From: Daniel J Walsh <dwalsh@redhat.com>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: Proposed patch to add seinfo and sesearch bindings to setools.
Date: Tue, 11 Aug 2009 10:55:54 -0400 [thread overview]
Message-ID: <4A81867A.5000208@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 999 bytes --]
setroubleshoot is using sesearch to look for types that domains can access.
For example if I setup apache to bind to port 81, it will generate an AVC that states apache is not allowed to name_bind to port_t. We want to have setroubleshoot state that it can bind to ports named http_port_t ...
Then the instruct the admin to execute
semanage port -a -t http_port_t -P tcp 81
Similarly if we have a domain that tries to read files labeled default_t, we could come up with a list of domains that the domain can read and tell the user to change the type to one of the domains.
We developed a python binding for sesearch to be able to give us this data.
Similarly system-config-selinux/polgengui present data to the user in a gui that needs information that seinfo can provide.
What are the permissive domains, What types are domains, what types are file_types, what domains are user domains ...
Rather then trying to scrape this data from the seinfo command, we wanted to add a python binding.
[-- Attachment #2: setools-python.patch --]
[-- Type: text/plain, Size: 78606 bytes --]
diff -up setools-3.3.6/configure.ac.python setools-3.3.6/configure.ac
--- setools-3.3.6/configure.ac.python 2009-08-10 15:24:55.000000000 -0400
+++ setools-3.3.6/configure.ac 2009-08-10 15:24:59.000000000 -0400
@@ -216,6 +216,9 @@ if test "x${enable_jswig}" = xyes; then
do_swigify_java=yes
do_swigify=yes
fi
+
+AM_PATH_PYTHON(2.6)
+
AC_ARG_ENABLE(swig-python,
AC_HELP_STRING([--enable-swig-python],
[build SWIG interfaces for Python]),
@@ -224,7 +227,6 @@ if test "x${enable_pyswig}" = xyes; then
if test ${do_swigify} = no; then
AC_PROG_SWIG(1.3.28)
fi
- AM_PATH_PYTHON(2.3)
SWIG_PYTHON
do_swigify_python=yes
do_swigify=yes
@@ -873,6 +875,8 @@ AC_CONFIG_FILES([Makefile VERSION \
sediff/Makefile \
man/Makefile \
debian/Makefile \
+ python/Makefile \
+ python/setools/Makefile \
packages/Makefile packages/rpm/Makefile \
packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
diff -up setools-3.3.6/Makefile.am.python setools-3.3.6/Makefile.am
--- setools-3.3.6/Makefile.am.python 2009-08-10 15:23:45.000000000 -0400
+++ setools-3.3.6/Makefile.am 2009-08-10 15:23:50.000000000 -0400
@@ -10,7 +10,7 @@ if BUILD_GUI
endif
# sediffx is also built conditionally, from sediffx/Makefile.am
-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
diff -up setools-3.3.6/Makefile.in.python setools-3.3.6/Makefile.in
--- setools-3.3.6/Makefile.in.python 2009-08-10 15:24:17.000000000 -0400
+++ setools-3.3.6/Makefile.in 2009-08-10 15:25:59.000000000 -0400
@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds \
- sechecker sediff man packages debian apol seaudit
+ sechecker sediff man packages debian apol seaudit python
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = dist-bzip2
@BUILD_APOL_TRUE@MAYBE_APOL = apol
@BUILD_GUI_TRUE@MAYBE_GUI = seaudit
# sediffx is also built conditionally, from sediffx/Makefile.am
-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
#old indent opts
#INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
diff -up setools-3.3.6/python/Makefile.am.python setools-3.3.6/python/Makefile.am
--- setools-3.3.6/python/Makefile.am.python 2009-08-11 09:57:16.000000000 -0400
+++ setools-3.3.6/python/Makefile.am 2009-08-10 15:23:25.000000000 -0400
@@ -0,0 +1,2 @@
+SUBDIRS = setools
+
diff -up setools-3.3.6/python/Makefile.in.python setools-3.3.6/python/Makefile.in
--- setools-3.3.6/python/Makefile.in.python 2009-08-11 09:57:20.000000000 -0400
+++ setools-3.3.6/python/Makefile.in 2009-08-10 15:25:58.000000000 -0400
@@ -0,0 +1,715 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = python
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \
+ $(top_srcdir)/m4/ac_java_options.m4 \
+ $(top_srcdir)/m4/ac_pkg_swig.m4 \
+ $(top_srcdir)/m4/ac_prog_jar.m4 \
+ $(top_srcdir)/m4/ac_prog_java.m4 \
+ $(top_srcdir)/m4/ac_prog_java_works.m4 \
+ $(top_srcdir)/m4/ac_prog_javac.m4 \
+ $(top_srcdir)/m4/ac_prog_javac_works.m4 \
+ $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+APOL_CFLAGS = @APOL_CFLAGS@
+APOL_LIB_FLAG = @APOL_LIB_FLAG@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BWIDGET_DESTDIR = @BWIDGET_DESTDIR@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH = @CYGPATH@
+CYGPATH_W = @CYGPATH_W@
+DEBUGCFLAGS = @DEBUGCFLAGS@
+DEBUGCXXFLAGS = @DEBUGCXXFLAGS@
+DEBUGJFLAGS = @DEBUGJFLAGS@
+DEBUGLDFLAGS = @DEBUGLDFLAGS@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GLADE_CFLAGS = @GLADE_CFLAGS@
+GLADE_LIBS = @GLADE_LIBS@
+GREP = @GREP@
+GTHREAD_CFLAGS = @GTHREAD_CFLAGS@
+GTHREAD_LIBS = @GTHREAD_LIBS@
+GTK_CFLAGS = @GTK_CFLAGS@
+GTK_LIBS = @GTK_LIBS@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+JAR = @JAR@
+JAVA = @JAVA@
+JAVAC = @JAVAC@
+JAVACFLAGS = @JAVACFLAGS@
+JAVAFLAGS = @JAVAFLAGS@
+JAVAPREFIX = @JAVAPREFIX@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
+PIXBUF_LIBS = @PIXBUF_LIBS@
+PKG_CFLAGS = @PKG_CFLAGS@
+PKG_HEADERS = @PKG_HEADERS@
+PKG_INCLUDES = @PKG_INCLUDES@
+PKG_LIBS = @PKG_LIBS@
+PKG_LIB_FILE = @PKG_LIB_FILE@
+PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@
+PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@
+PKG_STUB_SOURCES = @PKG_STUB_SOURCES@
+PKG_TCL_SOURCES = @PKG_TCL_SOURCES@
+POLDIFF_CFLAGS = @POLDIFF_CFLAGS@
+POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@
+PROFILECFLAGS = @PROFILECFLAGS@
+PROFILELDFLAGS = @PROFILELDFLAGS@
+PYTHON = @PYTHON@
+PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
+PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
+PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
+PYTHON_VERSION = @PYTHON_VERSION@
+QPOL_CFLAGS = @QPOL_CFLAGS@
+QPOL_LIB_FLAG = @QPOL_LIB_FLAG@
+RANLIB = @RANLIB@
+SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@
+SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@
+SED = @SED@
+SEFS_CFLAGS = @SEFS_CFLAGS@
+SEFS_LIB_FLAG = @SEFS_LIB_FLAG@
+SELINUX_CFLAGS = @SELINUX_CFLAGS@
+SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+STRIP = @STRIP@
+SWIG = @SWIG@
+SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@
+SWIG_JAVA_OPT = @SWIG_JAVA_OPT@
+SWIG_LIB = @SWIG_LIB@
+SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@
+SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@
+SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@
+SWIG_TCL_OPT = @SWIG_TCL_OPT@
+TCLSH_PROG = @TCLSH_PROG@
+TCL_AUTOPATH = @TCL_AUTOPATH@
+TCL_BIN_DIR = @TCL_BIN_DIR@
+TCL_DEFS = @TCL_DEFS@
+TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@
+TCL_INCLUDES = @TCL_INCLUDES@
+TCL_LD_FLAGS = @TCL_LD_FLAGS@
+TCL_LIBS = @TCL_LIBS@
+TCL_LIB_FILE = @TCL_LIB_FILE@
+TCL_LIB_FLAG = @TCL_LIB_FLAG@
+TCL_LIB_SPEC = @TCL_LIB_SPEC@
+TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@
+TCL_SRC_DIR = @TCL_SRC_DIR@
+TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@
+TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@
+TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@
+TCL_VERSION = @TCL_VERSION@
+TK_BIN_DIR = @TK_BIN_DIR@
+TK_INCLUDES = @TK_INCLUDES@
+TK_LIBS = @TK_LIBS@
+TK_LIB_FILE = @TK_LIB_FILE@
+TK_LIB_FLAG = @TK_LIB_FLAG@
+TK_LIB_SPEC = @TK_LIB_SPEC@
+TK_SRC_DIR = @TK_SRC_DIR@
+TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@
+TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@
+TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@
+TK_VERSION = @TK_VERSION@
+TK_XINCLUDES = @TK_XINCLUDES@
+VERSION = @VERSION@
+WARNCFLAGS = @WARNCFLAGS@
+WARNCXXFLAGS = @WARNCXXFLAGS@
+WARNJFLAGS = @WARNJFLAGS@
+WARNLDFLAGS = @WARNLDFLAGS@
+WISH_PROG = @WISH_PROG@
+XMKMF = @XMKMF@
+XML_CFLAGS = @XML_CFLAGS@
+XML_LIBS = @XML_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+has_pkg_config = @has_pkg_config@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+javadir = @javadir@
+libapol_jswig_soname = @libapol_jswig_soname@
+libapol_pyswig_soname = @libapol_pyswig_soname@
+libapol_soname = @libapol_soname@
+libapol_soversion = @libapol_soversion@
+libapol_tswig_soname = @libapol_tswig_soname@
+libapol_version = @libapol_version@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libpoldiff_jswig_soname = @libpoldiff_jswig_soname@
+libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@
+libpoldiff_soname = @libpoldiff_soname@
+libpoldiff_soversion = @libpoldiff_soversion@
+libpoldiff_tswig_soname = @libpoldiff_tswig_soname@
+libpoldiff_version = @libpoldiff_version@
+libqpol_jswig_soname = @libqpol_jswig_soname@
+libqpol_pyswig_soname = @libqpol_pyswig_soname@
+libqpol_soname = @libqpol_soname@
+libqpol_soversion = @libqpol_soversion@
+libqpol_tswig_soname = @libqpol_tswig_soname@
+libqpol_version = @libqpol_version@
+libseaudit_jswig_soname = @libseaudit_jswig_soname@
+libseaudit_pyswig_soname = @libseaudit_pyswig_soname@
+libseaudit_soname = @libseaudit_soname@
+libseaudit_soversion = @libseaudit_soversion@
+libseaudit_tswig_soname = @libseaudit_tswig_soname@
+libseaudit_version = @libseaudit_version@
+libsefs_jswig_soname = @libsefs_jswig_soname@
+libsefs_pyswig_soname = @libsefs_pyswig_soname@
+libsefs_soname = @libsefs_soname@
+libsefs_soversion = @libsefs_soversion@
+libsefs_tswig_soname = @libsefs_tswig_soname@
+libsefs_version = @libsefs_version@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+prefix = @prefix@
+profile_install_dir = @profile_install_dir@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+sbindir = @sbindir@
+selinux_default_policy = @selinux_default_policy@
+selinux_policy_dir = @selinux_policy_dir@
+sepol_srcdir = @sepol_srcdir@
+setoolsdir = @setoolsdir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+uudecode = @uudecode@
+SUBDIRS = setools
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu python/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \
+ ctags ctags-recursive distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff -up setools-3.3.6/python/setools/__init__.py.python setools-3.3.6/python/setools/__init__.py
--- setools-3.3.6/python/setools/__init__.py.python 2009-08-11 09:56:37.000000000 -0400
+++ setools-3.3.6/python/setools/__init__.py 2009-08-10 17:28:48.000000000 -0400
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu@redhat.com>
+
+import _sesearch
+import _seinfo
+import types
+
+TYPE = _seinfo.TYPE
+ROLE = _seinfo.ROLE
+ATTRIBUTE = _seinfo.ATTRIBUTE
+USER = _seinfo.USER
+
+ALLOW = 'allow'
+AUDITALLOW = 'auditallow'
+NEVERALLOW = 'neverallow'
+DONTAUDIT = 'dontaudit'
+SCONTEXT = 'scontext'
+TCONTEXT = 'tcontext'
+PERMS = 'permlist'
+CLASS = 'class'
+
+def sesearch(types, info):
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT]
+ for type in types:
+ if type not in valid_types:
+ raise ValueError("Type has to be in %s" % valid_types)
+ info[type] = True
+
+ perms = []
+ if PERMS in info:
+ perms = info[PERMS]
+ info[PERMS] = ",".join(info[PERMS])
+
+
+ dict_list = _sesearch.sesearch(info)
+ if len(perms) != 0:
+ dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list)
+ return dict_list
+
+def dict_has_perms(dict, perms):
+ for perm in perms:
+ if perm not in dict[PERMS]:
+ return False
+ return True
+
+def seinfo(setype, name=None):
+ dict_list = _seinfo.seinfo(setype, name)
+ return dict_list
diff -up setools-3.3.6/python/setools/Makefile.am.python setools-3.3.6/python/setools/Makefile.am
--- setools-3.3.6/python/setools/Makefile.am.python 2009-08-11 09:56:25.000000000 -0400
+++ setools-3.3.6/python/setools/Makefile.am 2009-08-10 15:23:25.000000000 -0400
@@ -0,0 +1,24 @@
+EXTRA_DIST = \
+ sesearch.c \
+ seinfo.c \
+ __init__.py \
+ setup.py \
+ $(NULL)
+
+all-am: python-build
+
+python-build: sesearch.c seinfo.c
+ @mkdir -p setools
+ @cp __init__.py setools
+ $(PYTHON) setup.py build
+
+install-exec-hook:
+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+
+uninstall-hook:
+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+
+clean-local:
+ $(PYTHON) setup.py clean -a
+ rm -f *~
+
diff -up setools-3.3.6/python/setools/Makefile.in.python setools-3.3.6/python/setools/Makefile.in
--- setools-3.3.6/python/setools/Makefile.in.python 2009-08-11 09:56:30.000000000 -0400
+++ setools-3.3.6/python/setools/Makefile.in 2009-08-10 15:25:58.000000000 -0400
@@ -0,0 +1,539 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = python/setools
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \
+ $(top_srcdir)/m4/ac_java_options.m4 \
+ $(top_srcdir)/m4/ac_pkg_swig.m4 \
+ $(top_srcdir)/m4/ac_prog_jar.m4 \
+ $(top_srcdir)/m4/ac_prog_java.m4 \
+ $(top_srcdir)/m4/ac_prog_java_works.m4 \
+ $(top_srcdir)/m4/ac_prog_javac.m4 \
+ $(top_srcdir)/m4/ac_prog_javac_works.m4 \
+ $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+APOL_CFLAGS = @APOL_CFLAGS@
+APOL_LIB_FLAG = @APOL_LIB_FLAG@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BWIDGET_DESTDIR = @BWIDGET_DESTDIR@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH = @CYGPATH@
+CYGPATH_W = @CYGPATH_W@
+DEBUGCFLAGS = @DEBUGCFLAGS@
+DEBUGCXXFLAGS = @DEBUGCXXFLAGS@
+DEBUGJFLAGS = @DEBUGJFLAGS@
+DEBUGLDFLAGS = @DEBUGLDFLAGS@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GLADE_CFLAGS = @GLADE_CFLAGS@
+GLADE_LIBS = @GLADE_LIBS@
+GREP = @GREP@
+GTHREAD_CFLAGS = @GTHREAD_CFLAGS@
+GTHREAD_LIBS = @GTHREAD_LIBS@
+GTK_CFLAGS = @GTK_CFLAGS@
+GTK_LIBS = @GTK_LIBS@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+JAR = @JAR@
+JAVA = @JAVA@
+JAVAC = @JAVAC@
+JAVACFLAGS = @JAVACFLAGS@
+JAVAFLAGS = @JAVAFLAGS@
+JAVAPREFIX = @JAVAPREFIX@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
+PIXBUF_LIBS = @PIXBUF_LIBS@
+PKG_CFLAGS = @PKG_CFLAGS@
+PKG_HEADERS = @PKG_HEADERS@
+PKG_INCLUDES = @PKG_INCLUDES@
+PKG_LIBS = @PKG_LIBS@
+PKG_LIB_FILE = @PKG_LIB_FILE@
+PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@
+PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@
+PKG_STUB_SOURCES = @PKG_STUB_SOURCES@
+PKG_TCL_SOURCES = @PKG_TCL_SOURCES@
+POLDIFF_CFLAGS = @POLDIFF_CFLAGS@
+POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@
+PROFILECFLAGS = @PROFILECFLAGS@
+PROFILELDFLAGS = @PROFILELDFLAGS@
+PYTHON = @PYTHON@
+PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
+PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
+PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
+PYTHON_VERSION = @PYTHON_VERSION@
+QPOL_CFLAGS = @QPOL_CFLAGS@
+QPOL_LIB_FLAG = @QPOL_LIB_FLAG@
+RANLIB = @RANLIB@
+SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@
+SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@
+SED = @SED@
+SEFS_CFLAGS = @SEFS_CFLAGS@
+SEFS_LIB_FLAG = @SEFS_LIB_FLAG@
+SELINUX_CFLAGS = @SELINUX_CFLAGS@
+SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+STRIP = @STRIP@
+SWIG = @SWIG@
+SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@
+SWIG_JAVA_OPT = @SWIG_JAVA_OPT@
+SWIG_LIB = @SWIG_LIB@
+SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@
+SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@
+SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@
+SWIG_TCL_OPT = @SWIG_TCL_OPT@
+TCLSH_PROG = @TCLSH_PROG@
+TCL_AUTOPATH = @TCL_AUTOPATH@
+TCL_BIN_DIR = @TCL_BIN_DIR@
+TCL_DEFS = @TCL_DEFS@
+TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@
+TCL_INCLUDES = @TCL_INCLUDES@
+TCL_LD_FLAGS = @TCL_LD_FLAGS@
+TCL_LIBS = @TCL_LIBS@
+TCL_LIB_FILE = @TCL_LIB_FILE@
+TCL_LIB_FLAG = @TCL_LIB_FLAG@
+TCL_LIB_SPEC = @TCL_LIB_SPEC@
+TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@
+TCL_SRC_DIR = @TCL_SRC_DIR@
+TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@
+TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@
+TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@
+TCL_VERSION = @TCL_VERSION@
+TK_BIN_DIR = @TK_BIN_DIR@
+TK_INCLUDES = @TK_INCLUDES@
+TK_LIBS = @TK_LIBS@
+TK_LIB_FILE = @TK_LIB_FILE@
+TK_LIB_FLAG = @TK_LIB_FLAG@
+TK_LIB_SPEC = @TK_LIB_SPEC@
+TK_SRC_DIR = @TK_SRC_DIR@
+TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@
+TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@
+TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@
+TK_VERSION = @TK_VERSION@
+TK_XINCLUDES = @TK_XINCLUDES@
+VERSION = @VERSION@
+WARNCFLAGS = @WARNCFLAGS@
+WARNCXXFLAGS = @WARNCXXFLAGS@
+WARNJFLAGS = @WARNJFLAGS@
+WARNLDFLAGS = @WARNLDFLAGS@
+WISH_PROG = @WISH_PROG@
+XMKMF = @XMKMF@
+XML_CFLAGS = @XML_CFLAGS@
+XML_LIBS = @XML_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+has_pkg_config = @has_pkg_config@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+javadir = @javadir@
+libapol_jswig_soname = @libapol_jswig_soname@
+libapol_pyswig_soname = @libapol_pyswig_soname@
+libapol_soname = @libapol_soname@
+libapol_soversion = @libapol_soversion@
+libapol_tswig_soname = @libapol_tswig_soname@
+libapol_version = @libapol_version@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libpoldiff_jswig_soname = @libpoldiff_jswig_soname@
+libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@
+libpoldiff_soname = @libpoldiff_soname@
+libpoldiff_soversion = @libpoldiff_soversion@
+libpoldiff_tswig_soname = @libpoldiff_tswig_soname@
+libpoldiff_version = @libpoldiff_version@
+libqpol_jswig_soname = @libqpol_jswig_soname@
+libqpol_pyswig_soname = @libqpol_pyswig_soname@
+libqpol_soname = @libqpol_soname@
+libqpol_soversion = @libqpol_soversion@
+libqpol_tswig_soname = @libqpol_tswig_soname@
+libqpol_version = @libqpol_version@
+libseaudit_jswig_soname = @libseaudit_jswig_soname@
+libseaudit_pyswig_soname = @libseaudit_pyswig_soname@
+libseaudit_soname = @libseaudit_soname@
+libseaudit_soversion = @libseaudit_soversion@
+libseaudit_tswig_soname = @libseaudit_tswig_soname@
+libseaudit_version = @libseaudit_version@
+libsefs_jswig_soname = @libsefs_jswig_soname@
+libsefs_pyswig_soname = @libsefs_pyswig_soname@
+libsefs_soname = @libsefs_soname@
+libsefs_soversion = @libsefs_soversion@
+libsefs_tswig_soname = @libsefs_tswig_soname@
+libsefs_version = @libsefs_version@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+prefix = @prefix@
+profile_install_dir = @profile_install_dir@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+sbindir = @sbindir@
+selinux_default_policy = @selinux_default_policy@
+selinux_policy_dir = @selinux_policy_dir@
+sepol_srcdir = @sepol_srcdir@
+setoolsdir = @setoolsdir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+uudecode = @uudecode@
+EXTRA_DIST = \
+ sesearch.c \
+ seinfo.c \
+ __init__.py \
+ setup.py \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/setools/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu python/setools/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+.MAKE: install-am install-exec-am install-strip uninstall-am
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ clean-local distclean distclean-generic distclean-libtool \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am uninstall uninstall-am uninstall-hook
+
+
+all-am: python-build
+
+python-build: sesearch.c seinfo.c
+ @mkdir -p setools
+ @cp __init__.py setools
+ $(PYTHON) setup.py build
+
+install-exec-hook:
+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+
+uninstall-hook:
+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+
+clean-local:
+ $(PYTHON) setup.py clean -a
+ rm -f *~
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff -up setools-3.3.6/python/setools/seinfo.c.python setools-3.3.6/python/setools/seinfo.c
--- setools-3.3.6/python/setools/seinfo.c.python 2009-08-11 09:56:01.000000000 -0400
+++ setools-3.3.6/python/setools/seinfo.c 2009-08-11 09:45:32.000000000 -0400
@@ -0,0 +1,649 @@
+/**
+ * @file
+ * Command line tool to search TE rules.
+ *
+ * @author Frank Mayer mayerf@tresys.com
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Paul Rosenfeld prosenfeld@tresys.com
+ * @author Thomas Liu <tliu@redhat.com>
+ * @author Dan Walsh <dwalsh@redhat.com>
+ *
+ * Copyright (C) 2003-2008 Tresys Technology, LLC
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/**
+ * This is a modified version of seinfo to be used as part of a library for
+ * Python bindings.
+ */
+
+#include "Python.h"
+
+/* libapol */
+#include <apol/policy.h>
+#include <apol/policy-query.h>
+#include <apol/render.h>
+#include <apol/util.h>
+#include <apol/vector.h>
+
+/* libqpol */
+#include <qpol/policy.h>
+#include <qpol/util.h>
+
+/* other */
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
+static char *policy_file = NULL;
+
+enum input
+{
+ TYPE, ATTRIBUTE, ROLE, USER
+};
+
+/**
+ * Gets a textual representation of an attribute, and
+ * all of that attribute's types.
+ *
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ */
+static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb)
+{
+ int retval = -1;
+ PyObject *dict = PyDict_New();
+ const qpol_type_t *attr_datum = NULL;
+ qpol_iterator_t *iter = NULL;
+ const char *attr_name = NULL, *type_name = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+ unsigned char isattr;
+
+ if (qpol_type_get_name(q, type_datum, &attr_name))
+ goto cleanup;
+ PyObject *obj = PyString_FromString(attr_name);
+ PyDict_SetItemString(dict, "name", obj);
+ Py_DECREF(obj);
+
+ /* get an iterator over all types this attribute has */
+ if (qpol_type_get_isattr(q, type_datum, &isattr))
+ goto cleanup;
+ if (isattr) { /* sanity check */
+ if (qpol_type_get_type_iter(q, type_datum, &iter))
+ goto cleanup;
+ PyObject *list = PyList_New(0);
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&attr_datum))
+ goto cleanup;
+ if (qpol_type_get_name(q, attr_datum, &type_name))
+ goto cleanup;
+ PyObject *obj = PyString_FromString(type_name);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ qpol_iterator_destroy(&iter);
+ PyDict_SetItemString(dict, "types", list);
+ Py_DECREF(list);
+ } else /* this should never happen */
+ goto cleanup;
+
+ retval = 0;
+cleanup:
+ qpol_iterator_destroy(&iter);
+ if (retval) {
+ Py_DECREF(dict);
+ return NULL;
+ }
+ return dict;
+}
+
+/**
+ * Gets statistics regarding a policy's attributes.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular attribute; otherwise
+ * the function gets statistics about all of the policy's
+ * attributes.
+ *
+ * @param name Reference to an attribute's name; if NULL,
+ * all object classes will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_attribs(const char *name, const apol_policy_t * policydb)
+{
+ int retval = -1;
+ PyObject *list = PyList_New(0);
+ apol_attr_query_t *attr_query = NULL;
+ apol_vector_t *v = NULL;
+ const qpol_type_t *type_datum = NULL;
+ size_t n_attrs, i;
+
+ /* we are only getting information about 1 attribute */
+ if (name != NULL) {
+ attr_query = apol_attr_query_create();
+ if (!attr_query)
+ goto cleanup;
+ if (apol_attr_query_set_attr(policydb, attr_query, name))
+ goto cleanup;
+ if (apol_attr_get_by_query(policydb, attr_query, &v))
+ goto cleanup;
+ apol_attr_query_destroy(&attr_query);
+ if (apol_vector_get_size(v) == 0) {
+ apol_vector_destroy(&v);
+ errno = EINVAL;
+ goto cleanup;
+ }
+
+ type_datum = apol_vector_get_element(v, (size_t) 0);
+ PyObject *obj = get_attr(type_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ } else {
+ attr_query = apol_attr_query_create();
+ if (!attr_query)
+ goto cleanup;
+ if (apol_attr_get_by_query(policydb, attr_query, &v))
+ goto cleanup;
+ apol_attr_query_destroy(&attr_query);
+ n_attrs = apol_vector_get_size(v);
+
+ for (i = 0; i < n_attrs; i++) {
+ /* get qpol_type_t* item from vector */
+ type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i);
+ if (!type_datum)
+ goto cleanup;
+ PyObject *obj = get_attr(type_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ }
+ apol_vector_destroy(&v);
+
+ retval = 0;
+ cleanup:
+ apol_attr_query_destroy(&attr_query);
+ apol_vector_destroy(&v);
+ if (retval) {
+ Py_DECREF(list);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ return list;
+}
+
+/**
+ * Get a textual representation of a type, and
+ * all of that type's attributes.
+ *
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ */
+static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb)
+{
+ qpol_iterator_t *iter = NULL;
+ const char *attr_name = NULL;
+ const qpol_type_t *attr_datum = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ if (qpol_type_get_attr_iter(q, type_datum, &iter))
+ goto cleanup;
+ PyObject *list = PyList_New(0);
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&attr_datum))
+ goto cleanup;
+ if (qpol_type_get_name(q, attr_datum, &attr_name))
+ goto cleanup;
+ PyObject *obj = PyString_FromString(attr_name);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+
+ cleanup:
+ qpol_iterator_destroy(&iter);
+ return list;
+}
+
+static PyObject* get_type( const qpol_type_t * type_datum, const apol_policy_t * policydb) {
+
+ PyObject *dict = PyDict_New();
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+ const char *type_name = NULL;
+
+ unsigned char isalias, ispermissive, isattr;
+
+ if (qpol_type_get_name(q, type_datum, &type_name))
+ goto cleanup;
+ if (qpol_type_get_isalias(q, type_datum, &isalias))
+ goto cleanup;
+ if (qpol_type_get_isattr(q, type_datum, &isattr))
+ goto cleanup;
+ if (qpol_type_get_ispermissive(q, type_datum, &ispermissive))
+ goto cleanup;
+
+ PyObject *obj = PyString_FromString(type_name);
+ PyDict_SetItemString(dict, "name", obj);
+ Py_DECREF(obj);
+ obj = PyBool_FromLong(ispermissive);
+ PyDict_SetItemString(dict, "permissive", obj);
+ Py_DECREF(obj);
+ if (!isattr && !isalias) {
+ obj = get_type_attrs(type_datum, policydb);
+ PyDict_SetItemString(dict, "attributes", obj);
+ Py_DECREF(obj);
+ }
+ return dict;
+cleanup:
+ Py_DECREF(dict);
+ return NULL;
+}
+
+/**
+ * Gets a textual representation of a user, and
+ * all of that user's roles.
+ *
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ * roles
+ */
+static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb)
+{
+ PyObject *dict = NULL;
+ const qpol_role_t *role_datum = NULL;
+ qpol_iterator_t *iter = NULL;
+ const qpol_mls_range_t *range = NULL;
+ const qpol_mls_level_t *dflt_level = NULL;
+ apol_mls_level_t *ap_lvl = NULL;
+ apol_mls_range_t *ap_range = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+ char *tmp;
+ const char *user_name, *role_name;
+
+ if (qpol_user_get_name(q, user_datum, &user_name))
+ goto cleanup;
+
+ dict = PyDict_New();
+ PyObject *obj = PyString_FromString(user_name);
+ PyDict_SetItemString(dict, "name", obj);
+ Py_DECREF(obj);
+
+ if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) {
+ if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level))
+ goto cleanup;
+ ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level);
+ tmp = apol_mls_level_render(policydb, ap_lvl);
+ if (!tmp)
+ goto cleanup;
+ obj = PyString_FromString(tmp);
+ PyDict_SetItemString(dict, "level", obj);
+ Py_DECREF(obj);
+ free(tmp);
+ /* print default range */
+ if (qpol_user_get_range(q, user_datum, &range))
+ goto cleanup;
+ ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range);
+ tmp = apol_mls_range_render(policydb, ap_range);
+ if (!tmp)
+ goto cleanup;
+ obj = PyString_FromString(tmp);
+ PyDict_SetItemString(dict, "range", obj);
+ Py_DECREF(obj);
+ free(tmp);
+ }
+
+ if (qpol_user_get_role_iter(q, user_datum, &iter))
+ goto cleanup;
+ PyObject *list = PyList_New(0);
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&role_datum)) {
+ Py_DECREF(list);
+ goto cleanup;
+ }
+ if (qpol_role_get_name(q, role_datum, &role_name)) {
+ Py_DECREF(list);
+ goto cleanup;
+ }
+ PyObject *obj = PyString_FromString(role_name);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ PyDict_SetItemString(dict, "roles", list);
+ Py_DECREF(list);
+
+cleanup:
+ qpol_iterator_destroy(&iter);
+ apol_mls_level_destroy(&ap_lvl);
+ apol_mls_range_destroy(&ap_range);
+ return dict;
+}
+
+/**
+ * Gets statistics regarding a policy's users.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular user; otherwise
+ * the function gets statistics about all of the policy's
+ * users.
+ *
+ * @param name Reference to a user's name; if NULL,
+ * all users will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_users(const char *name, const apol_policy_t * policydb)
+{
+ int retval = -1;
+ PyObject *list = PyList_New(0);
+ qpol_iterator_t *iter = NULL;
+ const qpol_user_t *user_datum = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ if (name != NULL) {
+ if (qpol_policy_get_user_by_name(q, name, &user_datum)) {
+ errno = EINVAL;
+ goto cleanup;
+ }
+ PyObject *obj = get_user(user_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ } else {
+ if (qpol_policy_get_user_iter(q, &iter))
+ goto cleanup;
+
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&user_datum))
+ goto cleanup;
+ PyObject *obj = get_user(user_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ qpol_iterator_destroy(&iter);
+ }
+
+ retval = 0;
+ cleanup:
+ qpol_iterator_destroy(&iter);
+ if (retval) {
+ Py_DECREF(list);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ return list;
+}
+
+/**
+ * get a textual representation of a role, and
+ * all of that role's types.
+ *
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ * types
+ */
+static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb)
+{
+ int retval = -1;
+ PyObject *dict = PyDict_New();
+ const char *role_name = NULL, *type_name = NULL;
+ const qpol_role_t *dom_datum = NULL;
+ const qpol_type_t *type_datum = NULL;
+ qpol_iterator_t *iter = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+ size_t n_dom = 0, n_types = 0;
+
+ if (qpol_role_get_name(q, role_datum, &role_name))
+ goto cleanup;
+
+ PyObject *obj = PyString_FromString(role_name);
+ PyDict_SetItemString(dict, "name", obj);
+ Py_DECREF(obj);
+
+ if (qpol_role_get_dominate_iter(q, role_datum, &iter))
+ goto cleanup;
+ if (qpol_iterator_get_size(iter, &n_dom))
+ goto cleanup;
+ if ((int)n_dom > 0) {
+ PyObject *list = PyList_New(0);
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&dom_datum))
+ goto cleanup;
+ if (qpol_role_get_name(q, dom_datum, &role_name))
+ goto cleanup;
+ PyObject *obj = PyString_FromString(role_name);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ PyDict_SetItemString(dict, "dominate", list);
+ Py_DECREF(list);
+ }
+ qpol_iterator_destroy(&iter);
+
+ if (qpol_role_get_type_iter(q, role_datum, &iter))
+ goto cleanup;
+ if (qpol_iterator_get_size(iter, &n_types))
+ goto cleanup;
+ if ((int)n_types > 0) {
+ PyObject *list = PyList_New(0);
+ /* print types */
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&type_datum))
+ goto cleanup;
+ if (qpol_type_get_name(q, type_datum, &type_name))
+ goto cleanup;
+ PyObject *obj = PyString_FromString(type_name);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ PyDict_SetItemString(dict, "types", list);
+ Py_DECREF(list);
+ }
+
+ retval = 0;
+cleanup:
+ qpol_iterator_destroy(&iter);
+ if (retval) {
+ Py_DECREF(dict);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ return dict;
+}
+
+/**
+ * Get statistics regarding a policy's roles.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular role; otherwise
+ * the function get statistics about all of the policy's roles.
+ *
+ * @param name Reference to an role's name; if NULL,
+ * all roles will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_roles(const char *name, const apol_policy_t * policydb)
+{
+ int retval = -1;
+ PyObject *list = PyList_New(0);
+ const qpol_role_t *role_datum = NULL;
+ qpol_iterator_t *iter = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ if (name != NULL) {
+ if (qpol_policy_get_role_by_name(q, name, &role_datum)) {
+ errno = EINVAL;
+ goto cleanup;
+ }
+ PyObject *obj = get_role(role_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ } else {
+ if (qpol_policy_get_role_iter(q, &iter))
+ goto cleanup;
+
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&role_datum))
+ goto cleanup;
+ PyObject *obj = get_role(role_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ qpol_iterator_destroy(&iter);
+ }
+
+ retval = 0;
+ cleanup:
+ qpol_iterator_destroy(&iter);
+ if (retval) {
+ Py_DECREF(list);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ return list;
+}
+
+/**
+ * Get statistics regarding a policy's types.
+ * If this function is given a name, it will attempt to
+ * print statistics about a particular type; otherwise
+ * the function prints statistics about all of the policy's types.
+ *
+ * @param name Reference to a type's name; if NULL,
+ * all object classes will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_types(const char *name, const apol_policy_t * policydb)
+{
+ int retval = -1;
+ PyObject *list = PyList_New(0);
+ const qpol_type_t *type_datum = NULL;
+ qpol_iterator_t *iter = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ /* if name was provided, only print that name */
+ if (name != NULL) {
+ if (qpol_policy_get_type_by_name(q, name, &type_datum)) {
+ errno = EINVAL;
+ goto cleanup;
+ }
+ PyObject *obj = get_type(type_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ } else {
+ if (qpol_policy_get_type_iter(q, &iter))
+ goto cleanup;
+ /* Print all type names */
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ if (qpol_iterator_get_item(iter, (void **)&type_datum))
+ goto cleanup;
+ PyObject *obj = get_type(type_datum, policydb);
+ PyList_Append(list, obj);
+ Py_DECREF(obj);
+ }
+ }
+ retval = 0;
+cleanup:
+ qpol_iterator_destroy(&iter);
+ if (retval) {
+ Py_DECREF(list);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ return list;
+}
+
+PyObject* seinfo(int type, const char *name)
+{
+ int rt = -1;
+
+ apol_policy_t *policydb = NULL;
+ apol_policy_path_t *pol_path = NULL;
+ apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+ PyObject* output = NULL;
+
+ rt = qpol_default_policy_find(&policy_file);
+ if (rt != 0) {
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
+ return NULL;
+ }
+
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
+ if (!pol_path) {
+ free(policy_file);
+ apol_vector_destroy(&mod_paths);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL;
+ }
+ apol_vector_destroy(&mod_paths);
+
+ int policy_load_options = 0;
+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
+ if (!policydb) {
+ free(policy_file);
+ apol_policy_path_destroy(&pol_path);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ free(policy_file);
+
+ /* display requested info */
+ if (type == TYPE)
+ output = get_types(name, policydb);
+
+ if (type == ATTRIBUTE)
+ output = get_attribs(name, policydb);
+
+ if (type == ROLE)
+ output = get_roles(name, policydb);
+
+ if (type == USER)
+ output = get_users(name, policydb);
+
+ apol_policy_destroy(&policydb);
+ apol_policy_path_destroy(&pol_path);
+ return output;
+}
+
+PyObject *wrap_seinfo(PyObject *self, PyObject *args){
+ unsigned int type;
+ char *name;
+
+ if (!PyArg_ParseTuple(args, "iz", &type, &name))
+ return NULL;
+
+ return Py_BuildValue("O",seinfo(type, name));
+
+}
+
+static PyMethodDef methods[] = {
+ {"seinfo", (PyCFunction) wrap_seinfo, METH_VARARGS},
+ {NULL, NULL, 0, NULL}
+};
+
+void init_seinfo(){
+ PyObject *m;
+ m = Py_InitModule("_seinfo", methods);
+ PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
+ PyModule_AddIntConstant(m, "ROLE", ROLE);
+ PyModule_AddIntConstant(m, "TYPE", TYPE);
+ PyModule_AddIntConstant(m, "USER", USER);
+}
diff -up setools-3.3.6/python/setools/sesearch.c.python setools-3.3.6/python/setools/sesearch.c
--- setools-3.3.6/python/setools/sesearch.c.python 2009-08-11 09:56:08.000000000 -0400
+++ setools-3.3.6/python/setools/sesearch.c 2009-08-11 09:46:26.000000000 -0400
@@ -0,0 +1,477 @@
+// Author: Thomas Liu <tliu@redhat.com>
+
+/**
+ * @file
+ * Command line tool to search TE rules.
+ *
+ * @author Frank Mayer mayerf@tresys.com
+ * @author Jeremy A. Mowery jmowery@tresys.com
+ * @author Paul Rosenfeld prosenfeld@tresys.com
+ * @author Thomas Liu <tliu@redhat.com>
+ *
+ * Copyright (C) 2003-2008 Tresys Technology, LLC
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/**
+ * This is a modified version of sesearch to be used as part of a library for
+ * Python bindings.
+ */
+
+#include "Python.h"
+
+/* libapol */
+#include <apol/policy.h>
+#include <apol/policy-query.h>
+#include <apol/render.h>
+#include <apol/util.h>
+#include <apol/vector.h>
+
+/* libqpol*/
+#include <qpol/policy.h>
+#include <qpol/policy_extend.h>
+#include <qpol/syn_rule_query.h>
+#include <qpol/util.h>
+
+/* other */
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+#include <getopt.h>
+#include <string.h>
+#include <stdbool.h>
+
+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
+static char *policy_file = NULL;
+
+enum opt_values
+{
+ RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT,
+ RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL,
+ EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET
+};
+
+;
+
+typedef struct options
+{
+ char *src_name;
+ char *tgt_name;
+ char *src_role_name;
+ char *tgt_role_name;
+ char *class_name;
+ char *permlist;
+ char *bool_name;
+ apol_vector_t *class_vector;
+ bool all;
+ bool lineno;
+ bool semantic;
+ bool indirect;
+ bool allow;
+ bool nallow;
+ bool auditallow;
+ bool dontaudit;
+ bool type;
+ bool rtrans;
+ bool role_allow;
+ bool role_trans;
+ bool useregex;
+ bool show_cond;
+ apol_vector_t *perm_vector;
+} options_t;
+
+static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
+{
+ apol_avrule_query_t *avq = NULL;
+ unsigned int rules = 0;
+ int error = 0;
+ char *tmp = NULL, *tok = NULL, *s = NULL;
+
+ if (!policy || !opt || !v) {
+ PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) {
+ *v = NULL;
+ return 0; /* no search to do */
+ }
+
+ avq = apol_avrule_query_create();
+ if (!avq) {
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ errno = ENOMEM;
+ return -1;
+ }
+
+ if (opt->allow || opt->all)
+ rules |= QPOL_RULE_ALLOW;
+ if ((opt->nallow || opt->all) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_NEVERALLOW))
+ rules |= QPOL_RULE_NEVERALLOW;
+ if (opt->auditallow || opt->all)
+ rules |= QPOL_RULE_AUDITALLOW;
+ if (opt->dontaudit || opt->all)
+ rules |= QPOL_RULE_DONTAUDIT;
+ apol_avrule_query_set_rules(policy, avq, rules);
+ apol_avrule_query_set_regex(policy, avq, opt->useregex);
+ if (opt->src_name)
+ apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect);
+ if (opt->tgt_name)
+ apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect);
+ if (opt->bool_name)
+ apol_avrule_query_set_bool(policy, avq, opt->bool_name);
+ if (opt->class_name) {
+ if (opt->class_vector == NULL) {
+ if (apol_avrule_query_append_class(policy, avq, opt->class_name)) {
+ error = errno;
+ goto err;
+ }
+ } else {
+ size_t i;
+ for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
+ char *class_name;
+ class_name = apol_vector_get_element(opt->class_vector, i);
+ if (!class_name)
+ continue;
+ if (apol_avrule_query_append_class(policy, avq, class_name)) {
+ error = errno;
+ goto err;
+ }
+ }
+ }
+ }
+
+ if (opt->permlist) {
+ tmp = strdup(opt->permlist);
+ for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) {
+ if (apol_avrule_query_append_perm(policy, avq, tok)) {
+ error = errno;
+ goto err;
+ }
+ if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) {
+ error = errno;
+ goto err;
+ }
+ s = NULL;
+ }
+ free(tmp);
+ }
+
+ if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
+ if (apol_syn_avrule_get_by_query(policy, avq, v)) {
+ error = errno;
+ goto err;
+ }
+ } else {
+ if (apol_avrule_get_by_query(policy, avq, v)) {
+ error = errno;
+ goto err;
+ }
+ }
+
+ apol_avrule_query_destroy(&avq);
+ return 0;
+
+ err:
+ apol_vector_destroy(v);
+ apol_avrule_query_destroy(&avq);
+ free(tmp);
+ free(s);
+ PyErr_SetString(PyExc_RuntimeError,strerror(error));
+ errno = error;
+ return -1;
+}
+
+
+
+static PyObject* get_av_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
+{
+ int retval = -1;
+ PyObject *list = PyList_New(0);
+ qpol_policy_t *q = apol_policy_get_qpol(policy);
+ size_t i, num_rules = 0;
+ const qpol_avrule_t *rule = NULL;
+ char *tmp = NULL, *rule_str = NULL, *expr = NULL;
+ char enable_char = ' ', branch_char = ' ';
+ qpol_iterator_t *iter = NULL;
+ uint32_t enabled = 0;
+
+ if (!policy || !v)
+ return NULL;
+
+ if (!(num_rules = apol_vector_get_size(v)))
+ return NULL;
+
+ for (i = 0; i < num_rules; i++) {
+ enable_char = branch_char = ' ';
+ if (!(rule = apol_vector_get_element(v, i)))
+ goto cleanup;
+
+ if (qpol_avrule_get_is_enabled(q, rule, &enabled))
+ goto cleanup;
+ if (!enabled)
+ continue;
+
+ const qpol_type_t *type;
+ const char *tmp_name;
+ uint32_t rule_type = 0;
+
+ const qpol_class_t *obj_class = NULL;
+
+ PyObject *dict = PyDict_New();
+
+ qpol_avrule_get_rule_type(q, rule, &rule_type);
+ tmp_name = apol_rule_type_to_str(rule_type);
+ PyObject *obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "type", obj);
+ Py_DECREF(obj);
+ // source
+ qpol_avrule_get_source_type(q, rule, &type);
+ qpol_type_get_name(q, type, &tmp_name);
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "scontext", obj);
+ Py_DECREF(obj);
+
+ qpol_avrule_get_target_type(q, rule, &type);
+ qpol_type_get_name(q, type, &tmp_name);
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "tcontext", obj);
+ Py_DECREF(obj);
+
+ qpol_avrule_get_object_class(q, rule, &obj_class);
+ qpol_type_get_name(q, type, &tmp_name);
+ obj = PyString_FromString(tmp_name);
+ PyDict_SetItemString(dict, "class", obj);
+ Py_DECREF(obj);
+ qpol_avrule_get_perm_iter(q, rule, &iter);
+ PyObject *permlist = PyList_New(0);
+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
+ const char *perm_name = NULL;
+ qpol_iterator_get_item(iter, (void **)&perm_name);
+ obj = PyString_FromString(perm_name);
+ PyList_Append(permlist, obj);
+ Py_DECREF(obj);
+ }
+ PyDict_SetItemString(dict, "permlist", permlist);
+ Py_DECREF(permlist);
+ PyList_Append(list, dict);
+ Py_DECREF(dict);
+
+ free(rule_str);
+ rule_str = NULL;
+ free(expr);
+ expr = NULL;
+ }
+ retval = 0;
+ cleanup:
+ free(tmp);
+ free(rule_str);
+ free(expr);
+ if (retval) {
+ Py_DECREF(list);
+ return NULL;
+ }
+ return list;
+}
+
+
+PyObject* sesearch(bool allow,
+ bool neverallow,
+ bool auditallow,
+ bool dontaudit,
+ const char *src_name,
+ const char *tgt_name,
+ const char *class_name,
+ const char *permlist
+ )
+{
+ options_t cmd_opts;
+ int rt = -1;
+ PyObject *output = NULL;
+
+ apol_policy_t *policy = NULL;
+ apol_vector_t *v = NULL;
+ apol_policy_path_t *pol_path = NULL;
+ apol_vector_t *mod_paths = NULL;
+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
+
+ memset(&cmd_opts, 0, sizeof(cmd_opts));
+ cmd_opts.indirect = true;
+ cmd_opts.allow = allow;
+ cmd_opts.nallow = neverallow;
+ cmd_opts.auditallow = auditallow;
+ cmd_opts.dontaudit = dontaudit;
+ if (src_name)
+ cmd_opts.src_name = strdup(src_name);
+ if (tgt_name)
+ cmd_opts.tgt_name = strdup(tgt_name);
+ if (class_name)
+ cmd_opts.class_name = strdup(class_name);
+ if (permlist){
+ cmd_opts.perm_vector = apol_vector_create(free);
+ cmd_opts.permlist = strdup(permlist);
+ }
+ int pol_opt = 0;
+ if (!(cmd_opts.nallow || cmd_opts.all))
+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
+
+
+ rt = qpol_default_policy_find(&policy_file);
+ if (rt) {
+ PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
+ return NULL;
+ }
+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
+
+ if (apol_file_is_policy_path_list(policy_file) > 0) {
+ pol_path = apol_policy_path_create_from_file(policy_file);
+ if (!pol_path) {
+ free(policy_file);
+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
+ return NULL;
+ }
+ }
+
+ if (!pol_path)
+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
+ if (!pol_path) {
+ free(policy_file);
+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
+ return NULL;
+ }
+ free(policy_file);
+ apol_vector_destroy(&mod_paths);
+
+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
+ if (!policy) {
+ apol_policy_path_destroy(&pol_path);
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ return NULL;
+ }
+ /* handle regex for class name */
+ if (cmd_opts.useregex && cmd_opts.class_name != NULL) {
+ cmd_opts.class_vector = apol_vector_create(NULL);
+ apol_vector_t *qpol_matching_classes = NULL;
+ apol_class_query_t *regex_match_query = apol_class_query_create();
+ apol_class_query_set_regex(policy, regex_match_query, 1);
+ apol_class_query_set_class(policy, regex_match_query, cmd_opts.class_name);
+ if (apol_class_get_by_query(policy, regex_match_query, &qpol_matching_classes)) {
+ apol_class_query_destroy(®ex_match_query);
+ PyErr_SetString(PyExc_RuntimeError,"Query failed");
+ goto cleanup;
+ }
+ const qpol_class_t *class = NULL;
+ size_t i;
+ for (i = 0; i < apol_vector_get_size(qpol_matching_classes); ++i) {
+ const char *class_name;
+ class = apol_vector_get_element(qpol_matching_classes, i);
+ if (!class)
+ break;
+ qpol_class_get_name(apol_policy_get_qpol(policy), class, &class_name);
+ apol_vector_append(cmd_opts.class_vector, (void *)class_name);
+ }
+ if (!apol_vector_get_size(qpol_matching_classes)) {
+ apol_vector_destroy(&qpol_matching_classes);
+ apol_class_query_destroy(®ex_match_query);
+ PyErr_SetString(PyExc_RuntimeError,"No classes match expression");
+ goto cleanup;
+ }
+ apol_vector_destroy(&qpol_matching_classes);
+ apol_class_query_destroy(®ex_match_query);
+ }
+
+ if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
+ if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) {
+ apol_policy_destroy(&policy);
+ PyErr_SetString(PyExc_RuntimeError,"Query failed");
+ goto cleanup;
+ }
+ }
+
+ /* if syntactic rules are not available always do semantic search */
+ if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
+ cmd_opts.semantic = 1;
+ }
+
+ /* supress line numbers if doing semantic search or not available */
+ if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) {
+ cmd_opts.lineno = 0;
+ }
+ if (perform_av_query(policy, &cmd_opts, &v)) {
+ goto cleanup;
+ }
+ if (v) {
+ output = get_av_results(policy, &cmd_opts, v);
+ }
+ apol_vector_destroy(&v);
+ cleanup:
+ apol_policy_destroy(&policy);
+ apol_policy_path_destroy(&pol_path);
+ free(cmd_opts.src_name);
+ free(cmd_opts.tgt_name);
+ free(cmd_opts.class_name);
+ free(cmd_opts.permlist);
+ free(cmd_opts.bool_name);
+ free(cmd_opts.src_role_name);
+ free(cmd_opts.tgt_role_name);
+ apol_vector_destroy(&cmd_opts.perm_vector);
+ apol_vector_destroy(&cmd_opts.class_vector);
+
+ return output;
+}
+static int Dict_ContainsInt(PyObject *dict, const char *key){
+ PyObject *item = PyDict_GetItemString(dict, key);
+ if (item)
+ return PyInt_AsLong(item);
+ return false;
+}
+
+static const char *Dict_ContainsString(PyObject *dict, const char *key){
+ PyObject *item = PyDict_GetItemString(dict, key);
+ if (item)
+ return PyString_AsString(item);
+ return NULL;
+}
+
+PyObject *wrap_sesearch(PyObject *self, PyObject *args){
+ PyObject *dict;
+ if (!PyArg_ParseTuple(args, "O", &dict))
+ return NULL;
+ int allow = Dict_ContainsInt(dict, "allow");
+ int neverallow = Dict_ContainsInt(dict, "neverallow");
+ int auditallow = Dict_ContainsInt(dict, "auditallow");
+ int dontaudit = Dict_ContainsInt(dict, "dontaudit");
+
+ const char *src_name = Dict_ContainsString(dict, "scontext");
+ const char *tgt_name = Dict_ContainsString(dict, "tcontext");
+ const char *class_name = Dict_ContainsString(dict, "class");
+ const char *permlist = Dict_ContainsString(dict, "permlist");
+
+ return Py_BuildValue("O",sesearch(allow, neverallow, auditallow, dontaudit, src_name, tgt_name, class_name, permlist));
+
+}
+
+static PyMethodDef methods[] = {
+ {"sesearch", (PyCFunction) wrap_sesearch, METH_VARARGS},
+ {NULL, NULL, 0, NULL}
+};
+
+void init_sesearch(){
+ PyObject *m;
+ m = Py_InitModule("_sesearch", methods);
+}
diff -up setools-3.3.6/python/setools/setup.py.python setools-3.3.6/python/setools/setup.py
--- setools-3.3.6/python/setools/setup.py.python 2009-08-11 09:56:15.000000000 -0400
+++ setools-3.3.6/python/setools/setup.py 2009-08-10 15:23:25.000000000 -0400
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu@redhat.com>
+
+from distutils.core import setup, Extension
+extension_sesearch = Extension("setools._sesearch", [ "sesearch.c"], libraries=["apol", "qpol"] )
+extension_seinfo = Extension("setools._seinfo", [ "seinfo.c"], libraries=["apol", "qpol"] )
+
+setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@redhat.com", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"])
+
reply other threads:[~2009-08-11 14:55 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A81867A.5000208@redhat.com \
--to=dwalsh@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.