rpms/setools
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebuild with new tool chain

Browse Source
This commit is contained in:
Dan Walsh 2013-01-07 10:32:34 -05:00
parent 0f518147af
commit 5edcaf9a0f
2 changed files with 469 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

707
0001-add-setools-seinfo-and-sesearch-python-bindings.patch
View File

@ -1,46 +1,6 @@
From 32e8d1d3619dcdb40431c7eae3fe00efaae089c6 Mon Sep 17 00:00:00 2001 diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac
From: Dan Walsh <dwalsh@redhat.com> --- setools-3.3.7/configure.ac.python 2010-04-30 10:25:48.000000000 -0400
Date: Tue, 20 Sep 2011 15:38:50 -0400 +++ setools-3.3.7/configure.ac 2012-09-29 08:24:31.587998703 -0400
Subject: [PATCH 1/6] add-setools-seinfo-and-sesearch-python-bindings
---
Makefile.am | 2 +-
configure.ac | 14 +-
python/Makefile.am | 1 +
python/Makefile.in | 716 +++++++++++++++++++++++++++++++++++++++++
python/setools/Makefile.am | 36 ++
python/setools/Makefile.in | 550 +++++++++++++++++++++++++++++++
python/setools/__init__.py | 50 +++
python/setools/seinfo.c | 769 ++++++++++++++++++++++++++++++++++++++++++++
python/setools/sesearch.c | 478 +++++++++++++++++++++++++++
python/setools/setup.py | 25 ++
11 files changed, 2635 insertions(+), 8 deletions(-)
create mode 100644 python/Makefile.am
create mode 100644 python/Makefile.in
create mode 100644 python/setools/Makefile.am
create mode 100644 python/setools/Makefile.in
create mode 100644 python/setools/__init__.py
create mode 100644 python/setools/seinfo.c
create mode 100644 python/setools/sesearch.c
create mode 100644 python/setools/setup.py
diff --git a/Makefile.am b/Makefile.am
index 5dc1b5d..176c8ea 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -10,7 +10,7 @@ if BUILD_GUI
endif
# sediffx is also built conditionally, from sediffx/Makefile.am
-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
diff --git a/configure.ac b/configure.ac
index b885981..e837e03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java, @@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
enable_jswig="$enableval") enable_jswig="$enableval")
if test "x${enable_jswig}" = xyes; then if test "x${enable_jswig}" = xyes; then
@ -95,25 +55,32 @@ index b885981..e837e03 100644
packages/Makefile packages/rpm/Makefile \ packages/Makefile packages/rpm/Makefile \
packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc]) packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
diff --git a/python/Makefile.am b/python/Makefile.am diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am
new file mode 100644 --- setools-3.3.7/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500
index 0000000..a1510c8 +++ setools-3.3.7/Makefile.am 2012-09-29 08:24:31.586998699 -0400
--- /dev/null @@ -10,7 +10,7 @@ if BUILD_GUI
+++ b/python/Makefile.am endif
# sediffx is also built conditionally, from sediffx/Makefile.am
-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am
--- setools-3.3.7/python/Makefile.am.python 2012-09-29 08:26:07.643330216 -0400
+++ setools-3.3.7/python/Makefile.am 2012-09-29 08:26:07.643330216 -0400
@@ -0,0 +1 @@ @@ -0,0 +1 @@
+SUBDIRS = setools +SUBDIRS = setools
diff --git a/python/Makefile.in b/python/Makefile.in diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in
new file mode 100644 --- setools-3.3.7/python/Makefile.in.python 2012-09-29 08:26:07.643330216 -0400
index 0000000..48c87ab +++ setools-3.3.7/python/Makefile.in 2012-09-29 08:26:07.657330271 -0400
--- /dev/null @@ -0,0 +1,731 @@
+++ b/python/Makefile.in +# Makefile.in generated by automake 1.12.2 from Makefile.am.
@@ -0,0 +1,716 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@ +# @configure_input@
+ +
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# Copyright (C) 1994-2012 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation +# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it, +# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved. +# with or without modifications, as long as this notice is preserved.
@ -125,6 +92,23 @@ index 0000000..48c87ab
+ +
+@SET_MAKE@ +@SET_MAKE@
+VPATH = @srcdir@ +VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
+pkgdatadir = $(datadir)/@PACKAGE@ +pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@
@ -175,6 +159,11 @@ index 0000000..48c87ab
+ install-pdf-recursive install-ps-recursive install-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive + ps-recursive uninstall-recursive
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive + distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
@ -515,12 +504,12 @@ index 0000000..48c87ab
+ -rm -rf .libs _libs + -rm -rf .libs _libs
+ +
+# This directory's subdirectories are mostly independent; you can cd +# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile. +# into them and run 'make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles, +# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status' +# (1) if the variable is set in 'config.status', edit 'config.status'
+# (which will cause the Makefiles to be regenerated when you run `make'); +# (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the `make' command line. +# (2) otherwise, pass the desired values on the 'make' command line.
+$(RECURSIVE_TARGETS): +$(RECURSIVE_TARGETS) $(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \ + @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \ + for f in x $$MAKEFLAGS; do \
+ case $$f in \ + case $$f in \
@ -530,7 +519,11 @@ index 0000000..48c87ab
+ done; \ + done; \
+ dot_seen=no; \ + dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \ + target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \ + case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \ + echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \ + if test "$$subdir" = "."; then \
+ dot_seen=yes; \ + dot_seen=yes; \
@ -544,37 +537,6 @@ index 0000000..48c87ab
+ if test "$$dot_seen" = "no"; then \ + if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail" + fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive: +tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \ + list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
@ -583,6 +545,10 @@ index 0000000..48c87ab
+ list='$(SUBDIRS)'; for subdir in $$list; do \ + list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done + done
+cscopelist-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) cscopelist); \
+ done
+ +
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@ -646,6 +612,20 @@ index 0000000..48c87ab
+ && $(am__cd) $(top_srcdir) \ + && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here" + && gtags -i $(GTAGS_ARGS) "$$here"
+ +
+cscopelist: cscopelist-recursive $(HEADERS) $(SOURCES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags: +distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+ +
@ -681,13 +661,10 @@ index 0000000..48c87ab
+ done + done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \ + if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \ + $(am__make_dryrun) \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \ + || test -d "$(distdir)/$$subdir" \
+ || exit 1; \ + || $(MKDIR_P) "$(distdir)/$$subdir" \
+ fi; \ + || exit 1; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \ + $(am__relativize); \
+ new_distdir=$$reldir; \ + new_distdir=$$reldir; \
@ -722,10 +699,15 @@ index 0000000..48c87ab
+ +
+installcheck: installcheck-recursive +installcheck: installcheck-recursive
+install-strip: +install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + if test -z '$(STRIP)'; then \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ `test -z '$(STRIP)' || \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic: +mostlyclean-generic:
+ +
+clean-generic: +clean-generic:
@ -803,32 +785,86 @@ index 0000000..48c87ab
+ +
+uninstall-am: +uninstall-am:
+ +
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) \
+ install-am install-strip tags-recursive + cscopelist-recursive ctags-recursive install-am install-strip \
+ tags-recursive
+ +
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \ + all all-am check check-am clean clean-generic clean-libtool \
+ ctags ctags-recursive distclean distclean-generic \ + cscopelist cscopelist-recursive ctags ctags-recursive \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \ + distclean distclean-generic distclean-libtool distclean-tags \
+ html-am info info-am install install-am install-data \ + distdir dvi dvi-am html html-am info info-am install \
+ install-data-am install-dvi install-dvi-am install-exec \ + install-am install-data install-data-am install-dvi \
+ install-exec-am install-html install-html-am install-info \ + install-dvi-am install-exec install-exec-am install-html \
+ install-info-am install-man install-pdf install-pdf-am \ + install-html-am install-info install-info-am install-man \
+ install-ps install-ps-am install-strip installcheck \ + install-pdf install-pdf-am install-ps install-ps-am \
+ installcheck-am installdirs installdirs-am maintainer-clean \ + install-strip installcheck installcheck-am installdirs \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \ + installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ uninstall uninstall-am + ps ps-am tags tags-recursive uninstall uninstall-am
+ +
+ +
+# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded. +# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT: +.NOEXPORT:
diff --git a/python/setools/Makefile.am b/python/setools/Makefile.am diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py
new file mode 100644 --- setools-3.3.7/python/setools/__init__.py.python 2012-09-29 08:26:07.650330243 -0400
index 0000000..c4635fb +++ setools-3.3.7/python/setools/__init__.py 2012-09-29 08:26:07.644330220 -0400
--- /dev/null @@ -0,0 +1,51 @@
+++ b/python/setools/Makefile.am +#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu@redhat.com>
+
+import _sesearch
+import _seinfo
+import types
+
+TYPE = _seinfo.TYPE
+ROLE = _seinfo.ROLE
+ATTRIBUTE = _seinfo.ATTRIBUTE
+PORT = _seinfo.PORT
+USER = _seinfo.USER
+
+ALLOW = 'allow'
+AUDITALLOW = 'auditallow'
+NEVERALLOW = 'neverallow'
+DONTAUDIT = 'dontaudit'
+SCONTEXT = 'scontext'
+TCONTEXT = 'tcontext'
+PERMS = 'permlist'
+CLASS = 'class'
+TRANSITION = 'transition'
+
+def sesearch(types, info):
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION]
+ for type in types:
+ if type not in valid_types:
+ raise ValueError("Type has to be in %s" % valid_types)
+ info[type] = True
+
+ perms = []
+ if PERMS in info:
+ perms = info[PERMS]
+ info[PERMS] = ",".join(info[PERMS])
+
+
+ dict_list = _sesearch.sesearch(info)
+ if dict_list and len(perms) != 0:
+ dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list)
+ return dict_list
+
+def dict_has_perms(dict, perms):
+ for perm in perms:
+ if perm not in dict[PERMS]:
+ return False
+ return True
+
+def seinfo(setype, name=None):
+ dict_list = _seinfo.seinfo(setype, name)
+ return dict_list
diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am
--- setools-3.3.7/python/setools/Makefile.am.python 2012-09-29 08:26:07.650330243 -0400
+++ setools-3.3.7/python/setools/Makefile.am 2012-09-29 08:26:07.649330238 -0400
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
+EXTRA_DIST = \ +EXTRA_DIST = \
+ sesearch.c \ + sesearch.c \
@ -866,18 +902,15 @@ index 0000000..c4635fb
+ $(PYTHON) setup.py clean -a + $(PYTHON) setup.py clean -a
+ rm -f *~ + rm -f *~
+ +
diff --git a/python/setools/Makefile.in b/python/setools/Makefile.in diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in
new file mode 100644 --- setools-3.3.7/python/setools/Makefile.in.python 2012-09-29 08:26:07.649330238 -0400
index 0000000..704ffc7 +++ setools-3.3.7/python/setools/Makefile.in 2012-09-29 08:26:07.656330267 -0400
--- /dev/null @@ -0,0 +1,578 @@
+++ b/python/setools/Makefile.in +# Makefile.in generated by automake 1.12.2 from Makefile.am.
@@ -0,0 +1,550 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@ +# @configure_input@
+ +
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# Copyright (C) 1994-2012 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation +# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it, +# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved. +# with or without modifications, as long as this notice is preserved.
@ -889,6 +922,23 @@ index 0000000..704ffc7
+ +
+@SET_MAKE@ +@SET_MAKE@
+VPATH = @srcdir@ +VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
+pkgdatadir = $(datadir)/@PACKAGE@ +pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@
@ -932,6 +982,11 @@ index 0000000..704ffc7
+CONFIG_CLEAN_VPATH_FILES = +CONFIG_CLEAN_VPATH_FILES =
+SOURCES = +SOURCES =
+DIST_SOURCES = +DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@ +ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@ +AMTAR = @AMTAR@
@ -1260,6 +1315,8 @@ index 0000000..704ffc7
+ctags: CTAGS +ctags: CTAGS
+CTAGS: +CTAGS:
+ +
+cscope cscopelist:
+
+ +
+distdir: $(DISTFILES) +distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@ -1305,10 +1362,15 @@ index 0000000..704ffc7
+ +
+installcheck: installcheck-am +installcheck: installcheck-am
+install-strip: +install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + if test -z '$(STRIP)'; then \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ `test -z '$(STRIP)' || \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic: +mostlyclean-generic:
+ +
+clean-generic: +clean-generic:
@ -1422,67 +1484,9 @@ index 0000000..704ffc7
+# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded. +# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT: +.NOEXPORT:
diff --git a/python/setools/__init__.py b/python/setools/__init__.py diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c
new file mode 100644 --- setools-3.3.7/python/setools/seinfo.c.python 2012-09-29 08:26:07.655330263 -0400
index 0000000..6f075c4 +++ setools-3.3.7/python/setools/seinfo.c 2012-09-29 08:26:07.656330267 -0400
--- /dev/null
+++ b/python/setools/__init__.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu@redhat.com>
+
+import _sesearch
+import _seinfo
+import types
+
+TYPE = _seinfo.TYPE
+ROLE = _seinfo.ROLE
+ATTRIBUTE = _seinfo.ATTRIBUTE
+PORT = _seinfo.PORT
+USER = _seinfo.USER
+
+ALLOW = 'allow'
+AUDITALLOW = 'auditallow'
+NEVERALLOW = 'neverallow'
+DONTAUDIT = 'dontaudit'
+SCONTEXT = 'scontext'
+TCONTEXT = 'tcontext'
+PERMS = 'permlist'
+CLASS = 'class'
+
+def sesearch(types, info):
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT]
+ for type in types:
+ if type not in valid_types:
+ raise ValueError("Type has to be in %s" % valid_types)
+ info[type] = True
+
+ perms = []
+ if PERMS in info:
+ perms = info[PERMS]
+ info[PERMS] = ",".join(info[PERMS])
+
+
+ dict_list = _sesearch.sesearch(info)
+ if dict_list and len(perms) != 0:
+ dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list)
+ return dict_list
+
+def dict_has_perms(dict, perms):
+ for perm in perms:
+ if perm not in dict[PERMS]:
+ return False
+ return True
+
+def seinfo(setype, name=None):
+ dict_list = _seinfo.seinfo(setype, name)
+ return dict_list
diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c
new file mode 100644
index 0000000..211930a
--- /dev/null
+++ b/python/setools/seinfo.c
@@ -0,0 +1,769 @@ @@ -0,0 +1,769 @@
+/** +/**
+ * @file + * @file
@ -2253,12 +2257,10 @@ index 0000000..211930a
+ PyModule_AddIntConstant(m, "TYPE", TYPE); + PyModule_AddIntConstant(m, "TYPE", TYPE);
+ PyModule_AddIntConstant(m, "USER", USER); + PyModule_AddIntConstant(m, "USER", USER);
+} +}
diff --git a/python/setools/sesearch.c b/python/setools/sesearch.c diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c
new file mode 100644 --- setools-3.3.7/python/setools/sesearch.c.python 2012-09-29 08:26:07.650330243 -0400
index 0000000..faaf8b7 +++ setools-3.3.7/python/setools/sesearch.c 2012-09-29 08:26:07.650330243 -0400
--- /dev/null @@ -0,0 +1,668 @@
+++ b/python/setools/sesearch.c
@@ -0,0 +1,478 @@
+// Author: Thomas Liu <tliu@redhat.com> +// Author: Thomas Liu <tliu@redhat.com>
+ +
+/** +/**
@ -2355,6 +2357,184 @@ index 0000000..faaf8b7
+ apol_vector_t *perm_vector; + apol_vector_t *perm_vector;
+} options_t; +} options_t;
+ +
+static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
+{
+ apol_filename_trans_query_t *ftq = NULL;
+ size_t i;
+ int error = 0;
+
+ if (!policy || !opt || !v) {
+ PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (!opt->type && !opt->all) {
+ *v = NULL;
+ return 0; /* no search to do */
+ }
+
+ ftq = apol_filename_trans_query_create();
+ if (!ftq) {
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ errno = ENOMEM;
+ return -1;
+ }
+
+ apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
+ if (opt->src_name) {
+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
+ goto err;
+ }
+ }
+
+ if (opt->tgt_name) {
+ if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
+ goto err;
+ }
+ }
+#if 0
+ if (opt->default_name) {
+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
+ goto err;
+ }
+ }
+#endif
+ if (opt->class_name) {
+ if (opt->class_vector == NULL) {
+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
+ goto err;
+ }
+ } else {
+ for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
+ char *class_name;
+ class_name = apol_vector_get_element(opt->class_vector, i);
+ if (!class_name)
+ continue;
+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
+ goto err;
+ }
+ }
+ }
+ }
+
+ if (apol_filename_trans_get_by_query(policy, ftq, v)) {
+ error = errno;
+ }
+
+ apol_filename_trans_query_destroy(&ftq);
+ return 0;
+
+ err:
+ error = errno;
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ apol_vector_destroy(v);
+ apol_filename_trans_query_destroy(&ftq);
+ errno = error;
+ return -1;
+}
+
+static PyObject* get_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v, PyObject *list)
+{
+ PyObject *obj;
+ size_t i, num_filename_trans = 0;
+ const char *tmp_name;
+ int error = 0;
+ const qpol_filename_trans_t *filename_trans = NULL;
+ const qpol_class_t *obj_class = NULL;
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policy);
+ const qpol_type_t *type = NULL;
+
+ if (!(num_filename_trans = apol_vector_get_size(v)))
+ goto cleanup;
+
+ for (i = 0; i < num_filename_trans; i++) {
+ if (!(filename_trans = apol_vector_get_element(v, i)))
+ goto cleanup;
+
+ PyObject *dict = PyDict_New();
+
+ obj = PyString_FromString("type_transition");
+ PyDict_SetItemString(dict, "type", obj);
+ Py_DECREF(obj);
+
+ /* source type */
+ if (qpol_filename_trans_get_source_type(q, filename_trans, &type)) {
+ goto err;
+ }
+ if (qpol_type_get_name(q, type, &tmp_name)) {
+ goto err;
+ }
+
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "source", obj);
+ Py_DECREF(obj);
+
+ /* target type */
+ if (qpol_filename_trans_get_target_type(q, filename_trans, &type)) {
+ goto err;
+ }
+ if (qpol_type_get_name(q, type, &tmp_name)) {
+ goto err;
+ }
+
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "target", obj);
+ Py_DECREF(obj);
+
+ /* object class */
+ if (qpol_filename_trans_get_object_class(q, filename_trans, &obj_class)) {
+ goto err;
+ }
+ if (qpol_class_get_name(q, obj_class, &tmp_name)) {
+ goto err;
+ }
+
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "class", obj);
+ Py_DECREF(obj);
+
+ /* default type */
+ if (qpol_filename_trans_get_default_type(q, filename_trans, &type)) {
+ goto err;
+ }
+ if (qpol_type_get_name(q, type, &tmp_name)) {
+ goto err;
+ }
+
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "transtype", obj);
+ Py_DECREF(obj);
+
+ if (qpol_filename_trans_get_filename(q, filename_trans, &tmp_name)) {
+ goto err;
+ }
+
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "filename", obj);
+ Py_DECREF(obj);
+
+ PyList_Append(list, dict);
+ Py_DECREF(dict);
+
+ free(filename_trans_str);
+ filename_trans_str = NULL;
+ free(expr);
+ expr = NULL;
+ }
+ goto cleanup;
+err:
+ error = errno;
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ errno = error;
+cleanup:
+ free(tmp);
+ free(filename_trans_str);
+ free(expr);
+ return list;
+}
+
+static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) +static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
+{ +{
+ apol_avrule_query_t *avq = NULL; + apol_avrule_query_t *avq = NULL;
@ -2404,7 +2584,7 @@ index 0000000..faaf8b7
+ } + }
+ } else { + } else {
+ size_t i; + size_t i;
+ for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { + for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
+ char *class_name; + char *class_name;
+ class_name = apol_vector_get_element(opt->class_vector, i); + class_name = apol_vector_get_element(opt->class_vector, i);
+ if (!class_name) + if (!class_name)
@ -2460,15 +2640,12 @@ index 0000000..faaf8b7
+ +
+ +
+ +
+static PyObject* get_av_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v) +static PyObject* get_av_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v, PyObject *list)
+{ +{
+ int retval = -1;
+ PyObject *list = PyList_New(0);
+ qpol_policy_t *q = apol_policy_get_qpol(policy); + qpol_policy_t *q = apol_policy_get_qpol(policy);
+ size_t i, num_rules = 0; + size_t i, num_rules = 0;
+ const qpol_avrule_t *rule = NULL; + const qpol_avrule_t *rule = NULL;
+ char *tmp = NULL, *rule_str = NULL, *expr = NULL; + char *tmp = NULL, *rule_str = NULL, *expr = NULL;
+ char enable_char = ' ', branch_char = ' ';
+ qpol_iterator_t *iter = NULL; + qpol_iterator_t *iter = NULL;
+ uint32_t enabled = 0; + uint32_t enabled = 0;
+ +
@ -2479,23 +2656,22 @@ index 0000000..faaf8b7
+ return NULL; + return NULL;
+ +
+ for (i = 0; i < num_rules; i++) { + for (i = 0; i < num_rules; i++) {
+ enable_char = branch_char = ' ';
+ if (!(rule = apol_vector_get_element(v, i))) + if (!(rule = apol_vector_get_element(v, i)))
+ goto cleanup; + goto cleanup;
+ +
+ if (qpol_avrule_get_is_enabled(q, rule, &enabled)) + if (qpol_avrule_get_is_enabled(q, rule, &enabled))
+ goto cleanup; + goto cleanup;
+ if (!enabled) + if (!enabled)
+ continue; + continue;
+ +
+ const qpol_type_t *type; + const qpol_type_t *type;
+ const char *tmp_name; + const char *tmp_name;
+ uint32_t rule_type = 0; + uint32_t rule_type = 0;
+ +
+ const qpol_class_t *obj_class = NULL; + const qpol_class_t *obj_class = NULL;
+ +
+ PyObject *dict = PyDict_New(); + PyObject *dict = PyDict_New();
+ +
+ qpol_avrule_get_rule_type(q, rule, &rule_type); + qpol_avrule_get_rule_type(q, rule, &rule_type);
+ tmp_name = apol_rule_type_to_str(rule_type); + tmp_name = apol_rule_type_to_str(rule_type);
+ PyObject *obj = PyString_FromString(tmp_name); + PyObject *obj = PyString_FromString(tmp_name);
@ -2507,13 +2683,13 @@ index 0000000..faaf8b7
+ obj = PyString_FromString(tmp_name); + obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "scontext", obj); + PyDict_SetItemString(dict, "scontext", obj);
+ Py_DECREF(obj); + Py_DECREF(obj);
+ +
+ qpol_avrule_get_target_type(q, rule, &type); + qpol_avrule_get_target_type(q, rule, &type);
+ qpol_type_get_name(q, type, &tmp_name); + qpol_type_get_name(q, type, &tmp_name);
+ obj = PyString_FromString(tmp_name); + obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "tcontext", obj); + PyDict_SetItemString(dict, "tcontext", obj);
+ Py_DECREF(obj); + Py_DECREF(obj);
+ +
+ qpol_avrule_get_object_class(q, rule, &obj_class); + qpol_avrule_get_object_class(q, rule, &obj_class);
+ qpol_type_get_name(q, type, &tmp_name); + qpol_type_get_name(q, type, &tmp_name);
+ obj = PyString_FromString(tmp_name); + obj = PyString_FromString(tmp_name);
@ -2530,53 +2706,50 @@ index 0000000..faaf8b7
+ } + }
+ PyDict_SetItemString(dict, "permlist", permlist); + PyDict_SetItemString(dict, "permlist", permlist);
+ Py_DECREF(permlist); + Py_DECREF(permlist);
+ PyList_Append(list, dict); + PyList_Append(list, dict);
+ Py_DECREF(dict); + Py_DECREF(dict);
+ +
+ free(rule_str); + free(rule_str);
+ rule_str = NULL; + rule_str = NULL;
+ free(expr); + free(expr);
+ expr = NULL; + expr = NULL;
+ } + }
+ retval = 0; +
+ cleanup: + cleanup:
+ free(tmp); + free(tmp);
+ free(rule_str); + free(rule_str);
+ free(expr); + free(expr);
+ if (retval) {
+ Py_DECREF(list);
+ return NULL;
+ }
+ return list; + return list;
+} +}
+ +
+ +
+PyObject* sesearch(bool allow, +PyObject* sesearch(bool allow,
+ bool neverallow, + bool neverallow,
+ bool auditallow, + bool auditallow,
+ bool dontaudit, + bool dontaudit,
+ const char *src_name, + bool transition,
+ const char *tgt_name, + const char *src_name,
+ const char *class_name, + const char *tgt_name,
+ const char *permlist + const char *class_name,
+ ) + const char *permlist
+ )
+{ +{
+ options_t cmd_opts; + options_t cmd_opts;
+ int rt = -1; + int rt = -1;
+ PyObject *output = NULL; + PyObject *output = PyList_New(0);
+
+ apol_policy_t *policy = NULL; + apol_policy_t *policy = NULL;
+ apol_vector_t *v = NULL; + apol_vector_t *v = NULL;
+ apol_policy_path_t *pol_path = NULL; + apol_policy_path_t *pol_path = NULL;
+ apol_vector_t *mod_paths = NULL; + apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; + apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+ +
+ memset(&cmd_opts, 0, sizeof(cmd_opts)); + memset(&cmd_opts, 0, sizeof(cmd_opts));
+ cmd_opts.indirect = true; + cmd_opts.indirect = true;
+ cmd_opts.allow = allow; + cmd_opts.allow = allow;
+ cmd_opts.nallow = neverallow; + cmd_opts.nallow = neverallow;
+ cmd_opts.auditallow = auditallow; + cmd_opts.auditallow = auditallow;
+ cmd_opts.dontaudit = dontaudit; + cmd_opts.dontaudit = dontaudit;
+ cmd_opts.type = transition;
+ if (src_name) + if (src_name)
+ cmd_opts.src_name = strdup(src_name); + cmd_opts.src_name = strdup(src_name);
+ if (tgt_name) + if (tgt_name)
@ -2590,15 +2763,15 @@ index 0000000..faaf8b7
+ int pol_opt = 0; + int pol_opt = 0;
+ if (!(cmd_opts.nallow || cmd_opts.all)) + if (!(cmd_opts.nallow || cmd_opts.all))
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS; + pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
+ +
+ +
+ rt = qpol_default_policy_find(&policy_file); + rt = qpol_default_policy_find(&policy_file);
+ if (rt) { + if (rt) {
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found."); + PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
+ return NULL; + return NULL;
+ } + }
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM; + pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+ +
+ if (apol_file_is_policy_path_list(policy_file) > 0) { + if (apol_file_is_policy_path_list(policy_file) > 0) {
+ pol_path = apol_policy_path_create_from_file(policy_file); + pol_path = apol_policy_path_create_from_file(policy_file);
+ if (!pol_path) { + if (!pol_path) {
@ -2617,7 +2790,7 @@ index 0000000..faaf8b7
+ } + }
+ free(policy_file); + free(policy_file);
+ apol_vector_destroy(&mod_paths); + apol_vector_destroy(&mod_paths);
+ +
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL); + policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
+ if (!policy) { + if (!policy) {
+ apol_policy_path_destroy(&pol_path); + apol_policy_path_destroy(&pol_path);
@ -2677,9 +2850,23 @@ index 0000000..faaf8b7
+ goto cleanup; + goto cleanup;
+ } + }
+ if (v) { + if (v) {
+ output = get_av_results(policy, &cmd_opts, v); + output = get_av_results(policy, &cmd_opts, v, output);
+ } + }
+
+ if (cmd_opts.all || cmd_opts.type) {
+ apol_vector_destroy(&v);
+ if (perform_ft_query(policy, &cmd_opts, &v)) {
+ rt = 1;
+ goto cleanup;
+ }
+
+ if (v) {
+ output = get_ft_results(policy, &cmd_opts, v, output);
+ }
+ }
+
+ apol_vector_destroy(&v); + apol_vector_destroy(&v);
+
+ cleanup: + cleanup:
+ apol_policy_destroy(&policy); + apol_policy_destroy(&policy);
+ apol_policy_path_destroy(&pol_path); + apol_policy_path_destroy(&pol_path);
@ -2693,38 +2880,43 @@ index 0000000..faaf8b7
+ apol_vector_destroy(&cmd_opts.perm_vector); + apol_vector_destroy(&cmd_opts.perm_vector);
+ apol_vector_destroy(&cmd_opts.class_vector); + apol_vector_destroy(&cmd_opts.class_vector);
+ +
+ if (output) return output; + if (PyList_GET_SIZE(output) == 0) {
+ return Py_None; + Py_DECREF(output);
+ return Py_None;
+ }
+ return output;
+} +}
+
+static int Dict_ContainsInt(PyObject *dict, const char *key){ +static int Dict_ContainsInt(PyObject *dict, const char *key){
+ PyObject *item = PyDict_GetItemString(dict, key); + PyObject *item = PyDict_GetItemString(dict, key);
+ if (item) + if (item)
+ return PyInt_AsLong(item); + return PyInt_AsLong(item);
+ return false; + return false;
+} +}
+ +
+static const char *Dict_ContainsString(PyObject *dict, const char *key){ +static const char *Dict_ContainsString(PyObject *dict, const char *key){
+ PyObject *item = PyDict_GetItemString(dict, key); + PyObject *item = PyDict_GetItemString(dict, key);
+ if (item) + if (item)
+ return PyString_AsString(item); + return PyString_AsString(item);
+ return NULL; + return NULL;
+} +}
+ +
+PyObject *wrap_sesearch(PyObject *self, PyObject *args){ +PyObject *wrap_sesearch(PyObject *self, PyObject *args){
+ PyObject *dict; + PyObject *dict;
+ if (!PyArg_ParseTuple(args, "O", &dict)) + if (!PyArg_ParseTuple(args, "O", &dict))
+ return NULL; + return NULL;
+ int allow = Dict_ContainsInt(dict, "allow"); + int allow = Dict_ContainsInt(dict, "allow");
+ int neverallow = Dict_ContainsInt(dict, "neverallow"); + int neverallow = Dict_ContainsInt(dict, "neverallow");
+ int auditallow = Dict_ContainsInt(dict, "auditallow"); + int auditallow = Dict_ContainsInt(dict, "auditallow");
+ int dontaudit = Dict_ContainsInt(dict, "dontaudit"); + int dontaudit = Dict_ContainsInt(dict, "dontaudit");
+ + int transition = Dict_ContainsInt(dict, "transition");
+
+ const char *src_name = Dict_ContainsString(dict, "scontext"); + const char *src_name = Dict_ContainsString(dict, "scontext");
+ const char *tgt_name = Dict_ContainsString(dict, "tcontext"); + const char *tgt_name = Dict_ContainsString(dict, "tcontext");
+ const char *class_name = Dict_ContainsString(dict, "class"); + const char *class_name = Dict_ContainsString(dict, "class");
+ const char *permlist = Dict_ContainsString(dict, "permlist"); + const char *permlist = Dict_ContainsString(dict, "permlist");
+ +
+ return Py_BuildValue("O",sesearch(allow, neverallow, auditallow, dontaudit, src_name, tgt_name, class_name, permlist)); + return Py_BuildValue("O",sesearch(allow, neverallow, auditallow, dontaudit, transition, src_name, tgt_name, class_name, permlist));
+ +
+} +}
+ +
@ -2737,11 +2929,9 @@ index 0000000..faaf8b7
+ PyObject *m; + PyObject *m;
+ m = Py_InitModule("_sesearch", methods); + m = Py_InitModule("_sesearch", methods);
+} +}
diff --git a/python/setools/setup.py b/python/setools/setup.py diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py
new file mode 100644 --- setools-3.3.7/python/setools/setup.py.python 2012-09-29 08:26:07.650330243 -0400
index 0000000..053b885 +++ setools-3.3.7/python/setools/setup.py 2012-09-29 08:26:07.646330228 -0400
--- /dev/null
+++ b/python/setools/setup.py
@@ -0,0 +1,25 @@ @@ -0,0 +1,25 @@
+#!/usr/bin/env python +#!/usr/bin/env python
+ +
@ -2768,6 +2958,3 @@ index 0000000..053b885
+extension_seinfo.library_dirs=LIBDIRS +extension_seinfo.library_dirs=LIBDIRS
+ +
+setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@redhat.com", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"]) +setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@redhat.com", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"])
--
1.7.6.2

93
setools.spec
View File

@ -5,7 +5,7 @@
Name: setools Name: setools
Version: %{setools_maj_ver}.%{setools_min_ver} Version: %{setools_maj_ver}.%{setools_min_ver}
Release: 28%{?dist} Release: 32%{?dist}
License: GPLv2 License: GPLv2
URL: http://oss.tresys.com/projects/setools URL: http://oss.tresys.com/projects/setools
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -13,7 +13,6 @@ Source: http://oss.tresys.com/projects/setools/chrome/site/dists/setools-%{versi
Source1: setools.pam Source1: setools.pam
Source2: apol.desktop Source2: apol.desktop
Source3: seaudit.desktop Source3: seaudit.desktop
Source4: sediffx.desktop
Patch1: 0001-add-setools-seinfo-and-sesearch-python-bindings.patch Patch1: 0001-add-setools-seinfo-and-sesearch-python-bindings.patch
Patch2: 0002-setools-should-exit-with-an-error-status-if-it-gets-.patch Patch2: 0002-setools-should-exit-with-an-error-status-if-it-gets-.patch
Patch3: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch Patch3: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
@ -24,6 +23,8 @@ Patch7: 0007-Remove-unused-variables.patch
Patch8: 0008-Fix-output-to-match-policy-lines.patch Patch8: 0008-Fix-output-to-match-policy-lines.patch
Patch9: 0009-Fix-swig-coding-style-for-structures.patch Patch9: 0009-Fix-swig-coding-style-for-structures.patch
Patch10: 0010-selinux_current_policy_path.patch Patch10: 0010-selinux_current_policy_path.patch
Patch11: 0011-setools-noship.patch
Patch12: 0012-seaudit.patch
Summary: Policy analysis tools for SELinux Summary: Policy analysis tools for SELinux
Group: System Environment/Base Group: System Environment/Base
@ -32,7 +33,6 @@ Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{r
# external requirements # external requirements
%define autoconf_ver 2.59 %define autoconf_ver 2.59
%define bwidget_ver 1.8 %define bwidget_ver 1.8
%define java_ver 1.2
%define gtk_ver 2.8 %define gtk_ver 2.8
%define python_ver 2.3 %define python_ver 2.3
%define sepol_ver 2.1.5-3 %define sepol_ver 2.1.5-3
@ -53,6 +53,7 @@ License: LGPLv2
Summary: Policy analysis support libraries for SELinux Summary: Policy analysis support libraries for SELinux
Group: System Environment/Libraries Group: System Environment/Libraries
Requires: libselinux >= %{selinux_ver} libsepol >= %{sepol_ver} sqlite >= %{sqlite_ver} Requires: libselinux >= %{selinux_ver} libsepol >= %{sepol_ver} sqlite >= %{sqlite_ver}
Obsoletes: setools-libs-java
BuildRequires: flex bison pkgconfig BuildRequires: flex bison pkgconfig
BuildRequires: glibc-devel libstdc++-devel gcc gcc-c++ BuildRequires: glibc-devel libstdc++-devel gcc gcc-c++
BuildRequires: libselinux-devel >= %{selinux_ver} libsepol-devel >= %{sepol_ver} BuildRequires: libselinux-devel >= %{selinux_ver} libsepol-devel >= %{sepol_ver}
@ -92,25 +93,6 @@ This package includes Python bindings for the following libraries:
libseaudit parse and filter SELinux audit messages in log files libseaudit parse and filter SELinux audit messages in log files
libsefs SELinux file contexts library libsefs SELinux file contexts library
%package libs-java
License: LGPLv2
Summary: Java bindings for SELinux policy analysis
Group: Development/Languages
Requires: setools-libs = %{version}-%{release} java >= %{java_ver}
BuildRequires: java-devel >= %{java_ver} swig >= %{swig_ver}
%description libs-java
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes Java bindings for the following libraries:
libapol policy analysis library
libpoldiff semantic policy difference library
libqpol library that abstracts policy internals
libseaudit parse and filter SELinux audit messages in log files
libsefs SELinux file contexts library
%package libs-tcl %package libs-tcl
License: LGPLv2 License: LGPLv2
Summary: Tcl bindings for SELinux policy analysis Summary: Tcl bindings for SELinux policy analysis
@ -163,10 +145,7 @@ libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools: This package includes the following console tools:
seaudit-report audit log analysis tool secmds command line tools: seinfo, sesearch
sechecker SELinux policy checking tool
secmds command line tools: seinfo, sesearch, findcon,
replcon, and indexcon
sediff semantic policy difference tool sediff semantic policy difference tool
%package gui %package gui
@ -186,12 +165,10 @@ This package includes the following graphical tools:
apol policy analysis tool apol policy analysis tool
seaudit audit log analysis tool seaudit audit log analysis tool
sediffx semantic policy difference tool
%define setoolsdir %{_datadir}/setools-%{setools_maj_ver} %define setoolsdir %{_datadir}/setools-%{setools_maj_ver}
%define pkg_py_lib %{python_sitelib}/setools %define pkg_py_lib %{python_sitelib}/setools
%define pkg_py_arch %{python_sitearch}/setools %define pkg_py_arch %{python_sitearch}/setools
%define javajardir %{_datadir}/java
%define tcllibdir %{_libdir}/setools %define tcllibdir %{_libdir}/setools
%prep %prep
@ -206,7 +183,8 @@ This package includes the following graphical tools:
%patch8 -p 1 -b .fixoutput %patch8 -p 1 -b .fixoutput
%patch9 -p 1 -b .fixswig %patch9 -p 1 -b .fixswig
%patch10 -p 1 -b .current %patch10 -p 1 -b .current
%patch11 -p 1 -b .noship
%patch12 -p 1 -b .seaudit
%ifarch sparc sparcv9 sparc64 s390 s390x %ifarch sparc sparcv9 sparc64 s390 s390x
for file in `find . -name Makefile.am`; do for file in `find . -name Makefile.am`; do
sed -i -e 's:-fpic:-fPIC:' $file; sed -i -e 's:-fpic:-fPIC:' $file;
@ -220,7 +198,7 @@ autoreconf
%build %build
%configure --libdir=%{_libdir} --disable-bwidget-check --disable-selinux-check \ %configure --libdir=%{_libdir} --disable-bwidget-check --disable-selinux-check \
--enable-swig-python --enable-swig-java --enable-swig-tcl --with-java-prefix=/usr/lib/jvm/java --enable-swig-python --enable-swig-tcl
# work around issue with gcc 4.3 + gnu99 + swig-generated code: # work around issue with gcc 4.3 + gnu99 + swig-generated code:
sed -i -e 's:$(CC):gcc -std=gnu89:' libseaudit/swig/python/Makefile sed -i -e 's:$(CC):gcc -std=gnu89:' libseaudit/swig/python/Makefile
make %{?_smp_mflags} make %{?_smp_mflags}
@ -237,22 +215,14 @@ install -p -m 644 packages/rpm/seaudit.console ${RPM_BUILD_ROOT}%{_sysconfdir}/s
install -d -m 755 ${RPM_BUILD_ROOT}%{_datadir}/applications install -d -m 755 ${RPM_BUILD_ROOT}%{_datadir}/applications
install -p -m 644 apol/apol.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/apol.png install -p -m 644 apol/apol.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/apol.png
install -p -m 644 seaudit/seaudit.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/seaudit.png install -p -m 644 seaudit/seaudit.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/seaudit.png
install -p -m 644 sediff/sediffx.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/sediffx.png desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications %{SOURCE2}
desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications %{SOURCE2} %{SOURCE3} %{SOURCE4}
ln -sf consolehelper ${RPM_BUILD_ROOT}/%{_bindir}/seaudit ln -sf consolehelper ${RPM_BUILD_ROOT}/%{_bindir}/seaudit
# replace absolute symlinks with relative symlinks
ln -sf ../setools-%{setools_maj_ver}/qpol.jar ${RPM_BUILD_ROOT}/%{javajardir}/qpol.jar
ln -sf ../setools-%{setools_maj_ver}/apol.jar ${RPM_BUILD_ROOT}/%{javajardir}/apol.jar
ln -sf ../setools-%{setools_maj_ver}/poldiff.jar ${RPM_BUILD_ROOT}/%{javajardir}/poldiff.jar
ln -sf ../setools-%{setools_maj_ver}/seaudit.jar ${RPM_BUILD_ROOT}/%{javajardir}/seaudit.jar
ln -sf ../setools-%{setools_maj_ver}/sefs.jar ${RPM_BUILD_ROOT}/%{javajardir}/sefs.jar
# remove static libs # remove static libs
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/*.a rm -f ${RPM_BUILD_ROOT}/%{_libdir}/*.a
# ensure permissions are correct # ensure permissions are correct
chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/*.so.* chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/*.so.*
chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/%{name}/*/*.so.* chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/%{name}/*/*.so.*
chmod 0755 ${RPM_BUILD_ROOT}/%{pkg_py_arch}/*.so.* chmod 0755 ${RPM_BUILD_ROOT}/%{pkg_py_arch}/*.so.*
chmod 0755 ${RPM_BUILD_ROOT}/%{setoolsdir}/seaudit-report-service
chmod 0644 ${RPM_BUILD_ROOT}/%{tcllibdir}/*/pkgIndex.tcl chmod 0644 ${RPM_BUILD_ROOT}/%{tcllibdir}/*/pkgIndex.tcl
%clean %clean
@ -279,16 +249,6 @@ rm -rf ${RPM_BUILD_ROOT}
%endif %endif
%{python_sitearch}/setools*.egg-info %{python_sitearch}/setools*.egg-info
%files libs-java
%defattr(-,root,root,-)
%{_libdir}/libjqpol.so.*
%{_libdir}/libjapol.so.*
%{_libdir}/libjpoldiff.so.*
%{_libdir}/libjseaudit.so.*
%{_libdir}/libjsefs.so.*
%{setoolsdir}/*.jar
%{javajardir}/*.jar
%files libs-tcl %files libs-tcl
%defattr(-,root,root,-) %defattr(-,root,root,-)
%dir %{tcllibdir} %dir %{tcllibdir}
@ -312,33 +272,16 @@ rm -rf ${RPM_BUILD_ROOT}
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_bindir}/seinfo %{_bindir}/seinfo
%{_bindir}/sesearch %{_bindir}/sesearch
%{_bindir}/indexcon
%{_bindir}/findcon
%{_bindir}/replcon
%{_bindir}/sechecker
%{_bindir}/sediff %{_bindir}/sediff
%{_bindir}/seaudit-report
%{setoolsdir}/sechecker-profiles/
%{setoolsdir}/sechecker_help.txt
%{setoolsdir}/seaudit-report-service
%{setoolsdir}/seaudit-report.conf
%{setoolsdir}/seaudit-report.css
%{_mandir}/man1/findcon.1.gz
%{_mandir}/man1/indexcon.1.gz
%{_mandir}/man1/replcon.1.gz
%{_mandir}/man1/sechecker.1.gz
%{_mandir}/man1/sediff.1.gz %{_mandir}/man1/sediff.1.gz
%{_mandir}/man1/seinfo.1.gz %{_mandir}/man1/seinfo.1.gz
%{_mandir}/man1/sesearch.1.gz %{_mandir}/man1/sesearch.1.gz
%{_mandir}/man8/seaudit-report.8.gz
%files gui %files gui
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_bindir}/seaudit %{_bindir}/seaudit
%{_bindir}/sediffx
%{_bindir}/apol %{_bindir}/apol
%{tcllibdir}/apol_tcl/ %{tcllibdir}/apol_tcl/
%{setoolsdir}/sediff_help.txt
%{setoolsdir}/apol_help.txt %{setoolsdir}/apol_help.txt
%{setoolsdir}/domaintrans_help.txt %{setoolsdir}/domaintrans_help.txt
%{setoolsdir}/file_relabel_help.txt %{setoolsdir}/file_relabel_help.txt
@ -351,7 +294,6 @@ rm -rf ${RPM_BUILD_ROOT}
%{setoolsdir}/apol.gif %{setoolsdir}/apol.gif
%{setoolsdir}/dot_seaudit %{setoolsdir}/dot_seaudit
%{_mandir}/man1/apol.1.gz %{_mandir}/man1/apol.1.gz
%{_mandir}/man1/sediffx.1.gz
%{_mandir}/man8/seaudit.8.gz %{_mandir}/man8/seaudit.8.gz
%{_sbindir}/seaudit %{_sbindir}/seaudit
%config(noreplace) %{_sysconfdir}/pam.d/seaudit %config(noreplace) %{_sysconfdir}/pam.d/seaudit
@ -363,15 +305,24 @@ rm -rf ${RPM_BUILD_ROOT}
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%post libs-java -p /sbin/ldconfig
%postun libs-java -p /sbin/ldconfig
%post libs-tcl -p /sbin/ldconfig %post libs-tcl -p /sbin/ldconfig
%postun libs-tcl -p /sbin/ldconfig %postun libs-tcl -p /sbin/ldconfig
%changelog %changelog
* Mon Jan 7 2013 Dan Walsh <dwalsh@redhat.com> - 3.3.7-32
- Rebuild with new tool chain
* Fri Sep 28 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-31
- Add filename_trans to python/setools/sesearch bindings
* Fri Sep 28 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-30
- Apply Lars Jensen patch to fix seaudit
- Remove java bindings, not supported
* Mon Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-29
- Remove tools that we do not want to support
* Mon Aug 20 2012 Dan Horák <dan[at]danny.cz> - 3.3.7-28 * Mon Aug 20 2012 Dan Horák <dan[at]danny.cz> - 3.3.7-28
- use autoreconf to rebuild all autotooled files (FTBFS) - use autoreconf to rebuild all autotooled files (FTBFS)