* Remove unnecessary namedtuple classes
* Simplify __str__ functions on XenContext subclasses
* Rename mem_addr to addr in Iomemcon and IomemconQuery
* Minor logging tweaks in Xen queries
* Remove type checking in DevicetreeconQuery
- Add an iterator to extract the extended permissions rather than
returning only a string
- Add queries for determining if an avrule is extended, and what its
type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Add updates to seinfo and sesearch to test libqpol updates
added via [1].
Also include extra tests for Xen and xperms. Note, xperms
cannot yet test the extended perms as needs more work on
libqpol.
[1] 0001-setools-V4-libqpol-policy-V30-updates-xen-xperm-stat.patch
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Updated libqpol services to use the latest checkpolicy 2.4 source
files to support Xen and extended permissions (allowxperm etc.).
TODO: Add support for querying the xperm values.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Range_transitions are expanded in the qpol representation, but attributes
can still be used as criteria.
Hard code default role to indirect to handle role attributes in the
criteria. Role attributes don't survive in the qpol
representation yet, so this is a forward-looking change.
Similarly hard code the default type matching to indirect so attributes can
be used for default type criteria in type_* rules. Adjust default criteria
lookup function accordingly.
Related to #111
Occasionally Qt calls these methods with column -1 and this exception
otherwise goes unhandled. The default None return from Python functions
should be sufficient.
Connect all setools and setoolsgui INFO+ messages and display them on
the statusbar.
Use each tab's analysis/query INFO+ messages and display them on the
"busy" status dialog box.
Still keep the CLI messaging controlled by -v or --debug switches. For some
reason, the root logging had to be DEBUG for this to work, and
only as initialized by basicConfig. Setting a NullHandler to DEBUG level
didn't work either.
