def get_types_of_str(attr_name):
q = setools.TypeAttributeQuery(__selinuxPolicy__)
q.name = attr_name
results = q.results().next(
) #should contain only 1 item - TypeAttribute("domain")
if results:
return [str(x) for x in results.expand()]
else:
return []
def get_unconfined_types():
q = setools.TypeAttributeQuery(__selinuxPolicy__)
q.name = "domain"
results = next(
q.results()) #should contain only 1 item - TypeAttribute("domain")
if results:
return [x for x in results.expand()]
else:
return []
def info(setype, name=None):
if setype == TYPE:
q = setools.TypeQuery(_pol)
q.name = name
results = list(q.results())
if name and len(results) < 1:
# type not found, try alias
q.name = None
q.alias = name
results = list(q.results())
return ({
'aliases': list(map(str, x.aliases())),
'name': str(x),
'permissive': bool(x.ispermissive),
'attributes': list(map(str, x.attributes()))
} for x in results)
elif setype == ROLE:
q = setools.RoleQuery(_pol)
if name:
q.name = name
return ({
'name': str(x),
'roles': list(map(str, x.expand())),
'types': list(map(str, x.types())),
} for x in q.results())
elif setype == ATTRIBUTE:
q = setools.TypeAttributeQuery(_pol)
if name:
q.name = name
return ({
'name': str(x),
'types': list(map(str, x.expand())),
} for x in q.results())
elif setype == PORT:
q = setools.PortconQuery(_pol)
if name:
ports = [int(i) for i in name.split("-")]
if len(ports) == 2:
q.ports = ports
elif len(ports) == 1:
q.ports = (ports[0], ports[0])
if _pol.mls:
return ({
'high': x.ports.high,
'protocol': str(x.protocol),
'range': str(x.context.range_),
'type': str(x.context.type_),
'low': x.ports.low,
} for x in q.results())
return ({
'high': x.ports.high,
'protocol': str(x.protocol),
'type': str(x.context.type_),
'low': x.ports.low,
} for x in q.results())
elif setype == USER:
q = setools.UserQuery(_pol)
if name:
q.name = name
if _pol.mls:
return ({
'range': str(x.mls_range),
'name': str(x),
'roles': list(map(str, x.roles)),
'level': str(x.mls_level),
} for x in q.results())
return ({
'name': str(x),
'roles': list(map(str, x.roles)),
} for x in q.results())
elif setype == BOOLEAN:
q = setools.BoolQuery(_pol)
if name:
q.name = name
return ({
'name': str(x),
'state': x.state,
} for x in q.results())
elif setype == TCLASS:
q = setools.ObjClassQuery(_pol)
if name:
q.name = name
return ({
'name': str(x),
'permlist': list(x.perms),
} for x in q.results())
else:
raise ValueError("Invalid type")
def attributes_re(self, s, **kwargs):
q = se.TypeAttributeQuery(self, name_regex=True, **kwargs)
q.name = s
return sorted(q.results())
if args.mlssensquery or args.all:
q = setools.SensitivityQuery(p)
if isinstance(args.mlssensquery, str):
q.name = args.mlssensquery
components.append(("Sensitivities", q, lambda x: x.statement()))
if args.typequery or args.all:
q = setools.TypeQuery(p)
if isinstance(args.typequery, str):
q.name = args.typequery
components.append(("Types", q, lambda x: x.statement()))
if args.typeattrquery or args.all:
q = setools.TypeAttributeQuery(p)
if isinstance(args.typeattrquery, str):
q.name = args.typeattrquery
components.append(("Type Attributes", q, expand_attr))
if args.userquery or args.all:
q = setools.UserQuery(p)
if isinstance(args.userquery, str):
q.name = args.userquery
components.append(("Users", q, lambda x: x.statement()))
if args.validatetransquery or args.all:
q = setools.ConstraintQuery(
p, ruletype=["validatetrans", "mlsvalidatetrans"])
def get_attributes_filter_name(name):
q = setools.TypeAttributeQuery(__selinuxPolicy__)
q.name = name
results = q.results()
return [str(x) for x in results]