[policycoreutils] Fix var_spool template read_spool_files Fix sepolgen to handle filename transitions
Daniel J Walsh
dwalsh at fedoraproject.org
Wed May 25 20:20:42 UTC 2011
commit 93a347a42a5264847cce4b8d47aab8763c87f5db
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed May 25 16:20:29 2011 -0400
Fix var_spool template read_spool_files
Fix sepolgen to handle filename transitions
policycoreutils-gui.patch | 4 +-
policycoreutils-sepolgen.patch | 119 +++++++++++++++++++++++-----------------
policycoreutils.spec | 6 ++-
3 files changed, 75 insertions(+), 54 deletions(-)
---
diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 1379bdf..06085d7 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -13999,7 +13999,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py
--- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-04-12 10:52:07.573645242 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-23 17:00:58.813198478 -0400
++++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-25 16:09:23.350352658 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14073,7 +14073,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
+ ')
+
+ files_search_spool($1)
-+ read_files_pattern($1, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t)
++ read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+')
+
+########################################
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index ad2ae56..a504f05 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -1,7 +1,7 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/access.py
---- nsasepolgen/src/sepolgen/access.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/access.py 2010-06-16 08:22:43.000000000 -0400
-@@ -32,6 +32,7 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py 2011-05-25 16:11:58.150628048 -0400
+@@ -32,6 +32,7 @@ in a variety of ways, but they are the f
"""
import refpolicy
@@ -9,7 +9,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
def is_idparam(id):
"""Determine if an id is a paramater in the form $N, where N is
-@@ -85,6 +86,8 @@
+@@ -85,6 +86,8 @@ class AccessVector:
self.obj_class = None
self.perms = refpolicy.IdSet()
self.audit_msgs = []
@@ -18,7 +18,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
# The direction of the information flow represented by this
# access vector - used for matching
-@@ -253,20 +256,22 @@
+@@ -253,20 +256,22 @@ class AccessVectorSet:
for av in l:
self.add_av(AccessVector(av))
@@ -45,10 +45,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
access.perms.update(perms)
if audit_msg:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/audit.py
---- nsasepolgen/src/sepolgen/audit.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/audit.py 2010-06-16 08:22:43.000000000 -0400
-@@ -68,6 +68,17 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py 2011-05-25 16:11:58.150628048 -0400
+@@ -68,6 +68,17 @@ def get_dmesg_msgs():
stdout=subprocess.PIPE).communicate()[0]
return output
@@ -66,7 +66,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
# Classes representing audit messages
class AuditMessage:
-@@ -127,6 +138,9 @@
+@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
if fields[0] == "path":
self.path = fields[1][1:-1]
return
@@ -76,7 +76,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
class AVCMessage(AuditMessage):
"""AVC message representing an access denial or granted message.
-@@ -167,6 +181,8 @@
+@@ -167,6 +181,8 @@ class AVCMessage(AuditMessage):
self.path = ""
self.accesses = []
self.denial = True
@@ -85,7 +85,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
def __parse_access(self, recs, start):
# This is kind of sucky - the access that is in a space separated
-@@ -226,7 +242,31 @@
+@@ -226,7 +242,31 @@ class AVCMessage(AuditMessage):
if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -118,7 +118,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
class PolicyLoadMessage(AuditMessage):
"""Audit message indicating that the policy was reloaded."""
def __init__(self, message):
-@@ -469,10 +509,10 @@
+@@ -469,10 +509,10 @@ class AuditParser:
if avc_filter:
if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
@@ -131,10 +131,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
return av_set
class AVCTypeFilter:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/defaults.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/defaults.py
---- nsasepolgen/src/sepolgen/defaults.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/defaults.py 2010-06-16 08:22:43.000000000 -0400
-@@ -30,6 +30,9 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py 2011-05-25 16:11:58.150628048 -0400
+@@ -30,6 +30,9 @@ def perm_map():
def interface_info():
return data_dir() + "/interface_info"
@@ -144,10 +144,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/defaults.py policy
def refpolicy_devel():
return "/usr/share/selinux/devel"
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/interfaces.py
---- nsasepolgen/src/sepolgen/interfaces.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/interfaces.py 2010-06-16 08:22:43.000000000 -0400
-@@ -29,6 +29,8 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py 2011-05-25 16:11:58.151628058 -0400
+@@ -29,6 +29,8 @@ import matching
from sepolgeni18n import _
@@ -156,7 +156,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py poli
class Param:
"""
Object representing a paramater for an interface.
-@@ -197,10 +199,48 @@
+@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params
ret = 1
return ret
@@ -207,7 +207,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py poli
# Enabled is a loose concept currently - we are essentially
# not enabling interfaces that we can't handle currently.
# See InterfaceVector.add_ifv for more information.
-@@ -214,10 +254,10 @@
+@@ -214,10 +254,10 @@ class InterfaceVector:
# value: Param object).
self.params = { }
if interface:
@@ -220,7 +220,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py poli
self.name = interface.name
# Add allow rules
-@@ -232,6 +272,23 @@
+@@ -232,6 +272,23 @@ class InterfaceVector:
for av in avs:
self.add_av(av)
@@ -244,7 +244,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py poli
# Extract paramaters from roles
for role in interface.roles():
if role_extract_params(role, self.params):
-@@ -346,13 +403,13 @@
+@@ -346,13 +403,13 @@ class InterfaceSet:
l = self.tgt_type_map.setdefault(type, [])
l.append(ifv)
@@ -262,10 +262,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py poli
self.expand_ifcalls(headers)
self.index()
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/matching.py
---- nsasepolgen/src/sepolgen/matching.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/matching.py 2010-06-16 08:22:43.000000000 -0400
-@@ -50,7 +50,7 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py 2011-05-25 16:11:58.151628058 -0400
+@@ -50,7 +50,7 @@ class Match:
return 1
class MatchList:
@@ -274,7 +274,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policy
def __init__(self):
# Match objects that pass the threshold
self.children = []
-@@ -63,14 +63,15 @@
+@@ -63,14 +63,15 @@ class MatchList:
def best(self):
if len(self.children):
return self.children[0]
@@ -293,10 +293,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policy
def __iter__(self):
return iter(self.children)
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/policygen.py
---- nsasepolgen/src/sepolgen/policygen.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-06-21 10:10:01.000000000 -0400
-@@ -29,6 +29,8 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py 2011-05-25 16:11:58.151628058 -0400
+@@ -29,6 +29,8 @@ import objectmodel
import access
import interfaces
import matching
@@ -305,7 +305,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
# Constants for the level of explanation from the generation
# routines
-@@ -77,6 +79,7 @@
+@@ -77,6 +79,7 @@ class PolicyGenerator:
self.dontaudit = False
@@ -313,7 +313,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
def set_gen_refpol(self, if_set=None, perm_maps=None):
"""Set whether reference policy interfaces are generated.
-@@ -151,8 +154,41 @@
+@@ -151,8 +154,41 @@ class PolicyGenerator:
rule = refpolicy.AVRule(av)
if self.dontaudit:
rule.rule_type = rule.DONTAUDIT
@@ -356,10 +356,27 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
self.module.children.append(rule)
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/refparser.py
---- nsasepolgen/src/sepolgen/refparser.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-06-16 08:22:43.000000000 -0400
-@@ -1044,7 +1044,7 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py 2011-05-25 16:18:20.911964611 -0400
+@@ -243,7 +243,7 @@ def t_refpolicywarn(t):
+ t.lexer.lineno += 1
+
+ def t_IDENTIFIER(t):
+- r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
++ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
+ # Handle any keywords
+ t.type = reserved.get(t.value,'IDENTIFIER')
+ return t
+@@ -768,6 +768,7 @@ def p_avrule_def(p):
+
+ def p_typerule_def(p):
+ '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
++ | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
+ | TYPE_CHANGE names names COLON names IDENTIFIER SEMI
+ | TYPE_MEMBER names names COLON names IDENTIFIER SEMI
+ '''
+@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, exp
# of misc_macros. We are just going to pretend that this is an interface
# to make the expansion work correctly.
can_exec = refpolicy.Interface("can_exec")
@@ -368,10 +385,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py polic
"getattr","lock","execute","ioctl"])
can_exec.children.append(refpolicy.AVRule(av))
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreutils-2.0.83/sepolgen-1.0.23/src/share/perm_map
---- nsasepolgen/src/share/perm_map 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/sepolgen-1.0.23/src/share/perm_map 2010-06-16 08:22:43.000000000 -0400
-@@ -124,7 +124,7 @@
+diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map
+--- policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen 2010-03-24 15:57:20.000000000 -0400
++++ policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map 2011-05-25 16:11:58.152628068 -0400
+@@ -124,7 +124,7 @@ class filesystem 10
quotamod w 1
quotaget r 1
@@ -380,7 +397,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreut
execute_no_trans r 1
entrypoint r 1
execmod n 1
-@@ -141,48 +141,50 @@
+@@ -141,48 +141,50 @@ class file 20
unlink w 1
link w 1
rename w 5
@@ -448,7 +465,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreut
append w 1
unlink w 1
link w 1
-@@ -191,8 +193,9 @@
+@@ -191,8 +193,9 @@ class lnk_file 17
swapon b 1
quotaon b 1
mounton b 1
@@ -459,7 +476,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreut
execute_no_trans r 1
entrypoint r 1
execmod n 1
-@@ -213,8 +216,9 @@
+@@ -213,8 +216,9 @@ class chr_file 20
swapon b 1
quotaon b 1
mounton b 1
@@ -470,7 +487,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreut
ioctl n 1
read r 10
write w 10
-@@ -232,8 +236,9 @@
+@@ -232,8 +236,9 @@ class blk_file 17
swapon b 1
quotaon b 1
mounton b 1
@@ -481,7 +498,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreut
ioctl n 1
read r 10
write w 10
-@@ -251,8 +256,9 @@
+@@ -251,8 +256,9 @@ class sock_file 17
swapon b 1
quotaon b 1
mounton b 1
@@ -492,7 +509,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreut
ioctl n 1
read r 10
write w 10
-@@ -270,6 +276,7 @@
+@@ -270,6 +276,7 @@ class fifo_file 17
swapon b 1
quotaon b 1
mounton b 1
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 5ce8811..152628a 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.86
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -331,6 +331,10 @@ fi
exit 0
%changelog
+* Wed May 25 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-9
+- Fix var_spool template read_spool_files
+- Fix sepolgen to handle filename transitions
+
* Mon May 23 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-8
- Templates cleanedup by Dominic Grift
More information about the scm-commits
mailing list