pywrap-test.py revision 49c738fc93ad917ed6e363f0c357074402ae1b60
1#!/usr/bin/python 2import sys 3import getopt 4import semanage 5 6usage = "\ 7Choose one of the following tests:\n\ 8-m for modules\n\ 9-u for users\n\ 10-U for add user (warning this will write!)\n\ 11-s for seusers\n\ 12-S for add seuser (warning this will write!)\n\ 13-p for ports\n\ 14-P for add port (warning this will write!)\n\ 15-f for file contexts \n\ 16-F for add file context (warning this will write!)\n\ 17-i for network interfaces \n\ 18-I for add network interface (warning this will write!)\n\ 19-b for booleans \n\ 20-B for add boolean (warning this will write!)\n\ 21-c for aCtive booleans\n\ 22-C for set aCtive boolean (warning this will write!)\n\n\ 23-n for network nodes\n\ 24-N for add node (warning this will write!)\n\n\ 25Other options:\n\ 26-h for this help\n\ 27-v for verbose output\ 28" 29 30class Usage(Exception): 31 def __init__(self, msg): 32 Exception.__init__(self) 33 self.msg = msg 34 35class Status(Exception): 36 def __init__(self, msg): 37 Exception.__init__(self) 38 self.msg = msg 39 40class Error(Exception): 41 def __init__(self, msg): 42 Exception.__init__(self) 43 self.msg = msg 44 45class Tests: 46 def __init__(self): 47 self.all = False 48 self.users = False 49 self.writeuser = False 50 self.seusers = False 51 self.writeseuser = False 52 self.ports = False 53 self.writeport = False 54 self.fcontexts = False 55 self.writefcontext = False 56 self.interfaces = False 57 self.writeinterface = False 58 self.booleans = False 59 self.writeboolean = False 60 self.abooleans = False 61 self.writeaboolean = False 62 self.nodes = False 63 self.writenode = False 64 self.modules = False 65 self.verbose = False 66 67 def selected(self): 68 return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode) 69 70 def run(self, handle): 71 if (self.users or self.all): 72 self.test_users(handle) 73 print "" 74 if (self.seusers or self.all): 75 self.test_seusers(handle) 76 print "" 77 if (self.ports or self.all): 78 self.test_ports(handle) 79 print "" 80 if (self.modules or self.all): 81 self.test_modules(handle) 82 print "" 83 if (self.fcontexts or self.all): 84 self.test_fcontexts(handle) 85 print "" 86 if (self.interfaces or self.all): 87 self.test_interfaces(handle) 88 print "" 89 if (self.booleans or self.all): 90 self.test_booleans(handle) 91 print "" 92 if (self.abooleans or self.all): 93 self.test_abooleans(handle) 94 print "" 95 if (self.nodes or self.all): 96 self.test_nodes(handle) 97 print "" 98 if (self.writeuser or self.all): 99 self.test_writeuser(handle) 100 print "" 101 if (self.writeseuser or self.all): 102 self.test_writeseuser(handle) 103 print "" 104 if (self.writeport or self.all): 105 self.test_writeport(handle) 106 print "" 107 if (self.writefcontext or self.all): 108 self.test_writefcontext(handle) 109 print "" 110 if (self.writeinterface or self.all): 111 self.test_writeinterface(handle) 112 print "" 113 if (self.writeboolean or self.all): 114 self.test_writeboolean(handle) 115 print "" 116 if (self.writeaboolean or self.all): 117 self.test_writeaboolean(handle) 118 print "" 119 if (self.writenode or self.all): 120 self.test_writenode(handle) 121 print "" 122 123 def test_modules(self,sh): 124 print "Testing modules..." 125 126 (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) 127 128 print "Transaction number: ", trans_cnt 129 print "Module list size: ", mlist_size 130 if self.verbose: print "List reference: ", mlist 131 132 if (mlist_size == 0): 133 print "No modules installed!" 134 print "This is not necessarily a test failure." 135 return 136 for idx in range(mlist_size): 137 module = semanage.semanage_module_list_nth(mlist, idx) 138 if self.verbose: print "Module reference: ", module 139 print "Module name: ", semanage.semanage_module_get_name(module) 140 print " Module version: ", semanage.semanage_module_get_version(module) 141 142 def test_seusers(self,sh): 143 print "Testing seusers..." 144 145 (status, slist) = semanage.semanage_seuser_list(sh) 146 if status < 0: 147 raise Error("Could not list seusers") 148 print "Query status (commit number): ", status 149 150 if ( len(slist) == 0): 151 print "No seusers found!" 152 print "This is not necessarily a test failure." 153 return 154 for seuser in slist: 155 if self.verbose: print "seseuser reference: ", seuser 156 print "seuser name: ", semanage.semanage_seuser_get_name(seuser) 157 print " seuser mls range: ", semanage.semanage_seuser_get_mlsrange(seuser) 158 print " seuser sename: ", semanage.semanage_seuser_get_sename(seuser) 159 semanage.semanage_seuser_free(seuser) 160 161 def test_users(self,sh): 162 print "Testing users..." 163 164 (status, ulist) = semanage.semanage_user_list(sh) 165 if status < 0: 166 raise Error("Could not list users") 167 print "Query status (commit number): ", status 168 169 if ( len(ulist) == 0): 170 print "No users found!" 171 print "This is not necessarily a test failure." 172 return 173 for user in ulist: 174 if self.verbose: print "User reference: ", user 175 print "User name: ", semanage.semanage_user_get_name(user) 176 print " User labeling prefix: ", semanage.semanage_user_get_prefix(user) 177 print " User mls level: ", semanage.semanage_user_get_mlslevel(user) 178 print " User mls range: ", semanage.semanage_user_get_mlsrange(user) 179 print " User number of roles: ", semanage.semanage_user_get_num_roles(user) 180 print " User roles: " 181 (status, rlist) = semanage.semanage_user_get_roles(sh, user) 182 if status < 0: 183 raise Error("Could not get user roles") 184 185 for role in rlist: 186 print " ", role 187 188 semanage.semanage_user_free(user) 189 190 def test_ports(self,sh): 191 print "Testing ports..." 192 193 (status, plist) = semanage.semanage_port_list(sh) 194 if status < 0: 195 raise Error("Could not list ports") 196 print "Query status (commit number): ", status 197 198 if ( len(plist) == 0): 199 print "No ports found!" 200 print "This is not necessarily a test failure." 201 return 202 for port in plist: 203 if self.verbose: print "Port reference: ", port 204 low = semanage.semanage_port_get_low(port) 205 high = semanage.semanage_port_get_high(port) 206 con = semanage.semanage_port_get_con(port) 207 proto = semanage.semanage_port_get_proto(port) 208 proto_str = semanage.semanage_port_get_proto_str(proto) 209 if low == high: 210 range_str = str(low) 211 else: 212 range_str = str(low) + "-" + str(high) 213 (rc, con_str) = semanage.semanage_context_to_string(sh,con) 214 if rc < 0: con_str = "" 215 print "Port: ", range_str, " ", proto_str, " Context: ", con_str 216 semanage.semanage_port_free(port) 217 218 def test_fcontexts(self,sh): 219 print "Testing file contexts..." 220 221 (status, flist) = semanage.semanage_fcontext_list(sh) 222 if status < 0: 223 raise Error("Could not list file contexts") 224 print "Query status (commit number): ", status 225 226 if (len(flist) == 0): 227 print "No file contexts found!" 228 print "This is not necessarily a test failure." 229 return 230 for fcon in flist: 231 if self.verbose: print "File Context reference: ", fcon 232 expr = semanage.semanage_fcontext_get_expr(fcon) 233 type = semanage.semanage_fcontext_get_type(fcon) 234 type_str = semanage.semanage_fcontext_get_type_str(type) 235 con = semanage.semanage_fcontext_get_con(fcon) 236 if not con: 237 con_str = "<<none>>" 238 else: 239 (rc, con_str) = semanage.semanage_context_to_string(sh,con) 240 if rc < 0: con_str = "" 241 print "File Expr: ", expr, " [", type_str, "] Context: ", con_str 242 semanage.semanage_fcontext_free(fcon) 243 244 def test_interfaces(self,sh): 245 print "Testing network interfaces..." 246 247 (status, ilist) = semanage.semanage_iface_list(sh) 248 if status < 0: 249 raise Error("Could not list interfaces") 250 print "Query status (commit number): ", status 251 252 if (len(ilist) == 0): 253 print "No network interfaces found!" 254 print "This is not necessarily a test failure." 255 return 256 for iface in ilist: 257 if self.verbose: print "Interface reference: ", iface 258 name = semanage.semanage_iface_get_name(iface) 259 msg_con = semanage.semanage_iface_get_msgcon(iface) 260 if_con = semanage.semanage_iface_get_ifcon(iface) 261 (rc, msg_con_str) = semanage.semanage_context_to_string(sh,msg_con) 262 if rc < 0: msg_con_str = "" 263 (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) 264 if rc < 0: if_con_str = "" 265 print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str 266 semanage.semanage_iface_free(iface) 267 268 def test_booleans(self,sh): 269 print "Testing booleans..." 270 271 (status, blist) = semanage.semanage_bool_list(sh) 272 if status < 0: 273 raise Error("Could not list booleans") 274 print "Query status (commit number): ", status 275 276 if (len(blist) == 0): 277 print "No booleans found!" 278 print "This is not necessarily a test failure." 279 return 280 for pbool in blist: 281 if self.verbose: print "Boolean reference: ", pbool 282 name = semanage.semanage_bool_get_name(pbool) 283 value = semanage.semanage_bool_get_value(pbool) 284 print "Boolean: ", name, " Value: ", value 285 semanage.semanage_bool_free(pbool) 286 287 def test_abooleans(self,sh): 288 print "Testing active booleans..." 289 290 (status, ablist) = semanage.semanage_bool_list_active(sh) 291 if status < 0: 292 raise Error("Could not list active booleans") 293 print "Query status (commit number): ", status 294 295 if (len(ablist) == 0): 296 print "No active booleans found!" 297 print "This is not necessarily a test failure." 298 return 299 for abool in ablist: 300 if self.verbose: print "Active boolean reference: ", abool 301 name = semanage.semanage_bool_get_name(abool) 302 value = semanage.semanage_bool_get_value(abool) 303 print "Active Boolean: ", name, " Value: ", value 304 semanage.semanage_bool_free(abool) 305 306 def test_nodes(self,sh): 307 print "Testing network nodes..." 308 309 (status, nlist) = semanage.semanage_node_list(sh) 310 if status < 0: 311 raise Error("Could not list network nodes") 312 print "Query status (commit number): ", status 313 314 if (len(nlist) == 0): 315 print "No network nodes found!" 316 print "This is not necessarily a test failure." 317 return 318 for node in nlist: 319 if self.verbose: print "Network node reference: ", node 320 321 (status, addr) = semanage.semanage_node_get_addr(sh, node) 322 if status < 0: addr = "" 323 324 (status, mask) = semanage.semanage_node_get_mask(sh, node) 325 if status < 0: mask = "" 326 327 proto = semanage.semanage_node_get_proto(node) 328 proto_str = semanage.semanage_node_get_proto_str(proto) 329 con = semanage.semanage_node_get_con(node) 330 331 (status, con_str) = semanage.semanage_context_to_string(sh, con) 332 if status < 0: con_str = "" 333 334 print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str 335 semanage.semanage_node_free(node) 336 337 def test_writeuser(self,sh): 338 print "Testing user write..." 339 340 (status, user) = semanage.semanage_user_create(sh) 341 if status < 0: 342 raise Error("Could not create user object") 343 if self.verbose: print "User object created" 344 345 status = semanage.semanage_user_set_name(sh,user, "testPyUser") 346 if status < 0: 347 raise Error("Could not set user name") 348 if self.verbose: print "User name set: ", semanage.semanage_user_get_name(user) 349 350 status = semanage.semanage_user_add_role(sh, user, "user_r") 351 if status < 0: 352 raise Error("Could not add role") 353 354 status = semanage.semanage_user_set_prefix(sh,user, "user") 355 if status < 0: 356 raise Error("Could not set labeling prefix") 357 if self.verbose: print "User prefix set: ", semanage.semanage_user_get_prefix(user) 358 359 status = semanage.semanage_user_set_mlsrange(sh, user, "s0") 360 if status < 0: 361 raise Error("Could not set MLS range") 362 if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user) 363 364 status = semanage.semanage_user_set_mlslevel(sh, user, "s0") 365 if status < 0: 366 raise Error("Could not set MLS level") 367 if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user) 368 369 (status,key) = semanage.semanage_user_key_extract(sh,user) 370 if status < 0: 371 raise Error("Could not extract user key") 372 if self.verbose: print "User key extracted: ", key 373 374 (status,exists) = semanage.semanage_user_exists_local(sh,key) 375 if status < 0: 376 raise Error("Could not check if user exists") 377 if self.verbose: print "Exists status (commit number): ", status 378 379 if exists: 380 (status, old_user) = semanage.semanage_user_query_local(sh, key) 381 if status < 0: 382 raise Error("Could not query old user") 383 if self.verbose: print "Query status (commit number): ", status 384 385 print "Starting transaction.." 386 status = semanage.semanage_begin_transaction(sh) 387 if status < 0: 388 raise Error("Could not start semanage transaction") 389 390 status = semanage.semanage_user_modify_local(sh,key,user) 391 if status < 0: 392 raise Error("Could not modify user") 393 394 status = semanage.semanage_commit(sh) 395 if status < 0: 396 raise Error("Could not commit test transaction") 397 print "Commit status (transaction number): ", status 398 399 status = semanage.semanage_begin_transaction(sh) 400 if status < 0: 401 raise Error("Could not start semanage transaction") 402 403 if not exists: 404 print "Removing user..." 405 status = semanage.semanage_user_del_local(sh, key) 406 if status < 0: 407 raise Error("Could not delete test user") 408 if self.verbose: print "User delete: ", status 409 else: 410 print "Resetting user..." 411 status = semanage.semanage_user_modify_local(sh, key, old_user) 412 if status < 0: 413 raise Error("Could not reset test user") 414 if self.verbose: print "User modify: ", status 415 416 status = semanage.semanage_commit(sh) 417 if status < 0: 418 raise Error("Could not commit reset transaction") 419 print "Commit status (transaction number): ", status 420 421 semanage.semanage_user_key_free(key) 422 semanage.semanage_user_free(user) 423 if exists: semanage.semanage_user_free(old_user) 424 425 def test_writeseuser(self,sh): 426 print "Testing seuser write..." 427 428 (status, seuser) = semanage.semanage_seuser_create(sh) 429 if status < 0: 430 raise Error("Could not create SEUser object") 431 if self.verbose: print "SEUser object created." 432 433 status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser") 434 if status < 0: 435 raise Error("Could not set name") 436 if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser) 437 438 status = semanage.semanage_seuser_set_sename(sh, seuser, "root") 439 if status < 0: 440 raise Error("Could not set sename") 441 if self.verbose: print "SEUser seuser: ", semanage.semanage_seuser_get_sename(seuser) 442 443 status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") 444 if status < 0: 445 raise Error("Could not set MLS range") 446 if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser) 447 448 (status,key) = semanage.semanage_seuser_key_extract(sh,seuser) 449 if status < 0: 450 raise Error("Could not extract SEUser key") 451 if self.verbose: print "SEUser key extracted: ", key 452 453 (status,exists) = semanage.semanage_seuser_exists_local(sh,key) 454 if status < 0: 455 raise Error("Could not check if SEUser exists") 456 if self.verbose: print "Exists status (commit number): ", status 457 458 if exists: 459 (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) 460 if status < 0: 461 raise Error("Could not query old SEUser") 462 if self.verbose: print "Query status (commit number): ", status 463 464 print "Starting transaction..." 465 status = semanage.semanage_begin_transaction(sh) 466 if status < 0: 467 raise Error("Could not start semanage transaction") 468 469 status = semanage.semanage_seuser_modify_local(sh,key,seuser) 470 if status < 0: 471 raise Error("Could not modify SEUser") 472 473 status = semanage.semanage_commit(sh) 474 if status < 0: 475 raise Error("Could not commit test transaction") 476 print "Commit status (transaction number): ", status 477 478 status = semanage.semanage_begin_transaction(sh) 479 if status < 0: 480 raise Error("Could not start semanage transaction") 481 482 if not exists: 483 print "Removing seuser..." 484 status = semanage.semanage_seuser_del_local(sh, key) 485 if status < 0: 486 raise Error("Could not delete test SEUser") 487 if self.verbose: print "Seuser delete: ", status 488 else: 489 print "Resetting seuser..." 490 status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) 491 if status < 0: 492 raise Error("Could not reset test SEUser") 493 if self.verbose: print "Seuser modify: ", status 494 495 status = semanage.semanage_commit(sh) 496 if status < 0: 497 raise Error("Could not commit reset transaction") 498 print "Commit status (transaction number): ", status 499 500 semanage.semanage_seuser_key_free(key) 501 semanage.semanage_seuser_free(seuser) 502 if exists: semanage.semanage_seuser_free(old_seuser) 503 504 def test_writeport(self,sh): 505 print "Testing port write..." 506 507 (status, port) = semanage.semanage_port_create(sh) 508 if status < 0: 509 raise Error("Could not create SEPort object") 510 if self.verbose: print "SEPort object created." 511 512 semanage.semanage_port_set_range(port,150,200) 513 low = semanage.semanage_port_get_low(port) 514 high = semanage.semanage_port_get_high(port) 515 if self.verbose: print "SEPort range set: ", low, "-", high 516 517 semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP); 518 if self.verbose: print "SEPort protocol set: ", \ 519 semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP) 520 521 (status, con) = semanage.semanage_context_create(sh) 522 if status < 0: 523 raise Error("Could not create SEContext object") 524 if self.verbose: print "SEContext object created (for port)." 525 526 status = semanage.semanage_context_set_user(sh, con, "system_u") 527 if status < 0: 528 raise Error("Could not set context user") 529 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 530 531 status = semanage.semanage_context_set_role(sh, con, "object_r") 532 if status < 0: 533 raise Error("Could not set context role") 534 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 535 536 status = semanage.semanage_context_set_type(sh, con, "http_port_t") 537 if status < 0: 538 raise Error("Could not set context type") 539 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 540 541 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 542 if status < 0: 543 raise Error("Could not set context MLS fields") 544 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 545 546 status = semanage.semanage_port_set_con(sh, port, con) 547 if status < 0: 548 raise Error("Could not set SEPort context") 549 if self.verbose: print "SEPort context set: ", con 550 551 (status,key) = semanage.semanage_port_key_extract(sh,port) 552 if status < 0: 553 raise Error("Could not extract SEPort key") 554 if self.verbose: print "SEPort key extracted: ", key 555 556 (status,exists) = semanage.semanage_port_exists_local(sh,key) 557 if status < 0: 558 raise Error("Could not check if SEPort exists") 559 if self.verbose: print "Exists status (commit number): ", status 560 561 if exists: 562 (status, old_port) = semanage.semanage_port_query_local(sh, key) 563 if status < 0: 564 raise Error("Could not query old SEPort") 565 if self.verbose: print "Query status (commit number): ", status 566 567 print "Starting transaction..." 568 status = semanage.semanage_begin_transaction(sh) 569 if status < 0: 570 raise Error("Could not start semanage transaction") 571 572 status = semanage.semanage_port_modify_local(sh,key,port) 573 if status < 0: 574 raise Error("Could not modify SEPort") 575 576 status = semanage.semanage_commit(sh) 577 if status < 0: 578 raise Error("Could not commit test transaction") 579 print "Commit status (transaction number): ", status 580 581 status = semanage.semanage_begin_transaction(sh) 582 if status < 0: 583 raise Error("Could not start semanage transaction") 584 585 if not exists: 586 print "Removing port range..." 587 status = semanage.semanage_port_del_local(sh, key) 588 if status < 0: 589 raise Error("Could not delete test SEPort") 590 if self.verbose: print "Port range delete: ", status 591 else: 592 print "Resetting port range..." 593 status = semanage.semanage_port_modify_local(sh, key, old_port) 594 if status < 0: 595 raise Error("Could not reset test SEPort") 596 if self.verbose: print "Port range modify: ", status 597 598 status = semanage.semanage_commit(sh) 599 if status < 0: 600 raise Error("Could not commit reset transaction") 601 print "Commit status (transaction number): ", status 602 603 semanage.semanage_context_free(con) 604 semanage.semanage_port_key_free(key) 605 semanage.semanage_port_free(port) 606 if exists: semanage.semanage_port_free(old_port) 607 608 def test_writefcontext(self,sh): 609 print "Testing file context write..." 610 611 (status, fcon) = semanage.semanage_fcontext_create(sh) 612 if status < 0: 613 raise Error("Could not create SEFcontext object") 614 if self.verbose: print "SEFcontext object created." 615 616 status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") 617 if status < 0: 618 raise Error("Could not set expression") 619 if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon) 620 621 semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) 622 if self.verbose: 623 ftype = semanage.semanage_fcontext_get_type(fcon) 624 print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(ftype) 625 626 (status, con) = semanage.semanage_context_create(sh) 627 if status < 0: 628 raise Error("Could not create SEContext object") 629 if self.verbose: print "SEContext object created (for file context)." 630 631 status = semanage.semanage_context_set_user(sh, con, "system_u") 632 if status < 0: 633 raise Error("Could not set context user") 634 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 635 636 status = semanage.semanage_context_set_role(sh, con, "object_r") 637 if status < 0: 638 raise Error("Could not set context role") 639 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 640 641 status = semanage.semanage_context_set_type(sh, con, "default_t") 642 if status < 0: 643 raise Error("Could not set context type") 644 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 645 646 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 647 if status < 0: 648 raise Error("Could not set context MLS fields") 649 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 650 651 status = semanage.semanage_fcontext_set_con(sh, fcon, con) 652 if status < 0: 653 raise Error("Could not set SEFcontext context") 654 if self.verbose: print "SEFcontext context set: ", con 655 656 (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) 657 if status < 0: 658 raise Error("Could not extract SEFcontext key") 659 if self.verbose: print "SEFcontext key extracted: ", key 660 661 (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) 662 if status < 0: 663 raise Error("Could not check if SEFcontext exists") 664 665 if self.verbose: print "Exists status (commit number): ", status 666 if exists: 667 (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) 668 if status < 0: 669 raise Error("Could not query old SEFcontext") 670 if self.verbose: print "Query status (commit number): ", status 671 672 print "Starting transaction..." 673 status = semanage.semanage_begin_transaction(sh) 674 if status < 0: 675 raise Error("Could not start semanage transaction") 676 677 status = semanage.semanage_fcontext_modify_local(sh,key,fcon) 678 if status < 0: 679 raise Error("Could not modify SEFcontext") 680 681 status = semanage.semanage_commit(sh) 682 if status < 0: 683 raise Error("Could not commit test transaction") 684 print "Commit status (transaction number): ", status 685 686 status = semanage.semanage_begin_transaction(sh) 687 if status < 0: 688 raise Error("Could not start semanage transaction") 689 690 if not exists: 691 print "Removing file context..." 692 status = semanage.semanage_fcontext_del_local(sh, key) 693 if status < 0: 694 raise Error("Could not delete test SEFcontext") 695 if self.verbose: print "File context delete: ", status 696 else: 697 print "Resetting file context..." 698 status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) 699 if status < 0: 700 raise Error("Could not reset test FContext") 701 if self.verbose: print "File context modify: ", status 702 703 status = semanage.semanage_commit(sh) 704 if status < 0: 705 raise Error("Could not commit reset transaction") 706 print "Commit status (transaction number): ", status 707 708 semanage.semanage_context_free(con) 709 semanage.semanage_fcontext_key_free(key) 710 semanage.semanage_fcontext_free(fcon) 711 if exists: semanage.semanage_fcontext_free(old_fcontext) 712 713 def test_writeinterface(self,sh): 714 print "Testing network interface write..." 715 716 (status, iface) = semanage.semanage_iface_create(sh) 717 if status < 0: 718 raise Error("Could not create SEIface object") 719 if self.verbose: print "SEIface object created." 720 721 status = semanage.semanage_iface_set_name(sh, iface, "test_iface") 722 if status < 0: 723 raise Error("Could not set SEIface name") 724 if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_name(iface) 725 726 (status, con) = semanage.semanage_context_create(sh) 727 if status < 0: 728 raise Error("Could not create SEContext object") 729 if self.verbose: print "SEContext object created (for network interface)" 730 731 status = semanage.semanage_context_set_user(sh, con, "system_u") 732 if status < 0: 733 raise Error("Could not set interface context user") 734 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 735 736 status = semanage.semanage_context_set_role(sh, con, "object_r") 737 if status < 0: 738 raise Error("Could not set interface context role") 739 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 740 741 status = semanage.semanage_context_set_type(sh, con, "default_t") 742 if status < 0: 743 raise Error("Could not set interface context type") 744 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 745 746 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 747 if status < 0: 748 raise Error("Could not set interface context MLS fields") 749 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 750 751 status = semanage.semanage_iface_set_ifcon(sh, iface, con) 752 if status < 0: 753 raise Error("Could not set SEIface interface context") 754 if self.verbose: print "SEIface interface context set: ", con 755 756 status = semanage.semanage_iface_set_msgcon(sh, iface, con) 757 if status < 0: 758 raise Error("Could not set SEIface message context") 759 if self.verbose: print "SEIface message context set: ", con 760 761 (status,key) = semanage.semanage_iface_key_extract(sh,iface) 762 if status < 0: 763 raise Error("Could not extract SEIface key") 764 if self.verbose: print "SEIface key extracted: ", key 765 766 (status,exists) = semanage.semanage_iface_exists_local(sh,key) 767 if status < 0: 768 raise Error("Could not check if SEIface exists") 769 if self.verbose: print "Exists status (commit number): ", status 770 771 if exists: 772 (status, old_iface) = semanage.semanage_iface_query_local(sh, key) 773 if status < 0: 774 raise Error("Could not query old SEIface") 775 if self.verbose: print "Query status (commit number): ", status 776 777 print "Starting transaction..." 778 status = semanage.semanage_begin_transaction(sh) 779 if status < 0: 780 raise Error("Could not begin semanage transaction") 781 782 status = semanage.semanage_iface_modify_local(sh,key,iface) 783 if status < 0: 784 raise Error("Could not modify SEIface") 785 786 status = semanage.semanage_commit(sh) 787 if status < 0: 788 raise Error("Could not commit test transaction") 789 print "Commit status (transaction number): ", status 790 791 status = semanage.semanage_begin_transaction(sh) 792 if status < 0: 793 raise Error("Could not begin semanage transaction") 794 795 if not exists: 796 print "Removing interface..." 797 status = semanage.semanage_iface_del_local(sh, key) 798 if status < 0: 799 raise Error("Could not delete test SEIface") 800 if self.verbose: print "Interface delete: ", status 801 else: 802 print "Resetting interface..." 803 status = semanage.semanage_iface_modify_local(sh, key, old_iface) 804 if status < 0: 805 raise Error("Could not reset test SEIface") 806 if self.verbose: print "Interface modify: ", status 807 808 status = semanage.semanage_commit(sh) 809 if status < 0: 810 raise Error("Could not commit reset transaction") 811 print "Commit status (transaction number): ", status 812 813 semanage.semanage_context_free(con) 814 semanage.semanage_iface_key_free(key) 815 semanage.semanage_iface_free(iface) 816 if exists: semanage.semanage_iface_free(old_iface) 817 818 def test_writeboolean(self,sh): 819 print "Testing boolean write..." 820 821 (status, pbool) = semanage.semanage_bool_create(sh) 822 if status < 0: 823 raise Error("Could not create SEBool object") 824 if self.verbose: print "SEBool object created." 825 826 status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") 827 if status < 0: 828 raise Error("Could not set name") 829 if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool) 830 831 semanage.semanage_bool_set_value(pbool, 0) 832 if self.verbose: print "SEbool value set: ", semanage.semanage_bool_set_value(pbool) 833 834 (status,key) = semanage.semanage_bool_key_extract(sh, pbool) 835 if status < 0: 836 raise Error("Could not extract SEBool key") 837 if self.verbose: print "SEBool key extracted: ", key 838 839 (status,exists) = semanage.semanage_bool_exists_local(sh,key) 840 if status < 0: 841 raise Error("Could not check if SEBool exists") 842 if self.verbose: print "Exists status (commit number): ", status 843 844 if exists: 845 (status, old_bool) = semanage.semanage_bool_query_local(sh, key) 846 if status < 0: 847 raise Error("Could not query old SEBool") 848 if self.verbose: print "Query status (commit number): ", status 849 850 print "Starting transaction..." 851 status = semanage.semanage_begin_transaction(sh) 852 if status < 0: 853 raise Error("Could not start semanage transaction") 854 855 status = semanage.semanage_bool_modify_local(sh, key, pbool) 856 857 if status < 0: 858 raise Error("Could not modify SEBool") 859 860 status = semanage.semanage_commit(sh) 861 if status < 0: 862 raise Error("Could not commit test transaction") 863 print "Commit status (transaction number): ", status 864 865 status = semanage.semanage_begin_transaction(sh) 866 if status < 0: 867 raise Error("Could not start semanage transaction") 868 869 if not exists: 870 print "Removing boolean..." 871 status = semanage.semanage_bool_del_local(sh, key) 872 if status < 0: 873 raise Error("Could not delete test SEBool") 874 if self.verbose: print "Boolean delete: ", status 875 else: 876 print "Resetting boolean..." 877 status = semanage.semanage_bool_modify_local(sh, key, old_bool) 878 if status < 0: 879 raise Error("Could not reset test SEBool") 880 if self.verbose: print "Boolean modify: ", status 881 882 status = semanage.semanage_commit(sh) 883 if status < 0: 884 raise Error("Could not commit reset transaction") 885 print "Commit status (transaction number): ", status 886 887 semanage.semanage_bool_key_free(key) 888 semanage.semanage_bool_free(pbool) 889 if exists: semanage.semanage_bool_free(old_bool) 890 891 def test_writeaboolean(self,sh): 892 print "Testing active boolean write..." 893 894 (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") 895 if status < 0: 896 raise Error("Could not create SEBool key") 897 if self.verbose: print "SEBool key created: ", key 898 899 (status, old_bool) = semanage.semanage_bool_query_active(sh, key) 900 if status < 0: 901 raise Error("Could not query old SEBool") 902 if self.verbose: print "Query status (commit number): ", status 903 904 (status, abool) = semanage.semanage_bool_create(sh) 905 if status < 0: 906 raise Error("Could not create SEBool object") 907 if self.verbose: print "SEBool object created." 908 909 status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") 910 if status < 0: 911 raise Error("Could not set name") 912 if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool) 913 914 semanage.semanage_bool_set_value(abool, 0) 915 if self.verbose: print "SEbool value set: ", semanage.semanage_bool_set_value(abool) 916 917 print "Starting transaction..." 918 status = semanage.semanage_begin_transaction(sh) 919 if status < 0: 920 raise Error("Could not start semanage transaction") 921 922 status = semanage.semanage_bool_set_active(sh,key,abool) 923 if status < 0: 924 raise Error("Could not modify SEBool") 925 926 status = semanage.semanage_commit(sh) 927 if status < 0: 928 raise Error("Could not commit test transaction") 929 print "Commit status (transaction number): ", status 930 931 print "Resetting old active boolean..." 932 status = semanage.semanage_begin_transaction(sh) 933 if status < 0: 934 raise Error("Could not start semanage transaction") 935 936 status = semanage.semanage_bool_set_active(sh, key,old_bool) 937 if status < 0: 938 raise Error("Could not reset test SEBool") 939 if self.verbose: print "SEBool active reset: ", status 940 941 status = semanage.semanage_commit(sh) 942 if status < 0: 943 raise Error("Could not commit reset transaction") 944 print "Commit status (transaction number): ", status 945 946 semanage.semanage_bool_key_free(key) 947 semanage.semanage_bool_free(abool) 948 semanage.semanage_bool_free(old_bool) 949 950 951 def test_writenode(self,sh): 952 print "Testing network node write..." 953 954 (status, node) = semanage.semanage_node_create(sh) 955 if status < 0: 956 raise Error("Could not create SENode object") 957 if self.verbose: print "SENode object created." 958 959 status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") 960 if status < 0: 961 raise Error("Could not set SENode address") 962 963 status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") 964 if status < 0: 965 raise Error("Could not set SENode netmask") 966 967 semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6); 968 if self.verbose: print "SENode protocol set: ", \ 969 semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6) 970 971 (status, con) = semanage.semanage_context_create(sh) 972 if status < 0: 973 raise Error("Could not create SEContext object") 974 if self.verbose: print "SEContext object created (for node)." 975 976 status = semanage.semanage_context_set_user(sh, con, "system_u") 977 if status < 0: 978 raise Error("Could not set context user") 979 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 980 981 status = semanage.semanage_context_set_role(sh, con, "object_r") 982 if status < 0: 983 raise Error("Could not set context role") 984 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 985 986 status = semanage.semanage_context_set_type(sh, con, "lo_node_t") 987 if status < 0: 988 raise Error("Could not set context type") 989 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 990 991 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 992 if status < 0: 993 raise Error("Could not set context MLS fields") 994 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 995 996 status = semanage.semanage_node_set_con(sh, node, con) 997 if status < 0: 998 raise Error("Could not set SENode context") 999 if self.verbose: print "SENode context set: ", con 1000 1001 (status,key) = semanage.semanage_node_key_extract(sh, node) 1002 if status < 0: 1003 raise Error("Could not extract SENode key") 1004 if self.verbose: print "SENode key extracted: ", key 1005 1006 (status,exists) = semanage.semanage_node_exists_local(sh,key) 1007 if status < 0: 1008 raise Error("Could not check if SENode exists") 1009 if self.verbose: print "Exists status (commit number): ", status 1010 1011 if exists: 1012 (status, old_node) = semanage.semanage_node_query_local(sh, key) 1013 if status < 0: 1014 raise Error("Could not query old SENode") 1015 if self.verbose: print "Query status (commit number): ", status 1016 1017 print "Starting transaction..." 1018 status = semanage.semanage_begin_transaction(sh) 1019 if status < 0: 1020 raise Error("Could not start semanage transaction") 1021 1022 status = semanage.semanage_node_modify_local(sh,key, node) 1023 if status < 0: 1024 raise Error("Could not modify SENode") 1025 1026 status = semanage.semanage_commit(sh) 1027 if status < 0: 1028 raise Error("Could not commit test transaction") 1029 print "Commit status (transaction number): ", status 1030 1031 status = semanage.semanage_begin_transaction(sh) 1032 if status < 0: 1033 raise Error("Could not start semanage transaction") 1034 1035 if not exists: 1036 print "Removing network node..." 1037 status = semanage.semanage_node_del_local(sh, key) 1038 if status < 0: 1039 raise Error("Could not delete test SENode") 1040 if self.verbose: print "Network node delete: ", status 1041 else: 1042 print "Resetting network node..." 1043 status = semanage.semanage_node_modify_local(sh, key, old_node) 1044 if status < 0: 1045 raise Error("Could not reset test SENode") 1046 if self.verbose: print "Network node modify: ", status 1047 1048 status = semanage.semanage_commit(sh) 1049 if status < 0: 1050 raise Error("Could not commit reset transaction") 1051 print "Commit status (transaction number): ", status 1052 1053 semanage.semanage_context_free(con) 1054 semanage.semanage_node_key_free(key) 1055 semanage.semanage_node_free(node) 1056 if exists: semanage.semanage_node_free(old_node) 1057 1058def main(argv=None): 1059 if argv is None: 1060 argv = sys.argv 1061 try: 1062 try: 1063 opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) 1064 tests = Tests() 1065 for o, a in opts: 1066 if o == "-v": 1067 tests.verbose = True 1068 print "Verbose output selected." 1069 if o == "-a": 1070 tests.all = True 1071 if o == "-u": 1072 tests.users = True 1073 if o == "-U": 1074 tests.writeuser = True 1075 if o == "-s": 1076 tests.seusers = True 1077 if o == "-S": 1078 tests.writeseuser = True 1079 if o == "-p": 1080 tests.ports = True 1081 if o == "-P": 1082 tests.writeport = True 1083 if o == "-f": 1084 tests.fcontexts = True 1085 if o == "-F": 1086 tests.writefcontext = True 1087 if o == "-i": 1088 tests.interfaces = True 1089 if o == "-I": 1090 tests.writeinterface = True 1091 if o == "-b": 1092 tests.booleans = True 1093 if o == "-B": 1094 tests.writeboolean = True 1095 if o == "-c": 1096 tests.abooleans = True 1097 if o == "-C": 1098 tests.writeaboolean = True 1099 if o == "-n": 1100 tests.nodes = True 1101 if o == "-N": 1102 tests.writenode = True 1103 if o == "-m": 1104 tests.modules = True 1105 if o == "-h": 1106 raise Usage(usage) 1107 1108 if not tests.selected(): 1109 raise Usage("Please select a valid test.") 1110 1111 except getopt.error, msg: 1112 raise Usage(msg) 1113 1114 sh=semanage.semanage_handle_create() 1115 1116 if (semanage.semanage_is_managed(sh) != 1): 1117 raise Status("Unmanaged!") 1118 1119 status = semanage.semanage_connect(sh) 1120 if status < 0: 1121 raise Error("Could not establish semanage connection") 1122 1123 tests.run(sh) 1124 1125 status = semanage.semanage_disconnect(sh) 1126 if status < 0: 1127 raise Error("Could not disconnect") 1128 1129 semanage.semanage_handle_destroy(sh) 1130 1131 except Usage, err: 1132 print >>sys.stderr, err.msg 1133 except Status, err: 1134 print >>sys.stderr, err.msg 1135 except Error, err: 1136 print >>sys.stderr, err.msg 1137 1138 return 2 1139 1140if __name__ == "__main__": 1141 sys.exit(main()) 1142 1143