c65daa990e
- Build with libsepol.so.1 and libsemanage.so.2 - Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file - fixfiles: correctly restore context of mountpoints - sepolgen: print extended permissions in hexadecimal
113 lines
5.2 KiB
Diff
113 lines
5.2 KiB
Diff
From 9e239e55692b578ba546b4dff2b07604a2ca6baa Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Wed, 19 Aug 2020 17:05:33 +0200
|
|
Subject: [PATCH] sepolgen: print extended permissions in hexadecimal
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
All tools like ausearch(8) or sesearch(1) and online documentation[1]
|
|
use hexadecimal values for extended permissions.
|
|
Hence use them, e.g. for audit2allow output, as well.
|
|
|
|
[1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
---
|
|
python/sepolgen/src/sepolgen/refpolicy.py | 5 ++---
|
|
python/sepolgen/tests/test_access.py | 10 +++++-----
|
|
python/sepolgen/tests/test_refpolicy.py | 12 ++++++------
|
|
3 files changed, 13 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
|
|
index 43cecfc77385..747636875ef7 100644
|
|
--- a/python/sepolgen/src/sepolgen/refpolicy.py
|
|
+++ b/python/sepolgen/src/sepolgen/refpolicy.py
|
|
@@ -407,10 +407,9 @@ class XpermSet():
|
|
|
|
# print single value without braces
|
|
if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
|
|
- return compl + str(self.ranges[0][0])
|
|
+ return compl + hex(self.ranges[0][0])
|
|
|
|
- vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
|
|
- self.ranges)
|
|
+ vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
|
|
|
|
return "%s{ %s }" % (compl, " ".join(vals))
|
|
|
|
diff --git a/python/sepolgen/tests/test_access.py b/python/sepolgen/tests/test_access.py
|
|
index 73a5407df617..623588e09aeb 100644
|
|
--- a/python/sepolgen/tests/test_access.py
|
|
+++ b/python/sepolgen/tests/test_access.py
|
|
@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
|
|
a.merge(b)
|
|
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
|
|
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
|
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
|
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
|
|
|
def text_merge_xperm2(self):
|
|
"""Test merging AV that does not contain xperms with AV that does"""
|
|
@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
|
|
a.merge(b)
|
|
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
|
|
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
|
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
|
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
|
|
|
def test_merge_xperm_diff_op(self):
|
|
"""Test merging two AVs that contain xperms with different operation"""
|
|
@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
|
|
a.merge(b)
|
|
self.assertEqual(list(a.perms), ["read"])
|
|
self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
|
|
- self.assertEqual(a.xperms["asdf"].to_string(), "23")
|
|
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
|
+ self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
|
|
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
|
|
|
def test_merge_xperm_same_op(self):
|
|
"""Test merging two AVs that contain xperms with same operation"""
|
|
@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
|
|
a.merge(b)
|
|
self.assertEqual(list(a.perms), ["read"])
|
|
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
|
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
|
|
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
|
|
|
|
class TestUtilFunctions(unittest.TestCase):
|
|
def test_is_idparam(self):
|
|
diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
|
|
index 4b50c8aada96..c7219fd568e9 100644
|
|
--- a/python/sepolgen/tests/test_refpolicy.py
|
|
+++ b/python/sepolgen/tests/test_refpolicy.py
|
|
@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
|
|
a.complement = True
|
|
self.assertEqual(a.to_string(), "")
|
|
a.add(1234)
|
|
- self.assertEqual(a.to_string(), "~ 1234")
|
|
+ self.assertEqual(a.to_string(), "~ 0x4d2")
|
|
a.complement = False
|
|
- self.assertEqual(a.to_string(), "1234")
|
|
+ self.assertEqual(a.to_string(), "0x4d2")
|
|
a.add(2345)
|
|
- self.assertEqual(a.to_string(), "{ 1234 2345 }")
|
|
+ self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
|
|
a.complement = True
|
|
- self.assertEqual(a.to_string(), "~ { 1234 2345 }")
|
|
+ self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
|
|
a.add(42,64)
|
|
- self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
|
|
+ self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
|
|
a.complement = False
|
|
- self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
|
|
+ self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
|
|
|
|
class TestSecurityContext(unittest.TestCase):
|
|
def test_init(self):
|
|
--
|
|
2.29.0
|
|
|