diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b368f8b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/4.3.0.tar.gz diff --git a/0001-Support-old-boolean-names-in-policy-queries.patch b/0001-Support-old-boolean-names-in-policy-queries.patch new file mode 100644 index 0000000..0f40902 --- /dev/null +++ b/0001-Support-old-boolean-names-in-policy-queries.patch @@ -0,0 +1,94 @@ +From 97bd46865e12246c00517d1e07aabca530a305ac Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 17 Jun 2020 13:34:19 +0200 +Subject: [PATCH] Support old boolean names in policy queries + +Translate old boolean names based on /etc/selinux/*/booleans.subs_dist +file. The translation is only attempted when "policy" was not specified +to avoid influencing queries of policies from other systems. + +Signed-off-by: Vit Mojzis +--- + seinfo | 6 +++++- + sesearch | 7 ++++++- + setools/policyrep/selinux.pxd | 1 + + setools/policyrep/util.pxi | 22 ++++++++++++++++++++++ + 4 files changed, 34 insertions(+), 2 deletions(-) + +diff --git a/seinfo b/seinfo +index d2caf7c..bc33e12 100755 +--- a/seinfo ++++ b/seinfo +@@ -125,7 +125,11 @@ try: + if args.boolquery or args.all: + q = setools.BoolQuery(p) + if isinstance(args.boolquery, str): +- q.name = args.boolquery ++ if args.policy: ++ q.name = args.boolquery ++ else: ++ # try to find substitutions for old boolean names ++ q.name = setools.policyrep.lookup_boolean_name_sub(args.boolquery) + + components.append(("Booleans", q, lambda x: x.statement())) + +diff --git a/sesearch b/sesearch +index c4b1d38..733f3d3 100755 +--- a/sesearch ++++ b/sesearch +@@ -189,7 +189,12 @@ try: + if args.boolean_regex: + q.boolean = args.boolean + else: +- q.boolean = args.boolean.split(",") ++ if args.policy: ++ q.boolean = args.boolean.split(",") ++ else: ++ # try to find substitutions for old boolean names ++ q.boolean = map(setools.policyrep.lookup_boolean_name_sub, ++ args.boolean.split(",")) + + for r in sorted(q.results()): + print(r) +diff --git a/setools/policyrep/selinux.pxd b/setools/policyrep/selinux.pxd +index a2e8af0..1686831 100644 +--- a/setools/policyrep/selinux.pxd ++++ b/setools/policyrep/selinux.pxd +@@ -24,3 +24,4 @@ cdef extern from "": + bint selinuxfs_exists() + const char* selinux_current_policy_path() + const char* selinux_binary_policy_path() ++ char* selinux_boolean_sub(const char *boolean_name); +diff --git a/setools/policyrep/util.pxi b/setools/policyrep/util.pxi +index 40f21a7..abc7be8 100644 +--- a/setools/policyrep/util.pxi ++++ b/setools/policyrep/util.pxi +@@ -230,3 +230,25 @@ cdef flatten_list(input_list): + ret.append(i) + + return ret ++ ++ ++def lookup_boolean_name_sub(name): ++ """ ++ Read the /etc/selinux/TYPE/booleans.subs_dist file looking ++ for a record with 'name'. ++ Return the translated name if a corresponding substitution exists, ++ otherwise return the original name. ++ """ ++ cdef: ++ char *_name = selinux.selinux_boolean_sub(name) ++ str new_name = name ++ ++ if _name == NULL: ++ raise MemoryError ++ # cast "char *" to "str" and free ++ try: ++ new_name = _name ++ finally: ++ free(_name) ++ ++ return new_name +-- +2.25.4 + diff --git a/0002-Make-seinfo-output-predictable.patch b/0002-Make-seinfo-output-predictable.patch new file mode 100644 index 0000000..d21a16e --- /dev/null +++ b/0002-Make-seinfo-output-predictable.patch @@ -0,0 +1,90 @@ +From 4e6f6c95cfe7ca4a3a9d9e0dbd6e23e4bac2449c Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 18 Nov 2021 13:59:08 +0100 +Subject: [PATCH] Make seinfo output predictable + +There are few places where frozenset is used. Given that frozenset is an unordered +collection the output generated from this is unpredictable. + +The following command outputs are fixed using sorted() on frozensets: + + seinfo --constrain + seinfo --common + seinfo -c -x + seinfo -r -x + seinfo -u -x + +Fixes: https://github.com/SELinuxProject/setools/issues/65 + +Signed-off-by: Petr Lautrbach +--- + setools/policyrep/constraint.pxi | 2 +- + setools/policyrep/objclass.pxi | 4 ++-- + setools/policyrep/role.pxi | 2 +- + setools/policyrep/user.pxi | 2 +- + 4 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi +index d5221a1..77c3e2e 100644 +--- a/setools/policyrep/constraint.pxi ++++ b/setools/policyrep/constraint.pxi +@@ -66,7 +66,7 @@ cdef class Constraint(BaseConstraint): + + def statement(self): + if len(self.perms) > 1: +- perms = "{{ {0} }}".format(' '.join(self.perms)) ++ perms = "{{ {0} }}".format(' '.join(sorted(self.perms))) + else: + # convert to list since sets cannot be indexed + perms = list(self.perms)[0] +diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi +index b7ec7b7..8ed2be5 100644 +--- a/setools/policyrep/objclass.pxi ++++ b/setools/policyrep/objclass.pxi +@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol): + return other in self.perms + + def statement(self): +- return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms)) ++ return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms))) + + + cdef class ObjClass(PolicySymbol): +@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol): + + # a class that inherits may not have additional permissions + if len(self.perms) > 0: +- stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms)) ++ stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms))) + + return stmt + +diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi +index 9a0dd39..3af8a3f 100644 +--- a/setools/policyrep/role.pxi ++++ b/setools/policyrep/role.pxi +@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol): + if count == 1: + stmt += " types {0}".format(types[0]) + else: +- stmt += " types {{ {0} }}".format(' '.join(types)) ++ stmt += " types {{ {0} }}".format(' '.join(sorted(types))) + + stmt += ";" + return stmt +diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi +index 9c82aa9..e37af29 100644 +--- a/setools/policyrep/user.pxi ++++ b/setools/policyrep/user.pxi +@@ -81,7 +81,7 @@ cdef class User(PolicySymbol): + if count == 1: + stmt += roles[0] + else: +- stmt += "{{ {0} }}".format(' '.join(roles)) ++ stmt += "{{ {0} }}".format(' '.join(sorted(roles))) + + if self._level: + stmt += " level {0.mls_level} range {0.mls_range};".format(self) +-- +2.30.2 + diff --git a/1001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch new file mode 100644 index 0000000..7bbc37b --- /dev/null +++ b/1001-Do-not-use-Werror-during-build.patch @@ -0,0 +1,49 @@ +From 8d98b324fabcad6b09f9c734f79e6da9f9e85786 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 23 Feb 2017 08:17:07 +0100 +Subject: [PATCH] Do not use -Werror during build +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There are new warnings when setools are built with gcc 7 therefore we +want to suppress -Werror for now + +Fixes: +libqpol/policy_extend.c: In function ‘policy_extend’: +libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] + snprintf(buff, 9, "@ttr%04zd", i + 1); + ^~~~~ +libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] + snprintf(buff, 9, "@ttr%04zd", i + 1); + ^~~~~~~~~~~ +In file included from /usr/include/stdio.h:939:0, + from /usr/include/sepol/policydb/policydb.h:53, + from libqpol/policy_extend.c:29: +/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 + return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + __bos (__s), __fmt, __va_arg_pack ()); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors +error: command 'gcc' failed with exit status 1 +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 457c830..4dcb301 100644 +--- a/setup.py ++++ b/setup.py +@@ -106,7 +106,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], + libraries=['selinux', 'sepol'], + library_dirs=lib_dirs, + define_macros=macros, +- extra_compile_args=['-Werror', '-Wextra', ++ extra_compile_args=['-Wextra', + '-Waggregate-return', + '-Wfloat-equal', + '-Wformat', '-Wformat=2', +-- +2.25.1 + diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch new file mode 100644 index 0000000..f9d9b6c --- /dev/null +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -0,0 +1,139 @@ +From 52f5f911c4ae481530a57b6a0dd42067406a9d36 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 26 Apr 2019 15:27:25 +0200 +Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and + setools.DomainTransitionAnalysis + +dta and infoflow modules require networkx which brings lot of dependencies. +These dependencies are not necessary for setools module itself as it's +used in policycoreutils. + +Therefore it's better to use setools.infoflow.InfoFlowAnalysis and +setools.dta.DomainTransitionAnalysis and let the package containing +sedta and seinfoflow to require python3-networkx +--- + sedta | 4 ++-- + seinfoflow | 4 ++-- + setools/__init__.py | 4 ---- + setoolsgui/apol/dta.py | 2 +- + setoolsgui/apol/infoflow.py | 2 +- + tests/dta.py | 2 +- + tests/infoflow.py | 2 +- + 7 files changed, 8 insertions(+), 12 deletions(-) + +diff --git a/sedta b/sedta +index 60861ca..41e38a2 100755 +--- a/sedta ++++ b/sedta +@@ -22,7 +22,7 @@ import argparse + import logging + import signal + +-import setools ++import setools.dta + + + def print_transition(trans): +@@ -114,7 +114,7 @@ else: + + try: + p = setools.SELinuxPolicy(args.policy) +- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) ++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) + + if args.shortest_path or args.all_paths: + if args.shortest_path: +diff --git a/seinfoflow b/seinfoflow +index f10c39d..fee749a 100755 +--- a/seinfoflow ++++ b/seinfoflow +@@ -17,7 +17,7 @@ + # along with SETools. If not, see . + # + +-import setools ++import setools.infoflow + import argparse + import sys + import logging +@@ -101,7 +101,7 @@ elif args.booleans is not None: + try: + p = setools.SELinuxPolicy(args.policy) + m = setools.PermissionMap(args.map) +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, + booleans=booleans) + + if args.shortest_path or args.all_paths: +diff --git a/setools/__init__.py b/setools/__init__.py +index 26fa5aa..b7e51c4 100644 +--- a/setools/__init__.py ++++ b/setools/__init__.py +@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery + from .devicetreeconquery import DevicetreeconQuery + + # Information Flow Analysis +-from .infoflow import InfoFlowAnalysis + from .permmap import PermissionMap + +-# Domain Transition Analysis +-from .dta import DomainTransitionAnalysis +- + # Policy difference + from .diff import PolicyDifference + +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py +index 4608b9d..2cde44c 100644 +--- a/setoolsgui/apol/dta.py ++++ b/setoolsgui/apol/dta.py +@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + + from ..logtosignal import LogHandlerToSignal + from .analysistab import AnalysisTab +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py +index 7bca299..7fee277 100644 +--- a/setoolsgui/apol/infoflow.py ++++ b/setoolsgui/apol/infoflow.py +@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools.exception import UnmappedClass, UnmappedPermission + + from ..logtosignal import LogHandlerToSignal +diff --git a/tests/dta.py b/tests/dta.py +index a0cc938..177e6fb 100644 +--- a/tests/dta.py ++++ b/tests/dta.py +@@ -18,7 +18,7 @@ + import os + import unittest + +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + from setools import TERuletype as TERT + from setools.exception import InvalidType + from setools.policyrep import Type +diff --git a/tests/infoflow.py b/tests/infoflow.py +index aa0e44a..fca2848 100644 +--- a/tests/infoflow.py ++++ b/tests/infoflow.py +@@ -18,7 +18,7 @@ + import os + import unittest + +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools import TERuletype as TERT + from setools.exception import InvalidType + from setools.permmap import PermissionMap +-- +2.25.1 + diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch new file mode 100644 index 0000000..809aca9 --- /dev/null +++ b/1003-Require-networkx-on-package-level.patch @@ -0,0 +1,24 @@ +From 67067b6df7139cc38cf33d3cb2c66434cf4e89e4 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 2 Apr 2020 16:06:14 +0200 +Subject: [PATCH] Require networkx on package level + +It allows us to ship python3-setools without dependency on python3-networkx +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 4dcb301..9333e0c 100644 +--- a/setup.py ++++ b/setup.py +@@ -170,5 +170,5 @@ setup(name='setools', + # setup also requires libsepol and libselinux + # C libraries and headers to compile. + setup_requires=['setuptools', 'Cython>=0.27'], +- install_requires=['setuptools', 'networkx>=2.0'] ++ install_requires=['setuptools'] + ) +-- +2.25.1 + diff --git a/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch b/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch new file mode 100644 index 0000000..d70b541 --- /dev/null +++ b/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch @@ -0,0 +1,93 @@ +From d249ea3316fcfaa203055d2b1f2c52423216e7e7 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 30 Jul 2019 17:13:44 +0200 +Subject: [PATCH] Do not use NoteNotFound as it's not implemented in networkx-1 + +--- + setools/dta.py | 8 ++++---- + setools/infoflow.py | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/setools/dta.py b/setools/dta.py +index 3239d2d..e15d8b8 100644 +--- a/setools/dta.py ++++ b/setools/dta.py +@@ -24,7 +24,7 @@ from collections import defaultdict, namedtuple + from contextlib import suppress + + import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++from networkx.exception import NetworkXError, NetworkXNoPath + + from .descriptors import EdgeAttrDict, EdgeAttrList + from .policyrep import TERuletype +@@ -111,7 +111,7 @@ class DomainTransitionAnalysis: + + self.log.info("Generating one domain transition path from {0} to {1}...".format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. excluded + # NetworkXNoPath: no paths or the target type is + # not in the graph +@@ -146,7 +146,7 @@ class DomainTransitionAnalysis: + self.log.info("Generating all domain transition paths from {0} to {1}, max length {2}...". + format(s, t, maxlen)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. excluded + # NetworkXNoPath: no paths or the target type is + # not in the graph +@@ -177,7 +177,7 @@ class DomainTransitionAnalysis: + self.log.info("Generating all shortest domain transition paths from {0} to {1}...". + format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. excluded + # NetworkXNoPath: no paths or the target type is + # not in the graph +diff --git a/setools/infoflow.py b/setools/infoflow.py +index 579e064..89e5c8e 100644 +--- a/setools/infoflow.py ++++ b/setools/infoflow.py +@@ -21,7 +21,7 @@ import logging + from contextlib import suppress + + import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++from networkx.exception import NetworkXError, NetworkXNoPath + + from .descriptors import EdgeAttrIntMax, EdgeAttrList + from .exception import RuleNotConditional +@@ -124,7 +124,7 @@ class InfoFlowAnalysis: + self.log.info("Generating one shortest information flow path from {0} to {1}...". + format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. + # excluded or disconnected due to min weight + # NetworkXNoPath: no paths or the target type is +@@ -163,7 +163,7 @@ class InfoFlowAnalysis: + self.log.info("Generating all information flow paths from {0} to {1}, max length {2}...". + format(s, t, maxlen)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. + # excluded or disconnected due to min weight + # NetworkXNoPath: no paths or the target type is +@@ -197,7 +197,7 @@ class InfoFlowAnalysis: + self.log.info("Generating all shortest information flow paths from {0} to {1}...". + format(s, t)) + +- with suppress(NetworkXNoPath, NodeNotFound): ++ with suppress(NetworkXNoPath): + # NodeNotFound: the type is valid but not in graph, e.g. + # excluded or disconnected due to min weight + # NetworkXNoPath: no paths or the target type is +-- +2.25.1 + diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/apol.desktop b/apol.desktop new file mode 100644 index 0000000..727733a --- /dev/null +++ b/apol.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=SELinux Policy Analysis +GenericName=SELinux Policy Analysis Tool +Comment=This tool can examine, search, and relate policy components and policy rules +Icon=apol +Exec=/usr/bin/apol +Type=Application +Terminal=false +Categories=System; +X-Desktop-File-Install-Version=0.2 +StartupNotify=true diff --git a/setools.pam b/setools.pam new file mode 100644 index 0000000..c7d67e3 --- /dev/null +++ b/setools.pam @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include config-util +account include config-util +session include config-util diff --git a/setools.spec b/setools.spec new file mode 100644 index 0000000..89f55a8 --- /dev/null +++ b/setools.spec @@ -0,0 +1,275 @@ +# % global setools_pre_ver rc +# % global gitver f1e5b20 + +%global sepol_ver 2.9-1 +%global selinux_ver 2.9-1 + +%bcond_without networkx + +Name: setools +Version: 4.3.0 +Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Summary: Policy analysis tools for SELinux + +License: GPLv2 +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +Source1: setools.pam +Source2: apol.desktop +Patch0001: 0001-Support-old-boolean-names-in-policy-queries.patch +Patch0002: 0002-Make-seinfo-output-predictable.patch +Patch1001: 1001-Do-not-use-Werror-during-build.patch +Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +Patch1003: 1003-Require-networkx-on-package-level.patch +Patch1004: 1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch + +Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 +BuildRequires: flex, bison +BuildRequires: glibc-devel, gcc, git +BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} +BuildRequires: qt5-qtbase-devel +BuildRequires: swig +BuildRequires: python3-Cython +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: libselinux-devel + +# BuildArch: +Requires: %{name}-console = %{version}-%{release} +%if %{with networkx} +Requires: %{name}-console-analyses = %{version}-%{release} +Requires: %{name}-gui = %{version}-%{release} +%endif + +%description +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. + +%package console +Summary: Policy analysis command-line tools for SELinux +License: GPLv2 +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} + +%description console +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sediff Compare two policies to find differences. + seinfo List policy components. + sesearch Search rules (allow, type_transition, etc.) + + +%if %{with networkx} +%package console-analyses +Summary: Policy analysis command-line tools for SELinux +License: GPLv2 +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} +Requires: python3-networkx + +%description console-analyses +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sedta Perform domain transition analyses. + seinfoflow Perform information flow analyses. +%endif + + +%package -n python3-setools +Summary: Policy analysis tools for SELinux +Obsoletes: setools-libs < 4.0.0, setools-libs-tcl +Recommends: libselinux-python3 +# Remove before F30 +Provides: %{name}-python3 = %{version}-%{release} +Provides: %{name}-python3%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} >= 8 +Requires: platform-python-setuptools +%else +Requires: python3-setuptools +%endif + +%description -n python3-setools +SETools is a collection of graphical tools, command-line tools, and +Python 3 modules designed to facilitate SELinux policy analysis. + + +%if %{with networkx} +%package gui +Summary: Policy analysis graphical tools for SELinux +Requires: python3-setools = %{version}-%{release} +Requires: python3-qt5 +Requires: python3-networkx + +%description gui +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. +%endif + + +%prep +%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} + + +%build +# Remove CFLAGS=... for noarch packages (unneeded) +%set_build_flags +%{__python3} setup.py build + + +%install +%{__python3} setup.py install --root %{buildroot} + +%if %{without networkx} +rm -f %{buildroot}%{_bindir}/sedta %{buildroot}%{_bindir}/seinfoflow \ + %{buildroot}%{_mandir}*/man1/sedta* %{buildroot}%{_mandir}*/man1/sedinfoflow* \ +rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ + %{buildroot}%{_mandir}*/man1/apol* +%endif + +%check +%if %{?_with_check:1}%{!?_with_check:0} +%{__python3} setup.py test +%endif + + +%files + +%files console +%{_bindir}/sediff +%{_bindir}/seinfo +%{_bindir}/sesearch +%{_mandir}/man1/sediff* +%{_mandir}/man1/seinfo* +%{_mandir}/man1/sesearch* +%{_mandir}/ru/man1/sediff* +%{_mandir}/ru/man1/seinfo* +%{_mandir}/ru/man1/sesearch* + +%if %{with networkx} +%files console-analyses +%{_bindir}/sedta +%{_bindir}/seinfoflow +%{_mandir}/man1/sedta* +%{_mandir}/man1/seinfoflow* +%{_mandir}/ru/man1/sedta* +%{_mandir}/ru/man1/seinfoflow* +%endif + +%files -n python3-setools +%license COPYING COPYING.GPL COPYING.LGPL +%{python3_sitearch}/setools +%{python3_sitearch}/setools-* + +%if %{with networkx} +%files gui +%{_bindir}/apol +%{python3_sitearch}/setoolsgui +%{_mandir}/man1/apol* +%{_mandir}/ru/man1/apol* +%endif + +%changelog +* Tue Nov 30 2021 Vit Mojzis - 4.3.0-3} +- Make seinfo output predictable (#2019961) + +* Tue Jun 30 2020 Vit Mojzis - 4.3.0-2 +- Support old boolean names in policy queries (#1595572, #1581848) + +* Fri Apr 03 2020 Vit Mojzis - 4.3.0-1 +- SETools 4.3.0 release (#1820079) +- Revised sediff method for TE rules. This drastically reduced memory and run time. +- Added infiniband context support to seinfo, sediff, and apol. +- Added apol configuration for location of Qt assistant. +- Fixed sediff issue where properties header would display when not requested. +- Fixed sediff issue with type_transition file name comparison. +- Fixed permission map socket sendto information flow direction. +- Added methods to TypeAttribute class to make it a complete Python collection. +- Genfscon now will look up classes rather than using fixed values which + were dropped from libsepol. +- setools requires -console, -console-analyses and -gui packages (#1820078) + +* Sat Nov 30 2019 Petr Lautrbach - 4.2.2-2 +- Build setools-console-analyses and setools-gui (#1731519) + +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1 +- SETools 4.2.2 release + +* Mon May 13 2019 Vit Mojzis - 4.2.1-3 +- Use %set_build_flags instead of %optflags + +* Mon May 06 2019 Vit Mojzis - 4.2.1-2 +- SELinuxPolicy: Create a map of aliases on policy load (#1672631) + +* Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 +- SETools 4.2.1 release (#1581761, #1595582) + +* Fri Nov 16 2018 Lumír Balhar - 4.2.0-2 +- Require platform-python-setuptools instead of python3-setuptools +- Resolves: rhbz#1650548 + +* Tue Nov 13 2018 Petr Lautrbach - 4.2.0-1 +- SETools 4.2.0 release + +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-11 +- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 + +* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-10 +- Move gui python files to -gui subpackage +- Do not build gui and console-analyses by default + +* Wed Jun 6 2018 Petr Lautrbach - 4.1.1-9 +- Don't build the Python 2 subpackage (#1567362) + +* Thu Apr 26 2018 Vit Mojzis - 4.1.1-8 +- Add support for SCTP protocol (#1568333) + +* Thu Apr 19 2018 Iryna Shcherbina - 4.1.1-7 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering - 4.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Sep 04 2017 Petr Lautrbach - 4.1.1-5 +- setools-python2 requires python2-enum34 + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-4 +- Add Provides for the old name without %%_isa + +* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-3 +- Python 2 binary package renamed to python2-setools + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 +- Python 3 binary package renamed to python3-setools + +* Thu Aug 10 2017 Petr Lautrbach - 4.1.1-2 +- bswap_* macros are defined in byteswap.h + +* Mon Aug 07 2017 Petr Lautrbach - 4.1.1-1 +- New upstream release + +* Thu Aug 03 2017 Fedora Release Engineering - 4.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon May 22 2017 Petr Lautrbach - 4.1.0-3 +- setools-python{,3} packages should have a weak dependency on libselinux-python{,3} + (#1447747) + +* Thu Feb 23 2017 Petr Lautrbach - 4.1.0-2 +- Move python networkx dependency to -gui and -console-analyses +- Ship sedta and seinfoflow in setools-console-analyses + +* Wed Feb 15 2017 Petr Lautrbach - 4.1.0-1 +- New upstream release. diff --git a/sources b/sources new file mode 100644 index 0000000..ff7f110 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a