import setools-4.3.0-2.el8

2021-03-30 07:09:06 -04:00 · 2021-03-30 07:09:06 -04:00 · 52d3658759
commit 52d3658759
parent b6113583a7
2 changed files with 99 additions and 1 deletions
--- a/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch
+++ b/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch
@ -0,0 +1,94 @@
+From 97bd46865e12246c00517d1e07aabca530a305ac Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 17 Jun 2020 13:34:19 +0200
+Subject: [PATCH] Support old boolean names in policy queries
+
+Translate old boolean names based on /etc/selinux/*/booleans.subs_dist
+file. The translation is only attempted when "policy" was not specified
+to avoid influencing queries of policies from other systems.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ seinfo                        |  6 +++++-
+ sesearch                      |  7 ++++++-
+ setools/policyrep/selinux.pxd |  1 +
+ setools/policyrep/util.pxi    | 22 ++++++++++++++++++++++
+ 4 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/seinfo b/seinfo
+index d2caf7c..bc33e12 100755
+--- a/seinfo
+++ b/seinfo
+@@ -125,7 +125,11 @@ try:
+     if args.boolquery or args.all:
+         q = setools.BoolQuery(p)
+         if isinstance(args.boolquery, str):
+-            q.name = args.boolquery
+            if args.policy:
+                q.name = args.boolquery
+            else:
+                # try to find substitutions for old boolean names
+                q.name = setools.policyrep.lookup_boolean_name_sub(args.boolquery)
+ 
+         components.append(("Booleans", q, lambda x: x.statement()))
+ 
+diff --git a/sesearch b/sesearch
+index c4b1d38..733f3d3 100755
+--- a/sesearch
+++ b/sesearch
+@@ -189,7 +189,12 @@ try:
+             if args.boolean_regex:
+                 q.boolean = args.boolean
+             else:
+-                q.boolean = args.boolean.split(",")
+                if args.policy:
+                    q.boolean = args.boolean.split(",")
+                else:
+                    # try to find substitutions for old boolean names
+                    q.boolean = map(setools.policyrep.lookup_boolean_name_sub,
+                                    args.boolean.split(","))
+ 
+         for r in sorted(q.results()):
+             print(r)
+diff --git a/setools/policyrep/selinux.pxd b/setools/policyrep/selinux.pxd
+index a2e8af0..1686831 100644
+--- a/setools/policyrep/selinux.pxd
+++ b/setools/policyrep/selinux.pxd
+@@ -24,3 +24,4 @@ cdef extern from "<selinux/selinux.h>":
+     bint selinuxfs_exists()
+     const char* selinux_current_policy_path()
+     const char* selinux_binary_policy_path()
+    char* selinux_boolean_sub(const char *boolean_name);
+diff --git a/setools/policyrep/util.pxi b/setools/policyrep/util.pxi
+index 40f21a7..abc7be8 100644
+--- a/setools/policyrep/util.pxi
+++ b/setools/policyrep/util.pxi
+@@ -230,3 +230,25 @@ cdef flatten_list(input_list):
+             ret.append(i)
+ 
+     return ret
+
+
+def lookup_boolean_name_sub(name):
+    """
+    Read the /etc/selinux/TYPE/booleans.subs_dist file looking
+    for a record with 'name'.
+    Return the translated name if a corresponding substitution exists,
+    otherwise return the original name.
+    """
+    cdef:
+        char *_name = selinux.selinux_boolean_sub(name)
+        str new_name = name
+
+    if _name == NULL:
+        raise MemoryError
+    # cast "char *" to "str" and free
+    try:
+        new_name = _name
+    finally:
+        free(_name)
+
+    return new_name
+-- 
+2.25.4
+
--- a/SPECS/setools.spec
+++ b/SPECS/setools.spec
@ -8,7 +8,7 @@

 Name:           setools
 Version:        4.3.0
-Release:        1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Release:        2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
 Summary:        Policy analysis tools for SELinux

 License:        GPLv2
@ -16,6 +16,7 @@ URL:            https://github.com/SELinuxProject/setools/wiki
 Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
+Patch0001:      0001-Support-old-boolean-names-in-policy-queries.patch
 Patch1001:      1001-Do-not-use-Werror-during-build.patch
 Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
 Patch1003:      1003-Require-networkx-on-package-level.patch
@ -174,6 +175,9 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \
 %endif

 %changelog
+* Tue Jun 30 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-2
+- Support old boolean names in policy queries (#1595572, #1581848)
+
 * Fri Apr 03 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-1
 - SETools 4.3.0 release (#1820079)
 - Revised sediff method for TE rules. This drastically reduced memory and run time.