Example #1
1
handle = semanage.semanage_handle_create()

if semanage.semanage_is_managed(handle) < 0:
    exit(1)
if semanage.semanage_connect(handle) < 0:
    exit(1)

def print_port(kind, port):
    con = semanage.semanage_port_get_con(port)
    con_str = semanage.semanage_context_to_string(handle, con)
    high = semanage.semanage_port_get_high(port)
    low = semanage.semanage_port_get_low(port)
    proto = semanage.semanage_port_get_proto(port)
    proto_str = semanage.semanage_port_get_proto_str(proto)
    print(kind, con_str[1], high, low, proto_str)

# Always list local ports afterwards so that the provider works correctly
retval, ports = semanage.semanage_port_list(handle)

for port in ports:
    print_port('policy', port)

retval, ports = semanage.semanage_port_list_local(handle)

for port in ports:
    print_port('local', port)

semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
def semanage_boolean_value(module, name, state):
    rc = 0
    value = 0
    if state:
        value = 1
    handle = semanage.semanage_handle_create()
    if handle is None:
        module.fail_json(msg="Failed to create semanage library handle")
    try:
        managed = semanage.semanage_is_managed(handle)
        if managed < 0:
            module.fail_json(
                msg="Failed to determine whether policy is manage")
        if managed == 0:
            if os.getuid() == 0:
                module.fail_json(
                    msg="Cannot set persistent booleans without managed policy"
                )
            else:
                module.fail_json(
                    msg="Cannot set persistent booleans; please try as root")
        if semanage.semanage_connect(handle) < 0:
            module.fail_json(msg="Failed to connect to semanage")

        if semanage.semanage_begin_transaction(handle) < 0:
            module.fail_json(msg="Failed to begin semanage transaction")

        rc, sebool = semanage.semanage_bool_create(handle)
        if rc < 0:
            module.fail_json(msg="Failed to create seboolean with semanage")
        if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
            module.fail_json(msg="Failed to set seboolean name with semanage")
        semanage.semanage_bool_set_value(sebool, value)

        rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
        if rc < 0:
            module.fail_json(msg="Failed to extract boolean key with semanage")

        if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
            module.fail_json(msg="Failed to modify boolean key with semanage")

        if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
            module.fail_json(
                msg="Failed to set boolean key active with semanage")

        semanage.semanage_bool_key_free(boolkey)
        semanage.semanage_bool_free(sebool)

        semanage.semanage_set_reload(handle, 0)
        if semanage.semanage_commit(handle) < 0:
            module.fail_json(msg="Failed to commit changes to semanage")

        semanage.semanage_disconnect(handle)
        semanage.semanage_handle_destroy(handle)
    except Exception:
        e = get_exception()
        module.fail_json(msg="Failed to manage policy for boolean %s: %s" %
                         (name, str(e)))
    return True
Example #3
0
def semanage_boolean_value(module, name, state):
    rc = 0
    value = 0
    if state:
        value = 1
    handle = semanage.semanage_handle_create()
    if handle is None:
        module.fail_json(msg="Failed to create semanage library handle")
    try:
        managed = semanage.semanage_is_managed(handle)
        if managed < 0:
            module.fail_json(msg="Failed to determine whether policy is manage")
        if managed == 0:
            if os.getuid() == 0:
                module.fail_json(msg="Cannot set persistent booleans without managed policy")
            else:
                module.fail_json(msg="Cannot set persistent booleans; please try as root")
        if semanage.semanage_connect(handle) < 0:
            module.fail_json(msg="Failed to connect to semanage")

        if semanage.semanage_begin_transaction(handle) < 0:
            module.fail_json(msg="Failed to begin semanage transaction")

        rc, sebool = semanage.semanage_bool_create(handle)
        if rc < 0:
            module.fail_json(msg="Failed to create seboolean with semanage")
        if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
            module.fail_json(msg="Failed to set seboolean name with semanage")
        semanage.semanage_bool_set_value(sebool, value)

        rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
        if rc < 0:
            module.fail_json(msg="Failed to extract boolean key with semanage")

        if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
            module.fail_json(msg="Failed to modify boolean key with semanage")

        if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
            module.fail_json(msg="Failed to set boolean key active with semanage")

        semanage.semanage_bool_key_free(boolkey)
        semanage.semanage_bool_free(sebool)

        semanage.semanage_set_reload(handle, 0)
        if semanage.semanage_commit(handle) < 0:
            module.fail_json(msg="Failed to commit changes to semanage")

        semanage.semanage_disconnect(handle)
        semanage.semanage_handle_destroy(handle)
    except Exception:
        e = get_exception()
        module.fail_json(msg="Failed to manage policy for boolean %s: %s" % (name, str(e)))
    return True
Example #4
0
def main(argv=None):
	if argv is None:
		argv = sys.argv
	try:
        	try:
			opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"])
			tests = Tests()
			for o, a in opts:
        			if o == "-v":
            				tests.verbose = True
					print "Verbose output selected."
        			if o == "-a":
            				tests.all = True
        			if o == "-u":
            				tests.users = True
        			if o == "-U":
            				tests.writeuser = True
        			if o == "-s":
            				tests.seusers = True
        			if o == "-S":
            				tests.writeseuser = True
				if o == "-p":
					tests.ports = True
				if o == "-P":
					tests.writeport = True
				if o == "-f":
					tests.fcontexts = True
				if o == "-F":
					tests.writefcontext = True
				if o == "-i":
					tests.interfaces = True
				if o == "-I":
					tests.writeinterface = True
				if o == "-b":
					tests.booleans = True
				if o == "-B":
					tests.writeboolean = True
				if o == "-c":
					tests.abooleans = True
				if o == "-C":
					tests.writeaboolean = True
				if o == "-n":
					tests.nodes = True
				if o == "-N":
					tests.writenode = True
        			if o == "-m":
            				tests.modules = True
        			if o == "-h":
					raise Usage(usage)

			if not tests.selected():
				raise Usage("Please select a valid test.")

        	except getopt.error, msg:
             		raise Usage(msg)

		sh=semanage.semanage_handle_create()
		
		if (semanage.semanage_is_managed(sh) != 1):
			raise Status("Unmanaged!")
		
		status = semanage.semanage_connect(sh)
		if status < 0:
			raise Error("Could not establish semanage connection")

		tests.run(sh)

		status = semanage.semanage_disconnect(sh)
		if status < 0:
			raise Error("Could not disconnect")

		semanage.semanage_handle_destroy(sh)
Example #5
0
def main(argv=None):
    if argv is None:
        argv = sys.argv
    try:
        try:
            opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", [
                "help",
                "verbose",
                "modules",
                "users",
                "seusers",
                "ports",
                "file contexts",
                "network interfaces",
                "booleans",
                "active booleans",
                "network nodes",
                "writeuser",
                "writeseuser",
                "writeport",
                "writefcontext",
                "writeinterface",
                "writeboolean",
                "writeaboolean",
                "writenode",
                "all",
            ])
            tests = Tests()
            for o, a in opts:
                if o == "-v":
                    tests.verbose = True
                    print("Verbose output selected.")
                if o == "-a":
                    tests.all = True
                if o == "-u":
                    tests.users = True
                if o == "-U":
                    tests.writeuser = True
                if o == "-s":
                    tests.seusers = True
                if o == "-S":
                    tests.writeseuser = True
                if o == "-p":
                    tests.ports = True
                if o == "-P":
                    tests.writeport = True
                if o == "-f":
                    tests.fcontexts = True
                if o == "-F":
                    tests.writefcontext = True
                if o == "-i":
                    tests.interfaces = True
                if o == "-I":
                    tests.writeinterface = True
                if o == "-b":
                    tests.booleans = True
                if o == "-B":
                    tests.writeboolean = True
                if o == "-c":
                    tests.abooleans = True
                if o == "-C":
                    tests.writeaboolean = True
                if o == "-n":
                    tests.nodes = True
                if o == "-N":
                    tests.writenode = True
                if o == "-m":
                    tests.modules = True
                if o == "-h":
                    raise Usage(usage)

            if not tests.selected():
                raise Usage("Please select a valid test.")

        except getopt.error as msg:
            raise Usage(msg)

        sh = semanage.semanage_handle_create()

        if semanage.semanage_is_managed(sh) != 1:
            raise Status("Unmanaged!")

        status = semanage.semanage_connect(sh)
        if status < 0:
            raise Error("Could not establish semanage connection")

        tests.run(sh)

        status = semanage.semanage_disconnect(sh)
        if status < 0:
            raise Error("Could not disconnect")

        semanage.semanage_handle_destroy(sh)

    except Usage as err:
        print(err.msg, file=sys.stderr)
    except Status as err:
        print(err.msg, file=sys.stderr)
    except Error as err:
        print(err.msg, file=sys.stderr)

    return 2
Example #6
0
def semanage_destroy_handle(module, handle):
    rc = semanage.semanage_disconnect(handle)
    semanage.semanage_handle_destroy(handle)
    if rc < 0:
        module.fail_json(msg="Failed to disconnect from semanage")
Example #7
0
if semanage.semanage_is_managed(handle) < 0:
    exit(1)
if semanage.semanage_connect(handle) < 0:
    exit(1)


def print_port(kind, port):
    con = semanage.semanage_port_get_con(port)
    con_str = semanage.semanage_context_to_string(handle, con)
    high = semanage.semanage_port_get_high(port)
    low = semanage.semanage_port_get_low(port)
    proto = semanage.semanage_port_get_proto(port)
    proto_str = semanage.semanage_port_get_proto_str(proto)
    print(kind, con_str[1], high, low, proto_str)


# Always list local ports afterwards so that the provider works correctly
retval, ports = semanage.semanage_port_list(handle)

for port in ports:
    print_port('policy', port)

retval, ports = semanage.semanage_port_list_local(handle)

for port in ports:
    print_port('local', port)

semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)