[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/flask/

["Jason Zaman" <perfinion@gentoo.org>]

commit:     42e8225c62bc535718a2582b973315348748c459
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu May 31 21:40:10 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Jun  8 09:21:01 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=42e8225c

Remove deprecated flask.py script.

 policy/flask/Makefile |  51 -----
 policy/flask/flask.py | 536 --------------------------------------------------
 2 files changed, 587 deletions(-)

diff --git a/policy/flask/Makefile b/policy/flask/Makefile
deleted file mode 100644
index 17dc1747..00000000
--- a/policy/flask/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-PYTHON ?= python
-
-# flask needs to know where to export the libselinux headers.
-LIBSELINUX_D ?= ../../libselinux
-
-# flask needs to know where to export the kernel headers.
-LINUX_D ?= ../../../linux-2.6
-
-ACCESS_VECTORS_F = access_vectors
-INITIAL_SIDS_F = initial_sids
-SECURITY_CLASSES_F = security_classes
-
-USER_D = userspace
-KERN_D = kernel
-
-LIBSELINUX_INCLUDE_H = flask.h av_permissions.h
-LIBSELINUX_SOURCE_H = class_to_string.h av_inherit.h common_perm_to_string.h av_perm_to_string.h
-
-FLASK_H = class_to_string.h flask.h initial_sid_to_string.h
-ACCESS_VECTORS_H = av_inherit.h common_perm_to_string.h av_perm_to_string.h av_permissions.h
-ALL_H = $(FLASK_H) $(ACCESS_VECTORS_H)
-
-USER_H = $(addprefix $(USER_D)/, $(ALL_H))
-KERN_H = $(addprefix $(KERN_D)/, $(ALL_H))
-
-FLASK_NOWARNINGS = --nowarnings
-
-all:  $(USER_H) $(KERN_H)
-
-$(USER_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F)
-	mkdir -p $(USER_D)
-	$(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(USER_D) -u $(FLASK_NOWARNINGS)
-
-$(KERN_H): flask.py $(ACCESS_VECTORS_F) $(INITIAL_SIDS_F) $(SECURITY_CLASSES_F)
-	mkdir -p $(KERN_D) 
-	$(PYTHON) flask.py -a $(ACCESS_VECTORS_F) -i $(INITIAL_SIDS_F) -s $(SECURITY_CLASSES_F) -o $(KERN_D) -k $(FLASK_NOWARNINGS)
-
-tolib: all
-	install -m 644 $(addprefix $(USER_D)/, $(LIBSELINUX_INCLUDE_H)) $(LIBSELINUX_D)/include/selinux
-	install -m 644 $(addprefix $(USER_D)/, $(LIBSELINUX_SOURCE_H)) $(LIBSELINUX_D)/src
-
-tokern: all
-	install -m 644 $(KERN_H) $(LINUX_D)/security/selinux/include
-
-install: all
-
-relabel:
-
-clean:  
-	rm -fr userspace
-	rm -fr kernel

diff --git a/policy/flask/flask.py b/policy/flask/flask.py
deleted file mode 100644
index ca566d86..00000000
--- a/policy/flask/flask.py
+++ /dev/null
@@ -1,536 +0,0 @@
-#!/usr/bin/python -E
-#
-# Author(s):	Caleb Case <ccase@tresys.com>
-#
-# Adapted from the bash/awk scripts mkflask.sh and mkaccess_vector.sh
-#
-
-import getopt
-import os
-import sys
-import re
-
-class ParseError(Exception):
-	def __init__(self, type, file, line):
-		self.type = type
-		self.file = file
-		self.line = line
-	def __str__(self):
-		typeS = self.type
-		if type(self.type) is not str: typeS = Flask.CONSTANT_S[self.type]
-		return "Parse Error: Unexpected %s on line %d of %s." % (typeS, self.line, self.file)
-
-class DuplicateError(Exception):
-	def __init__(self, type, file, line, symbol):
-		self.type = type
-		self.file = file
-		self.line = line
-		self.symbol = symbol
-	def __str__(self):
-		typeS = self.type
-		if type(self.type) is not str: typeS = Flask.CONSTANT_S[self.type]
-		return "Duplicate Error: Duplicate %s '%s' on line %d of %s." % (typeS, self.symbol, self.line, self.file)
-
-class UndefinedError(Exception):
-	def __init__(self, type, file, line, symbol):
-		self.type = type
-		self.file = file
-		self.line = line
-		self.symbol = symbol
-	def __str__(self):
-		typeS = self.type
-		if type(self.type) is not str: typeS = Flask.CONSTANT_S[self.type]
-		return "Undefined Error: %s '%s' is not defined but used on line %d of %s." % (typeS, self.symbol, self.line, self.file)
-
-class UnusedError(Exception):
-	def __init__(self, info):
-		self.info = info
-	def __str__(self):
-		return "Unused Error: %s" % self.info
-
-class Flask:
-	'''
-	FLASK container class with utilities for parsing definition
-	files and creating c header files.
-	'''
-
-	#Constants used in definitions parsing.
-	WHITE    = re.compile(r'^\s*$')
-	COMMENT  = re.compile(r'^\s*#')
-	USERFLAG = re.compile(r'# userspace')
-	CLASS    = re.compile(r'^class (?P<name>\w+)')
-	COMMON   = re.compile(r'^common (?P<name>\w+)')
-	INHERITS = re.compile(r'^inherits (?P<name>\w+)')
-	OPENB    = re.compile(r'^{')
-	VECTOR   = re.compile(r'^\s*(?P<name>\w+)')
-	CLOSEB   = re.compile(r'^}')
-	SID      = re.compile(r'^sid (?P<name>\w+)')
-	EOF      = "end of file"
-
-	#Constants used in header generation.
-	USERSPACE = 0
-	KERNEL    = 1
-
-	CONSTANT_S = { \
-		#parsing constants
-		WHITE    : "whitespace", \
-		COMMENT  : "comment", \
-		USERFLAG : "userspace flag", \
-		CLASS    : "class definition", \
-		COMMON   : "common definition", \
-		INHERITS : "inherits definition", \
-		OPENB    : "'{'", \
-		VECTOR   : "access vector definition", \
-		CLOSEB   : "'}'", \
-		SID      : "security identifier", \
-		EOF      : "end of file", \
-		#generation constants
-		USERSPACE : "userspace mode", \
-		KERNEL    : "kernel mode", \
-	}
-
-	def __init__(self, warn = True):
-		self.WARN = warn
-		self.autogen   = "/* This file is automatically generated.  Do not edit. */\n"
-		self.commons   = []
-		self.user_commons = []
-		self.common    = {}
-		self.classes   = []
-		self.vectors   = []
-		self.vector    = {}
-		self.userspace = {}
-		self.sids      = []
-		self.inherits  = {}
-	
-	def warning(self, msg):
-		'''
-		Prints a warning message out to stderr if warnings are enabled.
-		'''
-		if self.WARN: sys.stderr.write("Warning: %s\n" % msg)
-
-	def parseClasses(self, path):
-		'''
-		Parses security class definitions from the given path.
-		'''
-		classes = []
-		input = open(path, 'r')
-
-		number = 0
-		for line in input:
-			number += 1
-			m = self.COMMENT.search(line)
-			if m: continue
-
-			m = self.WHITE.search(line)
-			if m: continue
-
-			m = self.CLASS.search(line)
-			if m:
-				g = m.groupdict()
-				c = g['name']
-				if c in classes: raise DuplicateError, (self.CLASS, path, number, c)
-				classes.append(c)
-				if self.USERFLAG.search(line):
-					self.userspace[c] = True
-				else:
-					self.userspace[c] = False
-				continue
-
-			raise ParseError, ("data.  Was expecting either a comment, whitespace, or class definition. ", path, number)
-
-		self.classes = classes
-		return classes
-
-	def parseSids(self, path):
-		'''
-		Parses initial SID definitions from the given path.
-		'''
-
-		sids = []
-		input = open(path, 'r')
-		for line in input:
-			m = self.COMMENT.search(line)
-			if m: continue
-
-			m = self.WHITE.search(line)
-			if m: continue
-
-			m = self.SID.search(line)
-			if m:
-				g = m.groupdict()
-				s = g['name']
-				if s in sids: raise DuplicateError, (self.SID, path, number, s)
-				sids.append(s)
-				continue
-			
-			raise ParseError, ("data. Was expecting either a comment, whitespace, or security identifier. ", path, number)
-
-		self.sids = sids
-		return sids
-
-	def parseVectors(self, path):
-		'''
-		Parses access vector definitions from the given path.
-		'''
-		vectors = []
-		vector  = {}
-		commons = []
-		common = {}
-		inherits = {}
-		user_commons = {}
-		input = open(path, 'r')
-
-		# states
-		NONE    = 0
-		COMMON  = 1
-		CLASS   = 2
-		INHERIT = 3
-		OPEN    = 4
-
-		state = NONE
-		state2 = NONE
-		number = 0
-		for line in input:
-			number += 1
-			m = self.COMMENT.search(line)
-			if m: continue
-
-			m = self.WHITE.search(line)
-			if m: 
-				if state == INHERIT:
-					state = NONE
-				continue
-
-			m = self.COMMON.search(line)
-			if m:
-				if state != NONE: raise ParseError, (self.COMMON, path, number)
-				g = m.groupdict()
-				c = g['name']
-				if c in commons: raise DuplicateError, (self.COMMON, path, number, c)
-				commons.append(c)
-				common[c] = []
-				user_commons[c] = True
-				state = COMMON
-				continue
-
-			m = self.CLASS.search(line)
-			if m:
-				if state != NONE: raise ParseError, (self.CLASS, number)
-				g = m.groupdict()
-				c = g['name']
-				if c in vectors: raise DuplicateError, (self.CLASS, path, number, c)
-				if c not in self.classes: raise UndefinedError, (self.CLASS, path, number, c)
-				vectors.append(c)
-				vector[c] = []
-				state = CLASS
-				continue
-			
-			m = self.INHERITS.search(line)
-			if m:
-				if state != CLASS: raise ParseError, (self.INHERITS, number)
-				g = m.groupdict()
-				i = g['name']
-				if c in inherits: raise DuplicateError, (self.INHERITS, path, number, c)
-				if i not in common: raise UndefinedError, (self.COMMON, path, number, i)
-				inherits[c] = i
-				state = INHERIT
-				if not self.userspace[c]: user_commons[i] = False
-				continue
-
-			m = self.OPENB.search(line)
-			if m:
-				if (state != CLASS \
-				and state != INHERIT \
-				and state != COMMON) \
-				or state2 != NONE: 
-					raise ParseError, (self.OPENB, path, number)
-				state2 = OPEN
-				continue
-
-			m = self.VECTOR.search(line)
-			if m:
-				if state2 != OPEN: raise ParseError, (self.VECTOR, path, number)
-				g = m.groupdict()
-				v = g['name']
-				if state == CLASS or state == INHERIT:
-					if v in vector[c]: raise DuplicateError, (self.VECTOR, path, number, v)
-					vector[c].append(v)
-				elif state == COMMON:
-					if v in common[c]: raise DuplicateError, (self.VECTOR, path, number, v)
-					common[c].append(v)
-				continue
-
-			m = self.CLOSEB.search(line)
-			if m:
-				if state2 != OPEN: raise ParseError, (self.CLOSEB, path, number)
-				state = NONE
-				state2 = NONE
-				c = None
-				continue
-			
-			raise ParseError, ("data", path, number)
-
-		if state != NONE and state2 != NONE: raise ParseError, (self.EOF, path, number)
-
-		cvdiff = set(self.classes) - set(vectors)
-		if cvdiff: raise UnusedError, "Not all security classes were used in access vectors: %s" % cvdiff # the inverse of this will be caught as an undefined class error
-
-		self.commons = commons
-		self.user_commons = user_commons
-		self.common = common
-		self.vectors = vectors
-		self.vector = vector
-		self.inherits = inherits
-		return vector
-
-	def createHeaders(self, path, mode = USERSPACE):
-		'''
-		Creates the C header files in the specified MODE and outputs
-		them to give PATH.
-		'''
-		headers = { \
-			'av_inherit.h'            : self.createAvInheritH(mode), \
-			'av_perm_to_string.h'     : self.createAvPermToStringH(mode), \
-			'av_permissions.h'        : self.createAvPermissionsH(mode), \
-			'class_to_string.h'       : self.createClassToStringH(mode), \
-			'common_perm_to_string.h' : self.createCommonPermToStringH(mode), \
-			'flask.h'                 : self.createFlaskH(mode), \
-			'initial_sid_to_string.h' : self.createInitialSidToStringH(mode) \
-		}
-
-		for key, value in headers.items():
-			of = open(os.path.join(path, key), 'w')
-			of.writelines(value)
-			of.close()
-
-	def createUL(self, count):
-		fields = [1, 2, 4, 8]
-		return "0x%08xUL" % (fields[count % 4] << 4 * (count / 4))
-
-	def createAvInheritH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		for c in self.vectors:
-			if c in self.inherits:
-				i = self.inherits[c]
-				count = len(self.common[i])
-				if not (mode == self.KERNEL and self.userspace[c]):
-					results.append("   S_(SECCLASS_%s, %s, %s)\n" % (c.upper(), i, self.createUL(count)))
-		return results
-
-	def createAvPermToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		for c in self.vectors:
-			for p in self.vector[c]:
-				if not (mode == self.KERNEL and self.userspace[c]):
-					results.append("   S_(SECCLASS_%s, %s__%s, \"%s\")\n" % (c.upper(), c.upper(), p.upper(), p))
-
-		return results
-
-	def createAvPermissionsH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-
-		width = 57
-		count = 0
-		for common in self.commons:
-			count = 0
-			shift = 0
-			for p in self.common[common]:
-				if not (mode == self.KERNEL and self.user_commons[common]):
-					columnA = "#define COMMON_%s__%s " % (common.upper(), p.upper())
-					columnA += "".join([" " for i in range(width - len(columnA))])
-					results.append("%s%s\n" % (columnA, self.createUL(count)))
-					count += 1
-
-		width = 50 # broken for old tools whitespace
-		for c in self.vectors:
-			count = 0
-
-			ps = []
-			if c in self.inherits:
-				ps += self.common[self.inherits[c]]
-			ps += self.vector[c]
-			for p in ps: 
-				columnA = "#define %s__%s " % (c.upper(), p.upper())
-				columnA += "".join([" " for i in range(width - len(columnA))])
-				if not (mode == self.KERNEL and self.userspace[c]):
-					results.append("%s%s\n" % (columnA, self.createUL(count)))
-				count += 1
-
-		return results
-
-	def createClassToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		results.append("/*\n * Security object class definitions\n */\n")
-
-		if mode == self.KERNEL:
-			results.append("    S_(NULL)\n")
-		else:
-			results.append("    S_(\"null\")\n")
-
-		for c in self.classes:
-			if mode == self.KERNEL and self.userspace[c]:
-				results.append("    S_(NULL)\n")
-			else:
-				results.append("    S_(\"%s\")\n" % c)
-		return results
-
-	def createCommonPermToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		for common in self.commons:
-			if not (mode == self.KERNEL and self.user_commons[common]):
-				results.append("TB_(common_%s_perm_to_string)\n" % common)
-				for p in self.common[common]:
-					results.append("    S_(\"%s\")\n" % p)
-				results.append("TE_(common_%s_perm_to_string)\n\n" % common)
-		return results
-	
-	def createFlaskH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		results.append("#ifndef _SELINUX_FLASK_H_\n")
-		results.append("#define _SELINUX_FLASK_H_\n")
-		results.append("\n")
-		results.append("/*\n")
-		results.append(" * Security object class definitions\n")
-		results.append(" */\n")
-
-		count = 0
-		width = 57
-		for c in self.classes:
-			count += 1
-			columnA = "#define SECCLASS_%s " % c.upper()
-			columnA += "".join([" " for i in range(width - len(columnA))])
-			if not (mode == self.KERNEL and self.userspace[c]):
-				results.append("%s%d\n" % (columnA, count))
-
-		results.append("\n")
-		results.append("/*\n")
-		results.append(" * Security identifier indices for initial entities\n")
-		results.append(" */\n")
-		
-		count = 0
-		width = 56 # broken for old tools whitespace
-		for s in self.sids:
-			count += 1
-			columnA = "#define SECINITSID_%s " % s.upper()
-			columnA += "".join([" " for i in range(width - len(columnA))])
-			results.append("%s%d\n" % (columnA, count))
-
-		results.append("\n")
-		columnA = "#define SECINITSID_NUM "
-		columnA += "".join([" " for i in range(width - len(columnA))])
-		results.append("%s%d\n" % (columnA, count))
-
-		results.append("\n")
-		results.append("#endif\n")
-		return results
-
-
-
-	def createInitialSidToStringH(self, mode = USERSPACE):
-		'''
-		'''
-		results = []
-		results.append(self.autogen)
-		results.append("static char *initial_sid_to_string[] =\n")
-		results.append("{\n")
-		results.append("    \"null\",\n")
-		for s in self.sids:
-			results.append("    \"%s\",\n" % s)
-		results.append("};\n")
-		results.append("\n")
-
-		return results
-
-def usage():
-	'''
-	Returns the usage string.
-	'''
-	usage  = 'Usage: %s -a ACCESS_VECTORS -i INITIAL_SIDS -s SECURITY_CLASSES -o OUTPUT_DIRECTORY -k|-u [-w]\n' % os.path.basename(sys.argv[0])
-	usage += '\n'
-	usage += ' -a --access_vectors\taccess vector definitions\n'
-	usage += ' -i --initial_sids\tinitial sid definitions\n'
-	usage += ' -s --security_classes\tsecurity class definitions\n'
-	usage += ' -o --output\toutput directory for generated files\n'
-	usage += ' -k --kernel\toutput mode set to kernel (kernel headers contain empty blocks for all classes specified with # userspace in the security_classes file)\n'
-	usage += ' -u --user\toutput mode set to userspace\n'
-	usage += ' -w --nowarnings\tsupresses output of warning messages\n'
-	return usage
-
-########## MAIN ##########
-if __name__ == '__main__':
-	
-	# Parse command line args
-	try:
-		opts, args = getopt.getopt(sys.argv[1:], 'a:i:s:o:kuwh', ['access_vectors=', 'initial_sids=', 'security_classes=', 'output=', 'kernel', 'user', 'nowarnings', 'help'])
-	except getopt.GetoptError:
-		print(usage())
-		sys.exit(2)
-	
-	avec = None
-	isid = None
-	secc = None
-	outd = None
-	mode = None
-	warn = True
-	for o, a in opts:
-		if o in ('-h', '--help'):
-			print(usage())
-			sys.exit(0)
-		elif o in ('-a', '--access_vectors'):
-			avec = a
-		elif o in ('-i', '--initial_sids'):
-			isid = a
-		elif o in ('-s', '--security_classes'):
-			secc = a
-		elif o in ('-o', '--output'):
-			outd = a
-		elif o in ('-k', '--kernel'):
-			if mode != None:
-				print(usage())
-				sys.exit(2)
-			mode = Flask.KERNEL
-		elif o in ('-u', '--user'):
-			if mode != None:
-				print(usage())
-				sys.exit(2)
-			mode = Flask.USERSPACE
-		elif o in ('-w', '--nowarnings'):
-			warn = False
-		else:
-			print(usage())
-			sys.exit(2)
-
-	if avec == None or \
-	   isid == None or \
-	   secc == None or \
-	   outd == None:
-		   print(usage())
-		   sys.exit(2)
-
-	try:
-		f = Flask(warn)
-		f.parseSids(isid)
-		f.parseClasses(secc)
-		f.parseVectors(avec)
-		f.createHeaders(outd, mode)
-	except Exception, e:
-		print(e)
-		sys.exit(2)