diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.4/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500 +++ policycoreutils-1.29.4/semanage/semanage 2006-01-05 16:27:42.000000000 -0500 @@ -20,15 +20,20 @@ # 02111-1307 USA # # + import commands, sys, os, pwd, string, getopt, pwd from semanage import *; -class loginRecords: +class semanageRecords: def __init__(self): self.sh = semanage_handle_create() self.semanaged = semanage_is_managed(self.sh) if self.semanaged: semanage_connect(self.sh) +class loginRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + def add(self, name, sename, serange): if serange == "": serange = "s0" @@ -80,7 +85,7 @@ if sename != "": semanage_seuser_set_sename(self.sh, u, sename) semanage_begin_transaction(self.sh) - semanage_seuser_modify(self.sh, k, u) + semanage_seuser_modify_local(self.sh, k, u) if semanage_commit(self.sh) < 0: raise ValueError("Failed to modify SELinux user mapping") @@ -107,13 +112,9 @@ name = semanage_seuser_get_name(u) print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) -class seluserRecords: +class seluserRecords(semanageRecords): def __init__(self): - roles = [] - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) + semanageRecords.__init__(self) def add(self, name, roles, selevel, serange): if serange == "": @@ -125,11 +126,9 @@ if rc < 0: raise ValueError("Could not create a key for %s" % name) - (rc,exists) = semanage_user_exists_local(self.sh, k) + (rc,exists) = semanage_user_exists(self.sh, k) if not exists: - (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: - raise ValueError("SELinux user %s is already defined." % name) + raise ValueError("SELinux user %s is already defined." % name) (rc,u) = semanage_user_create(self.sh) if rc < 0: @@ -157,15 +156,11 @@ if rc < 0: raise ValueError("Could not create a key for %s" % name) - (rc,exists) = semanage_user_exists_local(self.sh, k) + (rc,exists) = semanage_user_exists(self.sh, k) if exists: - (rc,u) = semanage_user_query_local(self.sh, k) + (rc,u) = semanage_user_query(self.sh, k) else: - (rc,exists) = semanage_user_exists(self.sh, k) - if exists: - (rc,u) = semanage_user_query(self.sh, k) - else: - raise ValueError("SELinux user %s mapping is not defined." % name) + raise ValueError("SELinux user %s mapping is not defined locally." % name) if rc < 0: raise ValueError("Could not query user for %s" % name) @@ -185,10 +180,14 @@ (rc,k) = semanage_user_key_create(self.sh, name) if rc < 0: raise ValueError("Could not crpppeate a key for %s" % name) - - (rc,exists) = semanage_user_exists_local(self.sh, k) + (rc,exists) = semanage_user_exists(self.sh, k) if not exists: raise ValueError("user %s is not defined" % name) + else: + (rc,exists) = semanage_user_exists_local(self.sh, k) + if not exists: + raise ValueError("user %s is not defined locally, can not delete " % name) + semanage_begin_transaction(self.sh) semanage_user_del_local(self.sh, k) if semanage_commit(self.sh) < 0: @@ -211,12 +210,9 @@ roles += " " + char_by_idx(rlist, ridx) print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) -class portRecords: +class portRecords(semanageRecords): def __init__(self): - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) + semanageRecords.__init__(self) def __genkey(self, port, proto): if proto == "tcp": @@ -236,7 +232,7 @@ else: low=string.atoi(ports[0]) high=string.atoi(ports[1]) - + (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) if rc < 0: raise ValueError("Could not create a key for %s/%s" % (proto, port)) @@ -255,10 +251,6 @@ if exists: raise ValueError("Port %s/%s already defined" % (proto, port)) - (rc,exists) = semanage_port_exists_local(self.sh, k) - if exists: - raise ValueError("Port %s/%s already defined locally" % (proto, port)) - (rc,p) = semanage_port_create(self.sh) if rc < 0: raise ValueError("Could not create port for %s/%s" % (proto, port)) @@ -273,8 +265,8 @@ semanage_context_set_role(self.sh, con, "object_r") semanage_context_set_type(self.sh, con, type) semanage_context_set_mls(self.sh, con, serange) - semanage_port_set_con(p, con) semanage_begin_transaction(self.sh) + semanage_port_set_con(p, con) semanage_port_add_local(self.sh, k, p) if semanage_commit(self.sh) < 0: raise ValueError("Failed to add port") @@ -285,25 +277,23 @@ ( k, proto_d, low, high ) = self.__genkey(port, proto) - (rc,exists) = semanage_port_exists_local(self.sh, k) + (rc,exists) = semanage_port_exists(self.sh, k) if exists: - (rc,p) = semanage_port_query_local(self.sh, k) - (rc,exists) = semanage_port_exists(self.sh, k) - if exists: - (rc,p) = semanage_port_query(self.sh, k) - else: - raise ValueError("port %s/%s is not defined." % (proto,port)) + (rc,p) = semanage_port_query(self.sh, k) + else: + raise ValueError("port %s/%s is not defined." % (proto,port)) if rc < 0: raise ValueError("Could not query port for %s/%s" % (proto, port)) con = semanage_port_get_con(p) - semanage_context_set_mls(self.sh, con, serange) + if rc < 0: + raise ValueError("Could not get port context for %s/%s" % (proto, port)) + if serange != "": semanage_context_set_mls(self.sh, con, serange) if setype != "": semanage_context_set_type(self.sh, con, setype) - semanage_port_set_con(p, con) semanage_begin_transaction(self.sh) semanage_port_modify_local(self.sh, k, p) if semanage_commit(self.sh) < 0: @@ -311,9 +301,13 @@ def delete(self, port, proto): ( k, proto_d, low, high ) = self.__genkey(port, proto) - (rc,exists) = semanage_port_exists_local(self.sh, k) + (rc,exists) = semanage_port_exists(self.sh, k) if not exists: - raise ValueError("port %s/%s is not defined localy." % (proto,port)) + raise ValueError("port %s/%s is not defined." % (proto,port)) + else: + (rc,exists) = semanage_port_exists_local(self.sh, k) + if not exists: + raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) semanage_begin_transaction(self.sh) semanage_port_del_local(self.sh, k) @@ -338,27 +332,116 @@ dict[(name,proto)].append("%d" % low) else: dict[(name,proto)].append("%d-%d" % (low, high)) - (status, self.plist, self.psize) = semanage_port_list_local(self.sh) - for idx in range(self.psize): - u = semanage_port_by_idx(self.plist, idx) - con = semanage_port_get_con(u) - name = semanage_context_get_type(con) - proto=semanage_port_get_proto_str(u) - low=semanage_port_get_low(u) - high = semanage_port_get_high(u) - if (name, proto) not in dict.keys(): - dict[(name,proto)]=[] - if low == high: - dict[(name,proto)].append("%d" % low) - else: - dict[(name,proto)].append("%d-%d" % (low, high)) - for i in dict.keys(): + keys=dict.keys() + keys.sort() + for i in keys: rec = "%-30s %-8s " % i rec += "%s" % dict[i][0] for p in dict[i][1:]: rec += ", %s" % p print rec +class interfaceRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + + def add(self, interface, serange, type): + if serange == "": + serange="s0" + + if type == "": + raise ValueError("Type is required") + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: + raise ValueError("Can't create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if exists: + raise ValueError("Interface %s already defined" % interface) + + (rc,iface) = semanage_iface_create(self.sh) + if rc < 0: + raise ValueError("Could not create interface for %s" % (interface)) + + rc = semanage_iface_set_name(self.sh, iface, interface) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s" % interface) + + semanage_context_set_user(self.sh, con, "system_u") + semanage_context_set_role(self.sh, con, "object_r") + semanage_context_set_type(self.sh, con, type) + semanage_context_set_mls(self.sh, con, serange) + semanage_begin_transaction(self.sh) + semanage_iface_set_ifcon(iface, con) + semanage_iface_set_msgcon(iface, con) + semanage_iface_add_local(self.sh, k, iface) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add interface") + + def modify(self, interface, serange, setype): + if serange == "" and setype == "": + raise ValueError("Requires, setype or serange") + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: + raise ValueError("Can't creater key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if exists: + (rc,p) = semanage_iface_query(self.sh, k) + else: + raise ValueError("interface %s is not defined." % interface) + + if rc < 0: + raise ValueError("Could not query interface for %s" % interface) + + con = semanage_iface_get_ifcon(p) + if rc < 0: + raise ValueError("Could not get interface context for %s" % interface) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if setype != "": + semanage_context_set_type(self.sh, con, setype) + + semanage_begin_transaction(self.sh) + semanage_iface_modify_local(self.sh, k, p) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add interface") + + def delete(self, interface): + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: + raise ValueError("Can't create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if not exists: + raise ValueError("interface %s is not defined." % interface) + else: + (rc,exists) = semanage_iface_exists_local(self.sh, k) + if not exists: + raise ValueError("interface %s is not defined localy, can not be deleted." % interface) + + semanage_begin_transaction(self.sh) + semanage_iface_del_local(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("Interface %s not defined" % interface) + + def list(self, heading=1): + (status, self.plist, self.psize) = semanage_iface_list(self.sh) + if status < 0: + raise ValueError("Unable to list interfaces") + + if heading: + print "%-30s %s\n" % ("SELinux Interface", "Context") + dict={} + for idx in range(self.psize): + iface = semanage_iface_by_idx(self.plist, idx) + name = semanage_iface_get_name(iface) + con = semanage_iface_get_ifcon(iface) + + + print "%-30s %s:%s:%s:%s " % (name,semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) + if __name__ == '__main__': def usage(message = ""): @@ -366,6 +449,7 @@ semanage user [-admsRrh] SELINUX_USER\n\ semanage login [-admsrh] LOGIN_NAME\n\ semanage port [-admth] PORT | PORTRANGE\n\ +semanage interface [-admth] INTERFACE\n\ -a, --add Add a OBJECT record NAME\n\ -d, --delete Delete a OBJECT record NAME\n\ -h, --help display this message\n\ @@ -391,7 +475,7 @@ # # try: - objectlist = ("login", "user", "port") + objectlist = ("login", "user", "port", "interface") input = sys.stdin output = sys.stdout serange = "" @@ -482,6 +566,9 @@ if object == "port": OBJECT = portRecords() + if object == "interface": + OBJECT = interfaceRecords() + if list: OBJECT.list(heading) sys.exit(0); @@ -504,6 +591,9 @@ if object == "port": OBJECT.add(target, proto, serange, setype) + if object == "interface": + OBJECT.add(target, serange, setype) + sys.exit(0); if modify: @@ -516,7 +606,10 @@ if object == "port": OBJECT.modify(target, proto, serange, setype) - sys.exit(0); + + if object == "interface": + OBJECT.modify(target, serange, setype) + sys.exit(0); if delete: