libsepol: bump to 2.7, setools: bump to 4.1.1
The reason for combining these patches is because the
old version of setools is not compatible iwth libsepol 2.7. If a user where
to do a git pull on a patch that only updates libsepol or setools, the build
would fail to compile.
setools has been completely rewritten in python instead of C.
The current version of setools includes a few programs that require
python-qt5 or python-networkx to run, however the package does not
check to see if these exist when compiling, and will install the scripts
to the target directory even if they don't exist.
In the case of python-networkx, this package is not available on Buildroot.
The scripts that require them are: sedta and seinfoflow.
In the case of python-qt5, qpol is the script that requires it.
Some setools.mk notes to get the package to compile:
- Convert the package .mk to use python-package instead of autotools-package.
- setup.py hard codes base_lib_dirs to point to several host directories.
To fix this, sed is used before compiling to point the base_lib_dirs to
the staging directory.
- setup.py also includes the "Werror" flag, however compilers before gcc6
cause a few autogenerated variables to not be initialized before use,
causing the build to fail.
To fix this, a patch is provided that removes the Werror flag.
- Remove sedta and seinfoflow from the target system after install. These
packages rely on the package python-networkx which is not available in
buildroot.
- Remove the installed apol package and the setoolsgui directory from the
target directory if python-qt5 is not selected.
Other changes:
- Removed all patches, as they are not compatible with the new version of
setools.
- Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 00:32:16 +02:00
|
|
|
From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
|
|
|
|
From: rpm-build <rpm-build>
|
|
|
|
Date: Thu, 23 Feb 2017 08:17:07 +0100
|
|
|
|
Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
|
|
|
|
setools.DomainTransitionAnalysis
|
|
|
|
|
|
|
|
dta and infoflow modules require networkx which brings lot of dependencies.
|
|
|
|
These dependencies are not necessary for setools module itself as it's
|
|
|
|
used in policycoreutils.
|
|
|
|
|
|
|
|
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
|
|
|
|
setools.dta.DomainTransitionAnalysis and let the package containing
|
|
|
|
sedta and seinfoflow to require python3-networkx
|
|
|
|
|
2019-07-01 18:30:29 +02:00
|
|
|
Signed-off-by: Adam Duskett <aduskett@gmail.com>
|
libsepol: bump to 2.7, setools: bump to 4.1.1
The reason for combining these patches is because the
old version of setools is not compatible iwth libsepol 2.7. If a user where
to do a git pull on a patch that only updates libsepol or setools, the build
would fail to compile.
setools has been completely rewritten in python instead of C.
The current version of setools includes a few programs that require
python-qt5 or python-networkx to run, however the package does not
check to see if these exist when compiling, and will install the scripts
to the target directory even if they don't exist.
In the case of python-networkx, this package is not available on Buildroot.
The scripts that require them are: sedta and seinfoflow.
In the case of python-qt5, qpol is the script that requires it.
Some setools.mk notes to get the package to compile:
- Convert the package .mk to use python-package instead of autotools-package.
- setup.py hard codes base_lib_dirs to point to several host directories.
To fix this, sed is used before compiling to point the base_lib_dirs to
the staging directory.
- setup.py also includes the "Werror" flag, however compilers before gcc6
cause a few autogenerated variables to not be initialized before use,
causing the build to fail.
To fix this, a patch is provided that removes the Werror flag.
- Remove sedta and seinfoflow from the target system after install. These
packages rely on the package python-networkx which is not available in
buildroot.
- Remove the installed apol package and the setoolsgui directory from the
target directory if python-qt5 is not selected.
Other changes:
- Removed all patches, as they are not compatible with the new version of
setools.
- Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-18 00:32:16 +02:00
|
|
|
---
|
|
|
|
sedta | 3 ++-
|
|
|
|
seinfoflow | 3 ++-
|
|
|
|
setools/__init__.py | 4 ++--
|
|
|
|
setoolsgui/apol/dta.py | 2 +-
|
|
|
|
setoolsgui/apol/infoflow.py | 2 +-
|
|
|
|
tests/dta.py | 3 ++-
|
|
|
|
tests/infoflow.py | 3 ++-
|
|
|
|
7 files changed, 12 insertions(+), 8 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/sedta b/sedta
|
|
|
|
index 1c76ebb..255ad49 100755
|
|
|
|
--- a/sedta
|
|
|
|
+++ b/sedta
|
|
|
|
@@ -23,6 +23,7 @@ import argparse
|
|
|
|
import logging
|
|
|
|
|
|
|
|
import setools
|
|
|
|
+import setools.dta
|
|
|
|
|
|
|
|
|
|
|
|
def print_transition(trans):
|
|
|
|
@@ -111,7 +112,7 @@ else:
|
|
|
|
|
|
|
|
try:
|
|
|
|
p = setools.SELinuxPolicy(args.policy)
|
|
|
|
- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
|
|
|
|
+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
|
|
|
|
|
|
|
|
if args.shortest_path or args.all_paths:
|
|
|
|
if args.shortest_path:
|
|
|
|
diff --git a/seinfoflow b/seinfoflow
|
|
|
|
index b287921..d53bdef 100755
|
|
|
|
--- a/seinfoflow
|
|
|
|
+++ b/seinfoflow
|
|
|
|
@@ -19,6 +19,7 @@
|
|
|
|
|
|
|
|
from __future__ import print_function
|
|
|
|
import setools
|
|
|
|
+import setools.infoflow
|
|
|
|
import argparse
|
|
|
|
import sys
|
|
|
|
import logging
|
|
|
|
@@ -79,7 +80,7 @@ else:
|
|
|
|
try:
|
|
|
|
p = setools.SELinuxPolicy(args.policy)
|
|
|
|
m = setools.PermissionMap(args.map)
|
|
|
|
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
|
|
|
|
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
|
|
|
|
|
|
|
|
if args.shortest_path or args.all_paths:
|
|
|
|
if args.shortest_path:
|
|
|
|
diff --git a/setools/__init__.py b/setools/__init__.py
|
|
|
|
index a84c846..a53c5a7 100644
|
|
|
|
--- a/setools/__init__.py
|
|
|
|
+++ b/setools/__init__.py
|
|
|
|
@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
|
|
|
|
from .devicetreeconquery import DevicetreeconQuery
|
|
|
|
|
|
|
|
# Information Flow Analysis
|
|
|
|
-from .infoflow import InfoFlowAnalysis
|
|
|
|
+# from .infoflow import InfoFlowAnalysis
|
|
|
|
from .permmap import PermissionMap
|
|
|
|
|
|
|
|
# Domain Transition Analysis
|
|
|
|
-from .dta import DomainTransitionAnalysis
|
|
|
|
+# from .dta import DomainTransitionAnalysis
|
|
|
|
|
|
|
|
# Policy difference
|
|
|
|
from .diff import PolicyDifference
|
|
|
|
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
|
|
|
|
index 0aaf13f..5b1ea20 100644
|
|
|
|
--- a/setoolsgui/apol/dta.py
|
|
|
|
+++ b/setoolsgui/apol/dta.py
|
|
|
|
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
|
|
|
from PyQt5.QtGui import QPalette, QTextCursor
|
|
|
|
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
|
|
|
QTreeWidgetItem
|
|
|
|
-from setools import DomainTransitionAnalysis
|
|
|
|
+from setools.dta import DomainTransitionAnalysis
|
|
|
|
|
|
|
|
from ..logtosignal import LogHandlerToSignal
|
|
|
|
from .analysistab import AnalysisTab
|
|
|
|
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
|
|
|
|
index 1ae16de..fdf8f7b 100644
|
|
|
|
--- a/setoolsgui/apol/infoflow.py
|
|
|
|
+++ b/setoolsgui/apol/infoflow.py
|
|
|
|
@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
|
|
|
from PyQt5.QtGui import QPalette, QTextCursor
|
|
|
|
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
|
|
|
QTreeWidgetItem
|
|
|
|
-from setools import InfoFlowAnalysis
|
|
|
|
+from setools.infoflow import InfoFlowAnalysis
|
|
|
|
from setools.exception import UnmappedClass, UnmappedPermission
|
|
|
|
|
|
|
|
from ..logtosignal import LogHandlerToSignal
|
|
|
|
diff --git a/tests/dta.py b/tests/dta.py
|
|
|
|
index 32b9271..2bdd052 100644
|
|
|
|
--- a/tests/dta.py
|
|
|
|
+++ b/tests/dta.py
|
|
|
|
@@ -17,7 +17,8 @@
|
|
|
|
#
|
|
|
|
import unittest
|
|
|
|
|
|
|
|
-from setools import SELinuxPolicy, DomainTransitionAnalysis
|
|
|
|
+from setools import SELinuxPolicy
|
|
|
|
+from setools.dta import DomainTransitionAnalysis
|
|
|
|
from setools import TERuletype as TERT
|
|
|
|
from setools.policyrep.exception import InvalidType
|
|
|
|
from setools.policyrep.typeattr import Type
|
|
|
|
diff --git a/tests/infoflow.py b/tests/infoflow.py
|
|
|
|
index 7751dda..a21c683 100644
|
|
|
|
--- a/tests/infoflow.py
|
|
|
|
+++ b/tests/infoflow.py
|
|
|
|
@@ -17,7 +17,8 @@
|
|
|
|
#
|
|
|
|
import unittest
|
|
|
|
|
|
|
|
-from setools import SELinuxPolicy, InfoFlowAnalysis
|
|
|
|
+from setools import SELinuxPolicy
|
|
|
|
+from setools.infoflow import InfoFlowAnalysis
|
|
|
|
from setools import TERuletype as TERT
|
|
|
|
from setools.permmap import PermissionMap
|
|
|
|
from setools.policyrep.exception import InvalidType
|
|
|
|
--
|
|
|
|
2.9.3
|
|
|
|
|