[PATCH 56/73] sepolgen: Make use of setools optional within sepolgen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

This will work because the try block will fire if setools is not
installed.  And the tool will work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9x3mIACgkQrlYvE4MpobNvJQCeLn+/HhND+fZLS2Z9GzAGgzFE
42cAoLQbtQtp41fm2mdVvCEXd23jTsdk
=jkIQ
-----END PGP SIGNATURE-----

>From d20ef5a8bc54ac0e11b236545f4c2e21ce814a41 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 6 Mar 2012 10:43:22 -0500
Subject: [PATCH 56/73] sepolgen: Make use of setools optional within sepolgen
 FIXME

We still want to be able to use sepolgen even if setools isn't
installed.  Degrade functionality, but still work if it can't be found.

[Does this really work since alldomains will not be declared?]

NOT-Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 sepolgen/src/sepolgen/policygen.py |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index 4882999..9dc2d32 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -30,7 +30,11 @@ import access
 import interfaces
 import matching
 import selinux.audit2why as audit2why
-from setools import *
+try:
+    from setools import *
+    alldomains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
+except:
+    pass
 
 # Constants for the level of explanation from the generation
 # routines
@@ -79,7 +83,6 @@ class PolicyGenerator:
 
         self.dontaudit = False
 
-        self.domains = None
     def set_gen_refpol(self, if_set=None, perm_maps=None):
         """Set whether reference policy interfaces are generated.
 
@@ -175,13 +178,11 @@ class PolicyGenerator:
             if av.type == audit2why.TERULE:
                 if "write" in av.perms:
                     if "dir" in av.obj_class or "open" in av.perms:
-                        if not self.domains:
-                            self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
                         types=[]
 
                         try:
                             for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
-                                if i not in self.domains:
+                                if i not in alldomains:
                                     types.append(i)
                             if len(types) == 1:
                                 rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-- 
1.7.9.3
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux