PERFORCE change 104092 for review

Todd Miller millert at FreeBSD.org
Tue Aug 15 18:37:35 UTC 2006


http://perforce.freebsd.org/chv.cgi?CH=104092

Change 104092 by millert at millert_macbook on 2006/08/15 18:36:39

	Update to policycoreutils 1.30.25 from sourceforge

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2why/audit2why.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/POTFILES#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/POTFILES.in#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/af.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/am.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ar.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/be.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bg.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn_IN.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ca.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cs.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cy.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/da.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/de.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/el.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/en_GB.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/es.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/et.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/eu_ES.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fa.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fi.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fr.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gl.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gu.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/he.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hi.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hr.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hu.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hy.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/id.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/is.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/it.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ja.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ka.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/kn.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ko.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ku.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lo.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lt.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lv.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mk.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ml.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mr.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ms.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/my.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nb.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nl.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nn.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/no.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nso.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/or.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pa.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pl.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/policycoreutils.pot#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt_BR.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ro.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ru.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/si.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sk.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sl.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sq.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sv.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ta.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/te.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/th.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/tr.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/uk.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ur.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/vi.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_CN.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_TW.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zu.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecon/restorecon.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecon/restorecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.8#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.conf#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.h#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.init#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/stringslist.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/stringslist.h#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/utmpwatcher.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/utmpwatcher.h#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/open_init_pty.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/chcat#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/secon/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/secon/secon.1#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/secon/secon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/seobject.py#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_deps/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_deps/semodule_deps.8#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_deps/semodule_deps.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_expand/semodule_expand.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_link/semodule_link.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_package/semodule_package.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/sestatus/sestatus.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setfiles/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setfiles/setfiles.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setsebool/setsebool.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setsebool/setsebool.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#2 (text+ko) ====

@@ -1,3 +1,106 @@
+1.30.25 2006-08-03
+	* Merged patch from Dan Walsh with:
+	  * audit2allow: process MAC_POLICY_LOAD events
+	  * newrole:  run shell with - prefix to start a login shell
+	  * po:  po file updates
+	  * restorecond:  bail if SELinux not enabled
+	  * fixfiles: omit -q 
+	  * genhomedircon:  fix exit code if non-root
+	  * semodule_deps:  install man page
+
+1.30.24 2006-08-03
+	* Merged secon Makefile fix from Joshua Brindle.
+
+1.30.23 2006-08-03
+	* Merged netfilter contexts support patch from Chris PeBenito.
+
+1.30.22 2006-07-28
+	* Merged restorecond size_t fix from Joshua Brindle.
+
+1.30.21 2006-07-28
+	* Merged secon keycreate patch from Michael LeMay.
+
+1.30.20 2006-07-26
+	* Merged restorecond fixes from Dan Walsh.
+	  Merged updated po files from Dan Walsh.
+
+1.30.19 2006-07-26
+	* Merged python gettext patch from Stephen Bennett.
+
+1.30.18 2006-07-25
+	* Merged semodule_deps from Karl MacMillan.
+
+1.30.17 2006-06-29
+	* Lindent.
+
+1.30.16 2006-06-26
+	* Merged patch from Dan Walsh with:
+	  * -p option (progress) for setfiles and restorecon.
+	  * disable context translation for setfiles and restorecon.
+	  * on/off values for setsebool.
+
+1.30.15 2006-06-26
+	* Merged setfiles and semodule_link fixes from Joshua Brindle.
+	
+1.30.14 2006-06-16
+	* Merged fix for setsebool error path from Serge Hallyn.
+
+1.30.13 2006-06-16
+	* Merged patch from Dan Walsh with:
+	*    Updated po files.
+	*    Fixes for genhomedircon and seobject.
+	*    Audit message for mass relabel by setfiles.
+
+1.30.12 2006-06-02
+	* Updated fixfiles script for new setfiles location in /sbin.
+
+1.30.11 2006-05-26
+	* Merged more translations from Dan Walsh.
+	* Merged patch to relocate setfiles to /sbin for early relabel
+	  when /usr might not be mounted from Dan Walsh.
+	* Merged semanage/seobject patch to preserve fcontext ordering in list.
+	* Merged secon patch from James Antill.
+
+1.30.10 2006-05-22
+	* Merged patch with updates to audit2allow, secon, genhomedircon,
+	  and semanage from Dan Walsh.
+
+1.30.9 2006-05-08
+	* Fixed audit2allow and po Makefiles for DESTDIR= builds.
+	* Merged .po file patch from Dan Walsh.
+	* Merged bug fix for genhomedircon.
+
+1.30.8 2006-05-08
+	* Merged patch from Dan Walsh.
+	  This includes audit2allow changes for analysis plugins,
+	  internationalization support for several additional programs 
+	  and added po files, some fixes for semanage, and several cleanups.
+	  It also adds a new secon utility.
+
+1.30.7 2006-05-05
+	* Merged fix warnings patch from Karl MacMillan.
+
+1.30.6 2006-04-14
+	* Merged semanage prefix support from Russell Coker.
+
+1.30.5 2006-04-11
+	* Added a test to setfiles to check that the spec file is
+	  a regular file.
+
+1.30.4 2006-03-29
+	* Merged audit2allow fixes for refpolicy from Dan Walsh.
+	* Merged fixfiles patch from Dan Walsh.
+	* Merged restorecond daemon from Dan Walsh.
+
+1.30.3 2006-03-29
+	* Merged semanage non-MLS fixes from Chris PeBenito.
+
+1.30.2 2006-03-29
+	* Merged semanage and semodule man page examples from Thomas Bleher.
+
+1.30.1 2006-03-20
+	* Merged semanage labeling prefix patch from Ivan Gyurdiev.
+
 1.30 2006-03-14
 	* Updated version for release.
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/Makefile#2 (text+ko) ====

@@ -1,7 +1,8 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 
 all install relabel clean: 
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
 	done
 
+test:

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#2 (text+ko) ====

@@ -1,1 +1,1 @@
-1.30
+1.30.25

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#2 (text+ko) ====

@@ -1,8 +1,11 @@
 # Installation directories.
 PREFIX ?= ${DESTDIR}/usr
 BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
+PYLIBVER ?= python2.4
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
 TARGETS=audit2allow
 
@@ -13,6 +16,8 @@
 	install -m 755 $(TARGETS) $(BINDIR)
 	-mkdir -p $(MANDIR)/man1
 	install -m 644 audit2allow.1 $(MANDIR)/man1/
+	test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
+	install -m 755 avc.py $(PYTHONLIBDIR)/site-packages
 
 clean:
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#2 (text+ko) ====

@@ -24,438 +24,23 @@
 #                                        02111-1307  USA
 #
 #  
-import commands, sys, os, pwd, string, getopt, re, selinux
-
-obj="(\{[^\}]*\}|[^ \t:]*)"
-allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
-
-awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\
-        IFACEFILE=FILENAME\n\
-	IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\
-	IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\
-}\n\
-\n\
-/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\
-\n\
-  if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\
-		ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\
-		ALLOW = gensub(";[[:blank:]]*$","","g",$0)\n\
-		print FILENAME "\\t" IFACENAME "\\t" ALLOW;\n\
-	}\n\
-}\
-'
-
-class accessTrans:
-    def __init__(self):
-        self.dict={}
-	try:
-		fd=open("/usr/share/selinux/devel/include/support/obj_perm_sets.spt")
-	except IOError, error:
-		raise IOError("Reference policy generation requires the policy development package.\n%s" % error)
-        records=fd.read().split("\n")
-        regexp="^define *\(`([^']*)' *, *` *\{([^}]*)}'"
-        for r in records:
-            m=re.match(regexp,r)
-            if m!=None:
-                self.dict[m.groups()[0]] = m.groups()[1].split()
-        fd.close()
-    def get(self, var):
-        l=[]
-        for v in var:
-            if v in self.dict.keys():
-                l += self.dict[v]
-            else:
-                if v not in ("{", "}"):
-                    l.append(v)
-        return l
-
-class interfaces:
-    def __init__(self):
-        self.dict={}
-        trans=accessTrans()
-	(input, output) = os.popen2("awk -f - /usr/share/selinux/devel/include/*/*.if 2> /dev/null")
-	input.write(awk_script)
-	input.close()
-	records=output.read().split("\n")
-	input.close()
-        if len(records) > 0:
-            regexp="([^ \t]*)[ \t]+([^ \t]*)[ \t]+%s" % allow_regexp
-            for r in records:
-                m=re.match(regexp,r)
-                if m==None:
-                    continue
-                else:
-                    val=m.groups()
-                file=os.path.basename(val[0]).split(".")[0]
-                iface=val[1]
-                Scon=val[2].split()
-                Tcon=val[3].split()
-                Class=val[4].split()
-                Access=trans.get(val[5].split())
-                for s in Scon:
-                    for t in Tcon:
-                        for c in Class:
-                            if (s, t, c) not in self.dict.keys():
-                                self.dict[(s, t, c)]=[]
-                            self.dict[(s, t, c)].append((Access, file, iface))
-    def out(self):
-        keys=self.dict.keys()
-        keys.sort()
-        for k in keys:
-            print k
-            for i in self.dict[k]:
-                print "\t", i
-                
-    def match(self, Scon, Tcon, Class, Access):
-        keys=self.dict.keys()
-        ret=[]
-        if (Scon, Tcon, Class) in keys:
-            for i in self.dict[(Scon, Tcon, Class)]:
-                if Access in i[0]:
-                    if i[2].find(Access) >= 0:
-                        ret.insert(0, i)
-                    else:
-                        ret.append(i)
-            return ret
-        if ("$1", Tcon, Class) in keys:
-            for i in self.dict[("$1", Tcon, Class)]:
-                if Access in i[0]:
-                    if i[2].find(Access) >= 0:
-                        ret.insert(0, i)
-                    else:
-                        ret.append(i)
-            return ret
-        if (Scon, "$1", Class) in keys:
-            for i in self.dict[(Scon, "$1", Class)]:
-                if Access in i[0]:
-                    if i[2].find(Access) >= 0:
-                        ret.insert(0, i)
-                    else:
-                        ret.append(i)
-            return ret
-        else:
-            return ret
-        
-
-class serule:
-	def __init__(self, type, source, target, seclass):
-		self.type=type
-		self.source=source
-		self.target=target
-		self.seclass=seclass
-		self.avcinfo={}
-		self.iface=None
-		
-	def add(self, avc):
-		for a in avc[0]:
-			if a not in self.avcinfo.keys():
-				self.avcinfo[a]=[]
-
-			self.avcinfo[a].append(avc[1:])
-
-	def getAccess(self):
-		if len(self.avcinfo.keys()) == 1:
-			for i in self.avcinfo.keys():
-				return i
-		else:
-			keys=self.avcinfo.keys()
-			keys.sort()
-			ret="{"
-			for i in keys:
-				ret=ret + " " + i				
-			ret=ret+" }"
-			return ret
-	def out(self, verbose=0):
-		ret=""
-		ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, self.gettarget(), self.seclass, self.getAccess())
-		if verbose:
-			keys=self.avcinfo.keys()
-			keys.sort()
-			for i in keys:
-				for x in self.avcinfo[i]:
-					ret=ret+"\n\t#TYPE=AVC  MSG=%s  " % x[0]
-					if len(x[1]):
-						ret=ret+"COMM=%s  " % x[1]
-					if len(x[2]):
-						ret=ret+"NAME=%s  " % x[2]
-					ret=ret + " : " + i 
-		return ret
-		
-	def gen_reference_policy(self, iface):
-		ret=""
-		Scon=self.source
-		Tcon=self.gettarget()
-		Class=self.seclass
-		Access=self.getAccess()
-		m=iface.match(Scon,Tcon,Class,Access)
-		if len(m)==0:
-			return self.out()
-		else:
-			file=m[0][1]
-			ret="\n#%s\n"% self.out()
-			ret += "optional_policy(`%s', `\n" % m[0][1]
-			first=True
-			for i in m:
-				if file != i[1]:
-					ret += "')\ngen_require(`%s', `\n" % i[1]
-					file = i[1]
-					first=True
-				if first:
-					ret += "\t%s(%s)\n" % (i[2], Scon)
-					first=False
-				else:
-					ret += "#\t%s(%s)\n" % (i[2], Scon)
-			ret += "');"
-		return ret
-		
-	def gettarget(self):
-		if self.source == self.target:
-			return "self"
-		else:
-			return self.target
-	
-class seruleRecords:
-	def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
-		self.last_reload=last_reload
-		self.seRules={}
-		self.seclasses={}
-		self.types=[]
-		self.roles=[]
-		self.load(input, te_ind)
-		self.gen_ref_policy = False
-
-	def gen_reference_policy(self):
-		self.gen_ref_policy = True
-		self.iface=interfaces()
-
-	def warning(self, error):
-		sys.stderr.write("%s: " % sys.argv[0])
-		sys.stderr.write("%s\n" % error)
-		sys.stderr.flush()
-
-	def load(self, input, te_ind=0):
-		VALID_CMDS=("allow", "dontaudit", "auditallow", "role")
-		
-		avc=[]
-		found=0
-		line = input.readline()
-		if te_ind:
-			while line:
-				rec=line.split()
-				if len(rec) and rec[0] in VALID_CMDS:
-					self.add_terule(line)
-				line = input.readline()
-					
-		else:
-			while line:
-				rec=line.split()
-				for i in rec:
-					if i=="avc:" or i=="message=avc:" or i=="msg='avc:":
-
-						found=1
-					else:
-						avc.append(i)
-				if found:
-					self.add(avc)
-					found=0
-					avc=[]
-				line = input.readline()
-				
-
-	def get_target(self, i, rule):
-		target=[]
-		if rule[i][0] == "{":
-			for t in rule[i].split("{"):
-				if len(t):
-					target.append(t)
-			i=i+1
-			for s in rule[i:]:
-				if s.find("}") >= 0:
-					for s1 in s.split("}"):
-						if len(s1):
-							target.append(s1)
-						i=i+1
-						return (i, target)
-
-				target.append(s)
-				i=i+1
-		else:
-			if rule[i].find(";") >= 0:
-				for s1 in rule[i].split(";"):
-					if len(s1):
-						target.append(s1)
-			else:
-				target.append(rule[i])
-
-		i=i+1
-		return (i, target)
-
-	def rules_split(self, rules):
-		(idx, target ) = self.get_target(0, rules)
-		(idx, subject) = self.get_target(idx, rules)
-		return (target, subject)
-
-	def add_terule(self, rule):
-		rc = rule.split(":")
-		rules=rc[0].split()
-		type=rules[0]
-		if type == "role":
-			print type
-		(sources, targets) = self.rules_split(rules[1:])
-		rules=rc[1].split()
-		(seclasses, access) = self.rules_split(rules)
-		for scon in sources:
-			for tcon in targets:
-				for seclass in seclasses:
-					self.add_rule(type, scon, tcon, seclass,access)
-		
-	def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", comm="", name=""):
-		self.add_seclass(seclass, access)
-		self.add_type(tcon)
-		self.add_type(scon)
-		if (rule_type, scon, tcon, seclass) not in self.seRules.keys():
-			self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
-				
-		self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
-
-	def add(self,avc):
-		scon=""
-		tcon=""
-		seclass=""
-		comm=""
-		name=""
-		msg=""
-		access=[]
-		if "security_compute_sid" in avc:
-			return
-		
-		if "load_policy" in avc and self.last_reload:
-			self.seRules={}
-
-		if "granted" in avc:
-			return
-		try:
-			for i in range (0, len(avc)):
-				if avc[i]=="{":
-					i=i+1
-					while i<len(avc) and avc[i] != "}":
-						access.append(avc[i])
-						i=i+1
-					continue
-			
-				t=avc[i].split('=')
-				if len(t) < 2:
-					continue
-				if t[0]=="scontext":
-					context=t[1].split(":")
-					scon=context[2]
-					srole=context[1]
-					continue
-				if t[0]=="tcontext":
-					context=t[1].split(":")
-					tcon=context[2]
-					trole=context[1]
-					continue
-				if t[0]=="tclass":
-					seclass=t[1]
-					continue
-				if t[0]=="comm":
-					comm=t[1]
-					continue
-				if t[0]=="name":
-					name=t[1]
-					continue
-				if t[0]=="msg":
-					msg=t[1]
-					continue
-
-			if scon=="" or tcon =="" or seclass=="":
-				return
-		except IndexError, e:
-			self.warning("Bad AVC Line: %s" % avc)
-			return
-			
-		self.add_role(srole)
-		self.add_role(trole)
-		self.add_rule("allow", scon, tcon, seclass, access, msg, comm, name)
+from avc import *
 
-	def add_seclass(self,seclass, access):
-		if seclass not in self.seclasses.keys():
-				self.seclasses[seclass]=[]
-		for a in access:
-			if a not in self.seclasses[seclass]:
-				self.seclasses[seclass].append(a)
-				
-	def add_role(self,role):
-		if role not in self.roles:
-				self.roles.append(role)
-
-	def add_type(self,type):
-		if type not in self.types:
-				self.types.append(type)
-
-	def gen_module(self, module):
-		return "module %s 1.0;" % module
-
-	def gen_requires(self):
-		self.roles.sort()
-		self.types.sort()
-		keys=self.seclasses.keys()
-		keys.sort()
-		rec="\n\nrequire {\n"
-		if len(self.roles) > 0:
-			for i in self.roles:
-				rec += "\trole %s; \n" % i
-			rec += "\n" 
-
-		for i in keys:
-			access=self.seclasses[i]
-			if len(access) > 1:
-				access.sort()
-				rec += "\tclass %s {" % i
-				for a in access:
-					rec += " %s" % a
-				rec += " }; \n"
-			else:
-				rec += "\tclass %s %s;\n" % (i, access[0])
-				
-		rec += "\n" 
-			
-		for i in self.types:
-			rec += "\ttype %s; \n" % i
-		rec += " };\n\n\n"
-		return rec
-	
-	def out(self, require=0, module=""):
-		rec=""
-		if len(self.seRules.keys())==0:
-		       raise(ValueError("No AVC messages found."))
-		if module != "":
-			rec += self.gen_module(module)
-			rec += self.gen_requires()
-		else:
-			if requires:
-				rec+=self.gen_requires()
-
-		keys=self.seRules.keys()
-		keys.sort()
-		for i in keys:
-			if self.gen_ref_policy:
-				rec += self.seRules[i].gen_reference_policy(self.iface)+"\n"
-			else:
-				rec += self.seRules[i].out(verbose)+"\n"
-		return rec
-
 if __name__ == '__main__':
-
+	import commands, sys, os, getopt, selinux
+        import gettext
+        try:
+                gettext.install('policycoreutils')
+        except:
+                pass
 	def get_mls_flag():
 		if selinux.is_selinux_mls_enabled():
 			return "-M"
 		else:
 			return ""
 
-	def usage(msg=""):
-		print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+	def usage(msg = ""):
+		print _('audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
 		-a, --all        read input from audit and message log, conflicts with -i\n\
 		-d, --dmesg      read input from output of /bin/dmesg\n\
 		-h, --help       display this message\n\
@@ -465,10 +50,11 @@
 		-M               generate loadable module package, conflicts with -o\n\
 		-o, --output     append output to <outputfile>, conflicts with -M\n\
 		-r, --requires   generate require output \n\
-		-t, --tefile     Indicates input is Existing Type Enforcement file\n\
+		-t, --tefile     Add input from Existing Type Enforcement file\n\
 		-f, --fcfile     Existing Type Enforcement file, requires -M\n\
 		-v, --verbose    verbose output\n\
-		'
+                -A, --analyze    Analyze output\n\
+                ')
 		if msg != "":
 			print msg
 		sys.exit(1)
@@ -483,24 +69,26 @@
 	# 
 	#
 	try:
-		last_reload=0
-		input=sys.stdin
-		output=sys.stdout
-		module=""
-		requires=0
-		verbose=0
-		auditlogs=0
-		buildPP=0
-		input_ind=0
-		output_ind=0
-		ref_ind=False
-		te_ind=0
+		last_reload = 0
+		inputfd = sys.stdin
+		output = sys.stdout
+		module = ""
+		requires = 0
+		verbose = 0
+		auditlogs = 0
+		buildPP = 0
+		input_ind = 0
+		output_ind = 0
+		ref_ind = False
+		analyze = False
+		te_inputs = []
 
-		fc_file=""
+		fc_file = ""
 		gopts, cmds = getopt.getopt(sys.argv[1:],
-					    'adf:hi:lm:M:o:rtvR',
+					    'Aadf:hi:lm:M:o:rt:vR',
 					    ['all',
-					     'dmesg',
+                                             'analyze',
+                                             'dmesg',
 					     'fcfile=',
 					     'help',
 					     'input=',
@@ -509,57 +97,61 @@
 					     'output=',
 					     'requires',
 					     'reference',
-					     'tefile',
+					     'tefile=',
 					     'verbose'
 					     ])
 		for o,a in gopts:
 			if o == "-a" or o == "--all":
-				if input_ind or te_ind:
+				if input_ind:
 					usage()
-				input=open("/var/log/messages", "r")
-				auditlogs=1
+				inputfd = open("/var/log/messages", "r")
+				auditlogs = 1
 			if o == "-d"  or o == "--dmesg":
-				input=os.popen("/bin/dmesg", "r")
+				inputfd = os.popen("/bin/dmesg", "r")
 			if o == "-f" or o == "--fcfile":
-				if a[0]=="-":
+				if a[0] == "-":
 					usage()
-				fc_file=a
+				fc_file = a
 			if o == "-h" or o == "--help":
 				usage()
 			if o == "-i"or o == "--input":
-				if auditlogs  or a[0]=="-":
+				if auditlogs  or a[0] == "-":
 					usage()
-				input_ind=1
-				input=open(a, "r")
+				input_ind = 1
+				inputfd = open(a, "r")
 			if o == '--lastreload' or o == "-l":
-				last_reload=1
+				last_reload = 1
 			if o == "-m" or o == "--module":
-				if module != "" or a[0]=="-":
+				if module != "" or a[0] == "-":
 					usage()
-				module=a
+				module = a
 			if o == "-M":
-				if module != "" or output_ind  or a[0]=="-":
+				if module != "" or output_ind  or a[0] == "-":
 					usage()
-				module=a
-				outfile=a+".te"
-				buildPP=1
-				output=open(outfile, "w")
+				module = a
+				outfile = a+".te"
+				buildPP = 1
+				if not os.path.exists("/usr/bin/checkmodule"):
+					errorExit("-M Requires the checkmodule command, you need to install the checkpolicy rpm package")
+				output = open(outfile, "w")
 			if o == "-r" or o == "--requires":
-				requires=1
+				requires = 1
 			if o == "-t" or o == "--tefile":
-				if auditlogs:
-					usage()
-				te_ind=1
+				te_inputs.append(open(a, "r"))
+                                
 			if o == "-R" or o == "--reference":
-				ref_ind=True
+				ref_ind = True
 				
 			if o == "-o" or o == "--output":
-				if module != ""  or a[0]=="-":
+				if module != ""  or a[0] == "-":
 					usage()
-				output=open(a, "a")
-				output_ind=1
+				output = open(a, "a")
+				output_ind = 1
 			if o == "-v" or o == "--verbose":
-				verbose=1
+				verbose = 1
+				
+			if o == "-A" or o == "--analyze":
+				analyze = True
 				
 		if len(cmds) != 0:
 			usage()
@@ -567,42 +159,52 @@
 		if fc_file != "" and not buildPP:
 			usage("Error %s: Option -fc requires -M" % sys.argv[0])
 			
-		out=seruleRecords(input, last_reload, verbose, te_ind)
+                serules = SERules(last_reload, verbose)
+
+                for i in te_inputs:
+                    te = TERules(serules)
+                    te.load(i)
+
+                serules.load(inputfd)
 
 
 		if ref_ind:
-			out.gen_reference_policy()
+			serules.gen_reference_policy()
+
+		if analyze:
+			serules.analyze()
+			sys.exit(0)
 
-		if auditlogs:
-			input=os.popen("ausearch -m avc")
-			out.load(input)
+		if auditlogs and os.path.exists("/var/log/audit/audit.log"):
+			inputfd = os.popen("ausearch -m avc,MAC_POLICY_LOAD")
+			serules.load(inputfd)
 
 		if buildPP:
-			print ("Generating type enforcment file: %s.te" % module)
-		output.write(out.out(requires, module))
+			print (_("Generating type enforcment file: %s.te") % module)
+		output.write(serules.out(requires, module))
 		output.flush()
 		if buildPP:
-			cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
-			print "Compiling policy"
+			cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
+			print _("Compiling policy")
 			print cmd
-			rc=commands.getstatusoutput(cmd)
-			if rc[0]==0:
-				cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
+			rc = commands.getstatusoutput(cmd)
+			if rc[0] == 0:
+				cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module)
 				if fc_file != "":
 					cmd = "%s -f %s" % (cmd, fc_file)
 					
 				print cmd
-				rc=commands.getstatusoutput(cmd)
-				if rc[0]==0:
-					print ("\n******************** IMPORTANT ***********************\n")
-					print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module)
+				rc = commands.getstatusoutput(cmd)
+				if rc[0] == 0:
+					print _("\n******************** IMPORTANT ***********************\n")
+					print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module)
 				else:
 					errorExit(rc[1])
 			else:
 				errorExit(rc[1])
 
 	except getopt.error, error:
-		errorExit("Options Error " + error.msg)
+		errorExit(_("Options Error: %s ") % error.msg)
 	except ValueError, error:
 		errorExit(error.args[0])
 	except IOError, error:

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#2 (text+ko) ====

@@ -66,7 +66,7 @@
 Generate require output syntax for loadable modules.
 .TP
 .B "\-R" | "\-\-reference"
-Generate reference policy using installed macros
+Generate reference policy using installed macros.  Requires the selinux-policy-devel package.
 .TP
 .B "\-t "  | "\-\-tefile"
 Indicates input file is a te (type enforcement) file.  This can be used to translate old te format to new policy format.
@@ -98,6 +98,11 @@
 .PP
 .SH EXAMPLE
 .nf
+.B NOTE: These examples are for systems using the audit package.  If you do 
+.B not use the audit package,  the AVC messages will be in /var/log/messages.
+.B Please substitute /var/log/messages for /var/log/audit/audit.log in the 
+.B examples.
+.PP
 .B Using audit2allow to generate monolithic (non-module) policy
 $ cd /etc/selinux/$SELINUXTYPE/src/policy
 $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2why/audit2why.c#2 (text+ko) ====

@@ -15,13 +15,14 @@
 #define TCONTEXT "tcontext="
 #define TCLASS "tclass="
 
-void usage(char *progname, int rc) 
+void usage(char *progname, int rc)
 {
- 	fprintf(stderr, "usage:  %s [-p policy] < /var/log/audit/audit.log\n", progname);
+	fprintf(stderr, "usage:  %s [-p policy] < /var/log/audit/audit.log\n",
+		progname);
 	exit(rc);
 }
 
-int main(int argc, char **argv) 
+int main(int argc, char **argv)
 {
 	char path[PATH_MAX];
 	char *buffer = NULL, *bufcopy = NULL;
@@ -62,25 +63,30 @@
 
 	if (!set_path) {
 		if (!is_selinux_enabled()) {
-			fprintf(stderr, "%s:  Must specify -p policy on non-SELinux systems\n", argv[0]);
+			fprintf(stderr,
+				"%s:  Must specify -p policy on non-SELinux systems\n",

>>> TRUNCATED FOR MAIL (1000 lines) <<<


More information about the trustedbsd-cvs mailing list