def test_ports(self,sh):
print "Testing ports..."
(status, plist) = semanage.semanage_port_list(sh)
if status < 0:
raise Error("Could not list ports")
print "Query status (commit number): ", status
if ( len(plist) == 0):
print "No ports found!"
print "This is not necessarily a test failure."
return
for port in plist:
if self.verbose: print "Port reference: ", port
low = semanage.semanage_port_get_low(port)
high = semanage.semanage_port_get_high(port)
con = semanage.semanage_port_get_con(port)
proto = semanage.semanage_port_get_proto(port)
proto_str = semanage.semanage_port_get_proto_str(proto)
if low == high:
range_str = str(low)
else:
range_str = str(low) + "-" + str(high)
(rc, con_str) = semanage.semanage_context_to_string(sh,con)
if rc < 0: con_str = ""
print "Port: ", range_str, " ", proto_str, " Context: ", con_str
semanage.semanage_port_free(port)
def test_ports(self, sh):
print("Testing ports...")
(status, plist) = semanage.semanage_port_list(sh)
if status < 0:
raise Error("Could not list ports")
print("Query status (commit number): %s" % status)
if len(plist) == 0:
print("No ports found!")
print("This is not necessarily a test failure.")
return
for port in plist:
if self.verbose:
print("Port reference: %s" % port)
low = semanage.semanage_port_get_low(port)
high = semanage.semanage_port_get_high(port)
con = semanage.semanage_port_get_con(port)
proto = semanage.semanage_port_get_proto(port)
proto_str = semanage.semanage_port_get_proto_str(proto)
if low == high:
range_str = str(low)
else:
range_str = str(low) + "-" + str(high)
(rc, con_str) = semanage.semanage_context_to_string(sh, con)
if rc < 0:
con_str = ""
print("Port: %s %s Context: %s" % (range_str, proto_str, con_str))
semanage.semanage_port_free(port)
def test_writeport(self,sh):
print "Testing port write..."
(status, port) = semanage.semanage_port_create(sh)
if status < 0:
raise Error("Could not create SEPort object")
if self.verbose: print "SEPort object created."
semanage.semanage_port_set_range(port,150,200)
low = semanage.semanage_port_get_low(port)
high = semanage.semanage_port_get_high(port)
if self.verbose: print "SEPort range set: ", low, "-", high
semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP);
if self.verbose: print "SEPort protocol set: ", \
semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP)
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose: print "SEContext object created (for port)."
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose: print "SEContext user: "******"object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
status = semanage.semanage_context_set_type(sh, con, "http_port_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
status = semanage.semanage_port_set_con(sh, port, con)
if status < 0:
raise Error("Could not set SEPort context")
if self.verbose: print "SEPort context set: ", con
(status,key) = semanage.semanage_port_key_extract(sh,port)
if status < 0:
raise Error("Could not extract SEPort key")
if self.verbose: print "SEPort key extracted: ", key
(status,exists) = semanage.semanage_port_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEPort exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_port) = semanage.semanage_port_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEPort")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_port_modify_local(sh,key,port)
if status < 0:
raise Error("Could not modify SEPort")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing port range..."
status = semanage.semanage_port_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEPort")
if self.verbose: print "Port range delete: ", status
else:
print "Resetting port range..."
status = semanage.semanage_port_modify_local(sh, key, old_port)
if status < 0:
raise Error("Could not reset test SEPort")
if self.verbose: print "Port range modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_context_free(con)
semanage.semanage_port_key_free(key)
semanage.semanage_port_free(port)
if exists: semanage.semanage_port_free(old_port)
def test_writeport(self, sh):
print("Testing port write...")
(status, port) = semanage.semanage_port_create(sh)
if status < 0:
raise Error("Could not create SEPort object")
if self.verbose:
print("SEPort object created.")
semanage.semanage_port_set_range(port, 150, 200)
low = semanage.semanage_port_get_low(port)
high = semanage.semanage_port_get_high(port)
if self.verbose:
print("SEPort range set: %s-%s" % (low, high))
semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP)
if self.verbose:
print("SEPort protocol set: %s" %
semanage.semanage_port_get_proto_str(
semanage.SEMANAGE_PROTO_TCP))
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose:
print("SEContext object created (for port).")
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose:
print("SEContext user: %s" %
semanage.semanage_context_get_user(con))
status = semanage.semanage_context_set_role(sh, con, "object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose:
print("SEContext role: %s" %
semanage.semanage_context_get_role(con))
status = semanage.semanage_context_set_type(sh, con, "http_port_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose:
print("SEContext type: %s" %
semanage.semanage_context_get_type(con))
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose:
print("SEContext mls: %s" % semanage.semanage_context_get_mls(con))
status = semanage.semanage_port_set_con(sh, port, con)
if status < 0:
raise Error("Could not set SEPort context")
if self.verbose:
print("SEPort context set: %s" % con)
(status, key) = semanage.semanage_port_key_extract(sh, port)
if status < 0:
raise Error("Could not extract SEPort key")
if self.verbose:
print("SEPort key extracted: %s" % key)
(status, exists) = semanage.semanage_port_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEPort exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_port) = semanage.semanage_port_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEPort")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_port_modify_local(sh, key, port)
if status < 0:
raise Error("Could not modify SEPort")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing port range...")
status = semanage.semanage_port_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEPort")
if self.verbose:
print("Port range delete: %s" % status)
else:
print("Resetting port range...")
status = semanage.semanage_port_modify_local(sh, key, old_port)
if status < 0:
raise Error("Could not reset test SEPort")
if self.verbose:
print("Port range modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_context_free(con)
semanage.semanage_port_key_free(key)
semanage.semanage_port_free(port)
if exists:
semanage.semanage_port_free(old_port)
