1 #! /usr/bin/python -Es 2 # Copyright (C) 2012 Red Hat 3 # see file 'COPYING' for use and warranty information 4 # 5 # setrans is a tool for analyzing process transistions in SELinux policy 6 # 7 # This program is free software; you can redistribute it and/or 8 # modify it under the terms of the GNU General Public License as 9 # published by the Free Software Foundation; either version 2 of 10 # the License, or (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 20 # 02111-1307 USA 21 # 22 # 23 import sepolicy 24 import sys 25 26 27 def usage(parser, msg): 28 parser.print_help() 29 30 sys.stderr.write("\n%s\n" % msg) 31 sys.stderr.flush() 32 sys.exit(1) 33 34 35 def expand_attribute(attribute): 36 try: 37 return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"]) 38 except StopIteration: 39 return [attribute] 40 41 42 def get_types(src, tclass, perm): 43 allows = sepolicy.search([sepolicy.ALLOW], {sepolicy.SOURCE: src, sepolicy.CLASS: tclass, sepolicy.PERMS: perm}) 44 if not allows: 45 raise ValueError("The %s type is not allowed to %s any types" % (src, ",".join(perm))) 46 47 tlist = [] 48 for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)): 49 tlist = tlist + expand_attribute(l) 50 return tlist 51