[PATCH 39/67] sepolgen: FIXME Change analysys of sepolgen to return

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.

This patch allows audit2allow to do analysis on the AVC's to see if a
boolean would have solved the problem or if the AVC is caused by a
constraint.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yVtgACgkQrlYvE4MpobN6NQCg1sPGcc8doc7uDRqzpLVnRWLl
mcoAoN+n22BL7MXAGySZn96vMyuy5c5a
=B398
-----END PGP SIGNATURE-----

>From 20bbf68536565c3b821f1de483adbaf8bd3352b9 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 23 Aug 2011 14:51:05 -0400
Subject: [PATCH 39/67] sepolgen: FIXME Change analysys of sepolgen to return
 booleans and te rules that would tell audit2allow if
 there are booleans that can handle the AVC

Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 sepolgen/src/sepolgen/access.py |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
index 3eda2fd..649735f 100644
--- a/sepolgen/src/sepolgen/access.py
+++ b/sepolgen/src/sepolgen/access.py
@@ -32,6 +32,7 @@ in a variety of ways, but they are the fundamental representation of access.
 """
 
 import refpolicy
+from selinux import audit2why
 
 def is_idparam(id):
     """Determine if an id is a paramater in the form $N, where N is
@@ -85,6 +86,8 @@ class AccessVector:
             self.obj_class = None
             self.perms = refpolicy.IdSet()
             self.audit_msgs = []
+            self.type = audit2why.TERULE
+            self.bools = []
 
         # The direction of the information flow represented by this
         # access vector - used for matching
@@ -253,20 +256,22 @@ class AccessVectorSet:
         for av in l:
             self.add_av(AccessVector(av))
 
-    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
+    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
         """Add an access vector to the set.
         """
         tgt = self.src.setdefault(src_type, { })
         cls = tgt.setdefault(tgt_type, { })
         
-        if cls.has_key(obj_class):
-            access = cls[obj_class]
+        if cls.has_key((obj_class, avc_type)):
+            access = cls[obj_class, avc_type]
         else:
             access = AccessVector()
             access.src_type = src_type
             access.tgt_type = tgt_type
             access.obj_class = obj_class
-            cls[obj_class] = access
+            access.bools = bools
+            access.type = avc_type
+            cls[obj_class, avc_type] = access
 
         access.perms.update(perms)
         if audit_msg:
-- 
1.7.6.2
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux