setools-4.4.0-0.1.20201102git05e90ee

- Update to 05e90ee - Add /usr/bin/sechecker - Adapt to new libsepol filename transition structures - Rebuild with libsepol.so.2
2020-11-03 16:07:11 +01:00 · 2020-11-03 16:07:11 +01:00 · 8840b49782
commit 8840b49782
parent 1396e21e63
5 changed files with 145 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,4 @@ setools-3.3.8-f1e5b20.tar.bz2
 /4.2.1.tar.gz
 /4.2.2.tar.gz
 /4.3.0.tar.gz
 /05e90ee.tar.gz
--- a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch
+++ b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch
@ -0,0 +1,120 @@
 From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
 From: Ondrej Mosnacek <omosnace@redhat.com>
 Date: Fri, 17 Jul 2020 11:28:08 +0200
 Subject: [PATCH] Adapt to new libsepol filename transition structures
 Adapt setools to the new libsepol internal API for filename transitions
 which allows for more efficient filename trans rule representation in
 memory and binary policy.
 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
 ---
 setools/policyrep/sepol.pxd  |  9 ++++----
 setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
 2 files changed, 39 insertions(+), 11 deletions(-)
 diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
 index 60bc58c28ebf..b07ddb78350f 100644
 --- a/setools/policyrep/sepol.pxd
 +++ b/setools/policyrep/sepol.pxd
@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
     ctypedef cond_bool_datum cond_bool_datum_t
     #
 -    # filename_trans_t
 +    # filename_trans_key_t
     #
 -    cdef struct filename_trans:
 -        uint32_t stype
 +    cdef struct filename_trans_key:
         uint32_t ttype
         uint32_t tclass
         char *name
 -    ctypedef filename_trans filename_trans_t
 +    ctypedef filename_trans_key filename_trans_key_t
     #
     # filename_trans_datum_t
     #
     cdef struct filename_trans_datum:
 +        ebitmap_t stypes
         uint32_t otype
 +        filename_trans_datum *next
     ctypedef filename_trans_datum filename_trans_datum_t
 diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
 index 3976586b7985..760c366f6c39 100644
 --- a/setools/policyrep/terule.pxi
 +++ b/setools/policyrep/terule.pxi
@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
         readonly str filename
     @staticmethod
 -    cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
 -                                       sepol.filename_trans_datum_t *datum):
 +    cdef inline FileNameTERule factory(SELinuxPolicy policy,
 +                                       sepol.filename_trans_key_t *key,
 +                                       Type stype, size_t otype):
         """Factory function for creating FileNameTERule objects."""
         cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
         r.policy = policy
         r.key = <uintptr_t>key
         r.ruletype = TERuletype.type_transition
 -        r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
 +        r.source = stype
         r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
         r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
 -        r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
 +        r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
         r.filename = intern(key.name)
         r.origin = None
         return r
@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
     """Iterate over FileNameTERules in the policy."""
 +    cdef:
 +        sepol.filename_trans_datum_t *datum
 +        TypeEbitmapIterator stypei
 +
     @staticmethod
     cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
         """Factory function for creating FileNameTERule iterators."""
@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
         i.reset()
         return i
 +    def _next_stype(self):
 +        while True:
 +            if self.datum == NULL:
 +                super().__next__()
 +                self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
 +                self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
 +            try:
 +                return next(self.stypei)
 +            except StopIteration:
 +                pass
 +            self.datum = self.datum.next
 +            if self.datum != NULL:
 +                self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
 +
     def __next__(self):
 -        super().__next__()
 -        return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
 -                                      <sepol.filename_trans_datum_t *>self.curr.datum)
 +        stype = self._next_stype()
 +        return FileNameTERule.factory(self.policy,
 +                                      <sepol.filename_trans_key_t *>self.curr.key,
 +                                      stype, self.datum.otype)
 +
 +    def __len__(self):
 +        return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
 +
 +    def reset(self):
 +        super().reset()
 +        self.datum = NULL
 -- 
 2.29.0
--- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
@ -33,7 +33,7 @@ index 60861ca630a5..41e38a237b42 100755
 +import setools.dta
- def print_transition(trans):
+ def print_transition(trans: setools.DomainTransition) -> None:
@@ -114,7 +114,7 @@ else:
 try:
@ -56,7 +56,7 @@ index f10c39de4d8e..fee749a83bb5 100755
 import argparse
 import sys
 import logging
-@@ -101,7 +101,7 @@ elif args.booleans is not None:
+@@ -102,7 +102,7 @@ elif args.booleans is not None:
 try:
     p = setools.SELinuxPolicy(args.policy)
     m = setools.PermissionMap(args.map)
@ -66,18 +66,18 @@ index f10c39de4d8e..fee749a83bb5 100755
     if args.shortest_path or args.all_paths:
 diff --git a/setools/__init__.py b/setools/__init__.py
-index 26fa5aa34a19..b7e51c43c4bb 100644
+index d72d343e7e79..642485b9018d 100644
 --- a/setools/__init__.py
 +++ b/setools/__init__.py
-@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery
+@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
 from .devicetreeconquery import DevicetreeconQuery
 # Information Flow Analysis
 -from .infoflow import InfoFlowAnalysis
- from .permmap import PermissionMap
+ from .permmap import PermissionMap, RuleWeight, Mapping
 -# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis
+-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
 -
 # Policy difference
 from .diff import PolicyDifference
--- a/setools.spec
+++ b/setools.spec
@ -1,20 +1,21 @@
-# % global setools_pre_ver rc
+%global setools_pre_ver 05e90ee
-# % global gitver f1e5b20
+%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d
-%global sepol_ver 2.3-1
+%global sepol_ver 3.1-4
-%global selinux_ver 2.3-1
+%global selinux_ver 3.1-4
 Name:           setools
-Version:        4.3.0
+Version:        4.4.0
-Release:        5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Release:        0.1.20201102git%{setools_pre_ver}%{?dist}
 Summary:        Policy analysis tools for SELinux
 License:        GPLv2
 URL:            https://github.com/SELinuxProject/setools/wiki
-Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
+Source0:        https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
 Patch0001:      0001-Adapt-to-new-libsepol-filename-transition-structures.patch
 Patch1001:      1001-Do-not-use-Werror-during-build.patch
 Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
 Patch1003:      1003-Require-networkx-on-package-level.patch
@ -95,7 +96,7 @@ Python modules designed to facilitate SELinux policy analysis.
 %prep
-%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
+%autosetup -p 1 -S git -n setools-%{gitver}
 %build
@ -114,9 +115,11 @@ Python modules designed to facilitate SELinux policy analysis.
 %files
 %files console
 %{_bindir}/sechecker
 %{_bindir}/sediff
 %{_bindir}/seinfo
 %{_bindir}/sesearch
 %{_mandir}/man1/sechecker*
 %{_mandir}/man1/sediff*
 %{_mandir}/man1/seinfo*
 %{_mandir}/man1/sesearch*
@ -144,6 +147,12 @@ Python modules designed to facilitate SELinux policy analysis.
 %{_mandir}/ru/man1/apol*
 %changelog
 * Tue Nov  3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
 - Update to 05e90ee
 - Add /usr/bin/sechecker
 - Adapt to new libsepol filename transition structures
 - Rebuild with libsepol.so.2
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a
+SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686
`@ -1 +1 @@`
	`SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a`	`SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686`