policycoreutils/patches/policycoreutils-sepolgen.patch2

   1 diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
   2 index 1a9a3e5..d56dd92 100644
   3 --- a/sepolgen/src/sepolgen/matching.py
   4 +++ b/sepolgen/src/sepolgen/matching.py
   5 @@ -50,7 +50,7 @@ class Match:
   6                  return 1
   7
   8  class MatchList:
   9 -    DEFAULT_THRESHOLD = 120
  10 +    DEFAULT_THRESHOLD = 150
  11      def __init__(self):
  12          # Match objects that pass the threshold
  13          self.children = []
  14 @@ -63,14 +63,15 @@ class MatchList:
  15      def best(self):
  16          if len(self.children):
  17              return self.children[0]
  18 -        else:
  19 -            return None
  20 +        if len(self.bastards):
  21 +            return self.bastards[0]
  22 +        return None
  23
  24      def __len__(self):
  25          # Only return the length of the matches so
  26          # that this can be used to test if there is
  27          # a match.
  28 -        return len(self.children)
  29 +        return len(self.children) + len(self.bastards)
  30
  31      def __iter__(self):
  32          return iter(self.children)
  33 diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
  34 index 4882999..9dc2d32 100644
  35 --- a/sepolgen/src/sepolgen/policygen.py
  36 +++ b/sepolgen/src/sepolgen/policygen.py
  37 @@ -30,7 +30,11 @@ import access
  38  import interfaces
  39  import matching
  40  import selinux.audit2why as audit2why
  41 -from setools import *
  42 +try:
  43 +    from setools import *
  44 +    alldomains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
  45 +except:
  46 +    pass
  47
  48  # Constants for the level of explanation from the generation
  49  # routines
  50 @@ -79,7 +83,6 @@ class PolicyGenerator:
  51
  52          self.dontaudit = False
  53
  54 -        self.domains = None
  55      def set_gen_refpol(self, if_set=None, perm_maps=None):
  56          """Set whether reference policy interfaces are generated.
  57
  58 @@ -175,13 +178,11 @@ class PolicyGenerator:
  59              if av.type == audit2why.TERULE:
  60                  if "write" in av.perms:
  61                      if "dir" in av.obj_class or "open" in av.perms:
  62 -                        if not self.domains:
  63 -                            self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
  64                          types=[]
  65
  66                          try:
  67                              for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
  68 -                                if i not in self.domains:
  69 +                                if i not in alldomains:
  70                                      types.append(i)
  71                              if len(types) == 1:
  72                                  rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
  73 diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
  74 index 9a79340..a4adbd8 100644
  75 --- a/sepolgen/src/sepolgen/refparser.py
  76 +++ b/sepolgen/src/sepolgen/refparser.py
  77 @@ -245,7 +245,7 @@ def t_refpolicywarn(t):
  78      t.lexer.lineno += 1
  79
  80  def t_IDENTIFIER(t):
  81 -    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*'
  82 +    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*'
  83      # Handle any keywords
  84      t.type = reserved.get(t.value,'IDENTIFIER')
  85      return t