This program can be useful in order to test the Python API of
libsemanage. Make it usable in Python 3 using 2to3 and some tweaks.
While at it, fix warnings reported by flake8 linter.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Only use spaces to indent Python code. This reduces the number of
warnings reported by Python linters.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
flake8 is a Python linter which is able to detect issues in Python code
(syntax errors, undefined variables, etc.). It has been used to find
bugs in the project. In order to prevent the introduction of new bugs
which can be detected by it, add a script which runs it and use it in
Travis-CI.
flake8 can be used to detect code which is not written according to PEP8
style guide (which forbids whitespaces in some places, enforces the use
of space-indenting, specifies how many blank lines are used between
functions, etc.). As SELinux code does not follow this style guide,
scripts/run-flake8 disables many warnings related to this when running
the linter.
In order to silence flake8 warnings, the Python code can also be
modified. However fixing every "do not use bare 'except'" in the project
needs to be done carefully and takes much time.
This is why the warnings which are disabled have been ordered in three
lists:
* The warnings which can be activated in a not-so-distant future after
the code has been modified.
* The warnings related to PEP8 which cannot be activated without a major
cleaning work of the codebase (for example to modify white spaces)
* The warnings which are introduced by code generated by SWIG 3.0.12,
which would require patches in SWIG in order to be activated (there
is right now only one such warning).
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This module is not used and its name conflicts with variable "types".
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/generate.py:657:5: F811 redefinition of
unused 'types' from line 31
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy.py:582:5: F811 redefinition of unused
'DAEMON' from line 582
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Some function used variables which were not defined when populating
self.cur_dict with an operation. Fix this, even though the old values do
not seem to be used.
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/gui.py:2020:101: F821 undefined name 'oldsetype'
python/sepolicy/sepolicy/gui.py:2020:122: F821 undefined name 'oldmls'
python/sepolicy/sepolicy/gui.py:2020:142: F821 undefined name 'oldclass'
python/sepolicy/sepolicy/gui.py:2050:133: F821 undefined name 'oldmls'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
procotol -> protocol
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/gui.py:2525:132: F821 undefined name 'procotol'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This silences the following flake8 errors:
python/sepolgen/src/sepolgen/refpolicy.py:758:25: F821 undefined name 'XATTR'
python/sepolgen/src/sepolgen/refpolicy.py:760:27: F821 undefined name 'TRANS'
python/sepolgen/src/sepolgen/refpolicy.py:762:27: F821 undefined name 'TASK'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
av_extract_params() may call __param_insert() with only 2 parameters
instead of 4, which has no chance to work fine. Moreover it uses "PERM",
which is undefined. As nobody complained about this code, it seems to be
dead, so remove it.
This issue has been found using flake8. This Python linter reported:
python/sepolgen/src/sepolgen/interfaces.py:158:37: F821 undefined
name 'PERM'
While at it, fix a typo in a comment.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
flake8 warns about using has_key():
python/sepolgen/src/sepolgen/refparser.py:315:15: W601 .has_key() is
deprecated, use 'in'
However "spt.has_key(id)" uses function SupportMacros.has_key(), which
is not the same as the "in" operator. Silence this warning by using "#
noqa".
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
p_permissive() uses an undefined variable t, which is buggy. In order to
ignore permissive statements, the function only needs to "pass".
flake8 reported the following error:
python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and
"selinux_label", which leads to using an undefined variable, as reported
by flake8:
python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
CheckPolicyType class is not used in sepolicy and has been written from
an buggy copy-paste: "newval.append(v)" does not make any sense in
CheckPolicyType.__call__, as reported by flake8:
python/sepolicy/sepolicy.py:190:13: F821 undefined name 'newval'
python/sepolicy/sepolicy.py:190:27: F821 undefined name 'v'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
sepolgen uses "return NotImplemented" (in access.py and matching.py) in
order to make Python's sorting function use an other call to compare
objects. For this to work, "NotImplemented" needs to be returned, not
raised like _compare's default implementation does.
This issue has been found using flake8. This Python linter reported:
python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise
NotImplemented' should be 'raise NotImplementedError'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
util.py starts by importing "locale" and "sys", so there is no need to
import these modules again in the functions.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
flake8, a Python linter, complains:
libselinux/src/selinux.py💯1: F401 'errno' imported but unused
libselinux/src/selinux.py💯1: F401 'stat' imported but unused
libselinux/src/selinux.py💯14: E401 multiple imports on one line
libselinux/src/selinux.py:130:16: E111 indentation is not a multiple of four
libselinux/src/selinux.py:130:45: E231 missing whitespace after ','
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
"except OSError, ImportError:" does not perform what it says: it is the
Python 2 syntax of catching OSError exceptions as "ImportError" (like
"except OSError, e:"), and this is indeed caught by Python3:
File "./python/semanage/seobject.py", line 143
except OSError, ImportError:
^
SyntaxError: invalid syntax
The correct syntax consists in using parentheses.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The corresponding except clause should only be used for
exceptions caused by audit module error or unavailability.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Test if audit module is enabled so that logger class is defined
correctly.
Fixes:
"semanage fcontext -l" fails with "OSError: Protocol not supported" when
booting with audit=0
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
There are many memory leaks in mcstrans. Clean them up in order to
reduce the noise in clang's static analyzer report. Some are remaining,
because they are more complex to fix.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
refpolicy moved from github.com/TresysTechnology to
github.com/SELinuxProject. It is still used in sepolgen tests (they
build modules using Makefile.devel and build.conf) so update the
location of the repository.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
it fails to write the PID to it. Close the file before returning.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
semanage_seuser_modify_local and semanage_seuser_del_local already do
the logging.
Moreover, semanage log for loginRecords.__add was flawed since it
reported old-{seuser,role,range} of default user instead of None. This
was caused by selinux.getseuserbyname, which returns values for default
user when the specified username is not found.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1294663
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Add support for extended permissions to audit2allow. Extend AuditParser
to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to
generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow
to turn on generating of extended permission AV rules.
AVCMessage parses the ioctlcmd field in AVC messages. AuditParser
converts the ioctlcmd values into generic representation of extended
permissions that is stored in access vectors.
Extended permissions are represented by operations (currently only
'ioctl') and values associated to the operations. Values (for example
'~{ 0x42 1234 23-34 }') are stored in the XpermSet class.
PolicyGenerator contains new method to turn on generating of xperms.
When turned on, for each access vector, standard AV rule and possibly
several xperm AV rules are generated. Xperm AV rules are represented by
the AVExtRule class.
With xperm generating turned off, PolicyGenerator provides comments
about extended permissions in certain situations. When the AVC message
contains the ioctlcmd field and the access would be allowed according to
the policy, PolicyGenerator warns about xperm rules being the possible
cause of the denial.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
In access module, in AccessVector.__init__() method, when init_list is
not None, the access vector is initialized by from_list() method.
However, this method does not assign attributes self.audit_msgs,
self.type, and self.data. Fix this by assigning these attributes in
__init__() method.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
In refpolicy module, in AVRule.__rule_type_str() method, self.rule_type
was not checked for value self.NEVERALLOW so that string "neverallow"
was never returned. Fix this by checking all four possible values and
returning correct strings.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Using clang's static analyzer is as simple as running "scan-build make",
but in order to obtain clean and reproducible results, the build
environment has to be cleaned beforehand ("make clean distclean").
Moreover the project requires running "make install" before "make test"
in order to install the dependencies needed for the tests, and running
these tests with the newly-built libraries requires a specific
LD_LIBRARY_PATH. This new script takes care of setting up everything
which is needed.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When write_binary_policy() fails to open the binary policy, it calls
sepol_handle_destroy(f.handle) but structure f has not been initialized
at this point. Use variable handle instead.
This issue has been found using clang's static analyzer.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
f.handle is never set in read_binary_policy() so there is no need to
call sepol_handle_destroy() on it. Moreover clang's static analyzer
warns about an uninitialized argument value in the first call.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
va_copy()'s manpage [1] states:
Each invocation of va_copy() must be matched by a corresponding
invocation of va_end() in the same function.
create_str_helper() is using va_copy() without va_end(). Add the missing
call.
[1] https://linux.die.net/man/3/va_copy
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
require_class() allocate memory for its variable "class_datum_t *datum"
and calls symtab_init(&datum->permissions, PERM_SYMTAB_SIZE). If this
second call fails, datum is not freed.
Fix this memory leak.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
sepol_ppfile_to_module_package() does not use its variable "FILE *f =
NULL;" but to fclose() it. This variable has been unneeded since the
introduction of function ppfile_to_module_package() in commit
893851c0a1 ("policycoreutils: add a HLL compiler to convert policy
packages (.pp) to CIL").
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
clang's static analyzer reports that ebitmap_to_names() can call
malloc(0) when the bitmap is empty. If malloc() returns NULL, this
triggers a misleading "Out of memory" error.
Work around this by treating empty bitmaps as appropriate.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
clang's static analyzer warns about dead assignments to local variables.
In module_to_cil.c, there are some which are quite straightforward to
review. Remove them.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When list_prepend() returns an error, it always means it failed to
allocate some memory and does not hold any reference to its argument
data. This argument needs to be freed by the caller in order to prevent
a memory leak.
While reviewing list_prepend() callers, I spend quite some time
understanding why typealiases_gather_map() does not need to strdup(key)
or free(key) when calling list_prepend(..., key) even though "key" comes
from pdb->p_types.table: because typealias_list_destroy() does not free
the inserted items. Add a comment to make this clearer in the code.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
In cil_tree_print_expr(), "rc < 0" is equivalent to "rc != 0" but
clang's static analyzer does not know about this. Help it.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>