diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen index e3f67d43..c482f227 100644 --- a/python/audit2allow/sepolgen-ifgen +++ b/python/audit2allow/sepolgen-ifgen @@ -56,6 +56,8 @@ def parse_options(): help="print debuging output") parser.add_option("-d", "--debug", action="store_true", default=False, help="extra debugging output") + parser.add_option("--attr-helper", default=ATTR_HELPER, + help="path to sepolgen-ifgen-attr-helper") parser.add_option("--no_attrs", action="store_true", default=False, help="do not retrieve attribute access from kernel policy") options, args = parser.parse_args() @@ -77,7 +79,7 @@ def get_policy(): return None -def get_attrs(policy_path): +def get_attrs(policy_path, attr_helper): try: if not policy_path: policy_path = get_policy() @@ -93,7 +95,7 @@ def get_attrs(policy_path): return None fd = open("/dev/null", "w") - ret = subprocess.Popen([ATTR_HELPER, policy_path, outfile.name], stdout=fd).wait() + ret = subprocess.Popen([attr_helper, policy_path, outfile.name], stdout=fd).wait() fd.close() if ret != 0: sys.stderr.write("could not run attribute helper\n") @@ -127,7 +129,7 @@ def main(): # Get the attibutes from the binary attrs = None if not options.no_attrs: - attrs = get_attrs(options.policy_path) + attrs = get_attrs(options.policy_path, options.attr_helper) if attrs is None: return 1 diff --git a/python/audit2allow/test_audit2allow.py b/python/audit2allow/test_audit2allow.py index 0320c6dd..87e5504a 100644 --- a/python/audit2allow/test_audit2allow.py +++ b/python/audit2allow/test_audit2allow.py @@ -28,7 +28,10 @@ class Audit2allowTests(unittest.TestCase): "Verify sepolgen-ifgen works" temp_directory = mkdtemp(suffix='audit2allow_test') output_file = os.path.join(temp_directory, 'interface_info') - p = Popen([sys.executable, './sepolgen-ifgen', '-p', 'test_dummy_policy', '-o', output_file], stdout=PIPE) + p = Popen([ + sys.executable, './sepolgen-ifgen', '-p', 'test_dummy_policy', '-o', output_file, + '--attr-helper', './sepolgen-ifgen-attr-helper' + ], stdout=PIPE) out, err = p.communicate() if err: print(out, err)