[policycoreutils] Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy p
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Feb 22 16:39:28 UTC 2013
commit 8c0761612141092a43f6a07d267600b3466063f3
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Feb 22 17:38:59 2013 +0100
Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package
policycoreutils-rhat.patch | 125 +++++++++++++++++++++++++++++++++++++-------
policycoreutils.spec | 7 ++-
2 files changed, 111 insertions(+), 21 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index c071d9e..1431b4c 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -270,14 +270,6 @@ index 0000000..0c2f399
+Categories=System;Security;
+X-Desktop-File-Install-Version=0.2
+Keywords=policy;security;selinux;avc;permission;mac;
-diff --git a/policycoreutils/gui/sepolgen b/policycoreutils/gui/sepolgen
-deleted file mode 100644
-index 2f0c1cc..0000000
---- a/policycoreutils/gui/sepolgen
-+++ /dev/null
-@@ -1,2 +0,0 @@
--#!/bin/sh
--sepolicy generate $*
diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux
new file mode 100755
index 0000000..5be5ccd
@@ -1546,7 +1538,7 @@ index b25d3b2..7a15d88 100755
sys.exit(0)
except ValueError,e:
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..e0f5f86 100644
+index 5e7415c..9f4a774 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -37,9 +37,30 @@ CLASS = 'class'
@@ -1582,7 +1574,33 @@ index 5e7415c..e0f5f86 100644
policies = glob.glob ("%s.*" % path )
policies.sort()
return policies[-1]
-@@ -54,6 +75,13 @@ def get_all_types():
+@@ -47,6 +68,25 @@ def __get_installed_policy():
+ pass
+ raise ValueError(_("No SELinux Policy installed"))
+
++methods = []
++def get_methods():
++ global methods
++ if len(methods) > 0:
++ return methods
++ fn = defaults.interface_info()
++ try:
++ fd = open(fn)
++ # List of per_role_template interfaces
++ ifs = interfaces.InterfaceSet()
++ ifs.from_file(fd)
++ methods = ifs.interfaces.keys()
++ fd.close()
++ except:
++ sys.stderr.write("could not open interface info [%s]\n" % fn)
++ sys.exit(1)
++
++ return methods
++
+ all_types = None
+ def get_all_types():
+ global all_types
+@@ -54,6 +94,13 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE))
return all_types
@@ -1596,7 +1614,7 @@ index 5e7415c..e0f5f86 100644
role_allows = None
def get_all_role_allows():
global role_allows
-@@ -71,6 +99,7 @@ def get_all_role_allows():
+@@ -71,6 +118,7 @@ def get_all_role_allows():
return role_allows
def get_all_entrypoint_domains():
@@ -1604,7 +1622,7 @@ index 5e7415c..e0f5f86 100644
all_domains = []
types=get_all_types()
types.sort()
-@@ -81,11 +110,35 @@ def get_all_entrypoint_domains():
+@@ -81,11 +129,35 @@ def get_all_entrypoint_domains():
all_domains.append(m[0])
return all_domains
@@ -1641,7 +1659,7 @@ index 5e7415c..e0f5f86 100644
return all_domains
roles = None
-@@ -139,49 +192,42 @@ def get_all_attributes():
+@@ -139,49 +211,42 @@ def get_all_attributes():
return all_attributes
def policy(policy_file):
@@ -1711,18 +1729,40 @@ index 5e7415c..e0f5f86 100644
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
global booleans_dict
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
-index 26f8390..a23ce9b 100644
+index 26f8390..898ec43 100644
--- a/policycoreutils/sepolicy/sepolicy/generate.py
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
-@@ -63,7 +63,6 @@ except IOError:
+@@ -63,20 +63,6 @@ except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
-user_types = sepolicy.info(sepolicy.ATTRIBUTE,"userdomain")[0]["types"]
- methods = []
- fn = defaults.interface_info()
- try:
-@@ -1037,7 +1036,8 @@ allow %s_t %s_t:%s_socket name_%s;
+-methods = []
+-fn = defaults.interface_info()
+-try:
+- fd = open(fn)
+- # List of per_role_template interfaces
+- ifs = interfaces.InterfaceSet()
+- ifs.from_file(fd)
+- methods = ifs.interfaces.keys()
+- fd.close()
+-except:
+- sys.stderr.write("could not open interface info [%s]\n" % fn)
+- sys.exit(1)
+-
+ def get_rpm_nvr_from_header(hdr):
+ 'Given an RPM header return the package NVR as a string'
+ name = hdr['name']
+@@ -587,7 +573,7 @@ class policy:
+ def generate_network_action(self, protocol, action, port_name):
+ line = ""
+ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
+- if method in methods:
++ if method in sepolicy.get_methods():
+ line = "%s(%s_t)\n" % (method, self.name)
+ else:
+ line = """
+@@ -1037,7 +1023,8 @@ allow %s_t %s_t:%s_socket name_%s;
########################################
#
# %s local policy
@@ -1732,6 +1772,53 @@ index 26f8390..a23ce9b 100644
newte += self.generate_capabilities()
newte += self.generate_process()
newte += self.generate_network_types()
+diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
+index 8b063ca..5e92c7c 100644
+--- a/policycoreutils/sepolicy/sepolicy/interface.py
++++ b/policycoreutils/sepolicy/sepolicy/interface.py
+@@ -27,7 +27,7 @@ import sepolgen.interfaces as interfaces
+ import sepolgen.defaults as defaults
+ ADMIN_TRANSITION_INTERFACE = "_admin$"
+ USER_TRANSITION_INTERFACE = "_role$"
+-from sepolicy.generate import get_all_types
++import selinux
+
+ __all__ = [ 'get', 'get_admin', 'get_user' ]
+
+@@ -48,24 +48,10 @@ except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+-def get():
+- """ Get all Methods """
+- fn = defaults.interface_info()
+- try:
+- fd = open(fn)
+- ifs = interfaces.InterfaceSet()
+- ifs.from_file(fd)
+- methods = ifs.interfaces.keys()
+- fd.close()
+- except:
+- raise ValueError(_("could not open interface info [%s]\n") % fn)
+-
+- return methods
+-
+ def get_admin():
+ """ Get all domains with an admin interface"""
+ admin_list = []
+- for i in get():
++ for i in sepolicy.get_methods():
+ if i.endswith("_admin"):
+ admin_list.append(i.split("_admin")[0])
+ return admin_list
+@@ -76,6 +62,6 @@ def get_user():
+ for i in get():
+ m = re.findall("(.*)%s" % USER_TRANSITION_INTERFACE, i)
+ if len(m) > 0:
+- if "%s_exec_t" % m[0] in get_all_types():
++ if "%s_exec_t" % m[0] in sepolicy.get_all_types():
+ trans_list.append(m[0])
+ return trans_list
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
index 25062da..b3c24e6 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 06eac76..5dddc1c 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -324,6 +324,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Fri Feb 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-12
+- Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package
+
* Fri Feb 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-11
- sepolgen-ifgen should use the current policy path if selinux is enabled
@@ -355,7 +358,7 @@ do not drop capabilities when run as root.
* Thu Feb 14 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-4
- Revert some changes which are causing the wrong policy version file to be created
-- Switch sandbox to start using openbox rather then matchpbox
+- Switch sandbox to start using openbox rather then matchbox
- Make sepolgen a symlink to sepolicy
- update translations
More information about the scm-commits
mailing list