]>
Commit | Line | Data |
---|---|---|
b5e211a4 SS |
1 | diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py |
2 | index 1a9a3e5..d56dd92 100644 | |
3 | --- a/sepolgen/src/sepolgen/matching.py | |
4 | +++ b/sepolgen/src/sepolgen/matching.py | |
5 | @@ -50,7 +50,7 @@ class Match: | |
6 | return 1 | |
7 | ||
8 | class MatchList: | |
9 | - DEFAULT_THRESHOLD = 120 | |
10 | + DEFAULT_THRESHOLD = 150 | |
11 | def __init__(self): | |
12 | # Match objects that pass the threshold | |
13 | self.children = [] | |
14 | @@ -63,14 +63,15 @@ class MatchList: | |
15 | def best(self): | |
16 | if len(self.children): | |
17 | return self.children[0] | |
18 | - else: | |
19 | - return None | |
20 | + if len(self.bastards): | |
21 | + return self.bastards[0] | |
22 | + return None | |
23 | ||
24 | def __len__(self): | |
25 | # Only return the length of the matches so | |
26 | # that this can be used to test if there is | |
27 | # a match. | |
28 | - return len(self.children) | |
29 | + return len(self.children) + len(self.bastards) | |
30 | ||
31 | def __iter__(self): | |
32 | return iter(self.children) | |
33 | diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py | |
34 | index 4882999..9dc2d32 100644 | |
35 | --- a/sepolgen/src/sepolgen/policygen.py | |
36 | +++ b/sepolgen/src/sepolgen/policygen.py | |
37 | @@ -30,7 +30,11 @@ import access | |
38 | import interfaces | |
39 | import matching | |
40 | import selinux.audit2why as audit2why | |
41 | -from setools import * | |
42 | +try: | |
43 | + from setools import * | |
44 | + alldomains = seinfo(ATTRIBUTE, name="domain")[0]["types"] | |
45 | +except: | |
46 | + pass | |
47 | ||
48 | # Constants for the level of explanation from the generation | |
49 | # routines | |
50 | @@ -79,7 +83,6 @@ class PolicyGenerator: | |
51 | ||
52 | self.dontaudit = False | |
53 | ||
54 | - self.domains = None | |
55 | def set_gen_refpol(self, if_set=None, perm_maps=None): | |
56 | """Set whether reference policy interfaces are generated. | |
57 | ||
58 | @@ -175,13 +178,11 @@ class PolicyGenerator: | |
59 | if av.type == audit2why.TERULE: | |
60 | if "write" in av.perms: | |
61 | if "dir" in av.obj_class or "open" in av.perms: | |
62 | - if not self.domains: | |
63 | - self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"] | |
64 | types=[] | |
65 | ||
66 | try: | |
67 | for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})): | |
68 | - if i not in self.domains: | |
69 | + if i not in alldomains: | |
70 | types.append(i) | |
71 | if len(types) == 1: | |
72 | rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) | |
73 | diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py | |
74 | index 9a79340..a4adbd8 100644 | |
75 | --- a/sepolgen/src/sepolgen/refparser.py | |
76 | +++ b/sepolgen/src/sepolgen/refparser.py | |
77 | @@ -245,7 +245,7 @@ def t_refpolicywarn(t): | |
78 | t.lexer.lineno += 1 | |
79 | ||
80 | def t_IDENTIFIER(t): | |
81 | - r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*' | |
82 | + r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*' | |
83 | # Handle any keywords | |
84 | t.type = reserved.get(t.value,'IDENTIFIER') | |
85 | return t |