RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-22 15:16:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
674 Commits 8 Branches 22 Tags 3.8 MiB
b7b313a086
Commit Graph

159 Commits

Author SHA1 Message Date
Chris PeBenito
2d23bd42ce SELinuxPolicyTest: add extended permission rule count tests 
Closes #73
 2016-03-29 09:55:51 -04:00
Chris PeBenito
47d8eda957 TERulesDifference: add extended permission rules 
Related to #73
 2016-03-25 15:33:07 -04:00
Chris PeBenito
982b3f893d Minor revisions to Xen code. 
* Remove unnecessary namedtuple classes
* Simplify __str__ functions on XenContext subclasses
* Rename mem_addr to addr in Iomemcon and IomemconQuery
* Minor logging tweaks in Xen queries
* Remove type checking in DevicetreeconQuery
 2016-03-25 11:01:33 -04:00
Chris PeBenito
a9cd2248e9 Complete TERuleQuery changes for extended permission rules. 
Related to #73.
 2016-03-22 11:07:25 -04:00
Chris PeBenito
c56e01bc8c Complete policy representation classes for extended permissions rules. 
Related to #73.
 2016-03-22 10:26:43 -04:00
Chris PeBenito
56965ae9b3 Fix PEP8 and lint issues in Xen code. 2016-03-21 10:58:05 -04:00
Steve Lawrence
21864a7ea6 Change extended avrules to be more similar to normal avrules 
- Add an iterator to extract the extended permissions rather than
  returning only a string
- Add queries for determining if an avrule is extended, and what its
  type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
  they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
 2016-03-21 10:57:21 -04:00
Richard Haines
3532ed2fff setools-V4: Add updates for testing V30 xen and xperms 
Add updates to seinfo and sesearch to test libqpol updates
added via [1].

Also include extra tests for Xen and xperms. Note, xperms
cannot yet test the extended perms as needs more work on
libqpol.

[1] 0001-setools-V4-libqpol-policy-V30-updates-xen-xperm-stat.patch

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2016-03-21 10:56:37 -04:00
Chris PeBenito
bb5cffd44e Extend indirect handling for rule queries. 
Range_transitions are expanded in the qpol representation, but attributes
can still be used as criteria.

Hard code default role to indirect to handle role attributes in the
criteria.  Role attributes don't survive in the qpol
representation yet, so this is a forward-looking change.

Similarly hard code the default type matching to indirect so attributes can
be used for default type criteria in type_* rules.  Adjust default criteria
lookup function accordingly.

Related to #111
 2016-03-16 14:06:49 -04:00
Chris PeBenito
b092e94903 CommonTest/ObjClassTest: fix deprecated assertEquals usage 
There still is assertRegexpMatches usage, which is deprecated in Python
3.2+, but the replacement, assertRegex, does not exist in Python 2.7.
 2016-03-11 09:23:18 -05:00
Chris PeBenito
fcfba569cc qpol.i: throw exceptions when getting the conditional block on unconditional rules 
Standardize on AttributeError for the exception type.
 2016-03-11 09:14:32 -05:00
Chris PeBenito
d3b21a52ad TypeAttribute: fix exception on properties that should only work on types 
Make the exception a SymbolUseError, which is a child of AttributeError;
thus it makes more sense than TypeError.
 2016-02-17 16:17:19 -05:00
Chris PeBenito
26333f32b0 Implement BoundsQuery. 2016-02-10 21:49:04 -05:00
Chris PeBenito
a4d4920d3c PolicyDifference: implement typebounds diff. 
Closes #67
 2016-02-10 11:44:41 -05:00
Chris PeBenito
b1b1a36ae2 PolicyDifference: implement constraints diff 
Closes #63
 2016-02-05 09:30:37 -05:00
Chris PeBenito
1a21b2e0dd PolicyDifferenceTest: test for None rather than False where appropriate. 2016-02-02 09:00:42 -05:00
Chris PeBenito
742255643f sediff/PolicyDifferenceTest: use explicit sorting key on tuples 
Guarantee stable output.
 2016-02-02 08:52:30 -05:00
Chris PeBenito
c432719ca3 ConstraintQueryTest: fix test 12's name. 2016-02-01 09:18:01 -05:00
Chris PeBenito
ce02bfc5a5 PolicyDifference: implement default_* diff. 
Closes #65
 2016-02-01 09:15:51 -05:00
Chris PeBenito
8c5a7caa9e Implement DefaultQuery 
Closes #93
Closes #74
 2016-02-01 09:06:02 -05:00
Chris PeBenito
eafaad4dde Revise rule type validators to operate on single object, not collections. 
* Return the parameter on success so it works like a lookup function too
* Remove RuletypeDescriptor and change over to CriteriaSetDescriptor
 2016-02-01 09:00:54 -05:00
Chris PeBenito
0bd9d931c4 Revise default_* objects, implement tests for default_* objects. 2016-02-01 08:56:07 -05:00
Chris PeBenito
acaee3a3d3 Implement MLS to standard (non-MLS) policy diff test suite 
Closes #61
 2016-01-26 11:01:35 -05:00
Chris PeBenito
1db73d396d PolicyDifferenceTest, PolicyDifferenceTestNoDiff: fix setup 2016-01-26 09:44:10 -05:00
Chris PeBenito
008c698bfe PolicyDifference: implement policy properties diff 
Closes #62
 2016-01-23 09:57:29 -05:00
Chris PeBenito
670efbdf21 RoleQuery: stop skipping object_r. 2016-01-22 09:41:56 -05:00
Chris PeBenito
87d9d56a55 libqpol: stop adding all types to object_r. 
This is not what is in the policy. The object_r behavior is a special case
in the kernel code.
 2016-01-22 09:28:23 -05:00
Chris PeBenito
69df208ab6 PolicyDifference: implement portcon diff 
Closes #37
 2016-01-21 10:00:55 -05:00
Chris PeBenito
6f4860dd7a SELinuxPolicyLoadError: create test suite for loading invalid policies 
Create a test case for testing user's default level not in the range,
#72 even though it is not yet fixed.
 2016-01-20 14:13:56 -05:00
Chris PeBenito
3227fb87de PolicyDifferenceTest: fix invalid policies. 
Found the policy compile-load has a bug and does not detect if a user's
default level is not within the allowed range.

Opened #72 to track.
 2016-01-20 14:13:01 -05:00
Chris PeBenito
b64fcea379 PolicyDifference: implement policy capabilities diff 
Closes #64
 2016-01-15 09:43:01 -05:00
Chris PeBenito
dbad48a742 PolicyDifference: implement nodecon diff 
Closes #38
 2016-01-15 09:43:01 -05:00
Chris PeBenito
485c9746b4 PolicyDifference: implement netifcon diff 
Closes #39
 2016-01-15 09:42:00 -05:00
Chris PeBenito
00bc854968 PolicyDifference: implement level decl difference 
Closes #36
 2016-01-12 16:12:33 -05:00
Chris PeBenito
afeb3561d2 PolicyDifference: implement genfscon diff 
Closes #41
 2016-01-11 14:43:11 -05:00
Chris PeBenito
d6e0d56fac PolicyDifference: implement fs_use_* diff 
Closes #40
 2016-01-10 11:44:11 -05:00
Chris PeBenito
5728f87111 PolicyDifferenceTest: fix check types in modified sensitivity test 2016-01-09 11:48:07 -05:00
Chris PeBenito
64d6d4d075 PolicyDifference: implement initial SID diff 
Closes #42
 2016-01-09 11:45:22 -05:00
Chris PeBenito
2bd871ae18 PolicyDifference: implement sensitivities diff 
Closes #34
 2016-01-09 09:01:52 -05:00
Chris PeBenito
8b136a007c PolicyDifference: implement categories diff 
Closes #35
 2016-01-09 08:56:40 -05:00
Chris PeBenito
3bba5acf5e PolicyDifferenceTest(NoDiff): fix copy/paste errors 2016-01-08 15:33:59 -05:00
Chris PeBenito
d59444ef0e PolicyDifference: implement Booleans diff 2016-01-08 15:30:39 -05:00
Chris PeBenito
451e549001 PolicyDifference: add type attribute diff 
Closes #33
 2016-01-08 11:25:13 -05:00
Chris PeBenito
aebe3f8706 PolicyDifference: implement user diff 
Closes #29
 2016-01-08 09:55:34 -05:00
Chris PeBenito
b0ed2c5477 PolicyDifference: add RBAC rule differences 
Closes #44
 2016-01-07 11:44:33 -05:00
Chris PeBenito
0513f0bb5a diff: implement MLS rule (range_transition) diff. 
Closes #45
 2016-01-07 09:37:47 -05:00
Chris PeBenito
c913989f8c PolicyDifference: implement TE rule difference 
Closes #43
 2016-01-02 18:17:39 -05:00
Chris PeBenito
12b40d5e75 PolicyRule/BaseTERule/AVRule/TERule: add conditional block 
Returns True/False based on which conditional block/branch the rule is in.
Also updates rendering accordingly.
 2016-01-02 17:47:41 -05:00
Chris PeBenito
92134725c1 PolicyDifference: add object class diff 
Closes #28
 2015-12-21 11:01:30 -05:00
Chris PeBenito
b3dbe6a8b3 PolicyDifference: implement common permission set diff 
Closes #27
 2015-12-18 19:39:02 -05:00