[policycoreutils/f18] Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepo
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Oct 27 12:29:16 UTC 2012
commit 9848d1f6772da6ceb9dfd34d84e8d96182b2222c
Author: rhatdan <dwalsh at redhat.com>
Date: Sat Oct 27 08:28:50 2012 -0400
Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
policycoreutils-rhat.patch | 77 +++++++++++++------------------------------
policycoreutils.spec | 7 +++-
2 files changed, 28 insertions(+), 56 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 590f334..9a96d05 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -336082,10 +336082,10 @@ index 0000000..dc3ce6a
+
diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
new file mode 100644
-index 0000000..e0a5466
+index 0000000..f4cc0b0
--- /dev/null
+++ b/policycoreutils/sepolicy/info.c
-@@ -0,0 +1,949 @@
+@@ -0,0 +1,928 @@
+/**
+ * @file
+ * Command line tool to search TE rules.
@@ -336139,7 +336139,6 @@ index 0000000..e0a5466
+#include <assert.h>
+
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
-+static char *policy_file = NULL;
+
+enum input
+{
@@ -336938,34 +336937,16 @@ index 0000000..e0a5466
+ return list;
+}
+
-+PyObject* info(int type, const char *name, const char *alt_policy_file)
++PyObject* info( const char *policy_file, int type, const char *name)
+{
+ PyObject* output = NULL;
-+ int rt = -1;
+ apol_policy_t *policydb = NULL;
+ apol_policy_path_t *pol_path = NULL;
+ apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+
-+ if (alt_policy_file) {
-+ policy_file = strdup(alt_policy_file);
-+ if (!policy_file) {
-+ apol_vector_destroy(&mod_paths);
-+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
-+ return NULL;
-+ }
-+ }
-+ else {
-+ rt = qpol_default_policy_find(&policy_file);
-+ if (rt != 0) {
-+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
-+ return NULL;
-+ }
-+ }
-+
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
+ if (!pol_path) {
-+ free(policy_file);
+ apol_vector_destroy(&mod_paths);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL;
@@ -336976,12 +336957,10 @@ index 0000000..e0a5466
+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
+ if (!policydb) {
-+ free(policy_file);
+ apol_policy_path_destroy(&pol_path);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
-+ free(policy_file);
+
+ /* display requested info */
+ if (type == TYPE)
@@ -337010,12 +336989,12 @@ index 0000000..e0a5466
+PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
+ unsigned int type;
+ char *name;
-+ char *policy_file;
++ const char *policy_file;
+
-+ if (!PyArg_ParseTuple(args, "izz", &type, &name, &policy_file))
++ if (!PyArg_ParseTuple(args, "ziz", &policy_file, &type, &name))
+ return NULL;
+
-+ return Py_BuildValue("N",info(type, name, policy_file));
++ return Py_BuildValue("N",info(policy_file, type, name));
+
+}
+
@@ -337037,10 +337016,10 @@ index 0000000..e0a5466
+}
diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
new file mode 100644
-index 0000000..80421fc
+index 0000000..c98e4cf
--- /dev/null
+++ b/policycoreutils/sepolicy/search.c
-@@ -0,0 +1,1022 @@
+@@ -0,0 +1,1007 @@
+// Author: Thomas Liu <tliu at redhat.com>
+
+/**
@@ -337102,7 +337081,6 @@ index 0000000..80421fc
+#include <stdbool.h>
+
+#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC"
-+static char *policy_file = NULL;
+
+enum opt_values
+{
@@ -337827,7 +337805,8 @@ index 0000000..80421fc
+ return output;
+}
+
-+PyObject* search(bool allow,
++PyObject* search(const char *policy_file,
++ bool allow,
+ bool neverallow,
+ bool auditallow,
+ bool dontaudit,
@@ -337836,12 +337815,10 @@ index 0000000..80421fc
+ const char *src_name,
+ const char *tgt_name,
+ const char *class_name,
-+ const char *permlist,
-+ const char *alt_policy_file
++ const char *permlist
+ )
+{
+ options_t cmd_opts;
-+ int rt = -1;
+ PyObject *output = NULL;
+ apol_policy_t *policy = NULL;
+ apol_vector_t *v = NULL;
@@ -337849,9 +337826,6 @@ index 0000000..80421fc
+ apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+
-+ if (alt_policy_file)
-+ policy_file = strdup(alt_policy_file);
-+
+ memset(&cmd_opts, 0, sizeof(cmd_opts));
+ cmd_opts.indirect = true;
+ cmd_opts.allow = allow;
@@ -337874,19 +337848,11 @@ index 0000000..80421fc
+ if (!(cmd_opts.nallow || cmd_opts.all))
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
+
-+ if (! policy_file) {
-+ rt = qpol_default_policy_find(&policy_file);
-+ if (rt) {
-+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
-+ return NULL;
-+ }
-+ }
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+
+ if (apol_file_is_policy_path_list(policy_file) > 0) {
+ pol_path = apol_policy_path_create_from_file(policy_file);
+ if (!pol_path) {
-+ free(policy_file);
+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
+ return NULL;
+ }
@@ -337895,11 +337861,9 @@ index 0000000..80421fc
+ if (!pol_path)
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
+ if (!pol_path) {
-+ free(policy_file);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL;
+ }
-+ free(policy_file);
+ apol_vector_destroy(&mod_paths);
+
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
@@ -338051,7 +338015,7 @@ index 0000000..80421fc
+ const char *permlist = Dict_ContainsString(dict, "permlist");
+ const char *policy_path = Dict_ContainsString(dict, "policy");
+
-+ return Py_BuildValue("N",search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist, policy_path));
++ return Py_BuildValue("N",search(policy_path, allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist));
+}
+
+static PyMethodDef methods[] = {
@@ -338065,10 +338029,10 @@ index 0000000..80421fc
+}
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
new file mode 100644
-index 0000000..86b5af1
+index 0000000..c574a46
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
-@@ -0,0 +1,135 @@
+@@ -0,0 +1,139 @@
+# This file is part of systemd.
+#
+# Copyright 2011 Dan Walsh
@@ -338167,6 +338131,10 @@ index 0000000..86b5af1
+ COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
+ return 0
+ fi
++ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
++ COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
++ return 0
++ fi
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
+ return 0
+ elif [ "$verb" = "communicate" ]; then
@@ -338840,10 +338808,10 @@ index 0000000..5469729
+ sys.exit(1)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644
-index 0000000..a55162f
+index 0000000..fbd011c
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,90 @@
+@@ -0,0 +1,91 @@
+#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu at redhat.com>
@@ -338851,6 +338819,7 @@ index 0000000..a55162f
+
+import _search
+import _info
++import selinux
+
+TYPE = _info.TYPE
+ROLE = _info.ROLE
@@ -338870,7 +338839,7 @@ index 0000000..a55162f
+TRANSITION = 'transition'
+ROLE_ALLOW = 'role_allow'
+
-+policy_file = None
++policy_file = selinux.selinux_current_policy_path()
+
+def search(types, info = {} ):
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
@@ -338898,7 +338867,7 @@ index 0000000..a55162f
+
+def info(setype, name=None):
+ global policy_file
-+ dict_list = _info.info(setype, name, policy_file)
++ dict_list = _info.info(policy_file, setype, name)
+ return dict_list
+
+def policy(alt_policy_file):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index a4e4af4..e37db34 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 18%{?dist}
+Release: 19%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -329,7 +329,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
-* Fri Oct 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-18
+* Sat Oct 27 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-19
+- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
+
+* Fri Oct 26 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-18
- Allow sepolicy to specify the policy to generate content from
* Thu Oct 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-17
More information about the scm-commits
mailing list