1#!/usr/bin/python 2import sys 3import getopt 4import semanage 5 6usage = "\ 7Choose one of the following tests:\n\ 8-m for modules\n\ 9-u for users\n\ 10-U for add user (warning this will write!)\n\ 11-s for seusers\n\ 12-S for add seuser (warning this will write!)\n\ 13-p for ports\n\ 14-P for add port (warning this will write!)\n\ 15-f for file contexts \n\ 16-F for add file context (warning this will write!)\n\ 17-i for network interfaces \n\ 18-I for add network interface (warning this will write!)\n\ 19-b for booleans \n\ 20-B for add boolean (warning this will write!)\n\ 21-c for aCtive booleans\n\ 22-C for set aCtive boolean (warning this will write!)\n\n\ 23-n for network nodes\n\ 24-N for add node (warning this will write!)\n\n\ 25Other options:\n\ 26-h for this help\n\ 27-v for verbose output\ 28" 29 30class Usage(Exception): 31 def __init__(self, msg): 32 Exception.__init__(self) 33 self.msg = msg 34 35class Status(Exception): 36 def __init__(self, msg): 37 Exception.__init__(self) 38 self.msg = msg 39 40class Error(Exception): 41 def __init__(self, msg): 42 Exception.__init__(self) 43 self.msg = msg 44 45class Tests: 46 def __init__(self): 47 self.all = False 48 self.users = False 49 self.writeuser = False 50 self.seusers = False 51 self.writeseuser = False 52 self.ports = False 53 self.writeport = False 54 self.fcontexts = False 55 self.writefcontext = False 56 self.interfaces = False 57 self.writeinterface = False 58 self.booleans = False 59 self.writeboolean = False 60 self.abooleans = False 61 self.writeaboolean = False 62 self.nodes = False 63 self.writenode = False 64 self.modules = False 65 self.verbose = False 66 67 def selected(self): 68 return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode) 69 70 def run(self, handle): 71 if (self.users or self.all): 72 self.test_users(handle) 73 print "" 74 if (self.seusers or self.all): 75 self.test_seusers(handle) 76 print "" 77 if (self.ports or self.all): 78 self.test_ports(handle) 79 print "" 80 if (self.modules or self.all): 81 self.test_modules(handle) 82 print "" 83 if (self.fcontexts or self.all): 84 self.test_fcontexts(handle) 85 print "" 86 if (self.interfaces or self.all): 87 self.test_interfaces(handle) 88 print "" 89 if (self.booleans or self.all): 90 self.test_booleans(handle) 91 print "" 92 if (self.abooleans or self.all): 93 self.test_abooleans(handle) 94 print "" 95 if (self.nodes or self.all): 96 self.test_nodes(handle) 97 print "" 98 if (self.writeuser or self.all): 99 self.test_writeuser(handle) 100 print "" 101 if (self.writeseuser or self.all): 102 self.test_writeseuser(handle) 103 print "" 104 if (self.writeport or self.all): 105 self.test_writeport(handle) 106 print "" 107 if (self.writefcontext or self.all): 108 self.test_writefcontext(handle) 109 print "" 110 if (self.writeinterface or self.all): 111 self.test_writeinterface(handle) 112 print "" 113 if (self.writeboolean or self.all): 114 self.test_writeboolean(handle) 115 print "" 116 if (self.writeaboolean or self.all): 117 self.test_writeaboolean(handle) 118 print "" 119 if (self.writenode or self.all): 120 self.test_writenode(handle) 121 print "" 122 123 def test_modules(self,sh): 124 print "Testing modules..." 125 126 (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) 127 128 print "Transaction number: ", trans_cnt 129 print "Module list size: ", mlist_size 130 if self.verbose: print "List reference: ", mlist 131 132 if (mlist_size == 0): 133 print "No modules installed!" 134 print "This is not necessarily a test failure." 135 return 136 for idx in range(mlist_size): 137 module = semanage.semanage_module_list_nth(mlist, idx) 138 if self.verbose: print "Module reference: ", module 139 print "Module name: ", semanage.semanage_module_get_name(module) 140 141 def test_seusers(self,sh): 142 print "Testing seusers..." 143 144 (status, slist) = semanage.semanage_seuser_list(sh) 145 if status < 0: 146 raise Error("Could not list seusers") 147 print "Query status (commit number): ", status 148 149 if ( len(slist) == 0): 150 print "No seusers found!" 151 print "This is not necessarily a test failure." 152 return 153 for seuser in slist: 154 if self.verbose: print "seseuser reference: ", seuser 155 print "seuser name: ", semanage.semanage_seuser_get_name(seuser) 156 print " seuser mls range: ", semanage.semanage_seuser_get_mlsrange(seuser) 157 print " seuser sename: ", semanage.semanage_seuser_get_sename(seuser) 158 semanage.semanage_seuser_free(seuser) 159 160 def test_users(self,sh): 161 print "Testing users..." 162 163 (status, ulist) = semanage.semanage_user_list(sh) 164 if status < 0: 165 raise Error("Could not list users") 166 print "Query status (commit number): ", status 167 168 if ( len(ulist) == 0): 169 print "No users found!" 170 print "This is not necessarily a test failure." 171 return 172 for user in ulist: 173 if self.verbose: print "User reference: ", user 174 print "User name: ", semanage.semanage_user_get_name(user) 175 print " User labeling prefix: ", semanage.semanage_user_get_prefix(user) 176 print " User mls level: ", semanage.semanage_user_get_mlslevel(user) 177 print " User mls range: ", semanage.semanage_user_get_mlsrange(user) 178 print " User number of roles: ", semanage.semanage_user_get_num_roles(user) 179 print " User roles: " 180 (status, rlist) = semanage.semanage_user_get_roles(sh, user) 181 if status < 0: 182 raise Error("Could not get user roles") 183 184 for role in rlist: 185 print " ", role 186 187 semanage.semanage_user_free(user) 188 189 def test_ports(self,sh): 190 print "Testing ports..." 191 192 (status, plist) = semanage.semanage_port_list(sh) 193 if status < 0: 194 raise Error("Could not list ports") 195 print "Query status (commit number): ", status 196 197 if ( len(plist) == 0): 198 print "No ports found!" 199 print "This is not necessarily a test failure." 200 return 201 for port in plist: 202 if self.verbose: print "Port reference: ", port 203 low = semanage.semanage_port_get_low(port) 204 high = semanage.semanage_port_get_high(port) 205 con = semanage.semanage_port_get_con(port) 206 proto = semanage.semanage_port_get_proto(port) 207 proto_str = semanage.semanage_port_get_proto_str(proto) 208 if low == high: 209 range_str = str(low) 210 else: 211 range_str = str(low) + "-" + str(high) 212 (rc, con_str) = semanage.semanage_context_to_string(sh,con) 213 if rc < 0: con_str = "" 214 print "Port: ", range_str, " ", proto_str, " Context: ", con_str 215 semanage.semanage_port_free(port) 216 217 def test_fcontexts(self,sh): 218 print "Testing file contexts..." 219 220 (status, flist) = semanage.semanage_fcontext_list(sh) 221 if status < 0: 222 raise Error("Could not list file contexts") 223 print "Query status (commit number): ", status 224 225 if (len(flist) == 0): 226 print "No file contexts found!" 227 print "This is not necessarily a test failure." 228 return 229 for fcon in flist: 230 if self.verbose: print "File Context reference: ", fcon 231 expr = semanage.semanage_fcontext_get_expr(fcon) 232 type = semanage.semanage_fcontext_get_type(fcon) 233 type_str = semanage.semanage_fcontext_get_type_str(type) 234 con = semanage.semanage_fcontext_get_con(fcon) 235 if not con: 236 con_str = "<<none>>" 237 else: 238 (rc, con_str) = semanage.semanage_context_to_string(sh,con) 239 if rc < 0: con_str = "" 240 print "File Expr: ", expr, " [", type_str, "] Context: ", con_str 241 semanage.semanage_fcontext_free(fcon) 242 243 def test_interfaces(self,sh): 244 print "Testing network interfaces..." 245 246 (status, ilist) = semanage.semanage_iface_list(sh) 247 if status < 0: 248 raise Error("Could not list interfaces") 249 print "Query status (commit number): ", status 250 251 if (len(ilist) == 0): 252 print "No network interfaces found!" 253 print "This is not necessarily a test failure." 254 return 255 for iface in ilist: 256 if self.verbose: print "Interface reference: ", iface 257 name = semanage.semanage_iface_get_name(iface) 258 msg_con = semanage.semanage_iface_get_msgcon(iface) 259 if_con = semanage.semanage_iface_get_ifcon(iface) 260 (rc, msg_con_str) = semanage.semanage_context_to_string(sh,msg_con) 261 if rc < 0: msg_con_str = "" 262 (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) 263 if rc < 0: if_con_str = "" 264 print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str 265 semanage.semanage_iface_free(iface) 266 267 def test_booleans(self,sh): 268 print "Testing booleans..." 269 270 (status, blist) = semanage.semanage_bool_list(sh) 271 if status < 0: 272 raise Error("Could not list booleans") 273 print "Query status (commit number): ", status 274 275 if (len(blist) == 0): 276 print "No booleans found!" 277 print "This is not necessarily a test failure." 278 return 279 for pbool in blist: 280 if self.verbose: print "Boolean reference: ", pbool 281 name = semanage.semanage_bool_get_name(pbool) 282 value = semanage.semanage_bool_get_value(pbool) 283 print "Boolean: ", name, " Value: ", value 284 semanage.semanage_bool_free(pbool) 285 286 def test_abooleans(self,sh): 287 print "Testing active booleans..." 288 289 (status, ablist) = semanage.semanage_bool_list_active(sh) 290 if status < 0: 291 raise Error("Could not list active booleans") 292 print "Query status (commit number): ", status 293 294 if (len(ablist) == 0): 295 print "No active booleans found!" 296 print "This is not necessarily a test failure." 297 return 298 for abool in ablist: 299 if self.verbose: print "Active boolean reference: ", abool 300 name = semanage.semanage_bool_get_name(abool) 301 value = semanage.semanage_bool_get_value(abool) 302 print "Active Boolean: ", name, " Value: ", value 303 semanage.semanage_bool_free(abool) 304 305 def test_nodes(self,sh): 306 print "Testing network nodes..." 307 308 (status, nlist) = semanage.semanage_node_list(sh) 309 if status < 0: 310 raise Error("Could not list network nodes") 311 print "Query status (commit number): ", status 312 313 if (len(nlist) == 0): 314 print "No network nodes found!" 315 print "This is not necessarily a test failure." 316 return 317 for node in nlist: 318 if self.verbose: print "Network node reference: ", node 319 320 (status, addr) = semanage.semanage_node_get_addr(sh, node) 321 if status < 0: addr = "" 322 323 (status, mask) = semanage.semanage_node_get_mask(sh, node) 324 if status < 0: mask = "" 325 326 proto = semanage.semanage_node_get_proto(node) 327 proto_str = semanage.semanage_node_get_proto_str(proto) 328 con = semanage.semanage_node_get_con(node) 329 330 (status, con_str) = semanage.semanage_context_to_string(sh, con) 331 if status < 0: con_str = "" 332 333 print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str 334 semanage.semanage_node_free(node) 335 336 def test_writeuser(self,sh): 337 print "Testing user write..." 338 339 (status, user) = semanage.semanage_user_create(sh) 340 if status < 0: 341 raise Error("Could not create user object") 342 if self.verbose: print "User object created" 343 344 status = semanage.semanage_user_set_name(sh,user, "testPyUser") 345 if status < 0: 346 raise Error("Could not set user name") 347 if self.verbose: print "User name set: ", semanage.semanage_user_get_name(user) 348 349 status = semanage.semanage_user_add_role(sh, user, "user_r") 350 if status < 0: 351 raise Error("Could not add role") 352 353 status = semanage.semanage_user_set_prefix(sh,user, "user") 354 if status < 0: 355 raise Error("Could not set labeling prefix") 356 if self.verbose: print "User prefix set: ", semanage.semanage_user_get_prefix(user) 357 358 status = semanage.semanage_user_set_mlsrange(sh, user, "s0") 359 if status < 0: 360 raise Error("Could not set MLS range") 361 if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user) 362 363 status = semanage.semanage_user_set_mlslevel(sh, user, "s0") 364 if status < 0: 365 raise Error("Could not set MLS level") 366 if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user) 367 368 (status,key) = semanage.semanage_user_key_extract(sh,user) 369 if status < 0: 370 raise Error("Could not extract user key") 371 if self.verbose: print "User key extracted: ", key 372 373 (status,exists) = semanage.semanage_user_exists_local(sh,key) 374 if status < 0: 375 raise Error("Could not check if user exists") 376 if self.verbose: print "Exists status (commit number): ", status 377 378 if exists: 379 (status, old_user) = semanage.semanage_user_query_local(sh, key) 380 if status < 0: 381 raise Error("Could not query old user") 382 if self.verbose: print "Query status (commit number): ", status 383 384 print "Starting transaction.." 385 status = semanage.semanage_begin_transaction(sh) 386 if status < 0: 387 raise Error("Could not start semanage transaction") 388 389 status = semanage.semanage_user_modify_local(sh,key,user) 390 if status < 0: 391 raise Error("Could not modify user") 392 393 status = semanage.semanage_commit(sh) 394 if status < 0: 395 raise Error("Could not commit test transaction") 396 print "Commit status (transaction number): ", status 397 398 status = semanage.semanage_begin_transaction(sh) 399 if status < 0: 400 raise Error("Could not start semanage transaction") 401 402 if not exists: 403 print "Removing user..." 404 status = semanage.semanage_user_del_local(sh, key) 405 if status < 0: 406 raise Error("Could not delete test user") 407 if self.verbose: print "User delete: ", status 408 else: 409 print "Resetting user..." 410 status = semanage.semanage_user_modify_local(sh, key, old_user) 411 if status < 0: 412 raise Error("Could not reset test user") 413 if self.verbose: print "User modify: ", status 414 415 status = semanage.semanage_commit(sh) 416 if status < 0: 417 raise Error("Could not commit reset transaction") 418 print "Commit status (transaction number): ", status 419 420 semanage.semanage_user_key_free(key) 421 semanage.semanage_user_free(user) 422 if exists: semanage.semanage_user_free(old_user) 423 424 def test_writeseuser(self,sh): 425 print "Testing seuser write..." 426 427 (status, seuser) = semanage.semanage_seuser_create(sh) 428 if status < 0: 429 raise Error("Could not create SEUser object") 430 if self.verbose: print "SEUser object created." 431 432 status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser") 433 if status < 0: 434 raise Error("Could not set name") 435 if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser) 436 437 status = semanage.semanage_seuser_set_sename(sh, seuser, "root") 438 if status < 0: 439 raise Error("Could not set sename") 440 if self.verbose: print "SEUser seuser: ", semanage.semanage_seuser_get_sename(seuser) 441 442 status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") 443 if status < 0: 444 raise Error("Could not set MLS range") 445 if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser) 446 447 (status,key) = semanage.semanage_seuser_key_extract(sh,seuser) 448 if status < 0: 449 raise Error("Could not extract SEUser key") 450 if self.verbose: print "SEUser key extracted: ", key 451 452 (status,exists) = semanage.semanage_seuser_exists_local(sh,key) 453 if status < 0: 454 raise Error("Could not check if SEUser exists") 455 if self.verbose: print "Exists status (commit number): ", status 456 457 if exists: 458 (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) 459 if status < 0: 460 raise Error("Could not query old SEUser") 461 if self.verbose: print "Query status (commit number): ", status 462 463 print "Starting transaction..." 464 status = semanage.semanage_begin_transaction(sh) 465 if status < 0: 466 raise Error("Could not start semanage transaction") 467 468 status = semanage.semanage_seuser_modify_local(sh,key,seuser) 469 if status < 0: 470 raise Error("Could not modify SEUser") 471 472 status = semanage.semanage_commit(sh) 473 if status < 0: 474 raise Error("Could not commit test transaction") 475 print "Commit status (transaction number): ", status 476 477 status = semanage.semanage_begin_transaction(sh) 478 if status < 0: 479 raise Error("Could not start semanage transaction") 480 481 if not exists: 482 print "Removing seuser..." 483 status = semanage.semanage_seuser_del_local(sh, key) 484 if status < 0: 485 raise Error("Could not delete test SEUser") 486 if self.verbose: print "Seuser delete: ", status 487 else: 488 print "Resetting seuser..." 489 status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) 490 if status < 0: 491 raise Error("Could not reset test SEUser") 492 if self.verbose: print "Seuser modify: ", status 493 494 status = semanage.semanage_commit(sh) 495 if status < 0: 496 raise Error("Could not commit reset transaction") 497 print "Commit status (transaction number): ", status 498 499 semanage.semanage_seuser_key_free(key) 500 semanage.semanage_seuser_free(seuser) 501 if exists: semanage.semanage_seuser_free(old_seuser) 502 503 def test_writeport(self,sh): 504 print "Testing port write..." 505 506 (status, port) = semanage.semanage_port_create(sh) 507 if status < 0: 508 raise Error("Could not create SEPort object") 509 if self.verbose: print "SEPort object created." 510 511 semanage.semanage_port_set_range(port,150,200) 512 low = semanage.semanage_port_get_low(port) 513 high = semanage.semanage_port_get_high(port) 514 if self.verbose: print "SEPort range set: ", low, "-", high 515 516 semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP); 517 if self.verbose: print "SEPort protocol set: ", \ 518 semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP) 519 520 (status, con) = semanage.semanage_context_create(sh) 521 if status < 0: 522 raise Error("Could not create SEContext object") 523 if self.verbose: print "SEContext object created (for port)." 524 525 status = semanage.semanage_context_set_user(sh, con, "system_u") 526 if status < 0: 527 raise Error("Could not set context user") 528 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 529 530 status = semanage.semanage_context_set_role(sh, con, "object_r") 531 if status < 0: 532 raise Error("Could not set context role") 533 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 534 535 status = semanage.semanage_context_set_type(sh, con, "http_port_t") 536 if status < 0: 537 raise Error("Could not set context type") 538 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 539 540 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 541 if status < 0: 542 raise Error("Could not set context MLS fields") 543 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 544 545 status = semanage.semanage_port_set_con(sh, port, con) 546 if status < 0: 547 raise Error("Could not set SEPort context") 548 if self.verbose: print "SEPort context set: ", con 549 550 (status,key) = semanage.semanage_port_key_extract(sh,port) 551 if status < 0: 552 raise Error("Could not extract SEPort key") 553 if self.verbose: print "SEPort key extracted: ", key 554 555 (status,exists) = semanage.semanage_port_exists_local(sh,key) 556 if status < 0: 557 raise Error("Could not check if SEPort exists") 558 if self.verbose: print "Exists status (commit number): ", status 559 560 if exists: 561 (status, old_port) = semanage.semanage_port_query_local(sh, key) 562 if status < 0: 563 raise Error("Could not query old SEPort") 564 if self.verbose: print "Query status (commit number): ", status 565 566 print "Starting transaction..." 567 status = semanage.semanage_begin_transaction(sh) 568 if status < 0: 569 raise Error("Could not start semanage transaction") 570 571 status = semanage.semanage_port_modify_local(sh,key,port) 572 if status < 0: 573 raise Error("Could not modify SEPort") 574 575 status = semanage.semanage_commit(sh) 576 if status < 0: 577 raise Error("Could not commit test transaction") 578 print "Commit status (transaction number): ", status 579 580 status = semanage.semanage_begin_transaction(sh) 581 if status < 0: 582 raise Error("Could not start semanage transaction") 583 584 if not exists: 585 print "Removing port range..." 586 status = semanage.semanage_port_del_local(sh, key) 587 if status < 0: 588 raise Error("Could not delete test SEPort") 589 if self.verbose: print "Port range delete: ", status 590 else: 591 print "Resetting port range..." 592 status = semanage.semanage_port_modify_local(sh, key, old_port) 593 if status < 0: 594 raise Error("Could not reset test SEPort") 595 if self.verbose: print "Port range modify: ", status 596 597 status = semanage.semanage_commit(sh) 598 if status < 0: 599 raise Error("Could not commit reset transaction") 600 print "Commit status (transaction number): ", status 601 602 semanage.semanage_context_free(con) 603 semanage.semanage_port_key_free(key) 604 semanage.semanage_port_free(port) 605 if exists: semanage.semanage_port_free(old_port) 606 607 def test_writefcontext(self,sh): 608 print "Testing file context write..." 609 610 (status, fcon) = semanage.semanage_fcontext_create(sh) 611 if status < 0: 612 raise Error("Could not create SEFcontext object") 613 if self.verbose: print "SEFcontext object created." 614 615 status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") 616 if status < 0: 617 raise Error("Could not set expression") 618 if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon) 619 620 semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) 621 if self.verbose: 622 ftype = semanage.semanage_fcontext_get_type(fcon) 623 print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(ftype) 624 625 (status, con) = semanage.semanage_context_create(sh) 626 if status < 0: 627 raise Error("Could not create SEContext object") 628 if self.verbose: print "SEContext object created (for file context)." 629 630 status = semanage.semanage_context_set_user(sh, con, "system_u") 631 if status < 0: 632 raise Error("Could not set context user") 633 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 634 635 status = semanage.semanage_context_set_role(sh, con, "object_r") 636 if status < 0: 637 raise Error("Could not set context role") 638 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 639 640 status = semanage.semanage_context_set_type(sh, con, "default_t") 641 if status < 0: 642 raise Error("Could not set context type") 643 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 644 645 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 646 if status < 0: 647 raise Error("Could not set context MLS fields") 648 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 649 650 status = semanage.semanage_fcontext_set_con(sh, fcon, con) 651 if status < 0: 652 raise Error("Could not set SEFcontext context") 653 if self.verbose: print "SEFcontext context set: ", con 654 655 (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) 656 if status < 0: 657 raise Error("Could not extract SEFcontext key") 658 if self.verbose: print "SEFcontext key extracted: ", key 659 660 (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) 661 if status < 0: 662 raise Error("Could not check if SEFcontext exists") 663 664 if self.verbose: print "Exists status (commit number): ", status 665 if exists: 666 (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) 667 if status < 0: 668 raise Error("Could not query old SEFcontext") 669 if self.verbose: print "Query status (commit number): ", status 670 671 print "Starting transaction..." 672 status = semanage.semanage_begin_transaction(sh) 673 if status < 0: 674 raise Error("Could not start semanage transaction") 675 676 status = semanage.semanage_fcontext_modify_local(sh,key,fcon) 677 if status < 0: 678 raise Error("Could not modify SEFcontext") 679 680 status = semanage.semanage_commit(sh) 681 if status < 0: 682 raise Error("Could not commit test transaction") 683 print "Commit status (transaction number): ", status 684 685 status = semanage.semanage_begin_transaction(sh) 686 if status < 0: 687 raise Error("Could not start semanage transaction") 688 689 if not exists: 690 print "Removing file context..." 691 status = semanage.semanage_fcontext_del_local(sh, key) 692 if status < 0: 693 raise Error("Could not delete test SEFcontext") 694 if self.verbose: print "File context delete: ", status 695 else: 696 print "Resetting file context..." 697 status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) 698 if status < 0: 699 raise Error("Could not reset test FContext") 700 if self.verbose: print "File context modify: ", status 701 702 status = semanage.semanage_commit(sh) 703 if status < 0: 704 raise Error("Could not commit reset transaction") 705 print "Commit status (transaction number): ", status 706 707 semanage.semanage_context_free(con) 708 semanage.semanage_fcontext_key_free(key) 709 semanage.semanage_fcontext_free(fcon) 710 if exists: semanage.semanage_fcontext_free(old_fcontext) 711 712 def test_writeinterface(self,sh): 713 print "Testing network interface write..." 714 715 (status, iface) = semanage.semanage_iface_create(sh) 716 if status < 0: 717 raise Error("Could not create SEIface object") 718 if self.verbose: print "SEIface object created." 719 720 status = semanage.semanage_iface_set_name(sh, iface, "test_iface") 721 if status < 0: 722 raise Error("Could not set SEIface name") 723 if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_name(iface) 724 725 (status, con) = semanage.semanage_context_create(sh) 726 if status < 0: 727 raise Error("Could not create SEContext object") 728 if self.verbose: print "SEContext object created (for network interface)" 729 730 status = semanage.semanage_context_set_user(sh, con, "system_u") 731 if status < 0: 732 raise Error("Could not set interface context user") 733 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 734 735 status = semanage.semanage_context_set_role(sh, con, "object_r") 736 if status < 0: 737 raise Error("Could not set interface context role") 738 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 739 740 status = semanage.semanage_context_set_type(sh, con, "default_t") 741 if status < 0: 742 raise Error("Could not set interface context type") 743 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 744 745 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 746 if status < 0: 747 raise Error("Could not set interface context MLS fields") 748 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 749 750 status = semanage.semanage_iface_set_ifcon(sh, iface, con) 751 if status < 0: 752 raise Error("Could not set SEIface interface context") 753 if self.verbose: print "SEIface interface context set: ", con 754 755 status = semanage.semanage_iface_set_msgcon(sh, iface, con) 756 if status < 0: 757 raise Error("Could not set SEIface message context") 758 if self.verbose: print "SEIface message context set: ", con 759 760 (status,key) = semanage.semanage_iface_key_extract(sh,iface) 761 if status < 0: 762 raise Error("Could not extract SEIface key") 763 if self.verbose: print "SEIface key extracted: ", key 764 765 (status,exists) = semanage.semanage_iface_exists_local(sh,key) 766 if status < 0: 767 raise Error("Could not check if SEIface exists") 768 if self.verbose: print "Exists status (commit number): ", status 769 770 if exists: 771 (status, old_iface) = semanage.semanage_iface_query_local(sh, key) 772 if status < 0: 773 raise Error("Could not query old SEIface") 774 if self.verbose: print "Query status (commit number): ", status 775 776 print "Starting transaction..." 777 status = semanage.semanage_begin_transaction(sh) 778 if status < 0: 779 raise Error("Could not begin semanage transaction") 780 781 status = semanage.semanage_iface_modify_local(sh,key,iface) 782 if status < 0: 783 raise Error("Could not modify SEIface") 784 785 status = semanage.semanage_commit(sh) 786 if status < 0: 787 raise Error("Could not commit test transaction") 788 print "Commit status (transaction number): ", status 789 790 status = semanage.semanage_begin_transaction(sh) 791 if status < 0: 792 raise Error("Could not begin semanage transaction") 793 794 if not exists: 795 print "Removing interface..." 796 status = semanage.semanage_iface_del_local(sh, key) 797 if status < 0: 798 raise Error("Could not delete test SEIface") 799 if self.verbose: print "Interface delete: ", status 800 else: 801 print "Resetting interface..." 802 status = semanage.semanage_iface_modify_local(sh, key, old_iface) 803 if status < 0: 804 raise Error("Could not reset test SEIface") 805 if self.verbose: print "Interface modify: ", status 806 807 status = semanage.semanage_commit(sh) 808 if status < 0: 809 raise Error("Could not commit reset transaction") 810 print "Commit status (transaction number): ", status 811 812 semanage.semanage_context_free(con) 813 semanage.semanage_iface_key_free(key) 814 semanage.semanage_iface_free(iface) 815 if exists: semanage.semanage_iface_free(old_iface) 816 817 def test_writeboolean(self,sh): 818 print "Testing boolean write..." 819 820 (status, pbool) = semanage.semanage_bool_create(sh) 821 if status < 0: 822 raise Error("Could not create SEBool object") 823 if self.verbose: print "SEBool object created." 824 825 status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") 826 if status < 0: 827 raise Error("Could not set name") 828 if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool) 829 830 semanage.semanage_bool_set_value(pbool, 0) 831 if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(pbool) 832 833 (status,key) = semanage.semanage_bool_key_extract(sh, pbool) 834 if status < 0: 835 raise Error("Could not extract SEBool key") 836 if self.verbose: print "SEBool key extracted: ", key 837 838 (status,exists) = semanage.semanage_bool_exists_local(sh,key) 839 if status < 0: 840 raise Error("Could not check if SEBool exists") 841 if self.verbose: print "Exists status (commit number): ", status 842 843 if exists: 844 (status, old_bool) = semanage.semanage_bool_query_local(sh, key) 845 if status < 0: 846 raise Error("Could not query old SEBool") 847 if self.verbose: print "Query status (commit number): ", status 848 849 print "Starting transaction..." 850 status = semanage.semanage_begin_transaction(sh) 851 if status < 0: 852 raise Error("Could not start semanage transaction") 853 854 status = semanage.semanage_bool_modify_local(sh, key, pbool) 855 856 if status < 0: 857 raise Error("Could not modify SEBool") 858 859 status = semanage.semanage_commit(sh) 860 if status < 0: 861 raise Error("Could not commit test transaction") 862 print "Commit status (transaction number): ", status 863 864 status = semanage.semanage_begin_transaction(sh) 865 if status < 0: 866 raise Error("Could not start semanage transaction") 867 868 if not exists: 869 print "Removing boolean..." 870 status = semanage.semanage_bool_del_local(sh, key) 871 if status < 0: 872 raise Error("Could not delete test SEBool") 873 if self.verbose: print "Boolean delete: ", status 874 else: 875 print "Resetting boolean..." 876 status = semanage.semanage_bool_modify_local(sh, key, old_bool) 877 if status < 0: 878 raise Error("Could not reset test SEBool") 879 if self.verbose: print "Boolean modify: ", status 880 881 status = semanage.semanage_commit(sh) 882 if status < 0: 883 raise Error("Could not commit reset transaction") 884 print "Commit status (transaction number): ", status 885 886 semanage.semanage_bool_key_free(key) 887 semanage.semanage_bool_free(pbool) 888 if exists: semanage.semanage_bool_free(old_bool) 889 890 def test_writeaboolean(self,sh): 891 print "Testing active boolean write..." 892 893 (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") 894 if status < 0: 895 raise Error("Could not create SEBool key") 896 if self.verbose: print "SEBool key created: ", key 897 898 (status, old_bool) = semanage.semanage_bool_query_active(sh, key) 899 if status < 0: 900 raise Error("Could not query old SEBool") 901 if self.verbose: print "Query status (commit number): ", status 902 903 (status, abool) = semanage.semanage_bool_create(sh) 904 if status < 0: 905 raise Error("Could not create SEBool object") 906 if self.verbose: print "SEBool object created." 907 908 status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") 909 if status < 0: 910 raise Error("Could not set name") 911 if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool) 912 913 semanage.semanage_bool_set_value(abool, 0) 914 if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(abool) 915 916 print "Starting transaction..." 917 status = semanage.semanage_begin_transaction(sh) 918 if status < 0: 919 raise Error("Could not start semanage transaction") 920 921 status = semanage.semanage_bool_set_active(sh,key,abool) 922 if status < 0: 923 raise Error("Could not modify SEBool") 924 925 status = semanage.semanage_commit(sh) 926 if status < 0: 927 raise Error("Could not commit test transaction") 928 print "Commit status (transaction number): ", status 929 930 print "Resetting old active boolean..." 931 status = semanage.semanage_begin_transaction(sh) 932 if status < 0: 933 raise Error("Could not start semanage transaction") 934 935 status = semanage.semanage_bool_set_active(sh, key,old_bool) 936 if status < 0: 937 raise Error("Could not reset test SEBool") 938 if self.verbose: print "SEBool active reset: ", status 939 940 status = semanage.semanage_commit(sh) 941 if status < 0: 942 raise Error("Could not commit reset transaction") 943 print "Commit status (transaction number): ", status 944 945 semanage.semanage_bool_key_free(key) 946 semanage.semanage_bool_free(abool) 947 semanage.semanage_bool_free(old_bool) 948 949 950 def test_writenode(self,sh): 951 print "Testing network node write..." 952 953 (status, node) = semanage.semanage_node_create(sh) 954 if status < 0: 955 raise Error("Could not create SENode object") 956 if self.verbose: print "SENode object created." 957 958 status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") 959 if status < 0: 960 raise Error("Could not set SENode address") 961 962 status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") 963 if status < 0: 964 raise Error("Could not set SENode netmask") 965 966 semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6); 967 if self.verbose: print "SENode protocol set: ", \ 968 semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6) 969 970 (status, con) = semanage.semanage_context_create(sh) 971 if status < 0: 972 raise Error("Could not create SEContext object") 973 if self.verbose: print "SEContext object created (for node)." 974 975 status = semanage.semanage_context_set_user(sh, con, "system_u") 976 if status < 0: 977 raise Error("Could not set context user") 978 if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) 979 980 status = semanage.semanage_context_set_role(sh, con, "object_r") 981 if status < 0: 982 raise Error("Could not set context role") 983 if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) 984 985 status = semanage.semanage_context_set_type(sh, con, "lo_node_t") 986 if status < 0: 987 raise Error("Could not set context type") 988 if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) 989 990 status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 991 if status < 0: 992 raise Error("Could not set context MLS fields") 993 if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) 994 995 status = semanage.semanage_node_set_con(sh, node, con) 996 if status < 0: 997 raise Error("Could not set SENode context") 998 if self.verbose: print "SENode context set: ", con 999 1000 (status,key) = semanage.semanage_node_key_extract(sh, node) 1001 if status < 0: 1002 raise Error("Could not extract SENode key") 1003 if self.verbose: print "SENode key extracted: ", key 1004 1005 (status,exists) = semanage.semanage_node_exists_local(sh,key) 1006 if status < 0: 1007 raise Error("Could not check if SENode exists") 1008 if self.verbose: print "Exists status (commit number): ", status 1009 1010 if exists: 1011 (status, old_node) = semanage.semanage_node_query_local(sh, key) 1012 if status < 0: 1013 raise Error("Could not query old SENode") 1014 if self.verbose: print "Query status (commit number): ", status 1015 1016 print "Starting transaction..." 1017 status = semanage.semanage_begin_transaction(sh) 1018 if status < 0: 1019 raise Error("Could not start semanage transaction") 1020 1021 status = semanage.semanage_node_modify_local(sh,key, node) 1022 if status < 0: 1023 raise Error("Could not modify SENode") 1024 1025 status = semanage.semanage_commit(sh) 1026 if status < 0: 1027 raise Error("Could not commit test transaction") 1028 print "Commit status (transaction number): ", status 1029 1030 status = semanage.semanage_begin_transaction(sh) 1031 if status < 0: 1032 raise Error("Could not start semanage transaction") 1033 1034 if not exists: 1035 print "Removing network node..." 1036 status = semanage.semanage_node_del_local(sh, key) 1037 if status < 0: 1038 raise Error("Could not delete test SENode") 1039 if self.verbose: print "Network node delete: ", status 1040 else: 1041 print "Resetting network node..." 1042 status = semanage.semanage_node_modify_local(sh, key, old_node) 1043 if status < 0: 1044 raise Error("Could not reset test SENode") 1045 if self.verbose: print "Network node modify: ", status 1046 1047 status = semanage.semanage_commit(sh) 1048 if status < 0: 1049 raise Error("Could not commit reset transaction") 1050 print "Commit status (transaction number): ", status 1051 1052 semanage.semanage_context_free(con) 1053 semanage.semanage_node_key_free(key) 1054 semanage.semanage_node_free(node) 1055 if exists: semanage.semanage_node_free(old_node) 1056 1057def main(argv=None): 1058 if argv is None: 1059 argv = sys.argv 1060 try: 1061 try: 1062 opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) 1063 tests = Tests() 1064 for o, a in opts: 1065 if o == "-v": 1066 tests.verbose = True 1067 print "Verbose output selected." 1068 if o == "-a": 1069 tests.all = True 1070 if o == "-u": 1071 tests.users = True 1072 if o == "-U": 1073 tests.writeuser = True 1074 if o == "-s": 1075 tests.seusers = True 1076 if o == "-S": 1077 tests.writeseuser = True 1078 if o == "-p": 1079 tests.ports = True 1080 if o == "-P": 1081 tests.writeport = True 1082 if o == "-f": 1083 tests.fcontexts = True 1084 if o == "-F": 1085 tests.writefcontext = True 1086 if o == "-i": 1087 tests.interfaces = True 1088 if o == "-I": 1089 tests.writeinterface = True 1090 if o == "-b": 1091 tests.booleans = True 1092 if o == "-B": 1093 tests.writeboolean = True 1094 if o == "-c": 1095 tests.abooleans = True 1096 if o == "-C": 1097 tests.writeaboolean = True 1098 if o == "-n": 1099 tests.nodes = True 1100 if o == "-N": 1101 tests.writenode = True 1102 if o == "-m": 1103 tests.modules = True 1104 if o == "-h": 1105 raise Usage(usage) 1106 1107 if not tests.selected(): 1108 raise Usage("Please select a valid test.") 1109 1110 except getopt.error, msg: 1111 raise Usage(msg) 1112 1113 sh=semanage.semanage_handle_create() 1114 1115 if (semanage.semanage_is_managed(sh) != 1): 1116 raise Status("Unmanaged!") 1117 1118 status = semanage.semanage_connect(sh) 1119 if status < 0: 1120 raise Error("Could not establish semanage connection") 1121 1122 tests.run(sh) 1123 1124 status = semanage.semanage_disconnect(sh) 1125 if status < 0: 1126 raise Error("Could not disconnect") 1127 1128 semanage.semanage_handle_destroy(sh) 1129 1130 except Usage, err: 1131 print >>sys.stderr, err.msg 1132 except Status, err: 1133 print >>sys.stderr, err.msg 1134 except Error, err: 1135 print >>sys.stderr, err.msg 1136 1137 return 2 1138 1139if __name__ == "__main__": 1140 sys.exit(main()) 1141 1142