def test_writeaboolean(self, sh):
print "Testing active boolean write..."
(status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
if status < 0:
raise Error("Could not create SEBool key")
if self.verbose: print "SEBool key created: ", key
(status, old_bool) = semanage.semanage_bool_query_active(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
(status, abool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose:
print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
semanage.semanage_bool_set_value(abool, 0)
if self.verbose:
print "SEbool value set: ", semanage.semanage_bool_get_value(abool)
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key, abool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
print "Resetting old active boolean..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "SEBool active reset: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(abool)
semanage.semanage_bool_free(old_bool)
def load_policy(opts):
PWD = getcwd()
chdir(TEMPLATES_STORE)
if opts['LoadModules']:
handle = semanage.semanage_handle_create()
semanage.semanage_connect(handle)
for template in templates_to_load:
semanage.semanage_module_install_file(handle, template + '.cil')
chdir(PWD)
semanage.semanage_module_install_file(handle,
opts['ContainerName'] + '.cil')
semanage.semanage_commit(handle)
else:
templates = list_templates_to_string(templates_to_load)
if len(templates_to_load) > 1:
print('\nPlease load these modules using: \n# semodule -i ' +
opts['ContainerName'] + '.cil ' + TEMPLATES_STORE + "/{" +
templates + '}')
else:
print('\nPlease load these modules using: \n# semodule -i ' +
opts['ContainerName'] + '.cil ' + TEMPLATES_STORE + "/" +
templates + '')
chdir(PWD)
def load_policy(opts):
PWD = getcwd()
chdir(TEMPLATES_STORE)
if opts["LoadModules"]:
handle = semanage.semanage_handle_create()
semanage.semanage_connect(handle)
for template in templates_to_load:
semanage.semanage_module_install_file(handle, template + ".cil")
chdir(PWD)
semanage.semanage_module_install_file(handle,
opts["ContainerName"] + ".cil")
semanage.semanage_commit(handle)
else:
templates = list_templates_to_string(templates_to_load)
if len(templates_to_load) > 1:
print("\nPlease load these modules using: \n# semodule -i " +
opts["ContainerName"] + ".cil " + TEMPLATES_STORE + "/{" +
templates + "}")
else:
print("\nPlease load these modules using: \n# semodule -i " +
opts["ContainerName"] + ".cil " + TEMPLATES_STORE + "/" +
templates + "")
chdir(PWD)
def test_writeaboolean(self,sh):
print "Testing active boolean write..."
(status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
if status < 0:
raise Error("Could not create SEBool key")
if self.verbose: print "SEBool key created: ", key
(status, old_bool) = semanage.semanage_bool_query_active(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
(status, abool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
semanage.semanage_bool_set_value(abool, 0)
if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(abool)
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh,key,abool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
print "Resetting old active boolean..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key,old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "SEBool active reset: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(abool)
semanage.semanage_bool_free(old_bool)
def semanage_boolean_value(module, name, state):
rc = 0
value = 0
if state:
value = 1
handle = semanage.semanage_handle_create()
if handle is None:
module.fail_json(msg="Failed to create semanage library handle")
try:
managed = semanage.semanage_is_managed(handle)
if managed < 0:
module.fail_json(
msg="Failed to determine whether policy is manage")
if managed == 0:
if os.getuid() == 0:
module.fail_json(
msg="Cannot set persistent booleans without managed policy"
)
else:
module.fail_json(
msg="Cannot set persistent booleans; please try as root")
if semanage.semanage_connect(handle) < 0:
module.fail_json(msg="Failed to connect to semanage")
if semanage.semanage_begin_transaction(handle) < 0:
module.fail_json(msg="Failed to begin semanage transaction")
rc, sebool = semanage.semanage_bool_create(handle)
if rc < 0:
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
module.fail_json(msg="Failed to set seboolean name with semanage")
semanage.semanage_bool_set_value(sebool, value)
rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
if rc < 0:
module.fail_json(msg="Failed to extract boolean key with semanage")
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
module.fail_json(
msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(sebool)
semanage.semanage_set_reload(handle, 0)
if semanage.semanage_commit(handle) < 0:
module.fail_json(msg="Failed to commit changes to semanage")
semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
except Exception:
e = get_exception()
module.fail_json(msg="Failed to manage policy for boolean %s: %s" %
(name, str(e)))
return True
def semanage_boolean_value(module, name, state):
rc = 0
value = 0
if state:
value = 1
handle = semanage.semanage_handle_create()
if handle is None:
module.fail_json(msg="Failed to create semanage library handle")
try:
managed = semanage.semanage_is_managed(handle)
if managed < 0:
module.fail_json(msg="Failed to determine whether policy is manage")
if managed == 0:
if os.getuid() == 0:
module.fail_json(msg="Cannot set persistent booleans without managed policy")
else:
module.fail_json(msg="Cannot set persistent booleans; please try as root")
if semanage.semanage_connect(handle) < 0:
module.fail_json(msg="Failed to connect to semanage")
if semanage.semanage_begin_transaction(handle) < 0:
module.fail_json(msg="Failed to begin semanage transaction")
rc, sebool = semanage.semanage_bool_create(handle)
if rc < 0:
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
module.fail_json(msg="Failed to set seboolean name with semanage")
semanage.semanage_bool_set_value(sebool, value)
rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
if rc < 0:
module.fail_json(msg="Failed to extract boolean key with semanage")
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(sebool)
semanage.semanage_set_reload(handle, 0)
if semanage.semanage_commit(handle) < 0:
module.fail_json(msg="Failed to commit changes to semanage")
semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
except Exception:
e = get_exception()
module.fail_json(msg="Failed to manage policy for boolean %s: %s" % (name, str(e)))
return True
def test_writeseuser(self,sh):
print "Testing seuser write..."
(status, seuser) = semanage.semanage_seuser_create(sh)
if status < 0:
raise Error("Could not create SEUser object")
if self.verbose: print "SEUser object created."
status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser")
if status < 0:
raise Error("Could not set name")
if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser)
status = semanage.semanage_seuser_set_sename(sh, seuser, "root")
if status < 0:
raise Error("Could not set sename")
if self.verbose: print "SEUser seuser: "******"s0:c0.c255")
if status < 0:
raise Error("Could not set MLS range")
if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser)
(status,key) = semanage.semanage_seuser_key_extract(sh,seuser)
if status < 0:
raise Error("Could not extract SEUser key")
if self.verbose: print "SEUser key extracted: ", key
(status,exists) = semanage.semanage_seuser_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEUser exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_seuser) = semanage.semanage_seuser_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEUser")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_seuser_modify_local(sh,key,seuser)
if status < 0:
raise Error("Could not modify SEUser")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing seuser..."
status = semanage.semanage_seuser_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEUser")
if self.verbose: print "Seuser delete: ", status
else:
print "Resetting seuser..."
status = semanage.semanage_seuser_modify_local(sh, key, old_seuser)
if status < 0:
raise Error("Could not reset test SEUser")
if self.verbose: print "Seuser modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_seuser_key_free(key)
semanage.semanage_seuser_free(seuser)
if exists: semanage.semanage_seuser_free(old_seuser)
def test_writeuser(self,sh):
print "Testing user write..."
(status, user) = semanage.semanage_user_create(sh)
if status < 0:
raise Error("Could not create user object")
if self.verbose: print "User object created"
status = semanage.semanage_user_set_name(sh,user, "testPyUser")
if status < 0:
raise Error("Could not set user name")
if self.verbose: print "User name set: ", semanage.semanage_user_get_name(user)
status = semanage.semanage_user_add_role(sh, user, "user_r")
if status < 0:
raise Error("Could not add role")
status = semanage.semanage_user_set_prefix(sh,user, "user")
if status < 0:
raise Error("Could not set labeling prefix")
if self.verbose: print "User prefix set: ", semanage.semanage_user_get_prefix(user)
status = semanage.semanage_user_set_mlsrange(sh, user, "s0")
if status < 0:
raise Error("Could not set MLS range")
if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user)
status = semanage.semanage_user_set_mlslevel(sh, user, "s0")
if status < 0:
raise Error("Could not set MLS level")
if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user)
(status,key) = semanage.semanage_user_key_extract(sh,user)
if status < 0:
raise Error("Could not extract user key")
if self.verbose: print "User key extracted: ", key
(status,exists) = semanage.semanage_user_exists_local(sh,key)
if status < 0:
raise Error("Could not check if user exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_user) = semanage.semanage_user_query_local(sh, key)
if status < 0:
raise Error("Could not query old user")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction.."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_user_modify_local(sh,key,user)
if status < 0:
raise Error("Could not modify user")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing user..."
status = semanage.semanage_user_del_local(sh, key)
if status < 0:
raise Error("Could not delete test user")
if self.verbose: print "User delete: ", status
else:
print "Resetting user..."
status = semanage.semanage_user_modify_local(sh, key, old_user)
if status < 0:
raise Error("Could not reset test user")
if self.verbose: print "User modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_user_key_free(key)
semanage.semanage_user_free(user)
if exists: semanage.semanage_user_free(old_user)
def test_writeinterface(self,sh):
print "Testing network interface write..."
(status, iface) = semanage.semanage_iface_create(sh)
if status < 0:
raise Error("Could not create SEIface object")
if self.verbose: print "SEIface object created."
status = semanage.semanage_iface_set_name(sh, iface, "test_iface")
if status < 0:
raise Error("Could not set SEIface name")
if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_name(iface)
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose: print "SEContext object created (for network interface)"
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set interface context user")
if self.verbose: print "SEContext user: "******"object_r")
if status < 0:
raise Error("Could not set interface context role")
if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
status = semanage.semanage_context_set_type(sh, con, "default_t")
if status < 0:
raise Error("Could not set interface context type")
if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set interface context MLS fields")
if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
status = semanage.semanage_iface_set_ifcon(sh, iface, con)
if status < 0:
raise Error("Could not set SEIface interface context")
if self.verbose: print "SEIface interface context set: ", con
status = semanage.semanage_iface_set_msgcon(sh, iface, con)
if status < 0:
raise Error("Could not set SEIface message context")
if self.verbose: print "SEIface message context set: ", con
(status,key) = semanage.semanage_iface_key_extract(sh,iface)
if status < 0:
raise Error("Could not extract SEIface key")
if self.verbose: print "SEIface key extracted: ", key
(status,exists) = semanage.semanage_iface_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEIface exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_iface) = semanage.semanage_iface_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEIface")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not begin semanage transaction")
status = semanage.semanage_iface_modify_local(sh,key,iface)
if status < 0:
raise Error("Could not modify SEIface")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not begin semanage transaction")
if not exists:
print "Removing interface..."
status = semanage.semanage_iface_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEIface")
if self.verbose: print "Interface delete: ", status
else:
print "Resetting interface..."
status = semanage.semanage_iface_modify_local(sh, key, old_iface)
if status < 0:
raise Error("Could not reset test SEIface")
if self.verbose: print "Interface modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_context_free(con)
semanage.semanage_iface_key_free(key)
semanage.semanage_iface_free(iface)
if exists: semanage.semanage_iface_free(old_iface)
def test_writeport(self, sh):
print("Testing port write...")
(status, port) = semanage.semanage_port_create(sh)
if status < 0:
raise Error("Could not create SEPort object")
if self.verbose:
print("SEPort object created.")
semanage.semanage_port_set_range(port, 150, 200)
low = semanage.semanage_port_get_low(port)
high = semanage.semanage_port_get_high(port)
if self.verbose:
print("SEPort range set: %s-%s" % (low, high))
semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP)
if self.verbose:
print("SEPort protocol set: %s" %
semanage.semanage_port_get_proto_str(
semanage.SEMANAGE_PROTO_TCP))
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose:
print("SEContext object created (for port).")
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose:
print("SEContext user: %s" %
semanage.semanage_context_get_user(con))
status = semanage.semanage_context_set_role(sh, con, "object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose:
print("SEContext role: %s" %
semanage.semanage_context_get_role(con))
status = semanage.semanage_context_set_type(sh, con, "http_port_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose:
print("SEContext type: %s" %
semanage.semanage_context_get_type(con))
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose:
print("SEContext mls: %s" % semanage.semanage_context_get_mls(con))
status = semanage.semanage_port_set_con(sh, port, con)
if status < 0:
raise Error("Could not set SEPort context")
if self.verbose:
print("SEPort context set: %s" % con)
(status, key) = semanage.semanage_port_key_extract(sh, port)
if status < 0:
raise Error("Could not extract SEPort key")
if self.verbose:
print("SEPort key extracted: %s" % key)
(status, exists) = semanage.semanage_port_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEPort exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_port) = semanage.semanage_port_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEPort")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_port_modify_local(sh, key, port)
if status < 0:
raise Error("Could not modify SEPort")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing port range...")
status = semanage.semanage_port_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEPort")
if self.verbose:
print("Port range delete: %s" % status)
else:
print("Resetting port range...")
status = semanage.semanage_port_modify_local(sh, key, old_port)
if status < 0:
raise Error("Could not reset test SEPort")
if self.verbose:
print("Port range modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_context_free(con)
semanage.semanage_port_key_free(key)
semanage.semanage_port_free(port)
if exists:
semanage.semanage_port_free(old_port)
def test_writeseuser(self, sh):
print("Testing seuser write...")
(status, seuser) = semanage.semanage_seuser_create(sh)
if status < 0:
raise Error("Could not create SEUser object")
if self.verbose:
print("SEUser object created.")
status = semanage.semanage_seuser_set_name(sh, seuser, "testPySEUser")
if status < 0:
raise Error("Could not set name")
if self.verbose:
print("SEUser name set: %s" %
semanage.semanage_seuser_get_name(seuser))
status = semanage.semanage_seuser_set_sename(sh, seuser, "root")
if status < 0:
raise Error("Could not set sename")
if self.verbose:
print("SEUser seuser: %s" %
semanage.semanage_seuser_get_sename(seuser))
status = semanage.semanage_seuser_set_mlsrange(sh, seuser,
"s0:c0.c255")
if status < 0:
raise Error("Could not set MLS range")
if self.verbose:
print("SEUser mlsrange: %s" %
semanage.semanage_seuser_get_mlsrange(seuser))
(status, key) = semanage.semanage_seuser_key_extract(sh, seuser)
if status < 0:
raise Error("Could not extract SEUser key")
if self.verbose:
print("SEUser key extracted: %s" % key)
(status, exists) = semanage.semanage_seuser_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEUser exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status,
old_seuser) = semanage.semanage_seuser_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEUser")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_seuser_modify_local(sh, key, seuser)
if status < 0:
raise Error("Could not modify SEUser")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing seuser...")
status = semanage.semanage_seuser_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEUser")
if self.verbose:
print("Seuser delete: %s" % status)
else:
print("Resetting seuser...")
status = semanage.semanage_seuser_modify_local(sh, key, old_seuser)
if status < 0:
raise Error("Could not reset test SEUser")
if self.verbose:
print("Seuser modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_seuser_key_free(key)
semanage.semanage_seuser_free(seuser)
if exists:
semanage.semanage_seuser_free(old_seuser)
def test_writeuser(self, sh):
print("Testing user write...")
(status, user) = semanage.semanage_user_create(sh)
if status < 0:
raise Error("Could not create user object")
if self.verbose:
print("User object created")
status = semanage.semanage_user_set_name(sh, user, "testPyUser")
if status < 0:
raise Error("Could not set user name")
if self.verbose:
print("User name set: %s" % semanage.semanage_user_get_name(user))
status = semanage.semanage_user_add_role(sh, user, "user_r")
if status < 0:
raise Error("Could not add role")
status = semanage.semanage_user_set_prefix(sh, user, "user")
if status < 0:
raise Error("Could not set labeling prefix")
if self.verbose:
print("User prefix set: %s" %
semanage.semanage_user_get_prefix(user))
status = semanage.semanage_user_set_mlsrange(sh, user, "s0")
if status < 0:
raise Error("Could not set MLS range")
if self.verbose:
print("User mlsrange: %s" %
semanage.semanage_user_get_mlsrange(user))
status = semanage.semanage_user_set_mlslevel(sh, user, "s0")
if status < 0:
raise Error("Could not set MLS level")
if self.verbose:
print("User mlslevel: %s" %
semanage.semanage_user_get_mlslevel(user))
(status, key) = semanage.semanage_user_key_extract(sh, user)
if status < 0:
raise Error("Could not extract user key")
if self.verbose:
print("User key extracted: %s" % key)
(status, exists) = semanage.semanage_user_exists_local(sh, key)
if status < 0:
raise Error("Could not check if user exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_user) = semanage.semanage_user_query_local(sh, key)
if status < 0:
raise Error("Could not query old user")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction..")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_user_modify_local(sh, key, user)
if status < 0:
raise Error("Could not modify user")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing user...")
status = semanage.semanage_user_del_local(sh, key)
if status < 0:
raise Error("Could not delete test user")
if self.verbose:
print("User delete: %s" % status)
else:
print("Resetting user...")
status = semanage.semanage_user_modify_local(sh, key, old_user)
if status < 0:
raise Error("Could not reset test user")
if self.verbose:
print("User modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_user_key_free(key)
semanage.semanage_user_free(user)
if exists:
semanage.semanage_user_free(old_user)
def test_writenode(self, sh):
print("Testing network node write...")
(status, node) = semanage.semanage_node_create(sh)
if status < 0:
raise Error("Could not create SENode object")
if self.verbose:
print("SENode object created.")
status = semanage.semanage_node_set_addr(sh, node,
semanage.SEMANAGE_PROTO_IP6,
"ffee:dddd::bbbb")
if status < 0:
raise Error("Could not set SENode address")
status = semanage.semanage_node_set_mask(sh, node,
semanage.SEMANAGE_PROTO_IP6,
"::ffff:ffff:abcd:0000")
if status < 0:
raise Error("Could not set SENode netmask")
semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6)
if self.verbose:
print("SENode protocol set: %s" %
semanage.semanage_node_get_proto_str(
semanage.SEMANAGE_PROTO_IP6))
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose:
print("SEContext object created (for node).")
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose:
print("SEContext user: %s" %
semanage.semanage_context_get_user(con))
status = semanage.semanage_context_set_role(sh, con, "object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose:
print("SEContext role: %s" %
semanage.semanage_context_get_role(con))
status = semanage.semanage_context_set_type(sh, con, "lo_node_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose:
print("SEContext type: %s" %
semanage.semanage_context_get_type(con))
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose:
print("SEContext mls: %s" % semanage.semanage_context_get_mls(con))
status = semanage.semanage_node_set_con(sh, node, con)
if status < 0:
raise Error("Could not set SENode context")
if self.verbose:
print("SENode context set: %s" % con)
(status, key) = semanage.semanage_node_key_extract(sh, node)
if status < 0:
raise Error("Could not extract SENode key")
if self.verbose:
print("SENode key extracted: %s" % key)
(status, exists) = semanage.semanage_node_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SENode exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_node) = semanage.semanage_node_query_local(sh, key)
if status < 0:
raise Error("Could not query old SENode")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_node_modify_local(sh, key, node)
if status < 0:
raise Error("Could not modify SENode")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing network node...")
status = semanage.semanage_node_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SENode")
if self.verbose:
print("Network node delete: %s" % status)
else:
print("Resetting network node...")
status = semanage.semanage_node_modify_local(sh, key, old_node)
if status < 0:
raise Error("Could not reset test SENode")
if self.verbose:
print("Network node modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_context_free(con)
semanage.semanage_node_key_free(key)
semanage.semanage_node_free(node)
if exists:
semanage.semanage_node_free(old_node)
def semanage_commit(module, handle, load=0):
semanage.semanage_set_reload(handle, load)
if semanage.semanage_commit(handle) < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to commit changes to semanage")
def test_writeport(self,sh):
print "Testing port write..."
(status, port) = semanage.semanage_port_create(sh)
if status < 0:
raise Error("Could not create SEPort object")
if self.verbose: print "SEPort object created."
semanage.semanage_port_set_range(port,150,200)
low = semanage.semanage_port_get_low(port)
high = semanage.semanage_port_get_high(port)
if self.verbose: print "SEPort range set: ", low, "-", high
semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP);
if self.verbose: print "SEPort protocol set: ", \
semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP)
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose: print "SEContext object created (for port)."
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose: print "SEContext user: "******"object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
status = semanage.semanage_context_set_type(sh, con, "http_port_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
status = semanage.semanage_port_set_con(sh, port, con)
if status < 0:
raise Error("Could not set SEPort context")
if self.verbose: print "SEPort context set: ", con
(status,key) = semanage.semanage_port_key_extract(sh,port)
if status < 0:
raise Error("Could not extract SEPort key")
if self.verbose: print "SEPort key extracted: ", key
(status,exists) = semanage.semanage_port_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEPort exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_port) = semanage.semanage_port_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEPort")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_port_modify_local(sh,key,port)
if status < 0:
raise Error("Could not modify SEPort")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing port range..."
status = semanage.semanage_port_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEPort")
if self.verbose: print "Port range delete: ", status
else:
print "Resetting port range..."
status = semanage.semanage_port_modify_local(sh, key, old_port)
if status < 0:
raise Error("Could not reset test SEPort")
if self.verbose: print "Port range modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_context_free(con)
semanage.semanage_port_key_free(key)
semanage.semanage_port_free(port)
if exists: semanage.semanage_port_free(old_port)
def test_writefcontext(self,sh):
print "Testing file context write..."
(status, fcon) = semanage.semanage_fcontext_create(sh)
if status < 0:
raise Error("Could not create SEFcontext object")
if self.verbose: print "SEFcontext object created."
status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?")
if status < 0:
raise Error("Could not set expression")
if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon)
semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG)
if self.verbose:
ftype = semanage.semanage_fcontext_get_type(fcon)
print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(ftype)
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose: print "SEContext object created (for file context)."
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose: print "SEContext user: "******"object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
status = semanage.semanage_context_set_type(sh, con, "default_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
status = semanage.semanage_fcontext_set_con(sh, fcon, con)
if status < 0:
raise Error("Could not set SEFcontext context")
if self.verbose: print "SEFcontext context set: ", con
(status,key) = semanage.semanage_fcontext_key_extract(sh,fcon)
if status < 0:
raise Error("Could not extract SEFcontext key")
if self.verbose: print "SEFcontext key extracted: ", key
(status,exists) = semanage.semanage_fcontext_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEFcontext exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEFcontext")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_fcontext_modify_local(sh,key,fcon)
if status < 0:
raise Error("Could not modify SEFcontext")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing file context..."
status = semanage.semanage_fcontext_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEFcontext")
if self.verbose: print "File context delete: ", status
else:
print "Resetting file context..."
status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext)
if status < 0:
raise Error("Could not reset test FContext")
if self.verbose: print "File context modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_context_free(con)
semanage.semanage_fcontext_key_free(key)
semanage.semanage_fcontext_free(fcon)
if exists: semanage.semanage_fcontext_free(old_fcontext)
def test_writefcontext(self, sh):
print("Testing file context write...")
(status, fcon) = semanage.semanage_fcontext_create(sh)
if status < 0:
raise Error("Could not create SEFcontext object")
if self.verbose:
print("SEFcontext object created.")
status = semanage.semanage_fcontext_set_expr(sh, fcon,
"/test/fcontext(/.*)?")
if status < 0:
raise Error("Could not set expression")
if self.verbose:
print("SEFContext expr set: %s" %
semanage.semanage_fcontext_get_expr(fcon))
semanage.semanage_fcontext_set_type(fcon,
semanage.SEMANAGE_FCONTEXT_REG)
if self.verbose:
ftype = semanage.semanage_fcontext_get_type(fcon)
print("SEFContext type set: %s" %
semanage.semanage_fcontext_get_type_str(ftype))
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose:
print("SEContext object created (for file context).")
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose:
print("SEContext user: %s" %
semanage.semanage_context_get_user(con))
status = semanage.semanage_context_set_role(sh, con, "object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose:
print("SEContext role: %s" %
semanage.semanage_context_get_role(con))
status = semanage.semanage_context_set_type(sh, con, "default_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose:
print("SEContext type: %s" %
semanage.semanage_context_get_type(con))
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose:
print("SEContext mls: %s" % semanage.semanage_context_get_mls(con))
status = semanage.semanage_fcontext_set_con(sh, fcon, con)
if status < 0:
raise Error("Could not set SEFcontext context")
if self.verbose:
print("SEFcontext context set: %s" % con)
(status, key) = semanage.semanage_fcontext_key_extract(sh, fcon)
if status < 0:
raise Error("Could not extract SEFcontext key")
if self.verbose:
print("SEFcontext key extracted: %s" % key)
(status, exists) = semanage.semanage_fcontext_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEFcontext exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status,
old_fcontext) = semanage.semanage_fcontext_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEFcontext")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_fcontext_modify_local(sh, key, fcon)
if status < 0:
raise Error("Could not modify SEFcontext")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing file context...")
status = semanage.semanage_fcontext_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEFcontext")
if self.verbose:
print("File context delete: %s" % status)
else:
print("Resetting file context...")
status = semanage.semanage_fcontext_modify_local(
sh, key, old_fcontext)
if status < 0:
raise Error("Could not reset test FContext")
if self.verbose:
print("File context modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_context_free(con)
semanage.semanage_fcontext_key_free(key)
semanage.semanage_fcontext_free(fcon)
if exists:
semanage.semanage_fcontext_free(old_fcontext)
def test_writeboolean(self,sh):
print "Testing boolean write..."
(status, pbool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool)
semanage.semanage_bool_set_value(pbool, 0)
if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(pbool)
(status,key) = semanage.semanage_bool_key_extract(sh, pbool)
if status < 0:
raise Error("Could not extract SEBool key")
if self.verbose: print "SEBool key extracted: ", key
(status,exists) = semanage.semanage_bool_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SEBool exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_bool) = semanage.semanage_bool_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_modify_local(sh, key, pbool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing boolean..."
status = semanage.semanage_bool_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEBool")
if self.verbose: print "Boolean delete: ", status
else:
print "Resetting boolean..."
status = semanage.semanage_bool_modify_local(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "Boolean modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(pbool)
if exists: semanage.semanage_bool_free(old_bool)
def test_writeinterface(self, sh):
print("Testing network interface write...")
(status, iface) = semanage.semanage_iface_create(sh)
if status < 0:
raise Error("Could not create SEIface object")
if self.verbose:
print("SEIface object created.")
status = semanage.semanage_iface_set_name(sh, iface, "test_iface")
if status < 0:
raise Error("Could not set SEIface name")
if self.verbose:
print("SEIface name set: %s" %
semanage.semanage_iface_get_name(iface))
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose:
print("SEContext object created (for network interface)")
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set interface context user")
if self.verbose:
print("SEContext user: %s" %
semanage.semanage_context_get_user(con))
status = semanage.semanage_context_set_role(sh, con, "object_r")
if status < 0:
raise Error("Could not set interface context role")
if self.verbose:
print("SEContext role: %s" %
semanage.semanage_context_get_role(con))
status = semanage.semanage_context_set_type(sh, con, "default_t")
if status < 0:
raise Error("Could not set interface context type")
if self.verbose:
print("SEContext type: %s" %
semanage.semanage_context_get_type(con))
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set interface context MLS fields")
if self.verbose:
print("SEContext mls: %s" % semanage.semanage_context_get_mls(con))
status = semanage.semanage_iface_set_ifcon(sh, iface, con)
if status < 0:
raise Error("Could not set SEIface interface context")
if self.verbose:
print("SEIface interface context set: %s" % con)
status = semanage.semanage_iface_set_msgcon(sh, iface, con)
if status < 0:
raise Error("Could not set SEIface message context")
if self.verbose:
print("SEIface message context set: %s" % con)
(status, key) = semanage.semanage_iface_key_extract(sh, iface)
if status < 0:
raise Error("Could not extract SEIface key")
if self.verbose:
print("SEIface key extracted: %s" % key)
(status, exists) = semanage.semanage_iface_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEIface exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_iface) = semanage.semanage_iface_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEIface")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not begin semanage transaction")
status = semanage.semanage_iface_modify_local(sh, key, iface)
if status < 0:
raise Error("Could not modify SEIface")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not begin semanage transaction")
if not exists:
print("Removing interface...")
status = semanage.semanage_iface_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEIface")
if self.verbose:
print("Interface delete: %s" % status)
else:
print("Resetting interface...")
status = semanage.semanage_iface_modify_local(sh, key, old_iface)
if status < 0:
raise Error("Could not reset test SEIface")
if self.verbose:
print("Interface modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_context_free(con)
semanage.semanage_iface_key_free(key)
semanage.semanage_iface_free(iface)
if exists:
semanage.semanage_iface_free(old_iface)
def test_writenode(self,sh):
print "Testing network node write..."
(status, node) = semanage.semanage_node_create(sh)
if status < 0:
raise Error("Could not create SENode object")
if self.verbose: print "SENode object created."
status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb")
if status < 0:
raise Error("Could not set SENode address")
status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000")
if status < 0:
raise Error("Could not set SENode netmask")
semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6);
if self.verbose: print "SENode protocol set: ", \
semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6)
(status, con) = semanage.semanage_context_create(sh)
if status < 0:
raise Error("Could not create SEContext object")
if self.verbose: print "SEContext object created (for node)."
status = semanage.semanage_context_set_user(sh, con, "system_u")
if status < 0:
raise Error("Could not set context user")
if self.verbose: print "SEContext user: "******"object_r")
if status < 0:
raise Error("Could not set context role")
if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
status = semanage.semanage_context_set_type(sh, con, "lo_node_t")
if status < 0:
raise Error("Could not set context type")
if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
if status < 0:
raise Error("Could not set context MLS fields")
if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
status = semanage.semanage_node_set_con(sh, node, con)
if status < 0:
raise Error("Could not set SENode context")
if self.verbose: print "SENode context set: ", con
(status,key) = semanage.semanage_node_key_extract(sh, node)
if status < 0:
raise Error("Could not extract SENode key")
if self.verbose: print "SENode key extracted: ", key
(status,exists) = semanage.semanage_node_exists_local(sh,key)
if status < 0:
raise Error("Could not check if SENode exists")
if self.verbose: print "Exists status (commit number): ", status
if exists:
(status, old_node) = semanage.semanage_node_query_local(sh, key)
if status < 0:
raise Error("Could not query old SENode")
if self.verbose: print "Query status (commit number): ", status
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_node_modify_local(sh,key, node)
if status < 0:
raise Error("Could not modify SENode")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print "Removing network node..."
status = semanage.semanage_node_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SENode")
if self.verbose: print "Network node delete: ", status
else:
print "Resetting network node..."
status = semanage.semanage_node_modify_local(sh, key, old_node)
if status < 0:
raise Error("Could not reset test SENode")
if self.verbose: print "Network node modify: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_context_free(con)
semanage.semanage_node_key_free(key)
semanage.semanage_node_free(node)
if exists: semanage.semanage_node_free(old_node)
def test_writeboolean(self, sh):
print("Testing boolean write...")
(status, pbool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose:
print("SEBool object created.")
status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose:
print("SEBool name set: %s" %
semanage.semanage_bool_get_name(pbool))
semanage.semanage_bool_set_value(pbool, 0)
if self.verbose:
print("SEbool value set: %s" %
semanage.semanage_bool_get_value(pbool))
(status, key) = semanage.semanage_bool_key_extract(sh, pbool)
if status < 0:
raise Error("Could not extract SEBool key")
if self.verbose:
print("SEBool key extracted: %s" % key)
(status, exists) = semanage.semanage_bool_exists_local(sh, key)
if status < 0:
raise Error("Could not check if SEBool exists")
if self.verbose:
print("Exists status (commit number): %s" % status)
if exists:
(status, old_bool) = semanage.semanage_bool_query_local(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose:
print("Query status (commit number): %s" % status)
print("Starting transaction...")
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_modify_local(sh, key, pbool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print("Commit status (transaction number): %s" % status)
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
if not exists:
print("Removing boolean...")
status = semanage.semanage_bool_del_local(sh, key)
if status < 0:
raise Error("Could not delete test SEBool")
if self.verbose:
print("Boolean delete: %s" % status)
else:
print("Resetting boolean...")
status = semanage.semanage_bool_modify_local(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose:
print("Boolean modify: %s" % status)
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print("Commit status (transaction number): %s" % status)
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(pbool)
if exists:
semanage.semanage_bool_free(old_bool)
