 +1,94 @@
From 97bd46865e12246c00517d1e07aabca530a305ac Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 17 Jun 2020 13:34:19 +0200
Subject: [PATCH] Support old boolean names in policy queries
Translate old boolean names based on /etc/selinux/*/booleans.subs_dist
file. The translation is only attempted when "policy" was not specified
to avoid influencing queries of policies from other systems.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
seinfo | 6 +++++-
sesearch | 7 ++++++-
setools/policyrep/selinux.pxd | 1 +
setools/policyrep/util.pxi | 22 ++++++++++++++++++++++
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/seinfo b/seinfo
index d2caf7c..bc33e12 100755
--- a/seinfo
+++ b/seinfo
@@ -125,7 +125,11 @@ try:
if args.boolquery or args.all:
q = setools.BoolQuery(p)
if isinstance(args.boolquery, str):
- q.name = args.boolquery
+ if args.policy:
+ q.name = args.boolquery
+ else:
+ # try to find substitutions for old boolean names
+ q.name = setools.policyrep.lookup_boolean_name_sub(args.boolquery)
components.append(("Booleans", q, lambda x: x.statement()))
diff --git a/sesearch b/sesearch
index c4b1d38..733f3d3 100755
--- a/sesearch
+++ b/sesearch
@@ -189,7 +189,12 @@ try:
if args.boolean_regex:
q.boolean = args.boolean
else:
- q.boolean = args.boolean.split(",")
+ if args.policy:
+ q.boolean = args.boolean.split(",")
+ else:
+ # try to find substitutions for old boolean names
+ q.boolean = map(setools.policyrep.lookup_boolean_name_sub,
+ args.boolean.split(","))
for r in sorted(q.results()):
print(r)
diff --git a/setools/policyrep/selinux.pxd b/setools/policyrep/selinux.pxd
index a2e8af0..1686831 100644
--- a/setools/policyrep/selinux.pxd
+++ b/setools/policyrep/selinux.pxd
@@ -24,3 +24,4 @@ cdef extern from "<selinux/selinux.h>":
bint selinuxfs_exists()
const char* selinux_current_policy_path()
const char* selinux_binary_policy_path()
+ char* selinux_boolean_sub(const char *boolean_name);
diff --git a/setools/policyrep/util.pxi b/setools/policyrep/util.pxi
index 40f21a7..abc7be8 100644
--- a/setools/policyrep/util.pxi
+++ b/setools/policyrep/util.pxi
@@ -230,3 +230,25 @@ cdef flatten_list(input_list):
ret.append(i)
return ret
+
+
+def lookup_boolean_name_sub(name):
+ """
+ Read the /etc/selinux/TYPE/booleans.subs_dist file looking
+ for a record with 'name'.
+ Return the translated name if a corresponding substitution exists,
+ otherwise return the original name.
+ """
+ cdef:
+ char *_name = selinux.selinux_boolean_sub(name)
+ str new_name = name
+
+ if _name == NULL:
+ raise MemoryError
+ # cast "char *" to "str" and free
+ try:
+ new_name = _name
+ finally:
+ free(_name)
+
+ return new_name
--
2.25.4

6
SPECS/setools.spec
View File

@ -8,7 +8,7 @@
Name: setools Name: setools
Version: 4.3.0 Version: 4.3.0
Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
Summary: Policy analysis tools for SELinux Summary: Policy analysis tools for SELinux
License: GPLv2 License: GPLv2
@ -16,6 +16,7 @@ URL: https://github.com/SELinuxProject/setools/wiki
Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
Source1: setools.pam Source1: setools.pam
Source2: apol.desktop Source2: apol.desktop
Patch0001: 0001-Support-old-boolean-names-in-policy-queries.patch
Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1001: 1001-Do-not-use-Werror-during-build.patch
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Patch1003: 1003-Require-networkx-on-package-level.patch Patch1003: 1003-Require-networkx-on-package-level.patch
@ -174,6 +175,9 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \
%endif %endif
%changelog %changelog
* Tue Jun 30 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-2
- Support old boolean names in policy queries (#1595572, #1581848)
* Fri Apr 03 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-1 * Fri Apr 03 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-1
- SETools 4.3.0 release (#1820079) - SETools 4.3.0 release (#1820079)
- Revised sediff method for TE rules. This drastically reduced memory and run time. - Revised sediff method for TE rules. This drastically reduced memory and run time.