Message ID | 20180818175033.13100-1-nicolas.iooss@m4x.org (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
Series | [1/2] libsemanage: reindent pywrap-test.py with spaces | expand |
Ack applies and runs On Sat, Aug 18, 2018 at 10:50 AM, Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > Only use spaces to indent Python code. This reduces the number of > warnings reported by Python linters. > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> > --- > libsemanage/src/pywrap-test.py | 2301 +++++++++++++++++--------------- > 1 file changed, 1200 insertions(+), 1101 deletions(-) > > diff --git a/libsemanage/src/pywrap-test.py b/libsemanage/src/pywrap-test. > py > index 25b668d80b67..326034947aa5 100644 > --- a/libsemanage/src/pywrap-test.py > +++ b/libsemanage/src/pywrap-test.py > @@ -28,1114 +28,1213 @@ Other options:\n\ > " > > class Usage(Exception): > - def __init__(self, msg): > - Exception.__init__(self) > - self.msg = msg > + def __init__(self, msg): > + Exception.__init__(self) > + self.msg = msg > > class Status(Exception): > - def __init__(self, msg): > - Exception.__init__(self) > - self.msg = msg > + def __init__(self, msg): > + Exception.__init__(self) > + self.msg = msg > > class Error(Exception): > - def __init__(self, msg): > - Exception.__init__(self) > - self.msg = msg > + def __init__(self, msg): > + Exception.__init__(self) > + self.msg = msg > > class Tests: > - def __init__(self): > - self.all = False > - self.users = False > - self.writeuser = False > - self.seusers = False > - self.writeseuser = False > - self.ports = False > - self.writeport = False > - self.fcontexts = False > - self.writefcontext = False > - self.interfaces = False > - self.writeinterface = False > - self.booleans = False > - self.writeboolean = False > - self.abooleans = False > - self.writeaboolean = False > - self.nodes = False > - self.writenode = False > - self.modules = False > - self.verbose = False > - > - def selected(self): > - return (self.all or self.users or self.modules or > self.seusers or self.ports or self.fcontexts or self.interfaces or > self.booleans or self.abooleans or self.writeuser or self.writeseuser or > self.writeport or self.writefcontext or self.writeinterface or > self.writeboolean or self.writeaboolean or self.nodes or self.writenode) > - > - def run(self, handle): > - if (self.users or self.all): > - self.test_users(handle) > - print "" > - if (self.seusers or self.all): > - self.test_seusers(handle) > - print "" > - if (self.ports or self.all): > - self.test_ports(handle) > - print "" > - if (self.modules or self.all): > - self.test_modules(handle) > - print "" > - if (self.fcontexts or self.all): > - self.test_fcontexts(handle) > - print "" > - if (self.interfaces or self.all): > - self.test_interfaces(handle) > - print "" > - if (self.booleans or self.all): > - self.test_booleans(handle) > - print "" > - if (self.abooleans or self.all): > - self.test_abooleans(handle) > - print "" > - if (self.nodes or self.all): > - self.test_nodes(handle) > - print "" > - if (self.writeuser or self.all): > - self.test_writeuser(handle) > - print "" > - if (self.writeseuser or self.all): > - self.test_writeseuser(handle) > - print "" > - if (self.writeport or self.all): > - self.test_writeport(handle) > - print "" > - if (self.writefcontext or self.all): > - self.test_writefcontext(handle) > - print "" > - if (self.writeinterface or self.all): > - self.test_writeinterface(handle) > - print "" > - if (self.writeboolean or self.all): > - self.test_writeboolean(handle) > - print "" > - if (self.writeaboolean or self.all): > - self.test_writeaboolean(handle) > - print "" > - if (self.writenode or self.all): > - self.test_writenode(handle) > - print "" > - > - def test_modules(self,sh): > - print "Testing modules..." > - > - (trans_cnt, mlist, mlist_size) = > semanage.semanage_module_list(sh) > - > - print "Transaction number: ", trans_cnt > - print "Module list size: ", mlist_size > - if self.verbose: print "List reference: ", mlist > - > - if (mlist_size == 0): > - print "No modules installed!" > - print "This is not necessarily a test failure." > - return > - for idx in range(mlist_size): > - module = semanage.semanage_module_list_nth(mlist, > idx) > - if self.verbose: print "Module reference: ", module > - print "Module name: ", > semanage.semanage_module_get_name(module) > - > - def test_seusers(self,sh): > - print "Testing seusers..." > - > - (status, slist) = semanage.semanage_seuser_list(sh) > - if status < 0: > - raise Error("Could not list seusers") > - print "Query status (commit number): ", status > - > - if ( len(slist) == 0): > - print "No seusers found!" > - print "This is not necessarily a test failure." > - return > - for seuser in slist: > - if self.verbose: print "seseuser reference: ", > seuser > - print "seuser name: ", > semanage.semanage_seuser_get_name(seuser) > - print " seuser mls range: ", > semanage.semanage_seuser_get_mlsrange(seuser) > - print " seuser sename: ", > semanage.semanage_seuser_get_sename(seuser) > - semanage.semanage_seuser_free(seuser) > - > - def test_users(self,sh): > - print "Testing users..." > - > - (status, ulist) = semanage.semanage_user_list(sh) > - if status < 0: > - raise Error("Could not list users") > - print "Query status (commit number): ", status > - > - if ( len(ulist) == 0): > - print "No users found!" > - print "This is not necessarily a test failure." > - return > - for user in ulist: > - if self.verbose: print "User reference: ", user > - print "User name: ", semanage.semanage_user_get_ > name(user) > - print " User labeling prefix: ", > semanage.semanage_user_get_prefix(user) > - print " User mls level: ", > semanage.semanage_user_get_mlslevel(user) > - print " User mls range: ", > semanage.semanage_user_get_mlsrange(user) > - print " User number of roles: ", > semanage.semanage_user_get_num_roles(user) > - print " User roles: " > - (status, rlist) = semanage.semanage_user_get_roles(sh, > user) > - if status < 0: > - raise Error("Could not get user roles") > - > - for role in rlist: > - print " ", role > - > - semanage.semanage_user_free(user) > - > - def test_ports(self,sh): > - print "Testing ports..." > - > - (status, plist) = semanage.semanage_port_list(sh) > - if status < 0: > - raise Error("Could not list ports") > - print "Query status (commit number): ", status > - > - if ( len(plist) == 0): > - print "No ports found!" > - print "This is not necessarily a test failure." > - return > - for port in plist: > - if self.verbose: print "Port reference: ", port > - low = semanage.semanage_port_get_low(port) > - high = semanage.semanage_port_get_high(port) > - con = semanage.semanage_port_get_con(port) > - proto = semanage.semanage_port_get_proto(port) > - proto_str = semanage.semanage_port_get_ > proto_str(proto) > - if low == high: > - range_str = str(low) > - else: > - range_str = str(low) + "-" + str(high) > - (rc, con_str) = semanage.semanage_context_to_ > string(sh,con) > - if rc < 0: con_str = "" > - print "Port: ", range_str, " ", proto_str, " > Context: ", con_str > - semanage.semanage_port_free(port) > - > - def test_fcontexts(self,sh): > - print "Testing file contexts..." > - > - (status, flist) = semanage.semanage_fcontext_list(sh) > - if status < 0: > - raise Error("Could not list file contexts") > - print "Query status (commit number): ", status > - > - if (len(flist) == 0): > - print "No file contexts found!" > - print "This is not necessarily a test failure." > - return > - for fcon in flist: > - if self.verbose: print "File Context reference: ", > fcon > - expr = semanage.semanage_fcontext_get_expr(fcon) > - type = semanage.semanage_fcontext_get_type(fcon) > - type_str = semanage.semanage_fcontext_ > get_type_str(type) > - con = semanage.semanage_fcontext_get_con(fcon) > - if not con: > - con_str = "<<none>>" > - else: > - (rc, con_str) = > semanage.semanage_context_to_string(sh,con) > - if rc < 0: con_str = "" > - print "File Expr: ", expr, " [", type_str, "] > Context: ", con_str > - semanage.semanage_fcontext_free(fcon) > - > - def test_interfaces(self,sh): > - print "Testing network interfaces..." > - > - (status, ilist) = semanage.semanage_iface_list(sh) > - if status < 0: > - raise Error("Could not list interfaces") > - print "Query status (commit number): ", status > - > - if (len(ilist) == 0): > - print "No network interfaces found!" > - print "This is not necessarily a test failure." > - return > - for iface in ilist: > - if self.verbose: print "Interface reference: ", > iface > - name = semanage.semanage_iface_get_name(iface) > - msg_con = semanage.semanage_iface_get_ > msgcon(iface) > - if_con = semanage.semanage_iface_get_ifcon(iface) > - (rc, msg_con_str) = semanage.semanage_context_to_ > string(sh,msg_con) > - if rc < 0: msg_con_str = "" > - (rc, if_con_str) = semanage.semanage_context_to_string(sh, > if_con) > - if rc < 0: if_con_str = "" > - print "Interface: ", name, " Context: ", > if_con_str, " Message Context: ", msg_con_str > - semanage.semanage_iface_free(iface) > - > - def test_booleans(self,sh): > - print "Testing booleans..." > - > - (status, blist) = semanage.semanage_bool_list(sh) > - if status < 0: > - raise Error("Could not list booleans") > - print "Query status (commit number): ", status > - > - if (len(blist) == 0): > - print "No booleans found!" > - print "This is not necessarily a test failure." > - return > - for pbool in blist: > - if self.verbose: print "Boolean reference: ", pbool > - name = semanage.semanage_bool_get_name(pbool) > - value = semanage.semanage_bool_get_value(pbool) > - print "Boolean: ", name, " Value: ", value > - semanage.semanage_bool_free(pbool) > - > - def test_abooleans(self,sh): > - print "Testing active booleans..." > - > - (status, ablist) = semanage.semanage_bool_list_active(sh) > - if status < 0: > - raise Error("Could not list active booleans") > - print "Query status (commit number): ", status > - > - if (len(ablist) == 0): > - print "No active booleans found!" > - print "This is not necessarily a test failure." > - return > - for abool in ablist: > - if self.verbose: print "Active boolean reference: > ", abool > - name = semanage.semanage_bool_get_name(abool) > - value = semanage.semanage_bool_get_value(abool) > - print "Active Boolean: ", name, " Value: ", value > - semanage.semanage_bool_free(abool) > - > - def test_nodes(self,sh): > - print "Testing network nodes..." > - > - (status, nlist) = semanage.semanage_node_list(sh) > - if status < 0: > - raise Error("Could not list network nodes") > - print "Query status (commit number): ", status > - > - if (len(nlist) == 0): > - print "No network nodes found!" > - print "This is not necessarily a test failure." > - return > - for node in nlist: > - if self.verbose: print "Network node reference: ", > node > - > - (status, addr) = semanage.semanage_node_get_addr(sh, > node) > - if status < 0: addr = "" > - > - (status, mask) = semanage.semanage_node_get_mask(sh, > node) > - if status < 0: mask = "" > - > - proto = semanage.semanage_node_get_proto(node) > - proto_str = semanage.semanage_node_get_proto_str(proto) > > - con = semanage.semanage_node_get_con(node) > - > - (status, con_str) = semanage.semanage_context_to_string(sh, > con) > - if status < 0: con_str = "" > - > - print "Network Node: ", addr, "/", mask, " (", > proto_str, ")", "Context: ", con_str > - semanage.semanage_node_free(node) > - > - def test_writeuser(self,sh): > - print "Testing user write..." > - > - (status, user) = semanage.semanage_user_create(sh) > - if status < 0: > - raise Error("Could not create user object") > - if self.verbose: print "User object created" > - > - status = semanage.semanage_user_set_name(sh,user, > "testPyUser") > - if status < 0: > - raise Error("Could not set user name") > - if self.verbose: print "User name set: ", > semanage.semanage_user_get_name(user) > - > - status = semanage.semanage_user_add_role(sh, user, > "user_r") > - if status < 0: > - raise Error("Could not add role") > - > - status = semanage.semanage_user_set_prefix(sh,user, > "user") > - if status < 0: > - raise Error("Could not set labeling prefix") > - if self.verbose: print "User prefix set: ", > semanage.semanage_user_get_prefix(user) > - > - status = semanage.semanage_user_set_mlsrange(sh, user, > "s0") > - if status < 0: > - raise Error("Could not set MLS range") > - if self.verbose: print "User mlsrange: ", > semanage.semanage_user_get_mlsrange(user) > - > - status = semanage.semanage_user_set_mlslevel(sh, user, > "s0") > - if status < 0: > - raise Error("Could not set MLS level") > - if self.verbose: print "User mlslevel: ", > semanage.semanage_user_get_mlslevel(user) > - > - (status,key) = semanage.semanage_user_key_extract(sh,user) > - if status < 0: > - raise Error("Could not extract user key") > - if self.verbose: print "User key extracted: ", key > - > - (status,exists) = semanage.semanage_user_exists_ > local(sh,key) > - if status < 0: > - raise Error("Could not check if user exists") > - if self.verbose: print "Exists status (commit number): ", > status > - > - if exists: > - (status, old_user) = semanage.semanage_user_query_local(sh, > key) > - if status < 0: > - raise Error("Could not query old user") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction.." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - status = semanage.semanage_user_modify_local(sh,key,user) > - if status < 0: > - raise Error("Could not modify user") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - if not exists: > - print "Removing user..." > - status = semanage.semanage_user_del_local(sh, key) > - if status < 0: > - raise Error("Could not delete test user") > - if self.verbose: print "User delete: ", status > - else: > - print "Resetting user..." > - status = semanage.semanage_user_modify_local(sh, > key, old_user) > - if status < 0: > - raise Error("Could not reset test user") > - if self.verbose: print "User modify: ", status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_user_key_free(key) > - semanage.semanage_user_free(user) > - if exists: semanage.semanage_user_free(old_user) > - > - def test_writeseuser(self,sh): > - print "Testing seuser write..." > - > - (status, seuser) = semanage.semanage_seuser_create(sh) > - if status < 0: > - raise Error("Could not create SEUser object") > - if self.verbose: print "SEUser object created." > - > - status = semanage.semanage_seuser_set_name(sh,seuser, > "testPySEUser") > - if status < 0: > - raise Error("Could not set name") > - if self.verbose: print "SEUser name set: ", > semanage.semanage_seuser_get_name(seuser) > - > - status = semanage.semanage_seuser_set_sename(sh, seuser, > "root") > - if status < 0: > - raise Error("Could not set sename") > - if self.verbose: print "SEUser seuser: ", > semanage.semanage_seuser_get_sename(seuser) > - > - status = semanage.semanage_seuser_set_mlsrange(sh, > seuser, "s0:c0.c255") > - if status < 0: > - raise Error("Could not set MLS range") > - if self.verbose: print "SEUser mlsrange: ", > semanage.semanage_seuser_get_mlsrange(seuser) > - > - (status,key) = semanage.semanage_seuser_key_ > extract(sh,seuser) > - if status < 0: > - raise Error("Could not extract SEUser key") > - if self.verbose: print "SEUser key extracted: ", key > - > - (status,exists) = semanage.semanage_seuser_ > exists_local(sh,key) > - if status < 0: > - raise Error("Could not check if SEUser exists") > - if self.verbose: print "Exists status (commit number): ", > status > - > - if exists: > - (status, old_seuser) = semanage.semanage_seuser_query_local(sh, > key) > - if status < 0: > - raise Error("Could not query old SEUser") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - status = semanage.semanage_seuser_ > modify_local(sh,key,seuser) > - if status < 0: > - raise Error("Could not modify SEUser") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - if not exists: > - print "Removing seuser..." > - status = semanage.semanage_seuser_del_local(sh, > key) > - if status < 0: > - raise Error("Could not delete test SEUser") > - if self.verbose: print "Seuser delete: ", status > - else: > - print "Resetting seuser..." > - status = semanage.semanage_seuser_modify_local(sh, > key, old_seuser) > - if status < 0: > - raise Error("Could not reset test SEUser") > - if self.verbose: print "Seuser modify: ", status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_seuser_key_free(key) > - semanage.semanage_seuser_free(seuser) > - if exists: semanage.semanage_seuser_free(old_seuser) > - > - def test_writeport(self,sh): > - print "Testing port write..." > - > - (status, port) = semanage.semanage_port_create(sh) > - if status < 0: > - raise Error("Could not create SEPort object") > - if self.verbose: print "SEPort object created." > - > - semanage.semanage_port_set_range(port,150,200) > - low = semanage.semanage_port_get_low(port) > - high = semanage.semanage_port_get_high(port) > - if self.verbose: print "SEPort range set: ", low, "-", high > - > - semanage.semanage_port_set_proto(port, > semanage.SEMANAGE_PROTO_TCP); > - if self.verbose: print "SEPort protocol set: ", \ > - semanage.semanage_port_get_ > proto_str(semanage.SEMANAGE_PROTO_TCP) > - > - (status, con) = semanage.semanage_context_create(sh) > - if status < 0: > - raise Error("Could not create SEContext object") > - if self.verbose: print "SEContext object created (for > port)." > - > - status = semanage.semanage_context_set_user(sh, con, > "system_u") > - if status < 0: > - raise Error("Could not set context user") > - if self.verbose: print "SEContext user: ", > semanage.semanage_context_get_user(con) > - > - status = semanage.semanage_context_set_role(sh, con, > "object_r") > - if status < 0: > - raise Error("Could not set context role") > - if self.verbose: print "SEContext role: ", > semanage.semanage_context_get_role(con) > - > - status = semanage.semanage_context_set_type(sh, con, > "http_port_t") > - if status < 0: > - raise Error("Could not set context type") > - if self.verbose: print "SEContext type: ", > semanage.semanage_context_get_type(con) > - > - status = semanage.semanage_context_set_mls(sh, con, > "s0:c0.c255") > - if status < 0: > - raise Error("Could not set context MLS fields") > - if self.verbose: print "SEContext mls: ", > semanage.semanage_context_get_mls(con) > - > - status = semanage.semanage_port_set_con(sh, port, con) > - if status < 0: > - raise Error("Could not set SEPort context") > - if self.verbose: print "SEPort context set: ", con > - > - (status,key) = semanage.semanage_port_key_ > extract(sh,port) > - if status < 0: > - raise Error("Could not extract SEPort key") > - if self.verbose: print "SEPort key extracted: ", key > - > - (status,exists) = semanage.semanage_port_exists_ > local(sh,key) > - if status < 0: > - raise Error("Could not check if SEPort exists") > - if self.verbose: print "Exists status (commit number): ", > status > - > - if exists: > - (status, old_port) = semanage.semanage_port_query_local(sh, > key) > - if status < 0: > - raise Error("Could not query old SEPort") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage > transaction") > - > - status = semanage.semanage_port_modify_local(sh,key,port) > - if status < 0: > - raise Error("Could not modify SEPort") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - if not exists: > - print "Removing port range..." > - status = semanage.semanage_port_del_local(sh, > key) > - if status < 0: > - raise Error("Could not delete test SEPort") > - if self.verbose: print "Port range delete: ", > status > - else: > - print "Resetting port range..." > - status = semanage.semanage_port_modify_local(sh, > key, old_port) > - if status < 0: > - raise Error("Could not reset test SEPort") > - if self.verbose: print "Port range modify: ", > status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_context_free(con) > - semanage.semanage_port_key_free(key) > - semanage.semanage_port_free(port) > - if exists: semanage.semanage_port_free(old_port) > - > - def test_writefcontext(self,sh): > - print "Testing file context write..." > - > - (status, fcon) = semanage.semanage_fcontext_create(sh) > - if status < 0: > - raise Error("Could not create SEFcontext object") > - if self.verbose: print "SEFcontext object created." > - > - status = semanage.semanage_fcontext_set_expr(sh, fcon, > "/test/fcontext(/.*)?") > - if status < 0: > - raise Error("Could not set expression") > - if self.verbose: print "SEFContext expr set: ", > semanage.semanage_fcontext_get_expr(fcon) > - > - semanage.semanage_fcontext_set_type(fcon, > semanage.SEMANAGE_FCONTEXT_REG) > - if self.verbose: > - ftype = semanage.semanage_fcontext_get_type(fcon) > - print "SEFContext type set: ", > semanage.semanage_fcontext_get_type_str(ftype) > - > - (status, con) = semanage.semanage_context_create(sh) > - if status < 0: > - raise Error("Could not create SEContext object") > - if self.verbose: print "SEContext object created (for file > context)." > - > - status = semanage.semanage_context_set_user(sh, con, > "system_u") > - if status < 0: > - raise Error("Could not set context user") > - if self.verbose: print "SEContext user: ", > semanage.semanage_context_get_user(con) > - > - status = semanage.semanage_context_set_role(sh, con, > "object_r") > - if status < 0: > - raise Error("Could not set context role") > - if self.verbose: print "SEContext role: ", > semanage.semanage_context_get_role(con) > - > - status = semanage.semanage_context_set_type(sh, con, > "default_t") > - if status < 0: > - raise Error("Could not set context type") > - if self.verbose: print "SEContext type: ", > semanage.semanage_context_get_type(con) > - > - status = semanage.semanage_context_set_mls(sh, con, > "s0:c0.c255") > - if status < 0: > - raise Error("Could not set context MLS fields") > - if self.verbose: print "SEContext mls: ", > semanage.semanage_context_get_mls(con) > - > - status = semanage.semanage_fcontext_set_con(sh, fcon, con) > - if status < 0: > - raise Error("Could not set SEFcontext context") > - if self.verbose: print "SEFcontext context set: ", con > - > - (status,key) = semanage.semanage_fcontext_ > key_extract(sh,fcon) > - if status < 0: > - raise Error("Could not extract SEFcontext key") > - if self.verbose: print "SEFcontext key extracted: ", key > - > - (status,exists) = semanage.semanage_fcontext_ > exists_local(sh,key) > - if status < 0: > - raise Error("Could not check if SEFcontext exists") > - > - if self.verbose: print "Exists status (commit number): ", > status > - if exists: > - (status, old_fcontext) = > semanage.semanage_fcontext_query_local(sh, key) > - if status < 0: > - raise Error("Could not query old > SEFcontext") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - status = semanage.semanage_fcontext_ > modify_local(sh,key,fcon) > - if status < 0: > - raise Error("Could not modify SEFcontext") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - if not exists: > - print "Removing file context..." > - status = semanage.semanage_fcontext_del_local(sh, > key) > - if status < 0: > - raise Error("Could not delete test > SEFcontext") > - if self.verbose: print "File context delete: ", > status > - else: > - print "Resetting file context..." > - status = semanage.semanage_fcontext_modify_local(sh, > key, old_fcontext) > - if status < 0: > - raise Error("Could not reset test > FContext") > - if self.verbose: print "File context modify: ", > status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_context_free(con) > - semanage.semanage_fcontext_key_free(key) > - semanage.semanage_fcontext_free(fcon) > - if exists: semanage.semanage_fcontext_free(old_fcontext) > - > - def test_writeinterface(self,sh): > - print "Testing network interface write..." > - > - (status, iface) = semanage.semanage_iface_create(sh) > - if status < 0: > - raise Error("Could not create SEIface object") > - if self.verbose: print "SEIface object created." > - > - status = semanage.semanage_iface_set_name(sh, iface, > "test_iface") > - if status < 0: > - raise Error("Could not set SEIface name") > - if self.verbose: print "SEIface name set: ", > semanage.semanage_iface_get_name(iface) > - > - (status, con) = semanage.semanage_context_create(sh) > - if status < 0: > - raise Error("Could not create SEContext object") > - if self.verbose: print "SEContext object created (for > network interface)" > - > - status = semanage.semanage_context_set_user(sh, con, > "system_u") > - if status < 0: > - raise Error("Could not set interface context user") > - if self.verbose: print "SEContext user: ", > semanage.semanage_context_get_user(con) > - > - status = semanage.semanage_context_set_role(sh, con, > "object_r") > - if status < 0: > - raise Error("Could not set interface context role") > - if self.verbose: print "SEContext role: ", > semanage.semanage_context_get_role(con) > - > - status = semanage.semanage_context_set_type(sh, con, > "default_t") > - if status < 0: > - raise Error("Could not set interface context type") > - if self.verbose: print "SEContext type: ", > semanage.semanage_context_get_type(con) > - > - status = semanage.semanage_context_set_mls(sh, con, > "s0:c0.c255") > - if status < 0: > - raise Error("Could not set interface context MLS > fields") > - if self.verbose: print "SEContext mls: ", > semanage.semanage_context_get_mls(con) > - > - status = semanage.semanage_iface_set_ifcon(sh, iface, con) > - if status < 0: > - raise Error("Could not set SEIface interface > context") > - if self.verbose: print "SEIface interface context set: ", > con > - > - status = semanage.semanage_iface_set_msgcon(sh, iface, > con) > - if status < 0: > - raise Error("Could not set SEIface message > context") > - if self.verbose: print "SEIface message context set: ", con > - > - (status,key) = semanage.semanage_iface_key_ > extract(sh,iface) > - if status < 0: > - raise Error("Could not extract SEIface key") > - if self.verbose: print "SEIface key extracted: ", key > - > - (status,exists) = semanage.semanage_iface_ > exists_local(sh,key) > - if status < 0: > - raise Error("Could not check if SEIface exists") > - if self.verbose: print "Exists status (commit number): ", > status > - > - if exists: > - (status, old_iface) = > semanage.semanage_iface_query_local(sh, key) > - if status < 0: > - raise Error("Could not query old SEIface") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not begin semanage transaction") > - > - status = semanage.semanage_iface_ > modify_local(sh,key,iface) > - if status < 0: > - raise Error("Could not modify SEIface") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not begin semanage transaction") > - > - if not exists: > - print "Removing interface..." > - status = semanage.semanage_iface_del_local(sh, > key) > - if status < 0: > - raise Error("Could not delete test > SEIface") > - if self.verbose: print "Interface delete: ", status > - else: > - print "Resetting interface..." > - status = semanage.semanage_iface_modify_local(sh, > key, old_iface) > - if status < 0: > - raise Error("Could not reset test SEIface") > - if self.verbose: print "Interface modify: ", status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_context_free(con) > - semanage.semanage_iface_key_free(key) > - semanage.semanage_iface_free(iface) > - if exists: semanage.semanage_iface_free(old_iface) > - > - def test_writeboolean(self,sh): > - print "Testing boolean write..." > - > - (status, pbool) = semanage.semanage_bool_create(sh) > - if status < 0: > - raise Error("Could not create SEBool object") > - if self.verbose: print "SEBool object created." > - > - status = semanage.semanage_bool_set_name(sh, pbool, > "allow_execmem") > - if status < 0: > - raise Error("Could not set name") > - if self.verbose: print "SEBool name set: ", > semanage.semanage_bool_get_name(pbool) > - > - semanage.semanage_bool_set_value(pbool, 0) > - if self.verbose: print "SEbool value set: ", > semanage.semanage_bool_get_value(pbool) > - > - (status,key) = semanage.semanage_bool_key_extract(sh, > pbool) > - if status < 0: > - raise Error("Could not extract SEBool key") > - if self.verbose: print "SEBool key extracted: ", key > - > - (status,exists) = semanage.semanage_bool_exists_ > local(sh,key) > - if status < 0: > - raise Error("Could not check if SEBool exists") > - if self.verbose: print "Exists status (commit number): ", > status > - > - if exists: > - (status, old_bool) = semanage.semanage_bool_query_local(sh, > key) > - if status < 0: > - raise Error("Could not query old SEBool") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - status = semanage.semanage_bool_modify_local(sh, key, > pbool) > - > - if status < 0: > - raise Error("Could not modify SEBool") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - if not exists: > - print "Removing boolean..." > - status = semanage.semanage_bool_del_local(sh, key) > - if status < 0: > - raise Error("Could not delete test SEBool") > - if self.verbose: print "Boolean delete: ", status > - else: > - print "Resetting boolean..." > - status = semanage.semanage_bool_modify_local(sh, > key, old_bool) > - if status < 0: > - raise Error("Could not reset test SEBool") > - if self.verbose: print "Boolean modify: ", status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_bool_key_free(key) > - semanage.semanage_bool_free(pbool) > - if exists: semanage.semanage_bool_free(old_bool) > - > - def test_writeaboolean(self,sh): > - print "Testing active boolean write..." > - > - (status, key) = semanage.semanage_bool_key_create(sh, > "allow_execmem") > - if status < 0: > - raise Error("Could not create SEBool key") > - if self.verbose: print "SEBool key created: ", key > - > - (status, old_bool) = semanage.semanage_bool_query_active(sh, > key) > - if status < 0: > - raise Error("Could not query old SEBool") > - if self.verbose: print "Query status (commit number): ", > status > - > - (status, abool) = semanage.semanage_bool_create(sh) > - if status < 0: > - raise Error("Could not create SEBool object") > - if self.verbose: print "SEBool object created." > - > - status = semanage.semanage_bool_set_name(sh, abool, > "allow_execmem") > - if status < 0: > - raise Error("Could not set name") > - if self.verbose: print "SEBool name set: ", > semanage.semanage_bool_get_name(abool) > - > - semanage.semanage_bool_set_value(abool, 0) > - if self.verbose: print "SEbool value set: ", > semanage.semanage_bool_get_value(abool) > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - status = semanage.semanage_bool_set_active(sh,key,abool) > - if status < 0: > - raise Error("Could not modify SEBool") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - print "Resetting old active boolean..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - status = semanage.semanage_bool_set_active(sh, > key,old_bool) > - if status < 0: > - raise Error("Could not reset test SEBool") > - if self.verbose: print "SEBool active reset: ", status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_bool_key_free(key) > - semanage.semanage_bool_free(abool) > - semanage.semanage_bool_free(old_bool) > - > - > - def test_writenode(self,sh): > - print "Testing network node write..." > - > - (status, node) = semanage.semanage_node_create(sh) > - if status < 0: > - raise Error("Could not create SENode object") > - if self.verbose: print "SENode object created." > - > - status = semanage.semanage_node_set_addr(sh, node, > semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") > - if status < 0: > - raise Error("Could not set SENode address") > - > - status = semanage.semanage_node_set_mask(sh, node, > semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") > - if status < 0: > - raise Error("Could not set SENode netmask") > - > - semanage.semanage_node_set_proto(node, > semanage.SEMANAGE_PROTO_IP6); > - if self.verbose: print "SENode protocol set: ", \ > - semanage.semanage_node_get_ > proto_str(semanage.SEMANAGE_PROTO_IP6) > - > - (status, con) = semanage.semanage_context_create(sh) > - if status < 0: > - raise Error("Could not create SEContext object") > - if self.verbose: print "SEContext object created (for > node)." > - > - status = semanage.semanage_context_set_user(sh, con, > "system_u") > - if status < 0: > - raise Error("Could not set context user") > - if self.verbose: print "SEContext user: ", > semanage.semanage_context_get_user(con) > - > - status = semanage.semanage_context_set_role(sh, con, > "object_r") > - if status < 0: > - raise Error("Could not set context role") > - if self.verbose: print "SEContext role: ", > semanage.semanage_context_get_role(con) > - > - status = semanage.semanage_context_set_type(sh, con, > "lo_node_t") > - if status < 0: > - raise Error("Could not set context type") > - if self.verbose: print "SEContext type: ", > semanage.semanage_context_get_type(con) > - > - status = semanage.semanage_context_set_mls(sh, con, > "s0:c0.c255") > - if status < 0: > - raise Error("Could not set context MLS fields") > - if self.verbose: print "SEContext mls: ", > semanage.semanage_context_get_mls(con) > - > - status = semanage.semanage_node_set_con(sh, node, con) > - if status < 0: > - raise Error("Could not set SENode context") > - if self.verbose: print "SENode context set: ", con > - > - (status,key) = semanage.semanage_node_key_extract(sh, > node) > - if status < 0: > - raise Error("Could not extract SENode key") > - if self.verbose: print "SENode key extracted: ", key > - > - (status,exists) = semanage.semanage_node_exists_ > local(sh,key) > - if status < 0: > - raise Error("Could not check if SENode exists") > - if self.verbose: print "Exists status (commit number): ", > status > - > - if exists: > - (status, old_node) = semanage.semanage_node_query_local(sh, > key) > - if status < 0: > - raise Error("Could not query old SENode") > - if self.verbose: print "Query status (commit > number): ", status > - > - print "Starting transaction..." > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage > transaction") > - > - status = semanage.semanage_node_modify_local(sh,key, node) > - if status < 0: > - raise Error("Could not modify SENode") > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit test transaction") > - print "Commit status (transaction number): ", status > - > - status = semanage.semanage_begin_transaction(sh) > - if status < 0: > - raise Error("Could not start semanage transaction") > - > - if not exists: > - print "Removing network node..." > - status = semanage.semanage_node_del_local(sh, > key) > - if status < 0: > - raise Error("Could not delete test SENode") > - if self.verbose: print "Network node delete: ", > status > - else: > - print "Resetting network node..." > - status = semanage.semanage_node_modify_local(sh, > key, old_node) > - if status < 0: > - raise Error("Could not reset test SENode") > - if self.verbose: print "Network node modify: ", > status > - > - status = semanage.semanage_commit(sh) > - if status < 0: > - raise Error("Could not commit reset transaction") > - print "Commit status (transaction number): ", status > - > - semanage.semanage_context_free(con) > - semanage.semanage_node_key_free(key) > - semanage.semanage_node_free(node) > - if exists: semanage.semanage_node_free(old_node) > + def __init__(self): > + self.all = False > + self.users = False > + self.writeuser = False > + self.seusers = False > + self.writeseuser = False > + self.ports = False > + self.writeport = False > + self.fcontexts = False > + self.writefcontext = False > + self.interfaces = False > + self.writeinterface = False > + self.booleans = False > + self.writeboolean = False > + self.abooleans = False > + self.writeaboolean = False > + self.nodes = False > + self.writenode = False > + self.modules = False > + self.verbose = False > + > + def selected(self): > + return (self.all or self.users or self.modules or self.seusers or > self.ports or self.fcontexts or self.interfaces or self.booleans or > self.abooleans or self.writeuser or self.writeseuser or self.writeport or > self.writefcontext or self.writeinterface or self.writeboolean or > self.writeaboolean or self.nodes or self.writenode) > + > + def run(self, handle): > + if (self.users or self.all): > + self.test_users(handle) > + print "" > + if (self.seusers or self.all): > + self.test_seusers(handle) > + print "" > + if (self.ports or self.all): > + self.test_ports(handle) > + print "" > + if (self.modules or self.all): > + self.test_modules(handle) > + print "" > + if (self.fcontexts or self.all): > + self.test_fcontexts(handle) > + print "" > + if (self.interfaces or self.all): > + self.test_interfaces(handle) > + print "" > + if (self.booleans or self.all): > + self.test_booleans(handle) > + print "" > + if (self.abooleans or self.all): > + self.test_abooleans(handle) > + print "" > + if (self.nodes or self.all): > + self.test_nodes(handle) > + print "" > + if (self.writeuser or self.all): > + self.test_writeuser(handle) > + print "" > + if (self.writeseuser or self.all): > + self.test_writeseuser(handle) > + print "" > + if (self.writeport or self.all): > + self.test_writeport(handle) > + print "" > + if (self.writefcontext or self.all): > + self.test_writefcontext(handle) > + print "" > + if (self.writeinterface or self.all): > + self.test_writeinterface(handle) > + print "" > + if (self.writeboolean or self.all): > + self.test_writeboolean(handle) > + print "" > + if (self.writeaboolean or self.all): > + self.test_writeaboolean(handle) > + print "" > + if (self.writenode or self.all): > + self.test_writenode(handle) > + print "" > + > + def test_modules(self,sh): > + print "Testing modules..." > + > + (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list( > sh) > + > + print "Transaction number: ", trans_cnt > + print "Module list size: ", mlist_size > + if self.verbose: > + print "List reference: ", mlist > + > + if (mlist_size == 0): > + print "No modules installed!" > + print "This is not necessarily a test failure." > + return > + for idx in range(mlist_size): > + module = semanage.semanage_module_list_nth(mlist, idx) > + if self.verbose: > + print "Module reference: ", module > + print "Module name: ", semanage.semanage_module_get_ > name(module) > + > + def test_seusers(self,sh): > + print "Testing seusers..." > + > + (status, slist) = semanage.semanage_seuser_list(sh) > + if status < 0: > + raise Error("Could not list seusers") > + print "Query status (commit number): ", status > + > + if ( len(slist) == 0): > + print "No seusers found!" > + print "This is not necessarily a test failure." > + return > + for seuser in slist: > + if self.verbose: > + print "seseuser reference: ", seuser > + print "seuser name: ", semanage.semanage_seuser_get_ > name(seuser) > + print " seuser mls range: ", semanage.semanage_seuser_get_ > mlsrange(seuser) > + print " seuser sename: ", semanage.semanage_seuser_get_ > sename(seuser) > + semanage.semanage_seuser_free(seuser) > + > + def test_users(self,sh): > + print "Testing users..." > + > + (status, ulist) = semanage.semanage_user_list(sh) > + if status < 0: > + raise Error("Could not list users") > + print "Query status (commit number): ", status > + > + if ( len(ulist) == 0): > + print "No users found!" > + print "This is not necessarily a test failure." > + return > + for user in ulist: > + if self.verbose: > + print "User reference: ", user > + print "User name: ", semanage.semanage_user_get_name(user) > + print " User labeling prefix: ", semanage.semanage_user_get_ > prefix(user) > + print " User mls level: ", semanage.semanage_user_get_ > mlslevel(user) > + print " User mls range: ", semanage.semanage_user_get_ > mlsrange(user) > + print " User number of roles: ", semanage.semanage_user_get_ > num_roles(user) > + print " User roles: " > + (status, rlist) = semanage.semanage_user_get_roles(sh, user) > + if status < 0: > + raise Error("Could not get user roles") > + > + for role in rlist: > + print " ", role > + > + semanage.semanage_user_free(user) > + > + def test_ports(self,sh): > + print "Testing ports..." > + > + (status, plist) = semanage.semanage_port_list(sh) > + if status < 0: > + raise Error("Could not list ports") > + print "Query status (commit number): ", status > + > + if ( len(plist) == 0): > + print "No ports found!" > + print "This is not necessarily a test failure." > + return > + for port in plist: > + if self.verbose: > + print "Port reference: ", port > + low = semanage.semanage_port_get_low(port) > + high = semanage.semanage_port_get_high(port) > + con = semanage.semanage_port_get_con(port) > + proto = semanage.semanage_port_get_proto(port) > + proto_str = semanage.semanage_port_get_proto_str(proto) > + if low == high: > + range_str = str(low) > + else: > + range_str = str(low) + "-" + str(high) > + (rc, con_str) = semanage.semanage_context_to_string(sh,con) > + if rc < 0: con_str = "" > + print "Port: ", range_str, " ", proto_str, " Context: ", > con_str > + semanage.semanage_port_free(port) > + > + def test_fcontexts(self,sh): > + print "Testing file contexts..." > + > + (status, flist) = semanage.semanage_fcontext_list(sh) > + if status < 0: > + raise Error("Could not list file contexts") > + print "Query status (commit number): ", status > + > + if (len(flist) == 0): > + print "No file contexts found!" > + print "This is not necessarily a test failure." > + return > + for fcon in flist: > + if self.verbose: > + print "File Context reference: ", fcon > + expr = semanage.semanage_fcontext_get_expr(fcon) > + type = semanage.semanage_fcontext_get_type(fcon) > + type_str = semanage.semanage_fcontext_get_type_str(type) > + con = semanage.semanage_fcontext_get_con(fcon) > + if not con: > + con_str = "<<none>>" > + else: > + (rc, con_str) = semanage.semanage_context_to_ > string(sh,con) > + if rc < 0: con_str = "" > + print "File Expr: ", expr, " [", type_str, "] Context: ", > con_str > + semanage.semanage_fcontext_free(fcon) > + > + def test_interfaces(self,sh): > + print "Testing network interfaces..." > + > + (status, ilist) = semanage.semanage_iface_list(sh) > + if status < 0: > + raise Error("Could not list interfaces") > + print "Query status (commit number): ", status > + > + if (len(ilist) == 0): > + print "No network interfaces found!" > + print "This is not necessarily a test failure." > + return > + for iface in ilist: > + if self.verbose: > + print "Interface reference: ", iface > + name = semanage.semanage_iface_get_name(iface) > + msg_con = semanage.semanage_iface_get_msgcon(iface) > + if_con = semanage.semanage_iface_get_ifcon(iface) > + (rc, msg_con_str) = semanage.semanage_context_to_ > string(sh,msg_con) > + if rc < 0: msg_con_str = "" > + (rc, if_con_str) = semanage.semanage_context_to_string(sh, > if_con) > + if rc < 0: if_con_str = "" > + print "Interface: ", name, " Context: ", if_con_str, " > Message Context: ", msg_con_str > + semanage.semanage_iface_free(iface) > + > + def test_booleans(self,sh): > + print "Testing booleans..." > + > + (status, blist) = semanage.semanage_bool_list(sh) > + if status < 0: > + raise Error("Could not list booleans") > + print "Query status (commit number): ", status > + > + if (len(blist) == 0): > + print "No booleans found!" > + print "This is not necessarily a test failure." > + return > + for pbool in blist: > + if self.verbose: > + print "Boolean reference: ", pbool > + name = semanage.semanage_bool_get_name(pbool) > + value = semanage.semanage_bool_get_value(pbool) > + print "Boolean: ", name, " Value: ", value > + semanage.semanage_bool_free(pbool) > + > + def test_abooleans(self,sh): > + print "Testing active booleans..." > + > + (status, ablist) = semanage.semanage_bool_list_active(sh) > + if status < 0: > + raise Error("Could not list active booleans") > + print "Query status (commit number): ", status > + > + if (len(ablist) == 0): > + print "No active booleans found!" > + print "This is not necessarily a test failure." > + return > + for abool in ablist: > + if self.verbose: > + print "Active boolean reference: ", abool > + name = semanage.semanage_bool_get_name(abool) > + value = semanage.semanage_bool_get_value(abool) > + print "Active Boolean: ", name, " Value: ", value > + semanage.semanage_bool_free(abool) > + > + def test_nodes(self,sh): > + print "Testing network nodes..." > + > + (status, nlist) = semanage.semanage_node_list(sh) > + if status < 0: > + raise Error("Could not list network nodes") > + print "Query status (commit number): ", status > + > + if (len(nlist) == 0): > + print "No network nodes found!" > + print "This is not necessarily a test failure." > + return > + for node in nlist: > + if self.verbose: > + print "Network node reference: ", node > + > + (status, addr) = semanage.semanage_node_get_addr(sh, node) > + if status < 0: addr = "" > + > + (status, mask) = semanage.semanage_node_get_mask(sh, node) > + if status < 0: mask = "" > + > + proto = semanage.semanage_node_get_proto(node) > + proto_str = semanage.semanage_node_get_proto_str(proto) > + con = semanage.semanage_node_get_con(node) > + > + (status, con_str) = semanage.semanage_context_to_string(sh, > con) > + if status < 0: con_str = "" > + > + print "Network Node: ", addr, "/", mask, " (", proto_str, > ")", "Context: ", con_str > + semanage.semanage_node_free(node) > + > + def test_writeuser(self,sh): > + print "Testing user write..." > + > + (status, user) = semanage.semanage_user_create(sh) > + if status < 0: > + raise Error("Could not create user object") > + if self.verbose: > + print "User object created" > + > + status = semanage.semanage_user_set_name(sh,user, "testPyUser") > + if status < 0: > + raise Error("Could not set user name") > + if self.verbose: > + print "User name set: ", semanage.semanage_user_get_ > name(user) > + > + status = semanage.semanage_user_add_role(sh, user, "user_r") > + if status < 0: > + raise Error("Could not add role") > + > + status = semanage.semanage_user_set_prefix(sh,user, "user") > + if status < 0: > + raise Error("Could not set labeling prefix") > + if self.verbose: > + print "User prefix set: ", semanage.semanage_user_get_ > prefix(user) > + > + status = semanage.semanage_user_set_mlsrange(sh, user, "s0") > + if status < 0: > + raise Error("Could not set MLS range") > + if self.verbose: > + print "User mlsrange: ", semanage.semanage_user_get_ > mlsrange(user) > + > + status = semanage.semanage_user_set_mlslevel(sh, user, "s0") > + if status < 0: > + raise Error("Could not set MLS level") > + if self.verbose: > + print "User mlslevel: ", semanage.semanage_user_get_ > mlslevel(user) > + > + (status,key) = semanage.semanage_user_key_extract(sh,user) > + if status < 0: > + raise Error("Could not extract user key") > + if self.verbose: > + print "User key extracted: ", key > + > + (status,exists) = semanage.semanage_user_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if user exists") > + if self.verbose: > + print "Exists status (commit number): ", status > + > + if exists: > + (status, old_user) = semanage.semanage_user_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old user") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction.." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_user_modify_local(sh,key,user) > + if status < 0: > + raise Error("Could not modify user") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + if not exists: > + print "Removing user..." > + status = semanage.semanage_user_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test user") > + if self.verbose: > + print "User delete: ", status > + else: > + print "Resetting user..." > + status = semanage.semanage_user_modify_local(sh, key, > old_user) > + if status < 0: > + raise Error("Could not reset test user") > + if self.verbose: > + print "User modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_user_key_free(key) > + semanage.semanage_user_free(user) > + if exists: semanage.semanage_user_free(old_user) > + > + def test_writeseuser(self,sh): > + print "Testing seuser write..." > + > + (status, seuser) = semanage.semanage_seuser_create(sh) > + if status < 0: > + raise Error("Could not create SEUser object") > + if self.verbose: > + print "SEUser object created." > + > + status = semanage.semanage_seuser_set_name(sh,seuser, > "testPySEUser") > + if status < 0: > + raise Error("Could not set name") > + if self.verbose: > + print "SEUser name set: ", semanage.semanage_seuser_get_ > name(seuser) > + > + status = semanage.semanage_seuser_set_sename(sh, seuser, "root") > + if status < 0: > + raise Error("Could not set sename") > + if self.verbose: > + print "SEUser seuser: ", semanage.semanage_seuser_get_ > sename(seuser) > + > + status = semanage.semanage_seuser_set_mlsrange(sh, seuser, > "s0:c0.c255") > + if status < 0: > + raise Error("Could not set MLS range") > + if self.verbose: > + print "SEUser mlsrange: ", semanage.semanage_seuser_get_ > mlsrange(seuser) > + > + (status,key) = semanage.semanage_seuser_key_extract(sh,seuser) > + if status < 0: > + raise Error("Could not extract SEUser key") > + if self.verbose: > + print "SEUser key extracted: ", key > + > + (status,exists) = semanage.semanage_seuser_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if SEUser exists") > + if self.verbose: > + print "Exists status (commit number): ", status > + > + if exists: > + (status, old_seuser) = semanage.semanage_seuser_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old SEUser") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_seuser_modify_local(sh,key,seuser) > + if status < 0: > + raise Error("Could not modify SEUser") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + if not exists: > + print "Removing seuser..." > + status = semanage.semanage_seuser_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test SEUser") > + if self.verbose: > + print "Seuser delete: ", status > + else: > + print "Resetting seuser..." > + status = semanage.semanage_seuser_modify_local(sh, key, > old_seuser) > + if status < 0: > + raise Error("Could not reset test SEUser") > + if self.verbose: > + print "Seuser modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_seuser_key_free(key) > + semanage.semanage_seuser_free(seuser) > + if exists: > + semanage.semanage_seuser_free(old_seuser) > + > + def test_writeport(self,sh): > + print "Testing port write..." > + > + (status, port) = semanage.semanage_port_create(sh) > + if status < 0: > + raise Error("Could not create SEPort object") > + if self.verbose: > + print "SEPort object created." > + > + semanage.semanage_port_set_range(port,150,200) > + low = semanage.semanage_port_get_low(port) > + high = semanage.semanage_port_get_high(port) > + if self.verbose: > + print "SEPort range set: ", low, "-", high > + > + semanage.semanage_port_set_proto(port, > semanage.SEMANAGE_PROTO_TCP) > + if self.verbose: > + print "SEPort protocol set: ", semanage.semanage_port_get_ > proto_str(semanage.SEMANAGE_PROTO_TCP) > + > + (status, con) = semanage.semanage_context_create(sh) > + if status < 0: > + raise Error("Could not create SEContext object") > + if self.verbose: > + print "SEContext object created (for port)." > + > + status = semanage.semanage_context_set_user(sh, con, "system_u") > + if status < 0: > + raise Error("Could not set context user") > + if self.verbose: > + print "SEContext user: ", semanage.semanage_context_get_ > user(con) > + > + status = semanage.semanage_context_set_role(sh, con, "object_r") > + if status < 0: > + raise Error("Could not set context role") > + if self.verbose: > + print "SEContext role: ", semanage.semanage_context_get_ > role(con) > + > + status = semanage.semanage_context_set_type(sh, con, > "http_port_t") > + if status < 0: > + raise Error("Could not set context type") > + if self.verbose: > + print "SEContext type: ", semanage.semanage_context_get_ > type(con) > + > + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") > + if status < 0: > + raise Error("Could not set context MLS fields") > + if self.verbose: > + print "SEContext mls: ", semanage.semanage_context_get_ > mls(con) > + > + status = semanage.semanage_port_set_con(sh, port, con) > + if status < 0: > + raise Error("Could not set SEPort context") > + if self.verbose: > + print "SEPort context set: ", con > + > + (status,key) = semanage.semanage_port_key_extract(sh,port) > + if status < 0: > + raise Error("Could not extract SEPort key") > + if self.verbose: > + print "SEPort key extracted: ", key > + > + (status,exists) = semanage.semanage_port_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if SEPort exists") > + if self.verbose: > + print "Exists status (commit number): ", status > + > + if exists: > + (status, old_port) = semanage.semanage_port_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old SEPort") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_port_modify_local(sh,key,port) > + if status < 0: > + raise Error("Could not modify SEPort") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + if not exists: > + print "Removing port range..." > + status = semanage.semanage_port_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test SEPort") > + if self.verbose: > + print "Port range delete: ", status > + else: > + print "Resetting port range..." > + status = semanage.semanage_port_modify_local(sh, key, > old_port) > + if status < 0: > + raise Error("Could not reset test SEPort") > + if self.verbose: > + print "Port range modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_context_free(con) > + semanage.semanage_port_key_free(key) > + semanage.semanage_port_free(port) > + if exists: > + semanage.semanage_port_free(old_port) > + > + def test_writefcontext(self,sh): > + print "Testing file context write..." > + > + (status, fcon) = semanage.semanage_fcontext_create(sh) > + if status < 0: > + raise Error("Could not create SEFcontext object") > + if self.verbose: > + print "SEFcontext object created." > + > + status = semanage.semanage_fcontext_set_expr(sh, fcon, > "/test/fcontext(/.*)?") > + if status < 0: > + raise Error("Could not set expression") > + if self.verbose: > + print "SEFContext expr set: ", semanage.semanage_fcontext_ > get_expr(fcon) > + > + semanage.semanage_fcontext_set_type(fcon, > semanage.SEMANAGE_FCONTEXT_REG) > + if self.verbose: > + ftype = semanage.semanage_fcontext_get_type(fcon) > + print "SEFContext type set: ", semanage.semanage_fcontext_ > get_type_str(ftype) > + > + (status, con) = semanage.semanage_context_create(sh) > + if status < 0: > + raise Error("Could not create SEContext object") > + if self.verbose: > + print "SEContext object created (for file context)." > + > + status = semanage.semanage_context_set_user(sh, con, "system_u") > + if status < 0: > + raise Error("Could not set context user") > + if self.verbose: > + print "SEContext user: ", semanage.semanage_context_get_ > user(con) > + > + status = semanage.semanage_context_set_role(sh, con, "object_r") > + if status < 0: > + raise Error("Could not set context role") > + if self.verbose: > + print "SEContext role: ", semanage.semanage_context_get_ > role(con) > + > + status = semanage.semanage_context_set_type(sh, con, "default_t") > + if status < 0: > + raise Error("Could not set context type") > + if self.verbose: > + print "SEContext type: ", semanage.semanage_context_get_ > type(con) > + > + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") > + if status < 0: > + raise Error("Could not set context MLS fields") > + if self.verbose: > + print "SEContext mls: ", semanage.semanage_context_get_ > mls(con) > + > + status = semanage.semanage_fcontext_set_con(sh, fcon, con) > + if status < 0: > + raise Error("Could not set SEFcontext context") > + if self.verbose: > + print "SEFcontext context set: ", con > + > + (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) > + if status < 0: > + raise Error("Could not extract SEFcontext key") > + if self.verbose: > + print "SEFcontext key extracted: ", key > + > + (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if SEFcontext exists") > + > + if self.verbose: > + print "Exists status (commit number): ", status > + if exists: > + (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old SEFcontext") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_fcontext_modify_local(sh,key,fcon) > + if status < 0: > + raise Error("Could not modify SEFcontext") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + if not exists: > + print "Removing file context..." > + status = semanage.semanage_fcontext_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test SEFcontext") > + if self.verbose: > + print "File context delete: ", status > + else: > + print "Resetting file context..." > + status = semanage.semanage_fcontext_modify_local(sh, key, > old_fcontext) > + if status < 0: > + raise Error("Could not reset test FContext") > + if self.verbose: > + print "File context modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_context_free(con) > + semanage.semanage_fcontext_key_free(key) > + semanage.semanage_fcontext_free(fcon) > + if exists: > + semanage.semanage_fcontext_free(old_fcontext) > + > + def test_writeinterface(self,sh): > + print "Testing network interface write..." > + > + (status, iface) = semanage.semanage_iface_create(sh) > + if status < 0: > + raise Error("Could not create SEIface object") > + if self.verbose: > + print "SEIface object created." > + > + status = semanage.semanage_iface_set_name(sh, iface, > "test_iface") > + if status < 0: > + raise Error("Could not set SEIface name") > + if self.verbose: > + print "SEIface name set: ", semanage.semanage_iface_get_ > name(iface) > + > + (status, con) = semanage.semanage_context_create(sh) > + if status < 0: > + raise Error("Could not create SEContext object") > + if self.verbose: > + print "SEContext object created (for network interface)" > + > + status = semanage.semanage_context_set_user(sh, con, "system_u") > + if status < 0: > + raise Error("Could not set interface context user") > + if self.verbose: > + print "SEContext user: ", semanage.semanage_context_get_ > user(con) > + > + status = semanage.semanage_context_set_role(sh, con, "object_r") > + if status < 0: > + raise Error("Could not set interface context role") > + if self.verbose: > + print "SEContext role: ", semanage.semanage_context_get_ > role(con) > + > + status = semanage.semanage_context_set_type(sh, con, "default_t") > + if status < 0: > + raise Error("Could not set interface context type") > + if self.verbose: > + print "SEContext type: ", semanage.semanage_context_get_ > type(con) > + > + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") > + if status < 0: > + raise Error("Could not set interface context MLS fields") > + if self.verbose: > + print "SEContext mls: ", semanage.semanage_context_get_ > mls(con) > + > + status = semanage.semanage_iface_set_ifcon(sh, iface, con) > + if status < 0: > + raise Error("Could not set SEIface interface context") > + if self.verbose: > + print "SEIface interface context set: ", con > + > + status = semanage.semanage_iface_set_msgcon(sh, iface, con) > + if status < 0: > + raise Error("Could not set SEIface message context") > + if self.verbose: > + print "SEIface message context set: ", con > + > + (status,key) = semanage.semanage_iface_key_extract(sh,iface) > + if status < 0: > + raise Error("Could not extract SEIface key") > + if self.verbose: > + print "SEIface key extracted: ", key > + > + (status,exists) = semanage.semanage_iface_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if SEIface exists") > + if self.verbose: > + print "Exists status (commit number): ", status > + > + if exists: > + (status, old_iface) = semanage.semanage_iface_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old SEIface") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not begin semanage transaction") > + > + status = semanage.semanage_iface_modify_local(sh,key,iface) > + if status < 0: > + raise Error("Could not modify SEIface") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not begin semanage transaction") > + > + if not exists: > + print "Removing interface..." > + status = semanage.semanage_iface_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test SEIface") > + if self.verbose: > + print "Interface delete: ", status > + else: > + print "Resetting interface..." > + status = semanage.semanage_iface_modify_local(sh, key, > old_iface) > + if status < 0: > + raise Error("Could not reset test SEIface") > + if self.verbose: > + print "Interface modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_context_free(con) > + semanage.semanage_iface_key_free(key) > + semanage.semanage_iface_free(iface) > + if exists: > + semanage.semanage_iface_free(old_iface) > + > + def test_writeboolean(self,sh): > + print "Testing boolean write..." > + > + (status, pbool) = semanage.semanage_bool_create(sh) > + if status < 0: > + raise Error("Could not create SEBool object") > + if self.verbose: > + print "SEBool object created." > + > + status = semanage.semanage_bool_set_name(sh, pbool, > "allow_execmem") > + if status < 0: > + raise Error("Could not set name") > + if self.verbose: > + print "SEBool name set: ", semanage.semanage_bool_get_ > name(pbool) > + > + semanage.semanage_bool_set_value(pbool, 0) > + if self.verbose: > + print "SEbool value set: ", semanage.semanage_bool_get_ > value(pbool) > + > + (status,key) = semanage.semanage_bool_key_extract(sh, pbool) > + if status < 0: > + raise Error("Could not extract SEBool key") > + if self.verbose: > + print "SEBool key extracted: ", key > + > + (status,exists) = semanage.semanage_bool_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if SEBool exists") > + if self.verbose: > + print "Exists status (commit number): ", status > + > + if exists: > + (status, old_bool) = semanage.semanage_bool_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old SEBool") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_bool_modify_local(sh, key, pbool) > + > + if status < 0: > + raise Error("Could not modify SEBool") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + if not exists: > + print "Removing boolean..." > + status = semanage.semanage_bool_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test SEBool") > + if self.verbose: > + print "Boolean delete: ", status > + else: > + print "Resetting boolean..." > + status = semanage.semanage_bool_modify_local(sh, key, > old_bool) > + if status < 0: > + raise Error("Could not reset test SEBool") > + if self.verbose: > + print "Boolean modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_bool_key_free(key) > + semanage.semanage_bool_free(pbool) > + if exists: semanage.semanage_bool_free(old_bool) > + > + def test_writeaboolean(self,sh): > + print "Testing active boolean write..." > + > + (status, key) = semanage.semanage_bool_key_create(sh, > "allow_execmem") > + if status < 0: > + raise Error("Could not create SEBool key") > + if self.verbose: > + print "SEBool key created: ", key > + > + (status, old_bool) = semanage.semanage_bool_query_active(sh, key) > + if status < 0: > + raise Error("Could not query old SEBool") > + if self.verbose: > + print "Query status (commit number): ", status > + > + (status, abool) = semanage.semanage_bool_create(sh) > + if status < 0: > + raise Error("Could not create SEBool object") > + if self.verbose: > + print "SEBool object created." > + > + status = semanage.semanage_bool_set_name(sh, abool, > "allow_execmem") > + if status < 0: > + raise Error("Could not set name") > + if self.verbose: > + print "SEBool name set: ", semanage.semanage_bool_get_ > name(abool) > + > + semanage.semanage_bool_set_value(abool, 0) > + if self.verbose: > + print "SEbool value set: ", semanage.semanage_bool_get_ > value(abool) > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_bool_set_active(sh,key,abool) > + if status < 0: > + raise Error("Could not modify SEBool") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + print "Resetting old active boolean..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_bool_set_active(sh, key,old_bool) > + if status < 0: > + raise Error("Could not reset test SEBool") > + if self.verbose: > + print "SEBool active reset: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_bool_key_free(key) > + semanage.semanage_bool_free(abool) > + semanage.semanage_bool_free(old_bool) > + > + > + def test_writenode(self,sh): > + print "Testing network node write..." > + > + (status, node) = semanage.semanage_node_create(sh) > + if status < 0: > + raise Error("Could not create SENode object") > + if self.verbose: > + print "SENode object created." > + > + status = semanage.semanage_node_set_addr(sh, node, > semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") > + if status < 0: > + raise Error("Could not set SENode address") > + > + status = semanage.semanage_node_set_mask(sh, node, > semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") > + if status < 0: > + raise Error("Could not set SENode netmask") > + > + semanage.semanage_node_set_proto(node, > semanage.SEMANAGE_PROTO_IP6) > + if self.verbose: > + print "SENode protocol set: ", semanage.semanage_node_get_ > proto_str(semanage.SEMANAGE_PROTO_IP6) > + > + (status, con) = semanage.semanage_context_create(sh) > + if status < 0: > + raise Error("Could not create SEContext object") > + if self.verbose: > + print "SEContext object created (for node)." > + > + status = semanage.semanage_context_set_user(sh, con, "system_u") > + if status < 0: > + raise Error("Could not set context user") > + if self.verbose: > + print "SEContext user: ", semanage.semanage_context_get_ > user(con) > + > + status = semanage.semanage_context_set_role(sh, con, "object_r") > + if status < 0: > + raise Error("Could not set context role") > + if self.verbose: > + print "SEContext role: ", semanage.semanage_context_get_ > role(con) > + > + status = semanage.semanage_context_set_type(sh, con, "lo_node_t") > + if status < 0: > + raise Error("Could not set context type") > + if self.verbose: > + print "SEContext type: ", semanage.semanage_context_get_ > type(con) > + > + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") > + if status < 0: > + raise Error("Could not set context MLS fields") > + if self.verbose: > + print "SEContext mls: ", semanage.semanage_context_get_ > mls(con) > + > + status = semanage.semanage_node_set_con(sh, node, con) > + if status < 0: > + raise Error("Could not set SENode context") > + if self.verbose: > + print "SENode context set: ", con > + > + (status,key) = semanage.semanage_node_key_extract(sh, node) > + if status < 0: > + raise Error("Could not extract SENode key") > + if self.verbose: > + print "SENode key extracted: ", key > + > + (status,exists) = semanage.semanage_node_exists_local(sh,key) > + if status < 0: > + raise Error("Could not check if SENode exists") > + if self.verbose: > + print "Exists status (commit number): ", status > + > + if exists: > + (status, old_node) = semanage.semanage_node_query_local(sh, > key) > + if status < 0: > + raise Error("Could not query old SENode") > + if self.verbose: > + print "Query status (commit number): ", status > + > + print "Starting transaction..." > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + status = semanage.semanage_node_modify_local(sh,key, node) > + if status < 0: > + raise Error("Could not modify SENode") > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit test transaction") > + print "Commit status (transaction number): ", status > + > + status = semanage.semanage_begin_transaction(sh) > + if status < 0: > + raise Error("Could not start semanage transaction") > + > + if not exists: > + print "Removing network node..." > + status = semanage.semanage_node_del_local(sh, key) > + if status < 0: > + raise Error("Could not delete test SENode") > + if self.verbose: > + print "Network node delete: ", status > + else: > + print "Resetting network node..." > + status = semanage.semanage_node_modify_local(sh, key, > old_node) > + if status < 0: > + raise Error("Could not reset test SENode") > + if self.verbose: > + print "Network node modify: ", status > + > + status = semanage.semanage_commit(sh) > + if status < 0: > + raise Error("Could not commit reset transaction") > + print "Commit status (transaction number): ", status > + > + semanage.semanage_context_free(con) > + semanage.semanage_node_key_free(key) > + semanage.semanage_node_free(node) > + if exists: > + semanage.semanage_node_free(old_node) > > def main(argv=None): > - if argv is None: > - argv = sys.argv > - try: > - try: > - opts, args = getopt.getopt(argv[1:], > "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", > "ports", "file contexts", "network interfaces", "booleans", "active > booleans", "network nodes", "writeuser", "writeseuser", "writeport", > "writefcontext", "writeinterface", "writeboolean", "writeaboolean", > "writenode", "all"]) > - tests = Tests() > - for o, a in opts: > - if o == "-v": > - tests.verbose = True > - print "Verbose output selected." > - if o == "-a": > - tests.all = True > - if o == "-u": > - tests.users = True > - if o == "-U": > - tests.writeuser = True > - if o == "-s": > - tests.seusers = True > - if o == "-S": > - tests.writeseuser = True > - if o == "-p": > - tests.ports = True > - if o == "-P": > - tests.writeport = True > - if o == "-f": > - tests.fcontexts = True > - if o == "-F": > - tests.writefcontext = True > - if o == "-i": > - tests.interfaces = True > - if o == "-I": > - tests.writeinterface = True > - if o == "-b": > - tests.booleans = True > - if o == "-B": > - tests.writeboolean = True > - if o == "-c": > - tests.abooleans = True > - if o == "-C": > - tests.writeaboolean = True > - if o == "-n": > - tests.nodes = True > - if o == "-N": > - tests.writenode = True > - if o == "-m": > - tests.modules = True > - if o == "-h": > - raise Usage(usage) > - > - if not tests.selected(): > - raise Usage("Please select a valid test.") > - > - except getopt.error, msg: > - raise Usage(msg) > - > - sh=semanage.semanage_handle_create() > - > - if (semanage.semanage_is_managed(sh) != 1): > - raise Status("Unmanaged!") > - > - status = semanage.semanage_connect(sh) > - if status < 0: > - raise Error("Could not establish semanage > connection") > - > - tests.run(sh) > - > - status = semanage.semanage_disconnect(sh) > - if status < 0: > - raise Error("Could not disconnect") > - > - semanage.semanage_handle_destroy(sh) > - > - except Usage, err: > - print >>sys.stderr, err.msg > - except Status, err: > - print >>sys.stderr, err.msg > - except Error, err: > - print >>sys.stderr, err.msg > - > - return 2 > + if argv is None: > + argv = sys.argv > + try: > + try: > + opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", > ["help", "verbose", "modules", "users", "seusers", "ports", "file > contexts", "network interfaces", "booleans", "active booleans", "network > nodes", "writeuser", "writeseuser", "writeport", "writefcontext", > "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) > + tests = Tests() > + for o, a in opts: > + if o == "-v": > + tests.verbose = True > + print "Verbose output selected." > + if o == "-a": > + tests.all = True > + if o == "-u": > + tests.users = True > + if o == "-U": > + tests.writeuser = True > + if o == "-s": > + tests.seusers = True > + if o == "-S": > + tests.writeseuser = True > + if o == "-p": > + tests.ports = True > + if o == "-P": > + tests.writeport = True > + if o == "-f": > + tests.fcontexts = True > + if o == "-F": > + tests.writefcontext = True > + if o == "-i": > + tests.interfaces = True > + if o == "-I": > + tests.writeinterface = True > + if o == "-b": > + tests.booleans = True > + if o == "-B": > + tests.writeboolean = True > + if o == "-c": > + tests.abooleans = True > + if o == "-C": > + tests.writeaboolean = True > + if o == "-n": > + tests.nodes = True > + if o == "-N": > + tests.writenode = True > + if o == "-m": > + tests.modules = True > + if o == "-h": > + raise Usage(usage) > + > + if not tests.selected(): > + raise Usage("Please select a valid test.") > + > + except getopt.error, msg: > + raise Usage(msg) > + > + sh=semanage.semanage_handle_create() > + > + if (semanage.semanage_is_managed(sh) != 1): > + raise Status("Unmanaged!") > + > + status = semanage.semanage_connect(sh) > + if status < 0: > + raise Error("Could not establish semanage connection") > + > + tests.run(sh) > + > + status = semanage.semanage_disconnect(sh) > + if status < 0: > + raise Error("Could not disconnect") > + > + semanage.semanage_handle_destroy(sh) > + > + except Usage, err: > + print >>sys.stderr, err.msg > + except Status, err: > + print >>sys.stderr, err.msg > + except Error, err: > + print >>sys.stderr, err.msg > + > + return 2 > > if __name__ == "__main__": > - sys.exit(main()) > - > + sys.exit(main()) > -- > 2.18.0 > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov. > <div dir="ltr">Ack applies and runs</div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Aug 18, 2018 at 10:50 AM, Nicolas Iooss <span dir="ltr"><<a href="mailto:nicolas.iooss@m4x.org" target="_blank">nicolas.iooss@m4x.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Only use spaces to indent Python code. This reduces the number of<br> warnings reported by Python linters.<br> <br> Signed-off-by: Nicolas Iooss <<a href="mailto:nicolas.iooss@m4x.org">nicolas.iooss@m4x.org</a>><br> ---<br> Â libsemanage/src/pywrap-test.py | 2301 +++++++++++++++++-------------<wbr>--<br> Â 1 file changed, 1200 insertions(+), 1101 deletions(-)<br> <br> diff --git a/libsemanage/src/pywrap-test.<wbr>py b/libsemanage/src/pywrap-test.<wbr>py<br> index 25b668d80b67..326034947aa5 100644<br> --- a/libsemanage/src/pywrap-test.<wbr>py<br> +++ b/libsemanage/src/pywrap-test.<wbr>py<br> @@ -28,1114 +28,1213 @@ Other options:\n\<br> Â "<br> <br> Â class Usage(Exception):<br> -Â Â Â Â def __init__(self, msg):<br> -Â Â Â Â Â Â Â Â Exception.__init__(self)<br> -Â Â Â Â Â Â Â Â self.msg = msg<br> +Â Â def __init__(self, msg):<br> +Â Â Â Â Exception.__init__(self)<br> +Â Â Â Â self.msg = msg<br> <br> Â class Status(Exception):<br> -Â Â Â Â def __init__(self, msg):<br> -Â Â Â Â Â Â Â Â Exception.__init__(self)<br> -Â Â Â Â Â Â Â Â self.msg = msg<br> +Â Â def __init__(self, msg):<br> +Â Â Â Â Exception.__init__(self)<br> +Â Â Â Â self.msg = msg<br> <br> Â class Error(Exception):<br> -Â Â Â Â def __init__(self, msg):<br> -Â Â Â Â Â Â Â Â Exception.__init__(self)<br> -Â Â Â Â Â Â Â Â self.msg = msg<br> +Â Â def __init__(self, msg):<br> +Â Â Â Â Exception.__init__(self)<br> +Â Â Â Â self.msg = msg<br> <br> Â class Tests:<br> -Â Â Â Â def __init__(self):<br> -Â Â Â Â Â Â Â Â self.all = False<br> -Â Â Â Â Â Â Â Â self.users = False<br> -Â Â Â Â Â Â Â Â self.writeuser = False<br> -Â Â Â Â Â Â Â Â self.seusers = False<br> -Â Â Â Â Â Â Â Â self.writeseuser = False<br> -Â Â Â Â Â Â Â Â self.ports = False<br> -Â Â Â Â Â Â Â Â self.writeport = False<br> -Â Â Â Â Â Â Â Â self.fcontexts = False<br> -Â Â Â Â Â Â Â Â self.writefcontext = False<br> -Â Â Â Â Â Â Â Â self.interfaces = False<br> -Â Â Â Â Â Â Â Â self.writeinterface = False<br> -Â Â Â Â Â Â Â Â self.booleans = False<br> -Â Â Â Â Â Â Â Â self.writeboolean = False<br> -Â Â Â Â Â Â Â Â self.abooleans = False<br> -Â Â Â Â Â Â Â Â self.writeaboolean = False<br> -Â Â Â Â Â Â Â Â self.nodes = False<br> -Â Â Â Â Â Â Â Â self.writenode = False<br> -Â Â Â Â Â Â Â Â self.modules = False<br> -Â Â Â Â Â Â Â Â self.verbose = False<br> -<br> -Â Â Â Â def selected(self):<br> -Â Â Â Â Â Â Â Â return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode)<br> -<br> -Â Â Â Â def run(self, handle):<br> -Â Â Â Â Â Â Â Â if (self.users or self.all): <br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_users(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.seusers or self.all): <br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_seusers(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.ports or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_ports(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.modules or self.all): <br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_modules(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.fcontexts or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_fcontexts(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.interfaces or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_interfaces(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.booleans or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_booleans(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.abooleans or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_abooleans(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.nodes or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_nodes(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writeuser or self.all): <br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writeuser(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writeseuser or self.all): <br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writeseuser(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writeport or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writeport(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writefcontext or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writefcontext(<wbr>handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writeinterface or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writeinterface(<wbr>handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writeboolean or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writeboolean(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writeaboolean or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writeaboolean(<wbr>handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -Â Â Â Â Â Â Â Â if (self.writenode or self.all):<br> -Â Â Â Â Â Â Â Â Â Â Â Â self.test_writenode(handle)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print ""<br> -<br> -Â Â Â Â def test_modules(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing modules..."<br> -<br> -Â Â Â Â Â Â Â Â (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(<wbr>sh)<br> -<br> -Â Â Â Â Â Â Â Â print "Transaction number: ", trans_cnt<br> -Â Â Â Â Â Â Â Â print "Module list size: ", mlist_size<br> -Â Â Â Â Â Â Â Â if self.verbose: print "List reference: ", mlist<br> -<br> -Â Â Â Â Â Â Â Â if (mlist_size == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No modules installed!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for idx in range(mlist_size):<br> -Â Â Â Â Â Â Â Â Â Â Â Â module = semanage.semanage_module_list_<wbr>nth(mlist, idx)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Module reference: ", module<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Module name: ", semanage.semanage_module_get_<wbr>name(module)<br> -<br> -Â Â Â Â def test_seusers(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing seusers..."<br> -<br> -Â Â Â Â Â Â Â Â (status, slist) = semanage.semanage_seuser_list(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list seusers")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if ( len(slist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No seusers found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for seuser in slist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "seseuser reference: ", seuser <br> -Â Â Â Â Â Â Â Â Â Â Â Â print "seuser name: ", semanage.semanage_seuser_get_<wbr>name(seuser)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â seuser mls range: ", semanage.semanage_seuser_get_<wbr>mlsrange(seuser)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â seuser sename: ", semanage.semanage_seuser_get_<wbr>sename(seuser)<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_seuser_free(<wbr>seuser)Â Â Â Â Â Â <br> -<br> -Â Â Â Â def test_users(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing users..."<br> -<br> -Â Â Â Â Â Â Â Â (status, ulist) = semanage.semanage_user_list(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list users")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if ( len(ulist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No users found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for user in ulist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "User reference: ", user <br> -Â Â Â Â Â Â Â Â Â Â Â Â print "User name: ", semanage.semanage_user_get_<wbr>name(user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â User labeling prefix: ", semanage.semanage_user_get_<wbr>prefix(user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â User mls level: ", semanage.semanage_user_get_<wbr>mlslevel(user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â User mls range: ", semanage.semanage_user_get_<wbr>mlsrange(user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â User number of roles: ", semanage.semanage_user_get_<wbr>num_roles(user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â User roles: "<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, rlist) = semanage.semanage_user_get_<wbr>roles(sh, user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not get user roles")<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â Â Â Â Â for role in rlist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â print "Â Â Â ", role<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_user_free(<wbr>user)<br> -<br> -Â Â Â Â def test_ports(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing ports..."<br> -<br> -Â Â Â Â Â Â Â Â (status, plist) = semanage.semanage_port_list(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list ports")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if ( len(plist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No ports found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for port in plist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Port reference: ", port<br> -Â Â Â Â Â Â Â Â Â Â Â Â low = semanage.semanage_port_get_<wbr>low(port)<br> -Â Â Â Â Â Â Â Â Â Â Â Â high = semanage.semanage_port_get_<wbr>high(port)<br> -Â Â Â Â Â Â Â Â Â Â Â Â con = semanage.semanage_port_get_<wbr>con(port)<br> -Â Â Â Â Â Â Â Â Â Â Â Â proto = semanage.semanage_port_get_<wbr>proto(port)<br> -Â Â Â Â Â Â Â Â Â Â Â Â proto_str = semanage.semanage_port_get_<wbr>proto_str(proto)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if low == high:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â range_str = str(low)<br> -Â Â Â Â Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â range_str = str(low) + "-" + str(high)<br> -Â Â Â Â Â Â Â Â Â Â Â Â (rc, con_str) = semanage.semanage_context_to_<wbr>string(sh,con)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if rc < 0: con_str = ""<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Port: ", range_str, " ", proto_str, " Context: ", con_str<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_port_free(<wbr>port)<br> -<br> -Â Â Â Â def test_fcontexts(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing file contexts..."<br> -<br> -Â Â Â Â Â Â Â Â (status, flist) = semanage.semanage_fcontext_<wbr>list(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list file contexts")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if (len(flist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No file contexts found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for fcon in flist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "File Context reference: ", fcon<br> -Â Â Â Â Â Â Â Â Â Â Â Â expr = semanage.semanage_fcontext_<wbr>get_expr(fcon)<br> -Â Â Â Â Â Â Â Â Â Â Â Â type = semanage.semanage_fcontext_<wbr>get_type(fcon)<br> -Â Â Â Â Â Â Â Â Â Â Â Â type_str = semanage.semanage_fcontext_<wbr>get_type_str(type)<br> -Â Â Â Â Â Â Â Â Â Â Â Â con = semanage.semanage_fcontext_<wbr>get_con(fcon)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if not con: <br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â con_str = "<<none>>"<br> -Â Â Â Â Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â (rc, con_str) = semanage.semanage_context_to_<wbr>string(sh,con)<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if rc < 0: con_str = ""<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "File Expr: ", expr, " [", type_str, "] Context: ", con_str<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_fcontext_<wbr>free(fcon)<br> -<br> -Â Â Â Â def test_interfaces(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing network interfaces..."<br> -<br> -Â Â Â Â Â Â Â Â (status, ilist) = semanage.semanage_iface_list(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list interfaces")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if (len(ilist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No network interfaces found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for iface in ilist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Interface reference: ", iface<br> -Â Â Â Â Â Â Â Â Â Â Â Â name = semanage.semanage_iface_get_<wbr>name(iface)<br> -Â Â Â Â Â Â Â Â Â Â Â Â msg_con = semanage.semanage_iface_get_<wbr>msgcon(iface)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if_con = semanage.semanage_iface_get_<wbr>ifcon(iface)<br> -Â Â Â Â Â Â Â Â Â Â Â Â (rc, msg_con_str) = semanage.semanage_context_to_<wbr>string(sh,msg_con)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if rc < 0: msg_con_str = ""<br> -Â Â Â Â Â Â Â Â Â Â Â Â (rc, if_con_str) = semanage.semanage_context_to_<wbr>string(sh, if_con)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if rc < 0: if_con_str = ""<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_iface_free(<wbr>iface)<br> -<br> -Â Â Â Â def test_booleans(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing booleans..."<br> -<br> -Â Â Â Â Â Â Â Â (status, blist) = semanage.semanage_bool_list(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list booleans")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if (len(blist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No booleans found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for pbool in blist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Boolean reference: ", pbool<br> -Â Â Â Â Â Â Â Â Â Â Â Â name = semanage.semanage_bool_get_<wbr>name(pbool)<br> -Â Â Â Â Â Â Â Â Â Â Â Â value = semanage.semanage_bool_get_<wbr>value(pbool) <br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Boolean: ", name, " Value: ", value<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>pbool)<br> -<br> -Â Â Â Â def test_abooleans(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing active booleans..."<br> -<br> -Â Â Â Â Â Â Â Â (status, ablist) = semanage.semanage_bool_list_<wbr>active(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list active booleans")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if (len(ablist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No active booleans found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for abool in ablist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Active boolean reference: ", abool<br> -Â Â Â Â Â Â Â Â Â Â Â Â name = semanage.semanage_bool_get_<wbr>name(abool)<br> -Â Â Â Â Â Â Â Â Â Â Â Â value = semanage.semanage_bool_get_<wbr>value(abool)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Active Boolean: ", name, " Value: ", value<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>abool)<br> -<br> -Â Â Â Â def test_nodes(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing network nodes..."<br> -<br> -Â Â Â Â Â Â Â Â (status, nlist) = semanage.semanage_node_list(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not list network nodes")<br> -Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if (len(nlist) == 0):<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "No network nodes found!"<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "This is not necessarily a test failure."<br> -Â Â Â Â Â Â Â Â Â Â Â Â return<br> -Â Â Â Â Â Â Â Â for node in nlist:<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Network node reference: ", node<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, addr) = semanage.semanage_node_get_<wbr>addr(sh, node)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0: addr = ""<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, mask) = semanage.semanage_node_get_<wbr>mask(sh, node)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0: mask = ""<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â proto = semanage.semanage_node_get_<wbr>proto(node)<br> -Â Â Â Â Â Â Â Â Â Â Â Â proto_str = semanage.semanage_node_get_<wbr>proto_str(proto)Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â Â Â Â Â con = semanage.semanage_node_get_<wbr>con(node)<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, con_str) = semanage.semanage_context_to_<wbr>string(sh, con)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0: con_str = ""<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_node_free(<wbr>node)<br> -<br> -Â Â Â Â def test_writeuser(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing user write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, user) = semanage.semanage_user_create(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create user object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "User object created"<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_user_set_<wbr>name(sh,user, "testPyUser")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set user name")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "User name set: ", semanage.semanage_user_get_<wbr>name(user)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_user_add_<wbr>role(sh, user, "user_r")Â Â <br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not add role")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_user_set_<wbr>prefix(sh,user, "user")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set labeling prefix")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "User prefix set: ", semanage.semanage_user_get_<wbr>prefix(user)<br> -Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_user_set_<wbr>mlsrange(sh, user, "s0")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set MLS range")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_<wbr>mlsrange(user)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_user_set_<wbr>mlslevel(sh, user, "s0")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set MLS level")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_<wbr>mlslevel(user)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_user_key_<wbr>extract(sh,user)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract user key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "User key extracted: ", key<br> -Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_user_exists_<wbr>local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if user exists")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if exists: <br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_user) = semanage.semanage_user_query_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old user")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction.."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_user_modify_<wbr>local(sh,key,user)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify user")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> - <br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing user..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_user_del_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test user")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "User delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting user..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_user_modify_<wbr>local(sh, key, old_user)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test user")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "User modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_user_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_user_free(<wbr>user)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_user_free(<wbr>old_user)<br> -<br> -Â Â Â Â def test_writeseuser(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing seuser write..."<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status, seuser) = semanage.semanage_seuser_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEUser object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEUser object created."<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_seuser_set_<wbr>name(sh,seuser, "testPySEUser")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set name")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_<wbr>name(seuser)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_seuser_set_<wbr>sename(sh, seuser, "root")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set sename")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEUser seuser: ", semanage.semanage_seuser_get_<wbr>sename(seuser)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_seuser_set_<wbr>mlsrange(sh, seuser, "s0:c0.c255")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set MLS range")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_<wbr>mlsrange(seuser)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_seuser_key_<wbr>extract(sh,seuser)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract SEUser key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEUser key extracted: ", key<br> -Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_seuser_<wbr>exists_local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if SEUser exists")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_seuser) = semanage.semanage_seuser_<wbr>query_local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SEUser")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_seuser_<wbr>modify_local(sh,key,seuser)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SEUser")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing seuser..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_seuser_del_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test SEUser")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Seuser delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting seuser..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_seuser_<wbr>modify_local(sh, key, old_seuser)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test SEUser")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Seuser modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_seuser_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_seuser_free(<wbr>seuser)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_seuser_free(<wbr>old_seuser)<br> -<br> -Â Â Â Â def test_writeport(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing port write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, port) = semanage.semanage_port_create(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEPort object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEPort object created."<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_port_set_<wbr>range(port,150,200)<br> -Â Â Â Â Â Â Â Â low = semanage.semanage_port_get_<wbr>low(port)<br> -Â Â Â Â Â Â Â Â high = semanage.semanage_port_get_<wbr>high(port)<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEPort range set: ", low, "-", high<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â semanage.semanage_port_set_<wbr>proto(port, semanage.SEMANAGE_PROTO_TCP);<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEPort protocol set: ", \<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_port_get_<wbr>proto_str(semanage.SEMANAGE_<wbr>PROTO_TCP)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext object created (for port)."<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context user")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context role")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "http_port_t")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context type")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context MLS fields")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_port_set_<wbr>con(sh, port, con)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SEPort context")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEPort context set: ", con<br> -<br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_port_key_<wbr>extract(sh,port)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract SEPort key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEPort key extracted: ", key<br> -<br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_port_exists_<wbr>local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if SEPort exists")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_port) = semanage.semanage_port_query_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SEPort")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")Â Â Â <br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_port_modify_<wbr>local(sh,key,port)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SEPort")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing port range..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_port_del_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test SEPort")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Port range delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting port range..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_port_modify_<wbr>local(sh, key, old_port)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test SEPort")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Port range modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> -Â Â Â Â Â Â Â Â semanage.semanage_port_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_port_free(<wbr>port)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_port_free(<wbr>old_port)<br> -<br> -Â Â Â Â def test_writefcontext(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing file context write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, fcon) = semanage.semanage_fcontext_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEFcontext object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEFcontext object created."<br> -Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>set_expr(sh, fcon, "/test/fcontext(/.*)?")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set expression")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_<wbr>get_expr(fcon)<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_fcontext_<wbr>set_type(fcon, semanage.SEMANAGE_FCONTEXT_<wbr>REG)<br> -Â Â Â Â Â Â Â Â if self.verbose:<br> -Â Â Â Â Â Â Â Â Â Â Â Â ftype = semanage.semanage_fcontext_<wbr>get_type(fcon)<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "SEFContext type set: ", semanage.semanage_fcontext_<wbr>get_type_str(ftype)<br> -<br> -Â Â Â Â Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext object created (for file context)."<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context user")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context role")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "default_t")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context type")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context MLS fields")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>set_con(sh, fcon, con)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SEFcontext context")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEFcontext context set: ", con<br> -<br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_fcontext_<wbr>key_extract(sh,fcon)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract SEFcontext key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEFcontext key extracted: ", key<br> -<br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_fcontext_<wbr>exists_local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if SEFcontext exists")<br> -<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -Â Â Â Â Â Â Â Â if exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_fcontext) = semanage.semanage_fcontext_<wbr>query_local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SEFcontext")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>modify_local(sh,key,fcon)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SEFcontext")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing file context..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>del_local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test SEFcontext")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "File context delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting file context..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>modify_local(sh, key, old_fcontext)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test FContext")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "File context modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_context_<wbr>free(con)Â Â Â <br> -Â Â Â Â Â Â Â Â semanage.semanage_fcontext_<wbr>key_free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_fcontext_<wbr>free(fcon)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_fcontext_<wbr>free(old_fcontext)<br> -<br> -Â Â Â Â def test_writeinterface(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing network interface write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, iface) = semanage.semanage_iface_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEIface object")Â <br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEIface object created."<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_iface_set_<wbr>name(sh, iface, "test_iface")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SEIface name")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_<wbr>name(iface)Â Â <br> -<br> -Â Â Â Â Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext object created (for network interface)"<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set interface context user")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set interface context role")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "default_t")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set interface context type")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set interface context MLS fields")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_iface_set_<wbr>ifcon(sh, iface, con)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SEIface interface context")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEIface interface context set: ", con<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_iface_set_<wbr>msgcon(sh, iface, con)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SEIface message context")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEIface message context set: ", con<br> -<br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_iface_key_<wbr>extract(sh,iface)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract SEIface key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEIface key extracted: ", key<br> -<br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_iface_<wbr>exists_local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if SEIface exists")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_iface) = semanage.semanage_iface_query_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SEIface")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not begin semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_iface_<wbr>modify_local(sh,key,iface)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SEIface")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not begin semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing interface..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_iface_del_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test SEIface")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Interface delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting interface..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_iface_<wbr>modify_local(sh, key, old_iface)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test SEIface")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Interface modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> -Â Â Â Â Â Â Â Â semanage.semanage_iface_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_iface_free(<wbr>iface)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_iface_free(<wbr>old_iface)<br> -<br> -Â Â Â Â def test_writeboolean(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing boolean write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, pbool) = semanage.semanage_bool_create(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEBool object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool object created."<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_bool_set_<wbr>name(sh, pbool, "allow_execmem")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set name")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_<wbr>name(pbool)<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_set_<wbr>value(pbool, 0)<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_<wbr>value(pbool)<br> -<br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_bool_key_<wbr>extract(sh, pbool)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract SEBool key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool key extracted: ", key<br> -<br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_bool_exists_<wbr>local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if SEBool exists")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_bool) = semanage.semanage_bool_query_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SEBool")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_bool_modify_<wbr>local(sh, key, pbool)<br> -<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SEBool")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing boolean..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_bool_del_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test SEBool")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Boolean delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting boolean..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_bool_modify_<wbr>local(sh, key, old_bool)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test SEBool")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Boolean modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>pbool)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_bool_free(<wbr>old_bool)<br> -<br> -Â Â Â Â def test_writeaboolean(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing active boolean write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, key) = semanage.semanage_bool_key_<wbr>create(sh, "allow_execmem")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEBool key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool key created: ", key<br> -<br> -Â Â Â Â Â Â Â Â (status, old_bool) = semanage.semanage_bool_query_<wbr>active(sh, key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SEBool")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â (status, abool) = semanage.semanage_bool_create(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEBool object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool object created."<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_bool_set_<wbr>name(sh, abool, "allow_execmem")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set name")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_<wbr>name(abool)<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_set_<wbr>value(abool, 0)<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_<wbr>value(abool)<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_bool_set_<wbr>active(sh,key,abool)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SEBool")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Resetting old active boolean..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_bool_set_<wbr>active(sh, key,old_bool)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test SEBool")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEBool active reset: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>abool)<br> -Â Â Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>old_bool)<br> -<br> -<br> -Â Â Â Â def test_writenode(self,sh):<br> -Â Â Â Â Â Â Â Â print "Testing network node write..."<br> -<br> -Â Â Â Â Â Â Â Â (status, node) = semanage.semanage_node_create(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SENode object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SENode object created."<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_node_set_<wbr>addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SENode address")<br> -Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_node_set_<wbr>mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SENode netmask")<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_node_set_<wbr>proto(node, semanage.SEMANAGE_PROTO_IP6);<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SENode protocol set: ", \<br> -Â Â Â Â Â Â Â Â Â Â Â Â semanage.semanage_node_get_<wbr>proto_str(semanage.SEMANAGE_<wbr>PROTO_IP6)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext object created (for node)."<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context user")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context role")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "lo_node_t")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context type")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set context MLS fields")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_node_set_<wbr>con(sh, node, con)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not set SENode context")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SENode context set: ", con<br> -<br> -Â Â Â Â Â Â Â Â (status,key) = semanage.semanage_node_key_<wbr>extract(sh, node)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not extract SENode key")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "SENode key extracted: ", key<br> -<br> -Â Â Â Â Â Â Â Â (status,exists) = semanage.semanage_node_exists_<wbr>local(sh,key)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not check if SENode exists")<br> -Â Â Â Â Â Â Â Â if self.verbose: print "Exists status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â if exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â (status, old_node) = semanage.semanage_node_query_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not query old SENode")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Query status (commit number): ", status<br> -<br> -Â Â Â Â Â Â Â Â print "Starting transaction..."<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")Â Â Â <br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_node_modify_<wbr>local(sh,key, node)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not modify SENode")<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> -<br> -Â Â Â Â Â Â Â Â if not exists:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Removing network node..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_node_del_<wbr>local(sh, key)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not delete test SENode")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Network node delete: ", status<br> -Â Â Â Â Â Â Â Â else:<br> -Â Â Â Â Â Â Â Â Â Â Â Â print "Resetting network node..."<br> -Â Â Â Â Â Â Â Â Â Â Â Â status = semanage.semanage_node_modify_<wbr>local(sh, key, old_node)<br> -Â Â Â Â Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not reset test SENode")<br> -Â Â Â Â Â Â Â Â Â Â Â Â if self.verbose: print "Network node modify: ", status<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_commit(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> -Â Â Â Â Â Â Â Â print "Commit status (transaction number): ", status<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> -Â Â Â Â Â Â Â Â semanage.semanage_node_key_<wbr>free(key)<br> -Â Â Â Â Â Â Â Â semanage.semanage_node_free(<wbr>node)<br> -Â Â Â Â Â Â Â Â if exists: semanage.semanage_node_free(<wbr>old_node)<br> +Â Â def __init__(self):<br> +Â Â Â Â self.all = False<br> +Â Â Â Â self.users = False<br> +Â Â Â Â self.writeuser = False<br> +Â Â Â Â self.seusers = False<br> +Â Â Â Â self.writeseuser = False<br> +Â Â Â Â self.ports = False<br> +Â Â Â Â self.writeport = False<br> +Â Â Â Â self.fcontexts = False<br> +Â Â Â Â self.writefcontext = False<br> +Â Â Â Â self.interfaces = False<br> +Â Â Â Â self.writeinterface = False<br> +Â Â Â Â self.booleans = False<br> +Â Â Â Â self.writeboolean = False<br> +Â Â Â Â self.abooleans = False<br> +Â Â Â Â self.writeaboolean = False<br> +Â Â Â Â self.nodes = False<br> +Â Â Â Â self.writenode = False<br> +Â Â Â Â self.modules = False<br> +Â Â Â Â self.verbose = False<br> +<br> +Â Â def selected(self):<br> +Â Â Â Â return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode)<br> +<br> +Â Â def run(self, handle):<br> +Â Â Â Â if (self.users or self.all):<br> +Â Â Â Â Â Â self.test_users(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.seusers or self.all):<br> +Â Â Â Â Â Â self.test_seusers(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.ports or self.all):<br> +Â Â Â Â Â Â self.test_ports(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.modules or self.all):<br> +Â Â Â Â Â Â self.test_modules(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.fcontexts or self.all):<br> +Â Â Â Â Â Â self.test_fcontexts(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.interfaces or self.all):<br> +Â Â Â Â Â Â self.test_interfaces(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.booleans or self.all):<br> +Â Â Â Â Â Â self.test_booleans(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.abooleans or self.all):<br> +Â Â Â Â Â Â self.test_abooleans(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.nodes or self.all):<br> +Â Â Â Â Â Â self.test_nodes(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writeuser or self.all):<br> +Â Â Â Â Â Â self.test_writeuser(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writeseuser or self.all):<br> +Â Â Â Â Â Â self.test_writeseuser(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writeport or self.all):<br> +Â Â Â Â Â Â self.test_writeport(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writefcontext or self.all):<br> +Â Â Â Â Â Â self.test_writefcontext(<wbr>handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writeinterface or self.all):<br> +Â Â Â Â Â Â self.test_writeinterface(<wbr>handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writeboolean or self.all):<br> +Â Â Â Â Â Â self.test_writeboolean(handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writeaboolean or self.all):<br> +Â Â Â Â Â Â self.test_writeaboolean(<wbr>handle)<br> +Â Â Â Â Â Â print ""<br> +Â Â Â Â if (self.writenode or self.all):<br> +Â Â Â Â Â Â self.test_writenode(handle)<br> +Â Â Â Â Â Â print ""<br> +<br> +Â Â def test_modules(self,sh):<br> +Â Â Â Â print "Testing modules..."<br> +<br> +Â Â Â Â (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(<wbr>sh)<br> +<br> +Â Â Â Â print "Transaction number: ", trans_cnt<br> +Â Â Â Â print "Module list size: ", mlist_size<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "List reference: ", mlist<br> +<br> +Â Â Â Â if (mlist_size == 0):<br> +Â Â Â Â Â Â print "No modules installed!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for idx in range(mlist_size):<br> +Â Â Â Â Â Â module = semanage.semanage_module_list_<wbr>nth(mlist, idx)<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Module reference: ", module<br> +Â Â Â Â Â Â print "Module name: ", semanage.semanage_module_get_<wbr>name(module)<br> +<br> +Â Â def test_seusers(self,sh):<br> +Â Â Â Â print "Testing seusers..."<br> +<br> +Â Â Â Â (status, slist) = semanage.semanage_seuser_list(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list seusers")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if ( len(slist) == 0):<br> +Â Â Â Â Â Â print "No seusers found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for seuser in slist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "seseuser reference: ", seuser<br> +Â Â Â Â Â Â print "seuser name: ", semanage.semanage_seuser_get_<wbr>name(seuser)<br> +Â Â Â Â Â Â print "Â Â seuser mls range: ", semanage.semanage_seuser_get_<wbr>mlsrange(seuser)<br> +Â Â Â Â Â Â print "Â Â seuser sename: ", semanage.semanage_seuser_get_<wbr>sename(seuser)<br> +Â Â Â Â Â Â semanage.semanage_seuser_free(<wbr>seuser)<br> +<br> +Â Â def test_users(self,sh):<br> +Â Â Â Â print "Testing users..."<br> +<br> +Â Â Â Â (status, ulist) = semanage.semanage_user_list(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list users")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if ( len(ulist) == 0):<br> +Â Â Â Â Â Â print "No users found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for user in ulist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "User reference: ", user<br> +Â Â Â Â Â Â print "User name: ", semanage.semanage_user_get_<wbr>name(user)<br> +Â Â Â Â Â Â print "Â Â User labeling prefix: ", semanage.semanage_user_get_<wbr>prefix(user)<br> +Â Â Â Â Â Â print "Â Â User mls level: ", semanage.semanage_user_get_<wbr>mlslevel(user)<br> +Â Â Â Â Â Â print "Â Â User mls range: ", semanage.semanage_user_get_<wbr>mlsrange(user)<br> +Â Â Â Â Â Â print "Â Â User number of roles: ", semanage.semanage_user_get_<wbr>num_roles(user)<br> +Â Â Â Â Â Â print "Â Â User roles: "<br> +Â Â Â Â Â Â (status, rlist) = semanage.semanage_user_get_<wbr>roles(sh, user)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not get user roles")<br> +<br> +Â Â Â Â Â Â for role in rlist:<br> +Â Â Â Â Â Â Â Â print "Â Â Â ", role<br> +<br> +Â Â Â Â Â Â semanage.semanage_user_free(<wbr>user)<br> +<br> +Â Â def test_ports(self,sh):<br> +Â Â Â Â print "Testing ports..."<br> +<br> +Â Â Â Â (status, plist) = semanage.semanage_port_list(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list ports")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if ( len(plist) == 0):<br> +Â Â Â Â Â Â print "No ports found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for port in plist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Port reference: ", port<br> +Â Â Â Â Â Â low = semanage.semanage_port_get_<wbr>low(port)<br> +Â Â Â Â Â Â high = semanage.semanage_port_get_<wbr>high(port)<br> +Â Â Â Â Â Â con = semanage.semanage_port_get_<wbr>con(port)<br> +Â Â Â Â Â Â proto = semanage.semanage_port_get_<wbr>proto(port)<br> +Â Â Â Â Â Â proto_str = semanage.semanage_port_get_<wbr>proto_str(proto)<br> +Â Â Â Â Â Â if low == high:<br> +Â Â Â Â Â Â Â Â range_str = str(low)<br> +Â Â Â Â Â Â else:<br> +Â Â Â Â Â Â Â Â range_str = str(low) + "-" + str(high)<br> +Â Â Â Â Â Â (rc, con_str) = semanage.semanage_context_to_<wbr>string(sh,con)<br> +Â Â Â Â Â Â if rc < 0: con_str = ""<br> +Â Â Â Â Â Â print "Port: ", range_str, " ", proto_str, " Context: ", con_str<br> +Â Â Â Â Â Â semanage.semanage_port_free(<wbr>port)<br> +<br> +Â Â def test_fcontexts(self,sh):<br> +Â Â Â Â print "Testing file contexts..."<br> +<br> +Â Â Â Â (status, flist) = semanage.semanage_fcontext_<wbr>list(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list file contexts")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if (len(flist) == 0):<br> +Â Â Â Â Â Â print "No file contexts found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for fcon in flist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "File Context reference: ", fcon<br> +Â Â Â Â Â Â expr = semanage.semanage_fcontext_<wbr>get_expr(fcon)<br> +Â Â Â Â Â Â type = semanage.semanage_fcontext_<wbr>get_type(fcon)<br> +Â Â Â Â Â Â type_str = semanage.semanage_fcontext_<wbr>get_type_str(type)<br> +Â Â Â Â Â Â con = semanage.semanage_fcontext_<wbr>get_con(fcon)<br> +Â Â Â Â Â Â if not con:<br> +Â Â Â Â Â Â Â Â con_str = "<<none>>"<br> +Â Â Â Â Â Â else:<br> +Â Â Â Â Â Â Â Â (rc, con_str) = semanage.semanage_context_to_<wbr>string(sh,con)<br> +Â Â Â Â Â Â Â Â if rc < 0: con_str = ""<br> +Â Â Â Â Â Â print "File Expr: ", expr, " [", type_str, "] Context: ", con_str<br> +Â Â Â Â Â Â semanage.semanage_fcontext_<wbr>free(fcon)<br> +<br> +Â Â def test_interfaces(self,sh):<br> +Â Â Â Â print "Testing network interfaces..."<br> +<br> +Â Â Â Â (status, ilist) = semanage.semanage_iface_list(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list interfaces")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if (len(ilist) == 0):<br> +Â Â Â Â Â Â print "No network interfaces found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for iface in ilist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Interface reference: ", iface<br> +Â Â Â Â Â Â name = semanage.semanage_iface_get_<wbr>name(iface)<br> +Â Â Â Â Â Â msg_con = semanage.semanage_iface_get_<wbr>msgcon(iface)<br> +Â Â Â Â Â Â if_con = semanage.semanage_iface_get_<wbr>ifcon(iface)<br> +Â Â Â Â Â Â (rc, msg_con_str) = semanage.semanage_context_to_<wbr>string(sh,msg_con)<br> +Â Â Â Â Â Â if rc < 0: msg_con_str = ""<br> +Â Â Â Â Â Â (rc, if_con_str) = semanage.semanage_context_to_<wbr>string(sh, if_con)<br> +Â Â Â Â Â Â if rc < 0: if_con_str = ""<br> +Â Â Â Â Â Â print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str<br> +Â Â Â Â Â Â semanage.semanage_iface_free(<wbr>iface)<br> +<br> +Â Â def test_booleans(self,sh):<br> +Â Â Â Â print "Testing booleans..."<br> +<br> +Â Â Â Â (status, blist) = semanage.semanage_bool_list(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list booleans")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if (len(blist) == 0):<br> +Â Â Â Â Â Â print "No booleans found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for pbool in blist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Boolean reference: ", pbool<br> +Â Â Â Â Â Â name = semanage.semanage_bool_get_<wbr>name(pbool)<br> +Â Â Â Â Â Â value = semanage.semanage_bool_get_<wbr>value(pbool)<br> +Â Â Â Â Â Â print "Boolean: ", name, " Value: ", value<br> +Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>pbool)<br> +<br> +Â Â def test_abooleans(self,sh):<br> +Â Â Â Â print "Testing active booleans..."<br> +<br> +Â Â Â Â (status, ablist) = semanage.semanage_bool_list_<wbr>active(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list active booleans")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if (len(ablist) == 0):<br> +Â Â Â Â Â Â print "No active booleans found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for abool in ablist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Active boolean reference: ", abool<br> +Â Â Â Â Â Â name = semanage.semanage_bool_get_<wbr>name(abool)<br> +Â Â Â Â Â Â value = semanage.semanage_bool_get_<wbr>value(abool)<br> +Â Â Â Â Â Â print "Active Boolean: ", name, " Value: ", value<br> +Â Â Â Â Â Â semanage.semanage_bool_free(<wbr>abool)<br> +<br> +Â Â def test_nodes(self,sh):<br> +Â Â Â Â print "Testing network nodes..."<br> +<br> +Â Â Â Â (status, nlist) = semanage.semanage_node_list(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not list network nodes")<br> +Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â if (len(nlist) == 0):<br> +Â Â Â Â Â Â print "No network nodes found!"<br> +Â Â Â Â Â Â print "This is not necessarily a test failure."<br> +Â Â Â Â Â Â return<br> +Â Â Â Â for node in nlist:<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Network node reference: ", node<br> +<br> +Â Â Â Â Â Â (status, addr) = semanage.semanage_node_get_<wbr>addr(sh, node)<br> +Â Â Â Â Â Â if status < 0: addr = ""<br> +<br> +Â Â Â Â Â Â (status, mask) = semanage.semanage_node_get_<wbr>mask(sh, node)<br> +Â Â Â Â Â Â if status < 0: mask = ""<br> +<br> +Â Â Â Â Â Â proto = semanage.semanage_node_get_<wbr>proto(node)<br> +Â Â Â Â Â Â proto_str = semanage.semanage_node_get_<wbr>proto_str(proto)<br> +Â Â Â Â Â Â con = semanage.semanage_node_get_<wbr>con(node)<br> +<br> +Â Â Â Â Â Â (status, con_str) = semanage.semanage_context_to_<wbr>string(sh, con)<br> +Â Â Â Â Â Â if status < 0: con_str = ""<br> +<br> +Â Â Â Â Â Â print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str<br> +Â Â Â Â Â Â semanage.semanage_node_free(<wbr>node)<br> +<br> +Â Â def test_writeuser(self,sh):<br> +Â Â Â Â print "Testing user write..."<br> +<br> +Â Â Â Â (status, user) = semanage.semanage_user_create(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create user object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "User object created"<br> +<br> +Â Â Â Â status = semanage.semanage_user_set_<wbr>name(sh,user, "testPyUser")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set user name")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "User name set: ", semanage.semanage_user_get_<wbr>name(user)<br> +<br> +Â Â Â Â status = semanage.semanage_user_add_<wbr>role(sh, user, "user_r")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not add role")<br> +<br> +Â Â Â Â status = semanage.semanage_user_set_<wbr>prefix(sh,user, "user")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set labeling prefix")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "User prefix set: ", semanage.semanage_user_get_<wbr>prefix(user)<br> +<br> +Â Â Â Â status = semanage.semanage_user_set_<wbr>mlsrange(sh, user, "s0")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set MLS range")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "User mlsrange: ", semanage.semanage_user_get_<wbr>mlsrange(user)<br> +<br> +Â Â Â Â status = semanage.semanage_user_set_<wbr>mlslevel(sh, user, "s0")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set MLS level")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "User mlslevel: ", semanage.semanage_user_get_<wbr>mlslevel(user)<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_user_key_<wbr>extract(sh,user)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract user key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "User key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_user_exists_<wbr>local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if user exists")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_user) = semanage.semanage_user_query_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old user")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction.."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_user_modify_<wbr>local(sh,key,user)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify user")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing user..."<br> +Â Â Â Â Â Â status = semanage.semanage_user_del_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test user")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "User delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting user..."<br> +Â Â Â Â Â Â status = semanage.semanage_user_modify_<wbr>local(sh, key, old_user)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test user")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "User modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_user_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_user_free(<wbr>user)<br> +Â Â Â Â if exists: semanage.semanage_user_free(<wbr>old_user)<br> +<br> +Â Â def test_writeseuser(self,sh):<br> +Â Â Â Â print "Testing seuser write..."<br> +<br> +Â Â Â Â (status, seuser) = semanage.semanage_seuser_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEUser object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEUser object created."<br> +<br> +Â Â Â Â status = semanage.semanage_seuser_set_<wbr>name(sh,seuser, "testPySEUser")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set name")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEUser name set: ", semanage.semanage_seuser_get_<wbr>name(seuser)<br> +<br> +Â Â Â Â status = semanage.semanage_seuser_set_<wbr>sename(sh, seuser, "root")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set sename")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEUser seuser: ", semanage.semanage_seuser_get_<wbr>sename(seuser)<br> +<br> +Â Â Â Â status = semanage.semanage_seuser_set_<wbr>mlsrange(sh, seuser, "s0:c0.c255")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set MLS range")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEUser mlsrange: ", semanage.semanage_seuser_get_<wbr>mlsrange(seuser)<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_seuser_key_<wbr>extract(sh,seuser)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract SEUser key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEUser key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_seuser_<wbr>exists_local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if SEUser exists")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_seuser) = semanage.semanage_seuser_<wbr>query_local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old SEUser")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_seuser_<wbr>modify_local(sh,key,seuser)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SEUser")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing seuser..."<br> +Â Â Â Â Â Â status = semanage.semanage_seuser_del_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test SEUser")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Seuser delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting seuser..."<br> +Â Â Â Â Â Â status = semanage.semanage_seuser_<wbr>modify_local(sh, key, old_seuser)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test SEUser")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Seuser modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_seuser_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_seuser_free(<wbr>seuser)<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â semanage.semanage_seuser_free(<wbr>old_seuser)<br> +<br> +Â Â def test_writeport(self,sh):<br> +Â Â Â Â print "Testing port write..."<br> +<br> +Â Â Â Â (status, port) = semanage.semanage_port_create(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEPort object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEPort object created."<br> +<br> +Â Â Â Â semanage.semanage_port_set_<wbr>range(port,150,200)<br> +Â Â Â Â low = semanage.semanage_port_get_<wbr>low(port)<br> +Â Â Â Â high = semanage.semanage_port_get_<wbr>high(port)<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEPort range set: ", low, "-", high<br> +<br> +Â Â Â Â semanage.semanage_port_set_<wbr>proto(port, semanage.SEMANAGE_PROTO_TCP)<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEPort protocol set: ", semanage.semanage_port_get_<wbr>proto_str(semanage.SEMANAGE_<wbr>PROTO_TCP)<br> +<br> +Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext object created (for port)."<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context user")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context role")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "http_port_t")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context type")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context MLS fields")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> +<br> +Â Â Â Â status = semanage.semanage_port_set_<wbr>con(sh, port, con)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SEPort context")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEPort context set: ", con<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_port_key_<wbr>extract(sh,port)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract SEPort key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEPort key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_port_exists_<wbr>local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if SEPort exists")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_port) = semanage.semanage_port_query_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old SEPort")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_port_modify_<wbr>local(sh,key,port)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SEPort")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing port range..."<br> +Â Â Â Â Â Â status = semanage.semanage_port_del_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test SEPort")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Port range delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting port range..."<br> +Â Â Â Â Â Â status = semanage.semanage_port_modify_<wbr>local(sh, key, old_port)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test SEPort")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Port range modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> +Â Â Â Â semanage.semanage_port_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_port_free(<wbr>port)<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â semanage.semanage_port_free(<wbr>old_port)<br> +<br> +Â Â def test_writefcontext(self,sh):<br> +Â Â Â Â print "Testing file context write..."<br> +<br> +Â Â Â Â (status, fcon) = semanage.semanage_fcontext_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEFcontext object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEFcontext object created."<br> +<br> +Â Â Â Â status = semanage.semanage_fcontext_<wbr>set_expr(sh, fcon, "/test/fcontext(/.*)?")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set expression")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEFContext expr set: ", semanage.semanage_fcontext_<wbr>get_expr(fcon)<br> +<br> +Â Â Â Â semanage.semanage_fcontext_<wbr>set_type(fcon, semanage.SEMANAGE_FCONTEXT_<wbr>REG)<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â ftype = semanage.semanage_fcontext_<wbr>get_type(fcon)<br> +Â Â Â Â Â Â print "SEFContext type set: ", semanage.semanage_fcontext_<wbr>get_type_str(ftype)<br> +<br> +Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext object created (for file context)."<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context user")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context role")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "default_t")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context type")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context MLS fields")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> +<br> +Â Â Â Â status = semanage.semanage_fcontext_<wbr>set_con(sh, fcon, con)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SEFcontext context")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEFcontext context set: ", con<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_fcontext_<wbr>key_extract(sh,fcon)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract SEFcontext key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEFcontext key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_fcontext_<wbr>exists_local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if SEFcontext exists")<br> +<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_fcontext) = semanage.semanage_fcontext_<wbr>query_local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old SEFcontext")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_fcontext_<wbr>modify_local(sh,key,fcon)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SEFcontext")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing file context..."<br> +Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>del_local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test SEFcontext")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "File context delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting file context..."<br> +Â Â Â Â Â Â status = semanage.semanage_fcontext_<wbr>modify_local(sh, key, old_fcontext)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test FContext")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "File context modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> +Â Â Â Â semanage.semanage_fcontext_<wbr>key_free(key)<br> +Â Â Â Â semanage.semanage_fcontext_<wbr>free(fcon)<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â semanage.semanage_fcontext_<wbr>free(old_fcontext)<br> +<br> +Â Â def test_writeinterface(self,sh):<br> +Â Â Â Â print "Testing network interface write..."<br> +<br> +Â Â Â Â (status, iface) = semanage.semanage_iface_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEIface object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEIface object created."<br> +<br> +Â Â Â Â status = semanage.semanage_iface_set_<wbr>name(sh, iface, "test_iface")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SEIface name")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEIface name set: ", semanage.semanage_iface_get_<wbr>name(iface)<br> +<br> +Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext object created (for network interface)"<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set interface context user")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set interface context role")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "default_t")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set interface context type")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set interface context MLS fields")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> +<br> +Â Â Â Â status = semanage.semanage_iface_set_<wbr>ifcon(sh, iface, con)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SEIface interface context")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEIface interface context set: ", con<br> +<br> +Â Â Â Â status = semanage.semanage_iface_set_<wbr>msgcon(sh, iface, con)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SEIface message context")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEIface message context set: ", con<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_iface_key_<wbr>extract(sh,iface)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract SEIface key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEIface key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_iface_<wbr>exists_local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if SEIface exists")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_iface) = semanage.semanage_iface_query_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old SEIface")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not begin semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_iface_<wbr>modify_local(sh,key,iface)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SEIface")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not begin semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing interface..."<br> +Â Â Â Â Â Â status = semanage.semanage_iface_del_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test SEIface")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Interface delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting interface..."<br> +Â Â Â Â Â Â status = semanage.semanage_iface_<wbr>modify_local(sh, key, old_iface)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test SEIface")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Interface modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> +Â Â Â Â semanage.semanage_iface_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_iface_free(<wbr>iface)<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â semanage.semanage_iface_free(<wbr>old_iface)<br> +<br> +Â Â def test_writeboolean(self,sh):<br> +Â Â Â Â print "Testing boolean write..."<br> +<br> +Â Â Â Â (status, pbool) = semanage.semanage_bool_create(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEBool object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool object created."<br> +<br> +Â Â Â Â status = semanage.semanage_bool_set_<wbr>name(sh, pbool, "allow_execmem")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set name")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool name set: ", semanage.semanage_bool_get_<wbr>name(pbool)<br> +<br> +Â Â Â Â semanage.semanage_bool_set_<wbr>value(pbool, 0)<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEbool value set: ", semanage.semanage_bool_get_<wbr>value(pbool)<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_bool_key_<wbr>extract(sh, pbool)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract SEBool key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_bool_exists_<wbr>local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if SEBool exists")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_bool) = semanage.semanage_bool_query_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old SEBool")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_bool_modify_<wbr>local(sh, key, pbool)<br> +<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SEBool")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing boolean..."<br> +Â Â Â Â Â Â status = semanage.semanage_bool_del_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test SEBool")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Boolean delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting boolean..."<br> +Â Â Â Â Â Â status = semanage.semanage_bool_modify_<wbr>local(sh, key, old_bool)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test SEBool")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Boolean modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_bool_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_bool_free(<wbr>pbool)<br> +Â Â Â Â if exists: semanage.semanage_bool_free(<wbr>old_bool)<br> +<br> +Â Â def test_writeaboolean(self,sh):<br> +Â Â Â Â print "Testing active boolean write..."<br> +<br> +Â Â Â Â (status, key) = semanage.semanage_bool_key_<wbr>create(sh, "allow_execmem")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEBool key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool key created: ", key<br> +<br> +Â Â Â Â (status, old_bool) = semanage.semanage_bool_query_<wbr>active(sh, key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not query old SEBool")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â (status, abool) = semanage.semanage_bool_create(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEBool object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool object created."<br> +<br> +Â Â Â Â status = semanage.semanage_bool_set_<wbr>name(sh, abool, "allow_execmem")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set name")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool name set: ", semanage.semanage_bool_get_<wbr>name(abool)<br> +<br> +Â Â Â Â semanage.semanage_bool_set_<wbr>value(abool, 0)<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEbool value set: ", semanage.semanage_bool_get_<wbr>value(abool)<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_bool_set_<wbr>active(sh,key,abool)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SEBool")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â print "Resetting old active boolean..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_bool_set_<wbr>active(sh, key,old_bool)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not reset test SEBool")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEBool active reset: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_bool_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_bool_free(<wbr>abool)<br> +Â Â Â Â semanage.semanage_bool_free(<wbr>old_bool)<br> +<br> +<br> +Â Â def test_writenode(self,sh):<br> +Â Â Â Â print "Testing network node write..."<br> +<br> +Â Â Â Â (status, node) = semanage.semanage_node_create(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SENode object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SENode object created."<br> +<br> +Â Â Â Â status = semanage.semanage_node_set_<wbr>addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SENode address")<br> +<br> +Â Â Â Â status = semanage.semanage_node_set_<wbr>mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SENode netmask")<br> +<br> +Â Â Â Â semanage.semanage_node_set_<wbr>proto(node, semanage.SEMANAGE_PROTO_IP6)<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SENode protocol set: ", semanage.semanage_node_get_<wbr>proto_str(semanage.SEMANAGE_<wbr>PROTO_IP6)<br> +<br> +Â Â Â Â (status, con) = semanage.semanage_context_<wbr>create(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not create SEContext object")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext object created (for node)."<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>user(sh, con, "system_u")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context user")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext user: ", semanage.semanage_context_get_<wbr>user(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>role(sh, con, "object_r")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context role")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext role: ", semanage.semanage_context_get_<wbr>role(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>type(sh, con, "lo_node_t")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context type")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext type: ", semanage.semanage_context_get_<wbr>type(con)<br> +<br> +Â Â Â Â status = semanage.semanage_context_set_<wbr>mls(sh, con, "s0:c0.c255")<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set context MLS fields")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SEContext mls: ", semanage.semanage_context_get_<wbr>mls(con)<br> +<br> +Â Â Â Â status = semanage.semanage_node_set_<wbr>con(sh, node, con)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not set SENode context")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SENode context set: ", con<br> +<br> +Â Â Â Â (status,key) = semanage.semanage_node_key_<wbr>extract(sh, node)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not extract SENode key")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "SENode key extracted: ", key<br> +<br> +Â Â Â Â (status,exists) = semanage.semanage_node_exists_<wbr>local(sh,key)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not check if SENode exists")<br> +Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â print "Exists status (commit number): ", status<br> +<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â (status, old_node) = semanage.semanage_node_query_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not query old SENode")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Query status (commit number): ", status<br> +<br> +Â Â Â Â print "Starting transaction..."<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â status = semanage.semanage_node_modify_<wbr>local(sh,key, node)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not modify SENode")<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit test transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â status = semanage.semanage_begin_<wbr>transaction(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not start semanage transaction")<br> +<br> +Â Â Â Â if not exists:<br> +Â Â Â Â Â Â print "Removing network node..."<br> +Â Â Â Â Â Â status = semanage.semanage_node_del_<wbr>local(sh, key)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not delete test SENode")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Network node delete: ", status<br> +Â Â Â Â else:<br> +Â Â Â Â Â Â print "Resetting network node..."<br> +Â Â Â Â Â Â status = semanage.semanage_node_modify_<wbr>local(sh, key, old_node)<br> +Â Â Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â Â Â raise Error("Could not reset test SENode")<br> +Â Â Â Â Â Â if self.verbose:<br> +Â Â Â Â Â Â Â Â print "Network node modify: ", status<br> +<br> +Â Â Â Â status = semanage.semanage_commit(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not commit reset transaction")<br> +Â Â Â Â print "Commit status (transaction number): ", status<br> +<br> +Â Â Â Â semanage.semanage_context_<wbr>free(con)<br> +Â Â Â Â semanage.semanage_node_key_<wbr>free(key)<br> +Â Â Â Â semanage.semanage_node_free(<wbr>node)<br> +Â Â Â Â if exists:<br> +Â Â Â Â Â Â semanage.semanage_node_free(<wbr>old_node)<br> <br> Â def main(argv=None):<br> -Â Â Â Â if argv is None:<br> -Â Â Â Â Â Â Â Â argv = sys.argv<br> -Â Â Â Â try:<br> -Â Â Â Â Â Â Â Â try:<br> -Â Â Â Â Â Â Â Â Â Â Â Â opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"])<br> -Â Â Â Â Â Â Â Â Â Â Â Â tests = Tests()<br> -Â Â Â Â Â Â Â Â Â Â Â Â for o, a in opts:<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-v":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.verbose = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â print "Verbose output selected."<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-a":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.all = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-u":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.users = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-U":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writeuser = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-s":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.seusers = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-S":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writeseuser = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-p":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.ports = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-P":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writeport = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-f":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.fcontexts = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-F":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writefcontext = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-i":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.interfaces = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-I":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writeinterface = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-b":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.booleans = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-B":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writeboolean = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-c":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.abooleans = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-C":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writeaboolean = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-n":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.nodes = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-N":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.writenode = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-m":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â tests.modules = True<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â if o == "-h":<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Usage(usage)<br> -<br> -Â Â Â Â Â Â Â Â Â Â Â Â if not tests.selected():<br> -Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â raise Usage("Please select a valid test.")<br> -<br> -Â Â Â Â Â Â Â Â except getopt.error, msg:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Usage(msg)<br> -<br> -Â Â Â Â Â Â Â Â sh=semanage.semanage_handle_<wbr>create()<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â if (semanage.semanage_is_managed(<wbr>sh) != 1):<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Status("Unmanaged!")<br> -Â Â Â Â Â Â Â Â <br> -Â Â Â Â Â Â Â Â status = semanage.semanage_connect(sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not establish semanage connection")<br> -<br> -Â Â Â Â Â Â Â Â tests.run(sh)<br> -<br> -Â Â Â Â Â Â Â Â status = semanage.semanage_disconnect(<wbr>sh)<br> -Â Â Â Â Â Â Â Â if status < 0:<br> -Â Â Â Â Â Â Â Â Â Â Â Â raise Error("Could not disconnect")<br> -<br> -Â Â Â Â Â Â Â Â semanage.semanage_handle_<wbr>destroy(sh)<br> -<br> -Â Â Â Â except Usage, err:<br> -Â Â Â Â Â Â Â Â print >>sys.stderr, err.msg<br> -Â Â Â Â except Status, err:<br> -Â Â Â Â Â Â Â Â print >>sys.stderr, err.msg<br> -Â Â Â Â except Error, err:<br> -Â Â Â Â Â Â Â Â print >>sys.stderr, err.msg<br> -<br> -Â Â Â Â return 2<br> +Â Â if argv is None:<br> +Â Â Â Â argv = sys.argv<br> +Â Â try:<br> +Â Â Â Â try:<br> +Â Â Â Â Â Â opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"])<br> +Â Â Â Â Â Â tests = Tests()<br> +Â Â Â Â Â Â for o, a in opts:<br> +Â Â Â Â Â Â Â Â if o == "-v":<br> +Â Â Â Â Â Â Â Â Â Â tests.verbose = True<br> +Â Â Â Â Â Â Â Â Â Â print "Verbose output selected."<br> +Â Â Â Â Â Â Â Â if o == "-a":<br> +Â Â Â Â Â Â Â Â Â Â tests.all = True<br> +Â Â Â Â Â Â Â Â if o == "-u":<br> +Â Â Â Â Â Â Â Â Â Â tests.users = True<br> +Â Â Â Â Â Â Â Â if o == "-U":<br> +Â Â Â Â Â Â Â Â Â Â tests.writeuser = True<br> +Â Â Â Â Â Â Â Â if o == "-s":<br> +Â Â Â Â Â Â Â Â Â Â tests.seusers = True<br> +Â Â Â Â Â Â Â Â if o == "-S":<br> +Â Â Â Â Â Â Â Â Â Â tests.writeseuser = True<br> +Â Â Â Â Â Â Â Â if o == "-p":<br> +Â Â Â Â Â Â Â Â Â Â tests.ports = True<br> +Â Â Â Â Â Â Â Â if o == "-P":<br> +Â Â Â Â Â Â Â Â Â Â tests.writeport = True<br> +Â Â Â Â Â Â Â Â if o == "-f":<br> +Â Â Â Â Â Â Â Â Â Â tests.fcontexts = True<br> +Â Â Â Â Â Â Â Â if o == "-F":<br> +Â Â Â Â Â Â Â Â Â Â tests.writefcontext = True<br> +Â Â Â Â Â Â Â Â if o == "-i":<br> +Â Â Â Â Â Â Â Â Â Â tests.interfaces = True<br> +Â Â Â Â Â Â Â Â if o == "-I":<br> +Â Â Â Â Â Â Â Â Â Â tests.writeinterface = True<br> +Â Â Â Â Â Â Â Â if o == "-b":<br> +Â Â Â Â Â Â Â Â Â Â tests.booleans = True<br> +Â Â Â Â Â Â Â Â if o == "-B":<br> +Â Â Â Â Â Â Â Â Â Â tests.writeboolean = True<br> +Â Â Â Â Â Â Â Â if o == "-c":<br> +Â Â Â Â Â Â Â Â Â Â tests.abooleans = True<br> +Â Â Â Â Â Â Â Â if o == "-C":<br> +Â Â Â Â Â Â Â Â Â Â tests.writeaboolean = True<br> +Â Â Â Â Â Â Â Â if o == "-n":<br> +Â Â Â Â Â Â Â Â Â Â tests.nodes = True<br> +Â Â Â Â Â Â Â Â if o == "-N":<br> +Â Â Â Â Â Â Â Â Â Â tests.writenode = True<br> +Â Â Â Â Â Â Â Â if o == "-m":<br> +Â Â Â Â Â Â Â Â Â Â tests.modules = True<br> +Â Â Â Â Â Â Â Â if o == "-h":<br> +Â Â Â Â Â Â Â Â Â Â raise Usage(usage)<br> +<br> +Â Â Â Â Â Â if not tests.selected():<br> +Â Â Â Â Â Â Â Â raise Usage("Please select a valid test.")<br> +<br> +Â Â Â Â except getopt.error, msg:<br> +Â Â Â Â Â Â raise Usage(msg)<br> +<br> +Â Â Â Â sh=semanage.semanage_handle_<wbr>create()<br> +<br> +Â Â Â Â if (semanage.semanage_is_managed(<wbr>sh) != 1):<br> +Â Â Â Â Â Â raise Status("Unmanaged!")<br> +<br> +Â Â Â Â status = semanage.semanage_connect(sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not establish semanage connection")<br> +<br> +Â Â Â Â tests.run(sh)<br> +<br> +Â Â Â Â status = semanage.semanage_disconnect(<wbr>sh)<br> +Â Â Â Â if status < 0:<br> +Â Â Â Â Â Â raise Error("Could not disconnect")<br> +<br> +Â Â Â Â semanage.semanage_handle_<wbr>destroy(sh)<br> +<br> +Â Â except Usage, err:<br> +Â Â Â Â print >>sys.stderr, err.msg<br> +Â Â except Status, err:<br> +Â Â Â Â print >>sys.stderr, err.msg<br> +Â Â except Error, err:<br> +Â Â Â Â print >>sys.stderr, err.msg<br> +<br> +Â Â return 2<br> <br> Â if __name__ == "__main__":<br> -Â Â Â Â sys.exit(main())<br> -<br> +Â Â sys.exit(main())<br> <span class="HOEnZb"><font color="#888888">-- <br> 2.18.0<br> <br> ______________________________<wbr>_________________<br> Selinux mailing list<br> <a href="mailto:Selinux@tycho.nsa.gov">Selinux@tycho.nsa.gov</a><br> To unsubscribe, send email to <a href="mailto:Selinux-leave@tycho.nsa.gov">Selinux-leave@tycho.nsa.gov</a>.<br> To get help, send an email containing "help" to <a href="mailto:Selinux-request@tycho.nsa.gov">Selinux-request@tycho.nsa.gov</a>.<br> </font></span></blockquote></div><br></div>
diff --git a/libsemanage/src/pywrap-test.py b/libsemanage/src/pywrap-test.py index 25b668d80b67..326034947aa5 100644 --- a/libsemanage/src/pywrap-test.py +++ b/libsemanage/src/pywrap-test.py @@ -28,1114 +28,1213 @@ Other options:\n\ " class Usage(Exception): - def __init__(self, msg): - Exception.__init__(self) - self.msg = msg + def __init__(self, msg): + Exception.__init__(self) + self.msg = msg class Status(Exception): - def __init__(self, msg): - Exception.__init__(self) - self.msg = msg + def __init__(self, msg): + Exception.__init__(self) + self.msg = msg class Error(Exception): - def __init__(self, msg): - Exception.__init__(self) - self.msg = msg + def __init__(self, msg): + Exception.__init__(self) + self.msg = msg class Tests: - def __init__(self): - self.all = False - self.users = False - self.writeuser = False - self.seusers = False - self.writeseuser = False - self.ports = False - self.writeport = False - self.fcontexts = False - self.writefcontext = False - self.interfaces = False - self.writeinterface = False - self.booleans = False - self.writeboolean = False - self.abooleans = False - self.writeaboolean = False - self.nodes = False - self.writenode = False - self.modules = False - self.verbose = False - - def selected(self): - return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode) - - def run(self, handle): - if (self.users or self.all): - self.test_users(handle) - print "" - if (self.seusers or self.all): - self.test_seusers(handle) - print "" - if (self.ports or self.all): - self.test_ports(handle) - print "" - if (self.modules or self.all): - self.test_modules(handle) - print "" - if (self.fcontexts or self.all): - self.test_fcontexts(handle) - print "" - if (self.interfaces or self.all): - self.test_interfaces(handle) - print "" - if (self.booleans or self.all): - self.test_booleans(handle) - print "" - if (self.abooleans or self.all): - self.test_abooleans(handle) - print "" - if (self.nodes or self.all): - self.test_nodes(handle) - print "" - if (self.writeuser or self.all): - self.test_writeuser(handle) - print "" - if (self.writeseuser or self.all): - self.test_writeseuser(handle) - print "" - if (self.writeport or self.all): - self.test_writeport(handle) - print "" - if (self.writefcontext or self.all): - self.test_writefcontext(handle) - print "" - if (self.writeinterface or self.all): - self.test_writeinterface(handle) - print "" - if (self.writeboolean or self.all): - self.test_writeboolean(handle) - print "" - if (self.writeaboolean or self.all): - self.test_writeaboolean(handle) - print "" - if (self.writenode or self.all): - self.test_writenode(handle) - print "" - - def test_modules(self,sh): - print "Testing modules..." - - (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) - - print "Transaction number: ", trans_cnt - print "Module list size: ", mlist_size - if self.verbose: print "List reference: ", mlist - - if (mlist_size == 0): - print "No modules installed!" - print "This is not necessarily a test failure." - return - for idx in range(mlist_size): - module = semanage.semanage_module_list_nth(mlist, idx) - if self.verbose: print "Module reference: ", module - print "Module name: ", semanage.semanage_module_get_name(module) - - def test_seusers(self,sh): - print "Testing seusers..." - - (status, slist) = semanage.semanage_seuser_list(sh) - if status < 0: - raise Error("Could not list seusers") - print "Query status (commit number): ", status - - if ( len(slist) == 0): - print "No seusers found!" - print "This is not necessarily a test failure." - return - for seuser in slist: - if self.verbose: print "seseuser reference: ", seuser - print "seuser name: ", semanage.semanage_seuser_get_name(seuser) - print " seuser mls range: ", semanage.semanage_seuser_get_mlsrange(seuser) - print " seuser sename: ", semanage.semanage_seuser_get_sename(seuser) - semanage.semanage_seuser_free(seuser) - - def test_users(self,sh): - print "Testing users..." - - (status, ulist) = semanage.semanage_user_list(sh) - if status < 0: - raise Error("Could not list users") - print "Query status (commit number): ", status - - if ( len(ulist) == 0): - print "No users found!" - print "This is not necessarily a test failure." - return - for user in ulist: - if self.verbose: print "User reference: ", user - print "User name: ", semanage.semanage_user_get_name(user) - print " User labeling prefix: ", semanage.semanage_user_get_prefix(user) - print " User mls level: ", semanage.semanage_user_get_mlslevel(user) - print " User mls range: ", semanage.semanage_user_get_mlsrange(user) - print " User number of roles: ", semanage.semanage_user_get_num_roles(user) - print " User roles: " - (status, rlist) = semanage.semanage_user_get_roles(sh, user) - if status < 0: - raise Error("Could not get user roles") - - for role in rlist: - print " ", role - - semanage.semanage_user_free(user) - - def test_ports(self,sh): - print "Testing ports..." - - (status, plist) = semanage.semanage_port_list(sh) - if status < 0: - raise Error("Could not list ports") - print "Query status (commit number): ", status - - if ( len(plist) == 0): - print "No ports found!" - print "This is not necessarily a test failure." - return - for port in plist: - if self.verbose: print "Port reference: ", port - low = semanage.semanage_port_get_low(port) - high = semanage.semanage_port_get_high(port) - con = semanage.semanage_port_get_con(port) - proto = semanage.semanage_port_get_proto(port) - proto_str = semanage.semanage_port_get_proto_str(proto) - if low == high: - range_str = str(low) - else: - range_str = str(low) + "-" + str(high) - (rc, con_str) = semanage.semanage_context_to_string(sh,con) - if rc < 0: con_str = "" - print "Port: ", range_str, " ", proto_str, " Context: ", con_str - semanage.semanage_port_free(port) - - def test_fcontexts(self,sh): - print "Testing file contexts..." - - (status, flist) = semanage.semanage_fcontext_list(sh) - if status < 0: - raise Error("Could not list file contexts") - print "Query status (commit number): ", status - - if (len(flist) == 0): - print "No file contexts found!" - print "This is not necessarily a test failure." - return - for fcon in flist: - if self.verbose: print "File Context reference: ", fcon - expr = semanage.semanage_fcontext_get_expr(fcon) - type = semanage.semanage_fcontext_get_type(fcon) - type_str = semanage.semanage_fcontext_get_type_str(type) - con = semanage.semanage_fcontext_get_con(fcon) - if not con: - con_str = "<<none>>" - else: - (rc, con_str) = semanage.semanage_context_to_string(sh,con) - if rc < 0: con_str = "" - print "File Expr: ", expr, " [", type_str, "] Context: ", con_str - semanage.semanage_fcontext_free(fcon) - - def test_interfaces(self,sh): - print "Testing network interfaces..." - - (status, ilist) = semanage.semanage_iface_list(sh) - if status < 0: - raise Error("Could not list interfaces") - print "Query status (commit number): ", status - - if (len(ilist) == 0): - print "No network interfaces found!" - print "This is not necessarily a test failure." - return - for iface in ilist: - if self.verbose: print "Interface reference: ", iface - name = semanage.semanage_iface_get_name(iface) - msg_con = semanage.semanage_iface_get_msgcon(iface) - if_con = semanage.semanage_iface_get_ifcon(iface) - (rc, msg_con_str) = semanage.semanage_context_to_string(sh,msg_con) - if rc < 0: msg_con_str = "" - (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) - if rc < 0: if_con_str = "" - print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str - semanage.semanage_iface_free(iface) - - def test_booleans(self,sh): - print "Testing booleans..." - - (status, blist) = semanage.semanage_bool_list(sh) - if status < 0: - raise Error("Could not list booleans") - print "Query status (commit number): ", status - - if (len(blist) == 0): - print "No booleans found!" - print "This is not necessarily a test failure." - return - for pbool in blist: - if self.verbose: print "Boolean reference: ", pbool - name = semanage.semanage_bool_get_name(pbool) - value = semanage.semanage_bool_get_value(pbool) - print "Boolean: ", name, " Value: ", value - semanage.semanage_bool_free(pbool) - - def test_abooleans(self,sh): - print "Testing active booleans..." - - (status, ablist) = semanage.semanage_bool_list_active(sh) - if status < 0: - raise Error("Could not list active booleans") - print "Query status (commit number): ", status - - if (len(ablist) == 0): - print "No active booleans found!" - print "This is not necessarily a test failure." - return - for abool in ablist: - if self.verbose: print "Active boolean reference: ", abool - name = semanage.semanage_bool_get_name(abool) - value = semanage.semanage_bool_get_value(abool) - print "Active Boolean: ", name, " Value: ", value - semanage.semanage_bool_free(abool) - - def test_nodes(self,sh): - print "Testing network nodes..." - - (status, nlist) = semanage.semanage_node_list(sh) - if status < 0: - raise Error("Could not list network nodes") - print "Query status (commit number): ", status - - if (len(nlist) == 0): - print "No network nodes found!" - print "This is not necessarily a test failure." - return - for node in nlist: - if self.verbose: print "Network node reference: ", node - - (status, addr) = semanage.semanage_node_get_addr(sh, node) - if status < 0: addr = "" - - (status, mask) = semanage.semanage_node_get_mask(sh, node) - if status < 0: mask = "" - - proto = semanage.semanage_node_get_proto(node) - proto_str = semanage.semanage_node_get_proto_str(proto) - con = semanage.semanage_node_get_con(node) - - (status, con_str) = semanage.semanage_context_to_string(sh, con) - if status < 0: con_str = "" - - print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str - semanage.semanage_node_free(node) - - def test_writeuser(self,sh): - print "Testing user write..." - - (status, user) = semanage.semanage_user_create(sh) - if status < 0: - raise Error("Could not create user object") - if self.verbose: print "User object created" - - status = semanage.semanage_user_set_name(sh,user, "testPyUser") - if status < 0: - raise Error("Could not set user name") - if self.verbose: print "User name set: ", semanage.semanage_user_get_name(user) - - status = semanage.semanage_user_add_role(sh, user, "user_r") - if status < 0: - raise Error("Could not add role") - - status = semanage.semanage_user_set_prefix(sh,user, "user") - if status < 0: - raise Error("Could not set labeling prefix") - if self.verbose: print "User prefix set: ", semanage.semanage_user_get_prefix(user) - - status = semanage.semanage_user_set_mlsrange(sh, user, "s0") - if status < 0: - raise Error("Could not set MLS range") - if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user) - - status = semanage.semanage_user_set_mlslevel(sh, user, "s0") - if status < 0: - raise Error("Could not set MLS level") - if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user) - - (status,key) = semanage.semanage_user_key_extract(sh,user) - if status < 0: - raise Error("Could not extract user key") - if self.verbose: print "User key extracted: ", key - - (status,exists) = semanage.semanage_user_exists_local(sh,key) - if status < 0: - raise Error("Could not check if user exists") - if self.verbose: print "Exists status (commit number): ", status - - if exists: - (status, old_user) = semanage.semanage_user_query_local(sh, key) - if status < 0: - raise Error("Could not query old user") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction.." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_user_modify_local(sh,key,user) - if status < 0: - raise Error("Could not modify user") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - if not exists: - print "Removing user..." - status = semanage.semanage_user_del_local(sh, key) - if status < 0: - raise Error("Could not delete test user") - if self.verbose: print "User delete: ", status - else: - print "Resetting user..." - status = semanage.semanage_user_modify_local(sh, key, old_user) - if status < 0: - raise Error("Could not reset test user") - if self.verbose: print "User modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_user_key_free(key) - semanage.semanage_user_free(user) - if exists: semanage.semanage_user_free(old_user) - - def test_writeseuser(self,sh): - print "Testing seuser write..." - - (status, seuser) = semanage.semanage_seuser_create(sh) - if status < 0: - raise Error("Could not create SEUser object") - if self.verbose: print "SEUser object created." - - status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser") - if status < 0: - raise Error("Could not set name") - if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser) - - status = semanage.semanage_seuser_set_sename(sh, seuser, "root") - if status < 0: - raise Error("Could not set sename") - if self.verbose: print "SEUser seuser: ", semanage.semanage_seuser_get_sename(seuser) - - status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") - if status < 0: - raise Error("Could not set MLS range") - if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser) - - (status,key) = semanage.semanage_seuser_key_extract(sh,seuser) - if status < 0: - raise Error("Could not extract SEUser key") - if self.verbose: print "SEUser key extracted: ", key - - (status,exists) = semanage.semanage_seuser_exists_local(sh,key) - if status < 0: - raise Error("Could not check if SEUser exists") - if self.verbose: print "Exists status (commit number): ", status - - if exists: - (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) - if status < 0: - raise Error("Could not query old SEUser") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_seuser_modify_local(sh,key,seuser) - if status < 0: - raise Error("Could not modify SEUser") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - if not exists: - print "Removing seuser..." - status = semanage.semanage_seuser_del_local(sh, key) - if status < 0: - raise Error("Could not delete test SEUser") - if self.verbose: print "Seuser delete: ", status - else: - print "Resetting seuser..." - status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) - if status < 0: - raise Error("Could not reset test SEUser") - if self.verbose: print "Seuser modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_seuser_key_free(key) - semanage.semanage_seuser_free(seuser) - if exists: semanage.semanage_seuser_free(old_seuser) - - def test_writeport(self,sh): - print "Testing port write..." - - (status, port) = semanage.semanage_port_create(sh) - if status < 0: - raise Error("Could not create SEPort object") - if self.verbose: print "SEPort object created." - - semanage.semanage_port_set_range(port,150,200) - low = semanage.semanage_port_get_low(port) - high = semanage.semanage_port_get_high(port) - if self.verbose: print "SEPort range set: ", low, "-", high - - semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP); - if self.verbose: print "SEPort protocol set: ", \ - semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP) - - (status, con) = semanage.semanage_context_create(sh) - if status < 0: - raise Error("Could not create SEContext object") - if self.verbose: print "SEContext object created (for port)." - - status = semanage.semanage_context_set_user(sh, con, "system_u") - if status < 0: - raise Error("Could not set context user") - if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) - - status = semanage.semanage_context_set_role(sh, con, "object_r") - if status < 0: - raise Error("Could not set context role") - if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) - - status = semanage.semanage_context_set_type(sh, con, "http_port_t") - if status < 0: - raise Error("Could not set context type") - if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) - - status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") - if status < 0: - raise Error("Could not set context MLS fields") - if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) - - status = semanage.semanage_port_set_con(sh, port, con) - if status < 0: - raise Error("Could not set SEPort context") - if self.verbose: print "SEPort context set: ", con - - (status,key) = semanage.semanage_port_key_extract(sh,port) - if status < 0: - raise Error("Could not extract SEPort key") - if self.verbose: print "SEPort key extracted: ", key - - (status,exists) = semanage.semanage_port_exists_local(sh,key) - if status < 0: - raise Error("Could not check if SEPort exists") - if self.verbose: print "Exists status (commit number): ", status - - if exists: - (status, old_port) = semanage.semanage_port_query_local(sh, key) - if status < 0: - raise Error("Could not query old SEPort") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_port_modify_local(sh,key,port) - if status < 0: - raise Error("Could not modify SEPort") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - if not exists: - print "Removing port range..." - status = semanage.semanage_port_del_local(sh, key) - if status < 0: - raise Error("Could not delete test SEPort") - if self.verbose: print "Port range delete: ", status - else: - print "Resetting port range..." - status = semanage.semanage_port_modify_local(sh, key, old_port) - if status < 0: - raise Error("Could not reset test SEPort") - if self.verbose: print "Port range modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_context_free(con) - semanage.semanage_port_key_free(key) - semanage.semanage_port_free(port) - if exists: semanage.semanage_port_free(old_port) - - def test_writefcontext(self,sh): - print "Testing file context write..." - - (status, fcon) = semanage.semanage_fcontext_create(sh) - if status < 0: - raise Error("Could not create SEFcontext object") - if self.verbose: print "SEFcontext object created." - - status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") - if status < 0: - raise Error("Could not set expression") - if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon) - - semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) - if self.verbose: - ftype = semanage.semanage_fcontext_get_type(fcon) - print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(ftype) - - (status, con) = semanage.semanage_context_create(sh) - if status < 0: - raise Error("Could not create SEContext object") - if self.verbose: print "SEContext object created (for file context)." - - status = semanage.semanage_context_set_user(sh, con, "system_u") - if status < 0: - raise Error("Could not set context user") - if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) - - status = semanage.semanage_context_set_role(sh, con, "object_r") - if status < 0: - raise Error("Could not set context role") - if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) - - status = semanage.semanage_context_set_type(sh, con, "default_t") - if status < 0: - raise Error("Could not set context type") - if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) - - status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") - if status < 0: - raise Error("Could not set context MLS fields") - if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) - - status = semanage.semanage_fcontext_set_con(sh, fcon, con) - if status < 0: - raise Error("Could not set SEFcontext context") - if self.verbose: print "SEFcontext context set: ", con - - (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) - if status < 0: - raise Error("Could not extract SEFcontext key") - if self.verbose: print "SEFcontext key extracted: ", key - - (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) - if status < 0: - raise Error("Could not check if SEFcontext exists") - - if self.verbose: print "Exists status (commit number): ", status - if exists: - (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) - if status < 0: - raise Error("Could not query old SEFcontext") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_fcontext_modify_local(sh,key,fcon) - if status < 0: - raise Error("Could not modify SEFcontext") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - if not exists: - print "Removing file context..." - status = semanage.semanage_fcontext_del_local(sh, key) - if status < 0: - raise Error("Could not delete test SEFcontext") - if self.verbose: print "File context delete: ", status - else: - print "Resetting file context..." - status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) - if status < 0: - raise Error("Could not reset test FContext") - if self.verbose: print "File context modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_context_free(con) - semanage.semanage_fcontext_key_free(key) - semanage.semanage_fcontext_free(fcon) - if exists: semanage.semanage_fcontext_free(old_fcontext) - - def test_writeinterface(self,sh): - print "Testing network interface write..." - - (status, iface) = semanage.semanage_iface_create(sh) - if status < 0: - raise Error("Could not create SEIface object") - if self.verbose: print "SEIface object created." - - status = semanage.semanage_iface_set_name(sh, iface, "test_iface") - if status < 0: - raise Error("Could not set SEIface name") - if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_name(iface) - - (status, con) = semanage.semanage_context_create(sh) - if status < 0: - raise Error("Could not create SEContext object") - if self.verbose: print "SEContext object created (for network interface)" - - status = semanage.semanage_context_set_user(sh, con, "system_u") - if status < 0: - raise Error("Could not set interface context user") - if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) - - status = semanage.semanage_context_set_role(sh, con, "object_r") - if status < 0: - raise Error("Could not set interface context role") - if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) - - status = semanage.semanage_context_set_type(sh, con, "default_t") - if status < 0: - raise Error("Could not set interface context type") - if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) - - status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") - if status < 0: - raise Error("Could not set interface context MLS fields") - if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) - - status = semanage.semanage_iface_set_ifcon(sh, iface, con) - if status < 0: - raise Error("Could not set SEIface interface context") - if self.verbose: print "SEIface interface context set: ", con - - status = semanage.semanage_iface_set_msgcon(sh, iface, con) - if status < 0: - raise Error("Could not set SEIface message context") - if self.verbose: print "SEIface message context set: ", con - - (status,key) = semanage.semanage_iface_key_extract(sh,iface) - if status < 0: - raise Error("Could not extract SEIface key") - if self.verbose: print "SEIface key extracted: ", key - - (status,exists) = semanage.semanage_iface_exists_local(sh,key) - if status < 0: - raise Error("Could not check if SEIface exists") - if self.verbose: print "Exists status (commit number): ", status - - if exists: - (status, old_iface) = semanage.semanage_iface_query_local(sh, key) - if status < 0: - raise Error("Could not query old SEIface") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not begin semanage transaction") - - status = semanage.semanage_iface_modify_local(sh,key,iface) - if status < 0: - raise Error("Could not modify SEIface") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not begin semanage transaction") - - if not exists: - print "Removing interface..." - status = semanage.semanage_iface_del_local(sh, key) - if status < 0: - raise Error("Could not delete test SEIface") - if self.verbose: print "Interface delete: ", status - else: - print "Resetting interface..." - status = semanage.semanage_iface_modify_local(sh, key, old_iface) - if status < 0: - raise Error("Could not reset test SEIface") - if self.verbose: print "Interface modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_context_free(con) - semanage.semanage_iface_key_free(key) - semanage.semanage_iface_free(iface) - if exists: semanage.semanage_iface_free(old_iface) - - def test_writeboolean(self,sh): - print "Testing boolean write..." - - (status, pbool) = semanage.semanage_bool_create(sh) - if status < 0: - raise Error("Could not create SEBool object") - if self.verbose: print "SEBool object created." - - status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") - if status < 0: - raise Error("Could not set name") - if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool) - - semanage.semanage_bool_set_value(pbool, 0) - if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(pbool) - - (status,key) = semanage.semanage_bool_key_extract(sh, pbool) - if status < 0: - raise Error("Could not extract SEBool key") - if self.verbose: print "SEBool key extracted: ", key - - (status,exists) = semanage.semanage_bool_exists_local(sh,key) - if status < 0: - raise Error("Could not check if SEBool exists") - if self.verbose: print "Exists status (commit number): ", status - - if exists: - (status, old_bool) = semanage.semanage_bool_query_local(sh, key) - if status < 0: - raise Error("Could not query old SEBool") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_bool_modify_local(sh, key, pbool) - - if status < 0: - raise Error("Could not modify SEBool") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - if not exists: - print "Removing boolean..." - status = semanage.semanage_bool_del_local(sh, key) - if status < 0: - raise Error("Could not delete test SEBool") - if self.verbose: print "Boolean delete: ", status - else: - print "Resetting boolean..." - status = semanage.semanage_bool_modify_local(sh, key, old_bool) - if status < 0: - raise Error("Could not reset test SEBool") - if self.verbose: print "Boolean modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_bool_key_free(key) - semanage.semanage_bool_free(pbool) - if exists: semanage.semanage_bool_free(old_bool) - - def test_writeaboolean(self,sh): - print "Testing active boolean write..." - - (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") - if status < 0: - raise Error("Could not create SEBool key") - if self.verbose: print "SEBool key created: ", key - - (status, old_bool) = semanage.semanage_bool_query_active(sh, key) - if status < 0: - raise Error("Could not query old SEBool") - if self.verbose: print "Query status (commit number): ", status - - (status, abool) = semanage.semanage_bool_create(sh) - if status < 0: - raise Error("Could not create SEBool object") - if self.verbose: print "SEBool object created." - - status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") - if status < 0: - raise Error("Could not set name") - if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool) - - semanage.semanage_bool_set_value(abool, 0) - if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(abool) - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_bool_set_active(sh,key,abool) - if status < 0: - raise Error("Could not modify SEBool") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - print "Resetting old active boolean..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_bool_set_active(sh, key,old_bool) - if status < 0: - raise Error("Could not reset test SEBool") - if self.verbose: print "SEBool active reset: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_bool_key_free(key) - semanage.semanage_bool_free(abool) - semanage.semanage_bool_free(old_bool) - - - def test_writenode(self,sh): - print "Testing network node write..." - - (status, node) = semanage.semanage_node_create(sh) - if status < 0: - raise Error("Could not create SENode object") - if self.verbose: print "SENode object created." - - status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") - if status < 0: - raise Error("Could not set SENode address") - - status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") - if status < 0: - raise Error("Could not set SENode netmask") - - semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6); - if self.verbose: print "SENode protocol set: ", \ - semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6) - - (status, con) = semanage.semanage_context_create(sh) - if status < 0: - raise Error("Could not create SEContext object") - if self.verbose: print "SEContext object created (for node)." - - status = semanage.semanage_context_set_user(sh, con, "system_u") - if status < 0: - raise Error("Could not set context user") - if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con) - - status = semanage.semanage_context_set_role(sh, con, "object_r") - if status < 0: - raise Error("Could not set context role") - if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con) - - status = semanage.semanage_context_set_type(sh, con, "lo_node_t") - if status < 0: - raise Error("Could not set context type") - if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con) - - status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") - if status < 0: - raise Error("Could not set context MLS fields") - if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con) - - status = semanage.semanage_node_set_con(sh, node, con) - if status < 0: - raise Error("Could not set SENode context") - if self.verbose: print "SENode context set: ", con - - (status,key) = semanage.semanage_node_key_extract(sh, node) - if status < 0: - raise Error("Could not extract SENode key") - if self.verbose: print "SENode key extracted: ", key - - (status,exists) = semanage.semanage_node_exists_local(sh,key) - if status < 0: - raise Error("Could not check if SENode exists") - if self.verbose: print "Exists status (commit number): ", status - - if exists: - (status, old_node) = semanage.semanage_node_query_local(sh, key) - if status < 0: - raise Error("Could not query old SENode") - if self.verbose: print "Query status (commit number): ", status - - print "Starting transaction..." - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - status = semanage.semanage_node_modify_local(sh,key, node) - if status < 0: - raise Error("Could not modify SENode") - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit test transaction") - print "Commit status (transaction number): ", status - - status = semanage.semanage_begin_transaction(sh) - if status < 0: - raise Error("Could not start semanage transaction") - - if not exists: - print "Removing network node..." - status = semanage.semanage_node_del_local(sh, key) - if status < 0: - raise Error("Could not delete test SENode") - if self.verbose: print "Network node delete: ", status - else: - print "Resetting network node..." - status = semanage.semanage_node_modify_local(sh, key, old_node) - if status < 0: - raise Error("Could not reset test SENode") - if self.verbose: print "Network node modify: ", status - - status = semanage.semanage_commit(sh) - if status < 0: - raise Error("Could not commit reset transaction") - print "Commit status (transaction number): ", status - - semanage.semanage_context_free(con) - semanage.semanage_node_key_free(key) - semanage.semanage_node_free(node) - if exists: semanage.semanage_node_free(old_node) + def __init__(self): + self.all = False + self.users = False + self.writeuser = False + self.seusers = False + self.writeseuser = False + self.ports = False + self.writeport = False + self.fcontexts = False + self.writefcontext = False + self.interfaces = False + self.writeinterface = False + self.booleans = False + self.writeboolean = False + self.abooleans = False + self.writeaboolean = False + self.nodes = False + self.writenode = False + self.modules = False + self.verbose = False + + def selected(self): + return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode) + + def run(self, handle): + if (self.users or self.all): + self.test_users(handle) + print "" + if (self.seusers or self.all): + self.test_seusers(handle) + print "" + if (self.ports or self.all): + self.test_ports(handle) + print "" + if (self.modules or self.all): + self.test_modules(handle) + print "" + if (self.fcontexts or self.all): + self.test_fcontexts(handle) + print "" + if (self.interfaces or self.all): + self.test_interfaces(handle) + print "" + if (self.booleans or self.all): + self.test_booleans(handle) + print "" + if (self.abooleans or self.all): + self.test_abooleans(handle) + print "" + if (self.nodes or self.all): + self.test_nodes(handle) + print "" + if (self.writeuser or self.all): + self.test_writeuser(handle) + print "" + if (self.writeseuser or self.all): + self.test_writeseuser(handle) + print "" + if (self.writeport or self.all): + self.test_writeport(handle) + print "" + if (self.writefcontext or self.all): + self.test_writefcontext(handle) + print "" + if (self.writeinterface or self.all): + self.test_writeinterface(handle) + print "" + if (self.writeboolean or self.all): + self.test_writeboolean(handle) + print "" + if (self.writeaboolean or self.all): + self.test_writeaboolean(handle) + print "" + if (self.writenode or self.all): + self.test_writenode(handle) + print "" + + def test_modules(self,sh): + print "Testing modules..." + + (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) + + print "Transaction number: ", trans_cnt + print "Module list size: ", mlist_size + if self.verbose: + print "List reference: ", mlist + + if (mlist_size == 0): + print "No modules installed!" + print "This is not necessarily a test failure." + return + for idx in range(mlist_size): + module = semanage.semanage_module_list_nth(mlist, idx) + if self.verbose: + print "Module reference: ", module + print "Module name: ", semanage.semanage_module_get_name(module) + + def test_seusers(self,sh): + print "Testing seusers..." + + (status, slist) = semanage.semanage_seuser_list(sh) + if status < 0: + raise Error("Could not list seusers") + print "Query status (commit number): ", status + + if ( len(slist) == 0): + print "No seusers found!" + print "This is not necessarily a test failure." + return + for seuser in slist: + if self.verbose: + print "seseuser reference: ", seuser + print "seuser name: ", semanage.semanage_seuser_get_name(seuser) + print " seuser mls range: ", semanage.semanage_seuser_get_mlsrange(seuser) + print " seuser sename: ", semanage.semanage_seuser_get_sename(seuser) + semanage.semanage_seuser_free(seuser) + + def test_users(self,sh): + print "Testing users..." + + (status, ulist) = semanage.semanage_user_list(sh) + if status < 0: + raise Error("Could not list users") + print "Query status (commit number): ", status + + if ( len(ulist) == 0): + print "No users found!" + print "This is not necessarily a test failure." + return + for user in ulist: + if self.verbose: + print "User reference: ", user + print "User name: ", semanage.semanage_user_get_name(user) + print " User labeling prefix: ", semanage.semanage_user_get_prefix(user) + print " User mls level: ", semanage.semanage_user_get_mlslevel(user) + print " User mls range: ", semanage.semanage_user_get_mlsrange(user) + print " User number of roles: ", semanage.semanage_user_get_num_roles(user) + print " User roles: " + (status, rlist) = semanage.semanage_user_get_roles(sh, user) + if status < 0: + raise Error("Could not get user roles") + + for role in rlist: + print " ", role + + semanage.semanage_user_free(user) + + def test_ports(self,sh): + print "Testing ports..." + + (status, plist) = semanage.semanage_port_list(sh) + if status < 0: + raise Error("Could not list ports") + print "Query status (commit number): ", status + + if ( len(plist) == 0): + print "No ports found!" + print "This is not necessarily a test failure." + return + for port in plist: + if self.verbose: + print "Port reference: ", port + low = semanage.semanage_port_get_low(port) + high = semanage.semanage_port_get_high(port) + con = semanage.semanage_port_get_con(port) + proto = semanage.semanage_port_get_proto(port) + proto_str = semanage.semanage_port_get_proto_str(proto) + if low == high: + range_str = str(low) + else: + range_str = str(low) + "-" + str(high) + (rc, con_str) = semanage.semanage_context_to_string(sh,con) + if rc < 0: con_str = "" + print "Port: ", range_str, " ", proto_str, " Context: ", con_str + semanage.semanage_port_free(port) + + def test_fcontexts(self,sh): + print "Testing file contexts..." + + (status, flist) = semanage.semanage_fcontext_list(sh) + if status < 0: + raise Error("Could not list file contexts") + print "Query status (commit number): ", status + + if (len(flist) == 0): + print "No file contexts found!" + print "This is not necessarily a test failure." + return + for fcon in flist: + if self.verbose: + print "File Context reference: ", fcon + expr = semanage.semanage_fcontext_get_expr(fcon) + type = semanage.semanage_fcontext_get_type(fcon) + type_str = semanage.semanage_fcontext_get_type_str(type) + con = semanage.semanage_fcontext_get_con(fcon) + if not con: + con_str = "<<none>>" + else: + (rc, con_str) = semanage.semanage_context_to_string(sh,con) + if rc < 0: con_str = "" + print "File Expr: ", expr, " [", type_str, "] Context: ", con_str + semanage.semanage_fcontext_free(fcon) + + def test_interfaces(self,sh): + print "Testing network interfaces..." + + (status, ilist) = semanage.semanage_iface_list(sh) + if status < 0: + raise Error("Could not list interfaces") + print "Query status (commit number): ", status + + if (len(ilist) == 0): + print "No network interfaces found!" + print "This is not necessarily a test failure." + return + for iface in ilist: + if self.verbose: + print "Interface reference: ", iface + name = semanage.semanage_iface_get_name(iface) + msg_con = semanage.semanage_iface_get_msgcon(iface) + if_con = semanage.semanage_iface_get_ifcon(iface) + (rc, msg_con_str) = semanage.semanage_context_to_string(sh,msg_con) + if rc < 0: msg_con_str = "" + (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) + if rc < 0: if_con_str = "" + print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str + semanage.semanage_iface_free(iface) + + def test_booleans(self,sh): + print "Testing booleans..." + + (status, blist) = semanage.semanage_bool_list(sh) + if status < 0: + raise Error("Could not list booleans") + print "Query status (commit number): ", status + + if (len(blist) == 0): + print "No booleans found!" + print "This is not necessarily a test failure." + return + for pbool in blist: + if self.verbose: + print "Boolean reference: ", pbool + name = semanage.semanage_bool_get_name(pbool) + value = semanage.semanage_bool_get_value(pbool) + print "Boolean: ", name, " Value: ", value + semanage.semanage_bool_free(pbool) + + def test_abooleans(self,sh): + print "Testing active booleans..." + + (status, ablist) = semanage.semanage_bool_list_active(sh) + if status < 0: + raise Error("Could not list active booleans") + print "Query status (commit number): ", status + + if (len(ablist) == 0): + print "No active booleans found!" + print "This is not necessarily a test failure." + return + for abool in ablist: + if self.verbose: + print "Active boolean reference: ", abool + name = semanage.semanage_bool_get_name(abool) + value = semanage.semanage_bool_get_value(abool) + print "Active Boolean: ", name, " Value: ", value + semanage.semanage_bool_free(abool) + + def test_nodes(self,sh): + print "Testing network nodes..." + + (status, nlist) = semanage.semanage_node_list(sh) + if status < 0: + raise Error("Could not list network nodes") + print "Query status (commit number): ", status + + if (len(nlist) == 0): + print "No network nodes found!" + print "This is not necessarily a test failure." + return + for node in nlist: + if self.verbose: + print "Network node reference: ", node + + (status, addr) = semanage.semanage_node_get_addr(sh, node) + if status < 0: addr = "" + + (status, mask) = semanage.semanage_node_get_mask(sh, node) + if status < 0: mask = "" + + proto = semanage.semanage_node_get_proto(node) + proto_str = semanage.semanage_node_get_proto_str(proto) + con = semanage.semanage_node_get_con(node) + + (status, con_str) = semanage.semanage_context_to_string(sh, con) + if status < 0: con_str = "" + + print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str + semanage.semanage_node_free(node) + + def test_writeuser(self,sh): + print "Testing user write..." + + (status, user) = semanage.semanage_user_create(sh) + if status < 0: + raise Error("Could not create user object") + if self.verbose: + print "User object created" + + status = semanage.semanage_user_set_name(sh,user, "testPyUser") + if status < 0: + raise Error("Could not set user name") + if self.verbose: + print "User name set: ", semanage.semanage_user_get_name(user) + + status = semanage.semanage_user_add_role(sh, user, "user_r") + if status < 0: + raise Error("Could not add role") + + status = semanage.semanage_user_set_prefix(sh,user, "user") + if status < 0: + raise Error("Could not set labeling prefix") + if self.verbose: + print "User prefix set: ", semanage.semanage_user_get_prefix(user) + + status = semanage.semanage_user_set_mlsrange(sh, user, "s0") + if status < 0: + raise Error("Could not set MLS range") + if self.verbose: + print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user) + + status = semanage.semanage_user_set_mlslevel(sh, user, "s0") + if status < 0: + raise Error("Could not set MLS level") + if self.verbose: + print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user) + + (status,key) = semanage.semanage_user_key_extract(sh,user) + if status < 0: + raise Error("Could not extract user key") + if self.verbose: + print "User key extracted: ", key + + (status,exists) = semanage.semanage_user_exists_local(sh,key) + if status < 0: + raise Error("Could not check if user exists") + if self.verbose: + print "Exists status (commit number): ", status + + if exists: + (status, old_user) = semanage.semanage_user_query_local(sh, key) + if status < 0: + raise Error("Could not query old user") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction.." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_user_modify_local(sh,key,user) + if status < 0: + raise Error("Could not modify user") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + if not exists: + print "Removing user..." + status = semanage.semanage_user_del_local(sh, key) + if status < 0: + raise Error("Could not delete test user") + if self.verbose: + print "User delete: ", status + else: + print "Resetting user..." + status = semanage.semanage_user_modify_local(sh, key, old_user) + if status < 0: + raise Error("Could not reset test user") + if self.verbose: + print "User modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_user_key_free(key) + semanage.semanage_user_free(user) + if exists: semanage.semanage_user_free(old_user) + + def test_writeseuser(self,sh): + print "Testing seuser write..." + + (status, seuser) = semanage.semanage_seuser_create(sh) + if status < 0: + raise Error("Could not create SEUser object") + if self.verbose: + print "SEUser object created." + + status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser") + if status < 0: + raise Error("Could not set name") + if self.verbose: + print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser) + + status = semanage.semanage_seuser_set_sename(sh, seuser, "root") + if status < 0: + raise Error("Could not set sename") + if self.verbose: + print "SEUser seuser: ", semanage.semanage_seuser_get_sename(seuser) + + status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") + if status < 0: + raise Error("Could not set MLS range") + if self.verbose: + print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser) + + (status,key) = semanage.semanage_seuser_key_extract(sh,seuser) + if status < 0: + raise Error("Could not extract SEUser key") + if self.verbose: + print "SEUser key extracted: ", key + + (status,exists) = semanage.semanage_seuser_exists_local(sh,key) + if status < 0: + raise Error("Could not check if SEUser exists") + if self.verbose: + print "Exists status (commit number): ", status + + if exists: + (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) + if status < 0: + raise Error("Could not query old SEUser") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_seuser_modify_local(sh,key,seuser) + if status < 0: + raise Error("Could not modify SEUser") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + if not exists: + print "Removing seuser..." + status = semanage.semanage_seuser_del_local(sh, key) + if status < 0: + raise Error("Could not delete test SEUser") + if self.verbose: + print "Seuser delete: ", status + else: + print "Resetting seuser..." + status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) + if status < 0: + raise Error("Could not reset test SEUser") + if self.verbose: + print "Seuser modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_seuser_key_free(key) + semanage.semanage_seuser_free(seuser) + if exists: + semanage.semanage_seuser_free(old_seuser) + + def test_writeport(self,sh): + print "Testing port write..." + + (status, port) = semanage.semanage_port_create(sh) + if status < 0: + raise Error("Could not create SEPort object") + if self.verbose: + print "SEPort object created." + + semanage.semanage_port_set_range(port,150,200) + low = semanage.semanage_port_get_low(port) + high = semanage.semanage_port_get_high(port) + if self.verbose: + print "SEPort range set: ", low, "-", high + + semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP) + if self.verbose: + print "SEPort protocol set: ", semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP) + + (status, con) = semanage.semanage_context_create(sh) + if status < 0: + raise Error("Could not create SEContext object") + if self.verbose: + print "SEContext object created (for port)." + + status = semanage.semanage_context_set_user(sh, con, "system_u") + if status < 0: + raise Error("Could not set context user") + if self.verbose: + print "SEContext user: ", semanage.semanage_context_get_user(con) + + status = semanage.semanage_context_set_role(sh, con, "object_r") + if status < 0: + raise Error("Could not set context role") + if self.verbose: + print "SEContext role: ", semanage.semanage_context_get_role(con) + + status = semanage.semanage_context_set_type(sh, con, "http_port_t") + if status < 0: + raise Error("Could not set context type") + if self.verbose: + print "SEContext type: ", semanage.semanage_context_get_type(con) + + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") + if status < 0: + raise Error("Could not set context MLS fields") + if self.verbose: + print "SEContext mls: ", semanage.semanage_context_get_mls(con) + + status = semanage.semanage_port_set_con(sh, port, con) + if status < 0: + raise Error("Could not set SEPort context") + if self.verbose: + print "SEPort context set: ", con + + (status,key) = semanage.semanage_port_key_extract(sh,port) + if status < 0: + raise Error("Could not extract SEPort key") + if self.verbose: + print "SEPort key extracted: ", key + + (status,exists) = semanage.semanage_port_exists_local(sh,key) + if status < 0: + raise Error("Could not check if SEPort exists") + if self.verbose: + print "Exists status (commit number): ", status + + if exists: + (status, old_port) = semanage.semanage_port_query_local(sh, key) + if status < 0: + raise Error("Could not query old SEPort") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_port_modify_local(sh,key,port) + if status < 0: + raise Error("Could not modify SEPort") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + if not exists: + print "Removing port range..." + status = semanage.semanage_port_del_local(sh, key) + if status < 0: + raise Error("Could not delete test SEPort") + if self.verbose: + print "Port range delete: ", status + else: + print "Resetting port range..." + status = semanage.semanage_port_modify_local(sh, key, old_port) + if status < 0: + raise Error("Could not reset test SEPort") + if self.verbose: + print "Port range modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_context_free(con) + semanage.semanage_port_key_free(key) + semanage.semanage_port_free(port) + if exists: + semanage.semanage_port_free(old_port) + + def test_writefcontext(self,sh): + print "Testing file context write..." + + (status, fcon) = semanage.semanage_fcontext_create(sh) + if status < 0: + raise Error("Could not create SEFcontext object") + if self.verbose: + print "SEFcontext object created." + + status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") + if status < 0: + raise Error("Could not set expression") + if self.verbose: + print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon) + + semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) + if self.verbose: + ftype = semanage.semanage_fcontext_get_type(fcon) + print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(ftype) + + (status, con) = semanage.semanage_context_create(sh) + if status < 0: + raise Error("Could not create SEContext object") + if self.verbose: + print "SEContext object created (for file context)." + + status = semanage.semanage_context_set_user(sh, con, "system_u") + if status < 0: + raise Error("Could not set context user") + if self.verbose: + print "SEContext user: ", semanage.semanage_context_get_user(con) + + status = semanage.semanage_context_set_role(sh, con, "object_r") + if status < 0: + raise Error("Could not set context role") + if self.verbose: + print "SEContext role: ", semanage.semanage_context_get_role(con) + + status = semanage.semanage_context_set_type(sh, con, "default_t") + if status < 0: + raise Error("Could not set context type") + if self.verbose: + print "SEContext type: ", semanage.semanage_context_get_type(con) + + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") + if status < 0: + raise Error("Could not set context MLS fields") + if self.verbose: + print "SEContext mls: ", semanage.semanage_context_get_mls(con) + + status = semanage.semanage_fcontext_set_con(sh, fcon, con) + if status < 0: + raise Error("Could not set SEFcontext context") + if self.verbose: + print "SEFcontext context set: ", con + + (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon) + if status < 0: + raise Error("Could not extract SEFcontext key") + if self.verbose: + print "SEFcontext key extracted: ", key + + (status,exists) = semanage.semanage_fcontext_exists_local(sh,key) + if status < 0: + raise Error("Could not check if SEFcontext exists") + + if self.verbose: + print "Exists status (commit number): ", status + if exists: + (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) + if status < 0: + raise Error("Could not query old SEFcontext") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_fcontext_modify_local(sh,key,fcon) + if status < 0: + raise Error("Could not modify SEFcontext") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + if not exists: + print "Removing file context..." + status = semanage.semanage_fcontext_del_local(sh, key) + if status < 0: + raise Error("Could not delete test SEFcontext") + if self.verbose: + print "File context delete: ", status + else: + print "Resetting file context..." + status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) + if status < 0: + raise Error("Could not reset test FContext") + if self.verbose: + print "File context modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_context_free(con) + semanage.semanage_fcontext_key_free(key) + semanage.semanage_fcontext_free(fcon) + if exists: + semanage.semanage_fcontext_free(old_fcontext) + + def test_writeinterface(self,sh): + print "Testing network interface write..." + + (status, iface) = semanage.semanage_iface_create(sh) + if status < 0: + raise Error("Could not create SEIface object") + if self.verbose: + print "SEIface object created." + + status = semanage.semanage_iface_set_name(sh, iface, "test_iface") + if status < 0: + raise Error("Could not set SEIface name") + if self.verbose: + print "SEIface name set: ", semanage.semanage_iface_get_name(iface) + + (status, con) = semanage.semanage_context_create(sh) + if status < 0: + raise Error("Could not create SEContext object") + if self.verbose: + print "SEContext object created (for network interface)" + + status = semanage.semanage_context_set_user(sh, con, "system_u") + if status < 0: + raise Error("Could not set interface context user") + if self.verbose: + print "SEContext user: ", semanage.semanage_context_get_user(con) + + status = semanage.semanage_context_set_role(sh, con, "object_r") + if status < 0: + raise Error("Could not set interface context role") + if self.verbose: + print "SEContext role: ", semanage.semanage_context_get_role(con) + + status = semanage.semanage_context_set_type(sh, con, "default_t") + if status < 0: + raise Error("Could not set interface context type") + if self.verbose: + print "SEContext type: ", semanage.semanage_context_get_type(con) + + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") + if status < 0: + raise Error("Could not set interface context MLS fields") + if self.verbose: + print "SEContext mls: ", semanage.semanage_context_get_mls(con) + + status = semanage.semanage_iface_set_ifcon(sh, iface, con) + if status < 0: + raise Error("Could not set SEIface interface context") + if self.verbose: + print "SEIface interface context set: ", con + + status = semanage.semanage_iface_set_msgcon(sh, iface, con) + if status < 0: + raise Error("Could not set SEIface message context") + if self.verbose: + print "SEIface message context set: ", con + + (status,key) = semanage.semanage_iface_key_extract(sh,iface) + if status < 0: + raise Error("Could not extract SEIface key") + if self.verbose: + print "SEIface key extracted: ", key + + (status,exists) = semanage.semanage_iface_exists_local(sh,key) + if status < 0: + raise Error("Could not check if SEIface exists") + if self.verbose: + print "Exists status (commit number): ", status + + if exists: + (status, old_iface) = semanage.semanage_iface_query_local(sh, key) + if status < 0: + raise Error("Could not query old SEIface") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not begin semanage transaction") + + status = semanage.semanage_iface_modify_local(sh,key,iface) + if status < 0: + raise Error("Could not modify SEIface") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not begin semanage transaction") + + if not exists: + print "Removing interface..." + status = semanage.semanage_iface_del_local(sh, key) + if status < 0: + raise Error("Could not delete test SEIface") + if self.verbose: + print "Interface delete: ", status + else: + print "Resetting interface..." + status = semanage.semanage_iface_modify_local(sh, key, old_iface) + if status < 0: + raise Error("Could not reset test SEIface") + if self.verbose: + print "Interface modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_context_free(con) + semanage.semanage_iface_key_free(key) + semanage.semanage_iface_free(iface) + if exists: + semanage.semanage_iface_free(old_iface) + + def test_writeboolean(self,sh): + print "Testing boolean write..." + + (status, pbool) = semanage.semanage_bool_create(sh) + if status < 0: + raise Error("Could not create SEBool object") + if self.verbose: + print "SEBool object created." + + status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") + if status < 0: + raise Error("Could not set name") + if self.verbose: + print "SEBool name set: ", semanage.semanage_bool_get_name(pbool) + + semanage.semanage_bool_set_value(pbool, 0) + if self.verbose: + print "SEbool value set: ", semanage.semanage_bool_get_value(pbool) + + (status,key) = semanage.semanage_bool_key_extract(sh, pbool) + if status < 0: + raise Error("Could not extract SEBool key") + if self.verbose: + print "SEBool key extracted: ", key + + (status,exists) = semanage.semanage_bool_exists_local(sh,key) + if status < 0: + raise Error("Could not check if SEBool exists") + if self.verbose: + print "Exists status (commit number): ", status + + if exists: + (status, old_bool) = semanage.semanage_bool_query_local(sh, key) + if status < 0: + raise Error("Could not query old SEBool") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_bool_modify_local(sh, key, pbool) + + if status < 0: + raise Error("Could not modify SEBool") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + if not exists: + print "Removing boolean..." + status = semanage.semanage_bool_del_local(sh, key) + if status < 0: + raise Error("Could not delete test SEBool") + if self.verbose: + print "Boolean delete: ", status + else: + print "Resetting boolean..." + status = semanage.semanage_bool_modify_local(sh, key, old_bool) + if status < 0: + raise Error("Could not reset test SEBool") + if self.verbose: + print "Boolean modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_bool_key_free(key) + semanage.semanage_bool_free(pbool) + if exists: semanage.semanage_bool_free(old_bool) + + def test_writeaboolean(self,sh): + print "Testing active boolean write..." + + (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") + if status < 0: + raise Error("Could not create SEBool key") + if self.verbose: + print "SEBool key created: ", key + + (status, old_bool) = semanage.semanage_bool_query_active(sh, key) + if status < 0: + raise Error("Could not query old SEBool") + if self.verbose: + print "Query status (commit number): ", status + + (status, abool) = semanage.semanage_bool_create(sh) + if status < 0: + raise Error("Could not create SEBool object") + if self.verbose: + print "SEBool object created." + + status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") + if status < 0: + raise Error("Could not set name") + if self.verbose: + print "SEBool name set: ", semanage.semanage_bool_get_name(abool) + + semanage.semanage_bool_set_value(abool, 0) + if self.verbose: + print "SEbool value set: ", semanage.semanage_bool_get_value(abool) + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_bool_set_active(sh,key,abool) + if status < 0: + raise Error("Could not modify SEBool") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + print "Resetting old active boolean..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_bool_set_active(sh, key,old_bool) + if status < 0: + raise Error("Could not reset test SEBool") + if self.verbose: + print "SEBool active reset: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_bool_key_free(key) + semanage.semanage_bool_free(abool) + semanage.semanage_bool_free(old_bool) + + + def test_writenode(self,sh): + print "Testing network node write..." + + (status, node) = semanage.semanage_node_create(sh) + if status < 0: + raise Error("Could not create SENode object") + if self.verbose: + print "SENode object created." + + status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") + if status < 0: + raise Error("Could not set SENode address") + + status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") + if status < 0: + raise Error("Could not set SENode netmask") + + semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6) + if self.verbose: + print "SENode protocol set: ", semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6) + + (status, con) = semanage.semanage_context_create(sh) + if status < 0: + raise Error("Could not create SEContext object") + if self.verbose: + print "SEContext object created (for node)." + + status = semanage.semanage_context_set_user(sh, con, "system_u") + if status < 0: + raise Error("Could not set context user") + if self.verbose: + print "SEContext user: ", semanage.semanage_context_get_user(con) + + status = semanage.semanage_context_set_role(sh, con, "object_r") + if status < 0: + raise Error("Could not set context role") + if self.verbose: + print "SEContext role: ", semanage.semanage_context_get_role(con) + + status = semanage.semanage_context_set_type(sh, con, "lo_node_t") + if status < 0: + raise Error("Could not set context type") + if self.verbose: + print "SEContext type: ", semanage.semanage_context_get_type(con) + + status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") + if status < 0: + raise Error("Could not set context MLS fields") + if self.verbose: + print "SEContext mls: ", semanage.semanage_context_get_mls(con) + + status = semanage.semanage_node_set_con(sh, node, con) + if status < 0: + raise Error("Could not set SENode context") + if self.verbose: + print "SENode context set: ", con + + (status,key) = semanage.semanage_node_key_extract(sh, node) + if status < 0: + raise Error("Could not extract SENode key") + if self.verbose: + print "SENode key extracted: ", key + + (status,exists) = semanage.semanage_node_exists_local(sh,key) + if status < 0: + raise Error("Could not check if SENode exists") + if self.verbose: + print "Exists status (commit number): ", status + + if exists: + (status, old_node) = semanage.semanage_node_query_local(sh, key) + if status < 0: + raise Error("Could not query old SENode") + if self.verbose: + print "Query status (commit number): ", status + + print "Starting transaction..." + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + status = semanage.semanage_node_modify_local(sh,key, node) + if status < 0: + raise Error("Could not modify SENode") + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit test transaction") + print "Commit status (transaction number): ", status + + status = semanage.semanage_begin_transaction(sh) + if status < 0: + raise Error("Could not start semanage transaction") + + if not exists: + print "Removing network node..." + status = semanage.semanage_node_del_local(sh, key) + if status < 0: + raise Error("Could not delete test SENode") + if self.verbose: + print "Network node delete: ", status + else: + print "Resetting network node..." + status = semanage.semanage_node_modify_local(sh, key, old_node) + if status < 0: + raise Error("Could not reset test SENode") + if self.verbose: + print "Network node modify: ", status + + status = semanage.semanage_commit(sh) + if status < 0: + raise Error("Could not commit reset transaction") + print "Commit status (transaction number): ", status + + semanage.semanage_context_free(con) + semanage.semanage_node_key_free(key) + semanage.semanage_node_free(node) + if exists: + semanage.semanage_node_free(old_node) def main(argv=None): - if argv is None: - argv = sys.argv - try: - try: - opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) - tests = Tests() - for o, a in opts: - if o == "-v": - tests.verbose = True - print "Verbose output selected." - if o == "-a": - tests.all = True - if o == "-u": - tests.users = True - if o == "-U": - tests.writeuser = True - if o == "-s": - tests.seusers = True - if o == "-S": - tests.writeseuser = True - if o == "-p": - tests.ports = True - if o == "-P": - tests.writeport = True - if o == "-f": - tests.fcontexts = True - if o == "-F": - tests.writefcontext = True - if o == "-i": - tests.interfaces = True - if o == "-I": - tests.writeinterface = True - if o == "-b": - tests.booleans = True - if o == "-B": - tests.writeboolean = True - if o == "-c": - tests.abooleans = True - if o == "-C": - tests.writeaboolean = True - if o == "-n": - tests.nodes = True - if o == "-N": - tests.writenode = True - if o == "-m": - tests.modules = True - if o == "-h": - raise Usage(usage) - - if not tests.selected(): - raise Usage("Please select a valid test.") - - except getopt.error, msg: - raise Usage(msg) - - sh=semanage.semanage_handle_create() - - if (semanage.semanage_is_managed(sh) != 1): - raise Status("Unmanaged!") - - status = semanage.semanage_connect(sh) - if status < 0: - raise Error("Could not establish semanage connection") - - tests.run(sh) - - status = semanage.semanage_disconnect(sh) - if status < 0: - raise Error("Could not disconnect") - - semanage.semanage_handle_destroy(sh) - - except Usage, err: - print >>sys.stderr, err.msg - except Status, err: - print >>sys.stderr, err.msg - except Error, err: - print >>sys.stderr, err.msg - - return 2 + if argv is None: + argv = sys.argv + try: + try: + opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) + tests = Tests() + for o, a in opts: + if o == "-v": + tests.verbose = True + print "Verbose output selected." + if o == "-a": + tests.all = True + if o == "-u": + tests.users = True + if o == "-U": + tests.writeuser = True + if o == "-s": + tests.seusers = True + if o == "-S": + tests.writeseuser = True + if o == "-p": + tests.ports = True + if o == "-P": + tests.writeport = True + if o == "-f": + tests.fcontexts = True + if o == "-F": + tests.writefcontext = True + if o == "-i": + tests.interfaces = True + if o == "-I": + tests.writeinterface = True + if o == "-b": + tests.booleans = True + if o == "-B": + tests.writeboolean = True + if o == "-c": + tests.abooleans = True + if o == "-C": + tests.writeaboolean = True + if o == "-n": + tests.nodes = True + if o == "-N": + tests.writenode = True + if o == "-m": + tests.modules = True + if o == "-h": + raise Usage(usage) + + if not tests.selected(): + raise Usage("Please select a valid test.") + + except getopt.error, msg: + raise Usage(msg) + + sh=semanage.semanage_handle_create() + + if (semanage.semanage_is_managed(sh) != 1): + raise Status("Unmanaged!") + + status = semanage.semanage_connect(sh) + if status < 0: + raise Error("Could not establish semanage connection") + + tests.run(sh) + + status = semanage.semanage_disconnect(sh) + if status < 0: + raise Error("Could not disconnect") + + semanage.semanage_handle_destroy(sh) + + except Usage, err: + print >>sys.stderr, err.msg + except Status, err: + print >>sys.stderr, err.msg + except Error, err: + print >>sys.stderr, err.msg + + return 2 if __name__ == "__main__": - sys.exit(main()) - + sys.exit(main())
Only use spaces to indent Python code. This reduces the number of warnings reported by Python linters. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> --- libsemanage/src/pywrap-test.py | 2301 +++++++++++++++++--------------- 1 file changed, 1200 insertions(+), 1101 deletions(-)