RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-19 09:44:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
919 Commits 8 Branches 22 Tags 3.8 MiB
ded09017d6
Commit Graph

177 Commits

Author SHA1 Message Date
Chris PeBenito
57e4f464bf setup.py: Update build for local SELinux userspace code. 
Now USERSPACE_SRC points to the top level directory that has the
libsepol, libselinux, and checkpolicy source trees.
 2018-06-18 20:21:30 -04:00
Chris PeBenito
4684eca5bc tests: Revise unit tests for binary-only policy support. 
Closes #72
 2018-06-15 20:26:49 -04:00
Chris PeBenito
dc3752e12d tests: Fix static analysis errors. 2018-06-15 20:26:49 -04:00
Chris PeBenito
51b91d6130 Convert policyrep and SWIG wrapper into Cython libpolicyrep. 2018-06-15 20:26:49 -04:00
Chris PeBenito
cc313f9791 __future__ print functions no longer need importing. 2017-09-24 20:40:29 -04:00
Chris PeBenito
856b56accb Update NetworkX support to 2.0. NetworkX 2.0 has API breakage. 
Now SETools requires NetworkX 2.0+.
 2017-09-23 14:03:26 -04:00
Chris PeBenito
9fa55c25cb Update unit tests for Python 3 only use. 2017-09-19 20:58:03 -04:00
Chris PeBenito
78a15c92ac Nodecon: Implement network property. 
The network property will return an IPv4Network or IPv6Network based on the
nodecon.  If the policy has host bits set, the ipaddress module will
simply ignore the host bits, so there may be unexpected results in network
comparisons.

Closes #108
 2017-09-17 09:43:13 -04:00
Chris PeBenito
bfa50a42f8 NodeconQuery: Make ipaddress module usage unconditional. 
Closes #107
 2017-09-17 09:43:13 -04:00
Chris PeBenito
5200f0c666 TERulesDifference: Fix bug with unioning permissions. 
Unit tests did not correctly test this scenario.
 2016-12-03 12:19:53 -05:00
Chris PeBenito
c0ebad8d15 SELinuxPolicy: Create enumerations for handle_unknown and target_platform. 2016-11-11 13:58:43 -05:00
Chris PeBenito
96428e6309 Implement an enumeration for *bounds rule types. 2016-09-03 16:44:13 -04:00
Chris PeBenito
9648d013a2 Implement an enumeration for constraint rule type. 2016-09-03 16:44:13 -04:00
Chris PeBenito
693b5a435b Implement an enumeration for default rule type, value, and range value. 2016-09-03 16:44:13 -04:00
Chris PeBenito
8ea292f934 Implement an enumeration for fs_use_* ruletype. 2016-09-03 16:44:07 -04:00
Chris PeBenito
4b5b6c0970 Implement an enumeration for MLS rule type. 2016-09-03 16:40:54 -04:00
Chris PeBenito
a441a92937 Implement an enumeration for RBAC rule type. 2016-09-03 16:19:52 -04:00
Chris PeBenito
f3fb462c88 Implement an enumeration for TE rule types. 2016-09-03 16:17:07 -04:00
Chris PeBenito
2d23bd42ce SELinuxPolicyTest: add extended permission rule count tests 
Closes #73
 2016-03-29 09:55:51 -04:00
Chris PeBenito
47d8eda957 TERulesDifference: add extended permission rules 
Related to #73
 2016-03-25 15:33:07 -04:00
Chris PeBenito
982b3f893d Minor revisions to Xen code. 
* Remove unnecessary namedtuple classes
* Simplify __str__ functions on XenContext subclasses
* Rename mem_addr to addr in Iomemcon and IomemconQuery
* Minor logging tweaks in Xen queries
* Remove type checking in DevicetreeconQuery
 2016-03-25 11:01:33 -04:00
Chris PeBenito
a9cd2248e9 Complete TERuleQuery changes for extended permission rules. 
Related to #73.
 2016-03-22 11:07:25 -04:00
Chris PeBenito
c56e01bc8c Complete policy representation classes for extended permissions rules. 
Related to #73.
 2016-03-22 10:26:43 -04:00
Chris PeBenito
56965ae9b3 Fix PEP8 and lint issues in Xen code. 2016-03-21 10:58:05 -04:00
Steve Lawrence
21864a7ea6 Change extended avrules to be more similar to normal avrules 
- Add an iterator to extract the extended permissions rather than
  returning only a string
- Add queries for determining if an avrule is extended, and what its
  type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
  they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
 2016-03-21 10:57:21 -04:00
Richard Haines
3532ed2fff setools-V4: Add updates for testing V30 xen and xperms 
Add updates to seinfo and sesearch to test libqpol updates
added via [1].

Also include extra tests for Xen and xperms. Note, xperms
cannot yet test the extended perms as needs more work on
libqpol.

[1] 0001-setools-V4-libqpol-policy-V30-updates-xen-xperm-stat.patch

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2016-03-21 10:56:37 -04:00
Chris PeBenito
bb5cffd44e Extend indirect handling for rule queries. 
Range_transitions are expanded in the qpol representation, but attributes
can still be used as criteria.

Hard code default role to indirect to handle role attributes in the
criteria.  Role attributes don't survive in the qpol
representation yet, so this is a forward-looking change.

Similarly hard code the default type matching to indirect so attributes can
be used for default type criteria in type_* rules.  Adjust default criteria
lookup function accordingly.

Related to #111
 2016-03-16 14:06:49 -04:00
Chris PeBenito
b092e94903 CommonTest/ObjClassTest: fix deprecated assertEquals usage 
There still is assertRegexpMatches usage, which is deprecated in Python
3.2+, but the replacement, assertRegex, does not exist in Python 2.7.
 2016-03-11 09:23:18 -05:00
Chris PeBenito
fcfba569cc qpol.i: throw exceptions when getting the conditional block on unconditional rules 
Standardize on AttributeError for the exception type.
 2016-03-11 09:14:32 -05:00
Chris PeBenito
d3b21a52ad TypeAttribute: fix exception on properties that should only work on types 
Make the exception a SymbolUseError, which is a child of AttributeError;
thus it makes more sense than TypeError.
 2016-02-17 16:17:19 -05:00
Chris PeBenito
26333f32b0 Implement BoundsQuery. 2016-02-10 21:49:04 -05:00
Chris PeBenito
a4d4920d3c PolicyDifference: implement typebounds diff. 
Closes #67
 2016-02-10 11:44:41 -05:00
Chris PeBenito
b1b1a36ae2 PolicyDifference: implement constraints diff 
Closes #63
 2016-02-05 09:30:37 -05:00
Chris PeBenito
1a21b2e0dd PolicyDifferenceTest: test for None rather than False where appropriate. 2016-02-02 09:00:42 -05:00
Chris PeBenito
742255643f sediff/PolicyDifferenceTest: use explicit sorting key on tuples 
Guarantee stable output.
 2016-02-02 08:52:30 -05:00
Chris PeBenito
c432719ca3 ConstraintQueryTest: fix test 12's name. 2016-02-01 09:18:01 -05:00
Chris PeBenito
ce02bfc5a5 PolicyDifference: implement default_* diff. 
Closes #65
 2016-02-01 09:15:51 -05:00
Chris PeBenito
8c5a7caa9e Implement DefaultQuery 
Closes #93
Closes #74
 2016-02-01 09:06:02 -05:00
Chris PeBenito
eafaad4dde Revise rule type validators to operate on single object, not collections. 
* Return the parameter on success so it works like a lookup function too
* Remove RuletypeDescriptor and change over to CriteriaSetDescriptor
 2016-02-01 09:00:54 -05:00
Chris PeBenito
0bd9d931c4 Revise default_* objects, implement tests for default_* objects. 2016-02-01 08:56:07 -05:00
Chris PeBenito
acaee3a3d3 Implement MLS to standard (non-MLS) policy diff test suite 
Closes #61
 2016-01-26 11:01:35 -05:00
Chris PeBenito
1db73d396d PolicyDifferenceTest, PolicyDifferenceTestNoDiff: fix setup 2016-01-26 09:44:10 -05:00
Chris PeBenito
008c698bfe PolicyDifference: implement policy properties diff 
Closes #62
 2016-01-23 09:57:29 -05:00
Chris PeBenito
670efbdf21 RoleQuery: stop skipping object_r. 2016-01-22 09:41:56 -05:00
Chris PeBenito
87d9d56a55 libqpol: stop adding all types to object_r. 
This is not what is in the policy. The object_r behavior is a special case
in the kernel code.
 2016-01-22 09:28:23 -05:00
Chris PeBenito
69df208ab6 PolicyDifference: implement portcon diff 
Closes #37
 2016-01-21 10:00:55 -05:00
Chris PeBenito
6f4860dd7a SELinuxPolicyLoadError: create test suite for loading invalid policies 
Create a test case for testing user's default level not in the range,
#72 even though it is not yet fixed.
 2016-01-20 14:13:56 -05:00
Chris PeBenito
3227fb87de PolicyDifferenceTest: fix invalid policies. 
Found the policy compile-load has a bug and does not detect if a user's
default level is not within the allowed range.

Opened #72 to track.
 2016-01-20 14:13:01 -05:00
Chris PeBenito
b64fcea379 PolicyDifference: implement policy capabilities diff 
Closes #64
 2016-01-15 09:43:01 -05:00
Chris PeBenito
dbad48a742 PolicyDifference: implement nodecon diff 
Closes #38
 2016-01-15 09:43:01 -05:00