From 764e7165c1b01a8cfa360dd827778dac00548e7c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 14 Oct 2010 14:25:23 -0400 Subject: [PATCH] - Return None when no records match python setools.sesearch --- setools-python.patch | 252 ++++++++++++++++++++++++++++++++++--------- setools.spec | 14 ++- 2 files changed, 215 insertions(+), 51 deletions(-) diff --git a/setools-python.patch b/setools-python.patch index 03596e3..01cb56a 100644 --- a/setools-python.patch +++ b/setools-python.patch @@ -1,7 +1,16 @@ -diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac ---- setools-3.3.6/configure.ac.python 2009-07-22 14:07:35.000000000 -0400 -+++ setools-3.3.6/configure.ac 2009-08-11 13:15:57.000000000 -0400 -@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then +diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac +--- setools-3.3.7/configure.ac.python 2010-04-30 10:25:48.000000000 -0400 ++++ setools-3.3.7/configure.ac 2010-07-30 15:02:10.000000000 -0400 +@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java, + enable_jswig="$enableval") + if test "x${enable_jswig}" = xyes; then + if test ${do_swigify} = no; then +- AC_PROG_SWIG(1.3.28) ++ AC_PROG_SWIG(2.0.0) + fi + AC_JAVA_OPTIONS + if test "x$JAVAPREFIX" = x; then +@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then do_swigify_java=yes do_swigify=yes fi @@ -11,15 +20,33 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac AC_ARG_ENABLE(swig-python, AC_HELP_STRING([--enable-swig-python], [build SWIG interfaces for Python]), -@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then + enable_pyswig="$enableval") + if test "x${enable_pyswig}" = xyes; then if test ${do_swigify} = no; then - AC_PROG_SWIG(1.3.28) +- AC_PROG_SWIG(1.3.28) ++ AC_PROG_SWIG(2.0.0) fi - AM_PATH_PYTHON(2.3) SWIG_PYTHON do_swigify_python=yes do_swigify=yes -@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \ + fi + if test ${do_swigify} = "yes"; then +- AC_PROG_SWIG(1.3.28) ++ AC_PROG_SWIG(2.0.0) + fi + build_apol=yes + AC_ARG_ENABLE(swig-tcl, +@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl, + enable_tclswig="$enableval", enable_tclswig="yes") + if test "x${enable_tclswig}" = xyes; then + if test ${do_swigify} = no; then +- AC_PROG_SWIG(1.3.28) ++ AC_PROG_SWIG(2.0.0) + fi + TEA_INIT(3.5) + TEA_PATH_TCLCONFIG +@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \ sediff/Makefile \ man/Makefile \ debian/Makefile \ @@ -28,9 +55,9 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac packages/Makefile packages/rpm/Makefile \ packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc]) -diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am ---- setools-3.3.6/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500 -+++ setools-3.3.6/Makefile.am 2009-08-11 13:15:57.000000000 -0400 +diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am +--- setools-3.3.7/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500 ++++ setools-3.3.7/Makefile.am 2010-07-30 15:02:10.000000000 -0400 @@ -10,7 +10,7 @@ if BUILD_GUI endif # sediffx is also built conditionally, from sediffx/Makefile.am @@ -40,9 +67,9 @@ diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am #old indent opts #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc -diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in ---- setools-3.3.6/Makefile.in.python 2009-07-22 14:08:36.000000000 -0400 -+++ setools-3.3.6/Makefile.in 2009-08-11 15:14:56.000000000 -0400 +diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in +--- setools-3.3.7/Makefile.in.python 2010-05-12 10:01:09.000000000 -0400 ++++ setools-3.3.7/Makefile.in 2010-07-30 15:02:47.000000000 -0400 @@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE ETAGS = etags CTAGS = ctags @@ -52,7 +79,7 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) -@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2 +@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2 @BUILD_APOL_TRUE@MAYBE_APOL = apol @BUILD_GUI_TRUE@MAYBE_GUI = seaudit # sediffx is also built conditionally, from sediffx/Makefile.am @@ -61,16 +88,16 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in #old indent opts #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc -diff -up /dev/null setools-3.3.6/python/Makefile.am ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/Makefile.am 2009-08-11 15:12:36.000000000 -0400 +diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am +--- setools-3.3.7/python/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/Makefile.am 2010-07-30 15:02:10.000000000 -0400 @@ -0,0 +1 @@ +SUBDIRS = setools -diff -up /dev/null setools-3.3.6/python/Makefile.in ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/Makefile.in 2009-08-11 15:14:56.000000000 -0400 -@@ -0,0 +1,715 @@ -+# Makefile.in generated by automake 1.11 from Makefile.am. +diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in +--- setools-3.3.7/python/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/Makefile.in 2010-07-30 15:02:46.000000000 -0400 +@@ -0,0 +1,716 @@ ++# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -249,6 +276,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ ++PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@ @@ -482,7 +510,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): -+ @failcom='exit 1'; \ ++ @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ @@ -507,7 +535,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): -+ @failcom='exit 1'; \ ++ @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ @@ -785,10 +813,10 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: -diff -up /dev/null setools-3.3.6/python/setools/__init__.py ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/setools/__init__.py 2009-08-11 13:15:57.000000000 -0400 -@@ -0,0 +1,49 @@ +diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py +--- setools-3.3.7/python/setools/__init__.py.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/setools/__init__.py 2010-08-03 15:52:27.000000000 -0400 +@@ -0,0 +1,50 @@ +#!/usr/bin/env python + +# Author: Thomas Liu @@ -800,6 +828,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py +TYPE = _seinfo.TYPE +ROLE = _seinfo.ROLE +ATTRIBUTE = _seinfo.ATTRIBUTE ++PORT = _seinfo.PORT +USER = _seinfo.USER + +ALLOW = 'allow' @@ -838,9 +867,9 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py +def seinfo(setype, name=None): + dict_list = _seinfo.seinfo(setype, name) + return dict_list -diff -up /dev/null setools-3.3.6/python/setools/Makefile.am ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/setools/Makefile.am 2009-08-11 17:17:15.000000000 -0400 +diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am +--- setools-3.3.7/python/setools/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/setools/Makefile.am 2010-07-30 15:02:10.000000000 -0400 @@ -0,0 +1,36 @@ +EXTRA_DIST = \ + sesearch.c \ @@ -878,11 +907,11 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.am + $(PYTHON) setup.py clean -a + rm -f *~ + -diff -up /dev/null setools-3.3.6/python/setools/Makefile.in ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/setools/Makefile.in 2009-08-11 17:17:18.000000000 -0400 -@@ -0,0 +1,549 @@ -+# Makefile.in generated by automake 1.11 from Makefile.am. +diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in +--- setools-3.3.7/python/setools/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/setools/Makefile.in 2010-07-30 15:02:46.000000000 -0400 +@@ -0,0 +1,550 @@ ++# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -1021,6 +1050,7 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ ++PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@ @@ -1431,10 +1461,10 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: -diff -up /dev/null setools-3.3.6/python/setools/seinfo.c ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/setools/seinfo.c 2009-08-11 16:31:05.000000000 -0400 -@@ -0,0 +1,649 @@ +diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c +--- setools-3.3.7/python/setools/seinfo.c.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/setools/seinfo.c 2010-08-03 18:07:17.000000000 -0400 +@@ -0,0 +1,769 @@ +/** + * @file + * Command line tool to search TE rules. @@ -1492,7 +1522,7 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c + +enum input +{ -+ TYPE, ATTRIBUTE, ROLE, USER ++ TYPE, ATTRIBUTE, ROLE, USER, PORT, +}; + +/** @@ -1902,6 +1932,122 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c +} + +/** ++ * Get statistics regarding a policy's ports. ++ * If this function is given a name, it will attempt to ++ * get statistics about a particular port; otherwise ++ * the function get statistics about all of the policy's ports. ++ * ++ * @param name Reference to an port's name; if NULL, ++ * all ports will be considered ++ * @param policydb Reference to a policy ++ * ++ * @return 0 on success, < 0 on error. ++ */ ++static PyObject* get_ports(const char *num, const apol_policy_t * policydb) ++{ ++ PyObject *list = PyList_New(0); ++ int retval = -1; ++ const qpol_portcon_t *portcon = NULL; ++ qpol_iterator_t *iter = NULL; ++ uint16_t low_port, high_port; ++ uint8_t ocon_proto; ++ qpol_policy_t *q = apol_policy_get_qpol(policydb); ++ const qpol_context_t *ctxt = NULL; ++ const char *proto_str; ++ PyObject *dict; ++ const char *type = NULL; ++ const apol_mls_range_t *range = NULL; ++ char *range_str = NULL; ++ PyObject *obj = NULL; ++ apol_context_t *c = NULL; ++ ++ if (qpol_policy_get_portcon_iter(q, &iter)) ++ goto cleanup; ++ ++ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { ++ if (qpol_iterator_get_item(iter, (void **)&portcon)) ++ goto cleanup; ++ if (qpol_portcon_get_low_port(q, portcon, &low_port)) ++ goto cleanup; ++ if (qpol_portcon_get_high_port(q, portcon, &high_port)) ++ goto cleanup; ++ if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) ++ goto cleanup; ++ if (num) { ++ if (atoi(num) < low_port || atoi(num) > high_port) ++ continue; ++ } ++ ++ if ((ocon_proto != IPPROTO_TCP) && ++ (ocon_proto != IPPROTO_UDP)) ++ goto cleanup; ++ ++ if (qpol_portcon_get_context(q, portcon, &ctxt)) { ++ PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); ++ goto cleanup; ++ } ++ ++ if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { ++ PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); ++ goto cleanup; ++ } ++ ++ if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { ++ goto cleanup; ++ } ++ ++ if((type = apol_context_get_type(c)) == NULL) { ++ apol_context_destroy(&c); ++ goto cleanup; ++ } ++ ++ dict = PyDict_New(); ++ obj = PyString_FromString(type); ++ PyDict_SetItemString(dict, "type", obj); ++ Py_DECREF(obj); ++ ++ if((range = apol_context_get_range(c)) == NULL) { ++ goto cleanup; ++ } ++ ++ range_str = apol_mls_range_render(policydb, range); ++ if (range_str == NULL) { ++ goto cleanup; ++ } ++ obj = PyString_FromString(range_str); ++ PyDict_SetItemString(dict, "range", obj); ++ Py_DECREF(obj); ++ ++ obj = PyString_FromString(proto_str); ++ PyDict_SetItemString(dict, "protocol", obj); ++ Py_DECREF(obj); ++ ++ obj = PyInt_FromLong(high_port); ++ PyDict_SetItemString(dict, "high", obj); ++ Py_DECREF(obj); ++ ++ obj = PyInt_FromLong(low_port); ++ PyDict_SetItemString(dict, "low", obj); ++ Py_DECREF(obj); ++ ++ PyList_Append(list, dict); ++ Py_DECREF(dict); ++ } ++ retval = 0; ++ cleanup: ++ free(range_str); ++ apol_context_destroy(&c); ++ qpol_iterator_destroy(&iter); ++ ++ if (retval) { ++ Py_DECREF(list); ++ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); ++ return NULL; ++ } ++ return list; ++} ++ ++/** + * Get statistics regarding a policy's roles. + * If this function is given a name, it will attempt to + * get statistics about a particular role; otherwise @@ -2055,6 +2201,9 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c + if (type == USER) + output = get_users(name, policydb); + ++ if (type == PORT) ++ output = get_ports(name, policydb); ++ + apol_policy_destroy(&policydb); + apol_policy_path_destroy(&pol_path); + return output; @@ -2080,14 +2229,15 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c + PyObject *m; + m = Py_InitModule("_seinfo", methods); + PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE); ++ PyModule_AddIntConstant(m, "PORT", PORT); + PyModule_AddIntConstant(m, "ROLE", ROLE); + PyModule_AddIntConstant(m, "TYPE", TYPE); + PyModule_AddIntConstant(m, "USER", USER); +} -diff -up /dev/null setools-3.3.6/python/setools/sesearch.c ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/setools/sesearch.c 2009-08-11 16:31:05.000000000 -0400 -@@ -0,0 +1,477 @@ +diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c +--- setools-3.3.7/python/setools/sesearch.c.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/setools/sesearch.c 2010-10-14 11:04:53.000000000 -0400 +@@ -0,0 +1,479 @@ +// Author: Thomas Liu + +/** @@ -2506,6 +2656,7 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c + goto cleanup; + } + if (v) { ++ printf("Dan 1\n"); + output = get_av_results(policy, &cmd_opts, v); + } + apol_vector_destroy(&v); @@ -2521,8 +2672,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c + free(cmd_opts.tgt_role_name); + apol_vector_destroy(&cmd_opts.perm_vector); + apol_vector_destroy(&cmd_opts.class_vector); -+ -+ return output; ++ ++ if (output) return output; ++ return Py_None; +} +static int Dict_ContainsInt(PyObject *dict, const char *key){ + PyObject *item = PyDict_GetItemString(dict, key); @@ -2565,9 +2717,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c + PyObject *m; + m = Py_InitModule("_sesearch", methods); +} -diff -up /dev/null setools-3.3.6/python/setools/setup.py ---- /dev/null 2009-08-08 15:30:39.325298375 -0400 -+++ setools-3.3.6/python/setools/setup.py 2009-08-11 17:29:42.000000000 -0400 +diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py +--- setools-3.3.7/python/setools/setup.py.python 2010-07-30 15:02:10.000000000 -0400 ++++ setools-3.3.7/python/setools/setup.py 2010-07-30 15:02:10.000000000 -0400 @@ -0,0 +1,25 @@ +#!/usr/bin/env python + diff --git a/setools.spec b/setools.spec index 910778b..6d8e2b6 100644 --- a/setools.spec +++ b/setools.spec @@ -5,7 +5,7 @@ Name: setools Version: %{setools_maj_ver}.%{setools_min_ver} -Release: 4%{?dist} +Release: 8%{?dist} License: GPLv2 URL: http://oss.tresys.com/projects/setools BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -353,6 +353,18 @@ rm -rf ${RPM_BUILD_ROOT} %postun libs-tcl -p /sbin/ldconfig %changelog +* Thu Oct 14 2010 Dan Walsh 3.3.6-8 +- Return None when no records match python setools.sesearch + +* Thu Aug 19 2010 Dan Walsh 3.3.6-7 +- Add range to ports in seinfo python + +* Tue Aug 3 2010 Dan Walsh 3.3.6-6 +- Return range with ports + +* Tue Aug 3 2010 Dan Walsh 3.3.6-5 +- Add port support to setools python + * Mon Jul 26 2010 David Malcolm - 3.3.7-4 - fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in patch 1