diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch new file mode 100644 index 0000000..a5d982a --- /dev/null +++ b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -0,0 +1,140 @@ +From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 23 Feb 2017 08:17:07 +0100 +Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and + setools.DomainTransitionAnalysis + +dta and infoflow modules require networkx which brings lot of dependencies. +These dependencies are not necessary for setools module itself as it's +used in policycoreutils. + +Therefore it's better to use setools.infoflow.InfoFlowAnalysis and +setools.dta.DomainTransitionAnalysis and let the package containing +sedta and seinfoflow to require python3-networkx +--- + sedta | 3 ++- + seinfoflow | 3 ++- + setools/__init__.py | 4 ++-- + setoolsgui/apol/dta.py | 2 +- + setoolsgui/apol/infoflow.py | 2 +- + tests/dta.py | 3 ++- + tests/infoflow.py | 3 ++- + 7 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/sedta b/sedta +index 1c76ebb..255ad49 100755 +--- a/sedta ++++ b/sedta +@@ -23,6 +23,7 @@ import argparse + import logging + + import setools ++import setools.dta + + + def print_transition(trans): +@@ -111,7 +112,7 @@ else: + + try: + p = setools.SELinuxPolicy(args.policy) +- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) ++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) + + if args.shortest_path or args.all_paths: + if args.shortest_path: +diff --git a/seinfoflow b/seinfoflow +index b287921..d53bdef 100755 +--- a/seinfoflow ++++ b/seinfoflow +@@ -19,6 +19,7 @@ + + from __future__ import print_function + import setools ++import setools.infoflow + import argparse + import sys + import logging +@@ -79,7 +80,7 @@ else: + try: + p = setools.SELinuxPolicy(args.policy) + m = setools.PermissionMap(args.map) +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) + + if args.shortest_path or args.all_paths: + if args.shortest_path: +diff --git a/setools/__init__.py b/setools/__init__.py +index a84c846..a53c5a7 100644 +--- a/setools/__init__.py ++++ b/setools/__init__.py +@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery + from .devicetreeconquery import DevicetreeconQuery + + # Information Flow Analysis +-from .infoflow import InfoFlowAnalysis ++# from .infoflow import InfoFlowAnalysis + from .permmap import PermissionMap + + # Domain Transition Analysis +-from .dta import DomainTransitionAnalysis ++# from .dta import DomainTransitionAnalysis + + # Policy difference + from .diff import PolicyDifference +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py +index 0aaf13f..5b1ea20 100644 +--- a/setoolsgui/apol/dta.py ++++ b/setoolsgui/apol/dta.py +@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + + from ..logtosignal import LogHandlerToSignal + from .analysistab import AnalysisTab +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py +index 1ae16de..fdf8f7b 100644 +--- a/setoolsgui/apol/infoflow.py ++++ b/setoolsgui/apol/infoflow.py +@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools.exception import UnmappedClass, UnmappedPermission + + from ..logtosignal import LogHandlerToSignal +diff --git a/tests/dta.py b/tests/dta.py +index 32b9271..2bdd052 100644 +--- a/tests/dta.py ++++ b/tests/dta.py +@@ -17,7 +17,8 @@ + # + import unittest + +-from setools import SELinuxPolicy, DomainTransitionAnalysis ++from setools import SELinuxPolicy ++from setools.dta import DomainTransitionAnalysis + from setools import TERuletype as TERT + from setools.policyrep.exception import InvalidType + from setools.policyrep.typeattr import Type +diff --git a/tests/infoflow.py b/tests/infoflow.py +index 7751dda..a21c683 100644 +--- a/tests/infoflow.py ++++ b/tests/infoflow.py +@@ -17,7 +17,8 @@ + # + import unittest + +-from setools import SELinuxPolicy, InfoFlowAnalysis ++from setools import SELinuxPolicy ++from setools.infoflow import InfoFlowAnalysis + from setools import TERuletype as TERT + from setools.permmap import PermissionMap + from setools.policyrep.exception import InvalidType +-- +2.9.3 + diff --git a/setools.spec b/setools.spec index a0f79ed..9c0c41e 100644 --- a/setools.spec +++ b/setools.spec @@ -20,6 +20,7 @@ Source0: https://github.com/TresysTechnology/setools/archive/%{version}%{ Source1: setools.pam Source2: apol.desktop Patch1: 0001-Do-not-use-Werror-during-build.patch +Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -52,15 +53,30 @@ libraries designed to facilitate SELinux policy analysis. This package includes the following console tools: sediff Compare two policies to find differences. - sedta Perform domain transition analyses. seinfo List policy components. - seinfoflow Perform information flow analyses. sesearch Search rules (allow, type_transition, etc.) +%package console-analyses +Summary: Policy analysis command-line tools for SELinux +Group: System Environment/Base +License: GPLv2 +Requires: setools-python3 = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} +Requires: python3-networkx + +%description console-analyses +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sedta Perform domain transition analyses. + seinfoflow Perform information flow analyses. + + %package python Summary: Policy analysis tools for SELinux -Requires: python-networkx %description python SETools is a collection of graphical tools, command-line tools, and @@ -69,7 +85,6 @@ Python 2 modules designed to facilitate SELinux policy analysis. %package python3 Summary: Policy analysis tools for SELinux Obsoletes: setools-libs < 4.0.0, setools-libs-tcl -Requires: python3-networkx %description python3 SETools is a collection of graphical tools, command-line tools, and @@ -79,6 +94,7 @@ Python 3 modules designed to facilitate SELinux policy analysis. %package gui Summary: Policy analysis graphical tools for SELinux Requires: python3-qt5 +Requires: python3-networkx %description gui SETools is a collection of graphical tools, command-line tools, and @@ -125,11 +141,17 @@ popd %files console %{_bindir}/sediff -%{_bindir}/sedta %{_bindir}/seinfo -%{_bindir}/seinfoflow %{_bindir}/sesearch -%{_mandir}/man1/* +%{_mandir}/man1/sediff* +%{_mandir}/man1/seinfo* +%{_mandir}/man1/sesearch* + +%files console-analyses +%{_bindir}/sedta +%{_bindir}/seinfoflow +%{_mandir}/man1/sedta* +%{_mandir}/man1/seinfoflow* %files python # %doc AUTHORS ChangeLog KNOWN-BUGS NEWS README @@ -149,6 +171,7 @@ popd %files gui %{_bindir}/apol +%{_mandir}/man1/apol* %changelog * Wed Feb 15 2017 Petr Lautrbach - 4.1.0-1