def get_network_connect(src, protocol, perm): portrecs, portrecsbynum = sepolicy.gen_port_dict() d = {} tlist = get_types(src, "%s_socket" % protocol, [perm]) if len(tlist) > 0: d[(src, protocol, perm)] = [] for i in tlist: if i == "ephemeral_port_type": if "unreserved_port_type" in tlist: continue i = "ephemeral_port_t" if i == "unreserved_port_t": if "unreserved_port_type" in tlist: continue if "port_t" in tlist: continue if i == "port_t": d[(src, protocol, perm)].append( (i, ["all ports with out defined types"])) if i == "port_type": d[(src, protocol, perm)].append((i, ["all ports"])) elif i == "unreserved_port_type": d[(src, protocol, perm)].append((i, ["all ports > 1024"])) elif i == "reserved_port_type": d[(src, protocol, perm)].append((i, ["all ports < 1024"])) elif i == "rpc_port_type": d[(src, protocol, perm)].append( (i, ["all ports > 500 and < 1024"])) else: try: d[(src, protocol, perm)].append( (i, portrecs[(i, protocol)])) except KeyError: pass return d
def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False): self.html = html self.source_files = source_files self.root = root self.portrecs = sepolicy.gen_port_dict()[0] self.domains = gen_domains() self.all_domains = sepolicy.get_all_domains() self.all_attributes = sepolicy.get_all_attributes() self.all_bools = sepolicy.get_all_bools() self.all_port_types = sepolicy.get_all_port_types() self.all_roles = sepolicy.get_all_roles() self.all_users = get_all_users_info()[0] self.all_users_range = get_all_users_info()[1] self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() if self.source_files: self.fcpath = self.root + "file_contexts" else: self.fcpath = self.root + selinux.selinux_file_context_path() self.fcdict = sepolicy.get_fcdict(self.fcpath) if not os.path.exists(path): os.makedirs(path) self.path = path if self.source_files: self.xmlpath = self.root + "policy.xml" else: self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml" self.booleans_dict = sepolicy.gen_bool_dict(self.xmlpath) self.domainname, self.short_name = sepolicy.gen_short_name(domainname) self.type = self.domainname + "_t" self._gen_bools() self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname) self.fd = open(self.man_page_path, 'w') if self.domainname + "_r" in self.all_roles: self.__gen_user_man_page() if self.html: manpage_roles.append(self.man_page_path) else: if self.html: manpage_domains.append(self.man_page_path) self.__gen_man_page() self.fd.close() for k in equiv_dict.keys(): if k == self.domainname: for alias in equiv_dict[k]: self.__gen_man_page_link(alias)
def get_network_connect(src, protocol, perm, check_bools=False): portrecs, portrecsbynum = sepolicy.gen_port_dict() d={} tlist = get_types(src, "%s_socket" % protocol, [perm], check_bools) if len(tlist) > 0: d[(src,protocol,perm)] = [] for i in tlist: if i == "ephemeral_port_type": if "unreserved_port_type" in tlist: continue i = "ephemeral_port_t" if i == "unreserved_port_t": if "unreserved_port_type" in tlist: continue if "port_t" in tlist: continue if i == "port_t": d[(src,protocol,perm)].append((i, ["all ports with out defined types"])) if i == "port_type": d[(src,protocol,perm)].append((i, ["all ports"])) elif i == "unreserved_port_type": d[(src,protocol,perm)].append((i, ["all ports > 1024"])) elif i == "reserved_port_type": d[(src,protocol,perm)].append((i, ["all ports < 1024"])) elif i == "rpc_port_type": d[(src,protocol,perm)].append((i, ["all ports > 500 and < 1024"])) else: try: d[(src,protocol,perm)].append((i, portrecs[(i, protocol)])) except KeyError: pass return d
def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False): self.html = html self.source_files = source_files self.root = root self.portrecs = sepolicy.gen_port_dict()[0] self.domains = gen_domains() self.all_domains = sepolicy.get_all_domains() self.all_attributes = sepolicy.get_all_attributes() self.all_bools = sepolicy.get_all_bools() self.all_port_types = sepolicy.get_all_port_types() self.all_roles = sepolicy.get_all_roles() self.all_users = get_all_users_info()[0] self.all_users_range = get_all_users_info()[1] self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() self.exec_types = _gen_exec_types() self.entry_types = _gen_entry_types() self.mcs_constrained_types = _gen_mcs_constrained_types() if self.source_files: self.fcpath = self.root + "file_contexts" else: self.fcpath = self.root + selinux.selinux_file_context_path() self.fcdict = sepolicy.get_fcdict(self.fcpath) if not os.path.exists(path): os.makedirs(path) self.path = path if self.source_files: self.xmlpath = self.root + "policy.xml" else: self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml" self.booleans_dict = sepolicy.gen_bool_dict(self.xmlpath) self.domainname, self.short_name = sepolicy.gen_short_name(domainname) self.type = self.domainname + "_t" self._gen_bools() self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname) self.fd = open(self.man_page_path, 'w') if self.domainname + "_r" in self.all_roles: self.__gen_user_man_page() if self.html: manpage_roles.append(self.man_page_path) else: if self.html: manpage_domains.append(self.man_page_path) self.__gen_man_page() self.fd.close() for k in equiv_dict.keys(): if k == self.domainname: for alias in equiv_dict[k]: self.__gen_man_page_link(alias)
def network(args): portrecs, portrecsbynum = sepolicy.gen_port_dict() all_ports = [] if args.list_ports: for i in portrecs: if i[0] not in all_ports: all_ports.append(i[0]) all_ports.sort() print("\n".join(all_ports)) for port in args.port: found = False for i in portrecsbynum: if i[0] <= port and port <= i[1]: if i[0] == i[1]: range = i[0] else: range = "%s-%s" % (i[0], i[1]) found = True print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)) if not found: if port < 500: print("Undefined reserved port type") else: print("Undefined port type") for t in args.type: if (t, 'tcp') in portrecs.keys(): print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))) if (t, 'udp') in portrecs.keys(): print("%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))) for a in args.applications: d = sepolicy.get_init_transtype(a) if d: args.domain.append(d) for d in args.domain: _print_net(d, "tcp", "name_connect") for net in ("tcp", "udp"): _print_net(d, net, "name_bind")
def network(args): portrecs, portrecsbynum = sepolicy.gen_port_dict() all_ports = [] if args.list_ports: for i in portrecs: if i[0] not in all_ports: all_ports.append(i[0]) all_ports.sort() print("\n".join(all_ports)) for port in args.port: found = False for i in portrecsbynum: if i[0] <= port and port <= i[1]: if i[0] == i[1]: RANGE = i[0] else: RANGE = "%s-%s" % (i[0], i[1]) found = True print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], RANGE)) if not found: if port < 500: print("Undefined reserved port type") else: print("Undefined port type") for t in args.type: if (t,'tcp') in list(portrecs.keys()): print("%s: tcp: %s" % (t, ",".join(portrecs[t,'tcp']))) if (t,'udp') in list(portrecs.keys()): print("%s: udp: %s" % (t, ",".join(portrecs[t,'udp']))) for a in args.applications: d = sepolicy.get_init_transtype(a) if d: args.domain.append(d) for d in args.domain: _print_net(d, "tcp", "name_connect") for net in ("tcp", "udp"): _print_net(d, net, "name_bind")