Home | History | Annotate | Download | only in audit2allow 
      1 #! /usr/bin/python -Es
      2 #
      3 # Authors: Karl MacMillan <kmacmillan (at] mentalrootkit.com>
      4 #
      5 # Copyright (C) 2006 Red Hat 
      6 # see file 'COPYING' for use and warranty information
      7 #
      8 # This program is free software; you can redistribute it and/or
      9 # modify it under the terms of the GNU General Public License as
     10 # published by the Free Software Foundation; version 2 only
     11 #
     12 # This program is distributed in the hope that it will be useful,
     13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
     14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     15 # GNU General Public License for more details.
     16 #
     17 # You should have received a copy of the GNU General Public License
     18 # along with this program; if not, write to the Free Software
     19 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
     20 #
     21 
     22 # Parse interfaces and output extracted information about them
     23 # suitable for policy generation. By default writes the output
     24 # to the default location (obtained from sepolgen.defaults), but
     25 # will output to another file provided as an argument:
     26 #   sepolgen-ifgen [headers] [output-filename]
     27 
     28 
     29 import sys
     30 import os
     31 import tempfile
     32 import subprocess
     33 
     34 import selinux
     35 
     36 import sepolgen.refparser as refparser
     37 import sepolgen.defaults as defaults
     38 import sepolgen.interfaces as interfaces
     39 
     40 
     41 VERSION = "%prog .1"
     42 ATTR_HELPER = "/usr/bin/sepolgen-ifgen-attr-helper"
     43 
     44 def parse_options():
     45     from optparse import OptionParser
     46 
     47     parser = OptionParser(version=VERSION)
     48     parser.add_option("-o", "--output", dest="output", default=defaults.interface_info(),
     49                       help="filename to store output")
     50     parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
     51                       help="location of the interface header files")
     52     parser.add_option("-a", "--attribute_info", dest="attribute_info")
     53     parser.add_option("-p", "--policy", dest="policy_path")
     54     parser.add_option("-v", "--verbose", action="store_true", default=False,
     55                       help="print debuging output")
     56     parser.add_option("-d", "--debug", action="store_true", default=False,
     57                      help="extra debugging output")
     58     parser.add_option("--no_attrs", action="store_true", default=False,
     59                       help="do not retrieve attribute access from kernel policy")
     60     options, args = parser.parse_args()
     61     
     62     return options
     63 
     64 def get_policy():
     65     p = selinux.selinux_current_policy_path()
     66     if p and os.path.exists(p):
     67         return p
     68     i = selinux.security_policyvers()
     69     p = selinux.selinux_binary_policy_path() + "." + str(i)
     70     while i > 0 and not os.path.exists(p):
     71         i = i - 1
     72         p = selinux.selinux_binary_policy_path() + "." + str(i)
     73     if i > 0:
     74         return p
     75     return None
     76 
     77 def get_attrs(policy_path):
     78     try:
     79         if not policy_path:
     80             policy_path = get_policy()
     81         if not policy_path:
     82             sys.stderr.write("No installed policy to check\n")
     83             return None
     84         outfile = tempfile.NamedTemporaryFile()
     85     except IOError, e:
     86         sys.stderr.write("could not open attribute output file\n")
     87         return None
     88     except OSError:
     89         # SELinux Disabled Machine
     90         return None
     91 
     92     fd = open("/dev/null","w")
     93     ret = subprocess.Popen([ATTR_HELPER, policy_path, outfile.name], stdout=fd).wait()
     94     fd.close()
     95     if ret != 0:
     96         sys.stderr.write("could not run attribute helper")
     97         return None
     98 
     99     attrs = interfaces.AttributeSet()
    100     try:
    101         attrs.from_file(outfile)
    102     except:
    103         print "error parsing attribute info"
    104         return None
    105 
    106     return attrs
    107 
    108 def main():
    109     options = parse_options()
    110 
    111     # Open the output first to generate errors before parsing
    112     try:
    113         f = open(options.output, "w")
    114     except IOError, e:
    115         sys.stderr.write("could not open output file [%s]\n" % options.output)
    116         return 1
    117 
    118     if options.verbose:
    119         log = sys.stdout
    120     else:
    121         log = None
    122 
    123     # Get the attibutes from the binary
    124     attrs = None
    125     if not options.no_attrs:
    126         attrs = get_attrs(options.policy_path)
    127         if attrs is None:
    128             return 1
    129 
    130     # Parse the headers
    131     try:
    132         headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
    133     except ValueError, e:
    134         print "error parsing headers"
    135         print str(e)
    136         return 1
    137 
    138     if_set = interfaces.InterfaceSet(output=log)
    139     if_set.add_headers(headers, attributes=attrs)
    140     if_set.to_file(f)
    141     f.close()
    142 
    143     if refparser.success:
    144         return 0
    145     else:
    146         return 1
    147     
    148 if __name__ == "__main__":
    149     sys.exit(main())
    150