rpms/setools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import setools-4.2.1-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-07-29 22:53:38 -04:00 committed by Stepan Oksanichenko
commit 70a795cee2
8 changed files with 921 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/4.2.1.tar.gz

1
.setools.metadata Normal file
View File

@ -0,0 +1 @@
560ffc50e09dcdaaeae7d7621569e70f0195c465 SOURCES/4.2.1.tar.gz

479
SOURCES/0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch Normal file
View File

@ -0,0 +1,479 @@
From 2fad2d1b1df43ea0d85e25e2ebad88ad02997d7c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Mon, 29 Apr 2019 07:57:16 -0400
Subject: [PATCH 1/3] SELinuxPolicy: Create a map of aliases on policy load.
Addresses a performance regression after the alias fixes in #17.
Closes #20
---
setools/policyrep/mls.pxi | 138 +---------------------------
setools/policyrep/selinuxpolicy.pxi | 107 +++++++++++++++++----
setools/policyrep/typeattr.pxi | 70 +-------------
3 files changed, 95 insertions(+), 220 deletions(-)
diff --git a/setools/policyrep/mls.pxi b/setools/policyrep/mls.pxi
index c40d032..30464b7 100644
--- a/setools/policyrep/mls.pxi
+++ b/setools/policyrep/mls.pxi
@@ -1,5 +1,5 @@
# Copyright 2014-2016, Tresys Technology, LLC
-# Copyright 2017-2018, Chris PeBenito <pebenito@ieee.org>
+# Copyright 2017-2019, Chris PeBenito <pebenito@ieee.org>
#
# This file is part of SETools.
#
@@ -65,6 +65,7 @@ cdef class Category(PolicySymbol):
c.key = <uintptr_t>symbol
c.name = policy.category_value_to_name(symbol.s.value - 1)
c._value = symbol.s.value
+ c._aliases = policy.category_alias_map[symbol.s.value]
_cat_cache[policy][<uintptr_t>symbol] = c
return c
@@ -75,14 +76,8 @@ cdef class Category(PolicySymbol):
# Comparison based on their index instead of their names.
return self._value < other._value
- cdef inline void _load_aliases(self):
- """Helper method to load aliases."""
- if self._aliases is None:
- self._aliases = list(self.policy.category_aliases(self))
-
def aliases(self):
"""Generator that yields all aliases for this category."""
- self._load_aliases()
return iter(self._aliases)
def statement(self):
@@ -90,7 +85,6 @@ cdef class Category(PolicySymbol):
str stmt
size_t count
- self._load_aliases()
count = len(self._aliases)
stmt = "category {0}".format(self.name)
@@ -127,6 +121,7 @@ cdef class Sensitivity(PolicySymbol):
s.key = <uintptr_t>symbol
s.name = policy.level_value_to_name(symbol.level.sens - 1)
s._value = symbol.level.sens
+ s._aliases = policy.sensitivity_alias_map[symbol.level.sens]
return s
def __hash__(self):
@@ -144,14 +139,8 @@ cdef class Sensitivity(PolicySymbol):
def __lt__(self, other):
return self._value < other._value
- cdef inline void _load_aliases(self):
- """Helper method to load aliases."""
- if self._aliases is None:
- self._aliases = list(self.policy.sensitivity_aliases(self))
-
def aliases(self):
"""Generator that yields all aliases for this sensitivity."""
- self._load_aliases()
return iter(self._aliases)
def level_decl(self):
@@ -167,7 +156,6 @@ cdef class Sensitivity(PolicySymbol):
str stmt
size_t count
- self._load_aliases()
count = len(self._aliases)
stmt = "sensitivity {0}".format(self.name)
@@ -540,66 +528,6 @@ cdef class CategoryHashtabIterator(HashtabIterator):
datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
-cdef class CategoryAliasHashtabIterator(HashtabIterator):
-
- """Iterate over category aliases in the policy."""
-
- cdef uint32_t primary
-
- @staticmethod
- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Category primary):
- """Factory function for creating category alias iterators."""
- i = CategoryAliasHashtabIterator()
- i.policy = policy
- i.table = table
- i.primary = primary._value
- i.reset()
- return i
-
- def __next__(self):
- super().__next__()
- datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL
-
- while datum != NULL and (not datum.isalias or datum.s.value != self.primary):
- super().__next__()
- datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL
-
- return intern(self.curr.key)
-
- def __len__(self):
- cdef sepol.cat_datum_t *datum
- cdef sepol.hashtab_node_t *node
- cdef uint32_t bucket = 0
- cdef size_t count = 0
-
- while bucket < self.table[0].size:
- node = self.table[0].htable[bucket]
- while node != NULL:
- datum = <sepol.cat_datum_t *>node.datum if node else NULL
- if datum != NULL and self.primary == datum.s.value and datum.isalias:
- count += 1
-
- node = node.next
-
- bucket += 1
-
- return count
-
- def reset(self):
- super().reset()
-
- cdef sepol.cat_datum_t *datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
-
- # advance over any attributes or aliases
- while datum != NULL and (not datum.isalias and self.primary != datum.s.value):
- self._next_node()
-
- if self.node == NULL or self.bucket >= self.table[0].size:
- break
-
- datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
-
-
cdef class SensitivityHashtabIterator(HashtabIterator):
"""Iterate over sensitivity in the policy."""
@@ -657,66 +585,6 @@ cdef class SensitivityHashtabIterator(HashtabIterator):
datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
-cdef class SensitivityAliasHashtabIterator(HashtabIterator):
-
- """Iterate over sensitivity aliases in the policy."""
-
- cdef uint32_t primary
-
- @staticmethod
- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Sensitivity primary):
- """Factory function for creating Sensitivity alias iterators."""
- i = SensitivityAliasHashtabIterator()
- i.policy = policy
- i.table = table
- i.primary = primary._value
- i.reset()
- return i
-
- def __next__(self):
- super().__next__()
- datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL
-
- while datum != NULL and (not datum.isalias or datum.level.sens != self.primary):
- super().__next__()
- datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL
-
- return intern(self.curr.key)
-
- def __len__(self):
- cdef sepol.level_datum_t *datum
- cdef sepol.hashtab_node_t *node
- cdef uint32_t bucket = 0
- cdef size_t count = 0
-
- while bucket < self.table[0].size:
- node = self.table[0].htable[bucket]
- while node != NULL:
- datum = <sepol.level_datum_t *>node.datum if node else NULL
- if datum != NULL and self.primary == datum.level.sens and datum.isalias:
- count += 1
-
- node = node.next
-
- bucket += 1
-
- return count
-
- def reset(self):
- super().reset()
-
- cdef sepol.level_datum_t *datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
-
- # advance over any attributes or aliases
- while datum != NULL and (not datum.isalias and self.primary != datum.level.sens):
- self._next_node()
-
- if self.node == NULL or self.bucket >= self.table[0].size:
- break
-
- datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
-
-
cdef class LevelDeclHashtabIterator(HashtabIterator):
"""Iterate over level declarations in the policy."""
diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi
index 1a3eb5c..1541549 100644
--- a/setools/policyrep/selinuxpolicy.pxi
+++ b/setools/policyrep/selinuxpolicy.pxi
@@ -46,6 +46,9 @@ cdef class SELinuxPolicy:
object log
object constraint_counts
object terule_counts
+ dict type_alias_map
+ dict category_alias_map
+ dict sensitivity_alias_map
object __weakref__
# Public attributes:
@@ -598,12 +601,6 @@ cdef class SELinuxPolicy:
"""Return the category datum for the specified category value."""
return self.cat_val_to_struct[value]
- cdef inline category_aliases(self, Category primary):
- """Return an interator for the aliases for the specified category."""
- return CategoryAliasHashtabIterator.factory(self,
- &self.handle.p.symtab[sepol.SYM_CATS].table,
- primary)
-
cdef inline str category_value_to_name(self, size_t value):
"""Return the name of the category by its value."""
return intern(self.handle.p.sym_val_to_name[sepol.SYM_CATS][value])
@@ -636,17 +633,6 @@ cdef class SELinuxPolicy:
"""Return the name of the role by its value."""
return intern(self.handle.p.sym_val_to_name[sepol.SYM_ROLES][value])
- cdef inline sensitivity_aliases(self, Sensitivity primary):
- """Return an interator for the aliases for the specified sensitivity."""
- return SensitivityAliasHashtabIterator.factory(self,
- &self.handle.p.symtab[sepol.SYM_LEVELS].table, primary)
-
- cdef inline type_aliases(self, Type primary):
- """Return an iterator for the aliases for the specified type."""
- return TypeAliasHashtabIterator.factory(self,
- &self.handle.p.symtab[sepol.SYM_TYPES].table,
- primary)
-
cdef inline sepol.type_datum_t* type_value_to_datum(self, size_t value):
"""Return the type datum for the specified type value."""
return self.handle.p.type_val_to_struct[value]
@@ -725,6 +711,15 @@ cdef class SELinuxPolicy:
if self.mls:
self._create_mls_val_to_struct()
+ #
+ # Create value to alias mappings
+ #
+ self._load_type_aliases()
+
+ if self.mls:
+ self._load_sensitivity_aliases()
+ self._load_category_aliases()
+
self.log.info("Successfully opened SELinux policy \"{0}\"".format(filename))
self.path = filename
@@ -846,6 +841,84 @@ cdef class SELinuxPolicy:
bucket += 1
+ cdef _load_category_aliases(self):
+ """Build map of aliases to categories"""
+ cdef:
+ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_CATS].table
+ sepol.cat_datum_t *datum
+ sepol.hashtab_node_t *node
+ uint32_t bucket = 0
+ list entry
+
+ self.category_alias_map = dict()
+
+ while bucket < table[0].size:
+ node = table[0].htable[bucket]
+ while node != NULL:
+ datum = <sepol.cat_datum_t *>node.datum if node else NULL
+ if datum == NULL:
+ continue
+
+ entry = self.category_alias_map.setdefault(datum.s.value, list())
+ if datum.isalias:
+ entry.append(intern(node.key))
+
+ node = node.next
+
+ bucket += 1
+
+ cdef _load_sensitivity_aliases(self):
+ """Build map of aliases to sensitivities"""
+ cdef:
+ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_LEVELS].table
+ sepol.level_datum_t *datum
+ sepol.hashtab_node_t *node
+ uint32_t bucket = 0
+ list entry
+
+ self.sensitivity_alias_map = dict()
+
+ while bucket < table[0].size:
+ node = table[0].htable[bucket]
+ while node != NULL:
+ datum = <sepol.level_datum_t *>node.datum if node else NULL
+ if datum == NULL:
+ continue
+
+ entry = self.sensitivity_alias_map.setdefault(datum.level.sens, list())
+ if datum.isalias:
+ entry.append(intern(node.key))
+
+ node = node.next
+
+ bucket += 1
+
+ cdef _load_type_aliases(self):
+ """Build map of aliases to types"""
+ cdef:
+ sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_TYPES].table
+ sepol.type_datum_t *datum
+ sepol.hashtab_node_t *node
+ uint32_t bucket = 0
+ list entry
+
+ self.type_alias_map = dict()
+
+ while bucket < table[0].size:
+ node = table[0].htable[bucket]
+ while node != NULL:
+ datum = <sepol.type_datum_t *>node.datum if node else NULL
+ if datum == NULL:
+ continue
+
+ entry = self.type_alias_map.setdefault(datum.s.value, list())
+ if type_is_alias(datum):
+ entry.append(intern(node.key))
+
+ node = node.next
+
+ bucket += 1
+
cdef _rebuild_attrs_from_map(self):
"""
Rebuilds data for the attributes and inserts them into the policydb.
diff --git a/setools/policyrep/typeattr.pxi b/setools/policyrep/typeattr.pxi
index d989ca9..1d8901e 100644
--- a/setools/policyrep/typeattr.pxi
+++ b/setools/policyrep/typeattr.pxi
@@ -1,5 +1,5 @@
# Copyright 2014, Tresys Technology, LLC
-# Copyright 2017-2018, Chris PeBenito <pebenito@ieee.org>
+# Copyright 2017-2019, Chris PeBenito <pebenito@ieee.org>
#
# This file is part of SETools.
#
@@ -86,13 +86,9 @@ cdef class Type(BaseType):
t.value = symbol.s.value
t.name = policy.type_value_to_name(symbol.s.value - 1)
t.ispermissive = <bint>symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE
+ t._aliases = policy.type_alias_map[symbol.s.value]
return t
- cdef inline void _load_aliases(self):
- """Helper method to load aliases."""
- if self._aliases is None:
- self._aliases = list(self.policy.type_aliases(self))
-
cdef inline void _load_attributes(self):
"""Helper method to load attributes."""
cdef sepol.type_datum_t *symbol = <sepol.type_datum_t *>self.key
@@ -110,7 +106,6 @@ cdef class Type(BaseType):
def aliases(self):
"""Generator that yields all aliases for this type."""
- self._load_aliases()
return iter(self._aliases)
def statement(self):
@@ -119,7 +114,6 @@ cdef class Type(BaseType):
str stmt
self._load_attributes()
- self._load_aliases()
count = len(self._aliases)
stmt = "type {0}".format(self.name)
@@ -297,66 +291,6 @@ cdef class TypeAttributeHashtabIterator(HashtabIterator):
self._next_node()
-cdef class TypeAliasHashtabIterator(HashtabIterator):
-
- """Iterate over type aliases in the policy."""
-
- cdef uint32_t primary
-
- @staticmethod
- cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Type primary):
- """Factory function for creating type alias iterators."""
- i = TypeAliasHashtabIterator()
- i.policy = policy
- i.table = table
- i.primary = primary.value
- i.reset()
- return i
-
- def __next__(self):
- super().__next__()
- datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL
-
- while datum != NULL and (not type_is_alias(datum) or datum.s.value != self.primary):
- super().__next__()
- datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL
-
- return intern(self.curr.key)
-
- def __len__(self):
- cdef sepol.type_datum_t *datum
- cdef sepol.hashtab_node_t *node
- cdef uint32_t bucket = 0
- cdef size_t count = 0
-
- while bucket < self.table[0].size:
- node = self.table[0].htable[bucket]
- while node != NULL:
- datum = <sepol.type_datum_t *>node.datum if node else NULL
- if datum != NULL and self.primary == datum.s.value and type_is_alias(datum):
- count += 1
-
- node = node.next
-
- bucket += 1
-
- return count
-
- def reset(self):
- super().reset()
-
- cdef sepol.type_datum_t *datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL
-
- # advance over any attributes or aliases
- while datum != NULL and (not type_is_alias(datum) and self.primary != datum.s.value):
- self._next_node()
-
- if self.node == NULL or self.bucket >= self.table[0].size:
- break
-
- datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL
-
-
#
# Ebitmap Iterator Classes
#
--
2.17.2

49
SOURCES/1001-Do-not-use-Werror-during-build.patch Normal file
View File

@ -0,0 +1,49 @@
From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 23 Feb 2017 08:17:07 +0100
Subject: [PATCH 2/3] Do not use -Werror during build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are new warnings when setools are built with gcc 7 therefore we
want to suppress -Werror for now
Fixes:
libqpol/policy_extend.c: In function policy_extend:
libqpol/policy_extend.c:161:27: error: %04zd directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~~~~~~~
In file included from /usr/include/stdio.h:939:0,
from /usr/include/sepol/policydb/policydb.h:53,
from libqpol/policy_extend.c:29:
/usr/include/bits/stdio2.h:64:10: note: __builtin___snprintf_chk output between 9 and 15 bytes into a destination of size 9
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index c94daf1..a7442ac 100644
--- a/setup.py
+++ b/setup.py
@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
libraries=['selinux', 'sepol'],
library_dirs=lib_dirs,
define_macros=macros,
- extra_compile_args=['-Werror', '-Wextra',
+ extra_compile_args=['-Wextra',
'-Waggregate-return',
'-Wfloat-equal',
'-Wformat', '-Wformat=2',
--
2.17.2

139
SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Normal file
View File

@ -0,0 +1,139 @@
From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 26 Apr 2019 15:27:25 +0200
Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and
setools.DomainTransitionAnalysis
dta and infoflow modules require networkx which brings lot of dependencies.
These dependencies are not necessary for setools module itself as it's
used in policycoreutils.
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
setools.dta.DomainTransitionAnalysis and let the package containing
sedta and seinfoflow to require python3-networkx
---
sedta | 4 ++--
seinfoflow | 4 ++--
setools/__init__.py | 4 ----
setoolsgui/apol/dta.py | 2 +-
setoolsgui/apol/infoflow.py | 2 +-
tests/dta.py | 2 +-
tests/infoflow.py | 2 +-
7 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/sedta b/sedta
index 60861ca..41e38a2 100755
--- a/sedta
+++ b/sedta
@@ -22,7 +22,7 @@ import argparse
import logging
import signal
-import setools
+import setools.dta
def print_transition(trans):
@@ -114,7 +114,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/seinfoflow b/seinfoflow
index 97b14ba..e7f965d 100755
--- a/seinfoflow
+++ b/seinfoflow
@@ -17,7 +17,7 @@
# along with SETools. If not, see <http://www.gnu.org/licenses/>.
#
-import setools
+import setools.infoflow
import argparse
import sys
import logging
@@ -81,7 +81,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map)
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/setools/__init__.py b/setools/__init__.py
index 7b70f5e..5a5f7fe 100644
--- a/setools/__init__.py
+++ b/setools/__init__.py
@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis
-from .infoflow import InfoFlowAnalysis
from .permmap import PermissionMap
-# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis
-
# Policy difference
from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
index 4608b9d..2cde44c 100644
--- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import DomainTransitionAnalysis
+from setools.dta import DomainTransitionAnalysis
from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
index 7bca299..7fee277 100644
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import InfoFlowAnalysis
+from setools.infoflow import InfoFlowAnalysis
from setools.exception import UnmappedClass, UnmappedPermission
from ..logtosignal import LogHandlerToSignal
diff --git a/tests/dta.py b/tests/dta.py
index a0cc938..177e6fb 100644
--- a/tests/dta.py
+++ b/tests/dta.py
@@ -18,7 +18,7 @@
import os
import unittest
-from setools import DomainTransitionAnalysis
+from setools.dta import DomainTransitionAnalysis
from setools import TERuletype as TERT
from setools.exception import InvalidType
from setools.policyrep import Type
diff --git a/tests/infoflow.py b/tests/infoflow.py
index aa0e44a..fca2848 100644
--- a/tests/infoflow.py
+++ b/tests/infoflow.py
@@ -18,7 +18,7 @@
import os
import unittest
-from setools import InfoFlowAnalysis
+from setools.infoflow import InfoFlowAnalysis
from setools import TERuletype as TERT
from setools.exception import InvalidType
from setools.permmap import PermissionMap
--
2.17.2

11
SOURCES/apol.desktop Normal file
View File

@ -0,0 +1,11 @@
[Desktop Entry]
Name=SELinux Policy Analysis
GenericName=SELinux Policy Analysis Tool
Comment=This tool can examine, search, and relate policy components and policy rules
Icon=apol
Exec=/usr/bin/apol
Type=Application
Terminal=false
Categories=System;
X-Desktop-File-Install-Version=0.2
StartupNotify=true

4
SOURCES/setools.pam Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth include config-util
account include config-util
session include config-util

237
SPECS/setools.spec Normal file
View File

@ -0,0 +1,237 @@
# % global setools_pre_ver rc
# % global gitver f1e5b20
%global sepol_ver 2.9-1
%global selinux_ver 2.9-1
%bcond_with networkx
Name: setools
Version: 4.2.1
Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
Summary: Policy analysis tools for SELinux
License: GPLv2
URL: https://github.com/SELinuxProject/setools/wiki
Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
Source1: setools.pam
Source2: apol.desktop
Patch0001: 0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch
Patch1001: 1001-Do-not-use-Werror-during-build.patch
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
BuildRequires: flex, bison
BuildRequires: glibc-devel, gcc, git
BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
BuildRequires: qt5-qtbase-devel
BuildRequires: swig
BuildRequires: python3-Cython
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: libselinux-devel
# BuildArch:
Requires: python3-%{name} = %{version}-%{release}
%description
SETools is a collection of graphical tools, command-line tools, and
Python modules designed to facilitate SELinux policy analysis.
%package console
Summary: Policy analysis command-line tools for SELinux
License: GPLv2
Requires: python3-setools = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
%description console
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools:
sediff Compare two policies to find differences.
seinfo List policy components.
sesearch Search rules (allow, type_transition, etc.)
%if %{with networkx}
%package console-analyses
Summary: Policy analysis command-line tools for SELinux
License: GPLv2
Requires: python3-setools = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
Requires: python3-networkx
%description console-analyses
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools:
sedta Perform domain transition analyses.
seinfoflow Perform information flow analyses.
%endif
%package -n python3-setools
Summary: Policy analysis tools for SELinux
Obsoletes: setools-libs < 4.0.0, setools-libs-tcl
Recommends: libselinux-python3
# Remove before F30
Provides: %{name}-python3 = %{version}-%{release}
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python3 < %{version}-%{release}
%if 0%{?rhel} && 0%{?rhel} >= 8
Requires: platform-python-setuptools
%else
Requires: python3-setuptools
%endif
%description -n python3-setools
SETools is a collection of graphical tools, command-line tools, and
Python 3 modules designed to facilitate SELinux policy analysis.
%if %{with networkx}
%package gui
Summary: Policy analysis graphical tools for SELinux
Requires: python3-setools = %{version}-%{release}
Requires: python3-qt5
Requires: python3-networkx
%description gui
SETools is a collection of graphical tools, command-line tools, and
Python modules designed to facilitate SELinux policy analysis.
%endif
%prep
%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
%build
# Remove CFLAGS=... for noarch packages (unneeded)
%set_build_flags
%{__python3} setup.py build
%install
%{__python3} setup.py install --root %{buildroot}
%if %{without networkx}
rm -f %{buildroot}%{_bindir}/sedta %{buildroot}%{_bindir}/seinfoflow \
%{buildroot}%{_mandir}/man1/sedta* %{buildroot}%{_mandir}/man1/sedinfoflow*
rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \
%{buildroot}%{_mandir}/man1/apol*
%endif
%check
%if %{?_with_check:1}%{!?_with_check:0}
%{__python3} setup.py test
%endif
%files
%files console
%{_bindir}/sediff
%{_bindir}/seinfo
%{_bindir}/sesearch
%{_mandir}/man1/sediff*
%{_mandir}/man1/seinfo*
%{_mandir}/man1/sesearch*
%if %{with networkx}
%files console-analyses
%{_bindir}/sedta
%{_bindir}/seinfoflow
%{_mandir}/man1/sedta*
%{_mandir}/man1/seinfoflow*
%endif
%files -n python3-setools
%license COPYING COPYING.GPL COPYING.LGPL
%{python3_sitearch}/setools
%{python3_sitearch}/setools-*
%if %{with networkx}
%files gui
%{_bindir}/apol
%{python3_sitearch}/setoolsgui
%{_mandir}/man1/apol*
%endif
%changelog
* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
- Use %set_build_flags instead of %optflags
* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
- SETools 4.2.1 release (#1581761, #1595582)
* Fri Nov 16 2018 Lumír Balhar <lbalhar@redhat.com> - 4.2.0-2
- Require platform-python-setuptools instead of python3-setuptools
- Resolves: rhbz#1650548
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 4.2.0-1
- SETools 4.2.0 release
* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
- Update upstream source to 4.2.0-rc
* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-11
- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
* Thu Jun 14 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-10
- Move gui python files to -gui subpackage
- Do not build gui and console-analyses by default
* Wed Jun 6 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-9
- Don't build the Python 2 subpackage (#1567362)
* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
- Add support for SCTP protocol (#1568333)
* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Sep 04 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-5
- setools-python2 requires python2-enum34
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-4
- Add Provides for the old name without %%_isa
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-3
- Python 2 binary package renamed to python2-setools
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
- Python 3 binary package renamed to python3-setools
* Thu Aug 10 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-2
- bswap_* macros are defined in byteswap.h
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-1
- New upstream release
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon May 22 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-3
- setools-python{,3} packages should have a weak dependency on libselinux-python{,3}
(#1447747)
* Thu Feb 23 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-2
- Move python networkx dependency to -gui and -console-analyses
- Ship sedta and seinfoflow in setools-console-analyses
* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-1
- New upstream release.