setroubleshoot is using sesearch to look for types that domains can access. For example if I setup apache to bind to port 81, it will generate an AVC that states apache is not allowed to name_bind to port_t. We want to have setroubleshoot state that it can bind to ports named http_port_t ... Then the instruct the admin to execute semanage port -a -t http_port_t -P tcp 81 Similarly if we have a domain that tries to read files labeled default_t, we could come up with a list of domains that the domain can read and tell the user to change the type to one of the domains. We developed a python binding for sesearch to be able to give us this data. Similarly system-config-selinux/polgengui present data to the user in a gui that needs information that seinfo can provide. What are the permissive domains, What types are domains, what types are file_types, what domains are user domains ... Rather then trying to scrape this data from the seinfo command, we wanted to add a python binding.
diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac --- setools-3.3.6/configure.ac.python 2009-08-10 15:24:55.000000000 -0400 +++ setools-3.3.6/configure.ac 2009-08-10 15:24:59.000000000 -0400 @@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then do_swigify_java=yes do_swigify=yes fi + +AM_PATH_PYTHON(2.6) + AC_ARG_ENABLE(swig-python, AC_HELP_STRING([--enable-swig-python], [build SWIG interfaces for Python]), @@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then if test ${do_swigify} = no; then AC_PROG_SWIG(1.3.28) fi - AM_PATH_PYTHON(2.3) SWIG_PYTHON do_swigify_python=yes do_swigify=yes @@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \ sediff/Makefile \ man/Makefile \ debian/Makefile \ + python/Makefile \ + python/setools/Makefile \ packages/Makefile packages/rpm/Makefile \ packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc]) diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am --- setools-3.3.6/Makefile.am.python 2009-08-10 15:23:45.000000000 -0400 +++ setools-3.3.6/Makefile.am 2009-08-10 15:23:50.000000000 -0400 @@ -10,7 +10,7 @@ if BUILD_GUI endif # sediffx is also built conditionally, from sediffx/Makefile.am -SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) +SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python #old indent opts #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in --- setools-3.3.6/Makefile.in.python 2009-08-10 15:24:17.000000000 -0400 +++ setools-3.3.6/Makefile.in 2009-08-10 15:25:59.000000000 -0400 @@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE ETAGS = etags CTAGS = ctags DIST_SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds \ - sechecker sediff man packages debian apol seaudit + sechecker sediff man packages debian apol seaudit python DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2 @BUILD_APOL_TRUE@MAYBE_APOL = apol @BUILD_GUI_TRUE@MAYBE_GUI = seaudit # sediffx is also built conditionally, from sediffx/Makefile.am -SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) +SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python #old indent opts #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc diff -up setools-3.3.6/python/Makefile.am.python setools-3.3.6/python/Makefile.am --- setools-3.3.6/python/Makefile.am.python 2009-08-11 09:57:16.000000000 -0400 +++ setools-3.3.6/python/Makefile.am 2009-08-10 15:23:25.000000000 -0400 @@ -0,0 +1,2 @@ +SUBDIRS = setools + diff -up setools-3.3.6/python/Makefile.in.python setools-3.3.6/python/Makefile.in --- setools-3.3.6/python/Makefile.in.python 2009-08-11 09:57:20.000000000 -0400 +++ setools-3.3.6/python/Makefile.in 2009-08-10 15:25:58.000000000 -0400 @@ -0,0 +1,715 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = python +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \ + $(top_srcdir)/m4/ac_java_options.m4 \ + $(top_srcdir)/m4/ac_pkg_swig.m4 \ + $(top_srcdir)/m4/ac_prog_jar.m4 \ + $(top_srcdir)/m4/ac_prog_java.m4 \ + $(top_srcdir)/m4/ac_prog_java_works.m4 \ + $(top_srcdir)/m4/ac_prog_javac.m4 \ + $(top_srcdir)/m4/ac_prog_javac_works.m4 \ + $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +APOL_CFLAGS = @APOL_CFLAGS@ +APOL_LIB_FLAG = @APOL_LIB_FLAG@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BWIDGET_DESTDIR = @BWIDGET_DESTDIR@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH = @CYGPATH@ +CYGPATH_W = @CYGPATH_W@ +DEBUGCFLAGS = @DEBUGCFLAGS@ +DEBUGCXXFLAGS = @DEBUGCXXFLAGS@ +DEBUGJFLAGS = @DEBUGJFLAGS@ +DEBUGLDFLAGS = @DEBUGLDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GLADE_CFLAGS = @GLADE_CFLAGS@ +GLADE_LIBS = @GLADE_LIBS@ +GREP = @GREP@ +GTHREAD_CFLAGS = @GTHREAD_CFLAGS@ +GTHREAD_LIBS = @GTHREAD_LIBS@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +JAR = @JAR@ +JAVA = @JAVA@ +JAVAC = @JAVAC@ +JAVACFLAGS = @JAVACFLAGS@ +JAVAFLAGS = @JAVAFLAGS@ +JAVAPREFIX = @JAVAPREFIX@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@ +PIXBUF_LIBS = @PIXBUF_LIBS@ +PKG_CFLAGS = @PKG_CFLAGS@ +PKG_HEADERS = @PKG_HEADERS@ +PKG_INCLUDES = @PKG_INCLUDES@ +PKG_LIBS = @PKG_LIBS@ +PKG_LIB_FILE = @PKG_LIB_FILE@ +PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@ +PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@ +PKG_STUB_SOURCES = @PKG_STUB_SOURCES@ +PKG_TCL_SOURCES = @PKG_TCL_SOURCES@ +POLDIFF_CFLAGS = @POLDIFF_CFLAGS@ +POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@ +PROFILECFLAGS = @PROFILECFLAGS@ +PROFILELDFLAGS = @PROFILELDFLAGS@ +PYTHON = @PYTHON@ +PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@ +PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@ +PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_SITE_PKG = @PYTHON_SITE_PKG@ +PYTHON_VERSION = @PYTHON_VERSION@ +QPOL_CFLAGS = @QPOL_CFLAGS@ +QPOL_LIB_FLAG = @QPOL_LIB_FLAG@ +RANLIB = @RANLIB@ +SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@ +SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@ +SED = @SED@ +SEFS_CFLAGS = @SEFS_CFLAGS@ +SEFS_LIB_FLAG = @SEFS_LIB_FLAG@ +SELINUX_CFLAGS = @SELINUX_CFLAGS@ +SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE3_CFLAGS = @SQLITE3_CFLAGS@ +SQLITE3_LIBS = @SQLITE3_LIBS@ +STRIP = @STRIP@ +SWIG = @SWIG@ +SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@ +SWIG_JAVA_OPT = @SWIG_JAVA_OPT@ +SWIG_LIB = @SWIG_LIB@ +SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@ +SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@ +SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@ +SWIG_TCL_OPT = @SWIG_TCL_OPT@ +TCLSH_PROG = @TCLSH_PROG@ +TCL_AUTOPATH = @TCL_AUTOPATH@ +TCL_BIN_DIR = @TCL_BIN_DIR@ +TCL_DEFS = @TCL_DEFS@ +TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@ +TCL_INCLUDES = @TCL_INCLUDES@ +TCL_LD_FLAGS = @TCL_LD_FLAGS@ +TCL_LIBS = @TCL_LIBS@ +TCL_LIB_FILE = @TCL_LIB_FILE@ +TCL_LIB_FLAG = @TCL_LIB_FLAG@ +TCL_LIB_SPEC = @TCL_LIB_SPEC@ +TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@ +TCL_SRC_DIR = @TCL_SRC_DIR@ +TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@ +TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@ +TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@ +TCL_VERSION = @TCL_VERSION@ +TK_BIN_DIR = @TK_BIN_DIR@ +TK_INCLUDES = @TK_INCLUDES@ +TK_LIBS = @TK_LIBS@ +TK_LIB_FILE = @TK_LIB_FILE@ +TK_LIB_FLAG = @TK_LIB_FLAG@ +TK_LIB_SPEC = @TK_LIB_SPEC@ +TK_SRC_DIR = @TK_SRC_DIR@ +TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@ +TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@ +TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@ +TK_VERSION = @TK_VERSION@ +TK_XINCLUDES = @TK_XINCLUDES@ +VERSION = @VERSION@ +WARNCFLAGS = @WARNCFLAGS@ +WARNCXXFLAGS = @WARNCXXFLAGS@ +WARNJFLAGS = @WARNJFLAGS@ +WARNLDFLAGS = @WARNLDFLAGS@ +WISH_PROG = @WISH_PROG@ +XMKMF = @XMKMF@ +XML_CFLAGS = @XML_CFLAGS@ +XML_LIBS = @XML_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +has_pkg_config = @has_pkg_config@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +javadir = @javadir@ +libapol_jswig_soname = @libapol_jswig_soname@ +libapol_pyswig_soname = @libapol_pyswig_soname@ +libapol_soname = @libapol_soname@ +libapol_soversion = @libapol_soversion@ +libapol_tswig_soname = @libapol_tswig_soname@ +libapol_version = @libapol_version@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libpoldiff_jswig_soname = @libpoldiff_jswig_soname@ +libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@ +libpoldiff_soname = @libpoldiff_soname@ +libpoldiff_soversion = @libpoldiff_soversion@ +libpoldiff_tswig_soname = @libpoldiff_tswig_soname@ +libpoldiff_version = @libpoldiff_version@ +libqpol_jswig_soname = @libqpol_jswig_soname@ +libqpol_pyswig_soname = @libqpol_pyswig_soname@ +libqpol_soname = @libqpol_soname@ +libqpol_soversion = @libqpol_soversion@ +libqpol_tswig_soname = @libqpol_tswig_soname@ +libqpol_version = @libqpol_version@ +libseaudit_jswig_soname = @libseaudit_jswig_soname@ +libseaudit_pyswig_soname = @libseaudit_pyswig_soname@ +libseaudit_soname = @libseaudit_soname@ +libseaudit_soversion = @libseaudit_soversion@ +libseaudit_tswig_soname = @libseaudit_tswig_soname@ +libseaudit_version = @libseaudit_version@ +libsefs_jswig_soname = @libsefs_jswig_soname@ +libsefs_pyswig_soname = @libsefs_pyswig_soname@ +libsefs_soname = @libsefs_soname@ +libsefs_soversion = @libsefs_soversion@ +libsefs_tswig_soname = @libsefs_tswig_soname@ +libsefs_version = @libsefs_version@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +profile_install_dir = @profile_install_dir@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +selinux_default_policy = @selinux_default_policy@ +selinux_policy_dir = @selinux_policy_dir@ +sepol_srcdir = @sepol_srcdir@ +setoolsdir = @setoolsdir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +uudecode = @uudecode@ +SUBDIRS = setools +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu python/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic clean-libtool \ + ctags ctags-recursive distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -up setools-3.3.6/python/setools/__init__.py.python setools-3.3.6/python/setools/__init__.py --- setools-3.3.6/python/setools/__init__.py.python 2009-08-11 09:56:37.000000000 -0400 +++ setools-3.3.6/python/setools/__init__.py 2009-08-10 17:28:48.000000000 -0400 @@ -0,0 +1,49 @@ +#!/usr/bin/env python + +# Author: Thomas Liu <tliu@xxxxxxxxxx> + +import _sesearch +import _seinfo +import types + +TYPE = _seinfo.TYPE +ROLE = _seinfo.ROLE +ATTRIBUTE = _seinfo.ATTRIBUTE +USER = _seinfo.USER + +ALLOW = 'allow' +AUDITALLOW = 'auditallow' +NEVERALLOW = 'neverallow' +DONTAUDIT = 'dontaudit' +SCONTEXT = 'scontext' +TCONTEXT = 'tcontext' +PERMS = 'permlist' +CLASS = 'class' + +def sesearch(types, info): + valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT] + for type in types: + if type not in valid_types: + raise ValueError("Type has to be in %s" % valid_types) + info[type] = True + + perms = [] + if PERMS in info: + perms = info[PERMS] + info[PERMS] = ",".join(info[PERMS]) + + + dict_list = _sesearch.sesearch(info) + if len(perms) != 0: + dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list) + return dict_list + +def dict_has_perms(dict, perms): + for perm in perms: + if perm not in dict[PERMS]: + return False + return True + +def seinfo(setype, name=None): + dict_list = _seinfo.seinfo(setype, name) + return dict_list diff -up setools-3.3.6/python/setools/Makefile.am.python setools-3.3.6/python/setools/Makefile.am --- setools-3.3.6/python/setools/Makefile.am.python 2009-08-11 09:56:25.000000000 -0400 +++ setools-3.3.6/python/setools/Makefile.am 2009-08-10 15:23:25.000000000 -0400 @@ -0,0 +1,24 @@ +EXTRA_DIST = \ + sesearch.c \ + seinfo.c \ + __init__.py \ + setup.py \ + $(NULL) + +all-am: python-build + +python-build: sesearch.c seinfo.c + @mkdir -p setools + @cp __init__.py setools + $(PYTHON) setup.py build + +install-exec-hook: + $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` + +uninstall-hook: + $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` + +clean-local: + $(PYTHON) setup.py clean -a + rm -f *~ + diff -up setools-3.3.6/python/setools/Makefile.in.python setools-3.3.6/python/setools/Makefile.in --- setools-3.3.6/python/setools/Makefile.in.python 2009-08-11 09:56:30.000000000 -0400 +++ setools-3.3.6/python/setools/Makefile.in 2009-08-10 15:25:58.000000000 -0400 @@ -0,0 +1,539 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = python/setools +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \ + $(top_srcdir)/m4/ac_java_options.m4 \ + $(top_srcdir)/m4/ac_pkg_swig.m4 \ + $(top_srcdir)/m4/ac_prog_jar.m4 \ + $(top_srcdir)/m4/ac_prog_java.m4 \ + $(top_srcdir)/m4/ac_prog_java_works.m4 \ + $(top_srcdir)/m4/ac_prog_javac.m4 \ + $(top_srcdir)/m4/ac_prog_javac_works.m4 \ + $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +APOL_CFLAGS = @APOL_CFLAGS@ +APOL_LIB_FLAG = @APOL_LIB_FLAG@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BWIDGET_DESTDIR = @BWIDGET_DESTDIR@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH = @CYGPATH@ +CYGPATH_W = @CYGPATH_W@ +DEBUGCFLAGS = @DEBUGCFLAGS@ +DEBUGCXXFLAGS = @DEBUGCXXFLAGS@ +DEBUGJFLAGS = @DEBUGJFLAGS@ +DEBUGLDFLAGS = @DEBUGLDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GLADE_CFLAGS = @GLADE_CFLAGS@ +GLADE_LIBS = @GLADE_LIBS@ +GREP = @GREP@ +GTHREAD_CFLAGS = @GTHREAD_CFLAGS@ +GTHREAD_LIBS = @GTHREAD_LIBS@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +JAR = @JAR@ +JAVA = @JAVA@ +JAVAC = @JAVAC@ +JAVACFLAGS = @JAVACFLAGS@ +JAVAFLAGS = @JAVAFLAGS@ +JAVAPREFIX = @JAVAPREFIX@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIXBUF_CFLAGS = @PIXBUF_CFLAGS@ +PIXBUF_LIBS = @PIXBUF_LIBS@ +PKG_CFLAGS = @PKG_CFLAGS@ +PKG_HEADERS = @PKG_HEADERS@ +PKG_INCLUDES = @PKG_INCLUDES@ +PKG_LIBS = @PKG_LIBS@ +PKG_LIB_FILE = @PKG_LIB_FILE@ +PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@ +PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@ +PKG_STUB_SOURCES = @PKG_STUB_SOURCES@ +PKG_TCL_SOURCES = @PKG_TCL_SOURCES@ +POLDIFF_CFLAGS = @POLDIFF_CFLAGS@ +POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@ +PROFILECFLAGS = @PROFILECFLAGS@ +PROFILELDFLAGS = @PROFILELDFLAGS@ +PYTHON = @PYTHON@ +PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@ +PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@ +PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_SITE_PKG = @PYTHON_SITE_PKG@ +PYTHON_VERSION = @PYTHON_VERSION@ +QPOL_CFLAGS = @QPOL_CFLAGS@ +QPOL_LIB_FLAG = @QPOL_LIB_FLAG@ +RANLIB = @RANLIB@ +SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@ +SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@ +SED = @SED@ +SEFS_CFLAGS = @SEFS_CFLAGS@ +SEFS_LIB_FLAG = @SEFS_LIB_FLAG@ +SELINUX_CFLAGS = @SELINUX_CFLAGS@ +SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE3_CFLAGS = @SQLITE3_CFLAGS@ +SQLITE3_LIBS = @SQLITE3_LIBS@ +STRIP = @STRIP@ +SWIG = @SWIG@ +SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@ +SWIG_JAVA_OPT = @SWIG_JAVA_OPT@ +SWIG_LIB = @SWIG_LIB@ +SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@ +SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@ +SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@ +SWIG_TCL_OPT = @SWIG_TCL_OPT@ +TCLSH_PROG = @TCLSH_PROG@ +TCL_AUTOPATH = @TCL_AUTOPATH@ +TCL_BIN_DIR = @TCL_BIN_DIR@ +TCL_DEFS = @TCL_DEFS@ +TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@ +TCL_INCLUDES = @TCL_INCLUDES@ +TCL_LD_FLAGS = @TCL_LD_FLAGS@ +TCL_LIBS = @TCL_LIBS@ +TCL_LIB_FILE = @TCL_LIB_FILE@ +TCL_LIB_FLAG = @TCL_LIB_FLAG@ +TCL_LIB_SPEC = @TCL_LIB_SPEC@ +TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@ +TCL_SRC_DIR = @TCL_SRC_DIR@ +TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@ +TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@ +TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@ +TCL_VERSION = @TCL_VERSION@ +TK_BIN_DIR = @TK_BIN_DIR@ +TK_INCLUDES = @TK_INCLUDES@ +TK_LIBS = @TK_LIBS@ +TK_LIB_FILE = @TK_LIB_FILE@ +TK_LIB_FLAG = @TK_LIB_FLAG@ +TK_LIB_SPEC = @TK_LIB_SPEC@ +TK_SRC_DIR = @TK_SRC_DIR@ +TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@ +TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@ +TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@ +TK_VERSION = @TK_VERSION@ +TK_XINCLUDES = @TK_XINCLUDES@ +VERSION = @VERSION@ +WARNCFLAGS = @WARNCFLAGS@ +WARNCXXFLAGS = @WARNCXXFLAGS@ +WARNJFLAGS = @WARNJFLAGS@ +WARNLDFLAGS = @WARNLDFLAGS@ +WISH_PROG = @WISH_PROG@ +XMKMF = @XMKMF@ +XML_CFLAGS = @XML_CFLAGS@ +XML_LIBS = @XML_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +has_pkg_config = @has_pkg_config@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +javadir = @javadir@ +libapol_jswig_soname = @libapol_jswig_soname@ +libapol_pyswig_soname = @libapol_pyswig_soname@ +libapol_soname = @libapol_soname@ +libapol_soversion = @libapol_soversion@ +libapol_tswig_soname = @libapol_tswig_soname@ +libapol_version = @libapol_version@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libpoldiff_jswig_soname = @libpoldiff_jswig_soname@ +libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@ +libpoldiff_soname = @libpoldiff_soname@ +libpoldiff_soversion = @libpoldiff_soversion@ +libpoldiff_tswig_soname = @libpoldiff_tswig_soname@ +libpoldiff_version = @libpoldiff_version@ +libqpol_jswig_soname = @libqpol_jswig_soname@ +libqpol_pyswig_soname = @libqpol_pyswig_soname@ +libqpol_soname = @libqpol_soname@ +libqpol_soversion = @libqpol_soversion@ +libqpol_tswig_soname = @libqpol_tswig_soname@ +libqpol_version = @libqpol_version@ +libseaudit_jswig_soname = @libseaudit_jswig_soname@ +libseaudit_pyswig_soname = @libseaudit_pyswig_soname@ +libseaudit_soname = @libseaudit_soname@ +libseaudit_soversion = @libseaudit_soversion@ +libseaudit_tswig_soname = @libseaudit_tswig_soname@ +libseaudit_version = @libseaudit_version@ +libsefs_jswig_soname = @libsefs_jswig_soname@ +libsefs_pyswig_soname = @libsefs_pyswig_soname@ +libsefs_soname = @libsefs_soname@ +libsefs_soversion = @libsefs_soversion@ +libsefs_tswig_soname = @libsefs_tswig_soname@ +libsefs_version = @libsefs_version@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +profile_install_dir = @profile_install_dir@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +selinux_default_policy = @selinux_default_policy@ +selinux_policy_dir = @selinux_policy_dir@ +sepol_srcdir = @sepol_srcdir@ +setoolsdir = @setoolsdir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +uudecode = @uudecode@ +EXTRA_DIST = \ + sesearch.c \ + seinfo.c \ + __init__.py \ + setup.py \ + $(NULL) + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/setools/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu python/setools/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook +.MAKE: install-am install-exec-am install-strip uninstall-am + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-hook + + +all-am: python-build + +python-build: sesearch.c seinfo.c + @mkdir -p setools + @cp __init__.py setools + $(PYTHON) setup.py build + +install-exec-hook: + $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` + +uninstall-hook: + $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` + +clean-local: + $(PYTHON) setup.py clean -a + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -up setools-3.3.6/python/setools/seinfo.c.python setools-3.3.6/python/setools/seinfo.c --- setools-3.3.6/python/setools/seinfo.c.python 2009-08-11 09:56:01.000000000 -0400 +++ setools-3.3.6/python/setools/seinfo.c 2009-08-11 09:45:32.000000000 -0400 @@ -0,0 +1,649 @@ +/** + * @file + * Command line tool to search TE rules. + * + * @author Frank Mayer mayerf@xxxxxxxxxx + * @author Jeremy A. Mowery jmowery@xxxxxxxxxx + * @author Paul Rosenfeld prosenfeld@xxxxxxxxxx + * @author Thomas Liu <tliu@xxxxxxxxxx> + * @author Dan Walsh <dwalsh@xxxxxxxxxx> + * + * Copyright (C) 2003-2008 Tresys Technology, LLC + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * This is a modified version of seinfo to be used as part of a library for + * Python bindings. + */ + +#include "Python.h" + +/* libapol */ +#include <apol/policy.h> +#include <apol/policy-query.h> +#include <apol/render.h> +#include <apol/util.h> +#include <apol/vector.h> + +/* libqpol */ +#include <qpol/policy.h> +#include <qpol/util.h> + +/* other */ +#include <errno.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <assert.h> + +#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" +static char *policy_file = NULL; + +enum input +{ + TYPE, ATTRIBUTE, ROLE, USER +}; + +/** + * Gets a textual representation of an attribute, and + * all of that attribute's types. + * + * @param type_datum Reference to sepol type_datum + * @param policydb Reference to a policy + */ +static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb) +{ + int retval = -1; + PyObject *dict = PyDict_New(); + const qpol_type_t *attr_datum = NULL; + qpol_iterator_t *iter = NULL; + const char *attr_name = NULL, *type_name = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + unsigned char isattr; + + if (qpol_type_get_name(q, type_datum, &attr_name)) + goto cleanup; + PyObject *obj = PyString_FromString(attr_name); + PyDict_SetItemString(dict, "name", obj); + Py_DECREF(obj); + + /* get an iterator over all types this attribute has */ + if (qpol_type_get_isattr(q, type_datum, &isattr)) + goto cleanup; + if (isattr) { /* sanity check */ + if (qpol_type_get_type_iter(q, type_datum, &iter)) + goto cleanup; + PyObject *list = PyList_New(0); + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&attr_datum)) + goto cleanup; + if (qpol_type_get_name(q, attr_datum, &type_name)) + goto cleanup; + PyObject *obj = PyString_FromString(type_name); + PyList_Append(list, obj); + Py_DECREF(obj); + } + qpol_iterator_destroy(&iter); + PyDict_SetItemString(dict, "types", list); + Py_DECREF(list); + } else /* this should never happen */ + goto cleanup; + + retval = 0; +cleanup: + qpol_iterator_destroy(&iter); + if (retval) { + Py_DECREF(dict); + return NULL; + } + return dict; +} + +/** + * Gets statistics regarding a policy's attributes. + * If this function is given a name, it will attempt to + * get statistics about a particular attribute; otherwise + * the function gets statistics about all of the policy's + * attributes. + * + * @param name Reference to an attribute's name; if NULL, + * all object classes will be considered + * @param policydb Reference to a policy + * + * @return 0 on success, < 0 on error. + */ +static PyObject* get_attribs(const char *name, const apol_policy_t * policydb) +{ + int retval = -1; + PyObject *list = PyList_New(0); + apol_attr_query_t *attr_query = NULL; + apol_vector_t *v = NULL; + const qpol_type_t *type_datum = NULL; + size_t n_attrs, i; + + /* we are only getting information about 1 attribute */ + if (name != NULL) { + attr_query = apol_attr_query_create(); + if (!attr_query) + goto cleanup; + if (apol_attr_query_set_attr(policydb, attr_query, name)) + goto cleanup; + if (apol_attr_get_by_query(policydb, attr_query, &v)) + goto cleanup; + apol_attr_query_destroy(&attr_query); + if (apol_vector_get_size(v) == 0) { + apol_vector_destroy(&v); + errno = EINVAL; + goto cleanup; + } + + type_datum = apol_vector_get_element(v, (size_t) 0); + PyObject *obj = get_attr(type_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } else { + attr_query = apol_attr_query_create(); + if (!attr_query) + goto cleanup; + if (apol_attr_get_by_query(policydb, attr_query, &v)) + goto cleanup; + apol_attr_query_destroy(&attr_query); + n_attrs = apol_vector_get_size(v); + + for (i = 0; i < n_attrs; i++) { + /* get qpol_type_t* item from vector */ + type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i); + if (!type_datum) + goto cleanup; + PyObject *obj = get_attr(type_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } + } + apol_vector_destroy(&v); + + retval = 0; + cleanup: + apol_attr_query_destroy(&attr_query); + apol_vector_destroy(&v); + if (retval) { + Py_DECREF(list); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + return list; +} + +/** + * Get a textual representation of a type, and + * all of that type's attributes. + * + * @param type_datum Reference to sepol type_datum + * @param policydb Reference to a policy + */ +static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb) +{ + qpol_iterator_t *iter = NULL; + const char *attr_name = NULL; + const qpol_type_t *attr_datum = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + + if (qpol_type_get_attr_iter(q, type_datum, &iter)) + goto cleanup; + PyObject *list = PyList_New(0); + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&attr_datum)) + goto cleanup; + if (qpol_type_get_name(q, attr_datum, &attr_name)) + goto cleanup; + PyObject *obj = PyString_FromString(attr_name); + PyList_Append(list, obj); + Py_DECREF(obj); + } + + cleanup: + qpol_iterator_destroy(&iter); + return list; +} + +static PyObject* get_type( const qpol_type_t * type_datum, const apol_policy_t * policydb) { + + PyObject *dict = PyDict_New(); + qpol_policy_t *q = apol_policy_get_qpol(policydb); + const char *type_name = NULL; + + unsigned char isalias, ispermissive, isattr; + + if (qpol_type_get_name(q, type_datum, &type_name)) + goto cleanup; + if (qpol_type_get_isalias(q, type_datum, &isalias)) + goto cleanup; + if (qpol_type_get_isattr(q, type_datum, &isattr)) + goto cleanup; + if (qpol_type_get_ispermissive(q, type_datum, &ispermissive)) + goto cleanup; + + PyObject *obj = PyString_FromString(type_name); + PyDict_SetItemString(dict, "name", obj); + Py_DECREF(obj); + obj = PyBool_FromLong(ispermissive); + PyDict_SetItemString(dict, "permissive", obj); + Py_DECREF(obj); + if (!isattr && !isalias) { + obj = get_type_attrs(type_datum, policydb); + PyDict_SetItemString(dict, "attributes", obj); + Py_DECREF(obj); + } + return dict; +cleanup: + Py_DECREF(dict); + return NULL; +} + +/** + * Gets a textual representation of a user, and + * all of that user's roles. + * + * @param type_datum Reference to sepol type_datum + * @param policydb Reference to a policy + * roles + */ +static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) +{ + PyObject *dict = NULL; + const qpol_role_t *role_datum = NULL; + qpol_iterator_t *iter = NULL; + const qpol_mls_range_t *range = NULL; + const qpol_mls_level_t *dflt_level = NULL; + apol_mls_level_t *ap_lvl = NULL; + apol_mls_range_t *ap_range = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + char *tmp; + const char *user_name, *role_name; + + if (qpol_user_get_name(q, user_datum, &user_name)) + goto cleanup; + + dict = PyDict_New(); + PyObject *obj = PyString_FromString(user_name); + PyDict_SetItemString(dict, "name", obj); + Py_DECREF(obj); + + if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { + if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) + goto cleanup; + ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); + tmp = apol_mls_level_render(policydb, ap_lvl); + if (!tmp) + goto cleanup; + obj = PyString_FromString(tmp); + PyDict_SetItemString(dict, "level", obj); + Py_DECREF(obj); + free(tmp); + /* print default range */ + if (qpol_user_get_range(q, user_datum, &range)) + goto cleanup; + ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); + tmp = apol_mls_range_render(policydb, ap_range); + if (!tmp) + goto cleanup; + obj = PyString_FromString(tmp); + PyDict_SetItemString(dict, "range", obj); + Py_DECREF(obj); + free(tmp); + } + + if (qpol_user_get_role_iter(q, user_datum, &iter)) + goto cleanup; + PyObject *list = PyList_New(0); + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&role_datum)) { + Py_DECREF(list); + goto cleanup; + } + if (qpol_role_get_name(q, role_datum, &role_name)) { + Py_DECREF(list); + goto cleanup; + } + PyObject *obj = PyString_FromString(role_name); + PyList_Append(list, obj); + Py_DECREF(obj); + } + PyDict_SetItemString(dict, "roles", list); + Py_DECREF(list); + +cleanup: + qpol_iterator_destroy(&iter); + apol_mls_level_destroy(&ap_lvl); + apol_mls_range_destroy(&ap_range); + return dict; +} + +/** + * Gets statistics regarding a policy's users. + * If this function is given a name, it will attempt to + * get statistics about a particular user; otherwise + * the function gets statistics about all of the policy's + * users. + * + * @param name Reference to a user's name; if NULL, + * all users will be considered + * @param policydb Reference to a policy + * + * @return 0 on success, < 0 on error. + */ +static PyObject* get_users(const char *name, const apol_policy_t * policydb) +{ + int retval = -1; + PyObject *list = PyList_New(0); + qpol_iterator_t *iter = NULL; + const qpol_user_t *user_datum = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + + if (name != NULL) { + if (qpol_policy_get_user_by_name(q, name, &user_datum)) { + errno = EINVAL; + goto cleanup; + } + PyObject *obj = get_user(user_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } else { + if (qpol_policy_get_user_iter(q, &iter)) + goto cleanup; + + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&user_datum)) + goto cleanup; + PyObject *obj = get_user(user_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } + qpol_iterator_destroy(&iter); + } + + retval = 0; + cleanup: + qpol_iterator_destroy(&iter); + if (retval) { + Py_DECREF(list); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + return list; +} + +/** + * get a textual representation of a role, and + * all of that role's types. + * + * @param type_datum Reference to sepol type_datum + * @param policydb Reference to a policy + * types + */ +static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb) +{ + int retval = -1; + PyObject *dict = PyDict_New(); + const char *role_name = NULL, *type_name = NULL; + const qpol_role_t *dom_datum = NULL; + const qpol_type_t *type_datum = NULL; + qpol_iterator_t *iter = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + size_t n_dom = 0, n_types = 0; + + if (qpol_role_get_name(q, role_datum, &role_name)) + goto cleanup; + + PyObject *obj = PyString_FromString(role_name); + PyDict_SetItemString(dict, "name", obj); + Py_DECREF(obj); + + if (qpol_role_get_dominate_iter(q, role_datum, &iter)) + goto cleanup; + if (qpol_iterator_get_size(iter, &n_dom)) + goto cleanup; + if ((int)n_dom > 0) { + PyObject *list = PyList_New(0); + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&dom_datum)) + goto cleanup; + if (qpol_role_get_name(q, dom_datum, &role_name)) + goto cleanup; + PyObject *obj = PyString_FromString(role_name); + PyList_Append(list, obj); + Py_DECREF(obj); + } + PyDict_SetItemString(dict, "dominate", list); + Py_DECREF(list); + } + qpol_iterator_destroy(&iter); + + if (qpol_role_get_type_iter(q, role_datum, &iter)) + goto cleanup; + if (qpol_iterator_get_size(iter, &n_types)) + goto cleanup; + if ((int)n_types > 0) { + PyObject *list = PyList_New(0); + /* print types */ + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&type_datum)) + goto cleanup; + if (qpol_type_get_name(q, type_datum, &type_name)) + goto cleanup; + PyObject *obj = PyString_FromString(type_name); + PyList_Append(list, obj); + Py_DECREF(obj); + } + PyDict_SetItemString(dict, "types", list); + Py_DECREF(list); + } + + retval = 0; +cleanup: + qpol_iterator_destroy(&iter); + if (retval) { + Py_DECREF(dict); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + return dict; +} + +/** + * Get statistics regarding a policy's roles. + * If this function is given a name, it will attempt to + * get statistics about a particular role; otherwise + * the function get statistics about all of the policy's roles. + * + * @param name Reference to an role's name; if NULL, + * all roles will be considered + * @param policydb Reference to a policy + * + * @return 0 on success, < 0 on error. + */ +static PyObject* get_roles(const char *name, const apol_policy_t * policydb) +{ + int retval = -1; + PyObject *list = PyList_New(0); + const qpol_role_t *role_datum = NULL; + qpol_iterator_t *iter = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + + if (name != NULL) { + if (qpol_policy_get_role_by_name(q, name, &role_datum)) { + errno = EINVAL; + goto cleanup; + } + PyObject *obj = get_role(role_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } else { + if (qpol_policy_get_role_iter(q, &iter)) + goto cleanup; + + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&role_datum)) + goto cleanup; + PyObject *obj = get_role(role_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } + qpol_iterator_destroy(&iter); + } + + retval = 0; + cleanup: + qpol_iterator_destroy(&iter); + if (retval) { + Py_DECREF(list); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + return list; +} + +/** + * Get statistics regarding a policy's types. + * If this function is given a name, it will attempt to + * print statistics about a particular type; otherwise + * the function prints statistics about all of the policy's types. + * + * @param name Reference to a type's name; if NULL, + * all object classes will be considered + * @param policydb Reference to a policy + * + * @return 0 on success, < 0 on error. + */ +static PyObject* get_types(const char *name, const apol_policy_t * policydb) +{ + int retval = -1; + PyObject *list = PyList_New(0); + const qpol_type_t *type_datum = NULL; + qpol_iterator_t *iter = NULL; + qpol_policy_t *q = apol_policy_get_qpol(policydb); + + /* if name was provided, only print that name */ + if (name != NULL) { + if (qpol_policy_get_type_by_name(q, name, &type_datum)) { + errno = EINVAL; + goto cleanup; + } + PyObject *obj = get_type(type_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } else { + if (qpol_policy_get_type_iter(q, &iter)) + goto cleanup; + /* Print all type names */ + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + if (qpol_iterator_get_item(iter, (void **)&type_datum)) + goto cleanup; + PyObject *obj = get_type(type_datum, policydb); + PyList_Append(list, obj); + Py_DECREF(obj); + } + } + retval = 0; +cleanup: + qpol_iterator_destroy(&iter); + if (retval) { + Py_DECREF(list); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + return list; +} + +PyObject* seinfo(int type, const char *name) +{ + int rt = -1; + + apol_policy_t *policydb = NULL; + apol_policy_path_t *pol_path = NULL; + apol_vector_t *mod_paths = NULL; + apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; + PyObject* output = NULL; + + rt = qpol_default_policy_find(&policy_file); + if (rt != 0) { + PyErr_SetString(PyExc_RuntimeError,"No default policy found."); + return NULL; + } + + pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); + if (!pol_path) { + free(policy_file); + apol_vector_destroy(&mod_paths); + PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); + return NULL; + } + apol_vector_destroy(&mod_paths); + + int policy_load_options = 0; + policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM; + policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL); + if (!policydb) { + free(policy_file); + apol_policy_path_destroy(&pol_path); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + free(policy_file); + + /* display requested info */ + if (type == TYPE) + output = get_types(name, policydb); + + if (type == ATTRIBUTE) + output = get_attribs(name, policydb); + + if (type == ROLE) + output = get_roles(name, policydb); + + if (type == USER) + output = get_users(name, policydb); + + apol_policy_destroy(&policydb); + apol_policy_path_destroy(&pol_path); + return output; +} + +PyObject *wrap_seinfo(PyObject *self, PyObject *args){ + unsigned int type; + char *name; + + if (!PyArg_ParseTuple(args, "iz", &type, &name)) + return NULL; + + return Py_BuildValue("O",seinfo(type, name)); + +} + +static PyMethodDef methods[] = { + {"seinfo", (PyCFunction) wrap_seinfo, METH_VARARGS}, + {NULL, NULL, 0, NULL} +}; + +void init_seinfo(){ + PyObject *m; + m = Py_InitModule("_seinfo", methods); + PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE); + PyModule_AddIntConstant(m, "ROLE", ROLE); + PyModule_AddIntConstant(m, "TYPE", TYPE); + PyModule_AddIntConstant(m, "USER", USER); +} diff -up setools-3.3.6/python/setools/sesearch.c.python setools-3.3.6/python/setools/sesearch.c --- setools-3.3.6/python/setools/sesearch.c.python 2009-08-11 09:56:08.000000000 -0400 +++ setools-3.3.6/python/setools/sesearch.c 2009-08-11 09:46:26.000000000 -0400 @@ -0,0 +1,477 @@ +// Author: Thomas Liu <tliu@xxxxxxxxxx> + +/** + * @file + * Command line tool to search TE rules. + * + * @author Frank Mayer mayerf@xxxxxxxxxx + * @author Jeremy A. Mowery jmowery@xxxxxxxxxx + * @author Paul Rosenfeld prosenfeld@xxxxxxxxxx + * @author Thomas Liu <tliu@xxxxxxxxxx> + * + * Copyright (C) 2003-2008 Tresys Technology, LLC + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * This is a modified version of sesearch to be used as part of a library for + * Python bindings. + */ + +#include "Python.h" + +/* libapol */ +#include <apol/policy.h> +#include <apol/policy-query.h> +#include <apol/render.h> +#include <apol/util.h> +#include <apol/vector.h> + +/* libqpol*/ +#include <qpol/policy.h> +#include <qpol/policy_extend.h> +#include <qpol/syn_rule_query.h> +#include <qpol/util.h> + +/* other */ +#include <errno.h> +#include <stdlib.h> +#include <stdio.h> +#include <assert.h> +#include <getopt.h> +#include <string.h> +#include <stdbool.h> + +#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" +static char *policy_file = NULL; + +enum opt_values +{ + RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT, + RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL, + EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET +}; + +; + +typedef struct options +{ + char *src_name; + char *tgt_name; + char *src_role_name; + char *tgt_role_name; + char *class_name; + char *permlist; + char *bool_name; + apol_vector_t *class_vector; + bool all; + bool lineno; + bool semantic; + bool indirect; + bool allow; + bool nallow; + bool auditallow; + bool dontaudit; + bool type; + bool rtrans; + bool role_allow; + bool role_trans; + bool useregex; + bool show_cond; + apol_vector_t *perm_vector; +} options_t; + +static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) +{ + apol_avrule_query_t *avq = NULL; + unsigned int rules = 0; + int error = 0; + char *tmp = NULL, *tok = NULL, *s = NULL; + + if (!policy || !opt || !v) { + PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); + errno = EINVAL; + return -1; + } + + if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) { + *v = NULL; + return 0; /* no search to do */ + } + + avq = apol_avrule_query_create(); + if (!avq) { + PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); + errno = ENOMEM; + return -1; + } + + if (opt->allow || opt->all) + rules |= QPOL_RULE_ALLOW; + if ((opt->nallow || opt->all) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_NEVERALLOW)) + rules |= QPOL_RULE_NEVERALLOW; + if (opt->auditallow || opt->all) + rules |= QPOL_RULE_AUDITALLOW; + if (opt->dontaudit || opt->all) + rules |= QPOL_RULE_DONTAUDIT; + apol_avrule_query_set_rules(policy, avq, rules); + apol_avrule_query_set_regex(policy, avq, opt->useregex); + if (opt->src_name) + apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect); + if (opt->tgt_name) + apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect); + if (opt->bool_name) + apol_avrule_query_set_bool(policy, avq, opt->bool_name); + if (opt->class_name) { + if (opt->class_vector == NULL) { + if (apol_avrule_query_append_class(policy, avq, opt->class_name)) { + error = errno; + goto err; + } + } else { + size_t i; + for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { + char *class_name; + class_name = apol_vector_get_element(opt->class_vector, i); + if (!class_name) + continue; + if (apol_avrule_query_append_class(policy, avq, class_name)) { + error = errno; + goto err; + } + } + } + } + + if (opt->permlist) { + tmp = strdup(opt->permlist); + for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) { + if (apol_avrule_query_append_perm(policy, avq, tok)) { + error = errno; + goto err; + } + if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) { + error = errno; + goto err; + } + s = NULL; + } + free(tmp); + } + + if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { + if (apol_syn_avrule_get_by_query(policy, avq, v)) { + error = errno; + goto err; + } + } else { + if (apol_avrule_get_by_query(policy, avq, v)) { + error = errno; + goto err; + } + } + + apol_avrule_query_destroy(&avq); + return 0; + + err: + apol_vector_destroy(v); + apol_avrule_query_destroy(&avq); + free(tmp); + free(s); + PyErr_SetString(PyExc_RuntimeError,strerror(error)); + errno = error; + return -1; +} + + + +static PyObject* get_av_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v) +{ + int retval = -1; + PyObject *list = PyList_New(0); + qpol_policy_t *q = apol_policy_get_qpol(policy); + size_t i, num_rules = 0; + const qpol_avrule_t *rule = NULL; + char *tmp = NULL, *rule_str = NULL, *expr = NULL; + char enable_char = ' ', branch_char = ' '; + qpol_iterator_t *iter = NULL; + uint32_t enabled = 0; + + if (!policy || !v) + return NULL; + + if (!(num_rules = apol_vector_get_size(v))) + return NULL; + + for (i = 0; i < num_rules; i++) { + enable_char = branch_char = ' '; + if (!(rule = apol_vector_get_element(v, i))) + goto cleanup; + + if (qpol_avrule_get_is_enabled(q, rule, &enabled)) + goto cleanup; + if (!enabled) + continue; + + const qpol_type_t *type; + const char *tmp_name; + uint32_t rule_type = 0; + + const qpol_class_t *obj_class = NULL; + + PyObject *dict = PyDict_New(); + + qpol_avrule_get_rule_type(q, rule, &rule_type); + tmp_name = apol_rule_type_to_str(rule_type); + PyObject *obj = PyString_FromString(tmp_name); + PyDict_SetItemString(dict, "type", obj); + Py_DECREF(obj); + // source + qpol_avrule_get_source_type(q, rule, &type); + qpol_type_get_name(q, type, &tmp_name); + obj = PyString_FromString(tmp_name); + PyDict_SetItemString(dict, "scontext", obj); + Py_DECREF(obj); + + qpol_avrule_get_target_type(q, rule, &type); + qpol_type_get_name(q, type, &tmp_name); + obj = PyString_FromString(tmp_name); + PyDict_SetItemString(dict, "tcontext", obj); + Py_DECREF(obj); + + qpol_avrule_get_object_class(q, rule, &obj_class); + qpol_type_get_name(q, type, &tmp_name); + obj = PyString_FromString(tmp_name); + PyDict_SetItemString(dict, "class", obj); + Py_DECREF(obj); + qpol_avrule_get_perm_iter(q, rule, &iter); + PyObject *permlist = PyList_New(0); + for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { + const char *perm_name = NULL; + qpol_iterator_get_item(iter, (void **)&perm_name); + obj = PyString_FromString(perm_name); + PyList_Append(permlist, obj); + Py_DECREF(obj); + } + PyDict_SetItemString(dict, "permlist", permlist); + Py_DECREF(permlist); + PyList_Append(list, dict); + Py_DECREF(dict); + + free(rule_str); + rule_str = NULL; + free(expr); + expr = NULL; + } + retval = 0; + cleanup: + free(tmp); + free(rule_str); + free(expr); + if (retval) { + Py_DECREF(list); + return NULL; + } + return list; +} + + +PyObject* sesearch(bool allow, + bool neverallow, + bool auditallow, + bool dontaudit, + const char *src_name, + const char *tgt_name, + const char *class_name, + const char *permlist + ) +{ + options_t cmd_opts; + int rt = -1; + PyObject *output = NULL; + + apol_policy_t *policy = NULL; + apol_vector_t *v = NULL; + apol_policy_path_t *pol_path = NULL; + apol_vector_t *mod_paths = NULL; + apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; + + memset(&cmd_opts, 0, sizeof(cmd_opts)); + cmd_opts.indirect = true; + cmd_opts.allow = allow; + cmd_opts.nallow = neverallow; + cmd_opts.auditallow = auditallow; + cmd_opts.dontaudit = dontaudit; + if (src_name) + cmd_opts.src_name = strdup(src_name); + if (tgt_name) + cmd_opts.tgt_name = strdup(tgt_name); + if (class_name) + cmd_opts.class_name = strdup(class_name); + if (permlist){ + cmd_opts.perm_vector = apol_vector_create(free); + cmd_opts.permlist = strdup(permlist); + } + int pol_opt = 0; + if (!(cmd_opts.nallow || cmd_opts.all)) + pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS; + + + rt = qpol_default_policy_find(&policy_file); + if (rt) { + PyErr_SetString(PyExc_RuntimeError,"No default policy found."); + return NULL; + } + pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM; + + if (apol_file_is_policy_path_list(policy_file) > 0) { + pol_path = apol_policy_path_create_from_file(policy_file); + if (!pol_path) { + free(policy_file); + PyErr_SetString(PyExc_RuntimeError,"invalid policy list"); + return NULL; + } + } + + if (!pol_path) + pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); + if (!pol_path) { + free(policy_file); + PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); + return NULL; + } + free(policy_file); + apol_vector_destroy(&mod_paths); + + policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL); + if (!policy) { + apol_policy_path_destroy(&pol_path); + PyErr_SetString(PyExc_RuntimeError,strerror(errno)); + return NULL; + } + /* handle regex for class name */ + if (cmd_opts.useregex && cmd_opts.class_name != NULL) { + cmd_opts.class_vector = apol_vector_create(NULL); + apol_vector_t *qpol_matching_classes = NULL; + apol_class_query_t *regex_match_query = apol_class_query_create(); + apol_class_query_set_regex(policy, regex_match_query, 1); + apol_class_query_set_class(policy, regex_match_query, cmd_opts.class_name); + if (apol_class_get_by_query(policy, regex_match_query, &qpol_matching_classes)) { + apol_class_query_destroy(®ex_match_query); + PyErr_SetString(PyExc_RuntimeError,"Query failed"); + goto cleanup; + } + const qpol_class_t *class = NULL; + size_t i; + for (i = 0; i < apol_vector_get_size(qpol_matching_classes); ++i) { + const char *class_name; + class = apol_vector_get_element(qpol_matching_classes, i); + if (!class) + break; + qpol_class_get_name(apol_policy_get_qpol(policy), class, &class_name); + apol_vector_append(cmd_opts.class_vector, (void *)class_name); + } + if (!apol_vector_get_size(qpol_matching_classes)) { + apol_vector_destroy(&qpol_matching_classes); + apol_class_query_destroy(®ex_match_query); + PyErr_SetString(PyExc_RuntimeError,"No classes match expression"); + goto cleanup; + } + apol_vector_destroy(&qpol_matching_classes); + apol_class_query_destroy(®ex_match_query); + } + + if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { + if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) { + apol_policy_destroy(&policy); + PyErr_SetString(PyExc_RuntimeError,"Query failed"); + goto cleanup; + } + } + + /* if syntactic rules are not available always do semantic search */ + if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { + cmd_opts.semantic = 1; + } + + /* supress line numbers if doing semantic search or not available */ + if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) { + cmd_opts.lineno = 0; + } + if (perform_av_query(policy, &cmd_opts, &v)) { + goto cleanup; + } + if (v) { + output = get_av_results(policy, &cmd_opts, v); + } + apol_vector_destroy(&v); + cleanup: + apol_policy_destroy(&policy); + apol_policy_path_destroy(&pol_path); + free(cmd_opts.src_name); + free(cmd_opts.tgt_name); + free(cmd_opts.class_name); + free(cmd_opts.permlist); + free(cmd_opts.bool_name); + free(cmd_opts.src_role_name); + free(cmd_opts.tgt_role_name); + apol_vector_destroy(&cmd_opts.perm_vector); + apol_vector_destroy(&cmd_opts.class_vector); + + return output; +} +static int Dict_ContainsInt(PyObject *dict, const char *key){ + PyObject *item = PyDict_GetItemString(dict, key); + if (item) + return PyInt_AsLong(item); + return false; +} + +static const char *Dict_ContainsString(PyObject *dict, const char *key){ + PyObject *item = PyDict_GetItemString(dict, key); + if (item) + return PyString_AsString(item); + return NULL; +} + +PyObject *wrap_sesearch(PyObject *self, PyObject *args){ + PyObject *dict; + if (!PyArg_ParseTuple(args, "O", &dict)) + return NULL; + int allow = Dict_ContainsInt(dict, "allow"); + int neverallow = Dict_ContainsInt(dict, "neverallow"); + int auditallow = Dict_ContainsInt(dict, "auditallow"); + int dontaudit = Dict_ContainsInt(dict, "dontaudit"); + + const char *src_name = Dict_ContainsString(dict, "scontext"); + const char *tgt_name = Dict_ContainsString(dict, "tcontext"); + const char *class_name = Dict_ContainsString(dict, "class"); + const char *permlist = Dict_ContainsString(dict, "permlist"); + + return Py_BuildValue("O",sesearch(allow, neverallow, auditallow, dontaudit, src_name, tgt_name, class_name, permlist)); + +} + +static PyMethodDef methods[] = { + {"sesearch", (PyCFunction) wrap_sesearch, METH_VARARGS}, + {NULL, NULL, 0, NULL} +}; + +void init_sesearch(){ + PyObject *m; + m = Py_InitModule("_sesearch", methods); +} diff -up setools-3.3.6/python/setools/setup.py.python setools-3.3.6/python/setools/setup.py --- setools-3.3.6/python/setools/setup.py.python 2009-08-11 09:56:15.000000000 -0400 +++ setools-3.3.6/python/setools/setup.py 2009-08-10 15:23:25.000000000 -0400 @@ -0,0 +1,10 @@ +#!/usr/bin/env python + +# Author: Thomas Liu <tliu@xxxxxxxxxx> + +from distutils.core import setup, Extension +extension_sesearch = Extension("setools._sesearch", [ "sesearch.c"], libraries=["apol", "qpol"] ) +extension_seinfo = Extension("setools._seinfo", [ "seinfo.c"], libraries=["apol", "qpol"] ) + +setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@xxxxxxxxxx", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"]) +