I've sent a v2 of this patch, somehow I missed that I needed to
remove things from more Makefiles
v2 is only this one, the others in this series should be okay as-is.
-- Jason
On Thu, Sep 22, 2016 at 11:17:33PM +0800, Jason Zaman wrote:
> nt gentoo
>
> Signed-off-by: Jason Zaman <ja...@perfinion.com>
> ---
> policycoreutils/sepolicy/common.h | 69 --
> policycoreutils/sepolicy/info.c | 1381
> -------------------------
> policycoreutils/sepolicy/policy.c | 116 ---
> policycoreutils/sepolicy/policy.h | 7 -
> policycoreutils/sepolicy/search.c | 1029 ------------------
> policycoreutils/sepolicy/sepolicy/__init__.py | 2 -
> policycoreutils/sepolicy/setup.py | 24 +-
> 7 files changed, 17 insertions(+), 2611 deletions(-)
> delete mode 100644 policycoreutils/sepolicy/common.h
> delete mode 100644 policycoreutils/sepolicy/info.c
> delete mode 100644 policycoreutils/sepolicy/policy.c
> delete mode 100644 policycoreutils/sepolicy/policy.h
> delete mode 100644 policycoreutils/sepolicy/search.c
>
> diff --git a/policycoreutils/sepolicy/common.h
> b/policycoreutils/sepolicy/common.h
> deleted file mode 100644
> index e453def..0000000
> --- a/policycoreutils/sepolicy/common.h
> +++ /dev/null
> @@ -1,69 +0,0 @@
> -#include "Python.h"
> -
> -#ifdef UNUSED
> -#elif defined(__GNUC__)
> -# define UNUSED(x) UNUSED_ ## x __attribute__((unused))
> -#elif defined(__LCLINT__)
> -# define UNUSED(x) /*@unused@*/ x
> -#else
> -# define UNUSED(x) x
> -#endif
> -
> -#define py_decref(x) { if (x) Py_DECREF(x); }
> -
> -#if PY_MAJOR_VERSION >= 3
> -# define PyIntObject PyLongObject
> -# define PyInt_Type PyLong_Type
> -# define PyInt_Check(op) PyLong_Check(op)
> -# define PyInt_CheckExact(op) PyLong_CheckExact(op)
> -# define PyInt_FromString PyLong_FromString
> -# define PyInt_FromUnicode PyLong_FromUnicode
> -# define PyInt_FromLong PyLong_FromLong
> -# define PyInt_FromSize_t PyLong_FromSize_t
> -# define PyInt_FromSsize_t PyLong_FromSsize_t
> -# define PyInt_AsLong PyLong_AsLong
> -# define PyInt_AS_LONG PyLong_AS_LONG
> -# define PyInt_AsSsize_t PyLong_AsSsize_t
> -# define PyInt_AsUnsignedLongMask PyLong_AsUnsignedLongMask
> -# define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
> -# define PyString_FromString PyUnicode_FromString
> -# define PyString_AsString PyUnicode_AsUTF8
> -#endif
> -
> -static int py_append_string(PyObject *list, const char* value)
> -{
> - int rt;
> - PyObject *obj = PyString_FromString(value);
> - if (!obj) return -1;
> - rt = PyList_Append(list, obj);
> - Py_DECREF(obj);
> - return rt;
> -}
> -
> -static int py_append_obj(PyObject *list, PyObject *obj)
> -{
> - int rt;
> - if (!obj) return -1;
> - rt = PyList_Append(list, obj);
> - return rt;
> -}
> -
> -static int py_insert_obj(PyObject *dict, const char *name, PyObject *obj)
> -{
> - int rt;
> - if (!obj) return -1;
> - rt = PyDict_SetItemString(dict, name, obj);
> - return rt;
> -}
> -
> -static int py_insert_string(PyObject *dict, const char *name, const char*
> value)
> -{
> - int rt;
> - PyObject *obj = PyString_FromString(value);
> - if (!obj) return -1;
> - rt = PyDict_SetItemString(dict, name, obj);
> - Py_DECREF(obj);
> - return rt;
> -}
> -
> -
> diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
> deleted file mode 100644
> index bbb6844..0000000
> --- a/policycoreutils/sepolicy/info.c
> +++ /dev/null
> @@ -1,1381 +0,0 @@
> -/**
> - * @file
> - * Command line tool to search TE rules.
> - *
> - * @author Frank Mayer may...@tresys.com
> - * @author Jeremy A. Mowery jmow...@tresys.com
> - * @author Paul Rosenfeld prosenf...@tresys.com
> - * @author Thomas Liu <t...@redhat.com>
> - * @author Dan Walsh <dwa...@redhat.com>
> - *
> - * Copyright (C) 2003-2008 Tresys Technology, LLC
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, write to the Free Software
> - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
> USA
> - */
> -
> -/**
> - * This is a modified version of seinfo to be used as part of a library for
> - * Python bindings.
> - */
> -
> -#include "common.h"
> -#include "policy.h"
> -
> -/* libapol */
> -#include <apol/policy-query.h>
> -#include <apol/render.h>
> -#include <apol/util.h>
> -#include <apol/vector.h>
> -
> -/* libqpol */
> -#include <qpol/policy.h>
> -#include <qpol/util.h>
> -
> -/* other */
> -#include <errno.h>
> -#include <stdlib.h>
> -#include <stdio.h>
> -#include <string.h>
> -#include <assert.h>
> -
> -#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
> -
> -enum input
> -{
> - TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS
> -};
> -
> -static int py_insert_long(PyObject *dict, const char *name, int value)
> -{
> - int rt;
> - PyObject *obj = PyLong_FromLong(value);
> - if (!obj) return -1;
> - rt = PyDict_SetItemString(dict, name, obj);
> - Py_DECREF(obj);
> - return rt;
> -}
> -
> -static int py_insert_bool(PyObject *dict, const char *name, int value)
> -{
> - int rt;
> - PyObject *obj = PyBool_FromLong(value);
> - if (!obj) return -1;
> - rt = PyDict_SetItemString(dict, name, obj);
> - Py_DECREF(obj);
> - return rt;
> -}
> -
> -/**
> - * Get a policy's MLS sensitivities.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular sensitivity; otherwise
> - * the function gets statistics about all of the policy's
> - * sensitivities.
> - *
> - * @param name Reference to a sensitivity's name; if NULL,
> - * all sensitivities will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_sens(const char *name, const apol_policy_t * policydb)
> -{
> - PyObject *dict = NULL;
> - int error = 0;
> - int rt = 0;
> - size_t i;
> - char *tmp = NULL;
> - const char *lvl_name = NULL;
> - apol_level_query_t *query = NULL;
> - apol_vector_t *v = NULL;
> - const qpol_level_t *level = NULL;
> - apol_mls_level_t *ap_mls_lvl = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> -
> - query = apol_level_query_create();
> - if (!query)
> - goto cleanup;
> - if (apol_level_query_set_sens(policydb, query, name))
> - goto cleanup;
> - if (apol_level_get_by_query(policydb, query, &v))
> - goto cleanup;
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> - for (i = 0; i < apol_vector_get_size(v); i++) {
> - level = apol_vector_get_element(v, i);
> - if (qpol_level_get_name(q, level, &lvl_name))
> - goto err;
> - ap_mls_lvl = (apol_mls_level_t *)
> apol_mls_level_create_from_qpol_level_datum(policydb, level);
> - tmp = apol_mls_level_render(policydb, ap_mls_lvl);
> - apol_mls_level_destroy(&ap_mls_lvl);
> - if (!tmp)
> - goto cleanup;
> - if (py_insert_string(dict, lvl_name, tmp))
> - goto err;
> - free(tmp); tmp = NULL;
> - if (rt) goto err;
> - }
> -
> - if (name && !apol_vector_get_size(v)) {
> - goto cleanup;
> - }
> -
> - goto cleanup;
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> - py_decref(dict); dict = NULL;
> -cleanup:
> - free(tmp);
> - apol_level_query_destroy(&query);
> - apol_vector_destroy(&v);
> - errno = error;
> - return dict;
> -}
> -
> -/**
> - * Compare two qpol_cat_datum_t objects.
> - * This function is meant to be passed to apol_vector_compare
> - * as the callback for performing comparisons.
> - *
> - * @param datum1 Reference to a qpol_type_datum_t object
> - * @param datum2 Reference to a qpol_type_datum_t object
> - * @param data Reference to a policy
> - * @return Greater than 0 if the first argument is less than the second
> argument,
> - * less than 0 if the first argument is greater than the second argument,
> - * 0 if the arguments are equal
> - */
> -static int qpol_cat_datum_compare(const void *datum1, const void *datum2,
> void *data)
> -{
> - const qpol_cat_t *cat_datum1 = NULL, *cat_datum2 = NULL;
> - apol_policy_t *policydb = NULL;
> - qpol_policy_t *q;
> - uint32_t val1, val2;
> -
> - policydb = (apol_policy_t *) data;
> - q = apol_policy_get_qpol(policydb);
> - assert(policydb);
> -
> - if (!datum1 || !datum2)
> - goto exit_err;
> - cat_datum1 = datum1;
> - cat_datum2 = datum2;
> -
> - if (qpol_cat_get_value(q, cat_datum1, &val1))
> - goto exit_err;
> - if (qpol_cat_get_value(q, cat_datum2, &val2))
> - goto exit_err;
> -
> - return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1);
> -
> - exit_err:
> - assert(0);
> - return 0;
> -}
> -
> -/**
> - * Compare two qpol_level_datum_t objects.
> - * This function is meant to be passed to apol_vector_compare
> - * as the callback for performing comparisons.
> - *
> - * @param datum1 Reference to a qpol_level_datum_t object
> - * @param datum2 Reference to a qpol_level_datum_t object
> - * @param data Reference to a policy
> - * @return Greater than 0 if the first argument is less than the second
> argument,
> - * less than 0 if the first argument is greater than the second argument,
> - * 0 if the arguments are equal
> - */
> -static int qpol_level_datum_compare(const void *datum1, const void *datum2,
> void *data)
> -{
> - const qpol_level_t *lvl_datum1 = NULL, *lvl_datum2 = NULL;
> - apol_policy_t *policydb = NULL;
> - qpol_policy_t *q;
> - uint32_t val1, val2;
> -
> - policydb = (apol_policy_t *) data;
> - assert(policydb);
> - q = apol_policy_get_qpol(policydb);
> -
> - if (!datum1 || !datum2)
> - goto exit_err;
> - lvl_datum1 = datum1;
> - lvl_datum2 = datum2;
> -
> - if (qpol_level_get_value(q, lvl_datum1, &val1))
> - goto exit_err;
> - if (qpol_level_get_value(q, lvl_datum2, &val2))
> - goto exit_err;
> -
> - return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1);
> -
> - exit_err:
> - assert(0);
> - return 0;
> -}
> -
> -/**
> - * Gets a textual representation of a MLS category and
> - * all of that category's sensitivies.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - */
> -static PyObject* get_cat_sens(const qpol_cat_t * cat_datum, const
> apol_policy_t * policydb)
> -{
> - const char *cat_name, *lvl_name;
> - apol_level_query_t *query = NULL;
> - apol_vector_t *v = NULL;
> - const qpol_level_t *lvl_datum = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - size_t i, n_sens = 0;
> - int error = 0;
> - PyObject *list = NULL;
> - PyObject *dict = PyDict_New();
> - if (!dict) goto err;
> - if (!cat_datum || !policydb)
> - goto err;
> -
> - /* get category name for apol query */
> - if (qpol_cat_get_name(q, cat_datum, &cat_name))
> - goto cleanup;
> -
> - query = apol_level_query_create();
> - if (!query)
> - goto err;
> - if (apol_level_query_set_cat(policydb, query, cat_name))
> - goto err;
> - if (apol_level_get_by_query(policydb, query, &v))
> - goto err;
> - apol_vector_sort(v, &qpol_level_datum_compare, (void *)policydb);
> - dict = PyDict_New();
> - if (!dict) goto err;
> - if (py_insert_string(dict, "name", cat_name))
> - goto err;
> - n_sens = apol_vector_get_size(v);
> - list = PyList_New(0);
> - if (!list) goto err;
> - for (i = 0; i < n_sens; i++) {
> - lvl_datum = (qpol_level_t *) apol_vector_get_element(v, i);
> - if (!lvl_datum)
> - goto err;
> - if (qpol_level_get_name(q, lvl_datum, &lvl_name))
> - goto err;
> - if (py_append_string(list, lvl_name))
> - goto err;
> - }
> - if (py_insert_obj(dict, "level", list))
> - goto err;
> - Py_DECREF(list);
> -
> - goto cleanup;
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> - py_decref(dict); dict = NULL;
> -cleanup:
> - apol_level_query_destroy(&query);
> - apol_vector_destroy(&v);
> - errno = error;
> - return dict;
> -}
> -
> -/**
> - * Prints statistics regarding a policy's MLS categories.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular category; otherwise
> - * the function gets statistics about all of the policy's
> - * categories.
> - *
> - * @param name Reference to a MLS category's name; if NULL,
> - * all categories will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_cats(const char *name, const apol_policy_t * policydb)
> -{
> - PyObject *obj = NULL;
> - apol_cat_query_t *query = NULL;
> - apol_vector_t *v = NULL;
> - const qpol_cat_t *cat_datum = NULL;
> - size_t i, n_cats;
> - int error = 0;
> - int rt;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - query = apol_cat_query_create();
> - if (!query)
> - goto err;
> - if (apol_cat_query_set_cat(policydb, query, name))
> - goto err;
> - if (apol_cat_get_by_query(policydb, query, &v))
> - goto err;
> - n_cats = apol_vector_get_size(v);
> - apol_vector_sort(v, &qpol_cat_datum_compare, (void *)policydb);
> -
> - for (i = 0; i < n_cats; i++) {
> - cat_datum = apol_vector_get_element(v, i);
> - if (!cat_datum)
> - goto err;
> - obj = get_cat_sens(cat_datum, policydb);
> - if (!obj)
> - goto err;
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> -
> - if (name && !n_cats) {
> - goto err;
> - }
> -
> - goto cleanup;
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -cleanup:
> - apol_cat_query_destroy(&query);
> - apol_vector_destroy(&v);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Get the alias of a type.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - * attributes
> - */
> -static PyObject* get_type_aliases(const qpol_type_t * type_datum, const
> apol_policy_t * policydb)
> -{
> - qpol_iterator_t *iter = NULL;
> - size_t alias_size;
> - unsigned char isattr, isalias;
> - const char *type_name = NULL;
> - const char *alias_name;
> - int error = 0;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (qpol_type_get_name(q, type_datum, &type_name))
> - goto cleanup;
> - if (qpol_type_get_isattr(q, type_datum, &isattr))
> - goto cleanup;
> - if (qpol_type_get_isalias(q, type_datum, &isalias))
> - goto cleanup;
> -
> - if (qpol_type_get_alias_iter(q, type_datum, &iter))
> - goto cleanup;
> - if (qpol_iterator_get_size(iter, &alias_size))
> - goto cleanup;
> - if (alias_size > 0) {
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&alias_name))
> - goto err;
> - if (py_append_string(list, alias_name))
> - goto err;
> - }
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Gets a textual representation of an attribute, and
> - * all of that attribute's types.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - */
> -static PyObject* get_attr(const qpol_type_t * type_datum, const
> apol_policy_t * policydb)
> -{
> - PyObject *list = NULL;
> - const qpol_type_t *attr_datum = NULL;
> - qpol_iterator_t *iter = NULL;
> - const char *attr_name = NULL, *type_name = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - unsigned char isattr;
> - int error = 0;
> - int rt = 0;
> - PyObject *dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (qpol_type_get_name(q, type_datum, &attr_name))
> - goto err;
> -
> - if (py_insert_string(dict, "name", attr_name))
> - goto err;
> -
> - /* get an iterator over all types this attribute has */
> - if (qpol_type_get_isattr(q, type_datum, &isattr))
> - goto err;
> -
> - if (isattr) { /* sanity check */
> - if (qpol_type_get_type_iter(q, type_datum, &iter))
> - goto err;
> - list = PyList_New(0);
> - if (!list) goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&attr_datum))
> - goto err;
> - if (qpol_type_get_name(q, attr_datum, &type_name))
> - goto err;
> - if (py_append_string(list, type_name))
> - goto err;
> - }
> - qpol_iterator_destroy(&iter);
> - rt = PyDict_SetItemString(dict, "types", list);
> - Py_DECREF(list); list = NULL;
> - if (rt) goto err;
> - } else /* this should never happen */
> - goto err;
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(dict); dict = NULL;
> - py_decref(list);
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return dict;
> -}
> -
> -/**
> - * Gets statistics regarding a policy's attributes.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular attribute; otherwise
> - * the function gets statistics about all of the policy's
> - * attributes.
> - *
> - * @param name Reference to an attribute's name; if NULL,
> - * all object classes will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_attribs(const char *name, const apol_policy_t *
> policydb)
> -{
> - PyObject *obj;
> - apol_attr_query_t *attr_query = NULL;
> - apol_vector_t *v = NULL;
> - const qpol_type_t *type_datum = NULL;
> - size_t n_attrs, i;
> - int error = 0;
> - int rt = 0;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - /* we are only getting information about 1 attribute */
> - if (name != NULL) {
> - attr_query = apol_attr_query_create();
> - if (!attr_query)
> - goto err;
> - if (apol_attr_query_set_attr(policydb, attr_query, name))
> - goto err;
> - if (apol_attr_get_by_query(policydb, attr_query, &v))
> - goto err;
> - apol_attr_query_destroy(&attr_query);
> - if (apol_vector_get_size(v) == 0) {
> - apol_vector_destroy(&v);
> - errno = EINVAL;
> - goto err;
> - }
> -
> - type_datum = apol_vector_get_element(v, (size_t) 0);
> - obj = get_attr(type_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - } else {
> - attr_query = apol_attr_query_create();
> - if (!attr_query)
> - goto err;
> - if (apol_attr_get_by_query(policydb, attr_query, &v))
> - goto err;
> - apol_attr_query_destroy(&attr_query);
> - n_attrs = apol_vector_get_size(v);
> -
> - for (i = 0; i < n_attrs; i++) {
> - /* get qpol_type_t* item from vector */
> - type_datum = (qpol_type_t *) apol_vector_get_element(v,
> (size_t) i);
> - if (!type_datum)
> - goto err;
> - obj = get_attr(type_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> - }
> - apol_vector_destroy(&v);
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - apol_attr_query_destroy(&attr_query);
> - apol_vector_destroy(&v);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Get a textual representation of a type, and
> - * all of that type's attributes.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - */
> -static PyObject* get_type_attrs(const qpol_type_t * type_datum, const
> apol_policy_t * policydb)
> -{
> - qpol_iterator_t *iter = NULL;
> - const char *attr_name = NULL;
> - const qpol_type_t *attr_datum = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - int error = 0;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (qpol_type_get_attr_iter(q, type_datum, &iter))
> - goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&attr_datum))
> - goto err;
> - if (qpol_type_get_name(q, attr_datum, &attr_name))
> - goto err;
> - if (py_append_string(list, attr_name))
> - goto err;
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -static PyObject* get_type(const qpol_type_t * type_datum, const
> apol_policy_t * policydb) {
> -
> - PyObject *obj;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - const char *type_name = NULL;
> - int error = 0;
> - int rt;
> - unsigned char isalias, ispermissive, isattr;
> - PyObject *dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (qpol_type_get_name(q, type_datum, &type_name))
> - goto err;
> - if (qpol_type_get_isalias(q, type_datum, &isalias))
> - goto err;
> - if (qpol_type_get_isattr(q, type_datum, &isattr))
> - goto err;
> - if (qpol_type_get_ispermissive(q, type_datum, &ispermissive))
> - goto err;
> -
> - if (py_insert_string(dict, "name", type_name))
> - goto err;
> -
> - if (py_insert_bool(dict, "permissive", ispermissive))
> - goto err;
> -
> - if (!isattr && !isalias) {
> - obj = get_type_attrs(type_datum, policydb);
> - rt = py_insert_obj(dict, "attributes", obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> -
> - obj = get_type_aliases(type_datum, policydb);
> - rt = py_insert_obj(dict, "aliases", obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> - py_decref(dict); dict = NULL;
> -
> -cleanup:
> - errno = error;
> - return dict;
> -}
> -
> -/**
> - * Gets statistics regarding a policy's booleans.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular boolean; otherwise
> - * the function gets statistics about all of the policy's booleans.
> - *
> - * @param name Reference to a boolean's name; if NULL,
> - * all booleans will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return new reference, or NULL (setting an exception)
> - */
> -static PyObject* get_booleans(const char *name, const apol_policy_t *
> policydb)
> -{
> - PyObject *dict = NULL;
> - int error = 0;
> - int rt = 0;
> - const char *bool_name = NULL;
> - int state;
> - qpol_bool_t *bool_datum = NULL;
> - qpol_iterator_t *iter = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - size_t n_bools = 0;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (name != NULL) {
> - if (qpol_policy_get_bool_by_name(q, name, &bool_datum))
> - goto err;
> - if (qpol_bool_get_state(q, bool_datum, &state))
> - goto err;
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> - if (py_insert_string(dict, "name", name))
> - goto err;
> - if (py_insert_bool(dict, "name", state))
> - goto err;
> - rt = py_append_obj(list, dict);
> - Py_DECREF(dict); dict = NULL;
> - if (rt) goto err;
> - } else {
> - if (qpol_policy_get_bool_iter(q, &iter))
> - goto err;
> - if (qpol_iterator_get_size(iter, &n_bools))
> - goto err;
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&bool_datum))
> - goto err;
> - if (qpol_bool_get_name(q, bool_datum, &bool_name))
> - goto err;
> - if (qpol_bool_get_state(q, bool_datum, &state))
> - goto err;
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> - if (py_insert_string(dict, "name", bool_name))
> - goto err;
> - if (py_insert_bool(dict, "state", state))
> - goto err;
> - rt = py_append_obj(list, dict);
> - Py_DECREF(dict); dict = NULL;
> - if (rt) goto err;
> - }
> - qpol_iterator_destroy(&iter);
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> - py_decref(list); list = NULL;
> - py_decref(dict); dict = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Gets a textual representation of a user, and
> - * all of that user's roles.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - * roles
> - */
> -static PyObject* get_user(const qpol_user_t * user_datum, const
> apol_policy_t * policydb)
> -{
> - int error = 0;
> - int rt;
> - const qpol_role_t *role_datum = NULL;
> - qpol_iterator_t *iter = NULL;
> - const qpol_mls_range_t *range = NULL;
> - const qpol_mls_level_t *dflt_level = NULL;
> - apol_mls_level_t *ap_lvl = NULL;
> - apol_mls_range_t *ap_range = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - char *tmp = NULL;
> - const char *user_name, *role_name;
> - PyObject *dict = NULL;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (qpol_user_get_name(q, user_datum, &user_name))
> - goto err;
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (py_insert_string(dict, "name", user_name))
> - goto err;
> -
> - if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) {
> - if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level))
> - goto err;
> - ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb,
> dflt_level);
> - tmp = apol_mls_level_render(policydb, ap_lvl);
> - if (!tmp) goto err;
> - if (py_insert_string(dict, "level", tmp))
> - goto err;
> - free(tmp); tmp = NULL;
> -
> - if (qpol_user_get_range(q, user_datum, &range))
> - goto err;
> - ap_range = apol_mls_range_create_from_qpol_mls_range(policydb,
> range);
> - tmp = apol_mls_range_render(policydb, ap_range);
> - if (!tmp) goto err;
> - if (py_insert_string(dict, "range", tmp))
> - goto err;
> - free(tmp); tmp=NULL;
> - }
> -
> - if (qpol_user_get_role_iter(q, user_datum, &iter))
> - goto err;
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&role_datum))
> - goto err;
> - if (qpol_role_get_name(q, role_datum, &role_name))
> - goto err;
> - if (py_append_string(list, role_name))
> - goto err;
> - }
> -
> - rt = py_insert_obj(dict, "roles", list);
> - Py_DECREF(list); list=NULL;
> - if (rt) goto err;
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list=NULL;
> - py_decref(dict); dict=NULL;
> -
> -cleanup:
> - free(tmp);
> - qpol_iterator_destroy(&iter);
> - apol_mls_level_destroy(&ap_lvl);
> - apol_mls_range_destroy(&ap_range);
> - errno = error;
> - return dict;
> -}
> -
> -/**
> - * Prints a textual representation of an object class and possibly
> - * all of that object class' permissions.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - */
> -static PyObject* get_class(const qpol_class_t * class_datum, const
> apol_policy_t * policydb)
> -{
> - const char *class_name = NULL, *perm_name = NULL;
> - qpol_iterator_t *iter = NULL;
> - const qpol_common_t *common_datum = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - int error = 0;
> - int rt;
> - PyObject *list = NULL;
> - PyObject *dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (!class_datum)
> - goto err;
> -
> - if (qpol_class_get_name(q, class_datum, &class_name))
> - goto err;
> -
> - if (py_insert_string(dict, "name", class_name))
> - goto err;
> - /* get commons for this class */
> - if (qpol_class_get_common(q, class_datum, &common_datum))
> - goto err;
> -
> - list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (common_datum) {
> - if (qpol_common_get_perm_iter(q, common_datum, &iter))
> - goto err;
> - /* print perms for the common */
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&perm_name))
> - goto err;
> - if (py_append_string(list, perm_name))
> - goto err;
> - }
> - }
> - /* print unique perms for this class */
> - if (qpol_class_get_perm_iter(q, class_datum, &iter))
> - goto err;
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&perm_name))
> - goto err;
> - if (py_append_string(list, perm_name))
> - goto err;
> - }
> - rt = py_insert_obj(dict, "permlist", list);
> - Py_DECREF(list); list = NULL;
> - if (rt) goto err;
> - qpol_iterator_destroy(&iter);
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list=NULL;
> - py_decref(dict); dict=NULL;
> -
> -cleanup:
> - errno = error;
> - qpol_iterator_destroy(&iter);
> - return dict;
> -}
> -
> -/**
> - * Get statistics regarding a policy's object classes.
> - * If this function is given a name, it will attempt to
> - * print statistics about a particular object class; otherwise
> - * the function prints statistics about all of the policy's object
> - * classes.
> - *
> - * @param name Reference to an object class' name; if NULL,
> - * all object classes will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_classes(const char *name, const apol_policy_t *
> policydb)
> -{
> - qpol_iterator_t *iter = NULL;
> - size_t n_classes = 0;
> - const qpol_class_t *class_datum = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - int error = 0;
> - int rt;
> - PyObject *obj;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (name != NULL) {
> - if (qpol_policy_get_class_by_name(q, name, &class_datum))
> - goto err;
> - obj = get_class(class_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - } else {
> - if (qpol_policy_get_class_iter(q, &iter))
> - goto err;
> - if (qpol_iterator_get_size(iter, &n_classes))
> - goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&class_datum))
> - goto err;
> - obj = get_class(class_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> - qpol_iterator_destroy(&iter);
> - }
> - goto cleanup;
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Gets statistics regarding a policy's users.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular user; otherwise
> - * the function gets statistics about all of the policy's
> - * users.
> - *
> - * @param name Reference to a user's name; if NULL,
> - * all users will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_users(const char *name, const apol_policy_t * policydb)
> -{
> - qpol_iterator_t *iter = NULL;
> - const qpol_user_t *user_datum = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - int error = 0;
> - int rt;
> - PyObject *obj;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (name != NULL) {
> - if (qpol_policy_get_user_by_name(q, name, &user_datum)) {
> - errno = EINVAL;
> - goto err;
> - }
> - obj = get_user(user_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - } else {
> - if (qpol_policy_get_user_iter(q, &iter))
> - goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&user_datum))
> - goto err;
> - obj = get_user(user_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> - qpol_iterator_destroy(&iter);
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * get a textual representation of a role, and
> - * all of that role's types.
> - *
> - * @param type_datum Reference to sepol type_datum
> - * @param policydb Reference to a policy
> - * types
> - */
> -static PyObject* get_role(const qpol_role_t * role_datum, const
> apol_policy_t * policydb)
> -{
> - const char *role_name = NULL, *type_name = NULL;
> - const qpol_role_t *dom_datum = NULL;
> - const qpol_type_t *type_datum = NULL;
> - qpol_iterator_t *iter = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - size_t n_dom = 0, n_types = 0;
> - int error = 0;
> - int rt;
> - PyObject *list = NULL;
> - PyObject *dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (qpol_role_get_name(q, role_datum, &role_name))
> - goto err;
> - if (py_insert_string(dict, "name", role_name))
> - goto err;
> -
> - if (qpol_role_get_dominate_iter(q, role_datum, &iter))
> - goto err;
> - if (qpol_iterator_get_size(iter, &n_dom))
> - goto err;
> - if ((int)n_dom > 0) {
> - list = PyList_New(0);
> - if (!list) goto err;
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&dom_datum))
> - goto err;
> - if (qpol_role_get_name(q, dom_datum, &role_name))
> - goto err;
> - if (py_append_string(list, role_name))
> - goto err;
> - }
> - rt = py_insert_obj(dict, "roles", list);
> - Py_DECREF(list); list = NULL;
> - if (rt) goto err;
> - }
> - qpol_iterator_destroy(&iter);
> -
> - if (qpol_role_get_type_iter(q, role_datum, &iter))
> - goto err;
> - if (qpol_iterator_get_size(iter, &n_types))
> - goto err;
> - if ((int)n_types > 0) {
> - list = PyList_New(0);
> - if (!list) goto err;
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&type_datum))
> - goto err;
> - if (qpol_type_get_name(q, type_datum, &type_name))
> - goto err;
> - if (py_append_string(list, type_name))
> - goto err;
> - }
> - rt = py_insert_obj(dict, "types", list);
> - Py_DECREF(list); list = NULL;
> - if (rt) goto err;
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> - py_decref(dict); dict = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return dict;
> -}
> -
> -/**
> - * Get statistics regarding a policy's ports.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular port; otherwise
> - * the function get statistics about all of the policy's ports.
> - *
> - * @param name Reference to an port's name; if NULL,
> - * all ports will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_ports(const char *num, const apol_policy_t * policydb)
> -{
> - const qpol_portcon_t *portcon = NULL;
> - qpol_iterator_t *iter = NULL;
> - uint16_t low_port, high_port;
> - uint8_t ocon_proto;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - const qpol_context_t *ctxt = NULL;
> - const char *proto_str = NULL;
> - const char *type = NULL;
> - const apol_mls_range_t *range = NULL;
> - char *range_str = NULL;
> - apol_context_t *c = NULL;
> - int error = 0;
> - int rt = 0;
> - PyObject *dict = NULL;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (qpol_policy_get_portcon_iter(q, &iter))
> - goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&portcon))
> - goto err;
> - if (qpol_portcon_get_low_port(q, portcon, &low_port))
> - goto err;
> - if (qpol_portcon_get_high_port(q, portcon, &high_port))
> - goto err;
> - if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
> - goto err;
> - if (num) {
> - if (atoi(num) < low_port || atoi(num) > high_port)
> - continue;
> - }
> -
> - if ((ocon_proto != IPPROTO_TCP) &&
> - (ocon_proto != IPPROTO_UDP))
> - goto err;
> -
> - if (qpol_portcon_get_context(q, portcon, &ctxt)) {
> - PyErr_SetString(PyExc_RuntimeError, "Could not get for
> port context.");
> - goto err;
> - }
> -
> - if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
> - PyErr_SetString(PyExc_RuntimeError, "Invalid protocol
> for port");
> - goto err;
> - }
> -
> - if ((c = apol_context_create_from_qpol_context(policydb, ctxt))
> == NULL) {
> - goto err;
> - }
> -
> - if((type = apol_context_get_type(c)) == NULL) {
> - apol_context_destroy(&c);
> - goto err;
> - }
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> - if (py_insert_string(dict, "type", type))
> - goto err;
> -
> - if((range = apol_context_get_range(c)) != NULL) {
> - range_str = apol_mls_range_render(policydb, range);
> - if (range_str == NULL) {
> - goto err;
> - }
> - if (py_insert_string(dict, "range", range_str))
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "protocol", proto_str))
> - goto err;
> -
> - if (py_insert_long(dict, "high", high_port))
> - goto err;
> -
> - if (py_insert_long(dict, "low", low_port))
> - goto err;
> -
> - rt = py_append_obj(list, dict);
> - Py_DECREF(dict); dict = NULL;
> - if (rt) goto err;
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> - py_decref(dict); dict = NULL;
> -
> -cleanup:
> - free(range_str);
> - apol_context_destroy(&c);
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Get statistics regarding a policy's roles.
> - * If this function is given a name, it will attempt to
> - * get statistics about a particular role; otherwise
> - * the function get statistics about all of the policy's roles.
> - *
> - * @param name Reference to an role's name; if NULL,
> - * all roles will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_roles(const char *name, const apol_policy_t * policydb)
> -{
> - const qpol_role_t *role_datum = NULL;
> - qpol_iterator_t *iter = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - int error = 0;
> - int rt;
> - PyObject *obj;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> -
> - if (name != NULL) {
> - if (qpol_policy_get_role_by_name(q, name, &role_datum)) {
> - errno = EINVAL;
> - goto err;
> - }
> - obj = get_role(role_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - } else {
> - if (qpol_policy_get_role_iter(q, &iter))
> - goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&role_datum))
> - goto err;
> - obj = get_role(role_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> - qpol_iterator_destroy(&iter);
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -/**
> - * Get statistics regarding a policy's types.
> - * If this function is given a name, it will attempt to
> - * print statistics about a particular type; otherwise
> - * the function prints statistics about all of the policy's types.
> - *
> - * @param name Reference to a type's name; if NULL,
> - * all object classes will be considered
> - * @param policydb Reference to a policy
> - *
> - * @return 0 on success, < 0 on error.
> - */
> -static PyObject* get_types(const char *name, const apol_policy_t * policydb)
> -{
> - const qpol_type_t *type_datum = NULL;
> - qpol_iterator_t *iter = NULL;
> - qpol_policy_t *q = apol_policy_get_qpol(policydb);
> - int error = 0;
> - int rt;
> - PyObject *obj;
> - PyObject *list = PyList_New(0);
> - if (!list) goto err;
> - /* if name was provided, only print that name */
> - if (name != NULL) {
> - if (qpol_policy_get_type_by_name(q, name, &type_datum)) {
> - errno = EINVAL;
> - goto err;
> - }
> - obj = get_type(type_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - } else {
> - if (qpol_policy_get_type_iter(q, &iter))
> - goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&type_datum))
> - goto err;
> - obj = get_type(type_datum, policydb);
> - rt = py_append_obj(list, obj);
> - Py_DECREF(obj);
> - if (rt) goto err;
> - }
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(list); list = NULL;
> -
> -cleanup:
> - qpol_iterator_destroy(&iter);
> - errno = error;
> - return list;
> -}
> -
> -PyObject* info( int type, const char *name)
> -{
> - PyObject* output = NULL;
> -
> - switch(type) {
> - /* display requested info */
> - case TYPE:
> - output = get_types(name, global_policy);
> - break;
> - case ATTRIBUTE:
> - output = get_attribs(name, global_policy);
> - break;
> - case ROLE:
> - output = get_roles(name, global_policy);
> - break;
> - case USER:
> - output = get_users(name, global_policy);
> - break;
> - case CLASS:
> - output = get_classes(name, global_policy);
> - break;
> - case BOOLEAN:
> - output = get_booleans(name, global_policy);
> - break;
> - case PORT:
> - output = get_ports(name, global_policy);
> - break;
> - case SENS:
> - output = get_sens(name, global_policy);
> - break;
> - case CATS:
> - output = get_cats(name, global_policy);
> - break;
> - default:
> - errno = EINVAL;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - break;
> - }
> -
> - return output;
> -}
> -
> -PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
> - int type;
> - const char *name;
> -
> - if (!global_policy) {
> - PyErr_SetString(PyExc_RuntimeError,"Policy not loaded");
> - return NULL;
> - }
> -
> - if (!PyArg_ParseTuple(args, "iz", &type, &name))
> - return NULL;
> -
> - return info(type, name);
> -}
> -
> -void init_info (PyObject *m) {
> - PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
> - PyModule_AddIntConstant(m, "PORT", PORT);
> - PyModule_AddIntConstant(m, "ROLE", ROLE);
> - PyModule_AddIntConstant(m, "TYPE", TYPE);
> - PyModule_AddIntConstant(m, "USER", USER);
> - PyModule_AddIntConstant(m, "CLASS", CLASS);
> - PyModule_AddIntConstant(m, "BOOLEAN", BOOLEAN);
> - PyModule_AddIntConstant(m, "SENS", SENS);
> - PyModule_AddIntConstant(m, "CATS", CATS);
> -}
> diff --git a/policycoreutils/sepolicy/policy.c
> b/policycoreutils/sepolicy/policy.c
> deleted file mode 100644
> index 423a926..0000000
> --- a/policycoreutils/sepolicy/policy.c
> +++ /dev/null
> @@ -1,116 +0,0 @@
> -/**
> - * @file
> - * Python bindings to search SELinux Policy rules.
> - *
> - * @author Dan Walsh <dwa...@redhat.com>
> - *
> - * Copyright (C) 2012 Red Hat, INC
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, write to the Free Software
> - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
> USA
> - */
> -
> -#include "Python.h"
> -
> -#ifdef UNUSED
> -#elif defined(__GNUC__)
> -# define UNUSED(x) UNUSED_ ## x __attribute__((unused))
> -#elif defined(__LCLINT__)
> -# define UNUSED(x) /*@unused@*/ x
> -#else
> -# define UNUSED(x) x
> -#endif
> -
> -#include "policy.h"
> -apol_policy_t *global_policy = NULL;
> -
> -/* other */
> -#include <errno.h>
> -#include <stdlib.h>
> -#include <stdio.h>
> -#include <string.h>
> -#include <assert.h>
> -
> -#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
> -
> -PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){
> - const char *policy_file;
> - apol_vector_t *mod_paths = NULL;
> - apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
> - apol_policy_path_t *pol_path = NULL;
> -
> - if (!PyArg_ParseTuple(args, "z", &policy_file))
> - return NULL;
> -
> - if (global_policy)
> - apol_policy_destroy(&global_policy);
> -
> - int policy_load_options = 0;
> -
> - pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
> - if (!pol_path) {
> - apol_vector_destroy(&mod_paths);
> - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
> - return NULL;
> - }
> - apol_vector_destroy(&mod_paths);
> -
> - global_policy = apol_policy_create_from_policy_path(pol_path,
> policy_load_options, NULL, NULL);
> - apol_policy_path_destroy(&pol_path);
> - if (!global_policy) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - return NULL;
> - }
> -
> - return Py_None;
> -}
> -
> -static PyMethodDef methods[] = {
> - {"policy", (PyCFunction) wrap_policy, METH_VARARGS,
> - "Initialize SELinux policy for use with search and info"},
> - {"info", (PyCFunction) wrap_info, METH_VARARGS,
> - "Return SELinux policy info about types, attributes, roles,
> users"},
> - {"search", (PyCFunction) wrap_search, METH_VARARGS,
> - "Search SELinux Policy for allow, neverallow, auditallow, dontaudit and
> transition records"},
> - {NULL, NULL, 0, NULL} /* sentinel */
> -};
> -
> -#if PY_MAJOR_VERSION >= 3
> -
> -static struct PyModuleDef module_def =
> -{
> - PyModuleDef_HEAD_INIT,
> - "_policy", /* name of module */
> - "", /* module documentation, may be NULL */
> - -1, /* size of per-interpreter state of the module, or -1 if the module
> keeps state in global variables. */
> - (PyMethodDef*)&methods,
> -};
> -
> -PyMODINIT_FUNC PyInit__policy(void)
> -{
> - PyObject *m;
> - m = PyModule_Create(&module_def);
> - init_info(m);
> - return m;
> -}
> -
> -#else // python 2
> -
> -void init_policy(void) {
> - PyObject *m;
> - m = Py_InitModule("_policy", methods);
> - init_info(m);
> -}
> -
> -#endif
> diff --git a/policycoreutils/sepolicy/policy.h
> b/policycoreutils/sepolicy/policy.h
> deleted file mode 100644
> index ffac497..0000000
> --- a/policycoreutils/sepolicy/policy.h
> +++ /dev/null
> @@ -1,7 +0,0 @@
> -#include <apol/policy.h>
> -extern apol_policy_t *global_policy;
> -extern PyObject *wrap_info(PyObject *self, PyObject *args);
> -extern void init_info (PyObject *m);
> -extern PyObject *wrap_search(PyObject *self, PyObject *args);
> -
> -
> diff --git a/policycoreutils/sepolicy/search.c
> b/policycoreutils/sepolicy/search.c
> deleted file mode 100644
> index d608006..0000000
> --- a/policycoreutils/sepolicy/search.c
> +++ /dev/null
> @@ -1,1029 +0,0 @@
> -// Author: Thomas Liu <t...@redhat.com>
> -
> -/**
> - * @file
> - * Python bindings used to search TE rules.
> - *
> - * @author Thomas Liu <t...@redhat.com>
> - * @author Dan Walsh <dwa...@redhat.com>
> - * Copyright (C) 2012-2013 Red Hat, inc
> - *
> - * Sections copied from sesearch.c in setools package
> - * @author Frank Mayer may...@tresys.com
> - * @author Jeremy A. Mowery jmow...@tresys.com
> - * @author Paul Rosenfeld prosenf...@tresys.com
> - * Copyright (C) 2003-2008 Tresys Technology, LLC
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, write to the Free Software
> - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
> USA
> - */
> -
> -/**
> - * This is a modified version of sesearch to be used as part of a sepython
> library for
> - * Python bindings.
> - */
> -
> -#include "common.h"
> -#include "policy.h"
> -
> -/* libapol */
> -#include <apol/policy-query.h>
> -#include <apol/render.h>
> -#include <apol/util.h>
> -#include <apol/vector.h>
> -
> -/* libqpol*/
> -#include <qpol/policy.h>
> -#include <qpol/policy_extend.h>
> -#include <qpol/syn_rule_query.h>
> -#include <qpol/util.h>
> -
> -/* other */
> -#include <errno.h>
> -#include <stdlib.h>
> -#include <stdio.h>
> -#include <assert.h>
> -#include <getopt.h>
> -#include <string.h>
> -#include <stdbool.h>
> -
> -#define COPYRIGHT_INFO "Copyright (C) 2012 Red Hat, Inc, Tresys Technology,
> LLC"
> -
> -enum opt_values
> -{
> - RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT,
> - RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL,
> - EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET
> -};
> -
> -;
> -
> -typedef struct options
> -{
> - char *src_name;
> - char *tgt_name;
> - char *src_role_name;
> - char *tgt_role_name;
> - char *class_name;
> - char *permlist;
> - char *bool_name;
> - apol_vector_t *class_vector;
> - bool all;
> - bool lineno;
> - bool semantic;
> - bool indirect;
> - bool allow;
> - bool nallow;
> - bool auditallow;
> - bool dontaudit;
> - bool type;
> - bool rtrans;
> - bool role_allow;
> - bool role_trans;
> - bool useregex;
> - bool show_cond;
> - apol_vector_t *perm_vector;
> -} options_t;
> -
> -static int py_tuple_insert_obj(PyObject *tuple, int pos, PyObject *obj)
> -{
> - int rt;
> - if (!obj) return -1;
> - rt = PyTuple_SetItem(tuple, pos, obj);
> - return rt;
> -}
> -
> -static int perform_ra_query(const apol_policy_t * policy, const options_t *
> opt, apol_vector_t ** v)
> -{
> - apol_role_allow_query_t *raq = NULL;
> - int error = 0;
> -
> - if (!policy || !opt || !v) {
> - ERR(policy, "%s", strerror(EINVAL));
> - errno = EINVAL;
> - return -1;
> - }
> -
> - if (!opt->role_allow && !opt->all) {
> - *v = NULL;
> - return 0; /* no search to do */
> - }
> -
> - raq = apol_role_allow_query_create();
> - if (!raq) {
> - ERR(policy, "%s", strerror(ENOMEM));
> - errno = ENOMEM;
> - return -1;
> - }
> -
> - apol_role_allow_query_set_regex(policy, raq, opt->useregex);
> - if (opt->src_role_name) {
> - if (apol_role_allow_query_set_source(policy, raq,
> opt->src_role_name)) {
> - error = errno;
> - goto err;
> - }
> - }
> - if (opt->tgt_role_name)
> - if (apol_role_allow_query_set_target(policy, raq,
> opt->tgt_role_name)) {
> - error = errno;
> - goto err;
> - }
> -
> - if (apol_role_allow_get_by_query(policy, raq, v)) {
> - error = errno;
> - goto err;
> - }
> - apol_role_allow_query_destroy(&raq);
> - return 0;
> -
> - err:
> - apol_vector_destroy(v);
> - apol_role_allow_query_destroy(&raq);
> - ERR(policy, "%s", strerror(error));
> - errno = error;
> - return -1;
> -}
> -
> -static PyObject* get_ra_results(const apol_policy_t * policy, const
> apol_vector_t * v, PyObject *output)
> -{
> - size_t i, num_rules = 0;
> - qpol_policy_t *q;
> - const qpol_role_allow_t *rule = NULL;
> - const char *tmp;
> - PyObject *obj, *dict=NULL;
> - const qpol_role_t *role = NULL;
> - int error = 0;
> - errno = EINVAL;
> - int rt;
> -
> - if (!policy || !v) {
> - errno = EINVAL;
> - goto err;
> - }
> -
> - if (!(num_rules = apol_vector_get_size(v)))
> - return NULL;
> -
> - q = apol_policy_get_qpol(policy);
> -
> - for (i = 0; i < num_rules; i++) {
> - dict = PyDict_New();
> - if (!dict) goto err;
> - if (!(rule = apol_vector_get_element(v, i)))
> - goto err;
> -
> - if (qpol_role_allow_get_source_role(q, rule, &role)) {
> - goto err;
> - }
> - if (qpol_role_get_name(q, role, &tmp)) {
> - goto err;
> - }
> - obj = PyString_FromString(tmp);
> - if (py_insert_obj(dict, "source", obj))
> - goto err;
> -
> - if (qpol_role_allow_get_target_role(q, rule, &role)) {
> - goto err;
> - }
> - if (qpol_role_get_name(q, role, &tmp)) {
> - goto err;
> - }
> - obj = PyString_FromString(tmp);
> - if (py_insert_obj(dict, "target", obj))
> - goto err;
> -
> - rt = py_append_obj(output, dict);
> - if (rt) goto err;
> - py_decref(dict); dict=NULL;
> - }
> - goto cleanup;
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> - py_decref(dict);
> -
> -cleanup:
> - errno = error;
> - return output;
> -}
> -
> -static int perform_te_query(const apol_policy_t * policy, const options_t *
> opt, apol_vector_t ** v)
> -{
> - apol_terule_query_t *teq = NULL;
> - unsigned int rules = 0;
> - int error = 0;
> - size_t i;
> -
> - if (!policy || !opt || !v) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
> - errno = EINVAL;
> - return -1;
> - }
> -
> - if (opt->all || opt->type) {
> - rules = (QPOL_RULE_TYPE_TRANS | QPOL_RULE_TYPE_CHANGE |
> QPOL_RULE_TYPE_MEMBER);
> - } else {
> - *v = NULL;
> - return 0; /* no search to do */
> - }
> -
> - teq = apol_terule_query_create();
> - if (!teq) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
> - errno = ENOMEM;
> - return -1;
> - }
> -
> - apol_terule_query_set_rules(policy, teq, rules);
> - apol_terule_query_set_regex(policy, teq, opt->useregex);
> -
> - if (opt->src_name)
> - apol_terule_query_set_source(policy, teq, opt->src_name,
> opt->indirect);
> - if (opt->tgt_name)
> - apol_terule_query_set_target(policy, teq, opt->tgt_name,
> opt->indirect);
> - if (opt->bool_name)
> - apol_terule_query_set_bool(policy, teq, opt->bool_name);
> - if (opt->class_name) {
> - if (opt->class_vector == NULL) {
> - if (apol_terule_query_append_class(policy, teq,
> opt->class_name)) {
> - error = errno;
> - goto err;
> - }
> - } else {
> - for (i = 0; i <
> apol_vector_get_size(opt->class_vector); ++i) {
> - char *class_name;
> - class_name =
> apol_vector_get_element(opt->class_vector, i);
> - if (!class_name)
> - continue;
> - if (apol_terule_query_append_class(policy, teq,
> class_name)) {
> - error = errno;
> - goto err;
> - }
> - }
> - }
> - }
> -
> - if (!(opt->semantic) &&
> qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES))
> {
> - if (apol_syn_terule_get_by_query(policy, teq, v)) {
> - goto err;
> - }
> - } else {
> - if (apol_terule_get_by_query(policy, teq, v)) {
> - goto err;
> - }
> - }
> -
> - apol_terule_query_destroy(&teq);
> - return 0;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> - apol_vector_destroy(v);
> - apol_terule_query_destroy(&teq);
> - errno = error;
> - return -1;
> -}
> -
> -static PyObject* get_bool(const qpol_policy_t *q, const qpol_cond_t * cond,
> int enabled)
> -{
> - qpol_iterator_t *iter = NULL;
> - qpol_cond_expr_node_t *expr = NULL;
> - char *tmp = NULL;
> - const char *bool_name = NULL;
> - int error = 0;
> - uint32_t expr_type = 0;
> - qpol_bool_t *cond_bool = NULL;
> - PyObject *obj, *tuple = NULL;
> - PyObject *boollist = NULL;
> -
> - if (!q || !cond) {
> - errno = EINVAL;
> - return NULL;
> - }
> - if (qpol_cond_get_expr_node_iter(q, cond, &iter) < 0) {
> - goto err;
> - }
> -
> - boollist = PyList_New(0);
> - if (! boollist) goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - if (qpol_iterator_get_item(iter, (void **)&expr)) {
> - goto err;
> - }
> - if (qpol_cond_expr_node_get_expr_type(q, expr, &expr_type)) {
> - goto err;
> - }
> - if (expr_type != QPOL_COND_EXPR_BOOL) {
> - obj =
> PyString_FromString(apol_cond_expr_type_to_str(expr_type));
> - if (!obj) goto err;
> - if (py_append_obj(boollist, obj))
> - goto err;
> - } else {
> - tuple = PyTuple_New(2);
> - if (!tuple) goto err;
> -
> - if (qpol_cond_expr_node_get_bool(q, expr, &cond_bool)) {
> - goto err;
> - }
> - if (qpol_bool_get_name(q, cond_bool, &bool_name)) {
> - goto err;
> - }
> - obj = PyString_FromString(bool_name);
> - if (py_tuple_insert_obj(tuple, 0, obj))
> - goto err;
> - obj = PyBool_FromLong(enabled);
> - if (py_tuple_insert_obj(tuple, 1, obj))
> - goto err;
> - if (py_append_obj(boollist, tuple))
> - goto err;
> - tuple=NULL;
> - }
> - }
> -
> - qpol_iterator_destroy(&iter);
> - return boollist;
> -
> - err:
> - error = errno;
> - qpol_iterator_destroy(&iter);
> - py_decref(tuple);
> - py_decref(boollist);
> - free(tmp);
> - errno = error;
> - return NULL;
> -}
> -
> -static PyObject* get_te_results(const apol_policy_t * policy, const
> apol_vector_t * v, PyObject *output)
> -{
> - int error = 0;
> - int rt = 0;
> - PyObject *obj, *dict=NULL, *tuple = NULL;
> - qpol_policy_t *q;
> - uint32_t rule_type = 0;
> - const qpol_type_t *type;
> - size_t i, num_rules = 0;
> - const qpol_terule_t *rule = NULL;
> - char *tmp = NULL, *rule_str = NULL, *expr = NULL;
> - const qpol_cond_t *cond = NULL;
> - uint32_t enabled = 0;
> - const char *tmp_name;
> - const qpol_class_t *obj_class = NULL;
> -
> - if (!policy || !v) {
> - errno = EINVAL;
> - goto err;
> - }
> -
> - if (!(num_rules = apol_vector_get_size(v)))
> - return NULL;
> -
> - q = apol_policy_get_qpol(policy);
> -
> - for (i = 0; i < num_rules; i++) {
> - dict = PyDict_New();
> - if (!dict) goto err;
> - if (!(rule = apol_vector_get_element(v, i)))
> - goto err;
> - if (qpol_terule_get_cond(q, rule, &cond))
> - goto err;
> - if (qpol_terule_get_is_enabled(q, rule, &enabled))
> - goto err;
> -
> - if (cond) {
> - obj = get_bool(q, cond, enabled);
> - if (!obj) goto err;
> - rt = PyDict_SetItemString(dict, "boolean", obj);
> - py_decref(obj);
> - }
> -
> - if (qpol_terule_get_rule_type(q, rule, &rule_type))
> - goto err;
> -
> - if (!(rule_type &= (QPOL_RULE_TYPE_TRANS |
> QPOL_RULE_TYPE_CHANGE | QPOL_RULE_TYPE_MEMBER))) {
> - PyErr_SetString(PyExc_RuntimeError,"Invalid TE rule
> type");
> - errno = EINVAL;
> - goto err;
> - }
> - if (!(tmp_name = apol_rule_type_to_str(rule_type))) {
> - PyErr_SetString(PyExc_RuntimeError, "Could not get TE
> rule type's string");
> - errno = EINVAL;
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "type", tmp_name))
> - goto err;
> -
> - if (qpol_terule_get_source_type(q, rule, &type))
> - goto err;
> - if (qpol_type_get_name(q, type, &tmp_name))
> - goto err;
> - if (py_insert_string(dict, "source", tmp_name))
> - goto err;
> -
> - if (qpol_terule_get_target_type(q, rule, &type))
> - goto err;
> - if (qpol_type_get_name(q, type, &tmp_name))
> - goto err;
> - if (py_insert_string(dict, "target", tmp_name))
> - goto err;
> -
> - if (qpol_terule_get_object_class(q, rule, &obj_class))
> - goto err;
> - if (qpol_class_get_name(q, obj_class, &tmp_name))
> - goto err;
> - if (py_insert_string(dict, "class", tmp_name))
> - goto err;
> -
> - if (qpol_terule_get_default_type(q, rule, &type))
> - goto err;
> - if (qpol_type_get_name(q, type, &tmp_name))
> - goto err;
> - if (py_insert_string(dict, "transtype", tmp_name))
> - goto err;
> -
> - rt = py_append_obj(output, dict);
> - dict = NULL;
> - if(rt) goto err;
> -
> - free(rule_str); rule_str = NULL;
> - free(expr); expr = NULL;
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - py_decref(dict);
> - py_decref(tuple);
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> -cleanup:
> - free(tmp);
> - free(rule_str);
> - free(expr);
> - errno = error;
> - return output;
> -}
> -
> -static int perform_ft_query(const apol_policy_t * policy, const options_t *
> opt, apol_vector_t ** v)
> -{
> - apol_filename_trans_query_t *ftq = NULL;
> - size_t i;
> - int error = 0;
> -
> - if (!policy || !opt || !v) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
> - errno = EINVAL;
> - return -1;
> - }
> -
> - if (!opt->type && !opt->all) {
> - *v = NULL;
> - return 0; /* no search to do */
> - }
> -
> - ftq = apol_filename_trans_query_create();
> - if (!ftq) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
> - errno = ENOMEM;
> - return -1;
> - }
> -
> - apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
> - if (opt->src_name) {
> - if (apol_filename_trans_query_set_source(policy, ftq,
> opt->src_name, opt->indirect)) {
> - goto err;
> - }
> - }
> -
> - if (opt->tgt_name) {
> - if (apol_filename_trans_query_set_target(policy, ftq,
> opt->tgt_name, opt->indirect)) {
> - goto err;
> - }
> - }
> - if (opt->class_name) {
> - if (opt->class_vector == NULL) {
> - if (apol_filename_trans_query_append_class(policy, ftq,
> opt->class_name)) {
> - goto err;
> - }
> - } else {
> - for (i = 0; i <
> apol_vector_get_size(opt->class_vector); ++i) {
> - char *class_name;
> - class_name =
> apol_vector_get_element(opt->class_vector, i);
> - if (!class_name)
> - continue;
> - if
> (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
> - goto err;
> - }
> - }
> - }
> - }
> -
> - if (apol_filename_trans_get_by_query(policy, ftq, v))
> - goto err;
> -
> - apol_filename_trans_query_destroy(&ftq);
> - return 0;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - apol_vector_destroy(v);
> - apol_filename_trans_query_destroy(&ftq);
> - errno = error;
> - return -1;
> -}
> -
> -static PyObject* get_ft_results(const apol_policy_t * policy, const
> apol_vector_t * v, PyObject *list)
> -{
> - PyObject *dict = NULL;
> - size_t i, num_filename_trans = 0;
> - const char *tmp_name;
> - int error = 0;
> - int rt;
> - const qpol_filename_trans_t *filename_trans = NULL;
> - const qpol_class_t *obj_class = NULL;
> - char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
> - qpol_policy_t *q;
> - const qpol_type_t *type = NULL;
> -
> - if (!policy || !v) {
> - errno = EINVAL;
> - goto err;
> - }
> -
> - if (!(num_filename_trans = apol_vector_get_size(v)))
> - return NULL;
> -
> - q = apol_policy_get_qpol(policy);
> -
> - for (i = 0; i < num_filename_trans; i++) {
> - if (!(filename_trans = apol_vector_get_element(v, i)))
> - goto err;
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (py_insert_string(dict, "type", "type_transition"))
> - goto err;
> -
> - /* source type */
> - if (qpol_filename_trans_get_source_type(q, filename_trans,
> &type)) {
> - goto err;
> - }
> - if (qpol_type_get_name(q, type, &tmp_name)) {
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "source", tmp_name))
> - goto err;
> -
> - if (qpol_filename_trans_get_target_type(q, filename_trans,
> &type))
> - goto err;
> -
> - if (qpol_type_get_name(q, type, &tmp_name))
> - goto err;
> -
> - if (py_insert_string(dict, "target", tmp_name))
> - goto err;
> -
> - if (qpol_filename_trans_get_object_class(q, filename_trans,
> &obj_class))
> - goto err;
> -
> - if (qpol_class_get_name(q, obj_class, &tmp_name))
> - goto err;
> -
> - if (py_insert_string(dict, "class", tmp_name))
> - goto err;
> -
> - if (qpol_filename_trans_get_default_type(q, filename_trans,
> &type))
> - goto err;
> - if (qpol_type_get_name(q, type, &tmp_name))
> - goto err;
> - if (py_insert_string(dict, "transtype", tmp_name))
> - goto err;
> -
> - if (! qpol_filename_trans_get_filename(q, filename_trans,
> &tmp_name)) {
> - if (py_insert_string(dict, "filename", tmp_name))
> - goto err;
> - }
> -
> - rt = py_append_obj(list, dict);
> - dict = NULL;
> - if (rt) goto err;
> -
> - free(filename_trans_str); filename_trans_str = NULL;
> - free(expr); expr = NULL;
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(dict);
> -cleanup:
> - free(tmp);
> - free(filename_trans_str);
> - free(expr);
> - errno = error;
> - return list;
> -}
> -
> -static int perform_av_query(const apol_policy_t * policy, const options_t *
> opt, apol_vector_t ** v)
> -{
> - apol_avrule_query_t *avq = NULL;
> - unsigned int rules = 0;
> - int error = 0;
> - char *tmp = NULL, *tok = NULL, *s = NULL;
> -
> - if (!policy || !opt || !v) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
> - errno = EINVAL;
> - return -1;
> - }
> -
> - if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow &&
> !opt->dontaudit) {
> - *v = NULL;
> - return 0; /* no search to do */
> - }
> -
> - avq = apol_avrule_query_create();
> - if (!avq) {
> - PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
> - errno = ENOMEM;
> - return -1;
> - }
> -
> - if (opt->allow || opt->all)
> - rules |= QPOL_RULE_ALLOW;
> - if (opt->nallow || opt->all) // Add this regardless of policy
> capabilities
> - rules |= QPOL_RULE_NEVERALLOW;
> - if (opt->auditallow || opt->all)
> - rules |= QPOL_RULE_AUDITALLOW;
> - if (opt->dontaudit || opt->all)
> - rules |= QPOL_RULE_DONTAUDIT;
> - if (rules != 0) // Setting rules = 0 means you want all the rules
> - apol_avrule_query_set_rules(policy, avq, rules);
> - apol_avrule_query_set_regex(policy, avq, opt->useregex);
> - if (opt->src_name)
> - apol_avrule_query_set_source(policy, avq, opt->src_name,
> opt->indirect);
> - if (opt->tgt_name)
> - apol_avrule_query_set_target(policy, avq, opt->tgt_name,
> opt->indirect);
> - if (opt->bool_name)
> - apol_avrule_query_set_bool(policy, avq, opt->bool_name);
> - if (opt->class_name) {
> - if (opt->class_vector == NULL) {
> - if (apol_avrule_query_append_class(policy, avq,
> opt->class_name)) {
> - goto err;
> - }
> - } else {
> - size_t i;
> - for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
> - char *class_name;
> - class_name =
> apol_vector_get_element(opt->class_vector, i);
> - if (!class_name)
> - continue;
> - if (apol_avrule_query_append_class(policy, avq,
> class_name)) {
> - goto err;
> - }
> - }
> - }
> - }
> -
> - if (opt->permlist) {
> - tmp = strdup(opt->permlist);
> - for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) {
> - if (apol_avrule_query_append_perm(policy, avq, tok)) {
> - goto err;
> - }
> - if ((s = strdup(tok)) == NULL ||
> apol_vector_append(opt->perm_vector, s) < 0) {
> - goto err;
> - }
> - s = NULL;
> - }
> - free(tmp);
> - tmp = NULL;
> - }
> -
> - if (!(opt->semantic) &&
> qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES))
> {
> - if (apol_syn_avrule_get_by_query(policy, avq, v)) {
> - goto err;
> - }
> - } else {
> - if (apol_avrule_get_by_query(policy, avq, v)) {
> - goto err;
> - }
> - }
> -
> - apol_avrule_query_destroy(&avq);
> - return 0;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(error));
> - apol_vector_destroy(v);
> - apol_avrule_query_destroy(&avq);
> - free(tmp);
> - free(s);
> - errno = error;
> - return -1;
> -}
> -
> -static PyObject* get_av_results(const apol_policy_t * policy, const
> apol_vector_t * v, PyObject *output)
> -{
> - PyObject *obj, *dict=NULL;
> - PyObject *permlist = NULL;
> - PyObject *boollist = NULL;
> - uint32_t rule_type = 0;
> - int rt;
> - int error = 0;
> - qpol_policy_t *q;
> - size_t i, num_rules = 0;
> - const qpol_avrule_t *rule = NULL;
> - char *tmp = NULL, *rule_str = NULL;
> - qpol_cond_expr_node_t *expr = NULL;
> - qpol_iterator_t *iter = NULL;
> - const qpol_cond_t *cond = NULL;
> - uint32_t enabled = 0;
> - const qpol_type_t *type;
> - const char *tmp_name;
> - const qpol_class_t *obj_class = NULL;
> -
> - if (!policy || !v) {
> - errno = EINVAL;
> - goto err;
> - }
> -
> - if (!(num_rules = apol_vector_get_size(v)))
> - return NULL;
> -
> - q = apol_policy_get_qpol(policy);
> -
> - for (i = 0; i < num_rules; i++) {
> - if (!(rule = apol_vector_get_element(v, i)))
> - goto err;
> -
> - dict = PyDict_New();
> - if (!dict) goto err;
> -
> - if (qpol_avrule_get_rule_type(q, rule, &rule_type))
> - goto err;
> -
> - if (!(tmp_name = apol_rule_type_to_str(rule_type))) {
> - PyErr_SetString(PyExc_RuntimeError, "Could not get TE
> rule type's string");
> - errno = EINVAL;
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "type", tmp_name))
> - goto err;
> -
> - if (qpol_avrule_get_source_type(q, rule, &type)) {
> - goto err;
> - }
> -
> - if (qpol_type_get_name(q, type, &tmp_name)) {
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "source", tmp_name))
> - goto err;
> -
> - if (qpol_avrule_get_target_type(q, rule, &type)) {
> - goto err;
> - }
> - if (qpol_type_get_name(q, type, &tmp_name)) {
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "target", tmp_name))
> - goto err;
> -
> - if (qpol_avrule_get_object_class(q, rule, &obj_class)) {
> - goto err;
> - }
> - if (qpol_class_get_name(q, obj_class, &tmp_name)) {
> - goto err;
> - }
> -
> - if (py_insert_string(dict, "class", tmp_name))
> - goto err;
> -
> - if (qpol_avrule_get_perm_iter(q, rule, &iter)) {
> - goto err;
> - }
> -
> - permlist = PyList_New(0);
> - if (! permlist) goto err;
> -
> - for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
> - const char *perm_name = NULL;
> - if (qpol_iterator_get_item(iter, (void **)&perm_name))
> - goto err;
> - if (py_append_string(permlist, perm_name))
> - goto err;
> - }
> -
> - rt = PyDict_SetItemString(dict, "permlist", permlist);
> - py_decref(permlist); permlist=NULL;
> - if (rt) goto err;
> -
> - if (qpol_avrule_get_cond(q, rule, &cond))
> - goto err;
> - if (qpol_avrule_get_is_enabled(q, rule, &enabled))
> - goto err;
> -
> - obj = PyBool_FromLong(enabled);
> - rt = PyDict_SetItemString(dict, "enabled", obj);
> - py_decref(obj);
> -
> - if (cond) {
> - obj = get_bool(q, cond, enabled);
> - if (!obj) goto err;
> - rt = PyDict_SetItemString(dict, "boolean", obj);
> - py_decref(obj);
> - }
> -
> - rt = py_append_obj(output, dict);
> - py_decref(dict); dict=NULL;
> - if (rt) goto err;
> -
> - free(rule_str); rule_str = NULL;
> - free(expr); expr = NULL;
> - }
> - goto cleanup;
> -
> -err:
> - error = errno;
> - PyErr_SetString(PyExc_RuntimeError,strerror(errno));
> - py_decref(dict);
> - py_decref(permlist);
> - py_decref(boollist);
> -
> -cleanup:
> - free(tmp);
> - free(rule_str);
> - free(expr);
> - errno = error;
> - return output;
> -}
> -
> -PyObject* search(bool allow,
> - bool neverallow,
> - bool auditallow,
> - bool dontaudit,
> - bool transition,
> - bool role_allow,
> - const char *src_name,
> - const char *tgt_name,
> - const char *class_name,
> - const char *permlist
> - )
> -{
> - options_t cmd_opts;
> - PyObject *output = NULL;
> - apol_vector_t *v = NULL;
> -
> - memset(&cmd_opts, 0, sizeof(cmd_opts));
> - cmd_opts.indirect = true;
> - cmd_opts.show_cond = true;
> - cmd_opts.allow = allow;
> - cmd_opts.nallow = neverallow;
> - cmd_opts.auditallow = auditallow;
> - cmd_opts.dontaudit = dontaudit;
> - cmd_opts.type = transition;
> - cmd_opts.role_allow = role_allow;
> - if (src_name)
> - cmd_opts.src_name = strdup(src_name);
> - if (tgt_name)
> - cmd_opts.tgt_name = strdup(tgt_name);
> - if (class_name)
> - cmd_opts.class_name = strdup(class_name);
> - if (permlist){
> - cmd_opts.perm_vector = apol_vector_create(free);
> - cmd_opts.permlist = strdup(permlist);
> - }
> - if (!cmd_opts.semantic &&
> qpol_policy_has_capability(apol_policy_get_qpol(global_policy),
> QPOL_CAP_SYN_RULES)) {
> - if
> (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(global_policy))) {
> - PyErr_SetString(PyExc_RuntimeError,"Query failed");
> - goto cleanup;
> - }
> - }
> -
> - /* if syntactic rules are not available always do semantic search */
> - if (!qpol_policy_has_capability(apol_policy_get_qpol(global_policy),
> QPOL_CAP_SYN_RULES)) {
> - cmd_opts.semantic = 1;
> - }
> -
> - /* supress line numbers if doing semantic search or not available */
> - if (cmd_opts.semantic ||
> !qpol_policy_has_capability(apol_policy_get_qpol(global_policy),
> QPOL_CAP_LINE_NUMBERS)) {
> - cmd_opts.lineno = 0;
> - }
> - if (perform_av_query(global_policy, &cmd_opts, &v)) {
> - goto cleanup;
> - }
> - output = PyList_New(0);
> - if (!output)
> - goto cleanup;
> -
> - if (v) {
> - get_av_results(global_policy, v, output);
> - }
> -
> - apol_vector_destroy(&v);
> - if (perform_te_query(global_policy, &cmd_opts, &v)) {
> - goto cleanup;
> - }
> - if (v) {
> - get_te_results(global_policy, v, output);
> - }
> -
> - if (cmd_opts.all || cmd_opts.type) {
> - apol_vector_destroy(&v);
> - if (perform_ft_query(global_policy, &cmd_opts, &v)) {
> - goto cleanup;
> - }
> -
> - if (v) {
> - get_ft_results(global_policy, v, output);
> - }
> - }
> -
> - if (cmd_opts.all || cmd_opts.role_allow) {
> - apol_vector_destroy(&v);
> - if (perform_ra_query(global_policy, &cmd_opts, &v)) {
> - goto cleanup;
> - }
> -
> - if (v) {
> - get_ra_results(global_policy, v, output);
> - }
> - }
> -
> - apol_vector_destroy(&v);
> -
> - cleanup:
> - free(cmd_opts.src_name);
> - free(cmd_opts.tgt_name);
> - free(cmd_opts.class_name);
> - free(cmd_opts.permlist);
> - free(cmd_opts.bool_name);
> - free(cmd_opts.src_role_name);
> - free(cmd_opts.tgt_role_name);
> - apol_vector_destroy(&cmd_opts.perm_vector);
> - apol_vector_destroy(&cmd_opts.class_vector);
> -
> - if (output && PyList_GET_SIZE(output) == 0) {
> - py_decref(output);
> - return Py_None;
> - }
> - return output;
> -}
> -
> -static int Dict_ContainsInt(PyObject *dict, const char *key){
> - PyObject *item = PyDict_GetItemString(dict, key);
> - if (item)
> - return PyInt_AsLong(item);
> - return false;
> -}
> -
> -static const char *Dict_ContainsString(PyObject *dict, const char *key){
> - PyObject *item = PyDict_GetItemString(dict, key);
> - if (item)
> - return PyString_AsString(item);
> - return NULL;
> -}
> -
> -PyObject *wrap_search(PyObject *UNUSED(self), PyObject *args){
> - PyObject *dict;
> - if (!PyArg_ParseTuple(args, "O", &dict))
> - return NULL;
> - int allow = Dict_ContainsInt(dict, "allow");
> - int neverallow = Dict_ContainsInt(dict, "neverallow");
> - int auditallow = Dict_ContainsInt(dict, "auditallow");
> - int dontaudit = Dict_ContainsInt(dict, "dontaudit");
> - int transition = Dict_ContainsInt(dict, "transition");
> - int role_allow = Dict_ContainsInt(dict, "role_allow");
> -
> - if (!global_policy) {
> - PyErr_SetString(PyExc_RuntimeError,"Policy not loaded");
> - return NULL;
> - }
> - const char *src_name = Dict_ContainsString(dict, "source");
> - const char *tgt_name = Dict_ContainsString(dict, "target");
> - const char *class_name = Dict_ContainsString(dict, "class");
> - const char *permlist = Dict_ContainsString(dict, "permlist");
> -
> - return search(allow, neverallow, auditallow, dontaudit, transition,
> role_allow, src_name, tgt_name, class_name, permlist);
> -}
> diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py
> b/policycoreutils/sepolicy/sepolicy/__init__.py
> index b00ec81..8fbd5b4 100644
> --- a/policycoreutils/sepolicy/sepolicy/__init__.py
> +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
> @@ -4,7 +4,6 @@
> # Author: Ryan Hallisey <rhall...@redhat.com>
> # Author: Jason Zaman <perfin...@gentoo.org>
>
> -from . import _policy
> import selinux
> import setools
> import glob
> @@ -149,7 +148,6 @@ def policy(policy_file):
> global _pol
>
> try:
> - _policy.policy(policy_file)
> _pol = setools.SELinuxPolicy(policy_file)
> except:
> raise ValueError(_("Failed to read %s policy file") % policy_file)
> diff --git a/policycoreutils/sepolicy/setup.py
> b/policycoreutils/sepolicy/setup.py
> index e74e68d..4bd8353 100644
> --- a/policycoreutils/sepolicy/setup.py
> +++ b/policycoreutils/sepolicy/setup.py
> @@ -2,11 +2,21 @@
>
> # Author: Thomas Liu <t...@redhat.com>
> # Author: Dan Walsh <dwa...@redhat.com>
> -import os
> -from distutils.core import setup, Extension
> -policy = Extension("sepolicy._policy",
> - libraries=["apol", "qpol"],
> - sources=["policy.c", "info.c", "search.c"]
> - )
> +from distutils.core import setup
>
> -setup(name="sepolicy", version="1.1", description="Python SELinux Policy
> Analyses bindings", author="Daniel Walsh", author_email="dwa...@redhat.com",
> ext_modules=[policy], packages=["sepolicy", "sepolicy.templates",
> "sepolicy.help"], package_data={'sepolicy': ['*.glade'], 'sepolicy.help':
> ['*.txt', '*.png']})
> +setup(
> + name="sepolicy",
> + version="1.1",
> + description="Python SELinux Policy Analyses bindings",
> + author="Daniel Walsh",
> + author_email="dwa...@redhat.com",
> + packages=[
> + "sepolicy",
> + "sepolicy.templates",
> + "sepolicy.help"
> + ],
> + package_data={
> + 'sepolicy': ['*.glade'],
> + 'sepolicy.help': ['*.txt', '*.png']
> + }
> +)
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
