def list_contexts(directory): directory_len = (len(directory)) handle = semanage.semanage_handle_create() semanage.semanage_connect(handle) (rc, fclist) = semanage.semanage_fcontext_list(handle) (rc, fclocal) = semanage.semanage_fcontext_list_local(handle) (rc, fchome) = semanage.semanage_fcontext_list_homedirs(handle) contexts = [] for fcontext in fclist + fclocal + fchome: expression = semanage.semanage_fcontext_get_expr(fcontext) if expression[0:directory_len] == directory: context = semanage.semanage_fcontext_get_con(fcontext) if context: contexts.append(semanage.semanage_context_get_type(context)) selabel = selinux.selabel_open(selinux.SELABEL_CTX_FILE, None, 0) (rc, context) = selinux.selabel_lookup(selabel, directory, 0) if context == None: if exists(directory) == False: exit(3) context = selinux.getfilecon(directory)[1] contexts.append(context.split(':')[2]) return contexts
def test_fcontexts(self,sh): print "Testing file contexts..." (status, flist) = semanage.semanage_fcontext_list(sh) if status < 0: raise Error("Could not list file contexts") print "Query status (commit number): ", status if (len(flist) == 0): print "No file contexts found!" print "This is not necessarily a test failure." return for fcon in flist: if self.verbose: print "File Context reference: ", fcon expr = semanage.semanage_fcontext_get_expr(fcon) type = semanage.semanage_fcontext_get_type(fcon) type_str = semanage.semanage_fcontext_get_type_str(type) con = semanage.semanage_fcontext_get_con(fcon) if not con: con_str = "<<none>>" else: (rc, con_str) = semanage.semanage_context_to_string(sh,con) if rc < 0: con_str = "" print "File Expr: ", expr, " [", type_str, "] Context: ", con_str semanage.semanage_fcontext_free(fcon)
def test_fcontexts(self, sh): print("Testing file contexts...") (status, flist) = semanage.semanage_fcontext_list(sh) if status < 0: raise Error("Could not list file contexts") print("Query status (commit number): %s" % status) if len(flist) == 0: print("No file contexts found!") print("This is not necessarily a test failure.") return for fcon in flist: if self.verbose: print("File Context reference: %s" % fcon) expr = semanage.semanage_fcontext_get_expr(fcon) type = semanage.semanage_fcontext_get_type(fcon) type_str = semanage.semanage_fcontext_get_type_str(type) con = semanage.semanage_fcontext_get_con(fcon) if not con: con_str = "<<none>>" else: (rc, con_str) = semanage.semanage_context_to_string(sh, con) if rc < 0: con_str = "" print("File Expr: %s [%s] Context: %s" % (expr, type_str, con_str)) semanage.semanage_fcontext_free(fcon)
def test_fcontexts(self, sh): print "Testing file contexts..." (status, flist) = semanage.semanage_fcontext_list(sh) if status < 0: raise Error("Could not list file contexts") print "Query status (commit number): ", status if (len(flist) == 0): print "No file contexts found!" print "This is not necessarily a test failure." return for fcon in flist: if self.verbose: print "File Context reference: ", fcon expr = semanage.semanage_fcontext_get_expr(fcon) type = semanage.semanage_fcontext_get_type(fcon) type_str = semanage.semanage_fcontext_get_type_str(type) con = semanage.semanage_fcontext_get_con(fcon) if not con: con_str = "<<none>>" else: (rc, con_str) = semanage.semanage_context_to_string(sh, con) if rc < 0: con_str = "" print "File Expr: ", expr, " [", type_str, "] Context: ", con_str semanage.semanage_fcontext_free(fcon)
def list_contexts(directory): directory_len = len(directory) handle = semanage.semanage_handle_create() semanage.semanage_connect(handle) (rc, fclist) = semanage.semanage_fcontext_list(handle) (rc, fclocal) = semanage.semanage_fcontext_list_local(handle) (rc, fchome) = semanage.semanage_fcontext_list_homedirs(handle) contexts = [] for fcontext in fclist + fclocal + fchome: expression = semanage.semanage_fcontext_get_expr(fcontext) if expression[0:directory_len] == directory: context = semanage.semanage_fcontext_get_con(fcontext) if context: contexts.append(semanage.semanage_context_get_type(context)) selabel = selinux.selabel_open(selinux.SELABEL_CTX_FILE, None, 0) try: (rc, context) = selinux.selabel_lookup(selabel, directory, 0) except FileNotFoundError: # File context definition containing "<<none>>" triggers exception context = None if context: contexts.append(context.split(":")[2]) # Get the real label (ls -lZ) - may differ from what selabel_lookup returns try: context = selinux.getfilecon(directory)[1] except FileNotFoundError: context = None if context: contexts.append(context.split(":")[2]) return contexts
def test_writefcontext(self,sh): print "Testing file context write..." (status, fcon) = semanage.semanage_fcontext_create(sh) if status < 0: raise Error("Could not create SEFcontext object") if self.verbose: print "SEFcontext object created." status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") if status < 0: raise Error("Could not set expression") if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon) semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) if self.verbose: ftype = semanage.semanage_fcontext_get_type(fcon) print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(ftype) (status, con) = semanage.semanage_context_create(sh) if status < 0: raise Error("Could not create SEContext object") if self.verbose: print "SEContext object created (for file context)." status = semanage.semanage_context_set_user(sh, con, "system_u") if status < 0: raise Error("Could not set context user") if self.verbose: print "SEContext user: "******"object_r") if status < 0: raise Error("Could not set context role") if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) status = semanage.semanage_context_set_type(sh, con, "default_t") if status < 0: raise Error("Could not set context type") if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") if status < 0: raise Error("Could not set context MLS fields") if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) status = semanage.semanage_fcontext_set_con(sh, fcon, con) if status < 0: raise Error("Could not set SEFcontext context") if self.verbose: print "SEFcontext context set: ", con (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) if status < 0: raise Error("Could not extract SEFcontext key") if self.verbose: print "SEFcontext key extracted: ", key (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) if status < 0: raise Error("Could not check if SEFcontext exists") if self.verbose: print "Exists status (commit number): ", status if exists: (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) if status < 0: raise Error("Could not query old SEFcontext") if self.verbose: print "Query status (commit number): ", status print "Starting transaction..." status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") status = semanage.semanage_fcontext_modify_local(sh,key,fcon) if status < 0: raise Error("Could not modify SEFcontext") status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit test transaction") print "Commit status (transaction number): ", status status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") if not exists: print "Removing file context..." status = semanage.semanage_fcontext_del_local(sh, key) if status < 0: raise Error("Could not delete test SEFcontext") if self.verbose: print "File context delete: ", status else: print "Resetting file context..." status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) if status < 0: raise Error("Could not reset test FContext") if self.verbose: print "File context modify: ", status status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit reset transaction") print "Commit status (transaction number): ", status semanage.semanage_context_free(con) semanage.semanage_fcontext_key_free(key) semanage.semanage_fcontext_free(fcon) if exists: semanage.semanage_fcontext_free(old_fcontext)
def test_writefcontext(self, sh): print("Testing file context write...") (status, fcon) = semanage.semanage_fcontext_create(sh) if status < 0: raise Error("Could not create SEFcontext object") if self.verbose: print("SEFcontext object created.") status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") if status < 0: raise Error("Could not set expression") if self.verbose: print("SEFContext expr set: %s" % semanage.semanage_fcontext_get_expr(fcon)) semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) if self.verbose: ftype = semanage.semanage_fcontext_get_type(fcon) print("SEFContext type set: %s" % semanage.semanage_fcontext_get_type_str(ftype)) (status, con) = semanage.semanage_context_create(sh) if status < 0: raise Error("Could not create SEContext object") if self.verbose: print("SEContext object created (for file context).") status = semanage.semanage_context_set_user(sh, con, "system_u") if status < 0: raise Error("Could not set context user") if self.verbose: print("SEContext user: %s" % semanage.semanage_context_get_user(con)) status = semanage.semanage_context_set_role(sh, con, "object_r") if status < 0: raise Error("Could not set context role") if self.verbose: print("SEContext role: %s" % semanage.semanage_context_get_role(con)) status = semanage.semanage_context_set_type(sh, con, "default_t") if status < 0: raise Error("Could not set context type") if self.verbose: print("SEContext type: %s" % semanage.semanage_context_get_type(con)) status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") if status < 0: raise Error("Could not set context MLS fields") if self.verbose: print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) status = semanage.semanage_fcontext_set_con(sh, fcon, con) if status < 0: raise Error("Could not set SEFcontext context") if self.verbose: print("SEFcontext context set: %s" % con) (status, key) = semanage.semanage_fcontext_key_extract(sh, fcon) if status < 0: raise Error("Could not extract SEFcontext key") if self.verbose: print("SEFcontext key extracted: %s" % key) (status, exists) = semanage.semanage_fcontext_exists_local(sh, key) if status < 0: raise Error("Could not check if SEFcontext exists") if self.verbose: print("Exists status (commit number): %s" % status) if exists: (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) if status < 0: raise Error("Could not query old SEFcontext") if self.verbose: print("Query status (commit number): %s" % status) print("Starting transaction...") status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") status = semanage.semanage_fcontext_modify_local(sh, key, fcon) if status < 0: raise Error("Could not modify SEFcontext") status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit test transaction") print("Commit status (transaction number): %s" % status) status = semanage.semanage_begin_transaction(sh) if status < 0: raise Error("Could not start semanage transaction") if not exists: print("Removing file context...") status = semanage.semanage_fcontext_del_local(sh, key) if status < 0: raise Error("Could not delete test SEFcontext") if self.verbose: print("File context delete: %s" % status) else: print("Resetting file context...") status = semanage.semanage_fcontext_modify_local( sh, key, old_fcontext) if status < 0: raise Error("Could not reset test FContext") if self.verbose: print("File context modify: %s" % status) status = semanage.semanage_commit(sh) if status < 0: raise Error("Could not commit reset transaction") print("Commit status (transaction number): %s" % status) semanage.semanage_context_free(con) semanage.semanage_fcontext_key_free(key) semanage.semanage_fcontext_free(fcon) if exists: semanage.semanage_fcontext_free(old_fcontext)