[1/2] semanage: use socket.getprotobyname for protocol

Message ID	1471250698-16573-1-git-send-email-mvadkert@redhat.com (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> IronPort-PHdr: =?us-ascii?q?9a23=3A4G+OSRUE965GI93HTL7BjOaRax/V8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhOGt8tkgFKBZ4jH8fUM07OQ6PG5HzVdqdbZ6TZZIcQKD0dEwe?= =?us-ascii?q?wt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEt?= =?us-ascii?q?fre9JIfegoyN2vyo/NWLOkMT1WP7OO46bE3v616A7o9O2coqA51y4yOBmmFPde?= =?us-ascii?q?VSyDEgDnOotDG42P2N+oV++T9bofMr+p0Ie6z7e6MlUe4QV2x+YCgI/smjiT3v?= =?us-ascii?q?BUvKvyNdAS0qlU9TDgzE6gzqdovguSv98Oxm0W+VOtOlY6ozXGGH7r1sUxvhlm?= =?us-ascii?q?85PjI6/XvLi4QkibxSrBGsvQBX2YPYYIiJcvF5e/WOLpshWWNdU5MJBGR6CYSm?= =?us-ascii?q?Yt5KVrIM?= IronPort-PHdr: =?us-ascii?q?9a23=3AzPuiRh/9vtI8Gv9uRHKM819IXTAuvvDOBiVQ1KB9?= =?us-ascii?q?1uwcTK2v8tzYMVDF4r011RmSDNydsq8My7KP9fuxASpYudfJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/mjqbrptWTO1wO32vlJ+sqbV2flkb4joEum4xsK6I8mFPig0BjXK?= =?us-ascii?q?Bo/15uPk+ZhB3m5829r9ZJ+iVUvO89pYYbCf2pN/dwcbsNFzkiMmYo9OX3pBLD?= =?us-ascii?q?Sk2J/XJaXWIIwTRSBA2QyRDgWYz1uzWyiONx2ySAIcy+GbUqUDih4r13YAXlhC?= =?us-ascii?q?cOK3gy92SB2Z84t75SvB/0/083+IXTeozAbPc=3D?= From: Miroslav Vadkerti <mvadkert@redhat.com> To: selinux@tycho.nsa.gov Subject: [PATCH 1/2] semanage: use socket.getprotobyname for protocol Date: Mon, 15 Aug 2016 10:44:57 +0200 Message-Id: <1471250698-16573-1-git-send-email-mvadkert@redhat.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Message ID

1471250698-16573-1-git-send-email-mvadkert@redhat.com (mailing list archive)

State

Not Applicable

Headers

IronPort-PHdr: =?us-ascii?q?9a23=3A4G+OSRUE965GI93HTL7BjOaRax/V8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZhOGt8tkgFKBZ4jH8fUM07OQ6PG5HzVdqdbZ6TZZIcQKD0dEwe?=
	=?us-ascii?q?wt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEt?=
	=?us-ascii?q?fre9JIfegoyN2vyo/NWLOkMT1WP7OO46bE3v616A7o9O2coqA51y4yOBmmFPde?=
	=?us-ascii?q?VSyDEgDnOotDG42P2N+oV++T9bofMr+p0Ie6z7e6MlUe4QV2x+YCgI/smjiT3v?=
	=?us-ascii?q?BUvKvyNdAS0qlU9TDgzE6gzqdovguSv98Oxm0W+VOtOlY6ozXGGH7r1sUxvhlm?=
	=?us-ascii?q?85PjI6/XvLi4QkibxSrBGsvQBX2YPYYIiJcvF5e/WOLpshWWNdU5MJBGR6CYSm?=
	=?us-ascii?q?Yt5KVrIM?=
IronPort-PHdr: =?us-ascii?q?9a23=3AzPuiRh/9vtI8Gv9uRHKM819IXTAuvvDOBiVQ1KB9?=
	=?us-ascii?q?1uwcTK2v8tzYMVDF4r011RmSDNydsq8My7KP9fuxASpYudfJmUtBWaQEbwUCh8?=
	=?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?=
	=?us-ascii?q?Ov7yUtaLyZ/mjqbrptWTO1wO32vlJ+sqbV2flkb4joEum4xsK6I8mFPig0BjXK?=
	=?us-ascii?q?Bo/15uPk+ZhB3m5829r9ZJ+iVUvO89pYYbCf2pN/dwcbsNFzkiMmYo9OX3pBLD?=
	=?us-ascii?q?Sk2J/XJaXWIIwTRSBA2QyRDgWYz1uzWyiONx2ySAIcy+GbUqUDih4r13YAXlhC?=
	=?us-ascii?q?cOK3gy92SB2Z84t75SvB/0/083+IXTeozAbPc=3D?=
From: Miroslav Vadkerti <mvadkert@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH 1/2] semanage: use socket.getprotobyname for protocol
Date: Mon, 15 Aug 2016 10:44:57 +0200
Message-Id: <1471250698-16573-1-git-send-email-mvadkert@redhat.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Commit Message

Miroslav Vadkerti Aug. 15, 2016, 8:44 a.m. UTC

This patch removes proto_to_audit dictionary and uses
standard socket.getprotobyname(protocol) to resolve
protocol number from given protocol name.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
---
 policycoreutils/semanage/seobject.py | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

Comments

James Carter Aug. 15, 2016, 6:29 p.m. UTC | #1

On 08/15/2016 04:44 AM, Miroslav Vadkerti wrote:
> This patch removes proto_to_audit dictionary and uses
> standard socket.getprotobyname(protocol) to resolve
> protocol number from given protocol name.
>
> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>

Applied both patches.

Thanks,
Jim

> ---
>  policycoreutils/semanage/seobject.py | 20 ++++++++------------
>  1 file changed, 8 insertions(+), 12 deletions(-)
>
> diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
> index 8d3088c..538ff0a 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -28,6 +28,7 @@ import os
>  import re
>  import sys
>  import stat
> +import socket
>  from semanage import *
>  PROGNAME = "policycoreutils"
>  import sepolicy
> @@ -88,11 +89,6 @@ file_type_str_to_option = {"all files": "a",
>                             "symbolic link": "l",
>                             "named pipe": "p"}
>
> -proto_to_audit = {"tcp": 6,
> -                  "udp": 17,
> -                  "ipv4": 4,
> -                  "ipv6": 41}
> -
>  ftype_to_audit = {"": "any",
>                    "b": "block",
>                    "c": "char",
> @@ -1134,7 +1130,7 @@ class portRecords(semanageRecords):
>          semanage_port_key_free(k)
>          semanage_port_free(p)
>
> -        self.mylog.log_change("resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, proto_to_audit[proto], "system_u", "object_r", type, serange))
> +        self.mylog.log_change("resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, socket.getprotobyname(proto), "system_u", "object_r", type, serange))
>
>      def add(self, port, proto, serange, type):
>          self.begin()
> @@ -1177,7 +1173,7 @@ class portRecords(semanageRecords):
>          semanage_port_key_free(k)
>          semanage_port_free(p)
>
> -        self.mylog.log_change("resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, proto_to_audit[proto], "system_u", "object_r", setype, serange))
> +        self.mylog.log_change("resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, socket.getprotobyname(proto), "system_u", "object_r", setype, serange))
>
>      def modify(self, port, proto, serange, setype):
>          self.begin()
> @@ -1210,7 +1206,7 @@ class portRecords(semanageRecords):
>              if low == high:
>                  port_str = low
>
> -            self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port_str, proto_to_audit[proto_str]))
> +            self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port_str, socket.getprotobyname(proto_str)))
>
>          self.commit()
>
> @@ -1234,7 +1230,7 @@ class portRecords(semanageRecords):
>
>          semanage_port_key_free(k)
>
> -        self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port, proto_to_audit[proto]))
> +        self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port, socket.getprotobyname(proto)))
>
>      def delete(self, port, proto):
>          self.begin()
> @@ -1414,7 +1410,7 @@ class nodeRecords(semanageRecords):
>          semanage_node_key_free(k)
>          semanage_node_free(node)
>
> -        self.mylog.log_change("resrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, proto_to_audit[self.protocol[proto]], "system_u", "object_r", ctype, serange))
> +        self.mylog.log_change("resrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]), "system_u", "object_r", ctype, serange))
>
>      def add(self, addr, mask, proto, serange, ctype):
>          self.begin()
> @@ -1457,7 +1453,7 @@ class nodeRecords(semanageRecords):
>          semanage_node_key_free(k)
>          semanage_node_free(node)
>
> -        self.mylog.log_change("resrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, proto_to_audit[self.protocol[proto]], "system_u", "object_r", setype, serange))
> +        self.mylog.log_change("resrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]), "system_u", "object_r", setype, serange))
>
>      def modify(self, addr, mask, proto, serange, setype):
>          self.begin()
> @@ -1490,7 +1486,7 @@ class nodeRecords(semanageRecords):
>
>          semanage_node_key_free(k)
>
> -        self.mylog.log_change("resrc=node op=delete laddr=%s netmask=%s proto=%s" % (addr, mask, proto_to_audit[self.protocol[proto]]))
> +        self.mylog.log_change("resrc=node op=delete laddr=%s netmask=%s proto=%s" % (addr, mask, socket.getprotobyname(self.protocol[proto])))
>
>      def delete(self, addr, mask, proto):
>          self.begin()
>

diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 8d3088c..538ff0a 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -28,6 +28,7 @@  import os
 import re
 import sys
 import stat
+import socket
 from semanage import *
 PROGNAME = "policycoreutils"
 import sepolicy
@@ -88,11 +89,6 @@  file_type_str_to_option = {"all files": "a",
                            "symbolic link": "l",
                            "named pipe": "p"}
 
-proto_to_audit = {"tcp": 6,
-                  "udp": 17,
-                  "ipv4": 4,
-                  "ipv6": 41}
-
 ftype_to_audit = {"": "any",
                   "b": "block",
                   "c": "char",
@@ -1134,7 +1130,7 @@  class portRecords(semanageRecords):
         semanage_port_key_free(k)
         semanage_port_free(p)
 
-        self.mylog.log_change("resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, proto_to_audit[proto], "system_u", "object_r", type, serange))
+        self.mylog.log_change("resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, socket.getprotobyname(proto), "system_u", "object_r", type, serange))
 
     def add(self, port, proto, serange, type):
         self.begin()
@@ -1177,7 +1173,7 @@  class portRecords(semanageRecords):
         semanage_port_key_free(k)
         semanage_port_free(p)
 
-        self.mylog.log_change("resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, proto_to_audit[proto], "system_u", "object_r", setype, serange))
+        self.mylog.log_change("resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, socket.getprotobyname(proto), "system_u", "object_r", setype, serange))
 
     def modify(self, port, proto, serange, setype):
         self.begin()
@@ -1210,7 +1206,7 @@  class portRecords(semanageRecords):
             if low == high:
                 port_str = low
 
-            self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port_str, proto_to_audit[proto_str]))
+            self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port_str, socket.getprotobyname(proto_str)))
 
         self.commit()
 
@@ -1234,7 +1230,7 @@  class portRecords(semanageRecords):
 
         semanage_port_key_free(k)
 
-        self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port, proto_to_audit[proto]))
+        self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port, socket.getprotobyname(proto)))
 
     def delete(self, port, proto):
         self.begin()
@@ -1414,7 +1410,7 @@  class nodeRecords(semanageRecords):
         semanage_node_key_free(k)
         semanage_node_free(node)
 
-        self.mylog.log_change("resrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, proto_to_audit[self.protocol[proto]], "system_u", "object_r", ctype, serange))
+        self.mylog.log_change("resrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]), "system_u", "object_r", ctype, serange))
 
     def add(self, addr, mask, proto, serange, ctype):
         self.begin()
@@ -1457,7 +1453,7 @@  class nodeRecords(semanageRecords):
         semanage_node_key_free(k)
         semanage_node_free(node)
 
-        self.mylog.log_change("resrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, proto_to_audit[self.protocol[proto]], "system_u", "object_r", setype, serange))
+        self.mylog.log_change("resrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]), "system_u", "object_r", setype, serange))
 
     def modify(self, addr, mask, proto, serange, setype):
         self.begin()
@@ -1490,7 +1486,7 @@  class nodeRecords(semanageRecords):
 
         semanage_node_key_free(k)
 
-        self.mylog.log_change("resrc=node op=delete laddr=%s netmask=%s proto=%s" % (addr, mask, proto_to_audit[self.protocol[proto]]))
+        self.mylog.log_change("resrc=node op=delete laddr=%s netmask=%s proto=%s" % (addr, mask, socket.getprotobyname(self.protocol[proto])))
 
     def delete(self, addr, mask, proto):
         self.begin()

[1/2] semanage: use socket.getprotobyname for protocol

Commit Message

Comments

Patch