[OpenWrt-Devel] [PATCH packages 11/11] utils/selinux-python: new package

Thomas Petazzoni thomas.petazzoni at bootlin.com
Fri Nov 22 04:55:56 EST 2019 

Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
 utils/selinux-python/Makefile                 | 155 ++++++++++++++++++
 .../0001-sepolgen-adjust-data_dir.patch       |  26 +++
 ...hardcode-search-for-ausearch-in-sbin.patch |  38 +++++
 .../0003-Don-t-force-using-python3.patch      |  67 ++++++++
 4 files changed, 286 insertions(+)
 create mode 100644 utils/selinux-python/Makefile
 create mode 100644 utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
 create mode 100644 utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch
 create mode 100644 utils/selinux-python/patches/0003-Don-t-force-using-python3.patch

diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile
new file mode 100644
index 000000000..4fd0376b6
--- /dev/null
+++ b/utils/selinux-python/Makefile
@@ -0,0 +1,155 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=selinux-python
+PKG_VERSION:=2.9
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20190315
+PKG_HASH:=3650b5393b0d1790cac66db00e34f059aa91c23cfe3c2559676594e295d75fde
+PKG_BUILD_DEPENDS:=PACKAGE_selinux-audit2allow:libsepol
+
+PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/python/python-package.mk
+
+#
+# common definitions
+#
+
+define Package/selinux-python/Default
+  SECTION:=utils
+  DEPENDS:=+python +python-libselinux
+  CATEGORY:=Utilities
+  URL:=http://selinuxproject.org/page/Main_Page
+endef
+
+define Package/selinux-python/Default/description
+	A set of SELinux tools written in python that help with
+	managing a system with SELinux enabled.
+endef
+
+MAKE_VARS = \
+	PYTHON=$(HOST_PYTHON_BIN) \
+	PYTHONLIBDIR=$(PYTHON_PKG_DIR)
+
+define Build/Compile
+	$(call Build/Compile/Default,all)
+endef
+
+#
+# selinux-audit2allow
+#
+
+define Package/selinux-audit2allow
+$(call Package/selinux-python/Default)
+  TITLE:=selinux-audit2allow
+  DEPENDS:=+python-sepolgen +libsepol
+endef
+
+define Package/selinux-audit2allow/description
+$(call Package/selinux-python/Default/description)
+  This package contains the audit2allow and audit2why tools.
+endef
+
+define Package/selinux-audit2allow/install
+	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install
+	rm -rf $(1)/usr/share/man
+endef
+
+#
+# selinux-chchat
+#
+
+define Package/selinux-chcat
+$(call Package/selinux-python/Default)
+  TITLE:=selinux-chcat
+endef
+
+define Package/selinux-chcat/description
+$(call Package/selinux-python/Default/description)
+  This package contains the chcat tool.
+endef
+
+define Package/selinux-chcat/install
+	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install
+	rm -rf $(1)/usr/share
+endef
+
+#
+# selinux-semanage
+#
+
+define Package/selinux-semanage
+$(call Package/selinux-python/Default)
+  TITLE:=selinux-semanage
+  DEPENDS:=+python-sepolicy
+endef
+
+define Package/selinux-semanage/description
+$(call Package/selinux-python/Default/description)
+  This package contains the semanage tool.
+endef
+
+define Package/selinux-semanage/install
+	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install
+	rm -rf $(1)/usr/share
+endef
+
+#
+# python-sepolgen
+#
+
+define Package/python-sepolgen
+$(call Package/selinux-python/Default)
+  SUBMENU:=Python
+  SECTION:=lang
+  CATEGORY:=Languages
+  TITLE:=python-sepolgen
+endef
+
+define Package/python-sepolgen/description
+$(call Package/selinux-python/Default/description)
+  This package contains the sepolgen Python library.
+endef
+
+define Package/python-sepolgen/install
+	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install
+	$(INSTALL_DIR) $(1)/usr/share/sepolgen/
+	$(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map
+	$(RM) -rf $(1)/var
+endef
+
+#
+# python-sepolicy
+#
+
+define Package/python-sepolicy
+$(call Package/selinux-python/Default)
+  SUBMENU:=Python
+  SECTION:=lang
+  CATEGORY:=Languages
+  TITLE:=python-sepolicy
+endef
+
+define Package/python-sepolicy/description
+$(call Package/selinux-python/Default/description)
+  This package contains the sepolicy Python library.
+endef
+
+define Package/python-sepolicy/install
+	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install
+	rm -rf $(1)/usr/share
+endef
+
+$(eval $(call BuildPackage,selinux-audit2allow))
+$(eval $(call BuildPackage,selinux-chcat))
+$(eval $(call BuildPackage,selinux-semanage))
+$(eval $(call BuildPackage,python-sepolgen))
+$(eval $(call BuildPackage,python-sepolicy))
diff --git a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
new file mode 100644
index 000000000..5b5426007
--- /dev/null
+++ b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
@@ -0,0 +1,26 @@
+From 4dfa91b1377b6dc57e66443ea1a08c6d79a3a6e2 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+Date: Wed, 2 Oct 2019 12:04:24 +0200
+Subject: [PATCH] sepolgen: adjust data_dir()
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+---
+ sepolgen/src/sepolgen/defaults.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py
+index 6e800695..a61d1efd 100644
+--- a/sepolgen/src/sepolgen/defaults.py
++++ b/sepolgen/src/sepolgen/defaults.py
+@@ -57,7 +57,7 @@ Various default settings, including file and directory locations.
+ """
+ 
+ def data_dir():
+-    return "/var/lib/sepolgen"
++    return "/usr/share/sepolgen"
+ 
+ def perm_map():
+     return data_dir() + "/perm_map"
+-- 
+2.21.0
+
diff --git a/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch b/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch
new file mode 100644
index 000000000..0ebc3e593
--- /dev/null
+++ b/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch
@@ -0,0 +1,38 @@
+From a8a7f8fb5cfe95f28cd5f7ff4b4679ca122fe410 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+Date: Wed, 2 Oct 2019 13:38:18 +0200
+Subject: [PATCH] sepolgen: don't hardcode search for ausearch in /sbin
+
+ausearch may be installed in another location, just rely on PATH to
+find ausearch.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+---
+ sepolgen/src/sepolgen/audit.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
+index 4adb851f..5eafa587 100644
+--- a/sepolgen/src/sepolgen/audit.py
++++ b/sepolgen/src/sepolgen/audit.py
+@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
+     s = time.localtime(time.time() - off)
+     bootdate = time.strftime("%x", s)
+     boottime = time.strftime("%X", s)
+-    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
++    output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+                               stdout=subprocess.PIPE).communicate()[0]
+     if util.PY3:
+         output = util.decode_input(output)
+@@ -56,7 +56,7 @@ def get_audit_msgs():
+        string contain all of the audit messages returned by ausearch.
+     """
+     import subprocess
+-    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
++    output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
+                               stdout=subprocess.PIPE).communicate()[0]
+     if util.PY3:
+         output = util.decode_input(output)
+-- 
+2.21.0
+
diff --git a/utils/selinux-python/patches/0003-Don-t-force-using-python3.patch b/utils/selinux-python/patches/0003-Don-t-force-using-python3.patch
new file mode 100644
index 000000000..c0746d026
--- /dev/null
+++ b/utils/selinux-python/patches/0003-Don-t-force-using-python3.patch
@@ -0,0 +1,67 @@
+From 193e708d53517802040742e63041716e1f89a039 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+Date: Wed, 2 Oct 2019 13:40:20 +0200
+Subject: [PATCH] Don't force using python3
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+---
+ audit2allow/audit2allow    | 2 +-
+ audit2allow/sepolgen-ifgen | 2 +-
+ chcat/chcat                | 2 +-
+ semanage/semanage          | 2 +-
+ sepolicy/sepolicy.py       | 2 +-
+ 5 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/audit2allow/audit2allow b/audit2allow/audit2allow
+index 09b06f66..81f610ad 100644
+--- a/audit2allow/audit2allow
++++ b/audit2allow/audit2allow
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3 -Es
++#!/usr/bin/python -Es
+ # Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
+ # Authors: Dan Walsh <dwalsh at redhat.com>
+ #
+diff --git a/audit2allow/sepolgen-ifgen b/audit2allow/sepolgen-ifgen
+index be2d093b..99700ea9 100644
+--- a/audit2allow/sepolgen-ifgen
++++ b/audit2allow/sepolgen-ifgen
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3 -Es
++#!/usr/bin/python -Es
+ #
+ # Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
+ #
+diff --git a/chcat/chcat b/chcat/chcat
+index ba398684..63e91635 100755
+--- a/chcat/chcat
++++ b/chcat/chcat
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3 -Es
++#!/usr/bin/python -Es
+ # Copyright (C) 2005 Red Hat
+ # see file 'COPYING' for use and warranty information
+ #
+diff --git a/semanage/semanage b/semanage/semanage
+index 144cc000..552ace6a 100644
+--- a/semanage/semanage
++++ b/semanage/semanage
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3 -Es
++#!/usr/bin/python -Es
+ # Copyright (C) 2012-2013 Red Hat
+ # AUTHOR: Miroslav Grepl <mgrepl at redhat.com>
+ # AUTHOR: David Quigley <selinux at davequigley.com>
+diff --git a/sepolicy/sepolicy.py b/sepolicy/sepolicy.py
+index 1934cd86..af606857 100755
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3 -Es
++#!/usr/bin/python -Es
+ # Copyright (C) 2012 Red Hat
+ # AUTHOR: Dan Walsh <dwalsh at redhat.com>
+ # see file 'COPYING' for use and warranty information
+-- 
+2.21.0
+
-- 
2.23.0


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list