RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-11 03:51:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
590 Commits 8 Branches 22 Tags 3.8 MiB
2d23bd42ce
Commit Graph

590 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
2d23bd42ce SELinuxPolicyTest: add extended permission rule count tests 
Closes #73
 2016-03-29 09:55:51 -04:00
Chris PeBenito
8f3a54eb37 apol: implement Boolean query tab. 
Closes #75
 2016-03-29 09:12:05 -04:00
Chris PeBenito
f5cace1420 setoolsgui: revise model implementations 
Use defaultdicts for headers.  Simplify data member functions.
 2016-03-29 09:12:05 -04:00
Chris PeBenito
6878afb0ce Role/UserQueryTab: minor layout adjustments. 2016-03-29 09:12:05 -04:00
Chris PeBenito
e7f12a17d8 Reduce diff size between files copied from checkpolicy and libqpol. 
Try to make future updates easier.
 2016-03-28 16:34:35 -04:00
Chris PeBenito
e70e670664 libqpol: fix merge error (duplicate code a few lines up) 2016-03-28 13:57:41 -04:00
Chris PeBenito
4af429d2a6 SELinuxPolicy: rename extended permission rule count property names for consistency 
Also move the properties and Xen properties into proper order.
 2016-03-28 11:16:05 -04:00
Chris PeBenito
1d27478b60 seinfo: fix defaults and typebounds count formatting. 2016-03-28 09:36:27 -04:00
Chris PeBenito
8e2c8ca372 Implement extended permission rule support in TERuleQueryTab. 
Related to #73
 2016-03-28 09:33:24 -04:00
Chris PeBenito
ab41dc81e6 ioctlSet: implement a __format__ function which has a "," formatter. 
The "," formatter will format the output as comma separated rather than
space separated.
 2016-03-28 09:28:24 -04:00
Chris PeBenito
e8d9d611eb TERuleQuery: revise xperms setter to set None if value is False. 2016-03-28 09:22:30 -04:00
Chris PeBenito
0211b8951c *RulesDifference: fix rule list creation checks 
If multiple rule types were diffed, the rule lists would be generated
multiple times if one or more of the rule lists were empty.
 2016-03-28 09:17:58 -04:00
Chris PeBenito
b8b7422c8f *RulesDifference: use defaultdicts and closures to simplify code 
* Use dictionaries to store rule lists, eliminating the large if-else
  blocks.
* Use closures in TERulesDifference to template the diff functions.
 2016-03-26 09:59:42 -04:00
Chris PeBenito
8d4d7b5666 sediff: add extended permission rules 
-A will now diff allow and allowxperm rules.

Related to #73
 2016-03-25 15:43:41 -04:00
Chris PeBenito
47d8eda957 TERulesDifference: add extended permission rules 
Related to #73
 2016-03-25 15:33:07 -04:00
Chris PeBenito
7840f98afd policyrep: adjust expanded rule factory functions instance checking 
Check for subclasses first.
 2016-03-25 15:25:57 -04:00
Chris PeBenito
982b3f893d Minor revisions to Xen code. 
* Remove unnecessary namedtuple classes
* Simplify __str__ functions on XenContext subclasses
* Rename mem_addr to addr in Iomemcon and IomemconQuery
* Minor logging tweaks in Xen queries
* Remove type checking in DevicetreeconQuery
 2016-03-25 11:01:33 -04:00
Chris PeBenito
bda9803773 Update Travis-CI build to use the 2.5 userspace release. 2016-03-22 12:28:15 -04:00
Chris PeBenito
21c594de70 Update README for new libsepol dependence. 
Related to #73.
 2016-03-22 11:14:25 -04:00
Chris PeBenito
c3a9d45e33 Update sesearch for TERuleQuery extended permission changes. 
The -A option will now search allowxperm rules in addition to allow rules.

Related to #73.
 2016-03-22 11:12:23 -04:00
Chris PeBenito
a9cd2248e9 Complete TERuleQuery changes for extended permission rules. 
Related to #73.
 2016-03-22 11:07:25 -04:00
Chris PeBenito
c56e01bc8c Complete policy representation classes for extended permissions rules. 
Related to #73.
 2016-03-22 10:26:43 -04:00
Chris PeBenito
5fec77088a seinfo: move Xen options to a separate option grouping 2016-03-21 10:58:05 -04:00
Chris PeBenito
56965ae9b3 Fix PEP8 and lint issues in Xen code. 2016-03-21 10:58:05 -04:00
Chris PeBenito
8dcb6eccc7 Update Xen queries for logging initialization change. 
Apply changes from c017bd7.
 2016-03-21 10:57:21 -04:00
Steve Lawrence
21864a7ea6 Change extended avrules to be more similar to normal avrules 
- Add an iterator to extract the extended permissions rather than
  returning only a string
- Add queries for determining if an avrule is extended, and what its
  type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
  they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
 2016-03-21 10:57:21 -04:00
Richard Haines
3532ed2fff setools-V4: Add updates for testing V30 xen and xperms 
Add updates to seinfo and sesearch to test libqpol updates
added via [1].

Also include extra tests for Xen and xperms. Note, xperms
cannot yet test the extended perms as needs more work on
libqpol.

[1] 0001-setools-V4-libqpol-policy-V30-updates-xen-xperm-stat.patch

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2016-03-21 10:56:37 -04:00
Richard Haines
dd29dc9c43 setools-V4: libqpol policy V30 updates (xen/xperm statements) 
Updated libqpol services to use the latest checkpolicy 2.4 source
files to support Xen and extended permissions (allowxperm etc.).

TODO: Add support for querying the xperm values.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2016-03-21 10:56:37 -04:00
Chris PeBenito
faeccd0360 libqpol: stop processing types when building type attribute map 
Fix originally from Richard Haines.
 2016-03-21 10:56:37 -04:00
Chris PeBenito
60ac053ce3 PortconQuery: move protocol type checking into PortconProtocol. 
Also import useful policyrep classes in its __init__.py
 2016-03-21 10:55:13 -04:00
Chris PeBenito
99ea9b6c02 seinfo: add missing source/target indirect options to MLS rule query. 
Closes #111
 2016-03-16 14:12:37 -04:00
Chris PeBenito
bb5cffd44e Extend indirect handling for rule queries. 
Range_transitions are expanded in the qpol representation, but attributes
can still be used as criteria.

Hard code default role to indirect to handle role attributes in the
criteria.  Role attributes don't survive in the qpol
representation yet, so this is a forward-looking change.

Similarly hard code the default type matching to indirect so attributes can
be used for default type criteria in type_* rules.  Adjust default criteria
lookup function accordingly.

Related to #111
 2016-03-16 14:06:49 -04:00
Chris PeBenito
5063edd111 Role/UserModel: revise strings. 2016-03-16 09:06:54 -04:00
Chris PeBenito
fbee99a747 Implement TypeQueryTab. 
Closes #51
 2016-03-16 08:47:55 -04:00
Chris PeBenito
ac4f84693b Implement indirection in queries for criteria that is an attribute. 
Related to #111.
 2016-03-16 08:20:11 -04:00
Chris PeBenito
425e4f735b setoolsgui: remove exceptions from models 
Occasionally Qt calls these methods with column -1 and this exception
otherwise goes unhandled.  The default None return from Python functions
should be sufficient.
 2016-03-15 10:41:40 -04:00
Chris PeBenito
fcabb2f0e6 Move generic GUI classes up to the setoolsgui package. 2016-03-14 15:25:07 -04:00
Chris PeBenito
8e5b4bc604 Implement RoleQueryTab 
Closes #87
 2016-03-14 12:38:30 -04:00
Chris PeBenito
15b2c275e0 user_detail: sort role list and add count. 2016-03-14 12:38:30 -04:00
Chris PeBenito
4c0162ffba DetailsPopup: move text box to the top prior to show(). 2016-03-14 12:38:30 -04:00
Chris PeBenito
a7232507a8 Rename UserList to GetDetailsListView for reuse. 2016-03-14 12:38:19 -04:00
Chris PeBenito
c697009f24 (DomainTransition|InfoFlow)AnalysisTab: add busy indicator when GUI could be unresponsive 
Bring in line with other tabs.
 2016-03-14 09:33:45 -04:00
Chris PeBenito
56b436fde6 ChooseAnalysis: show MLS-only tabs on MLS policies only. 2016-03-11 09:57:27 -05:00
Chris PeBenito
46808c9d7a qpol.i: remove unused labels 2016-03-11 09:46:54 -05:00
Chris PeBenito
b092e94903 CommonTest/ObjClassTest: fix deprecated assertEquals usage 
There still is assertRegexpMatches usage, which is deprecated in Python
3.2+, but the replacement, assertRegex, does not exist in Python 2.7.
 2016-03-11 09:23:18 -05:00
Chris PeBenito
00807f846d TERuleListModel: Add conditional block column. 2016-03-11 09:16:59 -05:00
Chris PeBenito
fcfba569cc qpol.i: throw exceptions when getting the conditional block on unconditional rules 
Standardize on AttributeError for the exception type.
 2016-03-11 09:14:32 -05:00
Chris PeBenito
3434618aef LogHandlerToSignal: set default formatter and INFO level in __init__. 2016-03-11 09:00:20 -05:00
Chris PeBenito
6c2acc3fdd Rename LogToSignalHandler to LogHandlerToSignal. 2016-03-07 13:40:37 -05:00
Chris PeBenito
faaf1a5b64 LogToSignalHandler: rename local emit() variable to prevent confusion 2016-03-07 13:25:44 -05:00