ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/utils/selinux-python/Makefile b/external/subpack/utils/selinux-python/Makefile
new file mode 100644
index 0000000..ababbae
--- /dev/null
+++ b/external/subpack/utils/selinux-python/Makefile
@@ -0,0 +1,289 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=selinux-python
+PKG_VERSION:=3.5
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
+PKG_HASH:=8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b
+
+PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+PYTHON3_PKG_BUILD:=0
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/python/python3-package.mk
+
+#
+# common definitions
+#
+
+define Package/selinux-python/Default
+ URL:=http://selinuxproject.org/page/Main_Page
+ DEPENDS:=+python3-light
+endef
+
+define Package/selinux-python/Default/python
+$(call Package/selinux-python/Default)
+ SUBMENU:=Python
+ SECTION:=lang
+ CATEGORY:=Languages
+endef
+
+define Package/selinux-python/Default/util
+$(call Package/selinux-python/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=SELinux management utility
+endef
+
+define Package/selinux-python/Default/description
+A set of SELinux tools written in Python that help with managing a
+system with SELinux enabled.
+endef
+
+MAKE_VARS = \
+ $(PYTHON3_VARS) \
+ $(HOST_PYTHON3_PIP_VARS) \
+ PYTHON_SETUP_ARGS=--no-compile
+
+define Build/Compile
+ $(call Build/Compile/Default,all)
+endef
+
+#
+# python3-seobject
+#
+
+define Package/python3-seobject
+$(call Package/selinux-python/Default/python)
+ TITLE:=SELinux seobject library
+ DEPENDS+= +python3-selinux +python3-semanage +python3-sepolicy +python3-setools
+endef
+
+define Package/python3-seobject/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the seobject library.
+endef
+
+define Py3Package/python3-seobject/filespec
++|$(PYTHON3_PKG_DIR)/seobject.py
+endef
+
+Py3Package/python3-seobject/install:=:
+
+#
+# python3-sepolgen
+#
+
+define Package/python3-sepolgen
+$(call Package/selinux-python/Default/python)
+ TITLE:=SELinux policy generation library
+ DEPENDS+= +python3-selinux
+endef
+
+define Package/python3-sepolgen/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the SELinux policy generation Python library.
+endef
+
+define Package/python3-sepolgen/conffiles
+/etc/sepolgen/
+endef
+
+define Py3Package/python3-sepolgen/filespec
++|$(PYTHON3_PKG_DIR)/sepolgen
+endef
+
+define Py3Package/python3-sepolgen/install
+ $(INSTALL_DIR) $(1)/etc/sepolgen
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/var/lib/sepolgen/perm_map $(1)/etc/sepolgen/
+endef
+
+#
+# python3-sepolicy
+#
+
+define Package/python3-sepolicy
+$(call Package/selinux-python/Default/python)
+ TITLE:=SELinux Policy Analyses binding
+ DEPENDS+= +python3-selinux +python3-sepolgen +python3-xml +python3-setools
+endef
+
+define Package/python3-sepolicy/description
+$(call Package/selinux-python/Default/description)
+
+This package contains a Python binding for SELinux Policy Analyses.
+endef
+
+define Py3Package/python3-sepolicy/filespec
++|$(PYTHON3_PKG_DIR)/sepolicy
+-|$(PYTHON3_PKG_DIR)/sepolicy/gui.py
+-|$(PYTHON3_PKG_DIR)/sepolicy/sedbus.py
++|$(PYTHON3_PKG_DIR)/sepolicy-$(PKG_VERSION).dist-info
+endef
+
+Py3Package/python3-sepolicy/install:=:
+
+#
+# selinux-audit2allow
+#
+
+define Package/selinux-audit2allow
+$(call Package/selinux-python/Default/util)
+ TITLE+= audit2allow
+ DEPENDS+= +python3-selinux +python3-sepolgen
+endef
+
+define Package/selinux-audit2allow/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the audit2allow and audit2why tools.
+endef
+
+define Package/selinux-audit2allow/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/audit2allow $(1)/usr/bin/
+ $(LN) audit2allow $(1)/usr/bin/audit2why
+endef
+
+#
+# selinux-chchat
+#
+
+define Package/selinux-chcat
+$(call Package/selinux-python/Default/util)
+ TITLE+= chcat
+ DEPENDS+= +python3-selinux +python3-seobject +selinux-semanage
+endef
+
+define Package/selinux-chcat/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the chcat tool.
+endef
+
+define Package/selinux-chcat/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/chcat $(1)/usr/bin/
+endef
+
+#
+# selinux-python
+#
+
+define Package/selinux-python
+$(call Package/selinux-python/Default/util)
+ TITLE+= meta-package
+ DEPENDS:= \
+ +selinux-audit2allow \
+ +selinux-chcat \
+ +selinux-semanage \
+ +selinux-sepolgen-ifgen \
+ +selinux-sepolicy
+endef
+
+define Package/selinux-python/description
+$(call Package/selinux-python/Default/description)
+
+This is a meta-package that installs all of the SELinux management
+utilities.
+endef
+
+Package/selinux-python/install:=:
+
+#
+# selinux-semanage
+#
+
+define Package/selinux-semanage
+$(call Package/selinux-python/Default/util)
+ TITLE+= semanage
+ DEPENDS+= +python3-seobject
+endef
+
+define Package/selinux-semanage/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the semanage tool.
+endef
+
+define Package/selinux-semanage/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/semanage $(1)/usr/sbin/
+endef
+
+#
+# selinux-sepolgen-ifgen
+#
+
+define Package/selinux-sepolgen-ifgen
+$(call Package/selinux-python/Default/util)
+ TITLE+= sepolgen-ifgen
+ DEPENDS+= +python3-selinux +python3-sepolgen +libselinux
+endef
+
+define Package/selinux-sepolgen-iften/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the sepolgen-ifgen tool.
+endef
+
+define Package/selinux-sepolgen-ifgen/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen-attr-helper $(1)/usr/bin/
+endef
+
+#
+# selinux-sepolicy
+#
+
+define Package/selinux-sepolicy
+$(call Package/selinux-python/Default/util)
+ TITLE+= sepolicy
+ DEPENDS+= +python3-multiprocessing +python3-selinux +python3-sepolicy
+endef
+
+define Package/selinux-sepolicy/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the sepolicy and sepolgen tools.
+endef
+
+define Package/selinux-sepolicy/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolicy $(1)/usr/bin/
+ $(LN) sepolicy $(1)/usr/bin/sepolgen
+endef
+
+$(eval $(call Py3Package,python3-seobject))
+$(eval $(call Py3Package,python3-sepolgen))
+$(eval $(call Py3Package,python3-sepolicy))
+
+$(eval $(call BuildPackage,python3-seobject))
+$(eval $(call BuildPackage,python3-sepolgen))
+$(eval $(call BuildPackage,python3-sepolicy))
+
+$(eval $(call BuildPackage,python3-seobject-src))
+$(eval $(call BuildPackage,python3-sepolgen-src))
+$(eval $(call BuildPackage,python3-sepolicy-src))
+
+$(eval $(call BuildPackage,selinux-audit2allow))
+$(eval $(call BuildPackage,selinux-chcat))
+$(eval $(call BuildPackage,selinux-python))
+$(eval $(call BuildPackage,selinux-semanage))
+$(eval $(call BuildPackage,selinux-sepolgen-ifgen))
+$(eval $(call BuildPackage,selinux-sepolicy))
diff --git a/external/subpack/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch b/external/subpack/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
new file mode 100644
index 0000000..5b866f1
--- /dev/null
+++ b/external/subpack/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
@@ -0,0 +1,23 @@
+From 4dfa91b1377b6dc57e66443ea1a08c6d79a3a6e2 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Wed, 2 Oct 2019 12:04:24 +0200
+Subject: [PATCH] sepolgen: adjust data_dir()
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+(changed data_dir prefix from /usr/share to /etc)
+Signed-off-by: Jeffery To <jeffery.to@gmail.com>
+---
+ sepolgen/src/sepolgen/defaults.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sepolgen/src/sepolgen/defaults.py
++++ b/sepolgen/src/sepolgen/defaults.py
+@@ -57,7 +57,7 @@ Various default settings, including file
+ """
+
+ def data_dir():
+- return "/var/lib/sepolgen"
++ return "/etc/sepolgen"
+
+ def perm_map():
+ return data_dir() + "/perm_map"
diff --git a/external/subpack/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch b/external/subpack/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch
new file mode 100644
index 0000000..426781b
--- /dev/null
+++ b/external/subpack/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch
@@ -0,0 +1,33 @@
+From a8a7f8fb5cfe95f28cd5f7ff4b4679ca122fe410 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Wed, 2 Oct 2019 13:38:18 +0200
+Subject: [PATCH] sepolgen: don't hardcode search for ausearch in /sbin
+
+ausearch may be installed in another location, just rely on PATH to
+find ausearch.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ sepolgen/src/sepolgen/audit.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sepolgen/src/sepolgen/audit.py
++++ b/sepolgen/src/sepolgen/audit.py
+@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
+ s = time.localtime(time.time() - off)
+ bootdate = time.strftime("%x", s)
+ boottime = time.strftime("%X", s)
+- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+ stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
+@@ -56,7 +56,7 @@ def get_audit_msgs():
+ string contain all of the audit messages returned by ausearch.
+ """
+ import subprocess
+- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
+ stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
diff --git a/external/subpack/utils/selinux-python/patches/0003-sepolicy-no-gui.patch b/external/subpack/utils/selinux-python/patches/0003-sepolicy-no-gui.patch
new file mode 100644
index 0000000..a822d4c
--- /dev/null
+++ b/external/subpack/utils/selinux-python/patches/0003-sepolicy-no-gui.patch
@@ -0,0 +1,23 @@
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -685,7 +685,6 @@ if __name__ == '__main__':
+ gen_booleans_args(subparsers)
+ gen_communicate_args(subparsers)
+ gen_generate_args(subparsers)
+- gen_gui_args(subparsers)
+ gen_interface_args(subparsers)
+ gen_manpage_args(subparsers)
+ gen_network_args(subparsers)
+--- a/sepolicy/setup.py
++++ b/sepolicy/setup.py
+@@ -13,10 +13,5 @@ setup(
+ packages=[
+ "sepolicy",
+ "sepolicy.templates",
+- "sepolicy.help"
+ ],
+- package_data={
+- 'sepolicy': ['*.glade'],
+- 'sepolicy.help': ['*.txt', '*.png']
+- }
+ )
diff --git a/external/subpack/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch b/external/subpack/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch
new file mode 100644
index 0000000..f035846
--- /dev/null
+++ b/external/subpack/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch
@@ -0,0 +1,39 @@
+commit 80ba6c49dec9c2c48775e70a4d4564ba5e59eea1
+Author: Jeffery To <jeffery.to@gmail.com>
+Date: Mon Jun 19 14:15:45 2023 +0800
+
+ python/sepolicy: Fix get_os_version except clause
+
+ This adds more exceptions to be handled by the except clause in
+ `get_os_version()`:
+
+ * If the `distro` package is not installed, then `import distro` raises
+ a `ModuleNotFoundError` exception.
+
+ * The distro documentation[1] lists `OSError` and `UnicodeError` as
+ exceptions that can be raised.
+
+ * Older versions of distro (<= 1.6.0) may also raise
+ `subprocessCalledProcessError`[2].
+
+ [1]: https://github.com/python-distro/distro/blob/v1.8.0/src/distro/distro.py#L749-L753
+ [2]: https://github.com/python-distro/distro/blob/v1.6.0/distro.py#L726-L728
+
+ Signed-off-by: Jeffery To <jeffery.to@gmail.com>
+
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -1240,11 +1240,12 @@ def boolean_desc(boolean):
+
+
+ def get_os_version():
++ import subprocess
+ system_release = ""
+ try:
+ import distro
+ system_release = distro.name(pretty=True)
+- except IOError:
++ except (ModuleNotFoundError, OSError, IOError, UnicodeError, subprocess.CalledProcessError):
+ system_release = "Misc"
+
+ return system_release
diff --git a/external/subpack/utils/selinux-python/patches/0005-no-translations.patch b/external/subpack/utils/selinux-python/patches/0005-no-translations.patch
new file mode 100644
index 0000000..9b1cb8c
--- /dev/null
+++ b/external/subpack/utils/selinux-python/patches/0005-no-translations.patch
@@ -0,0 +1,8 @@
+--- a/Makefile
++++ b/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
++SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
+
+ all install relabel clean indent test:
+ @for subdir in $(SUBDIRS); do \