[policycoreutils/f18] Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepo

Daniel J Walsh dwalsh at fedoraproject.org
Sat Oct 27 12:29:16 UTC 2012 

commit 9848d1f6772da6ceb9dfd34d84e8d96182b2222c
Author: rhatdan <dwalsh at redhat.com>
Date:   Sat Oct 27 08:28:50 2012 -0400

    Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network

 policycoreutils-rhat.patch |   77 +++++++++++++------------------------------
 policycoreutils.spec       |    7 +++-
 2 files changed, 28 insertions(+), 56 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 590f334..9a96d05 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -336082,10 +336082,10 @@ index 0000000..dc3ce6a
 +
 diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
 new file mode 100644
-index 0000000..e0a5466
+index 0000000..f4cc0b0
 --- /dev/null
 +++ b/policycoreutils/sepolicy/info.c
-@@ -0,0 +1,949 @@
+@@ -0,0 +1,928 @@
 +/**
 + *  @file
 + *  Command line tool to search TE rules.
@@ -336139,7 +336139,6 @@ index 0000000..e0a5466
 +#include <assert.h>
 +
 +#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
-+static char *policy_file = NULL;
 +
 +enum input
 +{
@@ -336938,34 +336937,16 @@ index 0000000..e0a5466
 +	return list;
 +}
 +
-+PyObject* info(int type, const char *name, const char *alt_policy_file)
++PyObject* info( const char *policy_file, int type, const char *name)
 +{
 +	PyObject* output = NULL;
-+	int rt = -1;
 +	apol_policy_t *policydb = NULL;
 +	apol_policy_path_t *pol_path = NULL;
 +	apol_vector_t *mod_paths = NULL;
 +	apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
 +
-+	if (alt_policy_file) {
-+		policy_file = strdup(alt_policy_file);
-+		if (!policy_file) {
-+			apol_vector_destroy(&mod_paths);
-+			PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
-+			return NULL;
-+		}
-+	}
-+	else {
-+		rt = qpol_default_policy_find(&policy_file);
-+		if (rt != 0) {
-+			PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
-+			return NULL;
-+		}
-+	}
-+
 +	pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
 +	if (!pol_path) {
-+		free(policy_file);
 +		apol_vector_destroy(&mod_paths);
 +		PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
 +		return NULL;
@@ -336976,12 +336957,10 @@ index 0000000..e0a5466
 +	policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
 +	policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
 +	if (!policydb) {
-+		free(policy_file);
 +		apol_policy_path_destroy(&pol_path);
 +		PyErr_SetString(PyExc_RuntimeError,strerror(errno));
 +		return NULL;
 +	}
-+	free(policy_file);
 +
 +	/* display requested info */
 +	if (type == TYPE)
@@ -337010,12 +336989,12 @@ index 0000000..e0a5466
 +PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
 +    unsigned int type;
 +    char *name;
-+    char *policy_file;
++    const char *policy_file;
 +    
-+    if (!PyArg_ParseTuple(args, "izz", &type, &name, &policy_file))
++    if (!PyArg_ParseTuple(args, "ziz", &policy_file, &type, &name))
 +        return NULL;
 +
-+    return Py_BuildValue("N",info(type, name, policy_file));
++    return Py_BuildValue("N",info(policy_file, type, name));
 +
 +}
 +
@@ -337037,10 +337016,10 @@ index 0000000..e0a5466
 +}
 diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
 new file mode 100644
-index 0000000..80421fc
+index 0000000..c98e4cf
 --- /dev/null
 +++ b/policycoreutils/sepolicy/search.c
-@@ -0,0 +1,1022 @@
+@@ -0,0 +1,1007 @@
 +// Author: Thomas Liu <tliu at redhat.com>
 +
 +/**
@@ -337102,7 +337081,6 @@ index 0000000..80421fc
 +#include <stdbool.h>
 +
 +#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC"
-+static char *policy_file = NULL;
 +
 +enum opt_values
 +{
@@ -337827,7 +337805,8 @@ index 0000000..80421fc
 +	return output;
 +}
 +
-+PyObject* search(bool allow,
++PyObject* search(const char *policy_file,
++		 bool allow,
 +		 bool neverallow,
 +		 bool auditallow,
 +		 bool dontaudit,
@@ -337836,12 +337815,10 @@ index 0000000..80421fc
 +		 const char *src_name,
 +		 const char *tgt_name,
 +		 const char *class_name,
-+		 const char *permlist,
-+		 const char *alt_policy_file
++		 const char *permlist
 +	)
 +{
 +	options_t cmd_opts;
-+	int rt = -1;
 +	PyObject *output = NULL;
 +	apol_policy_t *policy = NULL;
 +	apol_vector_t *v = NULL;
@@ -337849,9 +337826,6 @@ index 0000000..80421fc
 +	apol_vector_t *mod_paths = NULL;
 +	apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
 +
-+	if (alt_policy_file)
-+		policy_file = strdup(alt_policy_file);
-+
 +	memset(&cmd_opts, 0, sizeof(cmd_opts));
 +	cmd_opts.indirect = true;
 +	cmd_opts.allow = allow;
@@ -337874,19 +337848,11 @@ index 0000000..80421fc
 +	if (!(cmd_opts.nallow || cmd_opts.all))
 +		pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
 +
-+	if (! policy_file) {
-+		rt = qpol_default_policy_find(&policy_file);
-+		if (rt) {
-+			PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
-+			return NULL;
-+		}
-+	}
 +	pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
 +
 +	if (apol_file_is_policy_path_list(policy_file) > 0) {
 +		pol_path = apol_policy_path_create_from_file(policy_file);
 +		if (!pol_path) {
-+			free(policy_file);
 +			PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
 +			return NULL;
 +		}
@@ -337895,11 +337861,9 @@ index 0000000..80421fc
 +	if (!pol_path)
 +		pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
 +	if (!pol_path) {
-+		free(policy_file);
 +		PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
 +		return NULL;
 +	}
-+	free(policy_file);
 +	apol_vector_destroy(&mod_paths);
 +
 +	policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
@@ -338051,7 +338015,7 @@ index 0000000..80421fc
 +    const char *permlist = Dict_ContainsString(dict, "permlist");
 +    const char *policy_path = Dict_ContainsString(dict, "policy");
 +
-+    return Py_BuildValue("N",search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist, policy_path));
++    return Py_BuildValue("N",search(policy_path, allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist));
 +}
 +
 +static PyMethodDef methods[] = {
@@ -338065,10 +338029,10 @@ index 0000000..80421fc
 +}
 diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
 new file mode 100644
-index 0000000..86b5af1
+index 0000000..c574a46
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
-@@ -0,0 +1,135 @@
+@@ -0,0 +1,139 @@
 +# This file is part of systemd.
 +#
 +# Copyright 2011 Dan Walsh
@@ -338167,6 +338131,10 @@ index 0000000..86b5af1
 +	        COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
 +		return 0
 +	    fi
++	    if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
++	        COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
++		return 0
++	    fi
 +            COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
 +	    return 0
 +	elif [ "$verb" = "communicate" ]; then
@@ -338840,10 +338808,10 @@ index 0000000..5469729
 +        sys.exit(1)
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
 new file mode 100644
-index 0000000..a55162f
+index 0000000..fbd011c
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,90 @@
+@@ -0,0 +1,91 @@
 +#!/usr/bin/env python
 +
 +# Author: Thomas Liu <tliu at redhat.com>
@@ -338851,6 +338819,7 @@ index 0000000..a55162f
 +
 +import _search
 +import _info
++import selinux
 +
 +TYPE = _info.TYPE
 +ROLE = _info.ROLE
@@ -338870,7 +338839,7 @@ index 0000000..a55162f
 +TRANSITION = 'transition'
 +ROLE_ALLOW = 'role_allow'
 +
-+policy_file = None
++policy_file = selinux.selinux_current_policy_path()
 +
 +def search(types, info = {} ):
 +    valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
@@ -338898,7 +338867,7 @@ index 0000000..a55162f
 +
 +def info(setype, name=None):
 +    global policy_file
-+    dict_list = _info.info(setype, name, policy_file)
++    dict_list = _info.info(policy_file, setype, name)
 +    return dict_list
 +
 +def policy(alt_policy_file):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index a4e4af4..e37db34 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -329,7 +329,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
-* Fri Oct 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-18
+* Sat Oct 27 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-19
+- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
+
+* Fri Oct 26 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-18
 - Allow sepolicy to specify the policy to generate content from
 
 * Thu Oct 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-17

More information about the scm-commits mailing list