def policy(policy_file):
global all_domains
global all_attributes
global bools
global all_types
global role_allows
global users
global roles
global file_types
global port_types
all_domains = None
all_attributes = None
bools = None
all_types = None
role_allows = None
users = None
roles = None
file_types = None
port_types = None
global _pol
try:
_pol = setools.SELinuxPolicy(policy_file)
except:
raise ValueError(_("Failed to read %s policy file") % policy_file)
def main():
p = setools.SELinuxPolicy()
for class_ in p.classes():
print(repr(class_))
exit(0)
q = setools.ObjClassQuery(p)
results = q.results()
datas = {}
if True:
for item in results:
inherits = None
try:
inherits = item.common
except NoCommon:
pass
name = str(item)
if name == 'file':
print(repr(item.__dict__))
print(repr(item.statement()))
print(repr(inherits.statement()))
p = []
s_class = string_to_security_class(name)
for perm in item.perms:
av_t = string_to_av_perm(s_class, str(perm))
p.append([str(perm), "0x%08X" % av_t])
inherits_name = str(inherits)
data = dict(inherits=str(inherits), perms=p, name=name)
data['security_class'] = s_class
datas[data['name']] = data
print("")
def policy_init(policyPath=None):
global __selinuxPolicy__
__selinuxPolicy__ = setools.SELinuxPolicy(policyPath)
args.tertypes = ["allow", "allowxperm"]
if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes:
parser.error("At least one rule type must be specified.")
if args.debug:
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
try:
p = setools.SELinuxPolicy(args.policy)
if args.tertypes:
q = setools.TERuleQuery(p,
ruletype=args.tertypes,
source=args.source,
source_indirect=args.source_indirect,
source_regex=args.source_regex,
target=args.target,
target_indirect=args.target_indirect,
target_regex=args.target_regex,
tclass_regex=args.tclass_regex,
perms_equal=args.perms_equal,
xperms_equal=args.xperms_equal,
default=args.default,
default_regex=args.default_regex,
for attr in (rule.source, rule.target):
attr_str = str(attr) # expensive
if attr_str not in known_attrs:
# attr->attr
if isinstance(attr, typeattribute):
cur.execute('INSERT INTO "attrs" VALUES (?,?)',
(attr_str, attr_str))
# attr->types and type->type
for child in attr.expand():
cur.execute('INSERT INTO "attrs" VALUES (?,?)',
(attr_str, str(child)))
known_attrs.add(attr_str)
known_attrs = set()
for ruleid, rule in enumerate(setools.SELinuxPolicy().terules()):
# rule attributes
extract_attrs(rule, known_attrs=known_attrs)
# permissions
if hasattr(rule, 'perms'):
for perm in rule.perms:
cur.execute('INSERT INTO "perms" VALUES (?,?)',
(ruleid, str(perm)))
# booleans
#if hasattr(rule, 'conditional'):
# truth = next(filter(lambda x: x.result == True,
# rule.conditional.truth_table())).values
# for boolname, boolstate in truth.items():
# cur.execute("INSERT INTO 'bools' VALUES (?,?,?)",
# (ruleid, boolname, boolstate))
# booleans as expression strings, as seen in sesearch output
