Tree - source-git/policycoreutils

source-git / policycoreutils

Blame python/audit2allow/sepolgen-ifgen

Blob History Raw

Packit Service	9fb14c	`#!/usr/bin/python3 -Es`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# Copyright (C) 2006 Red Hat`
Packit Service	9fb14c	`# see file 'COPYING' for use and warranty information`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# This program is free software; you can redistribute it and/or`
Packit Service	9fb14c	`# modify it under the terms of the GNU General Public License as`
Packit Service	9fb14c	`# published by the Free Software Foundation; version 2 only`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# This program is distributed in the hope that it will be useful,`
Packit Service	9fb14c	`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
Packit Service	9fb14c	`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Packit Service	9fb14c	`# GNU General Public License for more details.`
Packit Service	9fb14c	`#`
Packit Service	9fb14c	`# You should have received a copy of the GNU General Public License`
Packit Service	9fb14c	`# along with this program; if not, write to the Free Software`
Packit Service	9fb14c	`# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`
Packit Service	9fb14c	`#`
Packit Service	9fb14c
Packit Service	9fb14c	`# Parse interfaces and output extracted information about them`
Packit Service	9fb14c	`# suitable for policy generation. By default writes the output`
Packit Service	9fb14c	`# to the default location (obtained from sepolgen.defaults), but`
Packit Service	9fb14c	`# will output to another file provided as an argument:`
Packit Service	9fb14c	`# sepolgen-ifgen [headers] [output-filename]`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`import sys`
Packit Service	9fb14c	`import os`
Packit Service	9fb14c	`import tempfile`
Packit Service	9fb14c	`import subprocess`
Packit Service	9fb14c
Packit Service	9fb14c	`import selinux`
Packit Service	9fb14c
Packit Service	9fb14c	`import sepolgen.refparser as refparser`
Packit Service	9fb14c	`import sepolgen.defaults as defaults`
Packit Service	9fb14c	`import sepolgen.interfaces as interfaces`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`VERSION = "%prog .1"`
Packit Service	9fb14c	`ATTR_HELPER = "/usr/bin/sepolgen-ifgen-attr-helper"`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`def parse_options():`
Packit Service	9fb14c	`from optparse import OptionParser`
Packit Service	9fb14c
Packit Service	9fb14c	`parser = OptionParser(version=VERSION)`
Packit Service	9fb14c	`parser.add_option("-o", "--output", dest="output", default=defaults.interface_info(),`
Packit Service	9fb14c	`help="filename to store output")`
Packit Service	9fb14c	`parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),`
Packit Service	9fb14c	`help="location of the interface header files")`
Packit Service	9fb14c	`parser.add_option("-a", "--attribute_info", dest="attribute_info")`
Packit Service	9fb14c	`parser.add_option("-p", "--policy", dest="policy_path")`
Packit Service	9fb14c	`parser.add_option("-v", "--verbose", action="store_true", default=False,`
Packit Service	9fb14c	`help="print debuging output")`
Packit Service	9fb14c	`parser.add_option("-d", "--debug", action="store_true", default=False,`
Packit Service	9fb14c	`help="extra debugging output")`
Packit Service	9fb14c	`parser.add_option("--attr-helper", default=ATTR_HELPER,`
Packit Service	9fb14c	`help="path to sepolgen-ifgen-attr-helper")`
Packit Service	9fb14c	`parser.add_option("--no_attrs", action="store_true", default=False,`
Packit Service	9fb14c	`help="do not retrieve attribute access from kernel policy")`
Packit Service	9fb14c	`options, args = parser.parse_args()`
Packit Service	9fb14c
Packit Service	9fb14c	`return options`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`def get_policy():`
Packit Service	9fb14c	`p = selinux.selinux_current_policy_path()`
Packit Service	9fb14c	`if p and os.path.exists(p):`
Packit Service	9fb14c	`return p`
Packit Service	9fb14c	`i = selinux.security_policyvers()`
Packit Service	9fb14c	`p = selinux.selinux_binary_policy_path() + "." + str(i)`
Packit Service	9fb14c	`while i > 0 and not os.path.exists(p):`
Packit Service	9fb14c	`i = i - 1`
Packit Service	9fb14c	`p = selinux.selinux_binary_policy_path() + "." + str(i)`
Packit Service	9fb14c	`if i > 0:`
Packit Service	9fb14c	`return p`
Packit Service	9fb14c	`return None`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`def get_attrs(policy_path, attr_helper):`
Packit Service	9fb14c	`try:`
Packit Service	9fb14c	`if not policy_path:`
Packit Service	9fb14c	`policy_path = get_policy()`
Packit Service	9fb14c	`if not policy_path:`
Packit Service	9fb14c	`sys.stderr.write("No installed policy to check\n")`
Packit Service	9fb14c	`return None`
Packit Service	9fb14c	`outfile = tempfile.NamedTemporaryFile()`
Packit Service	9fb14c	`except IOError as e:`
Packit Service	9fb14c	`sys.stderr.write("could not open attribute output file\n")`
Packit Service	9fb14c	`return None`
Packit Service	9fb14c	`except OSError:`
Packit Service	9fb14c	`# SELinux Disabled Machine`
Packit Service	9fb14c	`return None`
Packit Service	9fb14c
Packit Service	9fb14c	`fd = open("/dev/null", "w")`
Packit Service	9fb14c	`ret = subprocess.Popen([attr_helper, policy_path, outfile.name], stdout=fd).wait()`
Packit Service	9fb14c	`fd.close()`
Packit Service	9fb14c	`if ret != 0:`
Packit Service	9fb14c	`sys.stderr.write("could not run attribute helper\n")`
Packit Service	9fb14c	`return None`
Packit Service	9fb14c
Packit Service	9fb14c	`attrs = interfaces.AttributeSet()`
Packit Service	9fb14c	`try:`
Packit Service	9fb14c	`attrs.from_file(outfile)`
Packit Service	9fb14c	`except:`
Packit Service	9fb14c	`print("error parsing attribute info")`
Packit Service	9fb14c	`return None`
Packit Service	9fb14c
Packit Service	9fb14c	`return attrs`
Packit Service	9fb14c
Packit Service	9fb14c
Packit Service	9fb14c	`def main():`
Packit Service	9fb14c	`options = parse_options()`
Packit Service	9fb14c
Packit Service	9fb14c	`# Open the output first to generate errors before parsing`
Packit Service	9fb14c	`try:`
Packit Service	9fb14c	`f = open(options.output, "w")`
Packit Service	9fb14c	`except IOError as e:`
Packit Service	9fb14c	`sys.stderr.write("could not open output file [%s]\n" % options.output)`
Packit Service	9fb14c	`return 1`
Packit Service	9fb14c
Packit Service	9fb14c	`if options.verbose:`
Packit Service	9fb14c	`log = sys.stdout`
Packit Service	9fb14c	`else:`
Packit Service	9fb14c	`log = None`
Packit Service	9fb14c
Packit Service	9fb14c	`# Get the attibutes from the binary`
Packit Service	9fb14c	`attrs = None`
Packit Service	9fb14c	`if not options.no_attrs:`
Packit Service	9fb14c	`attrs = get_attrs(options.policy_path, options.attr_helper)`
Packit Service	9fb14c	`if attrs is None:`
Packit Service	9fb14c	`return 1`
Packit Service	9fb14c
Packit Service	9fb14c	`# Parse the headers`
Packit Service	9fb14c	`try:`
Packit Service	9fb14c	`headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)`
Packit Service	9fb14c	`except ValueError as e:`
Packit Service	9fb14c	`sys.stderr.write("error parsing headers: %s\n" % e)`
Packit Service	9fb14c	`return 1`
Packit Service	9fb14c
Packit Service	9fb14c	`if_set = interfaces.InterfaceSet(output=log)`
Packit Service	9fb14c	`if_set.add_headers(headers, attributes=attrs)`
Packit Service	9fb14c	`if_set.to_file(f)`
Packit Service	9fb14c	`f.close()`
Packit Service	9fb14c
Packit Service	9fb14c	`if refparser.success:`
Packit Service	9fb14c	`return 0`
Packit Service	9fb14c	`else:`
Packit Service	9fb14c	`return 1`
Packit Service	9fb14c
Packit Service	9fb14c	`if __name__ == "__main__":`
Packit Service	9fb14c	`sys.exit(main())`

source-git / policycoreutils

Source Code

Blame python/audit2allow/sepolgen-ifgen