def test_writeaboolean(self, sh):
print "Testing active boolean write..."
(status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
if status < 0:
raise Error("Could not create SEBool key")
if self.verbose: print "SEBool key created: ", key
(status, old_bool) = semanage.semanage_bool_query_active(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
(status, abool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose:
print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
semanage.semanage_bool_set_value(abool, 0)
if self.verbose:
print "SEbool value set: ", semanage.semanage_bool_get_value(abool)
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key, abool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
print "Resetting old active boolean..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "SEBool active reset: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(abool)
semanage.semanage_bool_free(old_bool)
def semanage_get_boolean_value(module, handle, name):
rc, t_b = semanage.semanage_bool_create(handle)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, t_b, name) < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to set seboolean name with semanage")
rc, boolkey = semanage.semanage_bool_key_extract(handle, t_b)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to extract boolean key with semanage")
rc, exists = semanage.semanage_bool_exists(handle, boolkey)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to check if boolean is defined")
if not exists:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="SELinux boolean %s is not defined in persistent policy" % name)
rc, sebool = semanage.semanage_bool_query(handle, boolkey)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to query boolean in persistent policy")
value = semanage.semanage_bool_get_value(sebool)
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(t_b)
semanage.semanage_bool_free(sebool)
return value
def semanage_boolean_value(module, name, state):
rc = 0
value = 0
if state:
value = 1
handle = semanage.semanage_handle_create()
if handle is None:
module.fail_json(msg="Failed to create semanage library handle")
try:
managed = semanage.semanage_is_managed(handle)
if managed < 0:
module.fail_json(
msg="Failed to determine whether policy is manage")
if managed == 0:
if os.getuid() == 0:
module.fail_json(
msg="Cannot set persistent booleans without managed policy"
)
else:
module.fail_json(
msg="Cannot set persistent booleans; please try as root")
if semanage.semanage_connect(handle) < 0:
module.fail_json(msg="Failed to connect to semanage")
if semanage.semanage_begin_transaction(handle) < 0:
module.fail_json(msg="Failed to begin semanage transaction")
rc, sebool = semanage.semanage_bool_create(handle)
if rc < 0:
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
module.fail_json(msg="Failed to set seboolean name with semanage")
semanage.semanage_bool_set_value(sebool, value)
rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
if rc < 0:
module.fail_json(msg="Failed to extract boolean key with semanage")
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
module.fail_json(
msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(sebool)
semanage.semanage_set_reload(handle, 0)
if semanage.semanage_commit(handle) < 0:
module.fail_json(msg="Failed to commit changes to semanage")
semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
except Exception:
e = get_exception()
module.fail_json(msg="Failed to manage policy for boolean %s: %s" %
(name, str(e)))
return True
def test_writeaboolean(self,sh):
print "Testing active boolean write..."
(status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
if status < 0:
raise Error("Could not create SEBool key")
if self.verbose: print "SEBool key created: ", key
(status, old_bool) = semanage.semanage_bool_query_active(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
(status, abool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
semanage.semanage_bool_set_value(abool, 0)
if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(abool)
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh,key,abool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
print "Resetting old active boolean..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key,old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "SEBool active reset: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(abool)
semanage.semanage_bool_free(old_bool)
def semanage_boolean_value(module, name, state):
rc = 0
value = 0
if state:
value = 1
handle = semanage.semanage_handle_create()
if handle is None:
module.fail_json(msg="Failed to create semanage library handle")
try:
managed = semanage.semanage_is_managed(handle)
if managed < 0:
module.fail_json(msg="Failed to determine whether policy is manage")
if managed == 0:
if os.getuid() == 0:
module.fail_json(msg="Cannot set persistent booleans without managed policy")
else:
module.fail_json(msg="Cannot set persistent booleans; please try as root")
if semanage.semanage_connect(handle) < 0:
module.fail_json(msg="Failed to connect to semanage")
if semanage.semanage_begin_transaction(handle) < 0:
module.fail_json(msg="Failed to begin semanage transaction")
rc, sebool = semanage.semanage_bool_create(handle)
if rc < 0:
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
module.fail_json(msg="Failed to set seboolean name with semanage")
semanage.semanage_bool_set_value(sebool, value)
rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
if rc < 0:
module.fail_json(msg="Failed to extract boolean key with semanage")
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(sebool)
semanage.semanage_set_reload(handle, 0)
if semanage.semanage_commit(handle) < 0:
module.fail_json(msg="Failed to commit changes to semanage")
semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
except Exception:
e = get_exception()
module.fail_json(msg="Failed to manage policy for boolean %s: %s" % (name, str(e)))
return True
def test_writeboolean(self,sh):
print "Testing boolean write..."
(status, pbool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool)
semanage.semanage_bool_set_value(pbool, 0)
if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(pbool)
(status,key) = semanage.semanage_bool_key_extract(sh, pbool)
if status < 0:
raise Error("Could not extract SEBool key")
if self.verbose: print "SEBool key extracted: ", key
(status,exists) = semanage.semanage_bool_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEBool exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_bool) = semanage.semanage_bool_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_modify_local(sh, key, pbool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing boolean..."
status = semanage.semanage_bool_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEBool")
if self.verbose: print "Boolean delete: ", status
else:
print "Resetting boolean..."
status = semanage.semanage_bool_modify_local(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "Boolean modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(pbool)
if exists: semanage.semanage_bool_free(old_bool)
def test_writeboolean(self, sh):
print("Testing boolean write...")
(status, pbool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose:
print("SEBool object created.")
status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose:
print("SEBool name set: %s" %
semanage.semanage_bool_get_name(pbool))
semanage.semanage_bool_set_value(pbool, 0)
if self.verbose:
print("SEbool value set: %s" %
semanage.semanage_bool_get_value(pbool))
(status, key) = semanage.semanage_bool_key_extract(sh, pbool)
if status < 0:
raise Error("Could not extract SEBool key")
if self.verbose:
print("SEBool key extracted: %s" % key)
(status, exists) = semanage.semanage_bool_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEBool exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_bool) = semanage.semanage_bool_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_modify_local(sh, key, pbool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing boolean...")
status = semanage.semanage_bool_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEBool")
if self.verbose:
print("Boolean delete: %s" % status)
else:
print("Resetting boolean...")
status = semanage.semanage_bool_modify_local(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose:
print("Boolean modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(pbool)
if exists:
semanage.semanage_bool_free(old_bool)
