97 lines
3.6 KiB
Diff
97 lines
3.6 KiB
Diff
From 4c63b8e7b691bf8fc09ccd5a35ce420effaeb16b Mon Sep 17 00:00:00 2001
|
|
From: Vit Mojzis <vmojzis@redhat.com>
|
|
Date: Mon, 22 Oct 2018 17:43:12 +0200
|
|
Subject: [PATCH 074/170] python/sepolicy: Stop rejecting aliases in sepolicy
|
|
commands
|
|
|
|
Fix CheckDomain and CheckPortType classes to properly deal with aliases.
|
|
|
|
Resolves:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1600009
|
|
|
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
---
|
|
selinux-python-2.8/sepolicy/sepolicy.py | 8 +++-----
|
|
selinux-python-2.8/sepolicy/sepolicy/__init__.py | 18 +++++++++++++++++-
|
|
2 files changed, 20 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/selinux-python-2.8/sepolicy/sepolicy.py b/selinux-python-2.8/sepolicy/sepolicy.py
|
|
index a000c1ad..01380fbe 100755
|
|
--- a/selinux-python-2.8/sepolicy/sepolicy.py
|
|
+++ b/selinux-python-2.8/sepolicy/sepolicy.py
|
|
@@ -60,8 +60,6 @@ class CheckPath(argparse.Action):
|
|
class CheckType(argparse.Action):
|
|
|
|
def __call__(self, parser, namespace, values, option_string=None):
|
|
- domains = sepolicy.get_all_domains()
|
|
-
|
|
if isinstance(values, str):
|
|
setattr(namespace, self.dest, values)
|
|
else:
|
|
@@ -103,7 +101,7 @@ class CheckDomain(argparse.Action):
|
|
domains = sepolicy.get_all_domains()
|
|
|
|
if isinstance(values, str):
|
|
- if values not in domains:
|
|
+ if sepolicy.get_real_type_name(values) not in domains:
|
|
raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (values, ", ".join(domains)))
|
|
setattr(namespace, self.dest, values)
|
|
else:
|
|
@@ -112,7 +110,7 @@ class CheckDomain(argparse.Action):
|
|
newval = []
|
|
|
|
for v in values:
|
|
- if v not in domains:
|
|
+ if sepolicy.get_real_type_name(v) not in domains:
|
|
raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(domains)))
|
|
newval.append(v)
|
|
setattr(namespace, self.dest, newval)
|
|
@@ -167,7 +165,7 @@ class CheckPortType(argparse.Action):
|
|
if not newval:
|
|
newval = []
|
|
for v in values:
|
|
- if v not in port_types:
|
|
+ if sepolicy.get_real_type_name(v) not in port_types:
|
|
raise ValueError("%s must be an SELinux port type:\nValid port types: %s" % (v, ", ".join(port_types)))
|
|
newval.append(v)
|
|
setattr(namespace, self.dest, values)
|
|
diff --git a/selinux-python-2.8/sepolicy/sepolicy/__init__.py b/selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
|
index d8c9decc..b18683e4 100644
|
|
--- a/selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
|
+++ b/selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
|
@@ -447,6 +447,22 @@ def get_file_types(setype):
|
|
return mpaths
|
|
|
|
|
|
+def get_real_type_name(name):
|
|
+ """Return the real name of a type
|
|
+
|
|
+ * If 'name' refers to a type, return the same name.
|
|
+ * If 'name' refers to a type alias, return the corresponding type name.
|
|
+ * Otherwise return None.
|
|
+ """
|
|
+ if not name:
|
|
+ return None
|
|
+
|
|
+ try:
|
|
+ return next(info(TYPE, name))["name"]
|
|
+ except (RuntimeError, StopIteration):
|
|
+ return None
|
|
+
|
|
+
|
|
def get_writable_files(setype):
|
|
file_types = get_all_file_types()
|
|
all_writes = []
|
|
@@ -1061,7 +1077,7 @@ def gen_short_name(setype):
|
|
domainname = setype[:-2]
|
|
else:
|
|
domainname = setype
|
|
- if domainname + "_t" not in all_domains:
|
|
+ if get_real_type_name(domainname + "_t") not in all_domains:
|
|
raise ValueError("domain %s_t does not exist" % domainname)
|
|
if domainname[-1] == 'd':
|
|
short_name = domainname[:-1] + "_"
|
|
--
|
|
2.19.1
|
|
|