rpms/policycoreutils/devel policycoreutils-sepolgen.patch, 1.31, 1.32 policycoreutils.spec, 1.667, 1.668
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Jan 6 20:49:27 UTC 2010
Author: dwalsh
Update of /cvs/pkgs/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14036
Modified Files:
policycoreutils-sepolgen.patch policycoreutils.spec
Log Message:
* Wed Jan 6 2009 Dan Walsh <dwalsh at redhat.com> 2.0.78-8
- Speed up audit2allow processing of audit2why comments
policycoreutils-sepolgen.patch:
access.py | 15 +++++++----
audit.py | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
policygen.py | 31 +++++++++++++++++++++++-
refparser.py | 2 -
refpolicy.py | 9 ++++---
5 files changed, 116 insertions(+), 16 deletions(-)
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-sepolgen.patch,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -p -r1.31 -r1.32
--- policycoreutils-sepolgen.patch 16 Dec 2009 13:22:00 -0000 1.31
+++ policycoreutils-sepolgen.patch 6 Jan 2010 20:49:27 -0000 1.32
@@ -56,7 +56,7 @@ diff --exclude-from=exclude -N -u -r nsa
if audit_msg:
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py
--- nsasepolgen/src/sepolgen/audit.py 2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py 2010-01-06 09:52:35.000000000 -0500
@@ -23,6 +23,27 @@
# Convenience functions
@@ -103,15 +103,17 @@ diff --exclude-from=exclude -N -u -r nsa
# Classes representing audit messages
class AuditMessage:
-@@ -106,6 +138,7 @@
+@@ -106,6 +138,9 @@
if fields[0] == "path":
self.path = fields[1][1:-1]
return
+import selinux.audit2why as audit2why
++
++avcdict = {}
class AVCMessage(AuditMessage):
"""AVC message representing an access denial or granted message.
-@@ -146,6 +179,8 @@
+@@ -146,6 +181,8 @@
self.path = ""
self.accesses = []
self.denial = True
@@ -120,7 +122,7 @@ diff --exclude-from=exclude -N -u -r nsa
def __parse_access(self, recs, start):
# This is kind of sucky - the access that is in a space separated
-@@ -205,7 +240,25 @@
+@@ -205,7 +242,31 @@
if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -130,24 +132,30 @@ diff --exclude-from=exclude -N -u -r nsa
+ def analyze(self):
+ tcontext = self.tcontext.to_string()
+ scontext = self.scontext.to_string()
-+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
-+ if self.type == audit2why.NOPOLICY:
-+ raise ValueError("Must call policy_init first")
-+ if self.type == audit2why.BADTCON:
-+ raise ValueError("Invalid Target Context %s\n" % tcontext)
-+ if self.type == audit2why.BADSCON:
-+ raise ValueError("Invalid Source Context %s\n" % scontext)
-+ if self.type == audit2why.BADSCON:
-+ raise ValueError("Invalid Type Class %s\n" % self.tclass)
-+ if self.type == audit2why.BADPERM:
-+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
-+ if self.type == audit2why.BADCOMPUTE:
-+ raise ValueError("Error during access vector computation")
++ access_tuple = tuple( self.accesses)
++ if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
++ self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
++ else:
++ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
++ if self.type == audit2why.NOPOLICY:
++ raise ValueError("Must call policy_init first")
++ if self.type == audit2why.BADTCON:
++ raise ValueError("Invalid Target Context %s\n" % tcontext)
++ if self.type == audit2why.BADSCON:
++ raise ValueError("Invalid Source Context %s\n" % scontext)
++ if self.type == audit2why.BADSCON:
++ raise ValueError("Invalid Type Class %s\n" % self.tclass)
++ if self.type == audit2why.BADPERM:
++ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
++ if self.type == audit2why.BADCOMPUTE:
++ raise ValueError("Error during access vector computation")
++
++ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
+
class PolicyLoadMessage(AuditMessage):
"""Audit message indicating that the policy was reloaded."""
def __init__(self, message):
-@@ -285,6 +338,9 @@
+@@ -285,6 +346,9 @@
def __initialize(self):
self.avc_msgs = []
@@ -157,7 +165,7 @@ diff --exclude-from=exclude -N -u -r nsa
self.compute_sid_msgs = []
self.invalid_msgs = []
self.policy_load_msgs = []
-@@ -314,7 +370,7 @@
+@@ -314,7 +378,7 @@
elif i == "security_compute_sid:":
msg = ComputeSidMessage(line)
found = True
@@ -166,7 +174,7 @@ diff --exclude-from=exclude -N -u -r nsa
msg = PolicyLoadMessage(line)
found = True
elif i == "type=AVC_PATH":
-@@ -442,16 +498,17 @@
+@@ -442,16 +506,17 @@
audit logs parsed by this object.
"""
av_set = access.AccessVectorSet()
@@ -186,7 +194,7 @@ diff --exclude-from=exclude -N -u -r nsa
return av_set
class AVCTypeFilter:
-@@ -477,5 +534,3 @@
+@@ -477,5 +542,3 @@
if self.regex.match(avc.tcontext.type):
return True
return False
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.667
retrieving revision 1.668
diff -u -p -r1.667 -r1.668
--- policycoreutils.spec 21 Dec 2009 21:56:28 -0000 1.667
+++ policycoreutils.spec 6 Jan 2010 20:49:27 -0000 1.668
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.78
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -297,6 +297,9 @@ fi
exit 0
%changelog
+* Wed Jan 6 2009 Dan Walsh <dwalsh at redhat.com> 2.0.78-8
+- Speed up audit2allow processing of audit2why comments
+
* Fri Dec 18 2009 Dan Walsh <dwalsh at redhat.com> 2.0.78-7
- Fixes to sandbox man page
More information about the fedora-extras-commits
mailing list