def get_network_connect(src, protocol, perm):
portrecs, portrecsbynum = sepolicy.gen_port_dict()
d = {}
tlist = get_types(src, "%s_socket" % protocol, [perm])
if len(tlist) > 0:
d[(src, protocol, perm)] = []
for i in tlist:
if i == "ephemeral_port_type":
if "unreserved_port_type" in tlist:
continue
i = "ephemeral_port_t"
if i == "unreserved_port_t":
if "unreserved_port_type" in tlist:
continue
if "port_t" in tlist:
continue
if i == "port_t":
d[(src, protocol, perm)].append(
(i, ["all ports with out defined types"]))
if i == "port_type":
d[(src, protocol, perm)].append((i, ["all ports"]))
elif i == "unreserved_port_type":
d[(src, protocol, perm)].append((i, ["all ports > 1024"]))
elif i == "reserved_port_type":
d[(src, protocol, perm)].append((i, ["all ports < 1024"]))
elif i == "rpc_port_type":
d[(src, protocol, perm)].append(
(i, ["all ports > 500 and < 1024"]))
else:
try:
d[(src, protocol, perm)].append(
(i, portrecs[(i, protocol)]))
except KeyError:
pass
return d
def __init__(self,
domainname,
path="/tmp",
root="/",
source_files=False,
html=False):
self.html = html
self.source_files = source_files
self.root = root
self.portrecs = sepolicy.gen_port_dict()[0]
self.domains = gen_domains()
self.all_domains = sepolicy.get_all_domains()
self.all_attributes = sepolicy.get_all_attributes()
self.all_bools = sepolicy.get_all_bools()
self.all_port_types = sepolicy.get_all_port_types()
self.all_roles = sepolicy.get_all_roles()
self.all_users = get_all_users_info()[0]
self.all_users_range = get_all_users_info()[1]
self.all_file_types = sepolicy.get_all_file_types()
self.role_allows = sepolicy.get_all_role_allows()
self.types = _gen_types()
if self.source_files:
self.fcpath = self.root + "file_contexts"
else:
self.fcpath = self.root + selinux.selinux_file_context_path()
self.fcdict = sepolicy.get_fcdict(self.fcpath)
if not os.path.exists(path):
os.makedirs(path)
self.path = path
if self.source_files:
self.xmlpath = self.root + "policy.xml"
else:
self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml"
self.booleans_dict = sepolicy.gen_bool_dict(self.xmlpath)
self.domainname, self.short_name = sepolicy.gen_short_name(domainname)
self.type = self.domainname + "_t"
self._gen_bools()
self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
self.fd = open(self.man_page_path, 'w')
if self.domainname + "_r" in self.all_roles:
self.__gen_user_man_page()
if self.html:
manpage_roles.append(self.man_page_path)
else:
if self.html:
manpage_domains.append(self.man_page_path)
self.__gen_man_page()
self.fd.close()
for k in equiv_dict.keys():
if k == self.domainname:
for alias in equiv_dict[k]:
self.__gen_man_page_link(alias)
def get_network_connect(src, protocol, perm, check_bools=False):
portrecs, portrecsbynum = sepolicy.gen_port_dict()
d={}
tlist = get_types(src, "%s_socket" % protocol, [perm], check_bools)
if len(tlist) > 0:
d[(src,protocol,perm)] = []
for i in tlist:
if i == "ephemeral_port_type":
if "unreserved_port_type" in tlist:
continue
i = "ephemeral_port_t"
if i == "unreserved_port_t":
if "unreserved_port_type" in tlist:
continue
if "port_t" in tlist:
continue
if i == "port_t":
d[(src,protocol,perm)].append((i, ["all ports with out defined types"]))
if i == "port_type":
d[(src,protocol,perm)].append((i, ["all ports"]))
elif i == "unreserved_port_type":
d[(src,protocol,perm)].append((i, ["all ports > 1024"]))
elif i == "reserved_port_type":
d[(src,protocol,perm)].append((i, ["all ports < 1024"]))
elif i == "rpc_port_type":
d[(src,protocol,perm)].append((i, ["all ports > 500 and < 1024"]))
else:
try:
d[(src,protocol,perm)].append((i, portrecs[(i, protocol)]))
except KeyError:
pass
return d
def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False):
self.html = html
self.source_files = source_files
self.root = root
self.portrecs = sepolicy.gen_port_dict()[0]
self.domains = gen_domains()
self.all_domains = sepolicy.get_all_domains()
self.all_attributes = sepolicy.get_all_attributes()
self.all_bools = sepolicy.get_all_bools()
self.all_port_types = sepolicy.get_all_port_types()
self.all_roles = sepolicy.get_all_roles()
self.all_users = get_all_users_info()[0]
self.all_users_range = get_all_users_info()[1]
self.all_file_types = sepolicy.get_all_file_types()
self.role_allows = sepolicy.get_all_role_allows()
self.types = _gen_types()
self.exec_types = _gen_exec_types()
self.entry_types = _gen_entry_types()
self.mcs_constrained_types = _gen_mcs_constrained_types()
if self.source_files:
self.fcpath = self.root + "file_contexts"
else:
self.fcpath = self.root + selinux.selinux_file_context_path()
self.fcdict = sepolicy.get_fcdict(self.fcpath)
if not os.path.exists(path):
os.makedirs(path)
self.path = path
if self.source_files:
self.xmlpath = self.root + "policy.xml"
else:
self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml"
self.booleans_dict = sepolicy.gen_bool_dict(self.xmlpath)
self.domainname, self.short_name = sepolicy.gen_short_name(domainname)
self.type = self.domainname + "_t"
self._gen_bools()
self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
self.fd = open(self.man_page_path, 'w')
if self.domainname + "_r" in self.all_roles:
self.__gen_user_man_page()
if self.html:
manpage_roles.append(self.man_page_path)
else:
if self.html:
manpage_domains.append(self.man_page_path)
self.__gen_man_page()
self.fd.close()
for k in equiv_dict.keys():
if k == self.domainname:
for alias in equiv_dict[k]:
self.__gen_man_page_link(alias)
def network(args):
portrecs, portrecsbynum = sepolicy.gen_port_dict()
all_ports = []
if args.list_ports:
for i in portrecs:
if i[0] not in all_ports:
all_ports.append(i[0])
all_ports.sort()
print("\n".join(all_ports))
for port in args.port:
found = False
for i in portrecsbynum:
if i[0] <= port and port <= i[1]:
if i[0] == i[1]:
range = i[0]
else:
range = "%s-%s" % (i[0], i[1])
found = True
print("%d: %s %s %s" %
(port, i[2], portrecsbynum[i][0], range))
if not found:
if port < 500:
print("Undefined reserved port type")
else:
print("Undefined port type")
for t in args.type:
if (t, 'tcp') in portrecs.keys():
print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])))
if (t, 'udp') in portrecs.keys():
print("%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])))
for a in args.applications:
d = sepolicy.get_init_transtype(a)
if d:
args.domain.append(d)
for d in args.domain:
_print_net(d, "tcp", "name_connect")
for net in ("tcp", "udp"):
_print_net(d, net, "name_bind")
def network(args):
portrecs, portrecsbynum = sepolicy.gen_port_dict()
all_ports = []
if args.list_ports:
for i in portrecs:
if i[0] not in all_ports:
all_ports.append(i[0])
all_ports.sort()
print("\n".join(all_ports))
for port in args.port:
found = False
for i in portrecsbynum:
if i[0] <= port and port <= i[1]:
if i[0] == i[1]:
RANGE = i[0]
else:
RANGE = "%s-%s" % (i[0], i[1])
found = True
print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], RANGE))
if not found:
if port < 500:
print("Undefined reserved port type")
else:
print("Undefined port type")
for t in args.type:
if (t,'tcp') in list(portrecs.keys()):
print("%s: tcp: %s" % (t, ",".join(portrecs[t,'tcp'])))
if (t,'udp') in list(portrecs.keys()):
print("%s: udp: %s" % (t, ",".join(portrecs[t,'udp'])))
for a in args.applications:
d = sepolicy.get_init_transtype(a)
if d:
args.domain.append(d)
for d in args.domain:
_print_net(d, "tcp", "name_connect")
for net in ("tcp", "udp"):
_print_net(d, net, "name_bind")