pywrap-test.py revision 13cd4c8960688af11ad23b4c946149015c80d549
1#!/usr/bin/python 2import sys 3import getopt 4import semanage 5 6usage = "\ 7Choose one of the following tests:\n\ 8-m for modules\n\ 9-u for users\n\ 10-U for add user (warning this will write!)\n\ 11-s for seusers\n\ 12-S for add seuser (warning this will write!)\n\ 13-p for ports\n\ 14-P for add port (warning this will write!)\n\ 15-f for file contexts \n\ 16-F for add file context (warning this will write!)\n\ 17-i for network interfaces \n\ 18-I for add network interface (warning this will write!)\n\ 19-b for booleans \n\ 20-B for add boolean (warning this will write!)\n\ 21-c for aCtive booleans\n\ 22-C for set aCtive boolean (warning this will write!)\n\n\ 23-n for network nodes\n\ 24-N for add node (warning this will write!)\n\n\ 25Other options:\n\ 26-h for this help\n\ 27-v for verbose output\ 28" 29 30class Usage(Exception): 31 def __init__(self, msg): 32 Exception.__init__(self) 33 self.msg = msg 34 35class Status(Exception): 36 def __init__(self, msg): 37 Exception.__init__(self) 38 self.msg = msg 39 40class Error(Exception): 41 def __init__(self, msg): 42 Exception.__init__(self) 43 self.msg = msg 44 45class Tests: 46 def __init__(self): 47 self.all = False 48 self.users = False 49 self.writeuser = False 50 self.seusers = False 51 self.writeseuser = False 52 self.ports = False 53 self.writeport = False 54 self.fcontexts = False 55 self.writefcontext = False 56 self.interfaces = False 57 self.writeinterface = False 58 self.booleans = False 59 self.writeboolean = False 60 self.abooleans = False 61 self.writeaboolean = False 62 self.nodes = False 63 self.writenode = False 64 self.modules = False 65 self.verbose = False 66 67 def selected(self): 68 return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode) 69 70 def run(self, handle): 71 if (self.users or self.all): 72 self.test_users(handle) 73 print "" 74 if (self.seusers or self.all): 75 self.test_seusers(handle) 76 print "" 77 if (self.ports or self.all): 78 self.test_ports(handle) 79 print "" 80 if (self.modules or self.all): 81 self.test_modules(handle) 82 print "" 83 if (self.fcontexts or self.all): 84 self.test_fcontexts(handle) 85 print "" 86 if (self.interfaces or self.all): 87 self.test_interfaces(handle) 88 print "" 89 if (self.booleans or self.all): 90 self.test_booleans(handle) 91 print "" 92 if (self.abooleans or self.all): 93 self.test_abooleans(handle) 94 print "" 95 if (self.nodes or self.all): 96 self.test_nodes(handle) 97 print "" 98 if (self.writeuser or self.all): 99 self.test_writeuser(handle) 100 print "" 101 if (self.writeseuser or self.all): 102 self.test_writeseuser(handle) 103 print "" 104 if (self.writeport or self.all): 105 self.test_writeport(handle) 106 print "" 107 if (self.writefcontext or self.all): 108 self.test_writefcontext(handle) 109 print "" 110 if (self.writeinterface or self.all): 111 self.test_writeinterface(handle) 112 print "" 113 if (self.writeboolean or self.all): 114 self.test_writeboolean(handle) 115 print "" 116 if (self.writeaboolean or self.all): 117 self.test_writeaboolean(handle) 118 print "" 119 if (self.writenode or self.all): 120 self.test_writenode(handle) 121 print "" 122 123 def test_modules(self,sh): 124 print "Testing modules..." 125 126 (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) 127 128 print "Transaction number: ", trans_cnt 129 print "Module list size: ", mlist_size 130 if self.verbose: print "List reference: ", mlist 131 132 if (mlist_size == 0): 133 print "No modules installed!" 134 print "This is not necessarily a test failure." 135 return 136 for idx in range(mlist_size): 137 module = semanage.semanage_module_list_nth(mlist, idx) 138 if self.verbose: print "Module reference: ", module 139 print "Module name: ", semanage.semanage_module_get_name(module) 140 print " Module version: ", semanage.semanage_module_get_version(module) 141 142 def test_seusers(self,sh): 143 print "Testing seusers..." 144 145 (status, slist) = semanage.semanage_seuser_list(sh) 146 if status < 0: 147 raise Error("Could not list seusers") 148 print "Query status (commit number): ", status 149 150 if ( len(slist) == 0): 151 print "No seusers found!" 152 print "This is not necessarily a test failure." 153 return 154 for seuser in slist: 155 if self.verbose: print "seseuser reference: ", seuser 156 print "seuser name: ", semanage.semanage_seuser_get_name(seuser) 157 print " seuser mls range: ", semanage.semanage_seuser_get_mlsrange(seuser) 158 print " seuser sename: ", semanage.semanage_seuser_get_sename(seuser) 159 semanage.semanage_seuser_free(seuser) 160 161 def test_users(self,sh): 162 print "Testing users..." 163 164 (status, ulist) = semanage.semanage_user_list(sh) 165 if status < 0: 166 raise Error("Could not list users") 167 print "Query status (commit number): ", status 168 169 if ( len(ulist) == 0): 170 print "No users found!" 171 print "This is not necessarily a test failure." 172 return 173 for user in ulist: 174 if self.verbose: print "User reference: ", user 175 print "User name: ", semanage.semanage_user_get_name(user) 176 print " User labeling prefix: ", semanage.semanage_user_get_prefix(user) 177 print " User mls level: ", semanage.semanage_user_get_mlslevel(user) 178 print " User mls range: ", semanage.semanage_user_get_mlsrange(user) 179 print " User number of roles: ", semanage.semanage_user_get_num_roles(user) 180 print " User roles: " 181 (status, rlist) = semanage.semanage_user_get_roles(sh, user) 182 if status < 0: 183 raise Error("Could not get user roles") 184 185 for role in rlist: 186 print " ", role 187 188 semanage.semanage_user_free(user) 189 190 def test_ports(self,sh): 191 print "Testing ports..." 192 193 (status, plist) = semanage.semanage_port_list(sh) 194 if status < 0: 195 raise Error("Could not list ports") 196 print "Query status (commit number): ", status 197 198 if ( len(plist) == 0): 199 print "No ports found!" 200 print "This is not necessarily a test failure." 201 return 202 for port in plist: 203 if self.verbose: print "Port reference: ", port 204 low = semanage.semanage_port_get_low(port) 205 high = semanage.semanage_port_get_high(port) 206 con = semanage.semanage_port_get_con(port) 207 proto = semanage.semanage_port_get_proto(port) 208 proto_str = semanage.semanage_port_get_proto_str(proto) 209 if low == high: 210 range_str = str(low) 211 else: 212 range_str = str(low) + "-" + str(high) 213 (rc, con_str) = semanage.semanage_context_to_string(sh,con) 214 if rc < 0: con_str = "" 215 print "Port: ", range_str, " ", proto_str, " Context: ", con_str 216 semanage.semanage_port_free(port) 217 218 def test_fcontexts(self,sh): 219 print "Testing file contexts..." 220 221 (status, flist) = semanage.semanage_fcontext_list(sh) 222 if status < 0: 223 raise Error("Could not list file contexts") 224 print "Query status (commit number): ", status 225 226 if (len(flist) == 0): 227 print "No file contexts found!" 228 print "This is not necessarily a test failure." 229 return 230 for fcon in flist: 231 if self.verbose: print "File Context reference: ", fcon 232 expr = semanage.semanage_fcontext_get_expr(fcon) 233 type = semanage.semanage_fcontext_get_type(fcon) 234 type_str = semanage.semanage_fcontext_get_type_str(type) 235 con = semanage.semanage_fcontext_get_con(fcon) 236 if not con: 237 con_str = "<<none>>" 238 else: 239 (rc, con_str) = semanage.semanage_context_to_string(sh,con) 240 if rc < 0: con_str = "" 241 print "File Expr: ", expr, " [", type_str, "] Context: ", con_str 242 semanage.semanage_fcontext_free(fcon) 243 244 def test_interfaces(self,sh): 245 print "Testing network interfaces..." 246 247 (status, ilist) = semanage.semanage_iface_list(sh) 248 if status < 0: 249 raise Error("Could not list interfaces") 250 print "Query status (commit number): ", status 251 252 if (len(ilist) == 0): 253 print "No network interfaces found!" 254 print "This is not necessarily a test failure." 255 return 256 for iface in ilist: 257 if self.verbose: print "Interface reference: ", iface 258 name = semanage.semanage_iface_get_name(iface) 259 msg_con = semanage.semanage_iface_get_msgcon(iface) 260 if_con = semanage.semanage_iface_get_ifcon(iface) 261 (rc, msg_con_str) = semanage.semanage_context_to_string(sh,msg_con) 262 if rc < 0: msg_con_str = "" 263 (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) 264 if rc < 0: if_con_str = "" 265 print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str 266 semanage.semanage_iface_free(iface) 267 268 def test_booleans(self,sh): 269 print "Testing booleans..." 270 271 (status, blist) = semanage.semanage_bool_list(sh) 272 if status < 0: 273 raise Error("Could not list booleans") 274 print "Query status (commit number): ", status 275 276 if (len(blist) == 0): 277 print "No booleans found!" 278 print "This is not necessarily a test failure." 279 return 280 for pbool in blist: 281 if self.verbose: print "Boolean reference: ", pbool 282 name = semanage.semanage_bool_get_name(pbool) 283 value = semanage.semanage_bool_get_value(pbool) 284 print "Boolean: ", name, " Value: ", value 285 semanage.semanage_bool_free(pbool) 286 287 def test_abooleans(self,sh): 288 print "Testing active booleans..." 289 290 (status, ablist) = semanage.semanage_bool_list_active(sh) 291 if status < 0: 292 raise Error("Could not list active booleans") 293 print "Query status (commit number): ", status 294 295 if (len(ablist) == 0): 296 print "No active booleans found!" 297 print "This is not necessarily a test failure." 298 return 299 for abool in ablist: 300 if self.verbose: print "Active boolean reference: ", abool 301 name = semanage.semanage_bool_get_name(abool) 302 value = semanage.semanage_bool_get_value(abool) 303 print "Active Boolean: ", name, " Value: ", value 304 semanage.semanage_bool_free(abool) 305 306 def test_nodes(self,sh): 307 print "Testing network nodes..." 308 309 (status, nlist) = semanage.semanage_node_list(sh) 310 if status < 0: 311 raise Error("Could not list network nodes") 312 print "Query status (commit number): ", status 313 314 if (len(nlist) == 0): 315 print "No network nodes found!" 316 print "This is not necessarily a test failure." 317 return 318 for node in nlist: 319 if self.verbose: print "Network node reference: ", node 320 321 (status, addr) = semanage.semanage_node_get_addr(sh, node) 322 if status < 0: addr = "" 323 324 (status, mask) = semanage.semanage_node_get_mask(sh, node) 325 if status < 0: mask = "" 326 327 proto = semanage.semanage_node_get_proto(node) 328 proto_str = semanage.semanage_node_get_proto_str(proto) 329 con = semanage.semanage_node_get_con(node) 330 331 (status, con_str) = semanage.semanage_context_to_string(sh, con) 332 if status < 0: con_str = "" 333 334 print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str 335 semanage.semanage_node_free(node) 336 337 def test_writeuser(self,sh): 338 print "Testing user write..." 339 340 (status, user) = semanage.semanage_user_create(sh) 341 if status < 0: 342 raise Error("Could not create user object") 343 if self.verbose: print "User object created" 344 345 status = semanage.semanage_user_set_name(sh,user, "testPyUser") 346 if status < 0: 347 raise Error("Could not set user name") 348 if self.verbose: print "User name set: ", semanage.semanage_user_get_name(user) 349 350 status = semanage.semanage_user_add_role(sh, user, "user_r") 351 if status < 0: 352 raise Error("Could not add role") 353 354 status = semanage.semanage_user_set_prefix(sh,user, "user") 355 if status < 0: 356 raise Error("Could not set labeling prefix") 357 if self.verbose: print "User prefix set: ", semanage.semanage_user_get_prefix(user) 358 359 status = semanage.semanage_user_set_mlsrange(sh, user, "s0") 360 if status < 0: 361 raise Error("Could not set MLS range") 362 if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user) 363 364 status = semanage.semanage_user_set_mlslevel(sh, user, "s0") 365 if status < 0: 366 raise Error("Could not set MLS level") 367 if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user) 368 369 (status,key) = semanage.semanage_user_key_extract(sh,user) 370 if status < 0: 371 raise Error("Could not extract user key") 372 if self.verbose: print "User key extracted: ", key 373 374 (status,exists) = semanage.semanage_user_exists_local(sh,key) 375 if status < 0: 376 raise Error("Could not check if user exists") 377 if self.verbose: print "Exists status (commit number): ", status 378 379 if exists: 380 (status, old_user) = semanage.semanage_user_query_local(sh, key) 381 if status < 0: 382 raise Error("Could not query old user") 383 if self.verbose: print "Query status (commit number): ", status 384 385 print "Starting transaction.." 386 status = semanage.semanage_begin_transaction(sh) 387 if status < 0: 388 raise Error("Could not start semanage transaction") 389 390 status = semanage.semanage_user_modify_local(sh,key,user) 391 if status < 0: 392 raise Error("Could not modify user") 393 394 status = semanage.semanage_commit(sh) 395 if status < 0: 396 raise Error("Could not commit test transaction") 397 print "Commit status (transaction number): ", status 398 399 status = semanage.semanage_begin_transaction(sh) 400 if status < 0: 401 raise Error("Could not start semanage transaction") 402 403 if not exists: 404 print "Removing user..." 405 status = semanage.semanage_user_del_local(sh, key) 406 if status < 0: 407 raise Error("Could not delete test user") 408 if self.verbose: print "User delete: ", status 409 else: 410 print "Resetting user..." 411 status = semanage.semanage_user_modify_local(sh, key, old_user) 412 if status < 0: 413 raise Error("Could not reset test user") 414 if self.verbose: print "User modify: ", status 415 416 status = semanage.semanage_commit(sh) 417 if status < 0: 418 raise Error("Could not commit reset transaction") 419 print "Commit status (transaction number): ", status 420 421 semanage.semanage_user_key_free(key) 422 semanage.semanage_user_free(user) 423 if exists: semanage.semanage_user_free(old_user) 424 425 def test_writeseuser(self,sh): 426 print "Testing seuser write..." 427 428 (status, seuser) = semanage.semanage_seuser_create(sh) 429 if status < 0: 430 raise Error("Could not create SEUser object") 431 if self.verbose: print "SEUser object created." 432 433 status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser") 434 if status < 0: 435 raise Error("Could not set name") 436 if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser) 437 438 status = semanage.semanage_seuser_set_sename(sh, seuser, "root") 439 if status < 0: 440 raise Error("Could not set sename") 441 if self.verbose: print "SEUser seuser: ", semanage.semanage_seuser_get_sename(seuser) 442 443 status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") 444 if status < 0: 445 raise Error("Could not set MLS range") 446 if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser) 447 448 (status,key) = semanage.semanage_seuser_key_extract(sh,seuser) 449 if status < 0: 450 raise Error("Could not extract SEUser key") 451 if self.verbose: print "SEUser key extracted: ", key 452 453 (status,exists) = semanage.semanage_seuser_exists_local(sh,key) 454 if status < 0: 455 raise Error("Could not check if SEUser exists") 456 if self.verbose: print "Exists status (commit number): ", status 457 458 if exists: 459 (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) 460 if status < 0: 461 raise Error("Could not query old SEUser") 462 if self.verbose: print "Query status (commit number): ", status 463 464 print "Starting transaction..." 465 status = semanage.semanage_begin_transaction(sh) 466 if status < 0: 467 raise Error("Could not start semanage transaction") 468 469 status = semanage.semanage_seuser_modify_local(sh,key,seuser) 470 if status < 0: 471 raise Error("Could not modify SEUser") 472 473 status = semanage.semanage_commit(sh) 474 if status < 0: 475 raise Error("Could not commit test transaction") 476 print "Commit status (transaction number): ", status 477 478 status = semanage.semanage_begin_transaction(sh) 479 if status < 0: 480 raise Error("Could not start semanage transaction") 481 482 if not exists: 483 print "Removing seuser..." 484 status = semanage.semanage_seuser_del_local(sh, key) 485 if status < 0: 486 raise Error("Could not delete test SEUser") 487 if self.verbose: print "Seuser delete: ", status 488 else: 489 print "Resetting seuser..." 490 status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) 491 if status < 0: 492 raise Error("Could not reset test SEUser") 493 if self.verbose: print "Seuser modify: ", status 494 495 status = semanage.semanage_commit(sh) 496 if status < 0: 497 raise Error("Could not commit reset transaction") 498 print "Commit status (transaction number): ", status 499 500 semanage.semanage_seuser_key_free(key) 501 semanage.semanage_seuser_free(seuser) 502 if exists: semanage.semanage_seuser_free(old_seuser) 503 504 def test_writeport(self,sh): 505 print "Testing port write..." 506 507 (status, port) = semanage.semanage_port_create(sh) 508 if status < 0: 509 raise Error("Could not create SEPort object") 510 if self.verbose: print "SEPort object created." 511 512 semanage.semanage_port_set_range(port,150,200) 513 low = semanage.semanage_port_get_low(port) 514 high = semanage.semanage_port_get_high(port) 515 if self.verbose: print "SEPort range set: ", low, "-", high 516 517 semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP); 518 if self.verbose: print "SEPort protocol set: ", \ 519 semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP) 520 521 (status, con) = semanage.semanage_context_create(sh) 522 if status < 0: 523 raise Error("Could not create SEContext object") 524 if self.verbose: print "SEContext object created (for port)." 525 526 status = semanage.semanage_context_set_user(sh, con, "system_u") 527 if status < 0: 528 raise Error("Could not set context user") 529 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 530 531 status = semanage.semanage_context_set_role(sh, con, "object_r") 532 if status < 0: 533 raise Error("Could not set context role") 534 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 535 536 status = semanage.semanage_context_set_type(sh, con, "http_port_t") 537 if status < 0: 538 raise Error("Could not set context type") 539 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 540 541 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 542 if status < 0: 543 raise Error("Could not set context MLS fields") 544 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 545 546 status = semanage.semanage_port_set_con(sh, port, con) 547 if status < 0: 548 raise Error("Could not set SEPort context") 549 if self.verbose: print "SEPort context set: ", con 550 551 (status,key) = semanage.semanage_port_key_extract(sh,port) 552 if status < 0: 553 raise Error("Could not extract SEPort key") 554 if self.verbose: print "SEPort key extracted: ", key 555 556 (status,exists) = semanage.semanage_port_exists_local(sh,key) 557 if status < 0: 558 raise Error("Could not check if SEPort exists") 559 if self.verbose: print "Exists status (commit number): ", status 560 561 if exists: 562 (status, old_port) = semanage.semanage_port_query_local(sh, key) 563 if status < 0: 564 raise Error("Could not query old SEPort") 565 if self.verbose: print "Query status (commit number): ", status 566 567 print "Starting transaction..." 568 status = semanage.semanage_begin_transaction(sh) 569 if status < 0: 570 raise Error("Could not start semanage transaction") 571 572 status = semanage.semanage_port_modify_local(sh,key,port) 573 if status < 0: 574 raise Error("Could not modify SEPort") 575 576 status = semanage.semanage_commit(sh) 577 if status < 0: 578 raise Error("Could not commit test transaction") 579 print "Commit status (transaction number): ", status 580 581 status = semanage.semanage_begin_transaction(sh) 582 if status < 0: 583 raise Error("Could not start semanage transaction") 584 585 if not exists: 586 print "Removing port range..." 587 status = semanage.semanage_port_del_local(sh, key) 588 if status < 0: 589 raise Error("Could not delete test SEPort") 590 if self.verbose: print "Port range delete: ", status 591 else: 592 print "Resetting port range..." 593 status = semanage.semanage_port_modify_local(sh, key, old_port) 594 if status < 0: 595 raise Error("Could not reset test SEPort") 596 if self.verbose: print "Port range modify: ", status 597 598 status = semanage.semanage_commit(sh) 599 if status < 0: 600 raise Error("Could not commit reset transaction") 601 print "Commit status (transaction number): ", status 602 603 semanage.semanage_context_free(con) 604 semanage.semanage_port_key_free(key) 605 semanage.semanage_port_free(port) 606 if exists: semanage.semanage_port_free(old_port) 607 608 def test_writefcontext(self,sh): 609 print "Testing file context write..." 610 611 (status, fcon) = semanage.semanage_fcontext_create(sh) 612 if status < 0: 613 raise Error("Could not create SEFcontext object") 614 if self.verbose: print "SEFcontext object created." 615 616 status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") 617 if status < 0: 618 raise Error("Could not set expression") 619 if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon) 620 621 semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) 622 if self.verbose: print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(fcon) 623 624 (status, con) = semanage.semanage_context_create(sh) 625 if status < 0: 626 raise Error("Could not create SEContext object") 627 if self.verbose: print "SEContext object created (for file context)." 628 629 status = semanage.semanage_context_set_user(sh, con, "system_u") 630 if status < 0: 631 raise Error("Could not set context user") 632 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 633 634 status = semanage.semanage_context_set_role(sh, con, "object_r") 635 if status < 0: 636 raise Error("Could not set context role") 637 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 638 639 status = semanage.semanage_context_set_type(sh, con, "default_t") 640 if status < 0: 641 raise Error("Could not set context type") 642 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 643 644 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 645 if status < 0: 646 raise Error("Could not set context MLS fields") 647 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 648 649 status = semanage.semanage_fcontext_set_con(sh, fcon, con) 650 if status < 0: 651 raise Error("Could not set SEFcontext context") 652 if self.verbose: print "SEFcontext context set: ", con 653 654 (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) 655 if status < 0: 656 raise Error("Could not extract SEFcontext key") 657 if self.verbose: print "SEFcontext key extracted: ", key 658 659 (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) 660 if status < 0: 661 raise Error("Could not check if SEFcontext exists") 662 663 if self.verbose: print "Exists status (commit number): ", status 664 if exists: 665 (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) 666 if status < 0: 667 raise Error("Could not query old SEFcontext") 668 if self.verbose: print "Query status (commit number): ", status 669 670 print "Starting transaction..." 671 status = semanage.semanage_begin_transaction(sh) 672 if status < 0: 673 raise Error("Could not start semanage transaction") 674 675 status = semanage.semanage_fcontext_modify_local(sh,key,fcon) 676 if status < 0: 677 raise Error("Could not modify SEFcontext") 678 679 status = semanage.semanage_commit(sh) 680 if status < 0: 681 raise Error("Could not commit test transaction") 682 print "Commit status (transaction number): ", status 683 684 status = semanage.semanage_begin_transaction(sh) 685 if status < 0: 686 raise Error("Could not start semanage transaction") 687 688 if not exists: 689 print "Removing file context..." 690 status = semanage.semanage_fcontext_del_local(sh, key) 691 if status < 0: 692 raise Error("Could not delete test SEFcontext") 693 if self.verbose: print "File context delete: ", status 694 else: 695 print "Resetting file context..." 696 status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) 697 if status < 0: 698 raise Error("Could not reset test FContext") 699 if self.verbose: print "File context modify: ", status 700 701 status = semanage.semanage_commit(sh) 702 if status < 0: 703 raise Error("Could not commit reset transaction") 704 print "Commit status (transaction number): ", status 705 706 semanage.semanage_context_free(con) 707 semanage.semanage_fcontext_key_free(key) 708 semanage.semanage_fcontext_free(fcon) 709 if exists: semanage.semanage_fcontext_free(old_fcontext) 710 711 def test_writeinterface(self,sh): 712 print "Testing network interface write..." 713 714 (status, iface) = semanage.semanage_iface_create(sh) 715 if status < 0: 716 raise Error("Could not create SEIface object") 717 if self.verbose: print "SEIface object created." 718 719 status = semanage.semanage_iface_set_name(sh, iface, "test_iface") 720 if status < 0: 721 raise Error("Could not set SEIface name") 722 if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_name(iface) 723 724 (status, con) = semanage.semanage_context_create(sh) 725 if status < 0: 726 raise Error("Could not create SEContext object") 727 if self.verbose: print "SEContext object created (for network interface)" 728 729 status = semanage.semanage_context_set_user(sh, con, "system_u") 730 if status < 0: 731 raise Error("Could not set interface context user") 732 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 733 734 status = semanage.semanage_context_set_role(sh, con, "object_r") 735 if status < 0: 736 raise Error("Could not set interface context role") 737 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 738 739 status = semanage.semanage_context_set_type(sh, con, "default_t") 740 if status < 0: 741 raise Error("Could not set interface context type") 742 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 743 744 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 745 if status < 0: 746 raise Error("Could not set interface context MLS fields") 747 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 748 749 status = semanage.semanage_iface_set_ifcon(sh, iface, con) 750 if status < 0: 751 raise Error("Could not set SEIface interface context") 752 if self.verbose: print "SEIface interface context set: ", con 753 754 status = semanage.semanage_iface_set_msgcon(sh, iface, con) 755 if status < 0: 756 raise Error("Could not set SEIface message context") 757 if self.verbose: print "SEIface message context set: ", con 758 759 (status,key) = semanage.semanage_iface_key_extract(sh,iface) 760 if status < 0: 761 raise Error("Could not extract SEIface key") 762 if self.verbose: print "SEIface key extracted: ", key 763 764 (status,exists) = semanage.semanage_iface_exists_local(sh,key) 765 if status < 0: 766 raise Error("Could not check if SEIface exists") 767 if self.verbose: print "Exists status (commit number): ", status 768 769 if exists: 770 (status, old_iface) = semanage.semanage_iface_query_local(sh, key) 771 if status < 0: 772 raise Error("Could not query old SEIface") 773 if self.verbose: print "Query status (commit number): ", status 774 775 print "Starting transaction..." 776 status = semanage.semanage_begin_transaction(sh) 777 if status < 0: 778 raise Error("Could not begin semanage transaction") 779 780 status = semanage.semanage_iface_modify_local(sh,key,iface) 781 if status < 0: 782 raise Error("Could not modify SEIface") 783 784 status = semanage.semanage_commit(sh) 785 if status < 0: 786 raise Error("Could not commit test transaction") 787 print "Commit status (transaction number): ", status 788 789 status = semanage.semanage_begin_transaction(sh) 790 if status < 0: 791 raise Error("Could not begin semanage transaction") 792 793 if not exists: 794 print "Removing interface..." 795 status = semanage.semanage_iface_del_local(sh, key) 796 if status < 0: 797 raise Error("Could not delete test SEIface") 798 if self.verbose: print "Interface delete: ", status 799 else: 800 print "Resetting interface..." 801 status = semanage.semanage_iface_modify_local(sh, key, old_iface) 802 if status < 0: 803 raise Error("Could not reset test SEIface") 804 if self.verbose: print "Interface modify: ", status 805 806 status = semanage.semanage_commit(sh) 807 if status < 0: 808 raise Error("Could not commit reset transaction") 809 print "Commit status (transaction number): ", status 810 811 semanage.semanage_context_free(con) 812 semanage.semanage_iface_key_free(key) 813 semanage.semanage_iface_free(iface) 814 if exists: semanage.semanage_iface_free(old_iface) 815 816 def test_writeboolean(self,sh): 817 print "Testing boolean write..." 818 819 (status, pbool) = semanage.semanage_bool_create(sh) 820 if status < 0: 821 raise Error("Could not create SEBool object") 822 if self.verbose: print "SEBool object created." 823 824 status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") 825 if status < 0: 826 raise Error("Could not set name") 827 if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool) 828 829 semanage.semanage_bool_set_value(pbool, 0) 830 if self.verbose: print "SEbool value set: ", semanage.semanage_bool_set_value(pbool) 831 832 (status,key) = semanage.semanage_bool_key_extract(sh, pbool) 833 if status < 0: 834 raise Error("Could not extract SEBool key") 835 if self.verbose: print "SEBool key extracted: ", key 836 837 (status,exists) = semanage.semanage_bool_exists_local(sh,key) 838 if status < 0: 839 raise Error("Could not check if SEBool exists") 840 if self.verbose: print "Exists status (commit number): ", status 841 842 if exists: 843 (status, old_bool) = semanage.semanage_bool_query_local(sh, key) 844 if status < 0: 845 raise Error("Could not query old SEBool") 846 if self.verbose: print "Query status (commit number): ", status 847 848 print "Starting transaction..." 849 status = semanage.semanage_begin_transaction(sh) 850 if status < 0: 851 raise Error("Could not start semanage transaction") 852 853 status = semanage.semanage_bool_modify_local(sh, key, pbool) 854 855 if status < 0: 856 raise Error("Could not modify SEBool") 857 858 status = semanage.semanage_commit(sh) 859 if status < 0: 860 raise Error("Could not commit test transaction") 861 print "Commit status (transaction number): ", status 862 863 status = semanage.semanage_begin_transaction(sh) 864 if status < 0: 865 raise Error("Could not start semanage transaction") 866 867 if not exists: 868 print "Removing boolean..." 869 status = semanage.semanage_bool_del_local(sh, key) 870 if status < 0: 871 raise Error("Could not delete test SEBool") 872 if self.verbose: print "Boolean delete: ", status 873 else: 874 print "Resetting boolean..." 875 status = semanage.semanage_bool_modify_local(sh, key, old_bool) 876 if status < 0: 877 raise Error("Could not reset test SEBool") 878 if self.verbose: print "Boolean modify: ", status 879 880 status = semanage.semanage_commit(sh) 881 if status < 0: 882 raise Error("Could not commit reset transaction") 883 print "Commit status (transaction number): ", status 884 885 semanage.semanage_bool_key_free(key) 886 semanage.semanage_bool_free(pbool) 887 if exists: semanage.semanage_bool_free(old_bool) 888 889 def test_writeaboolean(self,sh): 890 print "Testing active boolean write..." 891 892 (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") 893 if status < 0: 894 raise Error("Could not create SEBool key") 895 if self.verbose: print "SEBool key created: ", key 896 897 (status, old_bool) = semanage.semanage_bool_query_active(sh, key) 898 if status < 0: 899 raise Error("Could not query old SEBool") 900 if self.verbose: print "Query status (commit number): ", status 901 902 (status, abool) = semanage.semanage_bool_create(sh) 903 if status < 0: 904 raise Error("Could not create SEBool object") 905 if self.verbose: print "SEBool object created." 906 907 status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") 908 if status < 0: 909 raise Error("Could not set name") 910 if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool) 911 912 semanage.semanage_bool_set_value(abool, 0) 913 if self.verbose: print "SEbool value set: ", semanage.semanage_bool_set_value(abool) 914 915 print "Starting transaction..." 916 status = semanage.semanage_begin_transaction(sh) 917 if status < 0: 918 raise Error("Could not start semanage transaction") 919 920 status = semanage.semanage_bool_set_active(sh,key,abool) 921 if status < 0: 922 raise Error("Could not modify SEBool") 923 924 status = semanage.semanage_commit(sh) 925 if status < 0: 926 raise Error("Could not commit test transaction") 927 print "Commit status (transaction number): ", status 928 929 print "Resetting old active boolean..." 930 status = semanage.semanage_begin_transaction(sh) 931 if status < 0: 932 raise Error("Could not start semanage transaction") 933 934 status = semanage.semanage_bool_set_active(sh, key,old_bool) 935 if status < 0: 936 raise Error("Could not reset test SEBool") 937 if self.verbose: print "SEBool active reset: ", status 938 939 status = semanage.semanage_commit(sh) 940 if status < 0: 941 raise Error("Could not commit reset transaction") 942 print "Commit status (transaction number): ", status 943 944 semanage.semanage_bool_key_free(key) 945 semanage.semanage_bool_free(abool) 946 semanage.semanage_bool_free(old_bool) 947 948 949 def test_writenode(self,sh): 950 print "Testing network node write..." 951 952 (status, node) = semanage.semanage_node_create(sh) 953 if status < 0: 954 raise Error("Could not create SENode object") 955 if self.verbose: print "SENode object created." 956 957 status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") 958 if status < 0: 959 raise Error("Could not set SENode address") 960 961 status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") 962 if status < 0: 963 raise Error("Could not set SENode netmask") 964 965 semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6); 966 if self.verbose: print "SENode protocol set: ", \ 967 semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6) 968 969 (status, con) = semanage.semanage_context_create(sh) 970 if status < 0: 971 raise Error("Could not create SEContext object") 972 if self.verbose: print "SEContext object created (for node)." 973 974 status = semanage.semanage_context_set_user(sh, con, "system_u") 975 if status < 0: 976 raise Error("Could not set context user") 977 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 978 979 status = semanage.semanage_context_set_role(sh, con, "object_r") 980 if status < 0: 981 raise Error("Could not set context role") 982 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 983 984 status = semanage.semanage_context_set_type(sh, con, "lo_node_t") 985 if status < 0: 986 raise Error("Could not set context type") 987 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 988 989 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 990 if status < 0: 991 raise Error("Could not set context MLS fields") 992 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 993 994 status = semanage.semanage_node_set_con(sh, node, con) 995 if status < 0: 996 raise Error("Could not set SENode context") 997 if self.verbose: print "SENode context set: ", con 998 999 (status,key) = semanage.semanage_node_key_extract(sh, node) 1000 if status < 0: 1001 raise Error("Could not extract SENode key") 1002 if self.verbose: print "SENode key extracted: ", key 1003 1004 (status,exists) = semanage.semanage_node_exists_local(sh,key) 1005 if status < 0: 1006 raise Error("Could not check if SENode exists") 1007 if self.verbose: print "Exists status (commit number): ", status 1008 1009 if exists: 1010 (status, old_node) = semanage.semanage_node_query_local(sh, key) 1011 if status < 0: 1012 raise Error("Could not query old SENode") 1013 if self.verbose: print "Query status (commit number): ", status 1014 1015 print "Starting transaction..." 1016 status = semanage.semanage_begin_transaction(sh) 1017 if status < 0: 1018 raise Error("Could not start semanage transaction") 1019 1020 status = semanage.semanage_node_modify_local(sh,key, node) 1021 if status < 0: 1022 raise Error("Could not modify SENode") 1023 1024 status = semanage.semanage_commit(sh) 1025 if status < 0: 1026 raise Error("Could not commit test transaction") 1027 print "Commit status (transaction number): ", status 1028 1029 status = semanage.semanage_begin_transaction(sh) 1030 if status < 0: 1031 raise Error("Could not start semanage transaction") 1032 1033 if not exists: 1034 print "Removing network node..." 1035 status = semanage.semanage_node_del_local(sh, key) 1036 if status < 0: 1037 raise Error("Could not delete test SENode") 1038 if self.verbose: print "Network node delete: ", status 1039 else: 1040 print "Resetting network node..." 1041 status = semanage.semanage_node_modify_local(sh, key, old_node) 1042 if status < 0: 1043 raise Error("Could not reset test SENode") 1044 if self.verbose: print "Network node modify: ", status 1045 1046 status = semanage.semanage_commit(sh) 1047 if status < 0: 1048 raise Error("Could not commit reset transaction") 1049 print "Commit status (transaction number): ", status 1050 1051 semanage.semanage_context_free(con) 1052 semanage.semanage_node_key_free(key) 1053 semanage.semanage_node_free(node) 1054 if exists: semanage.semanage_node_free(old_node) 1055 1056def main(argv=None): 1057 if argv is None: 1058 argv = sys.argv 1059 try: 1060 try: 1061 opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) 1062 tests = Tests() 1063 for o, a in opts: 1064 if o == "-v": 1065 tests.verbose = True 1066 print "Verbose output selected." 1067 if o == "-a": 1068 tests.all = True 1069 if o == "-u": 1070 tests.users = True 1071 if o == "-U": 1072 tests.writeuser = True 1073 if o == "-s": 1074 tests.seusers = True 1075 if o == "-S": 1076 tests.writeseuser = True 1077 if o == "-p": 1078 tests.ports = True 1079 if o == "-P": 1080 tests.writeport = True 1081 if o == "-f": 1082 tests.fcontexts = True 1083 if o == "-F": 1084 tests.writefcontext = True 1085 if o == "-i": 1086 tests.interfaces = True 1087 if o == "-I": 1088 tests.writeinterface = True 1089 if o == "-b": 1090 tests.booleans = True 1091 if o == "-B": 1092 tests.writeboolean = True 1093 if o == "-c": 1094 tests.abooleans = True 1095 if o == "-C": 1096 tests.writeaboolean = True 1097 if o == "-n": 1098 tests.nodes = True 1099 if o == "-N": 1100 tests.writenode = True 1101 if o == "-m": 1102 tests.modules = True 1103 if o == "-h": 1104 raise Usage(usage) 1105 1106 if not tests.selected(): 1107 raise Usage("Please select a valid test.") 1108 1109 except getopt.error, msg: 1110 raise Usage(msg) 1111 1112 sh=semanage.semanage_handle_create() 1113 1114 if (semanage.semanage_is_managed(sh) != 1): 1115 raise Status("Unmanaged!") 1116 1117 status = semanage.semanage_connect(sh) 1118 if status < 0: 1119 raise Error("Could not establish semanage connection") 1120 1121 tests.run(sh) 1122 1123 status = semanage.semanage_disconnect(sh) 1124 if status < 0: 1125 raise Error("Could not disconnect") 1126 1127 semanage.semanage_handle_destroy(sh) 1128 1129 except Usage, err: 1130 print >>sys.stderr, err.msg 1131 except Status, err: 1132 print >>sys.stderr, err.msg 1133 except Error, err: 1134 print >>sys.stderr, err.msg 1135 1136 return 2 1137 1138if __name__ == "__main__": 1139 sys.exit(main()) 1140 1141