def test_ports(self, sh): print("Testing ports...") (status, plist) = semanage.semanage_port_list(sh) if status < 0: raise Error("Could not list ports") print("Query status (commit number): %s" % status) if len(plist) == 0: print("No ports found!") print("This is not necessarily a test failure.") return for port in plist: if self.verbose: print("Port reference: %s" % port) low = semanage.semanage_port_get_low(port) high = semanage.semanage_port_get_high(port) con = semanage.semanage_port_get_con(port) proto = semanage.semanage_port_get_proto(port) proto_str = semanage.semanage_port_get_proto_str(proto) if low == high: range_str = str(low) else: range_str = str(low) + "-" + str(high) (rc, con_str) = semanage.semanage_context_to_string(sh, con) if rc < 0: con_str = "" print("Port: %s %s Context: %s" % (range_str, proto_str, con_str)) semanage.semanage_port_free(port)
def test_ports(self,sh): print "Testing ports..." (status, plist) = semanage.semanage_port_list(sh) if status < 0: raise Error("Could not list ports") print "Query status (commit number): ", status if ( len(plist) == 0): print "No ports found!" print "This is not necessarily a test failure." return for port in plist: if self.verbose: print "Port reference: ", port low = semanage.semanage_port_get_low(port) high = semanage.semanage_port_get_high(port) con = semanage.semanage_port_get_con(port) proto = semanage.semanage_port_get_proto(port) proto_str = semanage.semanage_port_get_proto_str(proto) if low == high: range_str = str(low) else: range_str = str(low) + "-" + str(high) (rc, con_str) = semanage.semanage_context_to_string(sh,con) if rc < 0: con_str = "" print "Port: ", range_str, " ", proto_str, " Context: ", con_str semanage.semanage_port_free(port)
def print_port(kind, port): con = semanage.semanage_port_get_con(port) con_str = semanage.semanage_context_to_string(handle, con) high = semanage.semanage_port_get_high(port) low = semanage.semanage_port_get_low(port) proto = semanage.semanage_port_get_proto(port) proto_str = semanage.semanage_port_get_proto_str(proto) print(kind, con_str[1], high, low, proto_str)
def list_ports(port_number): handle = semanage.semanage_handle_create() semanage.semanage_connect(handle) (rc, plist) = semanage.semanage_port_list(handle) (rc, plocal) = semanage.semanage_port_list_local(handle) for port in plist + plocal: con = semanage.semanage_port_get_con(port) ctype = semanage.semanage_context_get_type(con) low = semanage.semanage_port_get_low(port) if low == port_number: return ctype
def list_ports(port_number, port_proto): handle = semanage.semanage_handle_create() semanage.semanage_connect(handle) (rc, plist) = semanage.semanage_port_list(handle) (rc, plocal) = semanage.semanage_port_list_local(handle) for port in plocal + plist: con = semanage.semanage_port_get_con(port) ctype = semanage.semanage_context_get_type(con) proto = semanage.semanage_port_get_proto(port) proto_str = semanage.semanage_port_get_proto_str(proto) low = semanage.semanage_port_get_low(port) high = semanage.semanage_port_get_high(port) if low <= port_number <= high and port_proto == proto_str: return ctype
def test_writeport(self,sh): print "Testing port write..." (status, port) = semanage.semanage_port_create(sh) if status < 0: raise Error("Could not create SEPort object") if self.verbose: print "SEPort object created." semanage.semanage_port_set_range(port,150,200) low = semanage.semanage_port_get_low(port) high = semanage.semanage_port_get_high(port) if self.verbose: print "SEPort range set: ", low, "-", high semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP); if self.verbose: print "SEPort protocol set: ", \ semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP) (status, con) = semanage.semanage_context_create(sh) if status < 0: raise Error("Could not create SEContext object") if self.verbose: print "SEContext object created (for port)." status = semanage.semanage_context_set_user(sh, con, "system_u") if status < 0: raise Error("Could not set context user") if self.verbose: print "SEContext user: "******"object_r") if status < 0: raise Error("Could not set context role") if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) status = semanage.semanage_context_set_type(sh, con, "http_port_t") if status < 0: raise Error("Could not set context type") if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") if status < 0: raise Error("Could not set context MLS fields") if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) status = semanage.semanage_port_set_con(sh, port, con) if status < 0: raise Error("Could not set SEPort context") if self.verbose: print "SEPort context set: ", con (status,key) = semanage.semanage_port_key_extract(sh,port) if status < 0: raise Error("Could not extract SEPort key") if self.verbose: print "SEPort key extracted: ", key (status,exists) = semanage.semanage_port_exists_local(sh,key) if status < 0: raise Error("Could not check if SEPort exists") if self.verbose: print "Exists status (commit number): ", status if exists: (status, old_port) = semanage.semanage_port_query_local(sh, key) if status < 0: raise Error("Could not query old SEPort") if self.verbose: print "Query status (commit number): ", status print "Starting transaction..." status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") status = semanage.semanage_port_modify_local(sh,key,port) if status < 0: raise Error("Could not modify SEPort") status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit test transaction") print "Commit status (transaction number): ", status status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") if not exists: print "Removing port range..." status = semanage.semanage_port_del_local(sh, key) if status < 0: raise Error("Could not delete test SEPort") if self.verbose: print "Port range delete: ", status else: print "Resetting port range..." status = semanage.semanage_port_modify_local(sh, key, old_port) if status < 0: raise Error("Could not reset test SEPort") if self.verbose: print "Port range modify: ", status status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit reset transaction") print "Commit status (transaction number): ", status semanage.semanage_context_free(con) semanage.semanage_port_key_free(key) semanage.semanage_port_free(port) if exists: semanage.semanage_port_free(old_port)
def test_writeport(self, sh): print("Testing port write...") (status, port) = semanage.semanage_port_create(sh) if status < 0: raise Error("Could not create SEPort object") if self.verbose: print("SEPort object created.") semanage.semanage_port_set_range(port, 150, 200) low = semanage.semanage_port_get_low(port) high = semanage.semanage_port_get_high(port) if self.verbose: print("SEPort range set: %s-%s" % (low, high)) semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP) if self.verbose: print("SEPort protocol set: %s" % semanage.semanage_port_get_proto_str( semanage.SEMANAGE_PROTO_TCP)) (status, con) = semanage.semanage_context_create(sh) if status < 0: raise Error("Could not create SEContext object") if self.verbose: print("SEContext object created (for port).") status = semanage.semanage_context_set_user(sh, con, "system_u") if status < 0: raise Error("Could not set context user") if self.verbose: print("SEContext user: %s" % semanage.semanage_context_get_user(con)) status = semanage.semanage_context_set_role(sh, con, "object_r") if status < 0: raise Error("Could not set context role") if self.verbose: print("SEContext role: %s" % semanage.semanage_context_get_role(con)) status = semanage.semanage_context_set_type(sh, con, "http_port_t") if status < 0: raise Error("Could not set context type") if self.verbose: print("SEContext type: %s" % semanage.semanage_context_get_type(con)) status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") if status < 0: raise Error("Could not set context MLS fields") if self.verbose: print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) status = semanage.semanage_port_set_con(sh, port, con) if status < 0: raise Error("Could not set SEPort context") if self.verbose: print("SEPort context set: %s" % con) (status, key) = semanage.semanage_port_key_extract(sh, port) if status < 0: raise Error("Could not extract SEPort key") if self.verbose: print("SEPort key extracted: %s" % key) (status, exists) = semanage.semanage_port_exists_local(sh, key) if status < 0: raise Error("Could not check if SEPort exists") if self.verbose: print("Exists status (commit number): %s" % status) if exists: (status, old_port) = semanage.semanage_port_query_local(sh, key) if status < 0: raise Error("Could not query old SEPort") if self.verbose: print("Query status (commit number): %s" % status) print("Starting transaction...") status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") status = semanage.semanage_port_modify_local(sh, key, port) if status < 0: raise Error("Could not modify SEPort") status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit test transaction") print("Commit status (transaction number): %s" % status) status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") if not exists: print("Removing port range...") status = semanage.semanage_port_del_local(sh, key) if status < 0: raise Error("Could not delete test SEPort") if self.verbose: print("Port range delete: %s" % status) else: print("Resetting port range...") status = semanage.semanage_port_modify_local(sh, key, old_port) if status < 0: raise Error("Could not reset test SEPort") if self.verbose: print("Port range modify: %s" % status) status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit reset transaction") print("Commit status (transaction number): %s" % status) semanage.semanage_context_free(con) semanage.semanage_port_key_free(key) semanage.semanage_port_free(port) if exists: semanage.semanage_port_free(old_port)