Cross Reference: /external/selinux/sepolgen/src/sepolgen/audit.py

History log of /external/selinux/sepolgen/src/sepolgen/audit.py
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
60956ac7ec5ad9cdf3eb3e338f7a61511cae73b3	05-Aug-2015	Robert Kuska <rkuska@redhat.com>	sepolgen: Decode output from Popen in Python3 In Python3 output from Popen communicate function returns bytes, to handle output as a string it is needed to properly decode it. Signed-off-by: Robert Kuska <rkuska@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
15a7553d2274a351fb1098f7bfab86346c5a04b8	16-Jul-2015	Robert Kuska <rkuska@redhat.com>	sepolgen: Apply fixes discovered by 2to3 where needed. Replace usage of print statement with print function. Use `in` instead of `has_key` when checking for key in dict. When using `raise` add text (if any) as parameter of exception function. Add Python3 imports of moved modules. Replace `map` with list comprehension. Use reserved word `as` in try-except when catching exception. Replace `ifilter` function with `filter`. Signed-off-by: Robert Kuska <rkuska@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
fd00e882c4886124008cf473e4a9af1dd7a93b68	16-Jul-2015	Robert Kuska <rkuska@redhat.com>	sepolgen: Use relative imports for modules within sepolgen. Python 3 changes the syntax for imports from within a package, requiring you to use the relative import syntax, saying from . import mymodule instead of the just import mymodule. Signed-off-by: Robert Kuska <rkuska@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
4a674abd341bf6847d5f245d57b42f4fd0786123	28-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Return the sections of the source and target context that differ Help the administrator/policy developer to see what parts of the label are different. For example if you get a constraint violation and the role of the source and target differ, audit2allow will suggest this might be the problem. /external/selinux/sepolgen/src/sepolgen/audit.py
56258807ea4b33cf3c7a1dbf1b574ab77c91f899	25-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Revert "Richard Haines patch that allows us discover constraint violation information" This reverts commit 56b49ab7114f367f46b70e41d84dc7e6d52d5209. Conflicts: libselinux/src/audit2why.c /external/selinux/sepolgen/src/sepolgen/audit.py
56b49ab7114f367f46b70e41d84dc7e6d52d5209	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Richard Haines patch that allows us discover constraint violation information Basically we need this information to allow audit2allow/audit2why to better describe which constraint is being broken. /external/selinux/sepolgen/src/sepolgen/audit.py
a2a50eaaec750af192d4a8b37f5022242e30f06e	16-Oct-2012	rhatdan <dwalsh@redhat.com>	sepolgen: audit.py: Handle times in foreign locals for audit2allow -b Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
628bcc69e23d96cec308bae5c70bebdeebeeeecc	12-Sep-2012	Eric Paris <eparis@redhat.com>	policycoreutils: sepolgen: return and output constraint violation information update sepolgen to return constraint violation information. Then output that information in audit2allow. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
df45dcdf3db2d02930bbd095f6e9bc4f3eafdf3f	18-Jan-2012	Dan Walsh <dwalsh@redhat.com>	sepolgen: audit.py Dont crash if empty data is passed to sepolgen If you pass output from a log file that does not include any avc's audit2allow will crash. This patch fixes this problem. ausearch -m avc -ts recent \| audit2allow If there was no AVC's recently, we do not want the python to crash. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
5c3211bccad45be0f546dbf976200142d1e4959d	01-Nov-2011	Eric Paris <eparis@redhat.com>	sepolgen: better analysis of why things broke combine analysys of audit2why into audit2allow, so users can see if a boolean would solve an AVC or if it is a constrain violation. Rather then blindly adding allow rules to modules. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
077e8635173ae51576ee6c27eb7c6d12243294e9	13-Oct-2011	Dan Walsh <dwalsh@redhat.com>	sepolgen: Return name field in avc data Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/sepolgen/src/sepolgen/audit.py
03cd8c2d47eb5ad3d7242ac1a0c71adc1e16ad89	12-Mar-2010	Daniel J Walsh <dwalsh@redhat.com>	This patch allows audit2allow to look at all avc's since the last time the machine booted. Acked-by: Karl MacMillan <kmacmillan@tresys.com> /external/selinux/sepolgen/src/sepolgen/audit.py
a3ccf607a2137a2bdfd21b21502803d02a1ea530	08-Sep-2009	Stephen Smalley <sds@tycho.nsa.gov>	policycoreutils: audit2allow -l doesn't work with dmesg pipe On Mon, 2009-08-24 at 23:37 +1000, Russell Coker wrote: > On Mon, 24 Aug 2009, Daniel J Walsh <dwalsh@redhat.com> wrote: > > >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503252 > > >> > > >> audit2allow -l is looking for the load_policy message which does not go > > >> to the dmesg, /var/log/messages. Therefore the tool has no idea when > > >> policy was last loaded. > > > > > > That would be a kernel bug then. > > > > Well I believe the messages that are intercepted by the audit.log do not go > > into dmesg, by design. Although Steve, James or Eric could probably say for > > sure. > > When auditd is not running on a Debian system with CentOS kernel > 2.6.18-92.1.13.el5xen or Debian/Lenny kernel 2.6.26-2-xen-686 then nothing > goes to the kernel message log which is interpreted by audit2allow as a > candidate for the "-l" functionality. > > It's OK if all the AVC messages go to the audit log and "dmesg\|audit2allow -l" > gives no output. But if all AVC messages other than the load_policy message > go to the kernel message log then it's a bug. Originally audit2allow used the avc: allowed message generated by auditallow statement for load_policy to identify policy reloads. Later it was switched to use the MAC_POLICY_LOAD events generated by the audit framework. Those events should still get logged via printk if auditd is not running, but it appears that the code (audit_printk_skb) will then log the type= field as an integer rather than a string, and audit2allow/sepolgen only looks for the string MAC_POLICY_LOAD. So I suspect that this would be resolved by modifying sepolgen/audit.py to also match on type=1403 for load messages. Try this: Signed-off-by: Joshua Brindle <method@manicmethod.com> /external/selinux/sepolgen/src/sepolgen/audit.py
13cd4c8960688af11ad23b4c946149015c80d549	19-Aug-2008	Joshua Brindle <method@manicmethod.com>	initial import from svn trunk revision 2950 /external/selinux/sepolgen/src/sepolgen/audit.py