Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux:[2930] trunk/sepolgen
|
From: <ssm...@us...> - 2008-07-29 12:12:07
|
Revision: 2930
http://selinux.svn.sourceforge.net/selinux/?rev=2930&view=rev
Author: ssmalley
Date: 2008-07-29 12:12:05 +0000 (Tue, 29 Jul 2008)
Log Message:
-----------
Author: "Karl MacMillan"
Email: kma...@tr...
Subject: RE: libsepol.context_from_record: MLS is disabled, but MLS context"s0" found
Date: Mon, 28 Jul 2008 14:08:50 -0400
> -----Original Message-----
> From: Vikram Ambrose [mailto:Vik...@wi...]
[...]
> >>>>
> >>>>
> >>> Right - it shouldn't do that if is_selinux_mls_enabled() <= 0.
> >>> I think this is a result of the audit2allow / audit2why
> integration;
> >>> previously, audit2why was directly consuming audit messages but
> now it
> >>> is leveraging sepolgen.
> >>>
> >>>
> >>>
> >> Is there a temporary work around for this? audit2* is basically
> the only
> >> debug tools available for selinux n00bs.
> >>
> >
> > I would think that you could just change default_level="" in the
> > to_string definition in class SecurityContext in refpolicy.py. Or
> make
> > it dynamically determine it based on is_selinux_mls_enabled().
> >
> >
> You mean that in a non-MCS/MLS policy level=""?
> and its fine for that function to append "" to the context (without
> the
> ":" added on) ?
>
Here's a patch - I'd appreciate testing on a non-MLS system as I don't
have one handy right now.
Karl
Modified Paths:
--------------
trunk/sepolgen/src/sepolgen/refpolicy.py
trunk/sepolgen/tests/test_refpolicy.py
Modified: trunk/sepolgen/src/sepolgen/refpolicy.py
===================================================================
--- trunk/sepolgen/src/sepolgen/refpolicy.py 2008-07-29 12:02:36 UTC (rev 2929)
+++ trunk/sepolgen/src/sepolgen/refpolicy.py 2008-07-29 12:12:05 UTC (rev 2930)
@@ -19,6 +19,7 @@
import string
import itertools
+import selinux
# OVERVIEW
#
@@ -265,7 +266,7 @@
self.user = ""
self.role = ""
self.type = ""
- self.level = ""
+ self.level = None
if context is not None:
self.from_string(context)
@@ -288,7 +289,7 @@
# FUTURE - normalize level fields to allow more comparisons to succeed.
self.level = string.join(fields[3:], ':')
else:
- self.level = ""
+ self.level = None
def __eq__(self, other):
"""Compare two SecurityContext objects - all fields must be exactly the
@@ -301,7 +302,7 @@
self.type == other.type and \
self.level == other.level
- def to_string(self, default_level="s0"):
+ def to_string(self, default_level=None):
"""Return a string representing this security context.
By default, the string will contiain a MCS / MLS level
@@ -317,8 +318,11 @@
'user:role:type:level'.
"""
fields = [self.user, self.role, self.type]
- if self.level == "":
- if default_level != "":
+ if self.level is None:
+ if default_level is None:
+ if selinux.is_selinux_mls_enabled() == 1:
+ fields.append("s0")
+ else:
fields.append(default_level)
else:
fields.append(self.level)
Modified: trunk/sepolgen/tests/test_refpolicy.py
===================================================================
--- trunk/sepolgen/tests/test_refpolicy.py 2008-07-29 12:02:36 UTC (rev 2929)
+++ trunk/sepolgen/tests/test_refpolicy.py 2008-07-29 12:12:05 UTC (rev 2930)
@@ -19,6 +19,7 @@
import unittest
import sepolgen.refpolicy as refpolicy
+import selinux
class TestIdSet(unittest.TestCase):
def test_set_to_str(self):
@@ -40,8 +41,11 @@
self.assertEquals(sc.user, "user_u")
self.assertEquals(sc.role, "object_r")
self.assertEquals(sc.type, "foo_t")
- self.assertEquals(sc.level, "")
- self.assertEquals(str(sc), context + ":s0")
+ self.assertEquals(sc.level, None)
+ if selinux.is_selinux_mls_enabled():
+ self.assertEquals(str(sc), context + ":s0")
+ else:
+ self.assertEquals(str(sc), context)
self.assertEquals(sc.to_string(default_level="s1"), context + ":s1")
context = "user_u:object_r:foo_t:s0-s0:c0-c255"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
