On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: > From: Daniel Jurgens <danielj@xxxxxxxxxxxx> > > Update libsepol and libsemanage to work with pkey records. Add local > storage for new and modified pkey records in pkeys.local. Update > semanage > to parse the pkey command options to add, modify, and delete pkeys. > > Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx> > > --- > v1: > Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow > in > seobject.py > > Stephen Smalley: > - Subnet prefix can't vary in size always 16 bytes, remove size > field. > - Removed extraneous change in libsepol/VERSION > - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. > - Got rid of magic constant for subnet prefix size. > > Jason Zaman: > - Use SETools directly to query types in seobject.py. > > Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx> > --- > libsemanage/include/semanage/ibpkey_record.h | 76 +++++ > libsemanage/include/semanage/ibpkeys_local.h | 36 +++ > libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ > libsemanage/include/semanage/semanage.h | 3 + > libsemanage/src/direct_api.c | 29 +- > libsemanage/src/handle.h | 36 ++- > libsemanage/src/ibpkey_internal.h | 52 +++ > libsemanage/src/ibpkey_record.c | 185 +++++++++++ > libsemanage/src/ibpkeys_file.c | 181 +++++++++++ > libsemanage/src/ibpkeys_local.c | 178 ++++++++++ > libsemanage/src/ibpkeys_policy.c | 52 +++ > libsemanage/src/ibpkeys_policydb.c | 62 ++++ > libsemanage/src/libsemanage.map | 1 + > libsemanage/src/policy_components.c | 5 +- > libsemanage/src/semanage_store.c | 1 + > libsemanage/src/semanage_store.h | 1 + > libsemanage/src/semanageswig.i | 3 + > libsemanage/src/semanageswig_python.i | 43 +++ > libsemanage/utils/semanage_migrate_store | 3 +- > libsepol/include/sepol/ibpkey_record.h | 77 +++++ > libsepol/include/sepol/ibpkeys.h | 44 +++ > libsepol/include/sepol/sepol.h | 2 + > libsepol/src/ibpkey_internal.h | 21 ++ > libsepol/src/ibpkey_record.c | 448 > ++++++++++++++++++++++++++ > libsepol/src/ibpkeys.c | 263 +++++++++++++++ > python/semanage/semanage | 60 +++- > python/semanage/seobject.py | 255 +++++++++++++++ > 27 files changed, 2129 insertions(+), 16 deletions(-) > create mode 100644 libsemanage/include/semanage/ibpkey_record.h > create mode 100644 libsemanage/include/semanage/ibpkeys_local.h > create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h > create mode 100644 libsemanage/src/ibpkey_internal.h > create mode 100644 libsemanage/src/ibpkey_record.c > create mode 100644 libsemanage/src/ibpkeys_file.c > create mode 100644 libsemanage/src/ibpkeys_local.c > create mode 100644 libsemanage/src/ibpkeys_policy.c > create mode 100644 libsemanage/src/ibpkeys_policydb.c > create mode 100644 libsepol/include/sepol/ibpkey_record.h > create mode 100644 libsepol/include/sepol/ibpkeys.h > create mode 100644 libsepol/src/ibpkey_internal.h > create mode 100644 libsepol/src/ibpkey_record.c > create mode 100644 libsepol/src/ibpkeys.c > > diff --git a/python/semanage/seobject.py > b/python/semanage/seobject.py > index 7a54373..41b0aca 100644 > --- a/python/semanage/seobject.py > +++ b/python/semanage/seobject.py > @@ -32,6 +32,7 @@ import socket > from semanage import * > PROGNAME = "policycoreutils" > import sepolicy > +import setools > from IPy import IP > > try: > @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords): > rec += ", %s" % p > print(rec) > > +class ibpkeyRecords(semanageRecords): > + try: > + q = > setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy > ()), attrs=["ibpkey_type"]) > + valid_types = sorted(str(t) for t in q.results()) > + except RuntimeError: > + valid_types = [] This causes all semanage commands to fail (without a patched refpolicy to define ibpkey_type). Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, in <module> class ibpkeyRecords(semanageRecords): File "/usr/lib64/python2.7/site-packages/seobject.py", line 1315, in ibpkeyRecords q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy() ), attrs=["ibpkey_type"]) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/typequery.py", line 72, in __init__ super(TypeQuery, self).__init__(policy, **kwargs) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/query.py", line 39, in __init__ setattr(self, name, kwargs[name]) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/descriptors.py", line 104, in __set__ self.instances[obj] = set(lookup(v) for v in value) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/descriptors.py", line 104, in <genexpr> self.instances[obj] = set(lookup(v) for v in value) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/policyrep/__init__.py", line 449, in lookup_typeattr return typeattr.attribute_factory(self.policy, name) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/policyrep/typeattr.py", line 42, in attribute_factory qpol_symbol = _symbol_lookup(qpol_policy, name) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/policyrep/typeattr.py", line 32, in _symbol_lookup raise exception.InvalidType("{0} is not a valid type/attribute".format(name)) setools.policyrep.exception.InvalidType: ibpkey_type is not a valid type/attribute