1 #!/usr/bin/env python 2 from __future__ import print_function 3 4 import sys 5 import getopt 6 import semanage 7 8 9 usage = "\ 10 Choose one of the following tests:\n\ 11 -m for modules\n\ 12 -u for users\n\ 13 -U for add user (warning this will write!)\n\ 14 -s for seusers\n\ 15 -S for add seuser (warning this will write!)\n\ 16 -p for ports\n\ 17 -P for add port (warning this will write!)\n\ 18 -f for file contexts \n\ 19 -F for add file context (warning this will write!)\n\ 20 -i for network interfaces \n\ 21 -I for add network interface (warning this will write!)\n\ 22 -b for booleans \n\ 23 -B for add boolean (warning this will write!)\n\ 24 -c for aCtive booleans\n\ 25 -C for set aCtive boolean (warning this will write!)\n\n\ 26 -n for network nodes\n\ 27 -N for add node (warning this will write!)\n\n\ 28 Other options:\n\ 29 -h for this help\n\ 30 -v for verbose output\ 31 " 32 33 34 class Usage(Exception): 35 def __init__(self, msg): 36 Exception.__init__(self) 37 self.msg = msg 38 39 40 class Status(Exception): 41 def __init__(self, msg): 42 Exception.__init__(self) 43 self.msg = msg 44 45 46 class Error(Exception): 47 def __init__(self, msg): 48 Exception.__init__(self) 49 self.msg = msg 50 51 52 class Tests: 53 def __init__(self): 54 self.all = False 55 self.users = False 56 self.writeuser = False 57 self.seusers = False 58 self.writeseuser = False 59 self.ports = False 60 self.writeport = False 61 self.fcontexts = False 62 self.writefcontext = False 63 self.interfaces = False 64 self.writeinterface = False 65 self.booleans = False 66 self.writeboolean = False 67 self.abooleans = False 68 self.writeaboolean = False 69 self.nodes = False 70 self.writenode = False 71 self.modules = False 72 self.verbose = False 73 74 def selected(self): 75 return ( 76 self.all or 77 self.users or 78 self.modules or 79 self.seusers or 80 self.ports or 81 self.fcontexts or 82 self.interfaces or 83 self.booleans or 84 self.abooleans or 85 self.writeuser or 86 self.writeseuser or 87 self.writeport or 88 self.writefcontext or 89 self.writeinterface or 90 self.writeboolean or 91 self.writeaboolean or 92 self.nodes or 93 self.writenode) 94 95 def run(self, handle): 96 if self.users or self.all: 97 self.test_users(handle) 98 print("") 99 if self.seusers or self.all: 100 self.test_seusers(handle) 101 print("") 102 if self.ports or self.all: 103 self.test_ports(handle) 104 print("") 105 if self.modules or self.all: 106 self.test_modules(handle) 107 print("") 108 if self.fcontexts or self.all: 109 self.test_fcontexts(handle) 110 print("") 111 if self.interfaces or self.all: 112 self.test_interfaces(handle) 113 print("") 114 if self.booleans or self.all: 115 self.test_booleans(handle) 116 print("") 117 if self.abooleans or self.all: 118 self.test_abooleans(handle) 119 print("") 120 if self.nodes or self.all: 121 self.test_nodes(handle) 122 print("") 123 if self.writeuser or self.all: 124 self.test_writeuser(handle) 125 print("") 126 if self.writeseuser or self.all: 127 self.test_writeseuser(handle) 128 print("") 129 if self.writeport or self.all: 130 self.test_writeport(handle) 131 print("") 132 if self.writefcontext or self.all: 133 self.test_writefcontext(handle) 134 print("") 135 if self.writeinterface or self.all: 136 self.test_writeinterface(handle) 137 print("") 138 if self.writeboolean or self.all: 139 self.test_writeboolean(handle) 140 print("") 141 if self.writeaboolean or self.all: 142 self.test_writeaboolean(handle) 143 print("") 144 if self.writenode or self.all: 145 self.test_writenode(handle) 146 print("") 147 148 def test_modules(self, sh): 149 print("Testing modules...") 150 151 (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) 152 153 print("Transaction number: %s" % trans_cnt) 154 print("Module list size: %s" % mlist_size) 155 if self.verbose: 156 print("List reference: %s" % mlist) 157 158 if mlist_size == 0: 159 print("No modules installed!") 160 print("This is not necessarily a test failure.") 161 return 162 for idx in range(mlist_size): 163 module = semanage.semanage_module_list_nth(mlist, idx) 164 if self.verbose: 165 print("Module reference: %s" % module) 166 print("Module name: %s" % semanage.semanage_module_get_name(module)) 167 168 def test_seusers(self, sh): 169 print("Testing seusers...") 170 171 (status, slist) = semanage.semanage_seuser_list(sh) 172 if status < 0: 173 raise Error("Could not list seusers") 174 print("Query status (commit number): %s" % status) 175 176 if len(slist) == 0: 177 print("No seusers found!") 178 print("This is not necessarily a test failure.") 179 return 180 for seuser in slist: 181 if self.verbose: 182 print("seseuser reference: %s" % seuser) 183 print("seuser name: %s" % semanage.semanage_seuser_get_name(seuser)) 184 print(" seuser mls range: %s" % semanage.semanage_seuser_get_mlsrange(seuser)) 185 print(" seuser sename: %s" % semanage.semanage_seuser_get_sename(seuser)) 186 semanage.semanage_seuser_free(seuser) 187 188 def test_users(self, sh): 189 print("Testing users...") 190 191 (status, ulist) = semanage.semanage_user_list(sh) 192 if status < 0: 193 raise Error("Could not list users") 194 print("Query status (commit number): %s" % status) 195 196 if len(ulist) == 0: 197 print("No users found!") 198 print("This is not necessarily a test failure.") 199 return 200 for user in ulist: 201 if self.verbose: 202 print("User reference: %s" % user) 203 print("User name: %s" % semanage.semanage_user_get_name(user)) 204 print(" User labeling prefix: %s" % semanage.semanage_user_get_prefix(user)) 205 print(" User mls level: %s" % semanage.semanage_user_get_mlslevel(user)) 206 print(" User mls range: %s" % semanage.semanage_user_get_mlsrange(user)) 207 print(" User number of roles: %s" % semanage.semanage_user_get_num_roles(user)) 208 print(" User roles: ") 209 (status, rlist) = semanage.semanage_user_get_roles(sh, user) 210 if status < 0: 211 raise Error("Could not get user roles") 212 213 for role in rlist: 214 print(" %s" % role) 215 216 semanage.semanage_user_free(user) 217 218 def test_ports(self, sh): 219 print("Testing ports...") 220 221 (status, plist) = semanage.semanage_port_list(sh) 222 if status < 0: 223 raise Error("Could not list ports") 224 print("Query status (commit number): %s" % status) 225 226 if len(plist) == 0: 227 print("No ports found!") 228 print("This is not necessarily a test failure.") 229 return 230 for port in plist: 231 if self.verbose: 232 print("Port reference: %s" % port) 233 low = semanage.semanage_port_get_low(port) 234 high = semanage.semanage_port_get_high(port) 235 con = semanage.semanage_port_get_con(port) 236 proto = semanage.semanage_port_get_proto(port) 237 proto_str = semanage.semanage_port_get_proto_str(proto) 238 if low == high: 239 range_str = str(low) 240 else: 241 range_str = str(low) + "-" + str(high) 242 (rc, con_str) = semanage.semanage_context_to_string(sh, con) 243 if rc < 0: 244 con_str = "" 245 print("Port: %s %s Context: %s" % (range_str, proto_str, con_str)) 246 semanage.semanage_port_free(port) 247 248 def test_fcontexts(self, sh): 249 print("Testing file contexts...") 250 251 (status, flist) = semanage.semanage_fcontext_list(sh) 252 if status < 0: 253 raise Error("Could not list file contexts") 254 print("Query status (commit number): %s" % status) 255 256 if len(flist) == 0: 257 print("No file contexts found!") 258 print("This is not necessarily a test failure.") 259 return 260 for fcon in flist: 261 if self.verbose: 262 print("File Context reference: %s" % fcon) 263 expr = semanage.semanage_fcontext_get_expr(fcon) 264 type = semanage.semanage_fcontext_get_type(fcon) 265 type_str = semanage.semanage_fcontext_get_type_str(type) 266 con = semanage.semanage_fcontext_get_con(fcon) 267 if not con: 268 con_str = "<<none>>" 269 else: 270 (rc, con_str) = semanage.semanage_context_to_string(sh, con) 271 if rc < 0: 272 con_str = "" 273 print("File Expr: %s [%s] Context: %s" % (expr, type_str, con_str)) 274 semanage.semanage_fcontext_free(fcon) 275 276 def test_interfaces(self, sh): 277 print("Testing network interfaces...") 278 279 (status, ilist) = semanage.semanage_iface_list(sh) 280 if status < 0: 281 raise Error("Could not list interfaces") 282 print("Query status (commit number): %s" % status) 283 284 if len(ilist) == 0: 285 print("No network interfaces found!") 286 print("This is not necessarily a test failure.") 287 return 288 for iface in ilist: 289 if self.verbose: 290 print("Interface reference: %s" % iface) 291 name = semanage.semanage_iface_get_name(iface) 292 msg_con = semanage.semanage_iface_get_msgcon(iface) 293 if_con = semanage.semanage_iface_get_ifcon(iface) 294 (rc, msg_con_str) = semanage.semanage_context_to_string(sh, msg_con) 295 if rc < 0: 296 msg_con_str = "" 297 (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) 298 if rc < 0: 299 if_con_str = "" 300 print("Interface: %s Context: %s Message Context: %s" % (name, if_con_str, msg_con_str)) 301 semanage.semanage_iface_free(iface) 302 303 def test_booleans(self, sh): 304 print("Testing booleans...") 305 306 (status, blist) = semanage.semanage_bool_list(sh) 307 if status < 0: 308 raise Error("Could not list booleans") 309 print("Query status (commit number): %s" % status) 310 311 if len(blist) == 0: 312 print("No booleans found!") 313 print("This is not necessarily a test failure.") 314 return 315 for pbool in blist: 316 if self.verbose: 317 print("Boolean reference: %s" % pbool) 318 name = semanage.semanage_bool_get_name(pbool) 319 value = semanage.semanage_bool_get_value(pbool) 320 print("Boolean: %s Value: %s" % (name, value)) 321 semanage.semanage_bool_free(pbool) 322 323 def test_abooleans(self, sh): 324 print("Testing active booleans...") 325 326 (status, ablist) = semanage.semanage_bool_list_active(sh) 327 if status < 0: 328 raise Error("Could not list active booleans") 329 print("Query status (commit number): %s" % status) 330 331 if len(ablist) == 0: 332 print("No active booleans found!") 333 print("This is not necessarily a test failure.") 334 return 335 for abool in ablist: 336 if self.verbose: 337 print("Active boolean reference: %s" % abool) 338 name = semanage.semanage_bool_get_name(abool) 339 value = semanage.semanage_bool_get_value(abool) 340 print("Active Boolean: %s Value: %s" % (name, value)) 341 semanage.semanage_bool_free(abool) 342 343 def test_nodes(self, sh): 344 print("Testing network nodes...") 345 346 (status, nlist) = semanage.semanage_node_list(sh) 347 if status < 0: 348 raise Error("Could not list network nodes") 349 print("Query status (commit number): %s" % status) 350 351 if len(nlist) == 0: 352 print("No network nodes found!") 353 print("This is not necessarily a test failure.") 354 return 355 for node in nlist: 356 if self.verbose: 357 print("Network node reference: %s" % node) 358 359 (status, addr) = semanage.semanage_node_get_addr(sh, node) 360 if status < 0: 361 addr = "" 362 363 (status, mask) = semanage.semanage_node_get_mask(sh, node) 364 if status < 0: 365 mask = "" 366 367 proto = semanage.semanage_node_get_proto(node) 368 proto_str = semanage.semanage_node_get_proto_str(proto) 369 con = semanage.semanage_node_get_con(node) 370 371 (status, con_str) = semanage.semanage_context_to_string(sh, con) 372 if status < 0: 373 con_str = "" 374 375 print("Network Node: %s/%s (%s) Context: %s" % (addr, mask, proto_str, con_str)) 376 semanage.semanage_node_free(node) 377 378 def test_writeuser(self, sh): 379 print("Testing user write...") 380 381 (status, user) = semanage.semanage_user_create(sh) 382 if status < 0: 383 raise Error("Could not create user object") 384 if self.verbose: 385 print("User object created") 386 387 status = semanage.semanage_user_set_name(sh, user, "testPyUser") 388 if status < 0: 389 raise Error("Could not set user name") 390 if self.verbose: 391 print("User name set: %s" % semanage.semanage_user_get_name(user)) 392 393 status = semanage.semanage_user_add_role(sh, user, "user_r") 394 if status < 0: 395 raise Error("Could not add role") 396 397 status = semanage.semanage_user_set_prefix(sh, user, "user") 398 if status < 0: 399 raise Error("Could not set labeling prefix") 400 if self.verbose: 401 print("User prefix set: %s" % semanage.semanage_user_get_prefix(user)) 402 403 status = semanage.semanage_user_set_mlsrange(sh, user, "s0") 404 if status < 0: 405 raise Error("Could not set MLS range") 406 if self.verbose: 407 print("User mlsrange: %s" % semanage.semanage_user_get_mlsrange(user)) 408 409 status = semanage.semanage_user_set_mlslevel(sh, user, "s0") 410 if status < 0: 411 raise Error("Could not set MLS level") 412 if self.verbose: 413 print("User mlslevel: %s" % semanage.semanage_user_get_mlslevel(user)) 414 415 (status, key) = semanage.semanage_user_key_extract(sh, user) 416 if status < 0: 417 raise Error("Could not extract user key") 418 if self.verbose: 419 print("User key extracted: %s" % key) 420 421 (status, exists) = semanage.semanage_user_exists_local(sh, key) 422 if status < 0: 423 raise Error("Could not check if user exists") 424 if self.verbose: 425 print("Exists status (commit number): %s" % status) 426 427 if exists: 428 (status, old_user) = semanage.semanage_user_query_local(sh, key) 429 if status < 0: 430 raise Error("Could not query old user") 431 if self.verbose: 432 print("Query status (commit number): %s" % status) 433 434 print("Starting transaction..") 435 status = semanage.semanage_begin_transaction(sh) 436 if status < 0: 437 raise Error("Could not start semanage transaction") 438 439 status = semanage.semanage_user_modify_local(sh, key, user) 440 if status < 0: 441 raise Error("Could not modify user") 442 443 status = semanage.semanage_commit(sh) 444 if status < 0: 445 raise Error("Could not commit test transaction") 446 print("Commit status (transaction number): %s" % status) 447 448 status = semanage.semanage_begin_transaction(sh) 449 if status < 0: 450 raise Error("Could not start semanage transaction") 451 452 if not exists: 453 print("Removing user...") 454 status = semanage.semanage_user_del_local(sh, key) 455 if status < 0: 456 raise Error("Could not delete test user") 457 if self.verbose: 458 print("User delete: %s" % status) 459 else: 460 print("Resetting user...") 461 status = semanage.semanage_user_modify_local(sh, key, old_user) 462 if status < 0: 463 raise Error("Could not reset test user") 464 if self.verbose: 465 print("User modify: %s" % status) 466 467 status = semanage.semanage_commit(sh) 468 if status < 0: 469 raise Error("Could not commit reset transaction") 470 print("Commit status (transaction number): %s" % status) 471 472 semanage.semanage_user_key_free(key) 473 semanage.semanage_user_free(user) 474 if exists: 475 semanage.semanage_user_free(old_user) 476 477 def test_writeseuser(self, sh): 478 print("Testing seuser write...") 479 480 (status, seuser) = semanage.semanage_seuser_create(sh) 481 if status < 0: 482 raise Error("Could not create SEUser object") 483 if self.verbose: 484 print("SEUser object created.") 485 486 status = semanage.semanage_seuser_set_name(sh, seuser, "testPySEUser") 487 if status < 0: 488 raise Error("Could not set name") 489 if self.verbose: 490 print("SEUser name set: %s" % semanage.semanage_seuser_get_name(seuser)) 491 492 status = semanage.semanage_seuser_set_sename(sh, seuser, "root") 493 if status < 0: 494 raise Error("Could not set sename") 495 if self.verbose: 496 print("SEUser seuser: %s" % semanage.semanage_seuser_get_sename(seuser)) 497 498 status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") 499 if status < 0: 500 raise Error("Could not set MLS range") 501 if self.verbose: 502 print("SEUser mlsrange: %s" % semanage.semanage_seuser_get_mlsrange(seuser)) 503 504 (status, key) = semanage.semanage_seuser_key_extract(sh, seuser) 505 if status < 0: 506 raise Error("Could not extract SEUser key") 507 if self.verbose: 508 print("SEUser key extracted: %s" % key) 509 510 (status, exists) = semanage.semanage_seuser_exists_local(sh, key) 511 if status < 0: 512 raise Error("Could not check if SEUser exists") 513 if self.verbose: 514 print("Exists status (commit number): %s" % status) 515 516 if exists: 517 (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) 518 if status < 0: 519 raise Error("Could not query old SEUser") 520 if self.verbose: 521 print("Query status (commit number): %s" % status) 522 523 print("Starting transaction...") 524 status = semanage.semanage_begin_transaction(sh) 525 if status < 0: 526 raise Error("Could not start semanage transaction") 527 528 status = semanage.semanage_seuser_modify_local(sh, key, seuser) 529 if status < 0: 530 raise Error("Could not modify SEUser") 531 532 status = semanage.semanage_commit(sh) 533 if status < 0: 534 raise Error("Could not commit test transaction") 535 print("Commit status (transaction number): %s" % status) 536 537 status = semanage.semanage_begin_transaction(sh) 538 if status < 0: 539 raise Error("Could not start semanage transaction") 540 541 if not exists: 542 print("Removing seuser...") 543 status = semanage.semanage_seuser_del_local(sh, key) 544 if status < 0: 545 raise Error("Could not delete test SEUser") 546 if self.verbose: 547 print("Seuser delete: %s" % status) 548 else: 549 print("Resetting seuser...") 550 status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) 551 if status < 0: 552 raise Error("Could not reset test SEUser") 553 if self.verbose: 554 print("Seuser modify: %s" % status) 555 556 status = semanage.semanage_commit(sh) 557 if status < 0: 558 raise Error("Could not commit reset transaction") 559 print("Commit status (transaction number): %s" % status) 560 561 semanage.semanage_seuser_key_free(key) 562 semanage.semanage_seuser_free(seuser) 563 if exists: 564 semanage.semanage_seuser_free(old_seuser) 565 566 def test_writeport(self, sh): 567 print("Testing port write...") 568 569 (status, port) = semanage.semanage_port_create(sh) 570 if status < 0: 571 raise Error("Could not create SEPort object") 572 if self.verbose: 573 print("SEPort object created.") 574 575 semanage.semanage_port_set_range(port, 150, 200) 576 low = semanage.semanage_port_get_low(port) 577 high = semanage.semanage_port_get_high(port) 578 if self.verbose: 579 print("SEPort range set: %s-%s" % (low, high)) 580 581 semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP) 582 if self.verbose: 583 print("SEPort protocol set: %s" % semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP)) 584 585 (status, con) = semanage.semanage_context_create(sh) 586 if status < 0: 587 raise Error("Could not create SEContext object") 588 if self.verbose: 589 print("SEContext object created (for port).") 590 591 status = semanage.semanage_context_set_user(sh, con, "system_u") 592 if status < 0: 593 raise Error("Could not set context user") 594 if self.verbose: 595 print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 596 597 status = semanage.semanage_context_set_role(sh, con, "object_r") 598 if status < 0: 599 raise Error("Could not set context role") 600 if self.verbose: 601 print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 602 603 status = semanage.semanage_context_set_type(sh, con, "http_port_t") 604 if status < 0: 605 raise Error("Could not set context type") 606 if self.verbose: 607 print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 608 609 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 610 if status < 0: 611 raise Error("Could not set context MLS fields") 612 if self.verbose: 613 print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 614 615 status = semanage.semanage_port_set_con(sh, port, con) 616 if status < 0: 617 raise Error("Could not set SEPort context") 618 if self.verbose: 619 print("SEPort context set: %s" % con) 620 621 (status, key) = semanage.semanage_port_key_extract(sh, port) 622 if status < 0: 623 raise Error("Could not extract SEPort key") 624 if self.verbose: 625 print("SEPort key extracted: %s" % key) 626 627 (status, exists) = semanage.semanage_port_exists_local(sh, key) 628 if status < 0: 629 raise Error("Could not check if SEPort exists") 630 if self.verbose: 631 print("Exists status (commit number): %s" % status) 632 633 if exists: 634 (status, old_port) = semanage.semanage_port_query_local(sh, key) 635 if status < 0: 636 raise Error("Could not query old SEPort") 637 if self.verbose: 638 print("Query status (commit number): %s" % status) 639 640 print("Starting transaction...") 641 status = semanage.semanage_begin_transaction(sh) 642 if status < 0: 643 raise Error("Could not start semanage transaction") 644 645 status = semanage.semanage_port_modify_local(sh, key, port) 646 if status < 0: 647 raise Error("Could not modify SEPort") 648 649 status = semanage.semanage_commit(sh) 650 if status < 0: 651 raise Error("Could not commit test transaction") 652 print("Commit status (transaction number): %s" % status) 653 654 status = semanage.semanage_begin_transaction(sh) 655 if status < 0: 656 raise Error("Could not start semanage transaction") 657 658 if not exists: 659 print("Removing port range...") 660 status = semanage.semanage_port_del_local(sh, key) 661 if status < 0: 662 raise Error("Could not delete test SEPort") 663 if self.verbose: 664 print("Port range delete: %s" % status) 665 else: 666 print("Resetting port range...") 667 status = semanage.semanage_port_modify_local(sh, key, old_port) 668 if status < 0: 669 raise Error("Could not reset test SEPort") 670 if self.verbose: 671 print("Port range modify: %s" % status) 672 673 status = semanage.semanage_commit(sh) 674 if status < 0: 675 raise Error("Could not commit reset transaction") 676 print("Commit status (transaction number): %s" % status) 677 678 semanage.semanage_context_free(con) 679 semanage.semanage_port_key_free(key) 680 semanage.semanage_port_free(port) 681 if exists: 682 semanage.semanage_port_free(old_port) 683 684 def test_writefcontext(self, sh): 685 print("Testing file context write...") 686 687 (status, fcon) = semanage.semanage_fcontext_create(sh) 688 if status < 0: 689 raise Error("Could not create SEFcontext object") 690 if self.verbose: 691 print("SEFcontext object created.") 692 693 status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") 694 if status < 0: 695 raise Error("Could not set expression") 696 if self.verbose: 697 print("SEFContext expr set: %s" % semanage.semanage_fcontext_get_expr(fcon)) 698 699 semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) 700 if self.verbose: 701 ftype = semanage.semanage_fcontext_get_type(fcon) 702 print("SEFContext type set: %s" % semanage.semanage_fcontext_get_type_str(ftype)) 703 704 (status, con) = semanage.semanage_context_create(sh) 705 if status < 0: 706 raise Error("Could not create SEContext object") 707 if self.verbose: 708 print("SEContext object created (for file context).") 709 710 status = semanage.semanage_context_set_user(sh, con, "system_u") 711 if status < 0: 712 raise Error("Could not set context user") 713 if self.verbose: 714 print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 715 716 status = semanage.semanage_context_set_role(sh, con, "object_r") 717 if status < 0: 718 raise Error("Could not set context role") 719 if self.verbose: 720 print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 721 722 status = semanage.semanage_context_set_type(sh, con, "default_t") 723 if status < 0: 724 raise Error("Could not set context type") 725 if self.verbose: 726 print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 727 728 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 729 if status < 0: 730 raise Error("Could not set context MLS fields") 731 if self.verbose: 732 print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 733 734 status = semanage.semanage_fcontext_set_con(sh, fcon, con) 735 if status < 0: 736 raise Error("Could not set SEFcontext context") 737 if self.verbose: 738 print("SEFcontext context set: %s" % con) 739 740 (status, key) = semanage.semanage_fcontext_key_extract(sh, fcon) 741 if status < 0: 742 raise Error("Could not extract SEFcontext key") 743 if self.verbose: 744 print("SEFcontext key extracted: %s" % key) 745 746 (status, exists) = semanage.semanage_fcontext_exists_local(sh, key) 747 if status < 0: 748 raise Error("Could not check if SEFcontext exists") 749 750 if self.verbose: 751 print("Exists status (commit number): %s" % status) 752 if exists: 753 (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) 754 if status < 0: 755 raise Error("Could not query old SEFcontext") 756 if self.verbose: 757 print("Query status (commit number): %s" % status) 758 759 print("Starting transaction...") 760 status = semanage.semanage_begin_transaction(sh) 761 if status < 0: 762 raise Error("Could not start semanage transaction") 763 764 status = semanage.semanage_fcontext_modify_local(sh, key, fcon) 765 if status < 0: 766 raise Error("Could not modify SEFcontext") 767 768 status = semanage.semanage_commit(sh) 769 if status < 0: 770 raise Error("Could not commit test transaction") 771 print("Commit status (transaction number): %s" % status) 772 773 status = semanage.semanage_begin_transaction(sh) 774 if status < 0: 775 raise Error("Could not start semanage transaction") 776 777 if not exists: 778 print("Removing file context...") 779 status = semanage.semanage_fcontext_del_local(sh, key) 780 if status < 0: 781 raise Error("Could not delete test SEFcontext") 782 if self.verbose: 783 print("File context delete: %s" % status) 784 else: 785 print("Resetting file context...") 786 status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) 787 if status < 0: 788 raise Error("Could not reset test FContext") 789 if self.verbose: 790 print("File context modify: %s" % status) 791 792 status = semanage.semanage_commit(sh) 793 if status < 0: 794 raise Error("Could not commit reset transaction") 795 print("Commit status (transaction number): %s" % status) 796 797 semanage.semanage_context_free(con) 798 semanage.semanage_fcontext_key_free(key) 799 semanage.semanage_fcontext_free(fcon) 800 if exists: 801 semanage.semanage_fcontext_free(old_fcontext) 802 803 def test_writeinterface(self, sh): 804 print("Testing network interface write...") 805 806 (status, iface) = semanage.semanage_iface_create(sh) 807 if status < 0: 808 raise Error("Could not create SEIface object") 809 if self.verbose: 810 print("SEIface object created.") 811 812 status = semanage.semanage_iface_set_name(sh, iface, "test_iface") 813 if status < 0: 814 raise Error("Could not set SEIface name") 815 if self.verbose: 816 print("SEIface name set: %s" % semanage.semanage_iface_get_name(iface)) 817 818 (status, con) = semanage.semanage_context_create(sh) 819 if status < 0: 820 raise Error("Could not create SEContext object") 821 if self.verbose: 822 print("SEContext object created (for network interface)") 823 824 status = semanage.semanage_context_set_user(sh, con, "system_u") 825 if status < 0: 826 raise Error("Could not set interface context user") 827 if self.verbose: 828 print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 829 830 status = semanage.semanage_context_set_role(sh, con, "object_r") 831 if status < 0: 832 raise Error("Could not set interface context role") 833 if self.verbose: 834 print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 835 836 status = semanage.semanage_context_set_type(sh, con, "default_t") 837 if status < 0: 838 raise Error("Could not set interface context type") 839 if self.verbose: 840 print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 841 842 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 843 if status < 0: 844 raise Error("Could not set interface context MLS fields") 845 if self.verbose: 846 print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 847 848 status = semanage.semanage_iface_set_ifcon(sh, iface, con) 849 if status < 0: 850 raise Error("Could not set SEIface interface context") 851 if self.verbose: 852 print("SEIface interface context set: %s" % con) 853 854 status = semanage.semanage_iface_set_msgcon(sh, iface, con) 855 if status < 0: 856 raise Error("Could not set SEIface message context") 857 if self.verbose: 858 print("SEIface message context set: %s" % con) 859 860 (status, key) = semanage.semanage_iface_key_extract(sh, iface) 861 if status < 0: 862 raise Error("Could not extract SEIface key") 863 if self.verbose: 864 print("SEIface key extracted: %s" % key) 865 866 (status, exists) = semanage.semanage_iface_exists_local(sh, key) 867 if status < 0: 868 raise Error("Could not check if SEIface exists") 869 if self.verbose: 870 print("Exists status (commit number): %s" % status) 871 872 if exists: 873 (status, old_iface) = semanage.semanage_iface_query_local(sh, key) 874 if status < 0: 875 raise Error("Could not query old SEIface") 876 if self.verbose: 877 print("Query status (commit number): %s" % status) 878 879 print("Starting transaction...") 880 status = semanage.semanage_begin_transaction(sh) 881 if status < 0: 882 raise Error("Could not begin semanage transaction") 883 884 status = semanage.semanage_iface_modify_local(sh, key, iface) 885 if status < 0: 886 raise Error("Could not modify SEIface") 887 888 status = semanage.semanage_commit(sh) 889 if status < 0: 890 raise Error("Could not commit test transaction") 891 print("Commit status (transaction number): %s" % status) 892 893 status = semanage.semanage_begin_transaction(sh) 894 if status < 0: 895 raise Error("Could not begin semanage transaction") 896 897 if not exists: 898 print("Removing interface...") 899 status = semanage.semanage_iface_del_local(sh, key) 900 if status < 0: 901 raise Error("Could not delete test SEIface") 902 if self.verbose: 903 print("Interface delete: %s" % status) 904 else: 905 print("Resetting interface...") 906 status = semanage.semanage_iface_modify_local(sh, key, old_iface) 907 if status < 0: 908 raise Error("Could not reset test SEIface") 909 if self.verbose: 910 print("Interface modify: %s" % status) 911 912 status = semanage.semanage_commit(sh) 913 if status < 0: 914 raise Error("Could not commit reset transaction") 915 print("Commit status (transaction number): %s" % status) 916 917 semanage.semanage_context_free(con) 918 semanage.semanage_iface_key_free(key) 919 semanage.semanage_iface_free(iface) 920 if exists: 921 semanage.semanage_iface_free(old_iface) 922 923 def test_writeboolean(self, sh): 924 print("Testing boolean write...") 925 926 (status, pbool) = semanage.semanage_bool_create(sh) 927 if status < 0: 928 raise Error("Could not create SEBool object") 929 if self.verbose: 930 print("SEBool object created.") 931 932 status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") 933 if status < 0: 934 raise Error("Could not set name") 935 if self.verbose: 936 print("SEBool name set: %s" % semanage.semanage_bool_get_name(pbool)) 937 938 semanage.semanage_bool_set_value(pbool, 0) 939 if self.verbose: 940 print("SEbool value set: %s" % semanage.semanage_bool_get_value(pbool)) 941 942 (status, key) = semanage.semanage_bool_key_extract(sh, pbool) 943 if status < 0: 944 raise Error("Could not extract SEBool key") 945 if self.verbose: 946 print("SEBool key extracted: %s" % key) 947 948 (status, exists) = semanage.semanage_bool_exists_local(sh, key) 949 if status < 0: 950 raise Error("Could not check if SEBool exists") 951 if self.verbose: 952 print("Exists status (commit number): %s" % status) 953 954 if exists: 955 (status, old_bool) = semanage.semanage_bool_query_local(sh, key) 956 if status < 0: 957 raise Error("Could not query old SEBool") 958 if self.verbose: 959 print("Query status (commit number): %s" % status) 960 961 print("Starting transaction...") 962 status = semanage.semanage_begin_transaction(sh) 963 if status < 0: 964 raise Error("Could not start semanage transaction") 965 966 status = semanage.semanage_bool_modify_local(sh, key, pbool) 967 968 if status < 0: 969 raise Error("Could not modify SEBool") 970 971 status = semanage.semanage_commit(sh) 972 if status < 0: 973 raise Error("Could not commit test transaction") 974 print("Commit status (transaction number): %s" % status) 975 976 status = semanage.semanage_begin_transaction(sh) 977 if status < 0: 978 raise Error("Could not start semanage transaction") 979 980 if not exists: 981 print("Removing boolean...") 982 status = semanage.semanage_bool_del_local(sh, key) 983 if status < 0: 984 raise Error("Could not delete test SEBool") 985 if self.verbose: 986 print("Boolean delete: %s" % status) 987 else: 988 print("Resetting boolean...") 989 status = semanage.semanage_bool_modify_local(sh, key, old_bool) 990 if status < 0: 991 raise Error("Could not reset test SEBool") 992 if self.verbose: 993 print("Boolean modify: %s" % status) 994 995 status = semanage.semanage_commit(sh) 996 if status < 0: 997 raise Error("Could not commit reset transaction") 998 print("Commit status (transaction number): %s" % status) 999 1000 semanage.semanage_bool_key_free(key) 1001 semanage.semanage_bool_free(pbool) 1002 if exists: 1003 semanage.semanage_bool_free(old_bool) 1004 1005 def test_writeaboolean(self, sh): 1006 print("Testing active boolean write...") 1007 1008 (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") 1009 if status < 0: 1010 raise Error("Could not create SEBool key") 1011 if self.verbose: 1012 print("SEBool key created: %s" % key) 1013 1014 (status, old_bool) = semanage.semanage_bool_query_active(sh, key) 1015 if status < 0: 1016 raise Error("Could not query old SEBool") 1017 if self.verbose: 1018 print("Query status (commit number): %s" % status) 1019 1020 (status, abool) = semanage.semanage_bool_create(sh) 1021 if status < 0: 1022 raise Error("Could not create SEBool object") 1023 if self.verbose: 1024 print("SEBool object created.") 1025 1026 status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") 1027 if status < 0: 1028 raise Error("Could not set name") 1029 if self.verbose: 1030 print("SEBool name set: %s" % semanage.semanage_bool_get_name(abool)) 1031 1032 semanage.semanage_bool_set_value(abool, 0) 1033 if self.verbose: 1034 print("SEbool value set: %s" % semanage.semanage_bool_get_value(abool)) 1035 1036 print("Starting transaction...") 1037 status = semanage.semanage_begin_transaction(sh) 1038 if status < 0: 1039 raise Error("Could not start semanage transaction") 1040 1041 status = semanage.semanage_bool_set_active(sh, key, abool) 1042 if status < 0: 1043 raise Error("Could not modify SEBool") 1044 1045 status = semanage.semanage_commit(sh) 1046 if status < 0: 1047 raise Error("Could not commit test transaction") 1048 print("Commit status (transaction number): %s" % status) 1049 1050 print("Resetting old active boolean...") 1051 status = semanage.semanage_begin_transaction(sh) 1052 if status < 0: 1053 raise Error("Could not start semanage transaction") 1054 1055 status = semanage.semanage_bool_set_active(sh, key, old_bool) 1056 if status < 0: 1057 raise Error("Could not reset test SEBool") 1058 if self.verbose: 1059 print("SEBool active reset: %s" % status) 1060 1061 status = semanage.semanage_commit(sh) 1062 if status < 0: 1063 raise Error("Could not commit reset transaction") 1064 print("Commit status (transaction number): %s" % status) 1065 1066 semanage.semanage_bool_key_free(key) 1067 semanage.semanage_bool_free(abool) 1068 semanage.semanage_bool_free(old_bool) 1069 1070 def test_writenode(self, sh): 1071 print("Testing network node write...") 1072 1073 (status, node) = semanage.semanage_node_create(sh) 1074 if status < 0: 1075 raise Error("Could not create SENode object") 1076 if self.verbose: 1077 print("SENode object created.") 1078 1079 status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") 1080 if status < 0: 1081 raise Error("Could not set SENode address") 1082 1083 status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") 1084 if status < 0: 1085 raise Error("Could not set SENode netmask") 1086 1087 semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6) 1088 if self.verbose: 1089 print("SENode protocol set: %s" % semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6)) 1090 1091 (status, con) = semanage.semanage_context_create(sh) 1092 if status < 0: 1093 raise Error("Could not create SEContext object") 1094 if self.verbose: 1095 print("SEContext object created (for node).") 1096 1097 status = semanage.semanage_context_set_user(sh, con, "system_u") 1098 if status < 0: 1099 raise Error("Could not set context user") 1100 if self.verbose: 1101 print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 1102 1103 status = semanage.semanage_context_set_role(sh, con, "object_r") 1104 if status < 0: 1105 raise Error("Could not set context role") 1106 if self.verbose: 1107 print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 1108 1109 status = semanage.semanage_context_set_type(sh, con, "lo_node_t") 1110 if status < 0: 1111 raise Error("Could not set context type") 1112 if self.verbose: 1113 print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 1114 1115 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 1116 if status < 0: 1117 raise Error("Could not set context MLS fields") 1118 if self.verbose: 1119 print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 1120 1121 status = semanage.semanage_node_set_con(sh, node, con) 1122 if status < 0: 1123 raise Error("Could not set SENode context") 1124 if self.verbose: 1125 print("SENode context set: %s" % con) 1126 1127 (status, key) = semanage.semanage_node_key_extract(sh, node) 1128 if status < 0: 1129 raise Error("Could not extract SENode key") 1130 if self.verbose: 1131 print("SENode key extracted: %s" % key) 1132 1133 (status, exists) = semanage.semanage_node_exists_local(sh, key) 1134 if status < 0: 1135 raise Error("Could not check if SENode exists") 1136 if self.verbose: 1137 print("Exists status (commit number): %s" % status) 1138 1139 if exists: 1140 (status, old_node) = semanage.semanage_node_query_local(sh, key) 1141 if status < 0: 1142 raise Error("Could not query old SENode") 1143 if self.verbose: 1144 print("Query status (commit number): %s" % status) 1145 1146 print("Starting transaction...") 1147 status = semanage.semanage_begin_transaction(sh) 1148 if status < 0: 1149 raise Error("Could not start semanage transaction") 1150 1151 status = semanage.semanage_node_modify_local(sh, key, node) 1152 if status < 0: 1153 raise Error("Could not modify SENode") 1154 1155 status = semanage.semanage_commit(sh) 1156 if status < 0: 1157 raise Error("Could not commit test transaction") 1158 print("Commit status (transaction number): %s" % status) 1159 1160 status = semanage.semanage_begin_transaction(sh) 1161 if status < 0: 1162 raise Error("Could not start semanage transaction") 1163 1164 if not exists: 1165 print("Removing network node...") 1166 status = semanage.semanage_node_del_local(sh, key) 1167 if status < 0: 1168 raise Error("Could not delete test SENode") 1169 if self.verbose: 1170 print("Network node delete: %s" % status) 1171 else: 1172 print("Resetting network node...") 1173 status = semanage.semanage_node_modify_local(sh, key, old_node) 1174 if status < 0: 1175 raise Error("Could not reset test SENode") 1176 if self.verbose: 1177 print("Network node modify: %s" % status) 1178 1179 status = semanage.semanage_commit(sh) 1180 if status < 0: 1181 raise Error("Could not commit reset transaction") 1182 print("Commit status (transaction number): %s" % status) 1183 1184 semanage.semanage_context_free(con) 1185 semanage.semanage_node_key_free(key) 1186 semanage.semanage_node_free(node) 1187 if exists: 1188 semanage.semanage_node_free(old_node) 1189 1190 1191 def main(argv=None): 1192 if argv is None: 1193 argv = sys.argv 1194 try: 1195 try: 1196 opts, args = getopt.getopt( 1197 argv[1:], "hvmuspfibcUSPFIBCanN", 1198 [ 1199 "help", 1200 "verbose", 1201 "modules", 1202 "users", 1203 "seusers", 1204 "ports", 1205 "file contexts", 1206 "network interfaces", 1207 "booleans", 1208 "active booleans", 1209 "network nodes", 1210 "writeuser", 1211 "writeseuser", 1212 "writeport", 1213 "writefcontext", 1214 "writeinterface", 1215 "writeboolean", 1216 "writeaboolean", 1217 "writenode", 1218 "all", 1219 ]) 1220 tests = Tests() 1221 for o, a in opts: 1222 if o == "-v": 1223 tests.verbose = True 1224 print("Verbose output selected.") 1225 if o == "-a": 1226 tests.all = True 1227 if o == "-u": 1228 tests.users = True 1229 if o == "-U": 1230 tests.writeuser = True 1231 if o == "-s": 1232 tests.seusers = True 1233 if o == "-S": 1234 tests.writeseuser = True 1235 if o == "-p": 1236 tests.ports = True 1237 if o == "-P": 1238 tests.writeport = True 1239 if o == "-f": 1240 tests.fcontexts = True 1241 if o == "-F": 1242 tests.writefcontext = True 1243 if o == "-i": 1244 tests.interfaces = True 1245 if o == "-I": 1246 tests.writeinterface = True 1247 if o == "-b": 1248 tests.booleans = True 1249 if o == "-B": 1250 tests.writeboolean = True 1251 if o == "-c": 1252 tests.abooleans = True 1253 if o == "-C": 1254 tests.writeaboolean = True 1255 if o == "-n": 1256 tests.nodes = True 1257 if o == "-N": 1258 tests.writenode = True 1259 if o == "-m": 1260 tests.modules = True 1261 if o == "-h": 1262 raise Usage(usage) 1263 1264 if not tests.selected(): 1265 raise Usage("Please select a valid test.") 1266 1267 except getopt.error as msg: 1268 raise Usage(msg) 1269 1270 sh = semanage.semanage_handle_create() 1271 1272 if semanage.semanage_is_managed(sh) != 1: 1273 raise Status("Unmanaged!") 1274 1275 status = semanage.semanage_connect(sh) 1276 if status < 0: 1277 raise Error("Could not establish semanage connection") 1278 1279 tests.run(sh) 1280 1281 status = semanage.semanage_disconnect(sh) 1282 if status < 0: 1283 raise Error("Could not disconnect") 1284 1285 semanage.semanage_handle_destroy(sh) 1286 1287 except Usage as err: 1288 print(err.msg, file=sys.stderr) 1289 except Status as err: 1290 print(err.msg, file=sys.stderr) 1291 except Error as err: 1292 print(err.msg, file=sys.stderr) 1293 1294 return 2 1295 1296 1297 if __name__ == "__main__": 1298 sys.exit(main()) 1299
