RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-11 07:18:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
847 Commits 8 Branches 22 Tags 3.8 MiB
9ea0caa4f2
Commit Graph

847 Commits

Author SHA1 Message Date
Chris PeBenito
9ea0caa4f2 policyrep: Convert net contexts to factory methods. Add iterators. 2018-06-15 20:26:49 -04:00
Chris PeBenito
9df377d689 policyrep: Convert Xen contexts to factory methods. Add iterators. 2018-06-15 20:26:49 -04:00
Chris PeBenito
03d1a937ac policyrep: Add ebitmap and hashtab iterator base classes. 2018-06-15 20:26:49 -04:00
Chris PeBenito
5d70021fd0 policyrep: Change iterator size() methods to Pythonic __len__. 2018-06-15 20:26:49 -04:00
Chris PeBenito
a06d4a9476 Genfscon: Revise to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
80a95bd414 FSUse: Revise to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
bb5004df2d policyrep: Revise initial SIDs to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
2dd1e9366a policyrep: Revise network contexts to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
9c053cc5fe policyrep: Revise Xen contexts to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
c5b0348357 policyrep: Create a libsepol cython definition. 2018-06-15 20:26:49 -04:00
Chris PeBenito
3e2cf79f81 Additional C cleanups. 2018-06-15 20:26:49 -04:00
Chris PeBenito
4684eca5bc tests: Revise unit tests for binary-only policy support. 
Closes
2018-06-15 20:26:49 -04:00
Chris PeBenito
42001334fe SELinuxPolicy: Revise invalid policy errors. 2018-06-15 20:26:49 -04:00
Chris PeBenito
8b0e93c0d6 Remove source policy loading support and module loading support. 2018-06-15 20:26:49 -04:00
Chris PeBenito
b9f3ef11da policyrep: Fix copyright. 2018-06-15 20:26:49 -04:00
Chris PeBenito
6621a5ed42 diff: Significantly improve memory utilization. 
Eliminate wrapper duplication on symbols (types, roles, etc.).  This
reduces memory use by an estimated 60%.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
633b310c5b Policyrep: cache objects that are likely to be duplicated. 
Cache instances using their pointer as hash, since it is unique, even
across multiple policies (i.e. in sediff).
 2018-06-15 20:26:49 -04:00
Chris PeBenito
dc3752e12d tests: Fix static analysis errors. 2018-06-15 20:26:49 -04:00
Chris PeBenito
d762f58dc1 Conditional: Make hashable. 
Then TERulesDifference can cache them, and especially their truth tables.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
8fe7a5ed1e policyrep: Intern strings inside the policy. 
Intern symbol names, aliases, permissions, etc. to ensure there are not
duplicate strings in memory.

Results in 25% memory savings in expanded TE rules when tested with the
entire refpolicy.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
3ed64fc213 policyrep/context.pxi: Remove unnecessary pass statement. 2018-06-15 20:26:49 -04:00
Chris PeBenito
8c9c06e678 .travis.yml: Update for Cython use. 2018-06-15 20:26:49 -04:00
Chris PeBenito
51b91d6130 Convert policyrep and SWIG wrapper into Cython libpolicyrep. 2018-06-15 20:26:49 -04:00
Chris PeBenito
2082f25320 iomemconquery: Fix IomemconRange import. 2018-06-15 20:26:49 -04:00
Chris PeBenito
880e8f26d2 libqpol: Revise logging callback. 
Process va_args into final message prior to hitting the handler in cython.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
86214e6601 libqpol: Fix incorrect const usage in qpol_policy_get_semantic_level_by_name(). 2018-06-15 20:26:49 -04:00
Chris PeBenito
51b53eb4a5 setup.py: Update for cython extension. 2018-06-15 20:26:49 -04:00
Chris PeBenito
90a9e54a89 qpol.i: Remove SWIG qpol wrapper. 2018-06-15 20:26:49 -04:00
Chris PeBenito
a1aa0f33f5
Merge pull request from bigon/bug_174 
Fix build failure with GCC 7 due to possible truncation of snprintf o…
 2017-11-09 18:06:28 -05:00
Chris PeBenito
e278288bf7 .travis.yml: Add retry for swig download. 2017-10-26 22:23:49 -04:00
Laurent Bigonville
e41adf0164 Fix build failure with GCC 7 due to possible truncation of snprintf output 
setools fails to build under GCC7 -Wformat -Werror with the following error:

x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include -I/usr/include/python3.6m -c libqpol/policy_extend.c -o build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions
libqpol/policy_extend.c: In function 'policy_extend':
libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                           ^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                      ^~~~~~~~~~~

Increase the size of the buffer to avoid collisions

Closes: https://github.com/TresysTechnology/setools/issues/174
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
 2017-09-26 16:36:59 +02:00
Chris PeBenito
0a8b3d4bb1 seinfo: Use subset in PortconQuery config. 
This will allow users to specify a single port number and see which
portcons apply.  This is more in line with user expectations than the
current exact match behavior.  Closes .
 2017-09-25 20:17:59 -04:00
Chris PeBenito
cc313f9791 __future__ print functions no longer need importing. 2017-09-24 20:40:29 -04:00
Chris PeBenito
856b56accb Update NetworkX support to 2.0. NetworkX 2.0 has API breakage. 
Now SETools requires NetworkX 2.0+.
 2017-09-23 14:03:26 -04:00
Chris PeBenito
8339fd3b1c SELinuxPolicy: Remove deprecated methods. 2017-09-20 19:40:34 -04:00
Chris PeBenito
486de4695e Nodecon: Fix deprecation warning messages. 2017-09-20 19:40:09 -04:00
Chris PeBenito
9fa55c25cb Update unit tests for Python 3 only use. 2017-09-19 20:58:03 -04:00
Chris PeBenito
9e9d9fec9d Used 'yield from' where possible. 2017-09-17 09:43:13 -04:00
Chris PeBenito
576268eeca Use the suppress context manager where possible to improve readability. 2017-09-17 09:43:13 -04:00
Chris PeBenito
1dd0bf31e1 ApolMainWindow: IOError is an alias for OSError in Python 3. 2017-09-17 09:43:13 -04:00
Chris PeBenito
af88deac17 PermissionMapEditor, EdgeAttrList: Use list .clear() method. 
Closes
2017-09-17 09:43:13 -04:00
Chris PeBenito
d0ca705cc7 Drop explicit inheritance of object as all classes are new-style in Python 3. 
Closes
2017-09-17 09:43:13 -04:00
Chris PeBenito
78a15c92ac Nodecon: Implement network property. 
The network property will return an IPv4Network or IPv6Network based on the
nodecon.  If the policy has host bits set, the ipaddress module will
simply ignore the host bits, so there may be unexpected results in network
comparisons.

Closes
2017-09-17 09:43:13 -04:00
Chris PeBenito
bfa50a42f8 NodeconQuery: Make ipaddress module usage unconditional. 
Closes
2017-09-17 09:43:13 -04:00
Chris PeBenito
904a83b27e Implement exception chaining. 
Closes .
 2017-09-17 09:43:13 -04:00
Chris PeBenito
e292a77c52 Drop support for Python < 3.4. 2017-09-17 09:43:13 -04:00
Chris PeBenito
58f62bf627 Start 4.2 development. 2017-09-17 09:43:13 -04:00
Chris PeBenito
7e6126d026 Merge pull request from fishilico/document_build_ext 
Document that build_ext needs to be run before build
 2017-08-25 21:57:21 -04:00
Nicolas Iooss
761915e025
Document that build_ext needs to be run before build 
When installing setools with python setup.py install,
setools/policyrep/qpol.py is not copied to the destination directory.
This is because the file is generated in step build_ext and Python files
are copied beforehand (in step build_py).

A simple workaround consists in running "setup.py build_ext" before
building and installing setools. Document this in the README.

Closes: https://github.com/TresysTechnology/setools/issues/173
 2017-08-25 20:47:57 +02:00
Chris PeBenito
f8c8ff0aee Merge pull request from bachradsusi/byteswap.h 
bswap_* macros are defined in byteswap.h
 2017-08-10 17:03:27 -04:00