Hello community, here is the log from the commit of package setools for openSUSE:Leap:15.2 checked in at 2020-03-21 16:45:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/setools (Old) and /work/SRC/openSUSE:Leap:15.2/.setools.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "setools" Sat Mar 21 16:45:30 2020 rev:13 rq:785979 version:4.2.2 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/setools/setools.changes 2020-01-15 16:01:56.791878591 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.setools.new.3160/setools.changes 2020-03-21 16:46:42.893620076 +0100 @@ -1,0 +2,28 @@ +Thu Oct 31 12:02:30 CET 2019 - Matej Cepl <mc...@suse.com> + +- Add python3.8-compat.patch to allow build with Python 3.8 + Still doesn't work though because of gh#SELinuxProject/setools#31 + +------------------------------------------------------------------- +Thu Oct 31 09:38:27 CET 2019 - Matej Cepl <mc...@suse.com> + +- Update to the upstream version 4.2.2: + - Remove source policy references from man pages, as loading + source policies is no longer supported. + - Fixed a performance regression in alias loading after alias + dereferencing fixes in 4.2.1. + +------------------------------------------------------------------- +Tue Feb 5 08:01:41 UTC 2019 - jseg...@suse.com + +- Update to 4.2.1 + * Set SIGPIPE handler for CLI tools. + * Fixed alias dereferencing in TypeQuery and type, category, and + sensitivity lookups. + * Fixed sediff bug for rendering modified nodecons. + * Fixed devicetreecon count output. + * Fixed policy target platform check. + * Fixed bug in creating permission set intersection in apol. +- Provide python-setools + +------------------------------------------------------------------- Old: ---- 4.2.0.tar.gz New: ---- 4.2.2.tar.gz python3.8-compat.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ setools.spec ++++++ --- /var/tmp/diff_new_pack.bUGPGe/_old 2020-03-21 16:46:43.621620823 +0100 +++ /var/tmp/diff_new_pack.bUGPGe/_new 2020-03-21 16:46:43.637620839 +0100 @@ -1,7 +1,7 @@ # # spec file for package setools # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,13 +22,16 @@ %define skip_python2 1 Name: setools -Version: 4.2.0 +Version: 4.2.2 Release: 0 Url: https://github.com/SELinuxProject/setools Summary: Policy analysis tools for SELinux License: GPL-2.0-only Group: System/Management Source: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz +# PATCH-FIX-UPSTREAM python3.8-compat.patch mc...@suse.com +# allow build with Python 3.8 +Patch0: python3.8-compat.patch BuildRequires: %{python_module Cython} BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} @@ -74,6 +77,7 @@ Group: Development/Languages/Python Requires: python Obsoletes: python-setools < %{version} +Provides: python-setools = %{version}-%{release} %description -n python3-setools SETools is a collection of graphical tools, command-line tools, and @@ -98,6 +102,7 @@ %prep %setup -q -n %{name}-%{version} +%autopatch -p1 %build %python_build ++++++ 4.2.0.tar.gz -> 4.2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/ChangeLog new/setools-4.2.2/ChangeLog --- old/setools-4.2.0/ChangeLog 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/ChangeLog 2019-06-15 21:32:13.000000000 +0200 @@ -1,3 +1,112 @@ +*setools-4.2.2 (15 Jun 2019) + + * Remove source policy references from man pages, as loading source policies + is no longer supported. + * Fixed a performance regression in alias loading after alias dereferencing + fixes in 4.2.1. + + +*setools-4.2.1 (4 Feb 2019) + + * Set SIGPIPE handler for CLI tools. + * Fixed alias dereferencing in TypeQuery and type, category, and sensitivity + lookups. + * Fixed sediff bug for rendering modified nodecons. + * Fixed devicetreecon count output. + * Fixed policy target platform check. + * Fixed bug in creating permission set intersection in apol. + + +*setools-4.2.0 (10 Nov 2018) + + This release focused on improving performance and reducing memory usage. + + A Cython-based policy representation replaced the + Python/SWIG/static-linked-libsepol implemention. SETools no longer statically + links to libsepol, though it is strongly suggested that users rebuild SETools + after updating libsepol, in case the policy structure changes. + + Building on the policy representation change, refinements in sediff yielded + as much as a 90% reduction in memory use, depending on the policies. + + This release of SETools has different dependencies than previous versions. + See README.md for more details. Support for Python 2.7 was dropped because + all current SELinux-supporting distributions provide Python 3. + + Other smaller changes included: + + * Added support for SCTP portcons. + * Updated permission maps. + * Policy symbol names are now available as the name attribute (e.g. + Boolean.name, Type.name, etc.) + * Revised some apol layouts to increase the size of text entry fields. + * Revised package structure to make policyrep a module of the setools + package. + * Moved constraint expression to its own class. + * Made Conditional.evaluate() more useful and added BaseTERule.enabled() + method to determine if a rule is enabled. + + Changes since v4.2.0-rc: + + * Restored missing statement() methods in some policyrep classes + * Fixed NULL pointer dereference when iterating over type attributes when + the policy has none. + * Added xdp_socket permission mapping. + + +*setools-4.2.0-rc (29 Sep 2018) + + Changes since v4.2.0-beta: + + * Fixed performance regressions. + * Made further memory usage improvements. + * Fixed build issues with clean target and runtime_library_dirs. + * Revised package structure to make policyrep a module of the setools + package. + * Symbol names are now available as the name attribute (e.g. + Boolean.name, Type.name, etc.) + * Fixed some apol layouts to increase the size of text fields. + * Move constraint expression to its own class. + * Made Conditional.evaluate() more useful and added BaseTERule.enabled() + method to determine if a rule is enabled. + + +*setools-4.2.0-beta (10 Jul 2018) + + Changes since v4.1.1: + + * Replaced the Python/SWIG/static-linked-libsepol policyrep module with + a Cython implementation. This will have performance and memory-usage + improvements and breaks the static linking to libsepol. + * Significant memory usage reduction in sediff (approximately 60%, + depending on the policies). + * Added support for SCTP portcons. + * Updated permission maps. + * Support for Python 2.7 was dropped. + + This release of SETools has changed dependencies since 4.1.1. See README.md for more details. + + +*setools-4.1.1 (5 Aug 2017) + + This release has three changes since 4.1.0: + + * Update for libsepol 2.7 + * Update to permission maps + * Fixes for apol help files + + +*setools-4.1.0 (23 Jan 2017) + + This release primarily focused on adding features to apol, but has several + library enhancements. There is also one important bugfix in sediff. There + were no changes since 4.1.0-rc. + + Note This will not compile on the master branch of libsepol (what will + be libsepol 2.7). A future release of SETools will have this support + (when libsepol 2.7 is released). + + *setools-4.1.0-rc (11 Dec 2016) Library: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/man/apol.1 new/setools-4.2.2/man/apol.1 --- old/setools-4.2.0/man/apol.1 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/man/apol.1 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ .\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. -.TH apol 1 2016-02-20 "Tresys Technology, LLC" "SETools: SELinux Policy Analysis Tools" +.TH apol 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools" .SH NAME apol \- Graphical SELinux policy analysis tool @@ -13,14 +13,7 @@ .SH POLICY .PP -\fBapol\fR supports loading SELinux policies in one of two formats. -.RS -.IP "source:" -A single text file containing a monolithic policy source. This file is usually named policy.conf. -.IP "binary:" A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems. -.RE -.PP If not provided, \fBapol\fR will start with none loaded. .SH OPTIONS @@ -34,10 +27,10 @@ Enable debugging output. .SH AUTHOR -Chris PeBenito <cpeben...@tresys.com> +Chris PeBenito <peben...@ieee.org> .SH BUGS -Please report bugs via the SETools bug tracker, https://github.com/TresysTechnology/setools/issues +Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues .SH SEE ALSO sediff(1), sedta(1), seinfo(1), seinfoflow(1), sesearch(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/man/sediff.1 new/setools-4.2.2/man/sediff.1 --- old/setools-4.2.0/man/sediff.1 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/man/sediff.1 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ .\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. -.TH sediff 1 2016-04-19 "Tresys Technology, LLC" "SETools: SELinux Policy Analysis Tools" +.TH sediff 1 2016-04-19 "SELinux Project" "SETools: SELinux Policy Analysis Tools" .SH NAME sediff \- SELinux policy difference tool @@ -12,15 +12,8 @@ .SH POLICY .PP -\fBsediff\fR supports loading SELinux policies in one of two formats. -.RS -.IP "source:" -A single text file containing a monolithic policy source. This file is usually named policy.conf. -.IP "binary:" A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems. -.RE -.PP -Policies do not need to be the same format. If not provided, \fBsediff\fR will print an error message and exit. +If not provided, \fBsediff\fR will print an error message and exit. .SH EXPRESSIONS .P @@ -148,10 +141,10 @@ .PP .SH AUTHOR -Chris PeBenito <cpeben...@tresys.com> +Chris PeBenito <peben...@ieee.org> .SH BUGS -Please report bugs via the SETools bug tracker, https://github.com/TresysTechnology/setools/issues +Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues .SH SEE ALSO apol(1), sedta(1), seinfo(1), seinfoflow(1), sesearch(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/man/sedta.1 new/setools-4.2.2/man/sedta.1 --- old/setools-4.2.0/man/sedta.1 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/man/sedta.1 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ .\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. -.TH sedta 1 2016-02-20 "Tresys Technology, LLC" "SETools: SELinux Policy Analysis Tools" +.TH sedta 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools" .SH NAME sedta \- Domain transition analysis for SELinux policies @@ -14,15 +14,7 @@ .SH POLICY .PP -\fBsedta\fR supports loading SELinux policies in one of two formats. -.RS -.IP "source:" -A single text file containing a monolithic policy source. This file is usually named policy.conf. -.IP "binary:" A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems. -.RE -.PP -.PP If no policy file is provided, \fBsedta\fR will search for the policy running on the current system. If no policy can be found, \fBsedta\fR will print an error message and exit. @@ -69,10 +61,10 @@ Enable debugging output. .SH AUTHOR -Chris PeBenito <cpeben...@tresys.com> +Chris PeBenito <peben...@ieee.org> .SH BUGS -Please report bugs via the SETools bug tracker, https://github.com/TresysTechnology/setools/issues +Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues .SH SEE ALSO apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/man/seinfo.1 new/setools-4.2.2/man/seinfo.1 --- old/setools-4.2.0/man/seinfo.1 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/man/seinfo.1 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ .\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. -.TH seinfo 1 2016-02-20 "Tresys Technology, LLC" "SETools: SELinux Policy Analysis Tools" +.TH seinfo 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools" .SH NAME seinfo \- SELinux policy information tool @@ -12,14 +12,7 @@ .SH POLICY .PP -\fBapol\fR supports loading SELinux policies in one of two formats. -.RS -.IP "source:" -A single text file containing a monolithic policy source. This file is usually named policy.conf. -.IP "binary:" A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems. -.RE -.PP If no policy file is provided, \fBseinfo\fR will search for the policy running on the current system. If no policy can be found, \fBseinfo\fR will print an error message and exit. @@ -109,10 +102,10 @@ Enable debugging output. .SH AUTHOR -Chris PeBenito <cpeben...@tresys.com> +Chris PeBenito <peben...@ieee.org> .SH BUGS -Please report bugs via the SETools bug tracker, https://github.com/TresysTechnology/setools/issues +Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues .SH SEE ALSO apol(1), sediff(1), sedta(1), seinfoflow(1), sesearch(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/man/seinfoflow.1 new/setools-4.2.2/man/seinfoflow.1 --- old/setools-4.2.0/man/seinfoflow.1 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/man/seinfoflow.1 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ .\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. -.TH seinfoflow 1 2016-02-20 "Tresys Technology, LLC" "SETools: SELinux Policy Analysis Tools" +.TH seinfoflow 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools" .SH NAME seinfoflow \- Information flow analysis for SELinux policies @@ -14,15 +14,7 @@ .SH POLICY .PP -\fBseinfoflow\fR supports loading SELinux policies in one of two formats. -.RS -.IP "source:" -A single text file containing a monolithic policy source. This file is usually named policy.conf. -.IP "binary:" A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems. -.RE -.PP -.PP If no policy file is provided, \fBseinfoflow\fR will search for the policy running on the current system. If no policy can be found, \fBseinfoflow\fR will print an error message and exit. @@ -70,10 +62,10 @@ Enable debugging output. .SH AUTHOR -Chris PeBenito <cpeben...@tresys.com> +Chris PeBenito <peben...@ieee.org> .SH BUGS -Please report bugs via the SETools bug tracker, https://github.com/TresysTechnology/setools/issues +Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues .SH SEE ALSO apol(1), sediff(1), sedta(1), seinfo(1), sesearch(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/man/sesearch.1 new/setools-4.2.2/man/sesearch.1 --- old/setools-4.2.0/man/sesearch.1 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/man/sesearch.1 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ .\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. -.TH sesearch 1 2016-04-19 "Tresys Technology, LLC" "SETools: SELinux Policy Analysis Tools" +.TH sesearch 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools" .SH NAME sesearch \- SELinux policy query tool @@ -12,14 +12,7 @@ .SH POLICY .PP -\fBsesearch\fR supports loading SELinux policies in one of two formats. -.RS -.IP "source:" -A single text file containing a monolithic policy source. This file is usually named policy.conf. -.IP "binary:" A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems. -.RE -.PP If no policy file is provided, \fBsesearch\fR will search for the policy running on the current system. If no policy can be found, \fBsesearch\fR will print an error message and exit. @@ -113,10 +106,10 @@ Enable debugging output. .SH AUTHOR -Chris PeBenito <cpeben...@tresys.com> +Chris PeBenito <peben...@ieee.org> .SH BUGS -Please report bugs via the SETools bug tracker, https://github.com/TresysTechnology/setools/issues +Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues .SH SEE ALSO apol(1), sediff(1), sedta(1), seinfo(1), seinfoflow(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/qhc/apol.qhcp new/setools-4.2.2/qhc/apol.qhcp --- old/setools-4.2.0/qhc/apol.qhcp 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/qhc/apol.qhcp 2019-06-15 21:32:13.000000000 +0200 @@ -3,8 +3,8 @@ <QHelpCollectionProject version="1.0"> <assistant> <title>Apol Help</title> - <startPage>qthelp://com.github.tresystechnology.setools/doc/index.html</startPage> - <homePage>qthelp://com.github.tresystechnology.setools/doc/index.html</homePage> + <startPage>qthelp://com.github.selinuxproject.setools/doc/index.html</startPage> + <homePage>qthelp://com.github.selinuxproject.setools/doc/index.html</homePage> </assistant> <docFiles> <generate> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/qhc/apol.qhp new/setools-4.2.2/qhc/apol.qhp --- old/setools-4.2.0/qhc/apol.qhp 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/qhc/apol.qhp 2019-06-15 21:32:13.000000000 +0200 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Copyright (c) 2016 Tresys Technology, LLC. All rights reserved. --> <QtHelpProject version="1.0"> - <namespace>com.github.tresystechnology.setools</namespace> + <namespace>com.github.selinuxproject.setools</namespace> <virtualFolder>doc</virtualFolder> <customFilter name="Apol"> <filterAttribute>apol</filterAttribute> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/sediff new/setools-4.2.2/sediff --- old/setools-4.2.0/sediff 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/sediff 2019-06-15 21:32:13.000000000 +0200 @@ -21,9 +21,13 @@ import argparse import sys import logging +import signal from itertools import chain from contextlib import suppress + +signal.signal(signal.SIGPIPE, signal.SIG_DFL) + parser = argparse.ArgumentParser( description="SELinux policy semantic difference tool.", epilog="If no differences are selected, all differences will be printed.") @@ -1328,10 +1332,9 @@ print(" - {0}".format(n)) if diff.modified_nodecons and not args.stats: print(" Modified Nodecons: {0}".format(len(diff.modified_nodecons))) - for con, added_context, removed_context in sorted(diff.modified_nodecons, - key=lambda x: x.rule): - print(" * nodecon {0.address} {0.netmask} +[{1}] -[{2}];".format( - con, added_context, removed_context)) + for entry in sorted(diff.modified_nodecons, key=lambda x: x.rule): + print(" * nodecon {0} +[{1.added_context}] -[{1.removed_context}];".format( + entry.rule.network.with_netmask.replace("/", " "), entry)) print() del diff.added_nodecons diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/sedta new/setools-4.2.2/sedta --- old/setools-4.2.0/sedta 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/sedta 2019-06-15 21:32:13.000000000 +0200 @@ -20,6 +20,7 @@ import sys import argparse import logging +import signal import setools @@ -67,6 +68,8 @@ print() +signal.signal(signal.SIGPIPE, signal.SIG_DFL) + parser = argparse.ArgumentParser( description="SELinux policy domain transition analysis tool.", epilog="If no analysis is selected, all forward transitions out of the source will be printed.") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/seinfo new/setools-4.2.2/seinfo --- old/setools-4.2.0/seinfo 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/seinfo 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,6 @@ #!/usr/bin/env python3 # Copyright 2014-2015, Tresys Technology, LLC +# Copyright 2018-2019, Chris PeBenito <peben...@ieee.org> # # This file is part of SETools. # @@ -21,6 +22,7 @@ import argparse import sys import logging +import signal def expand_attr(attr): @@ -30,6 +32,8 @@ return "{0}\n\t{1}".format(attr.statement(), contents) +signal.signal(signal.SIGPIPE, signal.SIG_DFL) + parser = argparse.ArgumentParser(description="SELinux policy information tool.") parser.add_argument("--version", action="version", version=setools.__version__) parser.add_argument("policy", help="Path to the SELinux policy to query.", nargs="?") @@ -122,7 +126,7 @@ components.append(("Booleans", q, lambda x: x.statement())) if args.mlscatsquery or args.all: - q = setools.CategoryQuery(p) + q = setools.CategoryQuery(p, alias_deref=True) if isinstance(args.mlscatsquery, str): q.name = args.mlscatsquery @@ -231,7 +235,7 @@ components.append(("Roles", q, lambda x: x.statement())) if args.mlssensquery or args.all: - q = setools.SensitivityQuery(p) + q = setools.SensitivityQuery(p, alias_deref=True) if isinstance(args.mlssensquery, str): q.name = args.mlssensquery @@ -245,7 +249,7 @@ components.append(("Typebounds", q, lambda x: x.statement())) if args.typequery or args.all: - q = setools.TypeQuery(p) + q = setools.TypeQuery(p, alias_deref=True) if isinstance(args.typequery, str): q.name = args.typequery @@ -330,7 +334,7 @@ print(" Defaults: {0:7} Typebounds: {1:7}".format( p.default_count, p.typebounds_count)) - if p.target_platform == "selinux": + if p.target_platform == setools.PolicyTarget.selinux: print(" Allowxperm: {0:7} Neverallowxperm: {1:7}".format( p.allowxperm_count, p.neverallowxperm_count)) print(" Auditallowxperm: {0:7} Dontauditxperm: {1:7}".format( @@ -341,8 +345,8 @@ p.genfscon_count, p.portcon_count)) print(" Netifcon: {0:7} Nodecon: {1:7}".format( p.netifcon_count, p.nodecon_count)) - elif p.target_platform == "xen": - print(" Initial SIDs: {0:7} Devicetreecon {1:7}".format( + elif p.target_platform == setools.PolicyTarget.xen: + print(" Initial SIDs: {0:7} Devicetreecon: {1:7}".format( p.initialsids_count, p.devicetreecon_count)) print(" Iomemcon: {0:7} Ioportcon: {1:7}".format( p.iomemcon_count, p.ioportcon_count)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/seinfoflow new/setools-4.2.2/seinfoflow --- old/setools-4.2.0/seinfoflow 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/seinfoflow 2019-06-15 21:32:13.000000000 +0200 @@ -21,6 +21,9 @@ import argparse import sys import logging +import signal + +signal.signal(signal.SIGPIPE, signal.SIG_DFL) parser = argparse.ArgumentParser( description="SELinux policy information flow analysis tool.", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/sesearch new/setools-4.2.2/sesearch --- old/setools-4.2.0/sesearch 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/sesearch 2019-06-15 21:32:13.000000000 +0200 @@ -21,6 +21,9 @@ import argparse import sys import logging +import signal + +signal.signal(signal.SIGPIPE, signal.SIG_DFL) parser = argparse.ArgumentParser( description="SELinux policy rule search tool.", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setools/constraintquery.py new/setools-4.2.2/setools/constraintquery.py --- old/setools-4.2.0/setools/constraintquery.py 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setools/constraintquery.py 2019-06-15 21:32:13.000000000 +0200 @@ -122,7 +122,7 @@ if not self._match_perms(c): continue except ConstraintUseError: - continue + continue if self.role and not self._match_expr( c.expression.roles, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setools/mixins.py new/setools-4.2.2/setools/mixins.py --- old/setools-4.2.0/setools/mixins.py 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setools/mixins.py 2019-06-15 21:32:13.000000000 +0200 @@ -1,4 +1,5 @@ # Copyright 2015, Tresys Technology, LLC +# Copyright 2019, Chris PeBenito <peben...@ieee.org> # # This file is part of SETools. # @@ -137,14 +138,15 @@ class MatchName: - """Mixin for matching an object's name.""" + """Mixin for matching an object's name with alias dereferencing.""" name = CriteriaDescriptor("name_regex") name_regex = False + alias_deref = False def _match_name_debug(self, log): """Log debugging messages for name matching.""" - log.debug("Name: {0.name!r}, regex: {0.name_regex}".format(self)) + log.debug("Name: {0.name!r}, regex: {0.name_regex}, deref: {0.alias_deref}".format(self)) def _match_name(self, obj): """Match the object to the name criteria.""" @@ -152,7 +154,11 @@ # if there is no criteria, everything matches. return True - return match_regex(obj, self.name, self.name_regex) + if self.alias_deref: + return match_regex(obj, self.name, self.name_regex) or \ + match_in_set(obj.aliases(), self.name, self.name_regex) + else: + return match_regex(obj, self.name, self.name_regex) class MatchObjClass: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setools/policyrep/mls.pxi new/setools-4.2.2/setools/policyrep/mls.pxi --- old/setools-4.2.0/setools/policyrep/mls.pxi 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setools/policyrep/mls.pxi 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ # Copyright 2014-2016, Tresys Technology, LLC -# Copyright 2017-2018, Chris PeBenito <peben...@ieee.org> +# Copyright 2017-2019, Chris PeBenito <peben...@ieee.org> # # This file is part of SETools. # @@ -65,6 +65,7 @@ c.key = <uintptr_t>symbol c.name = policy.category_value_to_name(symbol.s.value - 1) c._value = symbol.s.value + c._aliases = policy.category_alias_map[symbol.s.value] _cat_cache[policy][<uintptr_t>symbol] = c return c @@ -75,22 +76,15 @@ # Comparison based on their index instead of their names. return self._value < other._value - cdef inline void _load_aliases(self): - """Helper method to load aliases.""" - if self._aliases is None: - self._aliases = list(self.policy.category_aliases(self)) - def aliases(self): """Generator that yields all aliases for this category.""" - self._load_aliases() - return self.policy.category_aliases(self) + return iter(self._aliases) def statement(self): cdef: str stmt size_t count - self._load_aliases() count = len(self._aliases) stmt = "category {0}".format(self.name) @@ -127,6 +121,7 @@ s.key = <uintptr_t>symbol s.name = policy.level_value_to_name(symbol.level.sens - 1) s._value = symbol.level.sens + s._aliases = policy.sensitivity_alias_map[symbol.level.sens] return s def __hash__(self): @@ -144,14 +139,8 @@ def __lt__(self, other): return self._value < other._value - cdef inline void _load_aliases(self): - """Helper method to load aliases.""" - if self._aliases is None: - self._aliases = list(self.policy.sensitivity_aliases(self)) - def aliases(self): """Generator that yields all aliases for this sensitivity.""" - self._load_aliases() return iter(self._aliases) def level_decl(self): @@ -167,7 +156,6 @@ str stmt size_t count - self._load_aliases() count = len(self._aliases) stmt = "sensitivity {0}".format(self.name) @@ -540,66 +528,6 @@ datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL -cdef class CategoryAliasHashtabIterator(HashtabIterator): - - """Iterate over category aliases in the policy.""" - - cdef uint32_t primary - - @staticmethod - cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Category primary): - """Factory function for creating category alias iterators.""" - i = CategoryAliasHashtabIterator() - i.policy = policy - i.table = table - i.primary = primary._value - i.reset() - return i - - def __next__(self): - super().__next__() - datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL - - while datum != NULL and (not datum.isalias or datum.s.value != self.primary): - super().__next__() - datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL - - return intern(self.curr.key) - - def __len__(self): - cdef sepol.cat_datum_t *datum - cdef sepol.hashtab_node_t *node - cdef uint32_t bucket = 0 - cdef size_t count = 0 - - while bucket < self.table[0].size: - node = self.table[0].htable[bucket] - while node != NULL: - datum = <sepol.cat_datum_t *>node.datum if node else NULL - if datum != NULL and self.primary == datum.s.value and datum.isalias: - count += 1 - - node = node.next - - bucket += 1 - - return count - - def reset(self): - super().reset() - - cdef sepol.cat_datum_t *datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL - - # advance over any attributes or aliases - while datum != NULL and (not datum.isalias and self.primary != datum.s.value): - self._next_node() - - if self.node == NULL or self.bucket >= self.table[0].size: - break - - datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL - - cdef class SensitivityHashtabIterator(HashtabIterator): """Iterate over sensitivity in the policy.""" @@ -652,66 +580,6 @@ self._next_node() if self.node == NULL or self.bucket >= self.table[0].size: - break - - datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL - - -cdef class SensitivityAliasHashtabIterator(HashtabIterator): - - """Iterate over sensitivity aliases in the policy.""" - - cdef uint32_t primary - - @staticmethod - cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Sensitivity primary): - """Factory function for creating Sensitivity alias iterators.""" - i = SensitivityAliasHashtabIterator() - i.policy = policy - i.table = table - i.primary = primary._value - i.reset() - return i - - def __next__(self): - super().__next__() - datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL - - while datum != NULL and (not datum.isalias or datum.level.sens != self.primary): - super().__next__() - datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL - - return intern(self.curr.key) - - def __len__(self): - cdef sepol.level_datum_t *datum - cdef sepol.hashtab_node_t *node - cdef uint32_t bucket = 0 - cdef size_t count = 0 - - while bucket < self.table[0].size: - node = self.table[0].htable[bucket] - while node != NULL: - datum = <sepol.level_datum_t *>node.datum if node else NULL - if datum != NULL and self.primary == datum.level.sens and datum.isalias: - count += 1 - - node = node.next - - bucket += 1 - - return count - - def reset(self): - super().reset() - - cdef sepol.level_datum_t *datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL - - # advance over any attributes or aliases - while datum != NULL and (not datum.isalias and self.primary != datum.level.sens): - self._next_node() - - if self.node == NULL or self.bucket >= self.table[0].size: break datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setools/policyrep/selinuxpolicy.pxi new/setools-4.2.2/setools/policyrep/selinuxpolicy.pxi --- old/setools-4.2.0/setools/policyrep/selinuxpolicy.pxi 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setools/policyrep/selinuxpolicy.pxi 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ # Copyright 2014-2016, Tresys Technology, LLC -# Copyright 2016-2018, Chris PeBenito <peben...@ieee.org> +# Copyright 2016-2019, Chris PeBenito <peben...@ieee.org> # # This file is part of SETools. # @@ -46,6 +46,9 @@ object log object constraint_counts object terule_counts + dict type_alias_map + dict category_alias_map + dict sensitivity_alias_map object __weakref__ # Public attributes: @@ -344,10 +347,10 @@ raise InvalidBoolean("{0} is not a valid Boolean".format(name)) - def lookup_category(self, name): - """Look up a category.""" + def lookup_category(self, name, deref=True): + """Look up a category, with optional alias dereferencing.""" for c in self.categories(): - if c == name: + if c == name or (deref and name in list(c.aliases())): return c raise InvalidCategory("{0} is not a valid category".format(name)) @@ -380,10 +383,10 @@ """Look up a MLS level.""" return Level.factory_from_string(self, level) - def lookup_sensitivity(self, name): - """Look up a MLS sensitivity by name.""" + def lookup_sensitivity(self, name, deref=True): + """Look up a MLS sensitivity by name, with optional alias dereferencing.""" for s in self.sensitivities(): - if s == name: + if s == name or (deref and name in list(s.aliases())): return s raise InvalidSensitivity("{0} is not a valid sensitivity".format(name)) @@ -400,17 +403,21 @@ raise InvalidRole("{0} is not a valid role".format(name)) - def lookup_type(self, name): - """Look up a type by name.""" + def lookup_type(self, name, deref=True): + """Look up a type by name, with optional alias dereferencing.""" for t in self.types(): - if t == name: + if t == name or (deref and name in list(t.aliases())): return t raise InvalidType("{0} is not a valid type".format(name)) - def lookup_type_or_attr(self, name): - """Look up a type or type attribute by name.""" - for t in itertools.chain(self.types(), self.typeattributes()): + def lookup_type_or_attr(self, name, deref=True): + """Look up a type or type attribute by name, with optional alias dereferencing.""" + for t in self.types(): + if t == name or (deref and name in list(t.aliases())): + return t + + for t in self.typeattributes(): if t == name: return t @@ -594,12 +601,6 @@ """Return the category datum for the specified category value.""" return self.cat_val_to_struct[value] - cdef inline category_aliases(self, Category primary): - """Return an interator for the aliases for the specified category.""" - return CategoryAliasHashtabIterator.factory(self, - &self.handle.p.symtab[sepol.SYM_CATS].table, - primary) - cdef inline str category_value_to_name(self, size_t value): """Return the name of the category by its value.""" return intern(self.handle.p.sym_val_to_name[sepol.SYM_CATS][value]) @@ -632,17 +633,6 @@ """Return the name of the role by its value.""" return intern(self.handle.p.sym_val_to_name[sepol.SYM_ROLES][value]) - cdef inline sensitivity_aliases(self, Sensitivity primary): - """Return an interator for the aliases for the specified sensitivity.""" - return SensitivityAliasHashtabIterator.factory(self, - &self.handle.p.symtab[sepol.SYM_LEVELS].table, primary) - - cdef inline type_aliases(self, Type primary): - """Return an iterator for the aliases for the specified type.""" - return TypeAliasHashtabIterator.factory(self, - &self.handle.p.symtab[sepol.SYM_TYPES].table, - primary) - cdef inline sepol.type_datum_t* type_value_to_datum(self, size_t value): """Return the type datum for the specified type value.""" return self.handle.p.type_val_to_struct[value] @@ -721,6 +711,15 @@ if self.mls: self._create_mls_val_to_struct() + # + # Create value to alias mappings + # + self._load_type_aliases() + + if self.mls: + self._load_sensitivity_aliases() + self._load_category_aliases() + self.log.info("Successfully opened SELinux policy \"{0}\"".format(filename)) self.path = filename @@ -840,6 +839,84 @@ node = node.next + bucket += 1 + + cdef _load_category_aliases(self): + """Build map of aliases to categories""" + cdef: + sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_CATS].table + sepol.cat_datum_t *datum + sepol.hashtab_node_t *node + uint32_t bucket = 0 + list entry + + self.category_alias_map = dict() + + while bucket < table[0].size: + node = table[0].htable[bucket] + while node != NULL: + datum = <sepol.cat_datum_t *>node.datum if node else NULL + if datum == NULL: + continue + + entry = self.category_alias_map.setdefault(datum.s.value, list()) + if datum.isalias: + entry.append(intern(node.key)) + + node = node.next + + bucket += 1 + + cdef _load_sensitivity_aliases(self): + """Build map of aliases to sensitivities""" + cdef: + sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_LEVELS].table + sepol.level_datum_t *datum + sepol.hashtab_node_t *node + uint32_t bucket = 0 + list entry + + self.sensitivity_alias_map = dict() + + while bucket < table[0].size: + node = table[0].htable[bucket] + while node != NULL: + datum = <sepol.level_datum_t *>node.datum if node else NULL + if datum == NULL: + continue + + entry = self.sensitivity_alias_map.setdefault(datum.level.sens, list()) + if datum.isalias: + entry.append(intern(node.key)) + + node = node.next + + bucket += 1 + + cdef _load_type_aliases(self): + """Build map of aliases to types""" + cdef: + sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_TYPES].table + sepol.type_datum_t *datum + sepol.hashtab_node_t *node + uint32_t bucket = 0 + list entry + + self.type_alias_map = dict() + + while bucket < table[0].size: + node = table[0].htable[bucket] + while node != NULL: + datum = <sepol.type_datum_t *>node.datum if node else NULL + if datum == NULL: + continue + + entry = self.type_alias_map.setdefault(datum.s.value, list()) + if type_is_alias(datum): + entry.append(intern(node.key)) + + node = node.next + bucket += 1 cdef _rebuild_attrs_from_map(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setools/policyrep/typeattr.pxi new/setools-4.2.2/setools/policyrep/typeattr.pxi --- old/setools-4.2.0/setools/policyrep/typeattr.pxi 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setools/policyrep/typeattr.pxi 2019-06-15 21:32:13.000000000 +0200 @@ -1,5 +1,5 @@ # Copyright 2014, Tresys Technology, LLC -# Copyright 2017-2018, Chris PeBenito <peben...@ieee.org> +# Copyright 2017-2019, Chris PeBenito <peben...@ieee.org> # # This file is part of SETools. # @@ -86,13 +86,9 @@ t.value = symbol.s.value t.name = policy.type_value_to_name(symbol.s.value - 1) t.ispermissive = <bint>symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE + t._aliases = policy.type_alias_map[symbol.s.value] return t - cdef inline void _load_aliases(self): - """Helper method to load aliases.""" - if self._aliases is None: - self._aliases = list(self.policy.type_aliases(self)) - cdef inline void _load_attributes(self): """Helper method to load attributes.""" cdef sepol.type_datum_t *symbol = <sepol.type_datum_t *>self.key @@ -110,7 +106,6 @@ def aliases(self): """Generator that yields all aliases for this type.""" - self._load_aliases() return iter(self._aliases) def statement(self): @@ -119,7 +114,6 @@ str stmt self._load_attributes() - self._load_aliases() count = len(self._aliases) stmt = "type {0}".format(self.name) @@ -297,66 +291,6 @@ self._next_node() -cdef class TypeAliasHashtabIterator(HashtabIterator): - - """Iterate over type aliases in the policy.""" - - cdef uint32_t primary - - @staticmethod - cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Type primary): - """Factory function for creating type alias iterators.""" - i = TypeAliasHashtabIterator() - i.policy = policy - i.table = table - i.primary = primary.value - i.reset() - return i - - def __next__(self): - super().__next__() - datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL - - while datum != NULL and (not type_is_alias(datum) or datum.s.value != self.primary): - super().__next__() - datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL - - return intern(self.curr.key) - - def __len__(self): - cdef sepol.type_datum_t *datum - cdef sepol.hashtab_node_t *node - cdef uint32_t bucket = 0 - cdef size_t count = 0 - - while bucket < self.table[0].size: - node = self.table[0].htable[bucket] - while node != NULL: - datum = <sepol.type_datum_t *>node.datum if node else NULL - if datum != NULL and self.primary == datum.s.value and type_is_alias(datum): - count += 1 - - node = node.next - - bucket += 1 - - return count - - def reset(self): - super().reset() - - cdef sepol.type_datum_t *datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL - - # advance over any attributes or aliases - while datum != NULL and (not type_is_alias(datum) and self.primary != datum.s.value): - self._next_node() - - if self.node == NULL or self.bucket >= self.table[0].size: - break - - datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL - - # # Ebitmap Iterator Classes # Binary files old/setools-4.2.0/setoolsgui/apol/apol.qch and new/setools-4.2.2/setoolsgui/apol/apol.qch differ Binary files old/setools-4.2.0/setoolsgui/apol/apol.qhc and new/setools-4.2.2/setoolsgui/apol/apol.qhc differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setoolsgui/apol/mainwindow.py new/setools-4.2.2/setoolsgui/apol/mainwindow.py --- old/setools-4.2.0/setoolsgui/apol/mainwindow.py 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setoolsgui/apol/mainwindow.py 2019-06-15 21:32:13.000000000 +0200 @@ -632,9 +632,11 @@ def about_apol(self): QMessageBox.about(self, "About Apol", "Version {0}<br>" "Apol is a graphical SELinux policy analysis tool and part of " - "<a href=\"https://github.com/TresysTechnology/setools/wiki\">" + "<a href=\"https://github.com/SELinuxProject/setools/wiki\">" "SETools</a>.<p>" - "Copyright (C) 2015-2016, Tresys Technology.".format(__version__)) + "Copyright (C) 2015-2016, Tresys Technology<p>" + "Copyright (C) 2016, Chris PeBenito <peben...@ieee.org>". + format(__version__)) def apol_help(self): """Open the main help window.""" @@ -647,7 +649,7 @@ self.log.debug("Starting assistant with help file {0}".format(helpfile)) self.help_process.start("assistant", ["-collectionFile", helpfile, "-showUrl", - "qthelp://com.github.tresystechnology.setools/doc/index.html", + "qthelp://com.github.selinuxproject.setools/doc/index.html", "-show", "contents", "-enableRemoteControl"]) @pyqtSlot(str) @@ -663,5 +665,5 @@ self.log.warning("Timed out waiting for Qt assistant to start.") return - self.help_process.write("setSource qthelp://com.github.tresystechnology.setools/doc/{0}\n". + self.help_process.write("setSource qthelp://com.github.selinuxproject.setools/doc/{0}\n". format(location)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setoolsgui/models.py new/setools-4.2.2/setoolsgui/models.py --- old/setools-4.2.0/setoolsgui/models.py 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setoolsgui/models.py 2019-06-15 21:32:13.000000000 +0200 @@ -124,7 +124,7 @@ # create intersection for cls in classes: - cls_perms = cls.perms + cls_perms = set(cls.perms) with suppress(NoCommon): cls_perms.update(cls.common.perms) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/setup.py new/setools-4.2.2/setup.py --- old/setools-4.2.0/setup.py 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/setup.py 2019-06-15 21:32:13.000000000 +0200 @@ -128,7 +128,7 @@ '-fno-exceptions'])] setup(name='setools', - version='4.2.0', + version='4.2.2', description='SELinux Policy tools.', author='Chris PeBenito', author_email='peben...@ieee.org', @@ -136,7 +136,7 @@ cmdclass={'build_qhc': QtHelpCommand, 'clean': CleanCommand}, packages=['setools', 'setools.diff', 'setoolsgui', 'setoolsgui.apol'], scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta'], - data_files=[(join(sys.prefix, 'share/man/man1'), glob.glob("man/*.1"))], + data_files=[('share/man/man1', glob.glob("man/*.1"))], package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools': ['perm_map']}, ext_modules=cythonize(ext_py_mods, include_path=['setools/policyrep'], annotate=cython_annotate, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/tests/typequery.conf new/setools-4.2.2/tests/typequery.conf --- old/setools-4.2.0/tests/typequery.conf 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/tests/typequery.conf 2019-06-15 21:32:13.000000000 +0200 @@ -160,6 +160,13 @@ type test21t2 alias { test21b test21d }; type test21t3 alias { test21e test21f }; +# test 22 +# name: test22alias +# deref: True +# attrs: unset +# alias: unset +type test22 alias { test22alias test22a }; + # test 30 # name: test30 # attrs: unset diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setools-4.2.0/tests/typequery.py new/setools-4.2.2/tests/typequery.py --- old/setools-4.2.0/tests/typequery.py 2018-11-10 14:45:36.000000000 +0100 +++ new/setools-4.2.2/tests/typequery.py 2019-06-15 21:32:13.000000000 +0200 @@ -1,4 +1,5 @@ # Copyright 2014-2015, Tresys Technology, LLC +# Copyright 2019, Chris PeBenito <peben...@ieee.org> # # This file is part of SETools. # @@ -94,6 +95,13 @@ types = sorted(str(t) for t in q.results()) self.assertListEqual(["test21t1", "test21t2"], types) + def test_022_alias_dereference(self): + """Type query with alias dereference.""" + q = TypeQuery(self.p, name="test22alias", alias_deref=True) + + types = sorted(str(t) for t in q.results()) + self.assertListEqual(["test22"], types) + def test_030_permissive(self): """Type query with permissive match""" q = TypeQuery(self.p, permissive=True) ++++++ python3.8-compat.patch ++++++ --- a/setup.py +++ b/setup.py @@ -12,7 +12,6 @@ import os import shutil from os.path import join from itertools import chain -from contextlib import suppress from Cython.Build import cythonize @@ -48,12 +47,16 @@ class CleanCommand(clean): dirs_to_remove.append(join(root, d)) for file in files_to_remove: - with suppress(Exception): + try: os.unlink(file) + except Exception: + pass for dir_ in dirs_to_remove: - with suppress(Exception): + try: shutil.rmtree(dir_, ignore_errors=True) + except Exception: + pass clean.run(self) @@ -81,12 +84,14 @@ class QtHelpCommand(Command): lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib'] include_dirs = [] -with suppress(KeyError): +try: userspace_src = os.environ["USERSPACE_SRC"] include_dirs.insert(0, userspace_src + "/libsepol/include") include_dirs.insert(1, userspace_src + "/libselinux/include") lib_dirs.insert(0, userspace_src + "/libsepol/src") lib_dirs.insert(1, userspace_src + "/libselinux/src") +except KeyError: + pass if sys.platform.startswith('darwin'): macros=[('DARWIN',1)] @@ -100,12 +105,19 @@ if enable_coverage: cython_annotate = bool(os.environ.get("SETOOLS_ANNOTATE", False)) +linked_libraries = ['selinux', 'sepol'] +py_ver = sys.version_info[:2] +if py_ver >= (3, 8): + linked_libraries.append('python{:d}.{:d}{}'.format(py_ver[0], + py_ver[1], + sys.abiflags)) + ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], include_dirs=include_dirs, - libraries=['selinux', 'sepol'], + libraries=linked_libraries, library_dirs=lib_dirs, define_macros=macros, - extra_compile_args=['-Werror', '-Wextra', + extra_compile_args=['-Wextra', '-Waggregate-return', '-Wfloat-equal', '-Wformat', '-Wformat=2',