예제 #1
0
파일: dominance.py 프로젝트: tedx/mls-tools 
def check_dominance2(con1, con2, debug=False):
    (rc, raw_con1) = selinux.selinux_trans_to_raw_context(con1)
    (rc, raw_con2) = selinux.selinux_trans_to_raw_context(con2)

    avd = selinux.av_decision()
    selinux.avc_reset()
    if debug:
        logging.debug("check_dominance2: " + raw_con1 + " " + raw_con2)
    rc = selinux.security_compute_av_raw(raw_con1, raw_con2, SECCLASS_CONTEXT, CONTEXT__CONTAINS, avd)
    if rc < 0:
        raise Exception("selinux.security_compute_av_raw failed")
    if (avd.allowed & CONTEXT__CONTAINS) == CONTEXT__CONTAINS:
        return True
    else:
        return False
예제 #2
0
    def from_string(self, context):
        """Parse a string representing a context into a SecurityContext.

        The string should be in the standard format - e.g.,
        'user:role:type:level'.

        Raises ValueError if the string is not parsable as a security context.
        """
        # try to translate the context string to raw form
        raw = selinux.selinux_trans_to_raw_context(context)
        if raw[0] == 0:
            context = raw[1]

        fields = context.split(":")
        if len(fields) < 3:
            raise ValueError("context string [%s] not in a valid format" % context)

        self.user = fields[0]
        self.role = fields[1]
        self.type = fields[2]
        if len(fields) > 3:
            # FUTURE - normalize level fields to allow more comparisons to succeed.
            self.level = ':'.join(fields[3:])
        else:
            self.level = None
예제 #3
0
    def from_string(self, context):
        """Parse a string representing a context into a SecurityContext.

        The string should be in the standard format - e.g.,
        'user:role:type:level'.

        Raises ValueError if the string is not parsable as a security context.
        """
        # try to translate the context string to raw form
        raw = selinux.selinux_trans_to_raw_context(context)
        if raw[0] == 0:
            context = raw[1]

        fields = context.split(":")
        if len(fields) < 3:
            raise ValueError("context string [%s] not in a valid format" % context)

        self.user = fields[0]
        self.role = fields[1]
        self.type = fields[2]
        if len(fields) > 3:
            # FUTURE - normalize level fields to allow more comparisons to succeed.
            self.level = ':'.join(fields[3:])
        else:
            self.level = None
예제 #4
0
def check_dominance2(con1, con2, debug=False):
    (rc, raw_con1) = selinux.selinux_trans_to_raw_context(con1)
    (rc, raw_con2) = selinux.selinux_trans_to_raw_context(con2)

    avd = selinux.av_decision()
    selinux.avc_reset()
    if debug:
        logging.debug("check_dominance2: " + raw_con1 + " " + raw_con2)
    rc = selinux.security_compute_av_raw(raw_con1, raw_con2, SECCLASS_CONTEXT,
                                         CONTEXT__CONTAINS, avd)
    if rc < 0:
        raise Exception("selinux.security_compute_av_raw failed")
    if (avd.allowed & CONTEXT__CONTAINS) == CONTEXT__CONTAINS:
        return True
    else:
        return False
예제 #5
0
파일: polydir.py 프로젝트: tedx/mls-tools 
def make_polydir_name(dir_name, context):
    (rc, dircon) = selinux.getfilecon(dir_name)
    if rc < 0:
        raise Exception("Error in getting directory context: %s " % (dir_name))
    context_array = dircon.split(":")
    # Only generate polyinstantiated name based on the level not the range
    context_array[3] = get_level(context)
    newcontext = ':'.join(context_array)
    (rc, full_dir) = selinux.selinux_trans_to_raw_context(newcontext)
    if rc < 0:
        raise Exception("Error translating context: %s " % (newcontext))
    m = md5.new()
    m.update(full_dir)
    return dir_name + ".inst/" + m.hexdigest()
예제 #6
0
파일: polydir.py 프로젝트: tedx/mls-tools 
def make_polydir_name(dir_name, context):
    (rc, dircon) = selinux.getfilecon(dir_name)
    if rc < 0:
        raise Exception("Error in getting directory context: %s " % (dir_name))
    context_array = dircon.split(":")
    # Only generate polyinstantiated name based on the level not the range
    context_array[3] = get_level(context)
    newcontext = ':'.join(context_array)
    (rc, full_dir) = selinux.selinux_trans_to_raw_context(newcontext)
    if rc < 0:
        raise Exception("Error translating context: %s " % (newcontext))
    m = md5.new()
    m.update(full_dir)
    return dir_name + ".inst/" + m.hexdigest()
예제 #7
0
def untranslate(trans, prepend=1):
    if prepend == 1:
        context = "a:b:c:%s" % trans
    else:
        context = trans

    (rc, raw) = selinux.selinux_trans_to_raw_context(context)
    if rc != 0:
        return trans
    if prepend:
        raw = raw.strip("a:b:c")
    if raw == "":
        return trans
    else:
        return raw
예제 #8
0
def untranslate(trans, prepend=1):
 	if prepend == 1:
		context="a:b:c:%s" % trans
	else:
		context = trans

	(rc, raw)=selinux.selinux_trans_to_raw_context(context)
	if rc != 0:
		return trans
	if prepend:
		raw = raw.strip("a:b:c")	
	if raw == "":
		return trans
	else:
		return raw
예제 #9
0
파일: seobject.py 프로젝트: carlgao/lenga 
def untranslate(trans, prepend = 1):
        filler="a:b:c:"
 	if prepend == 1:
		context = "%s%s" % (filler,trans)
	else:
		context = trans

	(rc, raw) = selinux.selinux_trans_to_raw_context(context)
	if rc != 0:
		return trans
	if prepend:
		raw = raw[len(filler):]
	if raw == "":
		return trans
	else:
		return raw
예제 #10
0
파일: dominance.py 프로젝트: tedx/mls-tools 
def check_dominance(con, debug=False):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    if rc != 0:
        raise Exception("selinux.selinux_trans_to_raw_context failed: %d" % rc)
 
    avd = selinux.av_decision()
    selinux.avc_reset()
    if debug:
        logging.debug("check_dominance: %s %s" % (dom_raw_context, raw_con))
    rc = selinux.security_compute_av_raw(dom_raw_context, raw_con, SECCLASS_CONTEXT, CONTEXT__CONTAINS, avd)
    if rc < 0:
        raise Exception("selinux.security_compute_av_raw failed")
    if (avd.allowed & CONTEXT__CONTAINS) == CONTEXT__CONTAINS:
        if debug:
            logging.debug("check_dominance: returned True")
        return True
    else:
        if debug:
            logging.debug("check_dominance: returned False")
        return False
예제 #11
0
def check_dominance(con, debug=False):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    if rc != 0:
        raise Exception("selinux.selinux_trans_to_raw_context failed: %d" % rc)

    avd = selinux.av_decision()
    selinux.avc_reset()
    if debug:
        logging.debug("check_dominance: %s %s" % (dom_raw_context, raw_con))
    rc = selinux.security_compute_av_raw(dom_raw_context, raw_con,
                                         SECCLASS_CONTEXT, CONTEXT__CONTAINS,
                                         avd)
    if rc < 0:
        raise Exception("selinux.security_compute_av_raw failed")
    if (avd.allowed & CONTEXT__CONTAINS) == CONTEXT__CONTAINS:
        if debug:
            logging.debug("check_dominance: returned True")
        return True
    else:
        if debug:
            logging.debug("check_dominance: returned False")
        return False
예제 #12
0
파일: dominance.py 프로젝트: tedx/mls-tools 
import logging
import selinux

SECCLASS_CONTEXT = selinux.string_to_security_class("context")
CONTEXT__CONTAINS = selinux.string_to_av_perm(SECCLASS_CONTEXT, "contains")

(rc, dom_context) = selinux.getcon()
(rc, dom_raw_context) = selinux.selinux_trans_to_raw_context(dom_context)

def check_level_dominance2(level1, level2, debug=False):
    context_array = dom_context.split(":")
    context_array[3] = level1
    level1_con = ':'.join(context_array)
    context_array[3] = level2
    level2_con = ':'.join(context_array)
    return check_dominance2(level1_con, level2_con, debug)

def check_level_dominance(level, debug=False):
    context_array = dom_context.split(":")
    context_array[3] = level
    con = ':'.join(context_array)
    if debug:
        logging.debug("check_level_dominance: %s" % (con))
    return check_dominance(con, debug)

def check_dominance(con, debug=False):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    if rc != 0:
        raise Exception("selinux.selinux_trans_to_raw_context failed: %d" % rc)
 
    avd = selinux.av_decision()
예제 #13
0
def get_raw_con(con):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    return raw_con
예제 #14
0
def get_raw_range(con):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    raw_con_range = raw_con.replace(":", " ", 3).split(" ")[3]
    return raw_con_range
예제 #15
0
파일: context.py 프로젝트: tedx/mls-tools 
def get_raw_range(con):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    raw_con_range = raw_con.replace(":", " ", 3).split(" ")[3]
    return raw_con_range
예제 #16
0
import logging
import selinux

SECCLASS_CONTEXT = selinux.string_to_security_class("context")
CONTEXT__CONTAINS = selinux.string_to_av_perm(SECCLASS_CONTEXT, "contains")

(rc, dom_context) = selinux.getcon()
(rc, dom_raw_context) = selinux.selinux_trans_to_raw_context(dom_context)


def check_level_dominance2(level1, level2, debug=False):
    context_array = dom_context.split(":")
    context_array[3] = level1
    level1_con = ':'.join(context_array)
    context_array[3] = level2
    level2_con = ':'.join(context_array)
    return check_dominance2(level1_con, level2_con, debug)


def check_level_dominance(level, debug=False):
    context_array = dom_context.split(":")
    context_array[3] = level
    con = ':'.join(context_array)
    if debug:
        logging.debug("check_level_dominance: %s" % (con))
    return check_dominance(con, debug)


def check_dominance(con, debug=False):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    if rc != 0:
예제 #17
0
파일: context.py 프로젝트: tedx/mls-tools 
def get_raw_con(con):
    (rc, raw_con) = selinux.selinux_trans_to_raw_context(con)
    return raw_con