From 70a795cee28a57d30c01723056fb9fd1c1a06e99 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mon, 29 Jul 2019 22:53:38 -0400 Subject: [PATCH] import setools-4.2.1-3.el8 --- .gitignore | 1 + .setools.metadata | 1 + ...eate-a-map-of-aliases-on-policy-load.patch | 479 ++++++++++++++++++ .../1001-Do-not-use-Werror-during-build.patch | 49 ++ ...e-setools.InfoFlowAnalysis-and-setoo.patch | 139 +++++ SOURCES/apol.desktop | 11 + SOURCES/setools.pam | 4 + SPECS/setools.spec | 237 +++++++++ 8 files changed, 921 insertions(+) create mode 100644 .gitignore create mode 100644 .setools.metadata create mode 100644 SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch create mode 100644 SOURCES/1001-Do-not-use-Werror-during-build.patch create mode 100644 SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch create mode 100644 SOURCES/apol.desktop create mode 100644 SOURCES/setools.pam create mode 100644 SPECS/setools.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..23becd3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/4.2.1.tar.gz diff --git a/.setools.metadata b/.setools.metadata new file mode 100644 index 0000000..6f1ae89 --- /dev/null +++ b/.setools.metadata @@ -0,0 +1 @@ +560ffc50e09dcdaaeae7d7621569e70f0195c465 SOURCES/4.2.1.tar.gz diff --git a/SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch b/SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch new file mode 100644 index 0000000..04b6272 --- /dev/null +++ b/SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch @@ -0,0 +1,479 @@ +From 2fad2d1b1df43ea0d85e25e2ebad88ad02997d7c Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 29 Apr 2019 07:57:16 -0400 +Subject: [PATCH 1/3] SELinuxPolicy: Create a map of aliases on policy load. + +Addresses a performance regression after the alias fixes in #17. + +Closes #20 +--- + setools/policyrep/mls.pxi | 138 +--------------------------- + setools/policyrep/selinuxpolicy.pxi | 107 +++++++++++++++++---- + setools/policyrep/typeattr.pxi | 70 +------------- + 3 files changed, 95 insertions(+), 220 deletions(-) + +diff --git a/setools/policyrep/mls.pxi b/setools/policyrep/mls.pxi +index c40d032..30464b7 100644 +--- a/setools/policyrep/mls.pxi ++++ b/setools/policyrep/mls.pxi +@@ -1,5 +1,5 @@ + # Copyright 2014-2016, Tresys Technology, LLC +-# Copyright 2017-2018, Chris PeBenito ++# Copyright 2017-2019, Chris PeBenito + # + # This file is part of SETools. + # +@@ -65,6 +65,7 @@ cdef class Category(PolicySymbol): + c.key = symbol + c.name = policy.category_value_to_name(symbol.s.value - 1) + c._value = symbol.s.value ++ c._aliases = policy.category_alias_map[symbol.s.value] + _cat_cache[policy][symbol] = c + return c + +@@ -75,14 +76,8 @@ cdef class Category(PolicySymbol): + # Comparison based on their index instead of their names. + return self._value < other._value + +- cdef inline void _load_aliases(self): +- """Helper method to load aliases.""" +- if self._aliases is None: +- self._aliases = list(self.policy.category_aliases(self)) +- + def aliases(self): + """Generator that yields all aliases for this category.""" +- self._load_aliases() + return iter(self._aliases) + + def statement(self): +@@ -90,7 +85,6 @@ cdef class Category(PolicySymbol): + str stmt + size_t count + +- self._load_aliases() + count = len(self._aliases) + + stmt = "category {0}".format(self.name) +@@ -127,6 +121,7 @@ cdef class Sensitivity(PolicySymbol): + s.key = symbol + s.name = policy.level_value_to_name(symbol.level.sens - 1) + s._value = symbol.level.sens ++ s._aliases = policy.sensitivity_alias_map[symbol.level.sens] + return s + + def __hash__(self): +@@ -144,14 +139,8 @@ cdef class Sensitivity(PolicySymbol): + def __lt__(self, other): + return self._value < other._value + +- cdef inline void _load_aliases(self): +- """Helper method to load aliases.""" +- if self._aliases is None: +- self._aliases = list(self.policy.sensitivity_aliases(self)) +- + def aliases(self): + """Generator that yields all aliases for this sensitivity.""" +- self._load_aliases() + return iter(self._aliases) + + def level_decl(self): +@@ -167,7 +156,6 @@ cdef class Sensitivity(PolicySymbol): + str stmt + size_t count + +- self._load_aliases() + count = len(self._aliases) + + stmt = "sensitivity {0}".format(self.name) +@@ -540,66 +528,6 @@ cdef class CategoryHashtabIterator(HashtabIterator): + datum = self.node.datum if self.node else NULL + + +-cdef class CategoryAliasHashtabIterator(HashtabIterator): +- +- """Iterate over category aliases in the policy.""" +- +- cdef uint32_t primary +- +- @staticmethod +- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Category primary): +- """Factory function for creating category alias iterators.""" +- i = CategoryAliasHashtabIterator() +- i.policy = policy +- i.table = table +- i.primary = primary._value +- i.reset() +- return i +- +- def __next__(self): +- super().__next__() +- datum = self.curr.datum if self.curr else NULL +- +- while datum != NULL and (not datum.isalias or datum.s.value != self.primary): +- super().__next__() +- datum = self.curr.datum if self.curr else NULL +- +- return intern(self.curr.key) +- +- def __len__(self): +- cdef sepol.cat_datum_t *datum +- cdef sepol.hashtab_node_t *node +- cdef uint32_t bucket = 0 +- cdef size_t count = 0 +- +- while bucket < self.table[0].size: +- node = self.table[0].htable[bucket] +- while node != NULL: +- datum = node.datum if node else NULL +- if datum != NULL and self.primary == datum.s.value and datum.isalias: +- count += 1 +- +- node = node.next +- +- bucket += 1 +- +- return count +- +- def reset(self): +- super().reset() +- +- cdef sepol.cat_datum_t *datum = self.node.datum if self.node else NULL +- +- # advance over any attributes or aliases +- while datum != NULL and (not datum.isalias and self.primary != datum.s.value): +- self._next_node() +- +- if self.node == NULL or self.bucket >= self.table[0].size: +- break +- +- datum = self.node.datum if self.node else NULL +- +- + cdef class SensitivityHashtabIterator(HashtabIterator): + + """Iterate over sensitivity in the policy.""" +@@ -657,66 +585,6 @@ cdef class SensitivityHashtabIterator(HashtabIterator): + datum = self.node.datum if self.node else NULL + + +-cdef class SensitivityAliasHashtabIterator(HashtabIterator): +- +- """Iterate over sensitivity aliases in the policy.""" +- +- cdef uint32_t primary +- +- @staticmethod +- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Sensitivity primary): +- """Factory function for creating Sensitivity alias iterators.""" +- i = SensitivityAliasHashtabIterator() +- i.policy = policy +- i.table = table +- i.primary = primary._value +- i.reset() +- return i +- +- def __next__(self): +- super().__next__() +- datum = self.curr.datum if self.curr else NULL +- +- while datum != NULL and (not datum.isalias or datum.level.sens != self.primary): +- super().__next__() +- datum = self.curr.datum if self.curr else NULL +- +- return intern(self.curr.key) +- +- def __len__(self): +- cdef sepol.level_datum_t *datum +- cdef sepol.hashtab_node_t *node +- cdef uint32_t bucket = 0 +- cdef size_t count = 0 +- +- while bucket < self.table[0].size: +- node = self.table[0].htable[bucket] +- while node != NULL: +- datum = node.datum if node else NULL +- if datum != NULL and self.primary == datum.level.sens and datum.isalias: +- count += 1 +- +- node = node.next +- +- bucket += 1 +- +- return count +- +- def reset(self): +- super().reset() +- +- cdef sepol.level_datum_t *datum = self.node.datum if self.node else NULL +- +- # advance over any attributes or aliases +- while datum != NULL and (not datum.isalias and self.primary != datum.level.sens): +- self._next_node() +- +- if self.node == NULL or self.bucket >= self.table[0].size: +- break +- +- datum = self.node.datum if self.node else NULL +- +- + cdef class LevelDeclHashtabIterator(HashtabIterator): + + """Iterate over level declarations in the policy.""" +diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi +index 1a3eb5c..1541549 100644 +--- a/setools/policyrep/selinuxpolicy.pxi ++++ b/setools/policyrep/selinuxpolicy.pxi +@@ -46,6 +46,9 @@ cdef class SELinuxPolicy: + object log + object constraint_counts + object terule_counts ++ dict type_alias_map ++ dict category_alias_map ++ dict sensitivity_alias_map + object __weakref__ + + # Public attributes: +@@ -598,12 +601,6 @@ cdef class SELinuxPolicy: + """Return the category datum for the specified category value.""" + return self.cat_val_to_struct[value] + +- cdef inline category_aliases(self, Category primary): +- """Return an interator for the aliases for the specified category.""" +- return CategoryAliasHashtabIterator.factory(self, +- &self.handle.p.symtab[sepol.SYM_CATS].table, +- primary) +- + cdef inline str category_value_to_name(self, size_t value): + """Return the name of the category by its value.""" + return intern(self.handle.p.sym_val_to_name[sepol.SYM_CATS][value]) +@@ -636,17 +633,6 @@ cdef class SELinuxPolicy: + """Return the name of the role by its value.""" + return intern(self.handle.p.sym_val_to_name[sepol.SYM_ROLES][value]) + +- cdef inline sensitivity_aliases(self, Sensitivity primary): +- """Return an interator for the aliases for the specified sensitivity.""" +- return SensitivityAliasHashtabIterator.factory(self, +- &self.handle.p.symtab[sepol.SYM_LEVELS].table, primary) +- +- cdef inline type_aliases(self, Type primary): +- """Return an iterator for the aliases for the specified type.""" +- return TypeAliasHashtabIterator.factory(self, +- &self.handle.p.symtab[sepol.SYM_TYPES].table, +- primary) +- + cdef inline sepol.type_datum_t* type_value_to_datum(self, size_t value): + """Return the type datum for the specified type value.""" + return self.handle.p.type_val_to_struct[value] +@@ -725,6 +711,15 @@ cdef class SELinuxPolicy: + if self.mls: + self._create_mls_val_to_struct() + ++ # ++ # Create value to alias mappings ++ # ++ self._load_type_aliases() ++ ++ if self.mls: ++ self._load_sensitivity_aliases() ++ self._load_category_aliases() ++ + self.log.info("Successfully opened SELinux policy \"{0}\"".format(filename)) + self.path = filename + +@@ -846,6 +841,84 @@ cdef class SELinuxPolicy: + + bucket += 1 + ++ cdef _load_category_aliases(self): ++ """Build map of aliases to categories""" ++ cdef: ++ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_CATS].table ++ sepol.cat_datum_t *datum ++ sepol.hashtab_node_t *node ++ uint32_t bucket = 0 ++ list entry ++ ++ self.category_alias_map = dict() ++ ++ while bucket < table[0].size: ++ node = table[0].htable[bucket] ++ while node != NULL: ++ datum = node.datum if node else NULL ++ if datum == NULL: ++ continue ++ ++ entry = self.category_alias_map.setdefault(datum.s.value, list()) ++ if datum.isalias: ++ entry.append(intern(node.key)) ++ ++ node = node.next ++ ++ bucket += 1 ++ ++ cdef _load_sensitivity_aliases(self): ++ """Build map of aliases to sensitivities""" ++ cdef: ++ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_LEVELS].table ++ sepol.level_datum_t *datum ++ sepol.hashtab_node_t *node ++ uint32_t bucket = 0 ++ list entry ++ ++ self.sensitivity_alias_map = dict() ++ ++ while bucket < table[0].size: ++ node = table[0].htable[bucket] ++ while node != NULL: ++ datum = node.datum if node else NULL ++ if datum == NULL: ++ continue ++ ++ entry = self.sensitivity_alias_map.setdefault(datum.level.sens, list()) ++ if datum.isalias: ++ entry.append(intern(node.key)) ++ ++ node = node.next ++ ++ bucket += 1 ++ ++ cdef _load_type_aliases(self): ++ """Build map of aliases to types""" ++ cdef: ++ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_TYPES].table ++ sepol.type_datum_t *datum ++ sepol.hashtab_node_t *node ++ uint32_t bucket = 0 ++ list entry ++ ++ self.type_alias_map = dict() ++ ++ while bucket < table[0].size: ++ node = table[0].htable[bucket] ++ while node != NULL: ++ datum = node.datum if node else NULL ++ if datum == NULL: ++ continue ++ ++ entry = self.type_alias_map.setdefault(datum.s.value, list()) ++ if type_is_alias(datum): ++ entry.append(intern(node.key)) ++ ++ node = node.next ++ ++ bucket += 1 ++ + cdef _rebuild_attrs_from_map(self): + """ + Rebuilds data for the attributes and inserts them into the policydb. +diff --git a/setools/policyrep/typeattr.pxi b/setools/policyrep/typeattr.pxi +index d989ca9..1d8901e 100644 +--- a/setools/policyrep/typeattr.pxi ++++ b/setools/policyrep/typeattr.pxi +@@ -1,5 +1,5 @@ + # Copyright 2014, Tresys Technology, LLC +-# Copyright 2017-2018, Chris PeBenito ++# Copyright 2017-2019, Chris PeBenito + # + # This file is part of SETools. + # +@@ -86,13 +86,9 @@ cdef class Type(BaseType): + t.value = symbol.s.value + t.name = policy.type_value_to_name(symbol.s.value - 1) + t.ispermissive = symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE ++ t._aliases = policy.type_alias_map[symbol.s.value] + return t + +- cdef inline void _load_aliases(self): +- """Helper method to load aliases.""" +- if self._aliases is None: +- self._aliases = list(self.policy.type_aliases(self)) +- + cdef inline void _load_attributes(self): + """Helper method to load attributes.""" + cdef sepol.type_datum_t *symbol = self.key +@@ -110,7 +106,6 @@ cdef class Type(BaseType): + + def aliases(self): + """Generator that yields all aliases for this type.""" +- self._load_aliases() + return iter(self._aliases) + + def statement(self): +@@ -119,7 +114,6 @@ cdef class Type(BaseType): + str stmt + + self._load_attributes() +- self._load_aliases() + count = len(self._aliases) + + stmt = "type {0}".format(self.name) +@@ -297,66 +291,6 @@ cdef class TypeAttributeHashtabIterator(HashtabIterator): + self._next_node() + + +-cdef class TypeAliasHashtabIterator(HashtabIterator): +- +- """Iterate over type aliases in the policy.""" +- +- cdef uint32_t primary +- +- @staticmethod +- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Type primary): +- """Factory function for creating type alias iterators.""" +- i = TypeAliasHashtabIterator() +- i.policy = policy +- i.table = table +- i.primary = primary.value +- i.reset() +- return i +- +- def __next__(self): +- super().__next__() +- datum = self.curr.datum if self.curr else NULL +- +- while datum != NULL and (not type_is_alias(datum) or datum.s.value != self.primary): +- super().__next__() +- datum = self.curr.datum if self.curr else NULL +- +- return intern(self.curr.key) +- +- def __len__(self): +- cdef sepol.type_datum_t *datum +- cdef sepol.hashtab_node_t *node +- cdef uint32_t bucket = 0 +- cdef size_t count = 0 +- +- while bucket < self.table[0].size: +- node = self.table[0].htable[bucket] +- while node != NULL: +- datum = node.datum if node else NULL +- if datum != NULL and self.primary == datum.s.value and type_is_alias(datum): +- count += 1 +- +- node = node.next +- +- bucket += 1 +- +- return count +- +- def reset(self): +- super().reset() +- +- cdef sepol.type_datum_t *datum = self.node.datum if self.node else NULL +- +- # advance over any attributes or aliases +- while datum != NULL and (not type_is_alias(datum) and self.primary != datum.s.value): +- self._next_node() +- +- if self.node == NULL or self.bucket >= self.table[0].size: +- break +- +- datum = self.node.datum if self.node else NULL +- +- + # + # Ebitmap Iterator Classes + # +-- +2.17.2 + diff --git a/SOURCES/1001-Do-not-use-Werror-during-build.patch b/SOURCES/1001-Do-not-use-Werror-during-build.patch new file mode 100644 index 0000000..60f11e2 --- /dev/null +++ b/SOURCES/1001-Do-not-use-Werror-during-build.patch @@ -0,0 +1,49 @@ +From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 23 Feb 2017 08:17:07 +0100 +Subject: [PATCH 2/3] Do not use -Werror during build +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There are new warnings when setools are built with gcc 7 therefore we +want to suppress -Werror for now + +Fixes: +libqpol/policy_extend.c: In function ‘policy_extend’: +libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] + snprintf(buff, 9, "@ttr%04zd", i + 1); + ^~~~~ +libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] + snprintf(buff, 9, "@ttr%04zd", i + 1); + ^~~~~~~~~~~ +In file included from /usr/include/stdio.h:939:0, + from /usr/include/sepol/policydb/policydb.h:53, + from libqpol/policy_extend.c:29: +/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 + return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + __bos (__s), __fmt, __va_arg_pack ()); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors +error: command 'gcc' failed with exit status 1 +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index c94daf1..a7442ac 100644 +--- a/setup.py ++++ b/setup.py +@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], + libraries=['selinux', 'sepol'], + library_dirs=lib_dirs, + define_macros=macros, +- extra_compile_args=['-Werror', '-Wextra', ++ extra_compile_args=['-Wextra', + '-Waggregate-return', + '-Wfloat-equal', + '-Wformat', '-Wformat=2', +-- +2.17.2 + diff --git a/SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch new file mode 100644 index 0000000..3057072 --- /dev/null +++ b/SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -0,0 +1,139 @@ +From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 26 Apr 2019 15:27:25 +0200 +Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and + setools.DomainTransitionAnalysis + +dta and infoflow modules require networkx which brings lot of dependencies. +These dependencies are not necessary for setools module itself as it's +used in policycoreutils. + +Therefore it's better to use setools.infoflow.InfoFlowAnalysis and +setools.dta.DomainTransitionAnalysis and let the package containing +sedta and seinfoflow to require python3-networkx +--- + sedta | 4 ++-- + seinfoflow | 4 ++-- + setools/__init__.py | 4 ---- + setoolsgui/apol/dta.py | 2 +- + setoolsgui/apol/infoflow.py | 2 +- + tests/dta.py | 2 +- + tests/infoflow.py | 2 +- + 7 files changed, 8 insertions(+), 12 deletions(-) + +diff --git a/sedta b/sedta +index 60861ca..41e38a2 100755 +--- a/sedta ++++ b/sedta +@@ -22,7 +22,7 @@ import argparse + import logging + import signal + +-import setools ++import setools.dta + + + def print_transition(trans): +@@ -114,7 +114,7 @@ else: + + try: + p = setools.SELinuxPolicy(args.policy) +- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) ++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) + + if args.shortest_path or args.all_paths: + if args.shortest_path: +diff --git a/seinfoflow b/seinfoflow +index 97b14ba..e7f965d 100755 +--- a/seinfoflow ++++ b/seinfoflow +@@ -17,7 +17,7 @@ + # along with SETools. If not, see . + # + +-import setools ++import setools.infoflow + import argparse + import sys + import logging +@@ -81,7 +81,7 @@ else: + try: + p = setools.SELinuxPolicy(args.policy) + m = setools.PermissionMap(args.map) +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) + + if args.shortest_path or args.all_paths: + if args.shortest_path: +diff --git a/setools/__init__.py b/setools/__init__.py +index 7b70f5e..5a5f7fe 100644 +--- a/setools/__init__.py ++++ b/setools/__init__.py +@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery + from .devicetreeconquery import DevicetreeconQuery + + # Information Flow Analysis +-from .infoflow import InfoFlowAnalysis + from .permmap import PermissionMap + +-# Domain Transition Analysis +-from .dta import DomainTransitionAnalysis +- + # Policy difference + from .diff import PolicyDifference + +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py +index 4608b9d..2cde44c 100644 +--- a/setoolsgui/apol/dta.py ++++ b/setoolsgui/apol/dta.py +@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + + from ..logtosignal import LogHandlerToSignal + from .analysistab import AnalysisTab +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py +index 7bca299..7fee277 100644 +--- a/setoolsgui/apol/infoflow.py ++++ b/setoolsgui/apol/infoflow.py +@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools.exception import UnmappedClass, UnmappedPermission + + from ..logtosignal import LogHandlerToSignal +diff --git a/tests/dta.py b/tests/dta.py +index a0cc938..177e6fb 100644 +--- a/tests/dta.py ++++ b/tests/dta.py +@@ -18,7 +18,7 @@ + import os + import unittest + +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + from setools import TERuletype as TERT + from setools.exception import InvalidType + from setools.policyrep import Type +diff --git a/tests/infoflow.py b/tests/infoflow.py +index aa0e44a..fca2848 100644 +--- a/tests/infoflow.py ++++ b/tests/infoflow.py +@@ -18,7 +18,7 @@ + import os + import unittest + +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools import TERuletype as TERT + from setools.exception import InvalidType + from setools.permmap import PermissionMap +-- +2.17.2 + diff --git a/SOURCES/apol.desktop b/SOURCES/apol.desktop new file mode 100644 index 0000000..727733a --- /dev/null +++ b/SOURCES/apol.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=SELinux Policy Analysis +GenericName=SELinux Policy Analysis Tool +Comment=This tool can examine, search, and relate policy components and policy rules +Icon=apol +Exec=/usr/bin/apol +Type=Application +Terminal=false +Categories=System; +X-Desktop-File-Install-Version=0.2 +StartupNotify=true diff --git a/SOURCES/setools.pam b/SOURCES/setools.pam new file mode 100644 index 0000000..c7d67e3 --- /dev/null +++ b/SOURCES/setools.pam @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include config-util +account include config-util +session include config-util diff --git a/SPECS/setools.spec b/SPECS/setools.spec new file mode 100644 index 0000000..e19f1e5 --- /dev/null +++ b/SPECS/setools.spec @@ -0,0 +1,237 @@ +# % global setools_pre_ver rc +# % global gitver f1e5b20 + +%global sepol_ver 2.9-1 +%global selinux_ver 2.9-1 + +%bcond_with networkx + +Name: setools +Version: 4.2.1 +Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Summary: Policy analysis tools for SELinux + +License: GPLv2 +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +Source1: setools.pam +Source2: apol.desktop +Patch0001: 0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch +Patch1001: 1001-Do-not-use-Werror-during-build.patch +Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch + +Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 +BuildRequires: flex, bison +BuildRequires: glibc-devel, gcc, git +BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} +BuildRequires: qt5-qtbase-devel +BuildRequires: swig +BuildRequires: python3-Cython +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: libselinux-devel + +# BuildArch: +Requires: python3-%{name} = %{version}-%{release} + +%description +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. + +%package console +Summary: Policy analysis command-line tools for SELinux +License: GPLv2 +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} + +%description console +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sediff Compare two policies to find differences. + seinfo List policy components. + sesearch Search rules (allow, type_transition, etc.) + + +%if %{with networkx} +%package console-analyses +Summary: Policy analysis command-line tools for SELinux +License: GPLv2 +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} +Requires: python3-networkx + +%description console-analyses +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sedta Perform domain transition analyses. + seinfoflow Perform information flow analyses. +%endif + + +%package -n python3-setools +Summary: Policy analysis tools for SELinux +Obsoletes: setools-libs < 4.0.0, setools-libs-tcl +Recommends: libselinux-python3 +# Remove before F30 +Provides: %{name}-python3 = %{version}-%{release} +Provides: %{name}-python3%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} >= 8 +Requires: platform-python-setuptools +%else +Requires: python3-setuptools +%endif + +%description -n python3-setools +SETools is a collection of graphical tools, command-line tools, and +Python 3 modules designed to facilitate SELinux policy analysis. + + +%if %{with networkx} +%package gui +Summary: Policy analysis graphical tools for SELinux +Requires: python3-setools = %{version}-%{release} +Requires: python3-qt5 +Requires: python3-networkx + +%description gui +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. +%endif + + +%prep +%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} + + +%build +# Remove CFLAGS=... for noarch packages (unneeded) +%set_build_flags +%{__python3} setup.py build + + +%install +%{__python3} setup.py install --root %{buildroot} + +%if %{without networkx} +rm -f %{buildroot}%{_bindir}/sedta %{buildroot}%{_bindir}/seinfoflow \ + %{buildroot}%{_mandir}/man1/sedta* %{buildroot}%{_mandir}/man1/sedinfoflow* +rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ + %{buildroot}%{_mandir}/man1/apol* +%endif + +%check +%if %{?_with_check:1}%{!?_with_check:0} +%{__python3} setup.py test +%endif + + +%files + +%files console +%{_bindir}/sediff +%{_bindir}/seinfo +%{_bindir}/sesearch +%{_mandir}/man1/sediff* +%{_mandir}/man1/seinfo* +%{_mandir}/man1/sesearch* + +%if %{with networkx} +%files console-analyses +%{_bindir}/sedta +%{_bindir}/seinfoflow +%{_mandir}/man1/sedta* +%{_mandir}/man1/seinfoflow* +%endif + +%files -n python3-setools +%license COPYING COPYING.GPL COPYING.LGPL +%{python3_sitearch}/setools +%{python3_sitearch}/setools-* + +%if %{with networkx} +%files gui +%{_bindir}/apol +%{python3_sitearch}/setoolsgui +%{_mandir}/man1/apol* +%endif + +%changelog +* Mon May 13 2019 Vit Mojzis - 4.2.1-3 +- Use %set_build_flags instead of %optflags + +* Mon May 06 2019 Vit Mojzis - 4.2.1-2 +- SELinuxPolicy: Create a map of aliases on policy load (#1672631) + +* Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 +- SETools 4.2.1 release (#1581761, #1595582) + +* Fri Nov 16 2018 Lumír Balhar - 4.2.0-2 +- Require platform-python-setuptools instead of python3-setuptools +- Resolves: rhbz#1650548 + +* Tue Nov 13 2018 Petr Lautrbach - 4.2.0-1 +- SETools 4.2.0 release + +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-11 +- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 + +* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-10 +- Move gui python files to -gui subpackage +- Do not build gui and console-analyses by default + +* Wed Jun 6 2018 Petr Lautrbach - 4.1.1-9 +- Don't build the Python 2 subpackage (#1567362) + +* Thu Apr 26 2018 Vit Mojzis - 4.1.1-8 +- Add support for SCTP protocol (#1568333) + +* Thu Apr 19 2018 Iryna Shcherbina - 4.1.1-7 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering - 4.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Sep 04 2017 Petr Lautrbach - 4.1.1-5 +- setools-python2 requires python2-enum34 + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-4 +- Add Provides for the old name without %%_isa + +* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-3 +- Python 2 binary package renamed to python2-setools + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 +- Python 3 binary package renamed to python3-setools + +* Thu Aug 10 2017 Petr Lautrbach - 4.1.1-2 +- bswap_* macros are defined in byteswap.h + +* Mon Aug 07 2017 Petr Lautrbach - 4.1.1-1 +- New upstream release + +* Thu Aug 03 2017 Fedora Release Engineering - 4.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon May 22 2017 Petr Lautrbach - 4.1.0-3 +- setools-python{,3} packages should have a weak dependency on libselinux-python{,3} + (#1447747) + +* Thu Feb 23 2017 Petr Lautrbach - 4.1.0-2 +- Move python networkx dependency to -gui and -console-analyses +- Ship sedta and seinfoflow in setools-console-analyses + +* Wed Feb 15 2017 Petr Lautrbach - 4.1.0-1 +- New upstream release.