On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
>
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add, modify, and delete pkeys.
>
> Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx>
>
> ---
> v1:
> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow
> in
> seobject.py
>
> Stephen Smalley:
> - Subnet prefix can't vary in size always 16 bytes, remove size
> field.
> - Removed extraneous change in libsepol/VERSION
> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
> - Got rid of magic constant for subnet prefix size.
>
> Jason Zaman:
> - Use SETools directly to query types in seobject.py.
>
> Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx>
> ---
> libsemanage/include/semanage/ibpkey_record.h | 76 +++++
> libsemanage/include/semanage/ibpkeys_local.h | 36 +++
> libsemanage/include/semanage/ibpkeys_policy.h | 28 ++
> libsemanage/include/semanage/semanage.h | 3 +
> libsemanage/src/direct_api.c | 29 +-
> libsemanage/src/handle.h | 36 ++-
> libsemanage/src/ibpkey_internal.h | 52 +++
> libsemanage/src/ibpkey_record.c | 185 +++++++++++
> libsemanage/src/ibpkeys_file.c | 181 +++++++++++
> libsemanage/src/ibpkeys_local.c | 178 ++++++++++
> libsemanage/src/ibpkeys_policy.c | 52 +++
> libsemanage/src/ibpkeys_policydb.c | 62 ++++
> libsemanage/src/libsemanage.map | 1 +
> libsemanage/src/policy_components.c | 5 +-
> libsemanage/src/semanage_store.c | 1 +
> libsemanage/src/semanage_store.h | 1 +
> libsemanage/src/semanageswig.i | 3 +
> libsemanage/src/semanageswig_python.i | 43 +++
> libsemanage/utils/semanage_migrate_store | 3 +-
> libsepol/include/sepol/ibpkey_record.h | 77 +++++
> libsepol/include/sepol/ibpkeys.h | 44 +++
> libsepol/include/sepol/sepol.h | 2 +
> libsepol/src/ibpkey_internal.h | 21 ++
> libsepol/src/ibpkey_record.c | 448
> ++++++++++++++++++++++++++
> libsepol/src/ibpkeys.c | 263 +++++++++++++++
> python/semanage/semanage | 60 +++-
> python/semanage/seobject.py | 255 +++++++++++++++
> 27 files changed, 2129 insertions(+), 16 deletions(-)
> create mode 100644 libsemanage/include/semanage/ibpkey_record.h
> create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
> create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
> create mode 100644 libsemanage/src/ibpkey_internal.h
> create mode 100644 libsemanage/src/ibpkey_record.c
> create mode 100644 libsemanage/src/ibpkeys_file.c
> create mode 100644 libsemanage/src/ibpkeys_local.c
> create mode 100644 libsemanage/src/ibpkeys_policy.c
> create mode 100644 libsemanage/src/ibpkeys_policydb.c
> create mode 100644 libsepol/include/sepol/ibpkey_record.h
> create mode 100644 libsepol/include/sepol/ibpkeys.h
> create mode 100644 libsepol/src/ibpkey_internal.h
> create mode 100644 libsepol/src/ibpkey_record.c
> create mode 100644 libsepol/src/ibpkeys.c
>
> diff --git a/python/semanage/seobject.py
> b/python/semanage/seobject.py
> index 7a54373..41b0aca 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -32,6 +32,7 @@ import socket
> from semanage import *
> PROGNAME = "policycoreutils"
> import sepolicy
> +import setools
> from IPy import IP
>
> try:
> @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords):
> rec += ", %s" % p
> print(rec)
>
> +class ibpkeyRecords(semanageRecords):
> + try:
> + q =
> setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy
> ()), attrs=["ibpkey_type"])
> + valid_types = sorted(str(t) for t in q.results())
> + except RuntimeError:
> + valid_types = []
This causes all semanage commands to fail (without a patched refpolicy
to define ibpkey_type).
Traceback (most recent call last):
File "/usr/sbin/semanage", line 28, in <module>
import seobject
File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, in
<module>
class ibpkeyRecords(semanageRecords):
File "/usr/lib64/python2.7/site-packages/seobject.py", line 1315, in
ibpkeyRecords
q =
setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()
), attrs=["ibpkey_type"])
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/typequery.py", line 72, in __init__
super(TypeQuery, self).__init__(policy, **kwargs)
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/query.py", line 39, in __init__
setattr(self, name, kwargs[name])
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/descriptors.py", line 104, in __set__
self.instances[obj] = set(lookup(v) for v in value)
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/descriptors.py", line 104, in <genexpr>
self.instances[obj] = set(lookup(v) for v in value)
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/policyrep/__init__.py", line 449, in lookup_typeattr
return typeattr.attribute_factory(self.policy, name)
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/policyrep/typeattr.py", line 42, in
attribute_factory
qpol_symbol = _symbol_lookup(qpol_policy, name)
File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/policyrep/typeattr.py", line 32, in _symbol_lookup
raise exception.InvalidType("{0} is not a valid
type/attribute".format(name))
setools.policyrep.exception.InvalidType: ibpkey_type is not a valid
type/attribute
