| Message ID | 1474557453-14379-8-git-send-email-jason@perfinion.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
I've sent a v2 of this patch, somehow I missed that I needed to remove things from more Makefiles v2 is only this one, the others in this series should be okay as-is. -- Jason On Thu, Sep 22, 2016 at 11:17:33PM +0800, Jason Zaman wrote: > nt gentoo > > Signed-off-by: Jason Zaman <jason@perfinion.com> > --- > policycoreutils/sepolicy/common.h | 69 -- > policycoreutils/sepolicy/info.c | 1381 ------------------------- > policycoreutils/sepolicy/policy.c | 116 --- > policycoreutils/sepolicy/policy.h | 7 - > policycoreutils/sepolicy/search.c | 1029 ------------------ > policycoreutils/sepolicy/sepolicy/__init__.py | 2 - > policycoreutils/sepolicy/setup.py | 24 +- > 7 files changed, 17 insertions(+), 2611 deletions(-) > delete mode 100644 policycoreutils/sepolicy/common.h > delete mode 100644 policycoreutils/sepolicy/info.c > delete mode 100644 policycoreutils/sepolicy/policy.c > delete mode 100644 policycoreutils/sepolicy/policy.h > delete mode 100644 policycoreutils/sepolicy/search.c > > diff --git a/policycoreutils/sepolicy/common.h b/policycoreutils/sepolicy/common.h > deleted file mode 100644 > index e453def..0000000 > --- a/policycoreutils/sepolicy/common.h > +++ /dev/null > @@ -1,69 +0,0 @@ > -#include "Python.h" > - > -#ifdef UNUSED > -#elif defined(__GNUC__) > -# define UNUSED(x) UNUSED_ ## x __attribute__((unused)) > -#elif defined(__LCLINT__) > -# define UNUSED(x) /*@unused@*/ x > -#else > -# define UNUSED(x) x > -#endif > - > -#define py_decref(x) { if (x) Py_DECREF(x); } > - > -#if PY_MAJOR_VERSION >= 3 > -# define PyIntObject PyLongObject > -# define PyInt_Type PyLong_Type > -# define PyInt_Check(op) PyLong_Check(op) > -# define PyInt_CheckExact(op) PyLong_CheckExact(op) > -# define PyInt_FromString PyLong_FromString > -# define PyInt_FromUnicode PyLong_FromUnicode > -# define PyInt_FromLong PyLong_FromLong > -# define PyInt_FromSize_t PyLong_FromSize_t > -# define PyInt_FromSsize_t PyLong_FromSsize_t > -# define PyInt_AsLong PyLong_AsLong > -# define PyInt_AS_LONG PyLong_AS_LONG > -# define PyInt_AsSsize_t PyLong_AsSsize_t > -# define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask > -# define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask > -# define PyString_FromString PyUnicode_FromString > -# define PyString_AsString PyUnicode_AsUTF8 > -#endif > - > -static int py_append_string(PyObject *list, const char* value) > -{ > - int rt; > - PyObject *obj = PyString_FromString(value); > - if (!obj) return -1; > - rt = PyList_Append(list, obj); > - Py_DECREF(obj); > - return rt; > -} > - > -static int py_append_obj(PyObject *list, PyObject *obj) > -{ > - int rt; > - if (!obj) return -1; > - rt = PyList_Append(list, obj); > - return rt; > -} > - > -static int py_insert_obj(PyObject *dict, const char *name, PyObject *obj) > -{ > - int rt; > - if (!obj) return -1; > - rt = PyDict_SetItemString(dict, name, obj); > - return rt; > -} > - > -static int py_insert_string(PyObject *dict, const char *name, const char* value) > -{ > - int rt; > - PyObject *obj = PyString_FromString(value); > - if (!obj) return -1; > - rt = PyDict_SetItemString(dict, name, obj); > - Py_DECREF(obj); > - return rt; > -} > - > - > diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c > deleted file mode 100644 > index bbb6844..0000000 > --- a/policycoreutils/sepolicy/info.c > +++ /dev/null > @@ -1,1381 +0,0 @@ > -/** > - * @file > - * Command line tool to search TE rules. > - * > - * @author Frank Mayer mayerf@tresys.com > - * @author Jeremy A. Mowery jmowery@tresys.com > - * @author Paul Rosenfeld prosenfeld@tresys.com > - * @author Thomas Liu <tliu@redhat.com> > - * @author Dan Walsh <dwalsh@redhat.com> > - * > - * Copyright (C) 2003-2008 Tresys Technology, LLC > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License > - * along with this program; if not, write to the Free Software > - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > - */ > - > -/** > - * This is a modified version of seinfo to be used as part of a library for > - * Python bindings. > - */ > - > -#include "common.h" > -#include "policy.h" > - > -/* libapol */ > -#include <apol/policy-query.h> > -#include <apol/render.h> > -#include <apol/util.h> > -#include <apol/vector.h> > - > -/* libqpol */ > -#include <qpol/policy.h> > -#include <qpol/util.h> > - > -/* other */ > -#include <errno.h> > -#include <stdlib.h> > -#include <stdio.h> > -#include <string.h> > -#include <assert.h> > - > -#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" > - > -enum input > -{ > - TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS > -}; > - > -static int py_insert_long(PyObject *dict, const char *name, int value) > -{ > - int rt; > - PyObject *obj = PyLong_FromLong(value); > - if (!obj) return -1; > - rt = PyDict_SetItemString(dict, name, obj); > - Py_DECREF(obj); > - return rt; > -} > - > -static int py_insert_bool(PyObject *dict, const char *name, int value) > -{ > - int rt; > - PyObject *obj = PyBool_FromLong(value); > - if (!obj) return -1; > - rt = PyDict_SetItemString(dict, name, obj); > - Py_DECREF(obj); > - return rt; > -} > - > -/** > - * Get a policy's MLS sensitivities. > - * If this function is given a name, it will attempt to > - * get statistics about a particular sensitivity; otherwise > - * the function gets statistics about all of the policy's > - * sensitivities. > - * > - * @param name Reference to a sensitivity's name; if NULL, > - * all sensitivities will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_sens(const char *name, const apol_policy_t * policydb) > -{ > - PyObject *dict = NULL; > - int error = 0; > - int rt = 0; > - size_t i; > - char *tmp = NULL; > - const char *lvl_name = NULL; > - apol_level_query_t *query = NULL; > - apol_vector_t *v = NULL; > - const qpol_level_t *level = NULL; > - apol_mls_level_t *ap_mls_lvl = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - > - query = apol_level_query_create(); > - if (!query) > - goto cleanup; > - if (apol_level_query_set_sens(policydb, query, name)) > - goto cleanup; > - if (apol_level_get_by_query(policydb, query, &v)) > - goto cleanup; > - > - dict = PyDict_New(); > - if (!dict) goto err; > - for (i = 0; i < apol_vector_get_size(v); i++) { > - level = apol_vector_get_element(v, i); > - if (qpol_level_get_name(q, level, &lvl_name)) > - goto err; > - ap_mls_lvl = (apol_mls_level_t *) apol_mls_level_create_from_qpol_level_datum(policydb, level); > - tmp = apol_mls_level_render(policydb, ap_mls_lvl); > - apol_mls_level_destroy(&ap_mls_lvl); > - if (!tmp) > - goto cleanup; > - if (py_insert_string(dict, lvl_name, tmp)) > - goto err; > - free(tmp); tmp = NULL; > - if (rt) goto err; > - } > - > - if (name && !apol_vector_get_size(v)) { > - goto cleanup; > - } > - > - goto cleanup; > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > - py_decref(dict); dict = NULL; > -cleanup: > - free(tmp); > - apol_level_query_destroy(&query); > - apol_vector_destroy(&v); > - errno = error; > - return dict; > -} > - > -/** > - * Compare two qpol_cat_datum_t objects. > - * This function is meant to be passed to apol_vector_compare > - * as the callback for performing comparisons. > - * > - * @param datum1 Reference to a qpol_type_datum_t object > - * @param datum2 Reference to a qpol_type_datum_t object > - * @param data Reference to a policy > - * @return Greater than 0 if the first argument is less than the second argument, > - * less than 0 if the first argument is greater than the second argument, > - * 0 if the arguments are equal > - */ > -static int qpol_cat_datum_compare(const void *datum1, const void *datum2, void *data) > -{ > - const qpol_cat_t *cat_datum1 = NULL, *cat_datum2 = NULL; > - apol_policy_t *policydb = NULL; > - qpol_policy_t *q; > - uint32_t val1, val2; > - > - policydb = (apol_policy_t *) data; > - q = apol_policy_get_qpol(policydb); > - assert(policydb); > - > - if (!datum1 || !datum2) > - goto exit_err; > - cat_datum1 = datum1; > - cat_datum2 = datum2; > - > - if (qpol_cat_get_value(q, cat_datum1, &val1)) > - goto exit_err; > - if (qpol_cat_get_value(q, cat_datum2, &val2)) > - goto exit_err; > - > - return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1); > - > - exit_err: > - assert(0); > - return 0; > -} > - > -/** > - * Compare two qpol_level_datum_t objects. > - * This function is meant to be passed to apol_vector_compare > - * as the callback for performing comparisons. > - * > - * @param datum1 Reference to a qpol_level_datum_t object > - * @param datum2 Reference to a qpol_level_datum_t object > - * @param data Reference to a policy > - * @return Greater than 0 if the first argument is less than the second argument, > - * less than 0 if the first argument is greater than the second argument, > - * 0 if the arguments are equal > - */ > -static int qpol_level_datum_compare(const void *datum1, const void *datum2, void *data) > -{ > - const qpol_level_t *lvl_datum1 = NULL, *lvl_datum2 = NULL; > - apol_policy_t *policydb = NULL; > - qpol_policy_t *q; > - uint32_t val1, val2; > - > - policydb = (apol_policy_t *) data; > - assert(policydb); > - q = apol_policy_get_qpol(policydb); > - > - if (!datum1 || !datum2) > - goto exit_err; > - lvl_datum1 = datum1; > - lvl_datum2 = datum2; > - > - if (qpol_level_get_value(q, lvl_datum1, &val1)) > - goto exit_err; > - if (qpol_level_get_value(q, lvl_datum2, &val2)) > - goto exit_err; > - > - return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1); > - > - exit_err: > - assert(0); > - return 0; > -} > - > -/** > - * Gets a textual representation of a MLS category and > - * all of that category's sensitivies. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - */ > -static PyObject* get_cat_sens(const qpol_cat_t * cat_datum, const apol_policy_t * policydb) > -{ > - const char *cat_name, *lvl_name; > - apol_level_query_t *query = NULL; > - apol_vector_t *v = NULL; > - const qpol_level_t *lvl_datum = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - size_t i, n_sens = 0; > - int error = 0; > - PyObject *list = NULL; > - PyObject *dict = PyDict_New(); > - if (!dict) goto err; > - if (!cat_datum || !policydb) > - goto err; > - > - /* get category name for apol query */ > - if (qpol_cat_get_name(q, cat_datum, &cat_name)) > - goto cleanup; > - > - query = apol_level_query_create(); > - if (!query) > - goto err; > - if (apol_level_query_set_cat(policydb, query, cat_name)) > - goto err; > - if (apol_level_get_by_query(policydb, query, &v)) > - goto err; > - apol_vector_sort(v, &qpol_level_datum_compare, (void *)policydb); > - dict = PyDict_New(); > - if (!dict) goto err; > - if (py_insert_string(dict, "name", cat_name)) > - goto err; > - n_sens = apol_vector_get_size(v); > - list = PyList_New(0); > - if (!list) goto err; > - for (i = 0; i < n_sens; i++) { > - lvl_datum = (qpol_level_t *) apol_vector_get_element(v, i); > - if (!lvl_datum) > - goto err; > - if (qpol_level_get_name(q, lvl_datum, &lvl_name)) > - goto err; > - if (py_append_string(list, lvl_name)) > - goto err; > - } > - if (py_insert_obj(dict, "level", list)) > - goto err; > - Py_DECREF(list); > - > - goto cleanup; > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - py_decref(dict); dict = NULL; > -cleanup: > - apol_level_query_destroy(&query); > - apol_vector_destroy(&v); > - errno = error; > - return dict; > -} > - > -/** > - * Prints statistics regarding a policy's MLS categories. > - * If this function is given a name, it will attempt to > - * get statistics about a particular category; otherwise > - * the function gets statistics about all of the policy's > - * categories. > - * > - * @param name Reference to a MLS category's name; if NULL, > - * all categories will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_cats(const char *name, const apol_policy_t * policydb) > -{ > - PyObject *obj = NULL; > - apol_cat_query_t *query = NULL; > - apol_vector_t *v = NULL; > - const qpol_cat_t *cat_datum = NULL; > - size_t i, n_cats; > - int error = 0; > - int rt; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - query = apol_cat_query_create(); > - if (!query) > - goto err; > - if (apol_cat_query_set_cat(policydb, query, name)) > - goto err; > - if (apol_cat_get_by_query(policydb, query, &v)) > - goto err; > - n_cats = apol_vector_get_size(v); > - apol_vector_sort(v, &qpol_cat_datum_compare, (void *)policydb); > - > - for (i = 0; i < n_cats; i++) { > - cat_datum = apol_vector_get_element(v, i); > - if (!cat_datum) > - goto err; > - obj = get_cat_sens(cat_datum, policydb); > - if (!obj) > - goto err; > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - > - if (name && !n_cats) { > - goto err; > - } > - > - goto cleanup; > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > -cleanup: > - apol_cat_query_destroy(&query); > - apol_vector_destroy(&v); > - errno = error; > - return list; > -} > - > -/** > - * Get the alias of a type. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - * attributes > - */ > -static PyObject* get_type_aliases(const qpol_type_t * type_datum, const apol_policy_t * policydb) > -{ > - qpol_iterator_t *iter = NULL; > - size_t alias_size; > - unsigned char isattr, isalias; > - const char *type_name = NULL; > - const char *alias_name; > - int error = 0; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (qpol_type_get_name(q, type_datum, &type_name)) > - goto cleanup; > - if (qpol_type_get_isattr(q, type_datum, &isattr)) > - goto cleanup; > - if (qpol_type_get_isalias(q, type_datum, &isalias)) > - goto cleanup; > - > - if (qpol_type_get_alias_iter(q, type_datum, &iter)) > - goto cleanup; > - if (qpol_iterator_get_size(iter, &alias_size)) > - goto cleanup; > - if (alias_size > 0) { > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&alias_name)) > - goto err; > - if (py_append_string(list, alias_name)) > - goto err; > - } > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -/** > - * Gets a textual representation of an attribute, and > - * all of that attribute's types. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - */ > -static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb) > -{ > - PyObject *list = NULL; > - const qpol_type_t *attr_datum = NULL; > - qpol_iterator_t *iter = NULL; > - const char *attr_name = NULL, *type_name = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - unsigned char isattr; > - int error = 0; > - int rt = 0; > - PyObject *dict = PyDict_New(); > - if (!dict) goto err; > - > - if (qpol_type_get_name(q, type_datum, &attr_name)) > - goto err; > - > - if (py_insert_string(dict, "name", attr_name)) > - goto err; > - > - /* get an iterator over all types this attribute has */ > - if (qpol_type_get_isattr(q, type_datum, &isattr)) > - goto err; > - > - if (isattr) { /* sanity check */ > - if (qpol_type_get_type_iter(q, type_datum, &iter)) > - goto err; > - list = PyList_New(0); > - if (!list) goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&attr_datum)) > - goto err; > - if (qpol_type_get_name(q, attr_datum, &type_name)) > - goto err; > - if (py_append_string(list, type_name)) > - goto err; > - } > - qpol_iterator_destroy(&iter); > - rt = PyDict_SetItemString(dict, "types", list); > - Py_DECREF(list); list = NULL; > - if (rt) goto err; > - } else /* this should never happen */ > - goto err; > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(dict); dict = NULL; > - py_decref(list); > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return dict; > -} > - > -/** > - * Gets statistics regarding a policy's attributes. > - * If this function is given a name, it will attempt to > - * get statistics about a particular attribute; otherwise > - * the function gets statistics about all of the policy's > - * attributes. > - * > - * @param name Reference to an attribute's name; if NULL, > - * all object classes will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_attribs(const char *name, const apol_policy_t * policydb) > -{ > - PyObject *obj; > - apol_attr_query_t *attr_query = NULL; > - apol_vector_t *v = NULL; > - const qpol_type_t *type_datum = NULL; > - size_t n_attrs, i; > - int error = 0; > - int rt = 0; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - /* we are only getting information about 1 attribute */ > - if (name != NULL) { > - attr_query = apol_attr_query_create(); > - if (!attr_query) > - goto err; > - if (apol_attr_query_set_attr(policydb, attr_query, name)) > - goto err; > - if (apol_attr_get_by_query(policydb, attr_query, &v)) > - goto err; > - apol_attr_query_destroy(&attr_query); > - if (apol_vector_get_size(v) == 0) { > - apol_vector_destroy(&v); > - errno = EINVAL; > - goto err; > - } > - > - type_datum = apol_vector_get_element(v, (size_t) 0); > - obj = get_attr(type_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } else { > - attr_query = apol_attr_query_create(); > - if (!attr_query) > - goto err; > - if (apol_attr_get_by_query(policydb, attr_query, &v)) > - goto err; > - apol_attr_query_destroy(&attr_query); > - n_attrs = apol_vector_get_size(v); > - > - for (i = 0; i < n_attrs; i++) { > - /* get qpol_type_t* item from vector */ > - type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i); > - if (!type_datum) > - goto err; > - obj = get_attr(type_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - } > - apol_vector_destroy(&v); > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - apol_attr_query_destroy(&attr_query); > - apol_vector_destroy(&v); > - errno = error; > - return list; > -} > - > -/** > - * Get a textual representation of a type, and > - * all of that type's attributes. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - */ > -static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb) > -{ > - qpol_iterator_t *iter = NULL; > - const char *attr_name = NULL; > - const qpol_type_t *attr_datum = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - int error = 0; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (qpol_type_get_attr_iter(q, type_datum, &iter)) > - goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&attr_datum)) > - goto err; > - if (qpol_type_get_name(q, attr_datum, &attr_name)) > - goto err; > - if (py_append_string(list, attr_name)) > - goto err; > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -static PyObject* get_type(const qpol_type_t * type_datum, const apol_policy_t * policydb) { > - > - PyObject *obj; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - const char *type_name = NULL; > - int error = 0; > - int rt; > - unsigned char isalias, ispermissive, isattr; > - PyObject *dict = PyDict_New(); > - if (!dict) goto err; > - > - if (qpol_type_get_name(q, type_datum, &type_name)) > - goto err; > - if (qpol_type_get_isalias(q, type_datum, &isalias)) > - goto err; > - if (qpol_type_get_isattr(q, type_datum, &isattr)) > - goto err; > - if (qpol_type_get_ispermissive(q, type_datum, &ispermissive)) > - goto err; > - > - if (py_insert_string(dict, "name", type_name)) > - goto err; > - > - if (py_insert_bool(dict, "permissive", ispermissive)) > - goto err; > - > - if (!isattr && !isalias) { > - obj = get_type_attrs(type_datum, policydb); > - rt = py_insert_obj(dict, "attributes", obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - > - obj = get_type_aliases(type_datum, policydb); > - rt = py_insert_obj(dict, "aliases", obj); > - Py_DECREF(obj); > - if (rt) goto err; > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > - py_decref(dict); dict = NULL; > - > -cleanup: > - errno = error; > - return dict; > -} > - > -/** > - * Gets statistics regarding a policy's booleans. > - * If this function is given a name, it will attempt to > - * get statistics about a particular boolean; otherwise > - * the function gets statistics about all of the policy's booleans. > - * > - * @param name Reference to a boolean's name; if NULL, > - * all booleans will be considered > - * @param policydb Reference to a policy > - * > - * @return new reference, or NULL (setting an exception) > - */ > -static PyObject* get_booleans(const char *name, const apol_policy_t * policydb) > -{ > - PyObject *dict = NULL; > - int error = 0; > - int rt = 0; > - const char *bool_name = NULL; > - int state; > - qpol_bool_t *bool_datum = NULL; > - qpol_iterator_t *iter = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - size_t n_bools = 0; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (name != NULL) { > - if (qpol_policy_get_bool_by_name(q, name, &bool_datum)) > - goto err; > - if (qpol_bool_get_state(q, bool_datum, &state)) > - goto err; > - > - dict = PyDict_New(); > - if (!dict) goto err; > - if (py_insert_string(dict, "name", name)) > - goto err; > - if (py_insert_bool(dict, "name", state)) > - goto err; > - rt = py_append_obj(list, dict); > - Py_DECREF(dict); dict = NULL; > - if (rt) goto err; > - } else { > - if (qpol_policy_get_bool_iter(q, &iter)) > - goto err; > - if (qpol_iterator_get_size(iter, &n_bools)) > - goto err; > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&bool_datum)) > - goto err; > - if (qpol_bool_get_name(q, bool_datum, &bool_name)) > - goto err; > - if (qpol_bool_get_state(q, bool_datum, &state)) > - goto err; > - > - dict = PyDict_New(); > - if (!dict) goto err; > - if (py_insert_string(dict, "name", bool_name)) > - goto err; > - if (py_insert_bool(dict, "state", state)) > - goto err; > - rt = py_append_obj(list, dict); > - Py_DECREF(dict); dict = NULL; > - if (rt) goto err; > - } > - qpol_iterator_destroy(&iter); > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > - py_decref(list); list = NULL; > - py_decref(dict); dict = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -/** > - * Gets a textual representation of a user, and > - * all of that user's roles. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - * roles > - */ > -static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) > -{ > - int error = 0; > - int rt; > - const qpol_role_t *role_datum = NULL; > - qpol_iterator_t *iter = NULL; > - const qpol_mls_range_t *range = NULL; > - const qpol_mls_level_t *dflt_level = NULL; > - apol_mls_level_t *ap_lvl = NULL; > - apol_mls_range_t *ap_range = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - char *tmp = NULL; > - const char *user_name, *role_name; > - PyObject *dict = NULL; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (qpol_user_get_name(q, user_datum, &user_name)) > - goto err; > - > - dict = PyDict_New(); > - if (!dict) goto err; > - > - if (py_insert_string(dict, "name", user_name)) > - goto err; > - > - if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { > - if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) > - goto err; > - ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); > - tmp = apol_mls_level_render(policydb, ap_lvl); > - if (!tmp) goto err; > - if (py_insert_string(dict, "level", tmp)) > - goto err; > - free(tmp); tmp = NULL; > - > - if (qpol_user_get_range(q, user_datum, &range)) > - goto err; > - ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); > - tmp = apol_mls_range_render(policydb, ap_range); > - if (!tmp) goto err; > - if (py_insert_string(dict, "range", tmp)) > - goto err; > - free(tmp); tmp=NULL; > - } > - > - if (qpol_user_get_role_iter(q, user_datum, &iter)) > - goto err; > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&role_datum)) > - goto err; > - if (qpol_role_get_name(q, role_datum, &role_name)) > - goto err; > - if (py_append_string(list, role_name)) > - goto err; > - } > - > - rt = py_insert_obj(dict, "roles", list); > - Py_DECREF(list); list=NULL; > - if (rt) goto err; > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list=NULL; > - py_decref(dict); dict=NULL; > - > -cleanup: > - free(tmp); > - qpol_iterator_destroy(&iter); > - apol_mls_level_destroy(&ap_lvl); > - apol_mls_range_destroy(&ap_range); > - errno = error; > - return dict; > -} > - > -/** > - * Prints a textual representation of an object class and possibly > - * all of that object class' permissions. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - */ > -static PyObject* get_class(const qpol_class_t * class_datum, const apol_policy_t * policydb) > -{ > - const char *class_name = NULL, *perm_name = NULL; > - qpol_iterator_t *iter = NULL; > - const qpol_common_t *common_datum = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - int error = 0; > - int rt; > - PyObject *list = NULL; > - PyObject *dict = PyDict_New(); > - if (!dict) goto err; > - > - if (!class_datum) > - goto err; > - > - if (qpol_class_get_name(q, class_datum, &class_name)) > - goto err; > - > - if (py_insert_string(dict, "name", class_name)) > - goto err; > - /* get commons for this class */ > - if (qpol_class_get_common(q, class_datum, &common_datum)) > - goto err; > - > - list = PyList_New(0); > - if (!list) goto err; > - > - if (common_datum) { > - if (qpol_common_get_perm_iter(q, common_datum, &iter)) > - goto err; > - /* print perms for the common */ > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&perm_name)) > - goto err; > - if (py_append_string(list, perm_name)) > - goto err; > - } > - } > - /* print unique perms for this class */ > - if (qpol_class_get_perm_iter(q, class_datum, &iter)) > - goto err; > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&perm_name)) > - goto err; > - if (py_append_string(list, perm_name)) > - goto err; > - } > - rt = py_insert_obj(dict, "permlist", list); > - Py_DECREF(list); list = NULL; > - if (rt) goto err; > - qpol_iterator_destroy(&iter); > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list=NULL; > - py_decref(dict); dict=NULL; > - > -cleanup: > - errno = error; > - qpol_iterator_destroy(&iter); > - return dict; > -} > - > -/** > - * Get statistics regarding a policy's object classes. > - * If this function is given a name, it will attempt to > - * print statistics about a particular object class; otherwise > - * the function prints statistics about all of the policy's object > - * classes. > - * > - * @param name Reference to an object class' name; if NULL, > - * all object classes will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_classes(const char *name, const apol_policy_t * policydb) > -{ > - qpol_iterator_t *iter = NULL; > - size_t n_classes = 0; > - const qpol_class_t *class_datum = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - int error = 0; > - int rt; > - PyObject *obj; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (name != NULL) { > - if (qpol_policy_get_class_by_name(q, name, &class_datum)) > - goto err; > - obj = get_class(class_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } else { > - if (qpol_policy_get_class_iter(q, &iter)) > - goto err; > - if (qpol_iterator_get_size(iter, &n_classes)) > - goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&class_datum)) > - goto err; > - obj = get_class(class_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - qpol_iterator_destroy(&iter); > - } > - goto cleanup; > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -/** > - * Gets statistics regarding a policy's users. > - * If this function is given a name, it will attempt to > - * get statistics about a particular user; otherwise > - * the function gets statistics about all of the policy's > - * users. > - * > - * @param name Reference to a user's name; if NULL, > - * all users will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_users(const char *name, const apol_policy_t * policydb) > -{ > - qpol_iterator_t *iter = NULL; > - const qpol_user_t *user_datum = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - int error = 0; > - int rt; > - PyObject *obj; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (name != NULL) { > - if (qpol_policy_get_user_by_name(q, name, &user_datum)) { > - errno = EINVAL; > - goto err; > - } > - obj = get_user(user_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } else { > - if (qpol_policy_get_user_iter(q, &iter)) > - goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&user_datum)) > - goto err; > - obj = get_user(user_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - qpol_iterator_destroy(&iter); > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -/** > - * get a textual representation of a role, and > - * all of that role's types. > - * > - * @param type_datum Reference to sepol type_datum > - * @param policydb Reference to a policy > - * types > - */ > -static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb) > -{ > - const char *role_name = NULL, *type_name = NULL; > - const qpol_role_t *dom_datum = NULL; > - const qpol_type_t *type_datum = NULL; > - qpol_iterator_t *iter = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - size_t n_dom = 0, n_types = 0; > - int error = 0; > - int rt; > - PyObject *list = NULL; > - PyObject *dict = PyDict_New(); > - if (!dict) goto err; > - > - if (qpol_role_get_name(q, role_datum, &role_name)) > - goto err; > - if (py_insert_string(dict, "name", role_name)) > - goto err; > - > - if (qpol_role_get_dominate_iter(q, role_datum, &iter)) > - goto err; > - if (qpol_iterator_get_size(iter, &n_dom)) > - goto err; > - if ((int)n_dom > 0) { > - list = PyList_New(0); > - if (!list) goto err; > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&dom_datum)) > - goto err; > - if (qpol_role_get_name(q, dom_datum, &role_name)) > - goto err; > - if (py_append_string(list, role_name)) > - goto err; > - } > - rt = py_insert_obj(dict, "roles", list); > - Py_DECREF(list); list = NULL; > - if (rt) goto err; > - } > - qpol_iterator_destroy(&iter); > - > - if (qpol_role_get_type_iter(q, role_datum, &iter)) > - goto err; > - if (qpol_iterator_get_size(iter, &n_types)) > - goto err; > - if ((int)n_types > 0) { > - list = PyList_New(0); > - if (!list) goto err; > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&type_datum)) > - goto err; > - if (qpol_type_get_name(q, type_datum, &type_name)) > - goto err; > - if (py_append_string(list, type_name)) > - goto err; > - } > - rt = py_insert_obj(dict, "types", list); > - Py_DECREF(list); list = NULL; > - if (rt) goto err; > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - py_decref(dict); dict = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return dict; > -} > - > -/** > - * Get statistics regarding a policy's ports. > - * If this function is given a name, it will attempt to > - * get statistics about a particular port; otherwise > - * the function get statistics about all of the policy's ports. > - * > - * @param name Reference to an port's name; if NULL, > - * all ports will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_ports(const char *num, const apol_policy_t * policydb) > -{ > - const qpol_portcon_t *portcon = NULL; > - qpol_iterator_t *iter = NULL; > - uint16_t low_port, high_port; > - uint8_t ocon_proto; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - const qpol_context_t *ctxt = NULL; > - const char *proto_str = NULL; > - const char *type = NULL; > - const apol_mls_range_t *range = NULL; > - char *range_str = NULL; > - apol_context_t *c = NULL; > - int error = 0; > - int rt = 0; > - PyObject *dict = NULL; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (qpol_policy_get_portcon_iter(q, &iter)) > - goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&portcon)) > - goto err; > - if (qpol_portcon_get_low_port(q, portcon, &low_port)) > - goto err; > - if (qpol_portcon_get_high_port(q, portcon, &high_port)) > - goto err; > - if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) > - goto err; > - if (num) { > - if (atoi(num) < low_port || atoi(num) > high_port) > - continue; > - } > - > - if ((ocon_proto != IPPROTO_TCP) && > - (ocon_proto != IPPROTO_UDP)) > - goto err; > - > - if (qpol_portcon_get_context(q, portcon, &ctxt)) { > - PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); > - goto err; > - } > - > - if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { > - PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); > - goto err; > - } > - > - if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { > - goto err; > - } > - > - if((type = apol_context_get_type(c)) == NULL) { > - apol_context_destroy(&c); > - goto err; > - } > - > - dict = PyDict_New(); > - if (!dict) goto err; > - if (py_insert_string(dict, "type", type)) > - goto err; > - > - if((range = apol_context_get_range(c)) != NULL) { > - range_str = apol_mls_range_render(policydb, range); > - if (range_str == NULL) { > - goto err; > - } > - if (py_insert_string(dict, "range", range_str)) > - goto err; > - } > - > - if (py_insert_string(dict, "protocol", proto_str)) > - goto err; > - > - if (py_insert_long(dict, "high", high_port)) > - goto err; > - > - if (py_insert_long(dict, "low", low_port)) > - goto err; > - > - rt = py_append_obj(list, dict); > - Py_DECREF(dict); dict = NULL; > - if (rt) goto err; > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - py_decref(dict); dict = NULL; > - > -cleanup: > - free(range_str); > - apol_context_destroy(&c); > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -/** > - * Get statistics regarding a policy's roles. > - * If this function is given a name, it will attempt to > - * get statistics about a particular role; otherwise > - * the function get statistics about all of the policy's roles. > - * > - * @param name Reference to an role's name; if NULL, > - * all roles will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_roles(const char *name, const apol_policy_t * policydb) > -{ > - const qpol_role_t *role_datum = NULL; > - qpol_iterator_t *iter = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - int error = 0; > - int rt; > - PyObject *obj; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - > - if (name != NULL) { > - if (qpol_policy_get_role_by_name(q, name, &role_datum)) { > - errno = EINVAL; > - goto err; > - } > - obj = get_role(role_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } else { > - if (qpol_policy_get_role_iter(q, &iter)) > - goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&role_datum)) > - goto err; > - obj = get_role(role_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - qpol_iterator_destroy(&iter); > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -/** > - * Get statistics regarding a policy's types. > - * If this function is given a name, it will attempt to > - * print statistics about a particular type; otherwise > - * the function prints statistics about all of the policy's types. > - * > - * @param name Reference to a type's name; if NULL, > - * all object classes will be considered > - * @param policydb Reference to a policy > - * > - * @return 0 on success, < 0 on error. > - */ > -static PyObject* get_types(const char *name, const apol_policy_t * policydb) > -{ > - const qpol_type_t *type_datum = NULL; > - qpol_iterator_t *iter = NULL; > - qpol_policy_t *q = apol_policy_get_qpol(policydb); > - int error = 0; > - int rt; > - PyObject *obj; > - PyObject *list = PyList_New(0); > - if (!list) goto err; > - /* if name was provided, only print that name */ > - if (name != NULL) { > - if (qpol_policy_get_type_by_name(q, name, &type_datum)) { > - errno = EINVAL; > - goto err; > - } > - obj = get_type(type_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } else { > - if (qpol_policy_get_type_iter(q, &iter)) > - goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&type_datum)) > - goto err; > - obj = get_type(type_datum, policydb); > - rt = py_append_obj(list, obj); > - Py_DECREF(obj); > - if (rt) goto err; > - } > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(list); list = NULL; > - > -cleanup: > - qpol_iterator_destroy(&iter); > - errno = error; > - return list; > -} > - > -PyObject* info( int type, const char *name) > -{ > - PyObject* output = NULL; > - > - switch(type) { > - /* display requested info */ > - case TYPE: > - output = get_types(name, global_policy); > - break; > - case ATTRIBUTE: > - output = get_attribs(name, global_policy); > - break; > - case ROLE: > - output = get_roles(name, global_policy); > - break; > - case USER: > - output = get_users(name, global_policy); > - break; > - case CLASS: > - output = get_classes(name, global_policy); > - break; > - case BOOLEAN: > - output = get_booleans(name, global_policy); > - break; > - case PORT: > - output = get_ports(name, global_policy); > - break; > - case SENS: > - output = get_sens(name, global_policy); > - break; > - case CATS: > - output = get_cats(name, global_policy); > - break; > - default: > - errno = EINVAL; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - break; > - } > - > - return output; > -} > - > -PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){ > - int type; > - const char *name; > - > - if (!global_policy) { > - PyErr_SetString(PyExc_RuntimeError,"Policy not loaded"); > - return NULL; > - } > - > - if (!PyArg_ParseTuple(args, "iz", &type, &name)) > - return NULL; > - > - return info(type, name); > -} > - > -void init_info (PyObject *m) { > - PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE); > - PyModule_AddIntConstant(m, "PORT", PORT); > - PyModule_AddIntConstant(m, "ROLE", ROLE); > - PyModule_AddIntConstant(m, "TYPE", TYPE); > - PyModule_AddIntConstant(m, "USER", USER); > - PyModule_AddIntConstant(m, "CLASS", CLASS); > - PyModule_AddIntConstant(m, "BOOLEAN", BOOLEAN); > - PyModule_AddIntConstant(m, "SENS", SENS); > - PyModule_AddIntConstant(m, "CATS", CATS); > -} > diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c > deleted file mode 100644 > index 423a926..0000000 > --- a/policycoreutils/sepolicy/policy.c > +++ /dev/null > @@ -1,116 +0,0 @@ > -/** > - * @file > - * Python bindings to search SELinux Policy rules. > - * > - * @author Dan Walsh <dwalsh@redhat.com> > - * > - * Copyright (C) 2012 Red Hat, INC > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License > - * along with this program; if not, write to the Free Software > - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > - */ > - > -#include "Python.h" > - > -#ifdef UNUSED > -#elif defined(__GNUC__) > -# define UNUSED(x) UNUSED_ ## x __attribute__((unused)) > -#elif defined(__LCLINT__) > -# define UNUSED(x) /*@unused@*/ x > -#else > -# define UNUSED(x) x > -#endif > - > -#include "policy.h" > -apol_policy_t *global_policy = NULL; > - > -/* other */ > -#include <errno.h> > -#include <stdlib.h> > -#include <stdio.h> > -#include <string.h> > -#include <assert.h> > - > -#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" > - > -PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){ > - const char *policy_file; > - apol_vector_t *mod_paths = NULL; > - apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; > - apol_policy_path_t *pol_path = NULL; > - > - if (!PyArg_ParseTuple(args, "z", &policy_file)) > - return NULL; > - > - if (global_policy) > - apol_policy_destroy(&global_policy); > - > - int policy_load_options = 0; > - > - pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); > - if (!pol_path) { > - apol_vector_destroy(&mod_paths); > - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); > - return NULL; > - } > - apol_vector_destroy(&mod_paths); > - > - global_policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL); > - apol_policy_path_destroy(&pol_path); > - if (!global_policy) { > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - return NULL; > - } > - > - return Py_None; > -} > - > -static PyMethodDef methods[] = { > - {"policy", (PyCFunction) wrap_policy, METH_VARARGS, > - "Initialize SELinux policy for use with search and info"}, > - {"info", (PyCFunction) wrap_info, METH_VARARGS, > - "Return SELinux policy info about types, attributes, roles, users"}, > - {"search", (PyCFunction) wrap_search, METH_VARARGS, > - "Search SELinux Policy for allow, neverallow, auditallow, dontaudit and transition records"}, > - {NULL, NULL, 0, NULL} /* sentinel */ > -}; > - > -#if PY_MAJOR_VERSION >= 3 > - > -static struct PyModuleDef module_def = > -{ > - PyModuleDef_HEAD_INIT, > - "_policy", /* name of module */ > - "", /* module documentation, may be NULL */ > - -1, /* size of per-interpreter state of the module, or -1 if the module keeps state in global variables. */ > - (PyMethodDef*)&methods, > -}; > - > -PyMODINIT_FUNC PyInit__policy(void) > -{ > - PyObject *m; > - m = PyModule_Create(&module_def); > - init_info(m); > - return m; > -} > - > -#else // python 2 > - > -void init_policy(void) { > - PyObject *m; > - m = Py_InitModule("_policy", methods); > - init_info(m); > -} > - > -#endif > diff --git a/policycoreutils/sepolicy/policy.h b/policycoreutils/sepolicy/policy.h > deleted file mode 100644 > index ffac497..0000000 > --- a/policycoreutils/sepolicy/policy.h > +++ /dev/null > @@ -1,7 +0,0 @@ > -#include <apol/policy.h> > -extern apol_policy_t *global_policy; > -extern PyObject *wrap_info(PyObject *self, PyObject *args); > -extern void init_info (PyObject *m); > -extern PyObject *wrap_search(PyObject *self, PyObject *args); > - > - > diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c > deleted file mode 100644 > index d608006..0000000 > --- a/policycoreutils/sepolicy/search.c > +++ /dev/null > @@ -1,1029 +0,0 @@ > -// Author: Thomas Liu <tliu@redhat.com> > - > -/** > - * @file > - * Python bindings used to search TE rules. > - * > - * @author Thomas Liu <tliu@redhat.com> > - * @author Dan Walsh <dwalsh@redhat.com> > - * Copyright (C) 2012-2013 Red Hat, inc > - * > - * Sections copied from sesearch.c in setools package > - * @author Frank Mayer mayerf@tresys.com > - * @author Jeremy A. Mowery jmowery@tresys.com > - * @author Paul Rosenfeld prosenfeld@tresys.com > - * Copyright (C) 2003-2008 Tresys Technology, LLC > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License > - * along with this program; if not, write to the Free Software > - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > - */ > - > -/** > - * This is a modified version of sesearch to be used as part of a sepython library for > - * Python bindings. > - */ > - > -#include "common.h" > -#include "policy.h" > - > -/* libapol */ > -#include <apol/policy-query.h> > -#include <apol/render.h> > -#include <apol/util.h> > -#include <apol/vector.h> > - > -/* libqpol*/ > -#include <qpol/policy.h> > -#include <qpol/policy_extend.h> > -#include <qpol/syn_rule_query.h> > -#include <qpol/util.h> > - > -/* other */ > -#include <errno.h> > -#include <stdlib.h> > -#include <stdio.h> > -#include <assert.h> > -#include <getopt.h> > -#include <string.h> > -#include <stdbool.h> > - > -#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC" > - > -enum opt_values > -{ > - RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT, > - RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL, > - EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET > -}; > - > -; > - > -typedef struct options > -{ > - char *src_name; > - char *tgt_name; > - char *src_role_name; > - char *tgt_role_name; > - char *class_name; > - char *permlist; > - char *bool_name; > - apol_vector_t *class_vector; > - bool all; > - bool lineno; > - bool semantic; > - bool indirect; > - bool allow; > - bool nallow; > - bool auditallow; > - bool dontaudit; > - bool type; > - bool rtrans; > - bool role_allow; > - bool role_trans; > - bool useregex; > - bool show_cond; > - apol_vector_t *perm_vector; > -} options_t; > - > -static int py_tuple_insert_obj(PyObject *tuple, int pos, PyObject *obj) > -{ > - int rt; > - if (!obj) return -1; > - rt = PyTuple_SetItem(tuple, pos, obj); > - return rt; > -} > - > -static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) > -{ > - apol_role_allow_query_t *raq = NULL; > - int error = 0; > - > - if (!policy || !opt || !v) { > - ERR(policy, "%s", strerror(EINVAL)); > - errno = EINVAL; > - return -1; > - } > - > - if (!opt->role_allow && !opt->all) { > - *v = NULL; > - return 0; /* no search to do */ > - } > - > - raq = apol_role_allow_query_create(); > - if (!raq) { > - ERR(policy, "%s", strerror(ENOMEM)); > - errno = ENOMEM; > - return -1; > - } > - > - apol_role_allow_query_set_regex(policy, raq, opt->useregex); > - if (opt->src_role_name) { > - if (apol_role_allow_query_set_source(policy, raq, opt->src_role_name)) { > - error = errno; > - goto err; > - } > - } > - if (opt->tgt_role_name) > - if (apol_role_allow_query_set_target(policy, raq, opt->tgt_role_name)) { > - error = errno; > - goto err; > - } > - > - if (apol_role_allow_get_by_query(policy, raq, v)) { > - error = errno; > - goto err; > - } > - apol_role_allow_query_destroy(&raq); > - return 0; > - > - err: > - apol_vector_destroy(v); > - apol_role_allow_query_destroy(&raq); > - ERR(policy, "%s", strerror(error)); > - errno = error; > - return -1; > -} > - > -static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) > -{ > - size_t i, num_rules = 0; > - qpol_policy_t *q; > - const qpol_role_allow_t *rule = NULL; > - const char *tmp; > - PyObject *obj, *dict=NULL; > - const qpol_role_t *role = NULL; > - int error = 0; > - errno = EINVAL; > - int rt; > - > - if (!policy || !v) { > - errno = EINVAL; > - goto err; > - } > - > - if (!(num_rules = apol_vector_get_size(v))) > - return NULL; > - > - q = apol_policy_get_qpol(policy); > - > - for (i = 0; i < num_rules; i++) { > - dict = PyDict_New(); > - if (!dict) goto err; > - if (!(rule = apol_vector_get_element(v, i))) > - goto err; > - > - if (qpol_role_allow_get_source_role(q, rule, &role)) { > - goto err; > - } > - if (qpol_role_get_name(q, role, &tmp)) { > - goto err; > - } > - obj = PyString_FromString(tmp); > - if (py_insert_obj(dict, "source", obj)) > - goto err; > - > - if (qpol_role_allow_get_target_role(q, rule, &role)) { > - goto err; > - } > - if (qpol_role_get_name(q, role, &tmp)) { > - goto err; > - } > - obj = PyString_FromString(tmp); > - if (py_insert_obj(dict, "target", obj)) > - goto err; > - > - rt = py_append_obj(output, dict); > - if (rt) goto err; > - py_decref(dict); dict=NULL; > - } > - goto cleanup; > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > - py_decref(dict); > - > -cleanup: > - errno = error; > - return output; > -} > - > -static int perform_te_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) > -{ > - apol_terule_query_t *teq = NULL; > - unsigned int rules = 0; > - int error = 0; > - size_t i; > - > - if (!policy || !opt || !v) { > - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); > - errno = EINVAL; > - return -1; > - } > - > - if (opt->all || opt->type) { > - rules = (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER); > - } else { > - *v = NULL; > - return 0; /* no search to do */ > - } > - > - teq = apol_terule_query_create(); > - if (!teq) { > - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); > - errno = ENOMEM; > - return -1; > - } > - > - apol_terule_query_set_rules(policy, teq, rules); > - apol_terule_query_set_regex(policy, teq, opt->useregex); > - > - if (opt->src_name) > - apol_terule_query_set_source(policy, teq, opt->src_name, opt->indirect); > - if (opt->tgt_name) > - apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); > - if (opt->bool_name) > - apol_terule_query_set_bool(policy, teq, opt->bool_name); > - if (opt->class_name) { > - if (opt->class_vector == NULL) { > - if (apol_terule_query_append_class(policy, teq, opt->class_name)) { > - error = errno; > - goto err; > - } > - } else { > - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { > - char *class_name; > - class_name = apol_vector_get_element(opt->class_vector, i); > - if (!class_name) > - continue; > - if (apol_terule_query_append_class(policy, teq, class_name)) { > - error = errno; > - goto err; > - } > - } > - } > - } > - > - if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { > - if (apol_syn_terule_get_by_query(policy, teq, v)) { > - goto err; > - } > - } else { > - if (apol_terule_get_by_query(policy, teq, v)) { > - goto err; > - } > - } > - > - apol_terule_query_destroy(&teq); > - return 0; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > - apol_vector_destroy(v); > - apol_terule_query_destroy(&teq); > - errno = error; > - return -1; > -} > - > -static PyObject* get_bool(const qpol_policy_t *q, const qpol_cond_t * cond, int enabled) > -{ > - qpol_iterator_t *iter = NULL; > - qpol_cond_expr_node_t *expr = NULL; > - char *tmp = NULL; > - const char *bool_name = NULL; > - int error = 0; > - uint32_t expr_type = 0; > - qpol_bool_t *cond_bool = NULL; > - PyObject *obj, *tuple = NULL; > - PyObject *boollist = NULL; > - > - if (!q || !cond) { > - errno = EINVAL; > - return NULL; > - } > - if (qpol_cond_get_expr_node_iter(q, cond, &iter) < 0) { > - goto err; > - } > - > - boollist = PyList_New(0); > - if (! boollist) goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - if (qpol_iterator_get_item(iter, (void **)&expr)) { > - goto err; > - } > - if (qpol_cond_expr_node_get_expr_type(q, expr, &expr_type)) { > - goto err; > - } > - if (expr_type != QPOL_COND_EXPR_BOOL) { > - obj = PyString_FromString(apol_cond_expr_type_to_str(expr_type)); > - if (!obj) goto err; > - if (py_append_obj(boollist, obj)) > - goto err; > - } else { > - tuple = PyTuple_New(2); > - if (!tuple) goto err; > - > - if (qpol_cond_expr_node_get_bool(q, expr, &cond_bool)) { > - goto err; > - } > - if (qpol_bool_get_name(q, cond_bool, &bool_name)) { > - goto err; > - } > - obj = PyString_FromString(bool_name); > - if (py_tuple_insert_obj(tuple, 0, obj)) > - goto err; > - obj = PyBool_FromLong(enabled); > - if (py_tuple_insert_obj(tuple, 1, obj)) > - goto err; > - if (py_append_obj(boollist, tuple)) > - goto err; > - tuple=NULL; > - } > - } > - > - qpol_iterator_destroy(&iter); > - return boollist; > - > - err: > - error = errno; > - qpol_iterator_destroy(&iter); > - py_decref(tuple); > - py_decref(boollist); > - free(tmp); > - errno = error; > - return NULL; > -} > - > -static PyObject* get_te_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) > -{ > - int error = 0; > - int rt = 0; > - PyObject *obj, *dict=NULL, *tuple = NULL; > - qpol_policy_t *q; > - uint32_t rule_type = 0; > - const qpol_type_t *type; > - size_t i, num_rules = 0; > - const qpol_terule_t *rule = NULL; > - char *tmp = NULL, *rule_str = NULL, *expr = NULL; > - const qpol_cond_t *cond = NULL; > - uint32_t enabled = 0; > - const char *tmp_name; > - const qpol_class_t *obj_class = NULL; > - > - if (!policy || !v) { > - errno = EINVAL; > - goto err; > - } > - > - if (!(num_rules = apol_vector_get_size(v))) > - return NULL; > - > - q = apol_policy_get_qpol(policy); > - > - for (i = 0; i < num_rules; i++) { > - dict = PyDict_New(); > - if (!dict) goto err; > - if (!(rule = apol_vector_get_element(v, i))) > - goto err; > - if (qpol_terule_get_cond(q, rule, &cond)) > - goto err; > - if (qpol_terule_get_is_enabled(q, rule, &enabled)) > - goto err; > - > - if (cond) { > - obj = get_bool(q, cond, enabled); > - if (!obj) goto err; > - rt = PyDict_SetItemString(dict, "boolean", obj); > - py_decref(obj); > - } > - > - if (qpol_terule_get_rule_type(q, rule, &rule_type)) > - goto err; > - > - if (!(rule_type &= (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER))) { > - PyErr_SetString(PyExc_RuntimeError,"Invalid TE rule type"); > - errno = EINVAL; > - goto err; > - } > - if (!(tmp_name = apol_rule_type_to_str(rule_type))) { > - PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string"); > - errno = EINVAL; > - goto err; > - } > - > - if (py_insert_string(dict, "type", tmp_name)) > - goto err; > - > - if (qpol_terule_get_source_type(q, rule, &type)) > - goto err; > - if (qpol_type_get_name(q, type, &tmp_name)) > - goto err; > - if (py_insert_string(dict, "source", tmp_name)) > - goto err; > - > - if (qpol_terule_get_target_type(q, rule, &type)) > - goto err; > - if (qpol_type_get_name(q, type, &tmp_name)) > - goto err; > - if (py_insert_string(dict, "target", tmp_name)) > - goto err; > - > - if (qpol_terule_get_object_class(q, rule, &obj_class)) > - goto err; > - if (qpol_class_get_name(q, obj_class, &tmp_name)) > - goto err; > - if (py_insert_string(dict, "class", tmp_name)) > - goto err; > - > - if (qpol_terule_get_default_type(q, rule, &type)) > - goto err; > - if (qpol_type_get_name(q, type, &tmp_name)) > - goto err; > - if (py_insert_string(dict, "transtype", tmp_name)) > - goto err; > - > - rt = py_append_obj(output, dict); > - dict = NULL; > - if(rt) goto err; > - > - free(rule_str); rule_str = NULL; > - free(expr); expr = NULL; > - } > - goto cleanup; > - > -err: > - error = errno; > - py_decref(dict); > - py_decref(tuple); > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > -cleanup: > - free(tmp); > - free(rule_str); > - free(expr); > - errno = error; > - return output; > -} > - > -static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) > -{ > - apol_filename_trans_query_t *ftq = NULL; > - size_t i; > - int error = 0; > - > - if (!policy || !opt || !v) { > - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); > - errno = EINVAL; > - return -1; > - } > - > - if (!opt->type && !opt->all) { > - *v = NULL; > - return 0; /* no search to do */ > - } > - > - ftq = apol_filename_trans_query_create(); > - if (!ftq) { > - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); > - errno = ENOMEM; > - return -1; > - } > - > - apol_filename_trans_query_set_regex(policy, ftq, opt->useregex); > - if (opt->src_name) { > - if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) { > - goto err; > - } > - } > - > - if (opt->tgt_name) { > - if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) { > - goto err; > - } > - } > - if (opt->class_name) { > - if (opt->class_vector == NULL) { > - if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) { > - goto err; > - } > - } else { > - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { > - char *class_name; > - class_name = apol_vector_get_element(opt->class_vector, i); > - if (!class_name) > - continue; > - if (apol_filename_trans_query_append_class(policy, ftq, class_name)) { > - goto err; > - } > - } > - } > - } > - > - if (apol_filename_trans_get_by_query(policy, ftq, v)) > - goto err; > - > - apol_filename_trans_query_destroy(&ftq); > - return 0; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - apol_vector_destroy(v); > - apol_filename_trans_query_destroy(&ftq); > - errno = error; > - return -1; > -} > - > -static PyObject* get_ft_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *list) > -{ > - PyObject *dict = NULL; > - size_t i, num_filename_trans = 0; > - const char *tmp_name; > - int error = 0; > - int rt; > - const qpol_filename_trans_t *filename_trans = NULL; > - const qpol_class_t *obj_class = NULL; > - char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; > - qpol_policy_t *q; > - const qpol_type_t *type = NULL; > - > - if (!policy || !v) { > - errno = EINVAL; > - goto err; > - } > - > - if (!(num_filename_trans = apol_vector_get_size(v))) > - return NULL; > - > - q = apol_policy_get_qpol(policy); > - > - for (i = 0; i < num_filename_trans; i++) { > - if (!(filename_trans = apol_vector_get_element(v, i))) > - goto err; > - > - dict = PyDict_New(); > - if (!dict) goto err; > - > - if (py_insert_string(dict, "type", "type_transition")) > - goto err; > - > - /* source type */ > - if (qpol_filename_trans_get_source_type(q, filename_trans, &type)) { > - goto err; > - } > - if (qpol_type_get_name(q, type, &tmp_name)) { > - goto err; > - } > - > - if (py_insert_string(dict, "source", tmp_name)) > - goto err; > - > - if (qpol_filename_trans_get_target_type(q, filename_trans, &type)) > - goto err; > - > - if (qpol_type_get_name(q, type, &tmp_name)) > - goto err; > - > - if (py_insert_string(dict, "target", tmp_name)) > - goto err; > - > - if (qpol_filename_trans_get_object_class(q, filename_trans, &obj_class)) > - goto err; > - > - if (qpol_class_get_name(q, obj_class, &tmp_name)) > - goto err; > - > - if (py_insert_string(dict, "class", tmp_name)) > - goto err; > - > - if (qpol_filename_trans_get_default_type(q, filename_trans, &type)) > - goto err; > - if (qpol_type_get_name(q, type, &tmp_name)) > - goto err; > - if (py_insert_string(dict, "transtype", tmp_name)) > - goto err; > - > - if (! qpol_filename_trans_get_filename(q, filename_trans, &tmp_name)) { > - if (py_insert_string(dict, "filename", tmp_name)) > - goto err; > - } > - > - rt = py_append_obj(list, dict); > - dict = NULL; > - if (rt) goto err; > - > - free(filename_trans_str); filename_trans_str = NULL; > - free(expr); expr = NULL; > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(dict); > -cleanup: > - free(tmp); > - free(filename_trans_str); > - free(expr); > - errno = error; > - return list; > -} > - > -static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) > -{ > - apol_avrule_query_t *avq = NULL; > - unsigned int rules = 0; > - int error = 0; > - char *tmp = NULL, *tok = NULL, *s = NULL; > - > - if (!policy || !opt || !v) { > - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); > - errno = EINVAL; > - return -1; > - } > - > - if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) { > - *v = NULL; > - return 0; /* no search to do */ > - } > - > - avq = apol_avrule_query_create(); > - if (!avq) { > - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); > - errno = ENOMEM; > - return -1; > - } > - > - if (opt->allow || opt->all) > - rules |= QPOL_RULE_ALLOW; > - if (opt->nallow || opt->all) // Add this regardless of policy capabilities > - rules |= QPOL_RULE_NEVERALLOW; > - if (opt->auditallow || opt->all) > - rules |= QPOL_RULE_AUDITALLOW; > - if (opt->dontaudit || opt->all) > - rules |= QPOL_RULE_DONTAUDIT; > - if (rules != 0) // Setting rules = 0 means you want all the rules > - apol_avrule_query_set_rules(policy, avq, rules); > - apol_avrule_query_set_regex(policy, avq, opt->useregex); > - if (opt->src_name) > - apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect); > - if (opt->tgt_name) > - apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect); > - if (opt->bool_name) > - apol_avrule_query_set_bool(policy, avq, opt->bool_name); > - if (opt->class_name) { > - if (opt->class_vector == NULL) { > - if (apol_avrule_query_append_class(policy, avq, opt->class_name)) { > - goto err; > - } > - } else { > - size_t i; > - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { > - char *class_name; > - class_name = apol_vector_get_element(opt->class_vector, i); > - if (!class_name) > - continue; > - if (apol_avrule_query_append_class(policy, avq, class_name)) { > - goto err; > - } > - } > - } > - } > - > - if (opt->permlist) { > - tmp = strdup(opt->permlist); > - for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) { > - if (apol_avrule_query_append_perm(policy, avq, tok)) { > - goto err; > - } > - if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) { > - goto err; > - } > - s = NULL; > - } > - free(tmp); > - tmp = NULL; > - } > - > - if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { > - if (apol_syn_avrule_get_by_query(policy, avq, v)) { > - goto err; > - } > - } else { > - if (apol_avrule_get_by_query(policy, avq, v)) { > - goto err; > - } > - } > - > - apol_avrule_query_destroy(&avq); > - return 0; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(error)); > - apol_vector_destroy(v); > - apol_avrule_query_destroy(&avq); > - free(tmp); > - free(s); > - errno = error; > - return -1; > -} > - > -static PyObject* get_av_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) > -{ > - PyObject *obj, *dict=NULL; > - PyObject *permlist = NULL; > - PyObject *boollist = NULL; > - uint32_t rule_type = 0; > - int rt; > - int error = 0; > - qpol_policy_t *q; > - size_t i, num_rules = 0; > - const qpol_avrule_t *rule = NULL; > - char *tmp = NULL, *rule_str = NULL; > - qpol_cond_expr_node_t *expr = NULL; > - qpol_iterator_t *iter = NULL; > - const qpol_cond_t *cond = NULL; > - uint32_t enabled = 0; > - const qpol_type_t *type; > - const char *tmp_name; > - const qpol_class_t *obj_class = NULL; > - > - if (!policy || !v) { > - errno = EINVAL; > - goto err; > - } > - > - if (!(num_rules = apol_vector_get_size(v))) > - return NULL; > - > - q = apol_policy_get_qpol(policy); > - > - for (i = 0; i < num_rules; i++) { > - if (!(rule = apol_vector_get_element(v, i))) > - goto err; > - > - dict = PyDict_New(); > - if (!dict) goto err; > - > - if (qpol_avrule_get_rule_type(q, rule, &rule_type)) > - goto err; > - > - if (!(tmp_name = apol_rule_type_to_str(rule_type))) { > - PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string"); > - errno = EINVAL; > - goto err; > - } > - > - if (py_insert_string(dict, "type", tmp_name)) > - goto err; > - > - if (qpol_avrule_get_source_type(q, rule, &type)) { > - goto err; > - } > - > - if (qpol_type_get_name(q, type, &tmp_name)) { > - goto err; > - } > - > - if (py_insert_string(dict, "source", tmp_name)) > - goto err; > - > - if (qpol_avrule_get_target_type(q, rule, &type)) { > - goto err; > - } > - if (qpol_type_get_name(q, type, &tmp_name)) { > - goto err; > - } > - > - if (py_insert_string(dict, "target", tmp_name)) > - goto err; > - > - if (qpol_avrule_get_object_class(q, rule, &obj_class)) { > - goto err; > - } > - if (qpol_class_get_name(q, obj_class, &tmp_name)) { > - goto err; > - } > - > - if (py_insert_string(dict, "class", tmp_name)) > - goto err; > - > - if (qpol_avrule_get_perm_iter(q, rule, &iter)) { > - goto err; > - } > - > - permlist = PyList_New(0); > - if (! permlist) goto err; > - > - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { > - const char *perm_name = NULL; > - if (qpol_iterator_get_item(iter, (void **)&perm_name)) > - goto err; > - if (py_append_string(permlist, perm_name)) > - goto err; > - } > - > - rt = PyDict_SetItemString(dict, "permlist", permlist); > - py_decref(permlist); permlist=NULL; > - if (rt) goto err; > - > - if (qpol_avrule_get_cond(q, rule, &cond)) > - goto err; > - if (qpol_avrule_get_is_enabled(q, rule, &enabled)) > - goto err; > - > - obj = PyBool_FromLong(enabled); > - rt = PyDict_SetItemString(dict, "enabled", obj); > - py_decref(obj); > - > - if (cond) { > - obj = get_bool(q, cond, enabled); > - if (!obj) goto err; > - rt = PyDict_SetItemString(dict, "boolean", obj); > - py_decref(obj); > - } > - > - rt = py_append_obj(output, dict); > - py_decref(dict); dict=NULL; > - if (rt) goto err; > - > - free(rule_str); rule_str = NULL; > - free(expr); expr = NULL; > - } > - goto cleanup; > - > -err: > - error = errno; > - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); > - py_decref(dict); > - py_decref(permlist); > - py_decref(boollist); > - > -cleanup: > - free(tmp); > - free(rule_str); > - free(expr); > - errno = error; > - return output; > -} > - > -PyObject* search(bool allow, > - bool neverallow, > - bool auditallow, > - bool dontaudit, > - bool transition, > - bool role_allow, > - const char *src_name, > - const char *tgt_name, > - const char *class_name, > - const char *permlist > - ) > -{ > - options_t cmd_opts; > - PyObject *output = NULL; > - apol_vector_t *v = NULL; > - > - memset(&cmd_opts, 0, sizeof(cmd_opts)); > - cmd_opts.indirect = true; > - cmd_opts.show_cond = true; > - cmd_opts.allow = allow; > - cmd_opts.nallow = neverallow; > - cmd_opts.auditallow = auditallow; > - cmd_opts.dontaudit = dontaudit; > - cmd_opts.type = transition; > - cmd_opts.role_allow = role_allow; > - if (src_name) > - cmd_opts.src_name = strdup(src_name); > - if (tgt_name) > - cmd_opts.tgt_name = strdup(tgt_name); > - if (class_name) > - cmd_opts.class_name = strdup(class_name); > - if (permlist){ > - cmd_opts.perm_vector = apol_vector_create(free); > - cmd_opts.permlist = strdup(permlist); > - } > - if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) { > - if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(global_policy))) { > - PyErr_SetString(PyExc_RuntimeError,"Query failed"); > - goto cleanup; > - } > - } > - > - /* if syntactic rules are not available always do semantic search */ > - if (!qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) { > - cmd_opts.semantic = 1; > - } > - > - /* supress line numbers if doing semantic search or not available */ > - if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_LINE_NUMBERS)) { > - cmd_opts.lineno = 0; > - } > - if (perform_av_query(global_policy, &cmd_opts, &v)) { > - goto cleanup; > - } > - output = PyList_New(0); > - if (!output) > - goto cleanup; > - > - if (v) { > - get_av_results(global_policy, v, output); > - } > - > - apol_vector_destroy(&v); > - if (perform_te_query(global_policy, &cmd_opts, &v)) { > - goto cleanup; > - } > - if (v) { > - get_te_results(global_policy, v, output); > - } > - > - if (cmd_opts.all || cmd_opts.type) { > - apol_vector_destroy(&v); > - if (perform_ft_query(global_policy, &cmd_opts, &v)) { > - goto cleanup; > - } > - > - if (v) { > - get_ft_results(global_policy, v, output); > - } > - } > - > - if (cmd_opts.all || cmd_opts.role_allow) { > - apol_vector_destroy(&v); > - if (perform_ra_query(global_policy, &cmd_opts, &v)) { > - goto cleanup; > - } > - > - if (v) { > - get_ra_results(global_policy, v, output); > - } > - } > - > - apol_vector_destroy(&v); > - > - cleanup: > - free(cmd_opts.src_name); > - free(cmd_opts.tgt_name); > - free(cmd_opts.class_name); > - free(cmd_opts.permlist); > - free(cmd_opts.bool_name); > - free(cmd_opts.src_role_name); > - free(cmd_opts.tgt_role_name); > - apol_vector_destroy(&cmd_opts.perm_vector); > - apol_vector_destroy(&cmd_opts.class_vector); > - > - if (output && PyList_GET_SIZE(output) == 0) { > - py_decref(output); > - return Py_None; > - } > - return output; > -} > - > -static int Dict_ContainsInt(PyObject *dict, const char *key){ > - PyObject *item = PyDict_GetItemString(dict, key); > - if (item) > - return PyInt_AsLong(item); > - return false; > -} > - > -static const char *Dict_ContainsString(PyObject *dict, const char *key){ > - PyObject *item = PyDict_GetItemString(dict, key); > - if (item) > - return PyString_AsString(item); > - return NULL; > -} > - > -PyObject *wrap_search(PyObject *UNUSED(self), PyObject *args){ > - PyObject *dict; > - if (!PyArg_ParseTuple(args, "O", &dict)) > - return NULL; > - int allow = Dict_ContainsInt(dict, "allow"); > - int neverallow = Dict_ContainsInt(dict, "neverallow"); > - int auditallow = Dict_ContainsInt(dict, "auditallow"); > - int dontaudit = Dict_ContainsInt(dict, "dontaudit"); > - int transition = Dict_ContainsInt(dict, "transition"); > - int role_allow = Dict_ContainsInt(dict, "role_allow"); > - > - if (!global_policy) { > - PyErr_SetString(PyExc_RuntimeError,"Policy not loaded"); > - return NULL; > - } > - const char *src_name = Dict_ContainsString(dict, "source"); > - const char *tgt_name = Dict_ContainsString(dict, "target"); > - const char *class_name = Dict_ContainsString(dict, "class"); > - const char *permlist = Dict_ContainsString(dict, "permlist"); > - > - return search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist); > -} > diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py > index b00ec81..8fbd5b4 100644 > --- a/policycoreutils/sepolicy/sepolicy/__init__.py > +++ b/policycoreutils/sepolicy/sepolicy/__init__.py > @@ -4,7 +4,6 @@ > # Author: Ryan Hallisey <rhallise@redhat.com> > # Author: Jason Zaman <perfinion@gentoo.org> > > -from . import _policy > import selinux > import setools > import glob > @@ -149,7 +148,6 @@ def policy(policy_file): > global _pol > > try: > - _policy.policy(policy_file) > _pol = setools.SELinuxPolicy(policy_file) > except: > raise ValueError(_("Failed to read %s policy file") % policy_file) > diff --git a/policycoreutils/sepolicy/setup.py b/policycoreutils/sepolicy/setup.py > index e74e68d..4bd8353 100644 > --- a/policycoreutils/sepolicy/setup.py > +++ b/policycoreutils/sepolicy/setup.py > @@ -2,11 +2,21 @@ > > # Author: Thomas Liu <tliu@redhat.com> > # Author: Dan Walsh <dwalsh@redhat.com> > -import os > -from distutils.core import setup, Extension > -policy = Extension("sepolicy._policy", > - libraries=["apol", "qpol"], > - sources=["policy.c", "info.c", "search.c"] > - ) > +from distutils.core import setup > > -setup(name="sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates", "sepolicy.help"], package_data={'sepolicy': ['*.glade'], 'sepolicy.help': ['*.txt', '*.png']}) > +setup( > + name="sepolicy", > + version="1.1", > + description="Python SELinux Policy Analyses bindings", > + author="Daniel Walsh", > + author_email="dwalsh@redhat.com", > + packages=[ > + "sepolicy", > + "sepolicy.templates", > + "sepolicy.help" > + ], > + package_data={ > + 'sepolicy': ['*.glade'], > + 'sepolicy.help': ['*.txt', '*.png'] > + } > +)
diff --git a/policycoreutils/sepolicy/common.h b/policycoreutils/sepolicy/common.h deleted file mode 100644 index e453def..0000000 --- a/policycoreutils/sepolicy/common.h +++ /dev/null @@ -1,69 +0,0 @@ -#include "Python.h" - -#ifdef UNUSED -#elif defined(__GNUC__) -# define UNUSED(x) UNUSED_ ## x __attribute__((unused)) -#elif defined(__LCLINT__) -# define UNUSED(x) /*@unused@*/ x -#else -# define UNUSED(x) x -#endif - -#define py_decref(x) { if (x) Py_DECREF(x); } - -#if PY_MAJOR_VERSION >= 3 -# define PyIntObject PyLongObject -# define PyInt_Type PyLong_Type -# define PyInt_Check(op) PyLong_Check(op) -# define PyInt_CheckExact(op) PyLong_CheckExact(op) -# define PyInt_FromString PyLong_FromString -# define PyInt_FromUnicode PyLong_FromUnicode -# define PyInt_FromLong PyLong_FromLong -# define PyInt_FromSize_t PyLong_FromSize_t -# define PyInt_FromSsize_t PyLong_FromSsize_t -# define PyInt_AsLong PyLong_AsLong -# define PyInt_AS_LONG PyLong_AS_LONG -# define PyInt_AsSsize_t PyLong_AsSsize_t -# define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask -# define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask -# define PyString_FromString PyUnicode_FromString -# define PyString_AsString PyUnicode_AsUTF8 -#endif - -static int py_append_string(PyObject *list, const char* value) -{ - int rt; - PyObject *obj = PyString_FromString(value); - if (!obj) return -1; - rt = PyList_Append(list, obj); - Py_DECREF(obj); - return rt; -} - -static int py_append_obj(PyObject *list, PyObject *obj) -{ - int rt; - if (!obj) return -1; - rt = PyList_Append(list, obj); - return rt; -} - -static int py_insert_obj(PyObject *dict, const char *name, PyObject *obj) -{ - int rt; - if (!obj) return -1; - rt = PyDict_SetItemString(dict, name, obj); - return rt; -} - -static int py_insert_string(PyObject *dict, const char *name, const char* value) -{ - int rt; - PyObject *obj = PyString_FromString(value); - if (!obj) return -1; - rt = PyDict_SetItemString(dict, name, obj); - Py_DECREF(obj); - return rt; -} - - diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c deleted file mode 100644 index bbb6844..0000000 --- a/policycoreutils/sepolicy/info.c +++ /dev/null @@ -1,1381 +0,0 @@ -/** - * @file - * Command line tool to search TE rules. - * - * @author Frank Mayer mayerf@tresys.com - * @author Jeremy A. Mowery jmowery@tresys.com - * @author Paul Rosenfeld prosenfeld@tresys.com - * @author Thomas Liu <tliu@redhat.com> - * @author Dan Walsh <dwalsh@redhat.com> - * - * Copyright (C) 2003-2008 Tresys Technology, LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -/** - * This is a modified version of seinfo to be used as part of a library for - * Python bindings. - */ - -#include "common.h" -#include "policy.h" - -/* libapol */ -#include <apol/policy-query.h> -#include <apol/render.h> -#include <apol/util.h> -#include <apol/vector.h> - -/* libqpol */ -#include <qpol/policy.h> -#include <qpol/util.h> - -/* other */ -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <assert.h> - -#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" - -enum input -{ - TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS -}; - -static int py_insert_long(PyObject *dict, const char *name, int value) -{ - int rt; - PyObject *obj = PyLong_FromLong(value); - if (!obj) return -1; - rt = PyDict_SetItemString(dict, name, obj); - Py_DECREF(obj); - return rt; -} - -static int py_insert_bool(PyObject *dict, const char *name, int value) -{ - int rt; - PyObject *obj = PyBool_FromLong(value); - if (!obj) return -1; - rt = PyDict_SetItemString(dict, name, obj); - Py_DECREF(obj); - return rt; -} - -/** - * Get a policy's MLS sensitivities. - * If this function is given a name, it will attempt to - * get statistics about a particular sensitivity; otherwise - * the function gets statistics about all of the policy's - * sensitivities. - * - * @param name Reference to a sensitivity's name; if NULL, - * all sensitivities will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_sens(const char *name, const apol_policy_t * policydb) -{ - PyObject *dict = NULL; - int error = 0; - int rt = 0; - size_t i; - char *tmp = NULL; - const char *lvl_name = NULL; - apol_level_query_t *query = NULL; - apol_vector_t *v = NULL; - const qpol_level_t *level = NULL; - apol_mls_level_t *ap_mls_lvl = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - - query = apol_level_query_create(); - if (!query) - goto cleanup; - if (apol_level_query_set_sens(policydb, query, name)) - goto cleanup; - if (apol_level_get_by_query(policydb, query, &v)) - goto cleanup; - - dict = PyDict_New(); - if (!dict) goto err; - for (i = 0; i < apol_vector_get_size(v); i++) { - level = apol_vector_get_element(v, i); - if (qpol_level_get_name(q, level, &lvl_name)) - goto err; - ap_mls_lvl = (apol_mls_level_t *) apol_mls_level_create_from_qpol_level_datum(policydb, level); - tmp = apol_mls_level_render(policydb, ap_mls_lvl); - apol_mls_level_destroy(&ap_mls_lvl); - if (!tmp) - goto cleanup; - if (py_insert_string(dict, lvl_name, tmp)) - goto err; - free(tmp); tmp = NULL; - if (rt) goto err; - } - - if (name && !apol_vector_get_size(v)) { - goto cleanup; - } - - goto cleanup; -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(error)); - py_decref(dict); dict = NULL; -cleanup: - free(tmp); - apol_level_query_destroy(&query); - apol_vector_destroy(&v); - errno = error; - return dict; -} - -/** - * Compare two qpol_cat_datum_t objects. - * This function is meant to be passed to apol_vector_compare - * as the callback for performing comparisons. - * - * @param datum1 Reference to a qpol_type_datum_t object - * @param datum2 Reference to a qpol_type_datum_t object - * @param data Reference to a policy - * @return Greater than 0 if the first argument is less than the second argument, - * less than 0 if the first argument is greater than the second argument, - * 0 if the arguments are equal - */ -static int qpol_cat_datum_compare(const void *datum1, const void *datum2, void *data) -{ - const qpol_cat_t *cat_datum1 = NULL, *cat_datum2 = NULL; - apol_policy_t *policydb = NULL; - qpol_policy_t *q; - uint32_t val1, val2; - - policydb = (apol_policy_t *) data; - q = apol_policy_get_qpol(policydb); - assert(policydb); - - if (!datum1 || !datum2) - goto exit_err; - cat_datum1 = datum1; - cat_datum2 = datum2; - - if (qpol_cat_get_value(q, cat_datum1, &val1)) - goto exit_err; - if (qpol_cat_get_value(q, cat_datum2, &val2)) - goto exit_err; - - return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1); - - exit_err: - assert(0); - return 0; -} - -/** - * Compare two qpol_level_datum_t objects. - * This function is meant to be passed to apol_vector_compare - * as the callback for performing comparisons. - * - * @param datum1 Reference to a qpol_level_datum_t object - * @param datum2 Reference to a qpol_level_datum_t object - * @param data Reference to a policy - * @return Greater than 0 if the first argument is less than the second argument, - * less than 0 if the first argument is greater than the second argument, - * 0 if the arguments are equal - */ -static int qpol_level_datum_compare(const void *datum1, const void *datum2, void *data) -{ - const qpol_level_t *lvl_datum1 = NULL, *lvl_datum2 = NULL; - apol_policy_t *policydb = NULL; - qpol_policy_t *q; - uint32_t val1, val2; - - policydb = (apol_policy_t *) data; - assert(policydb); - q = apol_policy_get_qpol(policydb); - - if (!datum1 || !datum2) - goto exit_err; - lvl_datum1 = datum1; - lvl_datum2 = datum2; - - if (qpol_level_get_value(q, lvl_datum1, &val1)) - goto exit_err; - if (qpol_level_get_value(q, lvl_datum2, &val2)) - goto exit_err; - - return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1); - - exit_err: - assert(0); - return 0; -} - -/** - * Gets a textual representation of a MLS category and - * all of that category's sensitivies. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - */ -static PyObject* get_cat_sens(const qpol_cat_t * cat_datum, const apol_policy_t * policydb) -{ - const char *cat_name, *lvl_name; - apol_level_query_t *query = NULL; - apol_vector_t *v = NULL; - const qpol_level_t *lvl_datum = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - size_t i, n_sens = 0; - int error = 0; - PyObject *list = NULL; - PyObject *dict = PyDict_New(); - if (!dict) goto err; - if (!cat_datum || !policydb) - goto err; - - /* get category name for apol query */ - if (qpol_cat_get_name(q, cat_datum, &cat_name)) - goto cleanup; - - query = apol_level_query_create(); - if (!query) - goto err; - if (apol_level_query_set_cat(policydb, query, cat_name)) - goto err; - if (apol_level_get_by_query(policydb, query, &v)) - goto err; - apol_vector_sort(v, &qpol_level_datum_compare, (void *)policydb); - dict = PyDict_New(); - if (!dict) goto err; - if (py_insert_string(dict, "name", cat_name)) - goto err; - n_sens = apol_vector_get_size(v); - list = PyList_New(0); - if (!list) goto err; - for (i = 0; i < n_sens; i++) { - lvl_datum = (qpol_level_t *) apol_vector_get_element(v, i); - if (!lvl_datum) - goto err; - if (qpol_level_get_name(q, lvl_datum, &lvl_name)) - goto err; - if (py_append_string(list, lvl_name)) - goto err; - } - if (py_insert_obj(dict, "level", list)) - goto err; - Py_DECREF(list); - - goto cleanup; -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - py_decref(dict); dict = NULL; -cleanup: - apol_level_query_destroy(&query); - apol_vector_destroy(&v); - errno = error; - return dict; -} - -/** - * Prints statistics regarding a policy's MLS categories. - * If this function is given a name, it will attempt to - * get statistics about a particular category; otherwise - * the function gets statistics about all of the policy's - * categories. - * - * @param name Reference to a MLS category's name; if NULL, - * all categories will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_cats(const char *name, const apol_policy_t * policydb) -{ - PyObject *obj = NULL; - apol_cat_query_t *query = NULL; - apol_vector_t *v = NULL; - const qpol_cat_t *cat_datum = NULL; - size_t i, n_cats; - int error = 0; - int rt; - PyObject *list = PyList_New(0); - if (!list) goto err; - - query = apol_cat_query_create(); - if (!query) - goto err; - if (apol_cat_query_set_cat(policydb, query, name)) - goto err; - if (apol_cat_get_by_query(policydb, query, &v)) - goto err; - n_cats = apol_vector_get_size(v); - apol_vector_sort(v, &qpol_cat_datum_compare, (void *)policydb); - - for (i = 0; i < n_cats; i++) { - cat_datum = apol_vector_get_element(v, i); - if (!cat_datum) - goto err; - obj = get_cat_sens(cat_datum, policydb); - if (!obj) - goto err; - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } - - if (name && !n_cats) { - goto err; - } - - goto cleanup; -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; -cleanup: - apol_cat_query_destroy(&query); - apol_vector_destroy(&v); - errno = error; - return list; -} - -/** - * Get the alias of a type. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - * attributes - */ -static PyObject* get_type_aliases(const qpol_type_t * type_datum, const apol_policy_t * policydb) -{ - qpol_iterator_t *iter = NULL; - size_t alias_size; - unsigned char isattr, isalias; - const char *type_name = NULL; - const char *alias_name; - int error = 0; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (qpol_type_get_name(q, type_datum, &type_name)) - goto cleanup; - if (qpol_type_get_isattr(q, type_datum, &isattr)) - goto cleanup; - if (qpol_type_get_isalias(q, type_datum, &isalias)) - goto cleanup; - - if (qpol_type_get_alias_iter(q, type_datum, &iter)) - goto cleanup; - if (qpol_iterator_get_size(iter, &alias_size)) - goto cleanup; - if (alias_size > 0) { - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&alias_name)) - goto err; - if (py_append_string(list, alias_name)) - goto err; - } - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -/** - * Gets a textual representation of an attribute, and - * all of that attribute's types. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - */ -static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb) -{ - PyObject *list = NULL; - const qpol_type_t *attr_datum = NULL; - qpol_iterator_t *iter = NULL; - const char *attr_name = NULL, *type_name = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - unsigned char isattr; - int error = 0; - int rt = 0; - PyObject *dict = PyDict_New(); - if (!dict) goto err; - - if (qpol_type_get_name(q, type_datum, &attr_name)) - goto err; - - if (py_insert_string(dict, "name", attr_name)) - goto err; - - /* get an iterator over all types this attribute has */ - if (qpol_type_get_isattr(q, type_datum, &isattr)) - goto err; - - if (isattr) { /* sanity check */ - if (qpol_type_get_type_iter(q, type_datum, &iter)) - goto err; - list = PyList_New(0); - if (!list) goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&attr_datum)) - goto err; - if (qpol_type_get_name(q, attr_datum, &type_name)) - goto err; - if (py_append_string(list, type_name)) - goto err; - } - qpol_iterator_destroy(&iter); - rt = PyDict_SetItemString(dict, "types", list); - Py_DECREF(list); list = NULL; - if (rt) goto err; - } else /* this should never happen */ - goto err; - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(dict); dict = NULL; - py_decref(list); - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return dict; -} - -/** - * Gets statistics regarding a policy's attributes. - * If this function is given a name, it will attempt to - * get statistics about a particular attribute; otherwise - * the function gets statistics about all of the policy's - * attributes. - * - * @param name Reference to an attribute's name; if NULL, - * all object classes will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_attribs(const char *name, const apol_policy_t * policydb) -{ - PyObject *obj; - apol_attr_query_t *attr_query = NULL; - apol_vector_t *v = NULL; - const qpol_type_t *type_datum = NULL; - size_t n_attrs, i; - int error = 0; - int rt = 0; - PyObject *list = PyList_New(0); - if (!list) goto err; - - /* we are only getting information about 1 attribute */ - if (name != NULL) { - attr_query = apol_attr_query_create(); - if (!attr_query) - goto err; - if (apol_attr_query_set_attr(policydb, attr_query, name)) - goto err; - if (apol_attr_get_by_query(policydb, attr_query, &v)) - goto err; - apol_attr_query_destroy(&attr_query); - if (apol_vector_get_size(v) == 0) { - apol_vector_destroy(&v); - errno = EINVAL; - goto err; - } - - type_datum = apol_vector_get_element(v, (size_t) 0); - obj = get_attr(type_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } else { - attr_query = apol_attr_query_create(); - if (!attr_query) - goto err; - if (apol_attr_get_by_query(policydb, attr_query, &v)) - goto err; - apol_attr_query_destroy(&attr_query); - n_attrs = apol_vector_get_size(v); - - for (i = 0; i < n_attrs; i++) { - /* get qpol_type_t* item from vector */ - type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i); - if (!type_datum) - goto err; - obj = get_attr(type_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } - } - apol_vector_destroy(&v); - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - apol_attr_query_destroy(&attr_query); - apol_vector_destroy(&v); - errno = error; - return list; -} - -/** - * Get a textual representation of a type, and - * all of that type's attributes. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - */ -static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb) -{ - qpol_iterator_t *iter = NULL; - const char *attr_name = NULL; - const qpol_type_t *attr_datum = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - int error = 0; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (qpol_type_get_attr_iter(q, type_datum, &iter)) - goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&attr_datum)) - goto err; - if (qpol_type_get_name(q, attr_datum, &attr_name)) - goto err; - if (py_append_string(list, attr_name)) - goto err; - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -static PyObject* get_type(const qpol_type_t * type_datum, const apol_policy_t * policydb) { - - PyObject *obj; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - const char *type_name = NULL; - int error = 0; - int rt; - unsigned char isalias, ispermissive, isattr; - PyObject *dict = PyDict_New(); - if (!dict) goto err; - - if (qpol_type_get_name(q, type_datum, &type_name)) - goto err; - if (qpol_type_get_isalias(q, type_datum, &isalias)) - goto err; - if (qpol_type_get_isattr(q, type_datum, &isattr)) - goto err; - if (qpol_type_get_ispermissive(q, type_datum, &ispermissive)) - goto err; - - if (py_insert_string(dict, "name", type_name)) - goto err; - - if (py_insert_bool(dict, "permissive", ispermissive)) - goto err; - - if (!isattr && !isalias) { - obj = get_type_attrs(type_datum, policydb); - rt = py_insert_obj(dict, "attributes", obj); - Py_DECREF(obj); - if (rt) goto err; - } - - obj = get_type_aliases(type_datum, policydb); - rt = py_insert_obj(dict, "aliases", obj); - Py_DECREF(obj); - if (rt) goto err; - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(error)); - py_decref(dict); dict = NULL; - -cleanup: - errno = error; - return dict; -} - -/** - * Gets statistics regarding a policy's booleans. - * If this function is given a name, it will attempt to - * get statistics about a particular boolean; otherwise - * the function gets statistics about all of the policy's booleans. - * - * @param name Reference to a boolean's name; if NULL, - * all booleans will be considered - * @param policydb Reference to a policy - * - * @return new reference, or NULL (setting an exception) - */ -static PyObject* get_booleans(const char *name, const apol_policy_t * policydb) -{ - PyObject *dict = NULL; - int error = 0; - int rt = 0; - const char *bool_name = NULL; - int state; - qpol_bool_t *bool_datum = NULL; - qpol_iterator_t *iter = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - size_t n_bools = 0; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (name != NULL) { - if (qpol_policy_get_bool_by_name(q, name, &bool_datum)) - goto err; - if (qpol_bool_get_state(q, bool_datum, &state)) - goto err; - - dict = PyDict_New(); - if (!dict) goto err; - if (py_insert_string(dict, "name", name)) - goto err; - if (py_insert_bool(dict, "name", state)) - goto err; - rt = py_append_obj(list, dict); - Py_DECREF(dict); dict = NULL; - if (rt) goto err; - } else { - if (qpol_policy_get_bool_iter(q, &iter)) - goto err; - if (qpol_iterator_get_size(iter, &n_bools)) - goto err; - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&bool_datum)) - goto err; - if (qpol_bool_get_name(q, bool_datum, &bool_name)) - goto err; - if (qpol_bool_get_state(q, bool_datum, &state)) - goto err; - - dict = PyDict_New(); - if (!dict) goto err; - if (py_insert_string(dict, "name", bool_name)) - goto err; - if (py_insert_bool(dict, "state", state)) - goto err; - rt = py_append_obj(list, dict); - Py_DECREF(dict); dict = NULL; - if (rt) goto err; - } - qpol_iterator_destroy(&iter); - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(error)); - py_decref(list); list = NULL; - py_decref(dict); dict = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -/** - * Gets a textual representation of a user, and - * all of that user's roles. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - * roles - */ -static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) -{ - int error = 0; - int rt; - const qpol_role_t *role_datum = NULL; - qpol_iterator_t *iter = NULL; - const qpol_mls_range_t *range = NULL; - const qpol_mls_level_t *dflt_level = NULL; - apol_mls_level_t *ap_lvl = NULL; - apol_mls_range_t *ap_range = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - char *tmp = NULL; - const char *user_name, *role_name; - PyObject *dict = NULL; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (qpol_user_get_name(q, user_datum, &user_name)) - goto err; - - dict = PyDict_New(); - if (!dict) goto err; - - if (py_insert_string(dict, "name", user_name)) - goto err; - - if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { - if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) - goto err; - ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); - tmp = apol_mls_level_render(policydb, ap_lvl); - if (!tmp) goto err; - if (py_insert_string(dict, "level", tmp)) - goto err; - free(tmp); tmp = NULL; - - if (qpol_user_get_range(q, user_datum, &range)) - goto err; - ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); - tmp = apol_mls_range_render(policydb, ap_range); - if (!tmp) goto err; - if (py_insert_string(dict, "range", tmp)) - goto err; - free(tmp); tmp=NULL; - } - - if (qpol_user_get_role_iter(q, user_datum, &iter)) - goto err; - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&role_datum)) - goto err; - if (qpol_role_get_name(q, role_datum, &role_name)) - goto err; - if (py_append_string(list, role_name)) - goto err; - } - - rt = py_insert_obj(dict, "roles", list); - Py_DECREF(list); list=NULL; - if (rt) goto err; - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list=NULL; - py_decref(dict); dict=NULL; - -cleanup: - free(tmp); - qpol_iterator_destroy(&iter); - apol_mls_level_destroy(&ap_lvl); - apol_mls_range_destroy(&ap_range); - errno = error; - return dict; -} - -/** - * Prints a textual representation of an object class and possibly - * all of that object class' permissions. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - */ -static PyObject* get_class(const qpol_class_t * class_datum, const apol_policy_t * policydb) -{ - const char *class_name = NULL, *perm_name = NULL; - qpol_iterator_t *iter = NULL; - const qpol_common_t *common_datum = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - int error = 0; - int rt; - PyObject *list = NULL; - PyObject *dict = PyDict_New(); - if (!dict) goto err; - - if (!class_datum) - goto err; - - if (qpol_class_get_name(q, class_datum, &class_name)) - goto err; - - if (py_insert_string(dict, "name", class_name)) - goto err; - /* get commons for this class */ - if (qpol_class_get_common(q, class_datum, &common_datum)) - goto err; - - list = PyList_New(0); - if (!list) goto err; - - if (common_datum) { - if (qpol_common_get_perm_iter(q, common_datum, &iter)) - goto err; - /* print perms for the common */ - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&perm_name)) - goto err; - if (py_append_string(list, perm_name)) - goto err; - } - } - /* print unique perms for this class */ - if (qpol_class_get_perm_iter(q, class_datum, &iter)) - goto err; - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&perm_name)) - goto err; - if (py_append_string(list, perm_name)) - goto err; - } - rt = py_insert_obj(dict, "permlist", list); - Py_DECREF(list); list = NULL; - if (rt) goto err; - qpol_iterator_destroy(&iter); - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list=NULL; - py_decref(dict); dict=NULL; - -cleanup: - errno = error; - qpol_iterator_destroy(&iter); - return dict; -} - -/** - * Get statistics regarding a policy's object classes. - * If this function is given a name, it will attempt to - * print statistics about a particular object class; otherwise - * the function prints statistics about all of the policy's object - * classes. - * - * @param name Reference to an object class' name; if NULL, - * all object classes will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_classes(const char *name, const apol_policy_t * policydb) -{ - qpol_iterator_t *iter = NULL; - size_t n_classes = 0; - const qpol_class_t *class_datum = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - int error = 0; - int rt; - PyObject *obj; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (name != NULL) { - if (qpol_policy_get_class_by_name(q, name, &class_datum)) - goto err; - obj = get_class(class_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } else { - if (qpol_policy_get_class_iter(q, &iter)) - goto err; - if (qpol_iterator_get_size(iter, &n_classes)) - goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&class_datum)) - goto err; - obj = get_class(class_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } - qpol_iterator_destroy(&iter); - } - goto cleanup; -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -/** - * Gets statistics regarding a policy's users. - * If this function is given a name, it will attempt to - * get statistics about a particular user; otherwise - * the function gets statistics about all of the policy's - * users. - * - * @param name Reference to a user's name; if NULL, - * all users will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_users(const char *name, const apol_policy_t * policydb) -{ - qpol_iterator_t *iter = NULL; - const qpol_user_t *user_datum = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - int error = 0; - int rt; - PyObject *obj; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (name != NULL) { - if (qpol_policy_get_user_by_name(q, name, &user_datum)) { - errno = EINVAL; - goto err; - } - obj = get_user(user_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } else { - if (qpol_policy_get_user_iter(q, &iter)) - goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&user_datum)) - goto err; - obj = get_user(user_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } - qpol_iterator_destroy(&iter); - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -/** - * get a textual representation of a role, and - * all of that role's types. - * - * @param type_datum Reference to sepol type_datum - * @param policydb Reference to a policy - * types - */ -static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb) -{ - const char *role_name = NULL, *type_name = NULL; - const qpol_role_t *dom_datum = NULL; - const qpol_type_t *type_datum = NULL; - qpol_iterator_t *iter = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - size_t n_dom = 0, n_types = 0; - int error = 0; - int rt; - PyObject *list = NULL; - PyObject *dict = PyDict_New(); - if (!dict) goto err; - - if (qpol_role_get_name(q, role_datum, &role_name)) - goto err; - if (py_insert_string(dict, "name", role_name)) - goto err; - - if (qpol_role_get_dominate_iter(q, role_datum, &iter)) - goto err; - if (qpol_iterator_get_size(iter, &n_dom)) - goto err; - if ((int)n_dom > 0) { - list = PyList_New(0); - if (!list) goto err; - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&dom_datum)) - goto err; - if (qpol_role_get_name(q, dom_datum, &role_name)) - goto err; - if (py_append_string(list, role_name)) - goto err; - } - rt = py_insert_obj(dict, "roles", list); - Py_DECREF(list); list = NULL; - if (rt) goto err; - } - qpol_iterator_destroy(&iter); - - if (qpol_role_get_type_iter(q, role_datum, &iter)) - goto err; - if (qpol_iterator_get_size(iter, &n_types)) - goto err; - if ((int)n_types > 0) { - list = PyList_New(0); - if (!list) goto err; - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&type_datum)) - goto err; - if (qpol_type_get_name(q, type_datum, &type_name)) - goto err; - if (py_append_string(list, type_name)) - goto err; - } - rt = py_insert_obj(dict, "types", list); - Py_DECREF(list); list = NULL; - if (rt) goto err; - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - py_decref(dict); dict = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return dict; -} - -/** - * Get statistics regarding a policy's ports. - * If this function is given a name, it will attempt to - * get statistics about a particular port; otherwise - * the function get statistics about all of the policy's ports. - * - * @param name Reference to an port's name; if NULL, - * all ports will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_ports(const char *num, const apol_policy_t * policydb) -{ - const qpol_portcon_t *portcon = NULL; - qpol_iterator_t *iter = NULL; - uint16_t low_port, high_port; - uint8_t ocon_proto; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - const qpol_context_t *ctxt = NULL; - const char *proto_str = NULL; - const char *type = NULL; - const apol_mls_range_t *range = NULL; - char *range_str = NULL; - apol_context_t *c = NULL; - int error = 0; - int rt = 0; - PyObject *dict = NULL; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (qpol_policy_get_portcon_iter(q, &iter)) - goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&portcon)) - goto err; - if (qpol_portcon_get_low_port(q, portcon, &low_port)) - goto err; - if (qpol_portcon_get_high_port(q, portcon, &high_port)) - goto err; - if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) - goto err; - if (num) { - if (atoi(num) < low_port || atoi(num) > high_port) - continue; - } - - if ((ocon_proto != IPPROTO_TCP) && - (ocon_proto != IPPROTO_UDP)) - goto err; - - if (qpol_portcon_get_context(q, portcon, &ctxt)) { - PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); - goto err; - } - - if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { - PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); - goto err; - } - - if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { - goto err; - } - - if((type = apol_context_get_type(c)) == NULL) { - apol_context_destroy(&c); - goto err; - } - - dict = PyDict_New(); - if (!dict) goto err; - if (py_insert_string(dict, "type", type)) - goto err; - - if((range = apol_context_get_range(c)) != NULL) { - range_str = apol_mls_range_render(policydb, range); - if (range_str == NULL) { - goto err; - } - if (py_insert_string(dict, "range", range_str)) - goto err; - } - - if (py_insert_string(dict, "protocol", proto_str)) - goto err; - - if (py_insert_long(dict, "high", high_port)) - goto err; - - if (py_insert_long(dict, "low", low_port)) - goto err; - - rt = py_append_obj(list, dict); - Py_DECREF(dict); dict = NULL; - if (rt) goto err; - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - py_decref(dict); dict = NULL; - -cleanup: - free(range_str); - apol_context_destroy(&c); - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -/** - * Get statistics regarding a policy's roles. - * If this function is given a name, it will attempt to - * get statistics about a particular role; otherwise - * the function get statistics about all of the policy's roles. - * - * @param name Reference to an role's name; if NULL, - * all roles will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_roles(const char *name, const apol_policy_t * policydb) -{ - const qpol_role_t *role_datum = NULL; - qpol_iterator_t *iter = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - int error = 0; - int rt; - PyObject *obj; - PyObject *list = PyList_New(0); - if (!list) goto err; - - if (name != NULL) { - if (qpol_policy_get_role_by_name(q, name, &role_datum)) { - errno = EINVAL; - goto err; - } - obj = get_role(role_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } else { - if (qpol_policy_get_role_iter(q, &iter)) - goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&role_datum)) - goto err; - obj = get_role(role_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } - qpol_iterator_destroy(&iter); - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -/** - * Get statistics regarding a policy's types. - * If this function is given a name, it will attempt to - * print statistics about a particular type; otherwise - * the function prints statistics about all of the policy's types. - * - * @param name Reference to a type's name; if NULL, - * all object classes will be considered - * @param policydb Reference to a policy - * - * @return 0 on success, < 0 on error. - */ -static PyObject* get_types(const char *name, const apol_policy_t * policydb) -{ - const qpol_type_t *type_datum = NULL; - qpol_iterator_t *iter = NULL; - qpol_policy_t *q = apol_policy_get_qpol(policydb); - int error = 0; - int rt; - PyObject *obj; - PyObject *list = PyList_New(0); - if (!list) goto err; - /* if name was provided, only print that name */ - if (name != NULL) { - if (qpol_policy_get_type_by_name(q, name, &type_datum)) { - errno = EINVAL; - goto err; - } - obj = get_type(type_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } else { - if (qpol_policy_get_type_iter(q, &iter)) - goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&type_datum)) - goto err; - obj = get_type(type_datum, policydb); - rt = py_append_obj(list, obj); - Py_DECREF(obj); - if (rt) goto err; - } - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(list); list = NULL; - -cleanup: - qpol_iterator_destroy(&iter); - errno = error; - return list; -} - -PyObject* info( int type, const char *name) -{ - PyObject* output = NULL; - - switch(type) { - /* display requested info */ - case TYPE: - output = get_types(name, global_policy); - break; - case ATTRIBUTE: - output = get_attribs(name, global_policy); - break; - case ROLE: - output = get_roles(name, global_policy); - break; - case USER: - output = get_users(name, global_policy); - break; - case CLASS: - output = get_classes(name, global_policy); - break; - case BOOLEAN: - output = get_booleans(name, global_policy); - break; - case PORT: - output = get_ports(name, global_policy); - break; - case SENS: - output = get_sens(name, global_policy); - break; - case CATS: - output = get_cats(name, global_policy); - break; - default: - errno = EINVAL; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - break; - } - - return output; -} - -PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){ - int type; - const char *name; - - if (!global_policy) { - PyErr_SetString(PyExc_RuntimeError,"Policy not loaded"); - return NULL; - } - - if (!PyArg_ParseTuple(args, "iz", &type, &name)) - return NULL; - - return info(type, name); -} - -void init_info (PyObject *m) { - PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE); - PyModule_AddIntConstant(m, "PORT", PORT); - PyModule_AddIntConstant(m, "ROLE", ROLE); - PyModule_AddIntConstant(m, "TYPE", TYPE); - PyModule_AddIntConstant(m, "USER", USER); - PyModule_AddIntConstant(m, "CLASS", CLASS); - PyModule_AddIntConstant(m, "BOOLEAN", BOOLEAN); - PyModule_AddIntConstant(m, "SENS", SENS); - PyModule_AddIntConstant(m, "CATS", CATS); -} diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c deleted file mode 100644 index 423a926..0000000 --- a/policycoreutils/sepolicy/policy.c +++ /dev/null @@ -1,116 +0,0 @@ -/** - * @file - * Python bindings to search SELinux Policy rules. - * - * @author Dan Walsh <dwalsh@redhat.com> - * - * Copyright (C) 2012 Red Hat, INC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -#include "Python.h" - -#ifdef UNUSED -#elif defined(__GNUC__) -# define UNUSED(x) UNUSED_ ## x __attribute__((unused)) -#elif defined(__LCLINT__) -# define UNUSED(x) /*@unused@*/ x -#else -# define UNUSED(x) x -#endif - -#include "policy.h" -apol_policy_t *global_policy = NULL; - -/* other */ -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <assert.h> - -#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" - -PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){ - const char *policy_file; - apol_vector_t *mod_paths = NULL; - apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; - apol_policy_path_t *pol_path = NULL; - - if (!PyArg_ParseTuple(args, "z", &policy_file)) - return NULL; - - if (global_policy) - apol_policy_destroy(&global_policy); - - int policy_load_options = 0; - - pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); - if (!pol_path) { - apol_vector_destroy(&mod_paths); - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); - return NULL; - } - apol_vector_destroy(&mod_paths); - - global_policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL); - apol_policy_path_destroy(&pol_path); - if (!global_policy) { - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - return NULL; - } - - return Py_None; -} - -static PyMethodDef methods[] = { - {"policy", (PyCFunction) wrap_policy, METH_VARARGS, - "Initialize SELinux policy for use with search and info"}, - {"info", (PyCFunction) wrap_info, METH_VARARGS, - "Return SELinux policy info about types, attributes, roles, users"}, - {"search", (PyCFunction) wrap_search, METH_VARARGS, - "Search SELinux Policy for allow, neverallow, auditallow, dontaudit and transition records"}, - {NULL, NULL, 0, NULL} /* sentinel */ -}; - -#if PY_MAJOR_VERSION >= 3 - -static struct PyModuleDef module_def = -{ - PyModuleDef_HEAD_INIT, - "_policy", /* name of module */ - "", /* module documentation, may be NULL */ - -1, /* size of per-interpreter state of the module, or -1 if the module keeps state in global variables. */ - (PyMethodDef*)&methods, -}; - -PyMODINIT_FUNC PyInit__policy(void) -{ - PyObject *m; - m = PyModule_Create(&module_def); - init_info(m); - return m; -} - -#else // python 2 - -void init_policy(void) { - PyObject *m; - m = Py_InitModule("_policy", methods); - init_info(m); -} - -#endif diff --git a/policycoreutils/sepolicy/policy.h b/policycoreutils/sepolicy/policy.h deleted file mode 100644 index ffac497..0000000 --- a/policycoreutils/sepolicy/policy.h +++ /dev/null @@ -1,7 +0,0 @@ -#include <apol/policy.h> -extern apol_policy_t *global_policy; -extern PyObject *wrap_info(PyObject *self, PyObject *args); -extern void init_info (PyObject *m); -extern PyObject *wrap_search(PyObject *self, PyObject *args); - - diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c deleted file mode 100644 index d608006..0000000 --- a/policycoreutils/sepolicy/search.c +++ /dev/null @@ -1,1029 +0,0 @@ -// Author: Thomas Liu <tliu@redhat.com> - -/** - * @file - * Python bindings used to search TE rules. - * - * @author Thomas Liu <tliu@redhat.com> - * @author Dan Walsh <dwalsh@redhat.com> - * Copyright (C) 2012-2013 Red Hat, inc - * - * Sections copied from sesearch.c in setools package - * @author Frank Mayer mayerf@tresys.com - * @author Jeremy A. Mowery jmowery@tresys.com - * @author Paul Rosenfeld prosenfeld@tresys.com - * Copyright (C) 2003-2008 Tresys Technology, LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -/** - * This is a modified version of sesearch to be used as part of a sepython library for - * Python bindings. - */ - -#include "common.h" -#include "policy.h" - -/* libapol */ -#include <apol/policy-query.h> -#include <apol/render.h> -#include <apol/util.h> -#include <apol/vector.h> - -/* libqpol*/ -#include <qpol/policy.h> -#include <qpol/policy_extend.h> -#include <qpol/syn_rule_query.h> -#include <qpol/util.h> - -/* other */ -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <assert.h> -#include <getopt.h> -#include <string.h> -#include <stdbool.h> - -#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology, LLC" - -enum opt_values -{ - RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT, - RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL, - EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET -}; - -; - -typedef struct options -{ - char *src_name; - char *tgt_name; - char *src_role_name; - char *tgt_role_name; - char *class_name; - char *permlist; - char *bool_name; - apol_vector_t *class_vector; - bool all; - bool lineno; - bool semantic; - bool indirect; - bool allow; - bool nallow; - bool auditallow; - bool dontaudit; - bool type; - bool rtrans; - bool role_allow; - bool role_trans; - bool useregex; - bool show_cond; - apol_vector_t *perm_vector; -} options_t; - -static int py_tuple_insert_obj(PyObject *tuple, int pos, PyObject *obj) -{ - int rt; - if (!obj) return -1; - rt = PyTuple_SetItem(tuple, pos, obj); - return rt; -} - -static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -{ - apol_role_allow_query_t *raq = NULL; - int error = 0; - - if (!policy || !opt || !v) { - ERR(policy, "%s", strerror(EINVAL)); - errno = EINVAL; - return -1; - } - - if (!opt->role_allow && !opt->all) { - *v = NULL; - return 0; /* no search to do */ - } - - raq = apol_role_allow_query_create(); - if (!raq) { - ERR(policy, "%s", strerror(ENOMEM)); - errno = ENOMEM; - return -1; - } - - apol_role_allow_query_set_regex(policy, raq, opt->useregex); - if (opt->src_role_name) { - if (apol_role_allow_query_set_source(policy, raq, opt->src_role_name)) { - error = errno; - goto err; - } - } - if (opt->tgt_role_name) - if (apol_role_allow_query_set_target(policy, raq, opt->tgt_role_name)) { - error = errno; - goto err; - } - - if (apol_role_allow_get_by_query(policy, raq, v)) { - error = errno; - goto err; - } - apol_role_allow_query_destroy(&raq); - return 0; - - err: - apol_vector_destroy(v); - apol_role_allow_query_destroy(&raq); - ERR(policy, "%s", strerror(error)); - errno = error; - return -1; -} - -static PyObject* get_ra_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) -{ - size_t i, num_rules = 0; - qpol_policy_t *q; - const qpol_role_allow_t *rule = NULL; - const char *tmp; - PyObject *obj, *dict=NULL; - const qpol_role_t *role = NULL; - int error = 0; - errno = EINVAL; - int rt; - - if (!policy || !v) { - errno = EINVAL; - goto err; - } - - if (!(num_rules = apol_vector_get_size(v))) - return NULL; - - q = apol_policy_get_qpol(policy); - - for (i = 0; i < num_rules; i++) { - dict = PyDict_New(); - if (!dict) goto err; - if (!(rule = apol_vector_get_element(v, i))) - goto err; - - if (qpol_role_allow_get_source_role(q, rule, &role)) { - goto err; - } - if (qpol_role_get_name(q, role, &tmp)) { - goto err; - } - obj = PyString_FromString(tmp); - if (py_insert_obj(dict, "source", obj)) - goto err; - - if (qpol_role_allow_get_target_role(q, rule, &role)) { - goto err; - } - if (qpol_role_get_name(q, role, &tmp)) { - goto err; - } - obj = PyString_FromString(tmp); - if (py_insert_obj(dict, "target", obj)) - goto err; - - rt = py_append_obj(output, dict); - if (rt) goto err; - py_decref(dict); dict=NULL; - } - goto cleanup; -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(error)); - py_decref(dict); - -cleanup: - errno = error; - return output; -} - -static int perform_te_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -{ - apol_terule_query_t *teq = NULL; - unsigned int rules = 0; - int error = 0; - size_t i; - - if (!policy || !opt || !v) { - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); - errno = EINVAL; - return -1; - } - - if (opt->all || opt->type) { - rules = (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER); - } else { - *v = NULL; - return 0; /* no search to do */ - } - - teq = apol_terule_query_create(); - if (!teq) { - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); - errno = ENOMEM; - return -1; - } - - apol_terule_query_set_rules(policy, teq, rules); - apol_terule_query_set_regex(policy, teq, opt->useregex); - - if (opt->src_name) - apol_terule_query_set_source(policy, teq, opt->src_name, opt->indirect); - if (opt->tgt_name) - apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); - if (opt->bool_name) - apol_terule_query_set_bool(policy, teq, opt->bool_name); - if (opt->class_name) { - if (opt->class_vector == NULL) { - if (apol_terule_query_append_class(policy, teq, opt->class_name)) { - error = errno; - goto err; - } - } else { - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { - char *class_name; - class_name = apol_vector_get_element(opt->class_vector, i); - if (!class_name) - continue; - if (apol_terule_query_append_class(policy, teq, class_name)) { - error = errno; - goto err; - } - } - } - } - - if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { - if (apol_syn_terule_get_by_query(policy, teq, v)) { - goto err; - } - } else { - if (apol_terule_get_by_query(policy, teq, v)) { - goto err; - } - } - - apol_terule_query_destroy(&teq); - return 0; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(error)); - apol_vector_destroy(v); - apol_terule_query_destroy(&teq); - errno = error; - return -1; -} - -static PyObject* get_bool(const qpol_policy_t *q, const qpol_cond_t * cond, int enabled) -{ - qpol_iterator_t *iter = NULL; - qpol_cond_expr_node_t *expr = NULL; - char *tmp = NULL; - const char *bool_name = NULL; - int error = 0; - uint32_t expr_type = 0; - qpol_bool_t *cond_bool = NULL; - PyObject *obj, *tuple = NULL; - PyObject *boollist = NULL; - - if (!q || !cond) { - errno = EINVAL; - return NULL; - } - if (qpol_cond_get_expr_node_iter(q, cond, &iter) < 0) { - goto err; - } - - boollist = PyList_New(0); - if (! boollist) goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - if (qpol_iterator_get_item(iter, (void **)&expr)) { - goto err; - } - if (qpol_cond_expr_node_get_expr_type(q, expr, &expr_type)) { - goto err; - } - if (expr_type != QPOL_COND_EXPR_BOOL) { - obj = PyString_FromString(apol_cond_expr_type_to_str(expr_type)); - if (!obj) goto err; - if (py_append_obj(boollist, obj)) - goto err; - } else { - tuple = PyTuple_New(2); - if (!tuple) goto err; - - if (qpol_cond_expr_node_get_bool(q, expr, &cond_bool)) { - goto err; - } - if (qpol_bool_get_name(q, cond_bool, &bool_name)) { - goto err; - } - obj = PyString_FromString(bool_name); - if (py_tuple_insert_obj(tuple, 0, obj)) - goto err; - obj = PyBool_FromLong(enabled); - if (py_tuple_insert_obj(tuple, 1, obj)) - goto err; - if (py_append_obj(boollist, tuple)) - goto err; - tuple=NULL; - } - } - - qpol_iterator_destroy(&iter); - return boollist; - - err: - error = errno; - qpol_iterator_destroy(&iter); - py_decref(tuple); - py_decref(boollist); - free(tmp); - errno = error; - return NULL; -} - -static PyObject* get_te_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) -{ - int error = 0; - int rt = 0; - PyObject *obj, *dict=NULL, *tuple = NULL; - qpol_policy_t *q; - uint32_t rule_type = 0; - const qpol_type_t *type; - size_t i, num_rules = 0; - const qpol_terule_t *rule = NULL; - char *tmp = NULL, *rule_str = NULL, *expr = NULL; - const qpol_cond_t *cond = NULL; - uint32_t enabled = 0; - const char *tmp_name; - const qpol_class_t *obj_class = NULL; - - if (!policy || !v) { - errno = EINVAL; - goto err; - } - - if (!(num_rules = apol_vector_get_size(v))) - return NULL; - - q = apol_policy_get_qpol(policy); - - for (i = 0; i < num_rules; i++) { - dict = PyDict_New(); - if (!dict) goto err; - if (!(rule = apol_vector_get_element(v, i))) - goto err; - if (qpol_terule_get_cond(q, rule, &cond)) - goto err; - if (qpol_terule_get_is_enabled(q, rule, &enabled)) - goto err; - - if (cond) { - obj = get_bool(q, cond, enabled); - if (!obj) goto err; - rt = PyDict_SetItemString(dict, "boolean", obj); - py_decref(obj); - } - - if (qpol_terule_get_rule_type(q, rule, &rule_type)) - goto err; - - if (!(rule_type &= (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER))) { - PyErr_SetString(PyExc_RuntimeError,"Invalid TE rule type"); - errno = EINVAL; - goto err; - } - if (!(tmp_name = apol_rule_type_to_str(rule_type))) { - PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string"); - errno = EINVAL; - goto err; - } - - if (py_insert_string(dict, "type", tmp_name)) - goto err; - - if (qpol_terule_get_source_type(q, rule, &type)) - goto err; - if (qpol_type_get_name(q, type, &tmp_name)) - goto err; - if (py_insert_string(dict, "source", tmp_name)) - goto err; - - if (qpol_terule_get_target_type(q, rule, &type)) - goto err; - if (qpol_type_get_name(q, type, &tmp_name)) - goto err; - if (py_insert_string(dict, "target", tmp_name)) - goto err; - - if (qpol_terule_get_object_class(q, rule, &obj_class)) - goto err; - if (qpol_class_get_name(q, obj_class, &tmp_name)) - goto err; - if (py_insert_string(dict, "class", tmp_name)) - goto err; - - if (qpol_terule_get_default_type(q, rule, &type)) - goto err; - if (qpol_type_get_name(q, type, &tmp_name)) - goto err; - if (py_insert_string(dict, "transtype", tmp_name)) - goto err; - - rt = py_append_obj(output, dict); - dict = NULL; - if(rt) goto err; - - free(rule_str); rule_str = NULL; - free(expr); expr = NULL; - } - goto cleanup; - -err: - error = errno; - py_decref(dict); - py_decref(tuple); - PyErr_SetString(PyExc_RuntimeError,strerror(error)); -cleanup: - free(tmp); - free(rule_str); - free(expr); - errno = error; - return output; -} - -static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -{ - apol_filename_trans_query_t *ftq = NULL; - size_t i; - int error = 0; - - if (!policy || !opt || !v) { - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); - errno = EINVAL; - return -1; - } - - if (!opt->type && !opt->all) { - *v = NULL; - return 0; /* no search to do */ - } - - ftq = apol_filename_trans_query_create(); - if (!ftq) { - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); - errno = ENOMEM; - return -1; - } - - apol_filename_trans_query_set_regex(policy, ftq, opt->useregex); - if (opt->src_name) { - if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) { - goto err; - } - } - - if (opt->tgt_name) { - if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) { - goto err; - } - } - if (opt->class_name) { - if (opt->class_vector == NULL) { - if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) { - goto err; - } - } else { - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { - char *class_name; - class_name = apol_vector_get_element(opt->class_vector, i); - if (!class_name) - continue; - if (apol_filename_trans_query_append_class(policy, ftq, class_name)) { - goto err; - } - } - } - } - - if (apol_filename_trans_get_by_query(policy, ftq, v)) - goto err; - - apol_filename_trans_query_destroy(&ftq); - return 0; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - apol_vector_destroy(v); - apol_filename_trans_query_destroy(&ftq); - errno = error; - return -1; -} - -static PyObject* get_ft_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *list) -{ - PyObject *dict = NULL; - size_t i, num_filename_trans = 0; - const char *tmp_name; - int error = 0; - int rt; - const qpol_filename_trans_t *filename_trans = NULL; - const qpol_class_t *obj_class = NULL; - char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; - qpol_policy_t *q; - const qpol_type_t *type = NULL; - - if (!policy || !v) { - errno = EINVAL; - goto err; - } - - if (!(num_filename_trans = apol_vector_get_size(v))) - return NULL; - - q = apol_policy_get_qpol(policy); - - for (i = 0; i < num_filename_trans; i++) { - if (!(filename_trans = apol_vector_get_element(v, i))) - goto err; - - dict = PyDict_New(); - if (!dict) goto err; - - if (py_insert_string(dict, "type", "type_transition")) - goto err; - - /* source type */ - if (qpol_filename_trans_get_source_type(q, filename_trans, &type)) { - goto err; - } - if (qpol_type_get_name(q, type, &tmp_name)) { - goto err; - } - - if (py_insert_string(dict, "source", tmp_name)) - goto err; - - if (qpol_filename_trans_get_target_type(q, filename_trans, &type)) - goto err; - - if (qpol_type_get_name(q, type, &tmp_name)) - goto err; - - if (py_insert_string(dict, "target", tmp_name)) - goto err; - - if (qpol_filename_trans_get_object_class(q, filename_trans, &obj_class)) - goto err; - - if (qpol_class_get_name(q, obj_class, &tmp_name)) - goto err; - - if (py_insert_string(dict, "class", tmp_name)) - goto err; - - if (qpol_filename_trans_get_default_type(q, filename_trans, &type)) - goto err; - if (qpol_type_get_name(q, type, &tmp_name)) - goto err; - if (py_insert_string(dict, "transtype", tmp_name)) - goto err; - - if (! qpol_filename_trans_get_filename(q, filename_trans, &tmp_name)) { - if (py_insert_string(dict, "filename", tmp_name)) - goto err; - } - - rt = py_append_obj(list, dict); - dict = NULL; - if (rt) goto err; - - free(filename_trans_str); filename_trans_str = NULL; - free(expr); expr = NULL; - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(dict); -cleanup: - free(tmp); - free(filename_trans_str); - free(expr); - errno = error; - return list; -} - -static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -{ - apol_avrule_query_t *avq = NULL; - unsigned int rules = 0; - int error = 0; - char *tmp = NULL, *tok = NULL, *s = NULL; - - if (!policy || !opt || !v) { - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); - errno = EINVAL; - return -1; - } - - if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) { - *v = NULL; - return 0; /* no search to do */ - } - - avq = apol_avrule_query_create(); - if (!avq) { - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); - errno = ENOMEM; - return -1; - } - - if (opt->allow || opt->all) - rules |= QPOL_RULE_ALLOW; - if (opt->nallow || opt->all) // Add this regardless of policy capabilities - rules |= QPOL_RULE_NEVERALLOW; - if (opt->auditallow || opt->all) - rules |= QPOL_RULE_AUDITALLOW; - if (opt->dontaudit || opt->all) - rules |= QPOL_RULE_DONTAUDIT; - if (rules != 0) // Setting rules = 0 means you want all the rules - apol_avrule_query_set_rules(policy, avq, rules); - apol_avrule_query_set_regex(policy, avq, opt->useregex); - if (opt->src_name) - apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect); - if (opt->tgt_name) - apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect); - if (opt->bool_name) - apol_avrule_query_set_bool(policy, avq, opt->bool_name); - if (opt->class_name) { - if (opt->class_vector == NULL) { - if (apol_avrule_query_append_class(policy, avq, opt->class_name)) { - goto err; - } - } else { - size_t i; - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { - char *class_name; - class_name = apol_vector_get_element(opt->class_vector, i); - if (!class_name) - continue; - if (apol_avrule_query_append_class(policy, avq, class_name)) { - goto err; - } - } - } - } - - if (opt->permlist) { - tmp = strdup(opt->permlist); - for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) { - if (apol_avrule_query_append_perm(policy, avq, tok)) { - goto err; - } - if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) { - goto err; - } - s = NULL; - } - free(tmp); - tmp = NULL; - } - - if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { - if (apol_syn_avrule_get_by_query(policy, avq, v)) { - goto err; - } - } else { - if (apol_avrule_get_by_query(policy, avq, v)) { - goto err; - } - } - - apol_avrule_query_destroy(&avq); - return 0; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(error)); - apol_vector_destroy(v); - apol_avrule_query_destroy(&avq); - free(tmp); - free(s); - errno = error; - return -1; -} - -static PyObject* get_av_results(const apol_policy_t * policy, const apol_vector_t * v, PyObject *output) -{ - PyObject *obj, *dict=NULL; - PyObject *permlist = NULL; - PyObject *boollist = NULL; - uint32_t rule_type = 0; - int rt; - int error = 0; - qpol_policy_t *q; - size_t i, num_rules = 0; - const qpol_avrule_t *rule = NULL; - char *tmp = NULL, *rule_str = NULL; - qpol_cond_expr_node_t *expr = NULL; - qpol_iterator_t *iter = NULL; - const qpol_cond_t *cond = NULL; - uint32_t enabled = 0; - const qpol_type_t *type; - const char *tmp_name; - const qpol_class_t *obj_class = NULL; - - if (!policy || !v) { - errno = EINVAL; - goto err; - } - - if (!(num_rules = apol_vector_get_size(v))) - return NULL; - - q = apol_policy_get_qpol(policy); - - for (i = 0; i < num_rules; i++) { - if (!(rule = apol_vector_get_element(v, i))) - goto err; - - dict = PyDict_New(); - if (!dict) goto err; - - if (qpol_avrule_get_rule_type(q, rule, &rule_type)) - goto err; - - if (!(tmp_name = apol_rule_type_to_str(rule_type))) { - PyErr_SetString(PyExc_RuntimeError, "Could not get TE rule type's string"); - errno = EINVAL; - goto err; - } - - if (py_insert_string(dict, "type", tmp_name)) - goto err; - - if (qpol_avrule_get_source_type(q, rule, &type)) { - goto err; - } - - if (qpol_type_get_name(q, type, &tmp_name)) { - goto err; - } - - if (py_insert_string(dict, "source", tmp_name)) - goto err; - - if (qpol_avrule_get_target_type(q, rule, &type)) { - goto err; - } - if (qpol_type_get_name(q, type, &tmp_name)) { - goto err; - } - - if (py_insert_string(dict, "target", tmp_name)) - goto err; - - if (qpol_avrule_get_object_class(q, rule, &obj_class)) { - goto err; - } - if (qpol_class_get_name(q, obj_class, &tmp_name)) { - goto err; - } - - if (py_insert_string(dict, "class", tmp_name)) - goto err; - - if (qpol_avrule_get_perm_iter(q, rule, &iter)) { - goto err; - } - - permlist = PyList_New(0); - if (! permlist) goto err; - - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { - const char *perm_name = NULL; - if (qpol_iterator_get_item(iter, (void **)&perm_name)) - goto err; - if (py_append_string(permlist, perm_name)) - goto err; - } - - rt = PyDict_SetItemString(dict, "permlist", permlist); - py_decref(permlist); permlist=NULL; - if (rt) goto err; - - if (qpol_avrule_get_cond(q, rule, &cond)) - goto err; - if (qpol_avrule_get_is_enabled(q, rule, &enabled)) - goto err; - - obj = PyBool_FromLong(enabled); - rt = PyDict_SetItemString(dict, "enabled", obj); - py_decref(obj); - - if (cond) { - obj = get_bool(q, cond, enabled); - if (!obj) goto err; - rt = PyDict_SetItemString(dict, "boolean", obj); - py_decref(obj); - } - - rt = py_append_obj(output, dict); - py_decref(dict); dict=NULL; - if (rt) goto err; - - free(rule_str); rule_str = NULL; - free(expr); expr = NULL; - } - goto cleanup; - -err: - error = errno; - PyErr_SetString(PyExc_RuntimeError,strerror(errno)); - py_decref(dict); - py_decref(permlist); - py_decref(boollist); - -cleanup: - free(tmp); - free(rule_str); - free(expr); - errno = error; - return output; -} - -PyObject* search(bool allow, - bool neverallow, - bool auditallow, - bool dontaudit, - bool transition, - bool role_allow, - const char *src_name, - const char *tgt_name, - const char *class_name, - const char *permlist - ) -{ - options_t cmd_opts; - PyObject *output = NULL; - apol_vector_t *v = NULL; - - memset(&cmd_opts, 0, sizeof(cmd_opts)); - cmd_opts.indirect = true; - cmd_opts.show_cond = true; - cmd_opts.allow = allow; - cmd_opts.nallow = neverallow; - cmd_opts.auditallow = auditallow; - cmd_opts.dontaudit = dontaudit; - cmd_opts.type = transition; - cmd_opts.role_allow = role_allow; - if (src_name) - cmd_opts.src_name = strdup(src_name); - if (tgt_name) - cmd_opts.tgt_name = strdup(tgt_name); - if (class_name) - cmd_opts.class_name = strdup(class_name); - if (permlist){ - cmd_opts.perm_vector = apol_vector_create(free); - cmd_opts.permlist = strdup(permlist); - } - if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) { - if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(global_policy))) { - PyErr_SetString(PyExc_RuntimeError,"Query failed"); - goto cleanup; - } - } - - /* if syntactic rules are not available always do semantic search */ - if (!qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) { - cmd_opts.semantic = 1; - } - - /* supress line numbers if doing semantic search or not available */ - if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_LINE_NUMBERS)) { - cmd_opts.lineno = 0; - } - if (perform_av_query(global_policy, &cmd_opts, &v)) { - goto cleanup; - } - output = PyList_New(0); - if (!output) - goto cleanup; - - if (v) { - get_av_results(global_policy, v, output); - } - - apol_vector_destroy(&v); - if (perform_te_query(global_policy, &cmd_opts, &v)) { - goto cleanup; - } - if (v) { - get_te_results(global_policy, v, output); - } - - if (cmd_opts.all || cmd_opts.type) { - apol_vector_destroy(&v); - if (perform_ft_query(global_policy, &cmd_opts, &v)) { - goto cleanup; - } - - if (v) { - get_ft_results(global_policy, v, output); - } - } - - if (cmd_opts.all || cmd_opts.role_allow) { - apol_vector_destroy(&v); - if (perform_ra_query(global_policy, &cmd_opts, &v)) { - goto cleanup; - } - - if (v) { - get_ra_results(global_policy, v, output); - } - } - - apol_vector_destroy(&v); - - cleanup: - free(cmd_opts.src_name); - free(cmd_opts.tgt_name); - free(cmd_opts.class_name); - free(cmd_opts.permlist); - free(cmd_opts.bool_name); - free(cmd_opts.src_role_name); - free(cmd_opts.tgt_role_name); - apol_vector_destroy(&cmd_opts.perm_vector); - apol_vector_destroy(&cmd_opts.class_vector); - - if (output && PyList_GET_SIZE(output) == 0) { - py_decref(output); - return Py_None; - } - return output; -} - -static int Dict_ContainsInt(PyObject *dict, const char *key){ - PyObject *item = PyDict_GetItemString(dict, key); - if (item) - return PyInt_AsLong(item); - return false; -} - -static const char *Dict_ContainsString(PyObject *dict, const char *key){ - PyObject *item = PyDict_GetItemString(dict, key); - if (item) - return PyString_AsString(item); - return NULL; -} - -PyObject *wrap_search(PyObject *UNUSED(self), PyObject *args){ - PyObject *dict; - if (!PyArg_ParseTuple(args, "O", &dict)) - return NULL; - int allow = Dict_ContainsInt(dict, "allow"); - int neverallow = Dict_ContainsInt(dict, "neverallow"); - int auditallow = Dict_ContainsInt(dict, "auditallow"); - int dontaudit = Dict_ContainsInt(dict, "dontaudit"); - int transition = Dict_ContainsInt(dict, "transition"); - int role_allow = Dict_ContainsInt(dict, "role_allow"); - - if (!global_policy) { - PyErr_SetString(PyExc_RuntimeError,"Policy not loaded"); - return NULL; - } - const char *src_name = Dict_ContainsString(dict, "source"); - const char *tgt_name = Dict_ContainsString(dict, "target"); - const char *class_name = Dict_ContainsString(dict, "class"); - const char *permlist = Dict_ContainsString(dict, "permlist"); - - return search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist); -} diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py index b00ec81..8fbd5b4 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -4,7 +4,6 @@ # Author: Ryan Hallisey <rhallise@redhat.com> # Author: Jason Zaman <perfinion@gentoo.org> -from . import _policy import selinux import setools import glob @@ -149,7 +148,6 @@ def policy(policy_file): global _pol try: - _policy.policy(policy_file) _pol = setools.SELinuxPolicy(policy_file) except: raise ValueError(_("Failed to read %s policy file") % policy_file) diff --git a/policycoreutils/sepolicy/setup.py b/policycoreutils/sepolicy/setup.py index e74e68d..4bd8353 100644 --- a/policycoreutils/sepolicy/setup.py +++ b/policycoreutils/sepolicy/setup.py @@ -2,11 +2,21 @@ # Author: Thomas Liu <tliu@redhat.com> # Author: Dan Walsh <dwalsh@redhat.com> -import os -from distutils.core import setup, Extension -policy = Extension("sepolicy._policy", - libraries=["apol", "qpol"], - sources=["policy.c", "info.c", "search.c"] - ) +from distutils.core import setup -setup(name="sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates", "sepolicy.help"], package_data={'sepolicy': ['*.glade'], 'sepolicy.help': ['*.txt', '*.png']}) +setup( + name="sepolicy", + version="1.1", + description="Python SELinux Policy Analyses bindings", + author="Daniel Walsh", + author_email="dwalsh@redhat.com", + packages=[ + "sepolicy", + "sepolicy.templates", + "sepolicy.help" + ], + package_data={ + 'sepolicy': ['*.glade'], + 'sepolicy.help': ['*.txt', '*.png'] + } +)
Signed-off-by: Jason Zaman <jason@perfinion.com> --- policycoreutils/sepolicy/common.h | 69 -- policycoreutils/sepolicy/info.c | 1381 ------------------------- policycoreutils/sepolicy/policy.c | 116 --- policycoreutils/sepolicy/policy.h | 7 - policycoreutils/sepolicy/search.c | 1029 ------------------ policycoreutils/sepolicy/sepolicy/__init__.py | 2 - policycoreutils/sepolicy/setup.py | 24 +- 7 files changed, 17 insertions(+), 2611 deletions(-) delete mode 100644 policycoreutils/sepolicy/common.h delete mode 100644 policycoreutils/sepolicy/info.c delete mode 100644 policycoreutils/sepolicy/policy.c delete mode 100644 policycoreutils/sepolicy/policy.h delete mode 100644 policycoreutils/sepolicy/search.c