- Return None when no records match python setools.sesearch

2010-10-14 14:25:23 -04:00 · 2010-10-14 14:25:23 -04:00 · 764e7165c1
commit 764e7165c1
parent d926e676b2
2 changed files with 215 additions and 51 deletions
--- a/setools-python.patch
+++ b/setools-python.patch
@ -1,7 +1,16 @@
-diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
+diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac
--- setools-3.3.6/configure.ac.python	2009-07-22 14:07:35.000000000 -0400
+--- setools-3.3.7/configure.ac.python	2010-04-30 10:25:48.000000000 -0400
-+++ setools-3.3.6/configure.ac	2009-08-11 13:15:57.000000000 -0400
+++ setools-3.3.7/configure.ac	2010-07-30 15:02:10.000000000 -0400
-@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then
+@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
               enable_jswig="$enableval")
 if test "x${enable_jswig}" = xyes; then
    if test ${do_swigify} = no; then
 -      AC_PROG_SWIG(1.3.28)
 +      AC_PROG_SWIG(2.0.0)
    fi
    AC_JAVA_OPTIONS
    if test "x$JAVAPREFIX" = x; then
@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then
    do_swigify_java=yes
    do_swigify=yes
 fi
@ -11,15 +20,33 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
 AC_ARG_ENABLE(swig-python,
               AC_HELP_STRING([--enable-swig-python],
                              [build SWIG interfaces for Python]),
-@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then
+               enable_pyswig="$enableval")
 if test "x${enable_pyswig}" = xyes; then
    if test ${do_swigify} = no; then
-       AC_PROG_SWIG(1.3.28)
+-      AC_PROG_SWIG(1.3.28)
 +      AC_PROG_SWIG(2.0.0)
    fi
 -   AM_PATH_PYTHON(2.3)
    SWIG_PYTHON
    do_swigify_python=yes
    do_swigify=yes
-@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \
+ fi
 if test ${do_swigify} = "yes"; then
 -   AC_PROG_SWIG(1.3.28)
 +   AC_PROG_SWIG(2.0.0)
 fi
 build_apol=yes
 AC_ARG_ENABLE(swig-tcl,
@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
               enable_tclswig="$enableval", enable_tclswig="yes")
 if test "x${enable_tclswig}" = xyes; then
    if test ${do_swigify} = no; then
 -      AC_PROG_SWIG(1.3.28)
 +      AC_PROG_SWIG(2.0.0)
    fi
    TEA_INIT(3.5)
    TEA_PATH_TCLCONFIG
@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \
                  sediff/Makefile \
                  man/Makefile \
                  debian/Makefile \
@ -28,9 +55,9 @@ diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
                  packages/Makefile packages/rpm/Makefile \
                  packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
-diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
+diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am
--- setools-3.3.6/Makefile.am.python	2008-02-22 14:06:28.000000000 -0500
+--- setools-3.3.7/Makefile.am.python	2008-02-22 14:06:28.000000000 -0500
-+++ setools-3.3.6/Makefile.am	2009-08-11 13:15:57.000000000 -0400
+++ setools-3.3.7/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -10,7 +10,7 @@ if BUILD_GUI
 endif
 # sediffx is also built conditionally, from sediffx/Makefile.am
@ -40,9 +67,9 @@ diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
 #old indent opts
 #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
-diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
+diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in
--- setools-3.3.6/Makefile.in.python	2009-07-22 14:08:36.000000000 -0400
+--- setools-3.3.7/Makefile.in.python	2010-05-12 10:01:09.000000000 -0400
-+++ setools-3.3.6/Makefile.in	2009-08-11 15:14:56.000000000 -0400
+++ setools-3.3.7/Makefile.in	2010-07-30 15:02:47.000000000 -0400
@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE
 ETAGS = etags
 CTAGS = ctags
@ -52,7 +79,7 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
-@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
+@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
 @BUILD_APOL_TRUE@MAYBE_APOL = apol
 @BUILD_GUI_TRUE@MAYBE_GUI = seaudit
 # sediffx is also built conditionally, from sediffx/Makefile.am
@ -61,16 +88,16 @@ diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
 #old indent opts
 #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
-diff -up /dev/null setools-3.3.6/python/Makefile.am
+diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/Makefile.am.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/Makefile.am	2009-08-11 15:12:36.000000000 -0400
+++ setools-3.3.7/python/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1 @@
 +SUBDIRS = setools
-diff -up /dev/null setools-3.3.6/python/Makefile.in
+diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/Makefile.in.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/Makefile.in	2009-08-11 15:14:56.000000000 -0400
+++ setools-3.3.7/python/Makefile.in	2010-07-30 15:02:46.000000000 -0400
-@@ -0,0 +1,715 @@
+@@ -0,0 +1,716 @@
-+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
 +# @configure_input@
 +
 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -249,6 +276,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +PACKAGE_NAME = @PACKAGE_NAME@
 +PACKAGE_STRING = @PACKAGE_STRING@
 +PACKAGE_TARNAME = @PACKAGE_TARNAME@
 +PACKAGE_URL = @PACKAGE_URL@
 +PACKAGE_VERSION = @PACKAGE_VERSION@
 +PATH_SEPARATOR = @PATH_SEPARATOR@
 +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -482,7 +510,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +#     (which will cause the Makefiles to be regenerated when you run `make');
 +# (2) otherwise, pass the desired values on the `make' command line.
 +$(RECURSIVE_TARGETS):
-+	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
 +	for f in x $$MAKEFLAGS; do \
 +	  case $$f in \
 +	    *=* | --[!k]*);; \
@ -507,7 +535,7 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +	fi; test -z "$$fail"
 +
 +$(RECURSIVE_CLEAN_TARGETS):
-+	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
 +	for f in x $$MAKEFLAGS; do \
 +	  case $$f in \
 +	    *=* | --[!k]*);; \
@ -785,10 +813,10 @@ diff -up /dev/null setools-3.3.6/python/Makefile.in
 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
 +# Otherwise a system limit (for SysV at least) may be exceeded.
 +.NOEXPORT:
-diff -up /dev/null setools-3.3.6/python/setools/__init__.py
+diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/setools/__init__.py.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/setools/__init__.py	2009-08-11 13:15:57.000000000 -0400
+++ setools-3.3.7/python/setools/__init__.py	2010-08-03 15:52:27.000000000 -0400
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,50 @@
 +#!/usr/bin/env python
 +
 +# Author: Thomas Liu <tliu@redhat.com>
@ -800,6 +828,7 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +TYPE = _seinfo.TYPE
 +ROLE = _seinfo.ROLE
 +ATTRIBUTE = _seinfo.ATTRIBUTE
 +PORT = _seinfo.PORT
 +USER = _seinfo.USER
 +
 +ALLOW = 'allow'
@ -838,9 +867,9 @@ diff -up /dev/null setools-3.3.6/python/setools/__init__.py
 +def seinfo(setype, name=None):
 +    dict_list = _seinfo.seinfo(setype, name)
 +    return dict_list
-diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
+diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/setools/Makefile.am.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/setools/Makefile.am	2009-08-11 17:17:15.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.am	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,36 @@
 +EXTRA_DIST =				\
 +	sesearch.c			\
@ -878,11 +907,11 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.am
 +	$(PYTHON) setup.py clean -a 
 +	rm -f *~
 +
-diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
+diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/setools/Makefile.in.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/setools/Makefile.in	2009-08-11 17:17:18.000000000 -0400
+++ setools-3.3.7/python/setools/Makefile.in	2010-07-30 15:02:46.000000000 -0400
-@@ -0,0 +1,549 @@
+@@ -0,0 +1,550 @@
-+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
 +# @configure_input@
 +
 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -1021,6 +1050,7 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
 +PACKAGE_NAME = @PACKAGE_NAME@
 +PACKAGE_STRING = @PACKAGE_STRING@
 +PACKAGE_TARNAME = @PACKAGE_TARNAME@
 +PACKAGE_URL = @PACKAGE_URL@
 +PACKAGE_VERSION = @PACKAGE_VERSION@
 +PATH_SEPARATOR = @PATH_SEPARATOR@
 +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
@ -1431,10 +1461,10 @@ diff -up /dev/null setools-3.3.6/python/setools/Makefile.in
 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
 +# Otherwise a system limit (for SysV at least) may be exceeded.
 +.NOEXPORT:
-diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
+diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/setools/seinfo.c.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/setools/seinfo.c	2009-08-11 16:31:05.000000000 -0400
+++ setools-3.3.7/python/setools/seinfo.c	2010-08-03 18:07:17.000000000 -0400
-@@ -0,0 +1,649 @@
+@@ -0,0 +1,769 @@
 +/**
 + *  @file
 + *  Command line tool to search TE rules.
@ -1492,7 +1522,7 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +
 +enum input
 +{
-+	TYPE, ATTRIBUTE, ROLE, USER
+	TYPE, ATTRIBUTE, ROLE, USER, PORT,
 +};
 +
 +/**
@ -1902,6 +1932,122 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +}
 +
 +/**
 + * Get statistics regarding a policy's ports.
 + * If this function is given a name, it will attempt to
 + * get statistics about a particular port; otherwise
 + * the function get statistics about all of the policy's ports.
 + *
 + * @param name Reference to an port's name; if NULL,
 + * all ports will be considered
 + * @param policydb Reference to a policy
 + *
 + * @return 0 on success, < 0 on error.
 + */
 +static PyObject*  get_ports(const char *num, const apol_policy_t * policydb)
 +{
 +	PyObject *list = PyList_New(0);
 +	int retval = -1;
 +	const qpol_portcon_t *portcon = NULL;
 +	qpol_iterator_t *iter = NULL;
 +	uint16_t low_port, high_port;
 +	uint8_t ocon_proto;
 +	qpol_policy_t *q = apol_policy_get_qpol(policydb);
 +	const qpol_context_t *ctxt = NULL;
 +	const char *proto_str;
 +	PyObject *dict;
 +	const char *type = NULL;
 +	const apol_mls_range_t *range = NULL;
 +	char *range_str = NULL;
 +	PyObject *obj = NULL;
 +	apol_context_t *c = NULL;
 +
 +	if (qpol_policy_get_portcon_iter(q, &iter))
 +		goto cleanup;
 +
 +	for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
 +		if (qpol_iterator_get_item(iter, (void **)&portcon))
 +			goto cleanup;
 +		if (qpol_portcon_get_low_port(q, portcon, &low_port))
 +			goto cleanup;
 +		if (qpol_portcon_get_high_port(q, portcon, &high_port))
 +			goto cleanup;
 +		if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
 +			goto cleanup;
 +		if (num) {
 +			if (atoi(num) < low_port || atoi(num) > high_port)
 +				continue;
 +		}
 +
 +		if ((ocon_proto != IPPROTO_TCP) &&
 +		    (ocon_proto != IPPROTO_UDP)) 
 +			goto cleanup;
 +
 +		if (qpol_portcon_get_context(q, portcon, &ctxt)) {
 +			PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
 +			goto cleanup;
 +		}
 +
 +		if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
 +			PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
 +			goto cleanup;
 +		}
 +
 +		if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
 +			goto cleanup;
 +		}
 +		
 +		if((type = apol_context_get_type(c)) == NULL) {
 +			apol_context_destroy(&c);
 +			goto cleanup;
 +		}
 +			
 +		dict = PyDict_New(); 
 +		obj = PyString_FromString(type);
 +		PyDict_SetItemString(dict, "type", obj);
 +		Py_DECREF(obj);
 +
 +		if((range = apol_context_get_range(c)) == NULL) {
 +			goto cleanup;
 +		}
 +			
 +		range_str = apol_mls_range_render(policydb, range);
 +		if (range_str == NULL) {
 +			goto cleanup;
 +		}
 +		obj = PyString_FromString(range_str);
 +		PyDict_SetItemString(dict, "range", obj);
 +		Py_DECREF(obj);
 +
 +		obj = PyString_FromString(proto_str);
 +		PyDict_SetItemString(dict, "protocol", obj);
 +		Py_DECREF(obj);
 +
 +		obj = PyInt_FromLong(high_port);
 +		PyDict_SetItemString(dict, "high", obj);
 +		Py_DECREF(obj);
 +
 +		obj = PyInt_FromLong(low_port);
 +		PyDict_SetItemString(dict, "low", obj);
 +		Py_DECREF(obj);
 +
 +		PyList_Append(list, dict);
 +		Py_DECREF(dict);
 +	}
 +	retval = 0;
 +      cleanup:
 +	free(range_str);
 +	apol_context_destroy(&c);
 +	qpol_iterator_destroy(&iter);
 +
 +	if (retval) {
 +		Py_DECREF(list);
 +		PyErr_SetString(PyExc_RuntimeError,strerror(errno));
 +		return NULL;
 +	}
 +	return list;
 +}
 +
 +/**
 + * Get statistics regarding a policy's roles.
 + * If this function is given a name, it will attempt to
 + * get statistics about a particular role; otherwise
@ -2055,6 +2201,9 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +	if (type == USER)
 +		output = get_users(name, policydb);
 +
 +	if (type == PORT)
 +		output = get_ports(name, policydb);
 +
 +	apol_policy_destroy(&policydb);
 +	apol_policy_path_destroy(&pol_path);
 +	return output;
@ -2080,14 +2229,15 @@ diff -up /dev/null setools-3.3.6/python/setools/seinfo.c
 +    PyObject *m;
 +    m = Py_InitModule("_seinfo", methods);
 +    PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
 +    PyModule_AddIntConstant(m, "PORT", PORT);
 +    PyModule_AddIntConstant(m, "ROLE", ROLE);
 +    PyModule_AddIntConstant(m, "TYPE", TYPE);
 +    PyModule_AddIntConstant(m, "USER", USER);
 +}
-diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
+diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/setools/sesearch.c.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/setools/sesearch.c	2009-08-11 16:31:05.000000000 -0400
+++ setools-3.3.7/python/setools/sesearch.c	2010-10-14 11:04:53.000000000 -0400
-@@ -0,0 +1,477 @@
+@@ -0,0 +1,479 @@
 +// Author: Thomas Liu <tliu@redhat.com>
 +
 +/**
@ -2506,6 +2656,7 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +		goto cleanup;
 +	}
 +	if (v) {
 +		printf("Dan 1\n");
 +		output =  get_av_results(policy, &cmd_opts, v);
 +	}
 +	apol_vector_destroy(&v);
@ -2522,7 +2673,8 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +	apol_vector_destroy(&cmd_opts.perm_vector);
 +	apol_vector_destroy(&cmd_opts.class_vector);
 +
-+	return output;
+	if (output) return output;
 +	return Py_None;
 +}
 +static int Dict_ContainsInt(PyObject *dict, const char *key){
 +    PyObject *item = PyDict_GetItemString(dict, key);
@ -2565,9 +2717,9 @@ diff -up /dev/null setools-3.3.6/python/setools/sesearch.c
 +    PyObject *m;
 +    m = Py_InitModule("_sesearch", methods);
 +}
-diff -up /dev/null setools-3.3.6/python/setools/setup.py
+diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py
--- /dev/null	2009-08-08 15:30:39.325298375 -0400
+--- setools-3.3.7/python/setools/setup.py.python	2010-07-30 15:02:10.000000000 -0400
-+++ setools-3.3.6/python/setools/setup.py	2009-08-11 17:29:42.000000000 -0400
+++ setools-3.3.7/python/setools/setup.py	2010-07-30 15:02:10.000000000 -0400
@@ -0,0 +1,25 @@
 +#!/usr/bin/env python
 +
--- a/setools.spec
+++ b/setools.spec
@ -5,7 +5,7 @@
 Name: setools
 Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 4%{?dist}
+Release: 8%{?dist}
 License: GPLv2
 URL: http://oss.tresys.com/projects/setools
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -353,6 +353,18 @@ rm -rf ${RPM_BUILD_ROOT}
 %postun libs-tcl -p /sbin/ldconfig
 %changelog
 * Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
 - Return None when no records match python setools.sesearch
 * Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
 - Add range to ports in seinfo python
 * Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
 - Return range with ports
 * Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
 - Add port support to setools python 
 * Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
 - fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
 patch 1