pool/setools
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 292400 from security:SELinux

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/292400
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/setools?expand=0&rev=26
This commit is contained in:
Dominique Leuenberger 2015-03-25 20:05:00 +00:00 committed by Git OBS Bridge
commit eeb078128d
9 changed files with 31 additions and 3140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
View File

@ -1,28 +0,0 @@
From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 15:40:28 -0400
Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail
---
libqpol/src/avrule_query.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
index 749565b..76dcaa3 100644
--- a/libqpol/src/avrule_query.c
+++ b/libqpol/src/avrule_query.c
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
- errno = ENOTSUP;
- return STATUS_ERR;
+/* errno = ENOTSUP;
+ return STATUS_ERR; */
+ return STATUS_SUCCESS;
}
db = &policy->p->p;
--
1.7.6.2

1491
0006-Changes-to-support-named-file_trans-rules.patch
View File

File diff suppressed because it is too large Load Diff

277
0007-Remove-unused-variables.patch
View File

@ -1,277 +0,0 @@
From e30036e358b8f1c3f56048b467e8646fa3bfffb6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Sep 2011 16:40:26 -0400
Subject: [PATCH 7/7] Remove unused variables
---
libapol/src/ftrule-query.c | 11 ++----
libqpol/src/ftrule_query.c | 2 -
secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++-----------
3 files changed, 68 insertions(+), 31 deletions(-)
diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
index dc248de..9c7a23b 100644
--- a/libapol/src/ftrule-query.c
+++ b/libapol/src/ftrule-query.c
@@ -45,14 +45,11 @@ struct apol_filename_trans_query
int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
{
apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
- char *bool_name = NULL;
+ int retval = -1, source_as_any = 0, is_regex = 0;
*v = NULL;
- unsigned int flags = 0;
- qpol_iterator_t *iter = NULL, *type_iter = NULL;
+ qpol_iterator_t *iter = NULL;
if (t != NULL) {
- flags = t->flags;
is_regex = t->flags & APOL_QUERY_REGEX;
if (t->source != NULL &&
(source_list =
@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
goto cleanup;
}
- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
+ int match_source = 0, match_target = 0, match_default = 0;
size_t i;
if (source_list == NULL) {
@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
{
char *tmp = NULL;
const char *tmp_name = NULL;
- const char *filename_trans_type_str;
int error = 0;
size_t tmp_sz = 0;
- uint32_t filename_trans_type = 0;
const qpol_type_t *type = NULL;
const qpol_class_t *obj_class = NULL;
diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
index d6db848..3148d30 100644
--- a/libqpol/src/ftrule_query.c
+++ b/libqpol/src/ftrule_query.c
@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
{
- policydb_t *db = NULL;
filename_trans_t *ft = NULL;
if (name) {
@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
return STATUS_ERR;
}
- db = &policy->p->p;
ft = (filename_trans_t *) rule;
*name = ft->name;
diff --git a/secmds/sesearch.c b/secmds/sesearch.c
index e44b3bc..319ffe7 100644
--- a/secmds/sesearch.c
+++ b/secmds/sesearch.c
@@ -72,6 +72,7 @@ static struct option const longopts[] = {
{"source", required_argument, NULL, 's'},
{"target", required_argument, NULL, 't'},
+ {"default", required_argument, NULL, 'D'},
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
{"class", required_argument, NULL, 'c'},
@@ -92,6 +93,7 @@ typedef struct options
{
char *src_name;
char *tgt_name;
+ char *default_name;
char *src_role_name;
char *tgt_role_name;
char *class_name;
@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
tmp = apol_cond_expr_render(policy, cond);
enable_char = (enabled ? 'E' : 'D');
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
qpol_iterator_destroy(&iter);
enable_char = (enabled ? 'E' : 'D');
branch_char = (list ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
tmp = apol_cond_expr_render(policy, cond);
enable_char = (enabled ? 'E' : 'D');
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
qpol_iterator_destroy(&iter);
enable_char = (enabled ? 'E' : 'D');
branch_char = (list ? 'T' : 'F');
- asprintf(&expr, "[ %s ]", tmp);
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
free(tmp);
tmp = NULL;
if (!expr)
@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
return -1;
}
- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
+ if (!opt->type && !opt->all) {
*v = NULL;
return 0; /* no search to do */
}
@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
if (opt->src_name) {
- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
error = errno;
goto err;
}
}
+
if (opt->tgt_name) {
if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
error = errno;
goto err;
}
}
+ if (opt->default_name) {
+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
+ error = errno;
+ goto err;
+ }
+ }
+
+ if (opt->class_name) {
+ if (opt->class_vector == NULL) {
+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
+ error = errno;
+ goto err;
+ }
+ } else {
+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
+ char *class_name;
+ class_name = apol_vector_get_element(opt->class_vector, i);
+ if (!class_name)
+ continue;
+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
+ error = errno;
+ goto err;
+ }
+ }
+ }
+ }
if (apol_filename_trans_get_by_query(policy, ftq, v)) {
error = errno;
@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
{
- qpol_policy_t *q = apol_policy_get_qpol(policy);
- size_t i, num_rules = 0;
- const qpol_filename_trans_t *rule = NULL;
- char *tmp = NULL, *rule_str = NULL, *expr = NULL;
+ size_t i, num_filename_trans = 0;
+ const qpol_filename_trans_t *filename_trans = NULL;
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
char enable_char = ' ', branch_char = ' ';
qpol_iterator_t *iter = NULL;
const qpol_cond_t *cond = NULL;
uint32_t enabled = 0, list = 0;
- if (!(num_rules = apol_vector_get_size(v)))
+ if (!(num_filename_trans = apol_vector_get_size(v)))
goto cleanup;
- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
- for (i = 0; i < num_rules; i++) {
+ for (i = 0; i < num_filename_trans; i++) {
enable_char = branch_char = ' ';
- if (!(rule = apol_vector_get_element(v, i)))
+ if (!(filename_trans = apol_vector_get_element(v, i)))
goto cleanup;
- if (!(rule_str = apol_filename_trans_render(policy, rule)))
+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
goto cleanup;
- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
- free(rule_str);
- rule_str = NULL;
+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
+ free(filename_trans_str);
+ filename_trans_str = NULL;
free(expr);
expr = NULL;
}
cleanup:
free(tmp);
- free(rule_str);
+ free(filename_trans_str);
free(expr);
}
@@ -930,7 +962,7 @@ int main(int argc, char **argv)
memset(&cmd_opts, 0, sizeof(cmd_opts));
cmd_opts.indirect = true;
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
switch (optc) {
case 0:
break;
@@ -946,6 +978,18 @@ int main(int argc, char **argv)
exit(1);
}
break;
+ case 'D': /* source */
+ if (optarg == 0) {
+ usage(argv[0], 1);
+ printf("Missing source default type for -D (--default)\n");
+ exit(1);
+ }
+ cmd_opts.default_name = strdup(optarg);
+ if (!cmd_opts.default_name) {
+
+ exit(1);
+ }
+ break;
case 't': /* target */
if (optarg == 0) {
usage(argv[0], 1);
@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
fprintf(stdout, "\n");
}
- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
+ if (cmd_opts.all || cmd_opts.type) {
apol_vector_destroy(&v);
if (perform_ft_query(policy, &cmd_opts, &v)) {
rt = 1;
--
1.7.6.2

3
setools-3.3.7.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2bfa0918746bdcc910b16b26a51109a4ffd07404c306141ada584cb36e3c895a
size 940657

3
setools-3.3.8.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:49494d15d61516ba0c09bfaf5fdc069954ed1ae1e014213254e7d545e97552df
size 1184419

14
setools-3.3.6-libsepol.patch → setools-libsepol.patch
View File

@ -29,16 +29,4 @@ Index: setools-3.3.6/configure.ac
}])], }])],
AC_MSG_RESULT([yes]), AC_MSG_RESULT([yes]),
AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
Index: setools-3.3.6/libqpol/src/policy_define.c
===================================================================
--- setools-3.3.6.orig/libqpol/src/policy_define.c
+++ setools-3.3.6/libqpol/src/policy_define.c
@@ -2031,7 +2031,7 @@ int define_role_trans(void)
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
#ifdef HAVE_SEPOL_USER_ROLE_MAPPING
- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
#else
if (role_set_expand(&roles, &e_roles, policydbp))
#endif

1311
setools-python.patch
View File

File diff suppressed because it is too large Load Diff

21
setools.changes
View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Mon Mar 23 02:32:05 UTC 2015 - p.drouand@gmail.com
- Update to version 3.3.8
* Fix bug preventing seaudit from starting
* Add python bindings for seinfo and sesearch
* seinfo exits with an error status
* Support for named file transition rules
* Add support for default types in sesearch
* Man page updates for seinfo, seaudit, and sediff
* Fix file type drop down list for open/close Apol query
* Fix compile errors on new parameter in libsepol role_set_expand().
- Update home project and download Urls
- Remove merged patches
* setools-python.patch
* 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
* 0006-Changes-to-support-named-file_trans-rules.patch
* 0007-Remove-unused-variables.patch
- Update setools-3.3.6-libsepol.patch > setools-libsepol.patch
- Remove redundant %clean section
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 26 20:47:23 CEST 2014 - ro@suse.de Mon May 26 20:47:23 CEST 2014 - ro@suse.de

23
setools.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package setools # spec file for package setools
# #
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -19,13 +19,13 @@
%define dataversion 3.3 %define dataversion 3.3
Name: setools Name: setools
Version: 3.3.7 Version: 3.3.8
Release: 0 Release: 0
Url: http://oss.tresys.com/projects/setools/ Url: https://github.com/TresysTechnology/setools3/wiki
Summary: Policy analysis tools for SELinux Summary: Policy analysis tools for SELinux
License: GPL-2.0 License: GPL-2.0
Group: System/Base Group: System/Base
Source: http://oss.tresys.com/projects/setools/chrome/site/dists/%{name}-%{version}/%{name}-%{version}.tar.bz2 Source: https://github.com/TresysTechnology/setools3/archive/%{name}-%{version}.tar.gz
Source1: setools.pam Source1: setools.pam
Source2: apol.desktop Source2: apol.desktop
Source3: seaudit.desktop Source3: seaudit.desktop
@ -33,15 +33,11 @@ Source4: sediffx.desktop
Patch0: %{name}-3.3.5-javacflags.patch Patch0: %{name}-3.3.5-javacflags.patch
Patch1: %{name}-3.3.5-nonvoid.patch Patch1: %{name}-3.3.5-nonvoid.patch
Patch2: %{name}-3.3.5-strcmp.patch Patch2: %{name}-3.3.5-strcmp.patch
Patch4: %{name}-python.patch
Patch6: %{name}-setup_py-prefix.patch Patch6: %{name}-setup_py-prefix.patch
Patch7: %{name}-swig-2x.patch Patch7: %{name}-swig-2x.patch
Patch8: %{name}-swig-2.0.7.patch Patch8: %{name}-swig-2.0.7.patch
Patch9: %{name}-am121.patch Patch9: %{name}-am121.patch
Patch10: %{name}-3.3.6-libsepol.patch Patch10: %{name}-libsepol.patch
Patch11: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
Patch15: 0006-Changes-to-support-named-file_trans-rules.patch
Patch16: 0007-Remove-unused-variables.patch
Patch23: add-to-header-define_cond_filename_trans.patch Patch23: add-to-header-define_cond_filename_trans.patch
Patch24: setools-3.3.7-libselinux-2.3.patch Patch24: setools-3.3.7-libselinux-2.3.patch
@ -224,19 +220,15 @@ This package includes the following graphical tools:
%define tcllibdir %{_libdir}/setools %define tcllibdir %{_libdir}/setools
%prep %prep
%setup -q %setup -q -n %{name}3-%{name}-%{version}
%patch0 %patch0
%patch1 %patch1
%patch2 %patch2
%patch4 -p1
%patch6 -p1 %patch6 -p1
%patch7 %patch7
%patch8 %patch8
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
%patch15 -p1
%patch16 -p1
%patch23 -p1 %patch23 -p1
%patch24 -p1 %patch24 -p1
@ -288,9 +280,6 @@ if [ "%{python_sitelib}" != "%{python_sitearch}" ]; then
mv $RPM_BUILD_ROOT%{python_sitelib}/setools/* $RPM_BUILD_ROOT%{python_sitearch}/setools/ mv $RPM_BUILD_ROOT%{python_sitelib}/setools/* $RPM_BUILD_ROOT%{python_sitearch}/setools/
fi fi
%clean
rm -rf $RPM_BUILD_ROOT
%files libs %files libs
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc AUTHORS ChangeLog COPYING COPYING.GPL COPYING.LGPL KNOWN-BUGS NEWS README %doc AUTHORS ChangeLog COPYING COPYING.GPL COPYING.LGPL KNOWN-BUGS NEWS README