Attachment #735475 for bug #809038

View | Details | Raw Unified | Return to bug 809038
Collapse All | Expand All




from semanage import *
PROGNAME = "policycoreutils"
import sepolicy
from setools.policyrep import SELinuxPolicy
from setools.typequery import TypeQuery
import ipaddress

try:

    def __init__(self, args = None):
        semanageRecords.__init__(self, args)
        try:
            q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
            self.valid_types = sorted(str(t) for t in q.results())
        except:
            pass

    def __init__(self, args = None):
        semanageRecords.__init__(self, args)
        try:
            q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
            self.valid_types = set(str(t) for t in q.results())
        except:
            pass





import errno
import selinux
import setools
import glob
import sepolgen.defaults as defaults
import sepolgen.interfaces as interfaces

import re
import gzip

from setools.boolquery import BoolQuery
from setools.portconquery import PortconQuery
from setools.policyrep import SELinuxPolicy
from setools.objclassquery import ObjClassQuery
from setools.rbacrulequery import RBACRuleQuery
from setools.rolequery import RoleQuery
from setools.terulequery import TERuleQuery
from setools.typeattrquery import TypeAttributeQuery
from setools.typequery import TypeQuery
from setools.userquery import UserQuery

PROGNAME = "policycoreutils"
try:
    import gettext

    global _pol

    try:
        _pol = SELinuxPolicy(policy_file)
    except:
        raise ValueError(_("Failed to read %s policy file") % policy_file)


        init_policy()

    if setype == TYPE:
        q = TypeQuery(_pol)
        q.name = name
        results = list(q.results())


        } for x in results)

    elif setype == ROLE:
        q = RoleQuery(_pol)
        if name:
            q.name = name


        } for x in q.results())

    elif setype == ATTRIBUTE:
        q = TypeAttributeQuery(_pol)
        if name:
            q.name = name


        } for x in q.results())

    elif setype == PORT:
        q = PortconQuery(_pol)
        if name:
            ports = [int(i) for i in name.split("-")]
            if len(ports) == 2:

        } for x in q.results())

    elif setype == USER:
        q = UserQuery(_pol)
        if name:
            q.name = name


        } for x in q.results())

    elif setype == BOOLEAN:
        q = BoolQuery(_pol)
        if name:
            q.name = name


        } for x in q.results())

    elif setype == TCLASS:
        q = ObjClassQuery(_pol)
        if name:
            q.name = name


        tertypes.append(DONTAUDIT)

    if len(tertypes) > 0:
        q = TERuleQuery(_pol,
                        ruletype=tertypes,
                        source=source,
                        target=target,
                        tclass=tclass)

        if PERMS in seinfo:
            q.perms = seinfo[PERMS]


    if TRANSITION in types:
        rtypes = ['type_transition', 'type_change', 'type_member']
        q = TERuleQuery(_pol,
                        ruletype=rtypes,
                        source=source,
                        target=target,
                        tclass=tclass)

        if PERMS in seinfo:
            q.perms = seinfo[PERMS]


    if ROLE_ALLOW in types:
        ratypes = ['allow']
        q = RBACRuleQuery(_pol,
                          ruletype=ratypes,
                          source=source,
                          target=target,
                          tclass=tclass)

        for r in q.results():
            toret.append({'source': str(r.source),



def get_entrypoint_types(setype):
    q = TERuleQuery(_pol,
                    ruletype=[ALLOW],
                    source=setype,
                    tclass=["file"],
                    perms=["entrypoint"])
    return [str(x.target) for x in q.results() if x.source == setype]





def get_init_entrypoint(transtype):
    q = TERuleQuery(_pol,
                    ruletype=["type_transition"],
                    source="init_t",
                    tclass=["process"])
    entrypoints = []
    for i in q.results():
        try:

    return entrypoints

def get_init_entrypoints_str():
    q = TERuleQuery(_pol,
                    ruletype=["type_transition"],
                    source="init_t",
                    tclass=["process"])
    entrypoints = {}
    for i in q.results():
        try:

        return role_allows
    role_allows = {}

    q = RBACRuleQuery(_pol, ruletype=[ALLOW])
    for r in q.results():
        src = str(r.source)
        tgt = str(r.target)

    if not _pol:
        init_policy()

    q = RoleQuery(_pol)
    roles = [str(x) for x in q.results() if str(x) != "object_r"]
    return roles


Return to bug 809038

Lines 31-37 import socket Link Here

(-)a/python/semanage/seobject.py (-3 / +4 lines)
31	from semanage import *	31	from semanage import *
32	PROGNAME = "policycoreutils"	32	PROGNAME = "policycoreutils"
33	import sepolicy	33	import sepolicy
34	import setools	34	from setools.policyrep import SELinuxPolicy
		35	from setools.typequery import TypeQuery
35	import ipaddress	36	import ipaddress
36		37
37	try:	38	try:
Lines 1339-1345 class ibpkeyRecords(semanageRecords): Link Here
1339	def __init__(self, args = None):	1340	def __init__(self, args = None):
1340	semanageRecords.__init__(self, args)	1341	semanageRecords.__init__(self, args)
1341	try:	1342	try:
1342	q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])	1343	q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
1343	self.valid_types = sorted(str(t) for t in q.results())	1344	self.valid_types = sorted(str(t) for t in q.results())
1344	except:	1345	except:
1345	pass	1346	pass
Lines 1599-1605 class ibendportRecords(semanageRecords): Link Here
1599	def __init__(self, args = None):	1600	def __init__(self, args = None):
1600	semanageRecords.__init__(self, args)	1601	semanageRecords.__init__(self, args)
1601	try:	1602	try:
1602	q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])	1603	q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
1603	self.valid_types = set(str(t) for t in q.results())	1604	self.valid_types = set(str(t) for t in q.results())
1604	except:	1605	except:
1605	pass	1606	pass

Lines 4-10 Link Here

(-)a/python/sepolicy/sepolicy/__init__.py (-39 / +49 lines)
4		4
5	import errno	5	import errno
6	import selinux	6	import selinux
7	import setools
8	import glob	7	import glob
9	import sepolgen.defaults as defaults	8	import sepolgen.defaults as defaults
10	import sepolgen.interfaces as interfaces	9	import sepolgen.interfaces as interfaces
Lines 13-18 import os Link Here
13	import re	12	import re
14	import gzip	13	import gzip
15		14
		15	from setools.boolquery import BoolQuery
		16	from setools.portconquery import PortconQuery
		17	from setools.policyrep import SELinuxPolicy
		18	from setools.objclassquery import ObjClassQuery
		19	from setools.rbacrulequery import RBACRuleQuery
		20	from setools.rolequery import RoleQuery
		21	from setools.terulequery import TERuleQuery
		22	from setools.typeattrquery import TypeAttributeQuery
		23	from setools.typequery import TypeQuery
		24	from setools.userquery import UserQuery
		25
16	PROGNAME = "policycoreutils"	26	PROGNAME = "policycoreutils"
17	try:	27	try:
18	import gettext	28	import gettext
Lines 168-174 def policy(policy_file): Link Here
168	global _pol	178	global _pol
169		179
170	try:	180	try:
171	_pol = setools.SELinuxPolicy(policy_file)	181	_pol = SELinuxPolicy(policy_file)
172	except:	182	except:
173	raise ValueError(_("Failed to read %s policy file") % policy_file)	183	raise ValueError(_("Failed to read %s policy file") % policy_file)
174		184
Lines 188-194 def info(setype, name=None): Link Here
188	init_policy()	198	init_policy()
189		199
190	if setype == TYPE:	200	if setype == TYPE:
191	q = setools.TypeQuery(_pol)	201	q = TypeQuery(_pol)
192	q.name = name	202	q.name = name
193	results = list(q.results())	203	results = list(q.results())
194		204
Lines 206-212 def info(setype, name=None): Link Here
206	} for x in results)	216	} for x in results)
207		217
208	elif setype == ROLE:	218	elif setype == ROLE:
209	q = setools.RoleQuery(_pol)	219	q = RoleQuery(_pol)
210	if name:	220	if name:
211	q.name = name	221	q.name = name
212		222
Lines 217-223 def info(setype, name=None): Link Here
217	} for x in q.results())	227	} for x in q.results())
218		228
219	elif setype == ATTRIBUTE:	229	elif setype == ATTRIBUTE:
220	q = setools.TypeAttributeQuery(_pol)	230	q = TypeAttributeQuery(_pol)
221	if name:	231	if name:
222	q.name = name	232	q.name = name
223		233
Lines 227-233 def info(setype, name=None): Link Here
227	} for x in q.results())	237	} for x in q.results())
228		238
229	elif setype == PORT:	239	elif setype == PORT:
230	q = setools.PortconQuery(_pol)	240	q = PortconQuery(_pol)
231	if name:	241	if name:
232	ports = [int(i) for i in name.split("-")]	242	ports = [int(i) for i in name.split("-")]
233	if len(ports) == 2:	243	if len(ports) == 2:
Lines 251-257 def info(setype, name=None): Link Here
251	} for x in q.results())	261	} for x in q.results())
252		262
253	elif setype == USER:	263	elif setype == USER:
254	q = setools.UserQuery(_pol)	264	q = UserQuery(_pol)
255	if name:	265	if name:
256	q.name = name	266	q.name = name
257		267
Lines 268-274 def info(setype, name=None): Link Here
268	} for x in q.results())	278	} for x in q.results())
269		279
270	elif setype == BOOLEAN:	280	elif setype == BOOLEAN:
271	q = setools.BoolQuery(_pol)	281	q = BoolQuery(_pol)
272	if name:	282	if name:
273	q.name = name	283	q.name = name
274		284
Lines 278-284 def info(setype, name=None): Link Here
278	} for x in q.results())	288	} for x in q.results())
279		289
280	elif setype == TCLASS:	290	elif setype == TCLASS:
281	q = setools.ObjClassQuery(_pol)	291	q = ObjClassQuery(_pol)
282	if name:	292	if name:
283	q.name = name	293	q.name = name
284		294
Lines 372-382 def search(types, seinfo=None): Link Here
372	tertypes.append(DONTAUDIT)	382	tertypes.append(DONTAUDIT)
373		383
374	if len(tertypes) > 0:	384	if len(tertypes) > 0:
375	q = setools.TERuleQuery(_pol,	385	q = TERuleQuery(_pol,
376	ruletype=tertypes,	386	ruletype=tertypes,
377	source=source,	387	source=source,
378	target=target,	388	target=target,
379	tclass=tclass)	389	tclass=tclass)
380		390
381	if PERMS in seinfo:	391	if PERMS in seinfo:
382	q.perms = seinfo[PERMS]	392	q.perms = seinfo[PERMS]
Lines 385-395 def search(types, seinfo=None): Link Here
385		395
386	if TRANSITION in types:	396	if TRANSITION in types:
387	rtypes = ['type_transition', 'type_change', 'type_member']	397	rtypes = ['type_transition', 'type_change', 'type_member']
388	q = setools.TERuleQuery(_pol,	398	q = TERuleQuery(_pol,
389	ruletype=rtypes,	399	ruletype=rtypes,
390	source=source,	400	source=source,
391	target=target,	401	target=target,
392	tclass=tclass)	402	tclass=tclass)
393		403
394	if PERMS in seinfo:	404	if PERMS in seinfo:
395	q.perms = seinfo[PERMS]	405	q.perms = seinfo[PERMS]
Lines 398-408 def search(types, seinfo=None): Link Here
398		408
399	if ROLE_ALLOW in types:	409	if ROLE_ALLOW in types:
400	ratypes = ['allow']	410	ratypes = ['allow']
401	q = setools.RBACRuleQuery(_pol,	411	q = RBACRuleQuery(_pol,
402	ruletype=ratypes,	412	ruletype=ratypes,
403	source=source,	413	source=source,
404	target=target,	414	target=target,
405	tclass=tclass)	415	tclass=tclass)
406		416
407	for r in q.results():	417	for r in q.results():
408	toret.append({'source': str(r.source),	418	toret.append({'source': str(r.source),
Lines 720-730 def get_all_entrypoints(): Link Here
720		730
721		731
722	def get_entrypoint_types(setype):	732	def get_entrypoint_types(setype):
723	q = setools.TERuleQuery(_pol,	733	q = TERuleQuery(_pol,
724	ruletype=[ALLOW],	734	ruletype=[ALLOW],
725	source=setype,	735	source=setype,
726	tclass=["file"],	736	tclass=["file"],
727	perms=["entrypoint"])	737	perms=["entrypoint"])
728	return [str(x.target) for x in q.results() if x.source == setype]	738	return [str(x.target) for x in q.results() if x.source == setype]
729		739
730		740
Lines 739-748 def get_init_transtype(path): Link Here
739		749
740		750
741	def get_init_entrypoint(transtype):	751	def get_init_entrypoint(transtype):
742	q = setools.TERuleQuery(_pol,	752	q = TERuleQuery(_pol,
743	ruletype=["type_transition"],	753	ruletype=["type_transition"],
744	source="init_t",	754	source="init_t",
745	tclass=["process"])	755	tclass=["process"])
746	entrypoints = []	756	entrypoints = []
747	for i in q.results():	757	for i in q.results():
748	try:	758	try:
Lines 754-763 def get_init_entrypoint(transtype): Link Here
754	return entrypoints	764	return entrypoints
755		765
756	def get_init_entrypoints_str():	766	def get_init_entrypoints_str():
757	q = setools.TERuleQuery(_pol,	767	q = TERuleQuery(_pol,
758	ruletype=["type_transition"],	768	ruletype=["type_transition"],
759	source="init_t",	769	source="init_t",
760	tclass=["process"])	770	tclass=["process"])
761	entrypoints = {}	771	entrypoints = {}
762	for i in q.results():	772	for i in q.results():
763	try:	773	try:
Lines 837-843 def get_all_role_allows(): Link Here
837	return role_allows	847	return role_allows
838	role_allows = {}	848	role_allows = {}
839		849
840	q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])	850	q = RBACRuleQuery(_pol, ruletype=[ALLOW])
841	for r in q.results():	851	for r in q.results():
842	src = str(r.source)	852	src = str(r.source)
843	tgt = str(r.target)	853	tgt = str(r.target)
Lines 923-929 def get_all_roles(): Link Here
923	if not _pol:	933	if not _pol:
924	init_policy()	934	init_policy()
925		935
926	q = setools.RoleQuery(_pol)	936	q = RoleQuery(_pol)
927	roles = [str(x) for x in q.results() if str(x) != "object_r"]	937	roles = [str(x) for x in q.results() if str(x) != "object_r"]
928	return roles	938	return roles
929		939