def policy(policy_file): global all_domains global all_attributes global bools global all_types global role_allows global users global roles global file_types global port_types all_domains = None all_attributes = None bools = None all_types = None role_allows = None users = None roles = None file_types = None port_types = None global _pol try: _pol = setools.SELinuxPolicy(policy_file) except: raise ValueError(_("Failed to read %s policy file") % policy_file)
def main(): p = setools.SELinuxPolicy() for class_ in p.classes(): print(repr(class_)) exit(0) q = setools.ObjClassQuery(p) results = q.results() datas = {} if True: for item in results: inherits = None try: inherits = item.common except NoCommon: pass name = str(item) if name == 'file': print(repr(item.__dict__)) print(repr(item.statement())) print(repr(inherits.statement())) p = [] s_class = string_to_security_class(name) for perm in item.perms: av_t = string_to_av_perm(s_class, str(perm)) p.append([str(perm), "0x%08X" % av_t]) inherits_name = str(inherits) data = dict(inherits=str(inherits), perms=p, name=name) data['security_class'] = s_class datas[data['name']] = data print("")
def policy_init(policyPath=None): global __selinuxPolicy__ __selinuxPolicy__ = setools.SELinuxPolicy(policyPath)
args.tertypes = ["allow", "allowxperm"] if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes: parser.error("At least one rule type must be specified.") if args.debug: logging.basicConfig( level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') else: logging.basicConfig(level=logging.WARNING, format='%(message)s') try: p = setools.SELinuxPolicy(args.policy) if args.tertypes: q = setools.TERuleQuery(p, ruletype=args.tertypes, source=args.source, source_indirect=args.source_indirect, source_regex=args.source_regex, target=args.target, target_indirect=args.target_indirect, target_regex=args.target_regex, tclass_regex=args.tclass_regex, perms_equal=args.perms_equal, xperms_equal=args.xperms_equal, default=args.default, default_regex=args.default_regex,
for attr in (rule.source, rule.target): attr_str = str(attr) # expensive if attr_str not in known_attrs: # attr->attr if isinstance(attr, typeattribute): cur.execute('INSERT INTO "attrs" VALUES (?,?)', (attr_str, attr_str)) # attr->types and type->type for child in attr.expand(): cur.execute('INSERT INTO "attrs" VALUES (?,?)', (attr_str, str(child))) known_attrs.add(attr_str) known_attrs = set() for ruleid, rule in enumerate(setools.SELinuxPolicy().terules()): # rule attributes extract_attrs(rule, known_attrs=known_attrs) # permissions if hasattr(rule, 'perms'): for perm in rule.perms: cur.execute('INSERT INTO "perms" VALUES (?,?)', (ruleid, str(perm))) # booleans #if hasattr(rule, 'conditional'): # truth = next(filter(lambda x: x.result == True, # rule.conditional.truth_table())).values # for boolname, boolstate in truth.items(): # cur.execute("INSERT INTO 'bools' VALUES (?,?,?)", # (ruleid, boolname, boolstate)) # booleans as expression strings, as seen in sesearch output