1*2d543d20SAndroid Build Coastguard Worker#!/usr/bin/python3 2*2d543d20SAndroid Build Coastguard Workerfrom __future__ import print_function 3*2d543d20SAndroid Build Coastguard Worker 4*2d543d20SAndroid Build Coastguard Workerimport sys 5*2d543d20SAndroid Build Coastguard Workerimport getopt 6*2d543d20SAndroid Build Coastguard Workerimport semanage 7*2d543d20SAndroid Build Coastguard Worker 8*2d543d20SAndroid Build Coastguard Worker 9*2d543d20SAndroid Build Coastguard Workerusage = "\ 10*2d543d20SAndroid Build Coastguard WorkerChoose one of the following tests:\n\ 11*2d543d20SAndroid Build Coastguard Worker-m for modules\n\ 12*2d543d20SAndroid Build Coastguard Worker-u for users\n\ 13*2d543d20SAndroid Build Coastguard Worker-U for add user (warning this will write!)\n\ 14*2d543d20SAndroid Build Coastguard Worker-s for seusers\n\ 15*2d543d20SAndroid Build Coastguard Worker-S for add seuser (warning this will write!)\n\ 16*2d543d20SAndroid Build Coastguard Worker-p for ports\n\ 17*2d543d20SAndroid Build Coastguard Worker-P for add port (warning this will write!)\n\ 18*2d543d20SAndroid Build Coastguard Worker-f for file contexts \n\ 19*2d543d20SAndroid Build Coastguard Worker-F for add file context (warning this will write!)\n\ 20*2d543d20SAndroid Build Coastguard Worker-i for network interfaces \n\ 21*2d543d20SAndroid Build Coastguard Worker-I for add network interface (warning this will write!)\n\ 22*2d543d20SAndroid Build Coastguard Worker-b for booleans \n\ 23*2d543d20SAndroid Build Coastguard Worker-B for add boolean (warning this will write!)\n\ 24*2d543d20SAndroid Build Coastguard Worker-c for aCtive booleans\n\ 25*2d543d20SAndroid Build Coastguard Worker-C for set aCtive boolean (warning this will write!)\n\n\ 26*2d543d20SAndroid Build Coastguard Worker-n for network nodes\n\ 27*2d543d20SAndroid Build Coastguard Worker-N for add node (warning this will write!)\n\n\ 28*2d543d20SAndroid Build Coastguard WorkerOther options:\n\ 29*2d543d20SAndroid Build Coastguard Worker-h for this help\n\ 30*2d543d20SAndroid Build Coastguard Worker-v for verbose output\ 31*2d543d20SAndroid Build Coastguard Worker" 32*2d543d20SAndroid Build Coastguard Worker 33*2d543d20SAndroid Build Coastguard Worker 34*2d543d20SAndroid Build Coastguard Workerclass Usage(Exception): 35*2d543d20SAndroid Build Coastguard Worker def __init__(self, msg): 36*2d543d20SAndroid Build Coastguard Worker Exception.__init__(self) 37*2d543d20SAndroid Build Coastguard Worker self.msg = msg 38*2d543d20SAndroid Build Coastguard Worker 39*2d543d20SAndroid Build Coastguard Worker 40*2d543d20SAndroid Build Coastguard Workerclass Status(Exception): 41*2d543d20SAndroid Build Coastguard Worker def __init__(self, msg): 42*2d543d20SAndroid Build Coastguard Worker Exception.__init__(self) 43*2d543d20SAndroid Build Coastguard Worker self.msg = msg 44*2d543d20SAndroid Build Coastguard Worker 45*2d543d20SAndroid Build Coastguard Worker 46*2d543d20SAndroid Build Coastguard Workerclass Error(Exception): 47*2d543d20SAndroid Build Coastguard Worker def __init__(self, msg): 48*2d543d20SAndroid Build Coastguard Worker Exception.__init__(self) 49*2d543d20SAndroid Build Coastguard Worker self.msg = msg 50*2d543d20SAndroid Build Coastguard Worker 51*2d543d20SAndroid Build Coastguard Worker 52*2d543d20SAndroid Build Coastguard Workerclass Tests: 53*2d543d20SAndroid Build Coastguard Worker def __init__(self): 54*2d543d20SAndroid Build Coastguard Worker self.all = False 55*2d543d20SAndroid Build Coastguard Worker self.users = False 56*2d543d20SAndroid Build Coastguard Worker self.writeuser = False 57*2d543d20SAndroid Build Coastguard Worker self.seusers = False 58*2d543d20SAndroid Build Coastguard Worker self.writeseuser = False 59*2d543d20SAndroid Build Coastguard Worker self.ports = False 60*2d543d20SAndroid Build Coastguard Worker self.writeport = False 61*2d543d20SAndroid Build Coastguard Worker self.fcontexts = False 62*2d543d20SAndroid Build Coastguard Worker self.writefcontext = False 63*2d543d20SAndroid Build Coastguard Worker self.interfaces = False 64*2d543d20SAndroid Build Coastguard Worker self.writeinterface = False 65*2d543d20SAndroid Build Coastguard Worker self.booleans = False 66*2d543d20SAndroid Build Coastguard Worker self.writeboolean = False 67*2d543d20SAndroid Build Coastguard Worker self.abooleans = False 68*2d543d20SAndroid Build Coastguard Worker self.writeaboolean = False 69*2d543d20SAndroid Build Coastguard Worker self.nodes = False 70*2d543d20SAndroid Build Coastguard Worker self.writenode = False 71*2d543d20SAndroid Build Coastguard Worker self.modules = False 72*2d543d20SAndroid Build Coastguard Worker self.verbose = False 73*2d543d20SAndroid Build Coastguard Worker 74*2d543d20SAndroid Build Coastguard Worker def selected(self): 75*2d543d20SAndroid Build Coastguard Worker return ( 76*2d543d20SAndroid Build Coastguard Worker self.all or 77*2d543d20SAndroid Build Coastguard Worker self.users or 78*2d543d20SAndroid Build Coastguard Worker self.modules or 79*2d543d20SAndroid Build Coastguard Worker self.seusers or 80*2d543d20SAndroid Build Coastguard Worker self.ports or 81*2d543d20SAndroid Build Coastguard Worker self.fcontexts or 82*2d543d20SAndroid Build Coastguard Worker self.interfaces or 83*2d543d20SAndroid Build Coastguard Worker self.booleans or 84*2d543d20SAndroid Build Coastguard Worker self.abooleans or 85*2d543d20SAndroid Build Coastguard Worker self.writeuser or 86*2d543d20SAndroid Build Coastguard Worker self.writeseuser or 87*2d543d20SAndroid Build Coastguard Worker self.writeport or 88*2d543d20SAndroid Build Coastguard Worker self.writefcontext or 89*2d543d20SAndroid Build Coastguard Worker self.writeinterface or 90*2d543d20SAndroid Build Coastguard Worker self.writeboolean or 91*2d543d20SAndroid Build Coastguard Worker self.writeaboolean or 92*2d543d20SAndroid Build Coastguard Worker self.nodes or 93*2d543d20SAndroid Build Coastguard Worker self.writenode) 94*2d543d20SAndroid Build Coastguard Worker 95*2d543d20SAndroid Build Coastguard Worker def run(self, handle): 96*2d543d20SAndroid Build Coastguard Worker if self.users or self.all: 97*2d543d20SAndroid Build Coastguard Worker self.test_users(handle) 98*2d543d20SAndroid Build Coastguard Worker print("") 99*2d543d20SAndroid Build Coastguard Worker if self.seusers or self.all: 100*2d543d20SAndroid Build Coastguard Worker self.test_seusers(handle) 101*2d543d20SAndroid Build Coastguard Worker print("") 102*2d543d20SAndroid Build Coastguard Worker if self.ports or self.all: 103*2d543d20SAndroid Build Coastguard Worker self.test_ports(handle) 104*2d543d20SAndroid Build Coastguard Worker print("") 105*2d543d20SAndroid Build Coastguard Worker if self.modules or self.all: 106*2d543d20SAndroid Build Coastguard Worker self.test_modules(handle) 107*2d543d20SAndroid Build Coastguard Worker print("") 108*2d543d20SAndroid Build Coastguard Worker if self.fcontexts or self.all: 109*2d543d20SAndroid Build Coastguard Worker self.test_fcontexts(handle) 110*2d543d20SAndroid Build Coastguard Worker print("") 111*2d543d20SAndroid Build Coastguard Worker if self.interfaces or self.all: 112*2d543d20SAndroid Build Coastguard Worker self.test_interfaces(handle) 113*2d543d20SAndroid Build Coastguard Worker print("") 114*2d543d20SAndroid Build Coastguard Worker if self.booleans or self.all: 115*2d543d20SAndroid Build Coastguard Worker self.test_booleans(handle) 116*2d543d20SAndroid Build Coastguard Worker print("") 117*2d543d20SAndroid Build Coastguard Worker if self.abooleans or self.all: 118*2d543d20SAndroid Build Coastguard Worker self.test_abooleans(handle) 119*2d543d20SAndroid Build Coastguard Worker print("") 120*2d543d20SAndroid Build Coastguard Worker if self.nodes or self.all: 121*2d543d20SAndroid Build Coastguard Worker self.test_nodes(handle) 122*2d543d20SAndroid Build Coastguard Worker print("") 123*2d543d20SAndroid Build Coastguard Worker if self.writeuser or self.all: 124*2d543d20SAndroid Build Coastguard Worker self.test_writeuser(handle) 125*2d543d20SAndroid Build Coastguard Worker print("") 126*2d543d20SAndroid Build Coastguard Worker if self.writeseuser or self.all: 127*2d543d20SAndroid Build Coastguard Worker self.test_writeseuser(handle) 128*2d543d20SAndroid Build Coastguard Worker print("") 129*2d543d20SAndroid Build Coastguard Worker if self.writeport or self.all: 130*2d543d20SAndroid Build Coastguard Worker self.test_writeport(handle) 131*2d543d20SAndroid Build Coastguard Worker print("") 132*2d543d20SAndroid Build Coastguard Worker if self.writefcontext or self.all: 133*2d543d20SAndroid Build Coastguard Worker self.test_writefcontext(handle) 134*2d543d20SAndroid Build Coastguard Worker print("") 135*2d543d20SAndroid Build Coastguard Worker if self.writeinterface or self.all: 136*2d543d20SAndroid Build Coastguard Worker self.test_writeinterface(handle) 137*2d543d20SAndroid Build Coastguard Worker print("") 138*2d543d20SAndroid Build Coastguard Worker if self.writeboolean or self.all: 139*2d543d20SAndroid Build Coastguard Worker self.test_writeboolean(handle) 140*2d543d20SAndroid Build Coastguard Worker print("") 141*2d543d20SAndroid Build Coastguard Worker if self.writeaboolean or self.all: 142*2d543d20SAndroid Build Coastguard Worker self.test_writeaboolean(handle) 143*2d543d20SAndroid Build Coastguard Worker print("") 144*2d543d20SAndroid Build Coastguard Worker if self.writenode or self.all: 145*2d543d20SAndroid Build Coastguard Worker self.test_writenode(handle) 146*2d543d20SAndroid Build Coastguard Worker print("") 147*2d543d20SAndroid Build Coastguard Worker 148*2d543d20SAndroid Build Coastguard Worker def test_modules(self, sh): 149*2d543d20SAndroid Build Coastguard Worker print("Testing modules...") 150*2d543d20SAndroid Build Coastguard Worker 151*2d543d20SAndroid Build Coastguard Worker (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh) 152*2d543d20SAndroid Build Coastguard Worker 153*2d543d20SAndroid Build Coastguard Worker print("Transaction number: %s" % trans_cnt) 154*2d543d20SAndroid Build Coastguard Worker print("Module list size: %s" % mlist_size) 155*2d543d20SAndroid Build Coastguard Worker if self.verbose: 156*2d543d20SAndroid Build Coastguard Worker print("List reference: %s" % mlist) 157*2d543d20SAndroid Build Coastguard Worker 158*2d543d20SAndroid Build Coastguard Worker if mlist_size == 0: 159*2d543d20SAndroid Build Coastguard Worker print("No modules installed!") 160*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 161*2d543d20SAndroid Build Coastguard Worker return 162*2d543d20SAndroid Build Coastguard Worker for idx in range(mlist_size): 163*2d543d20SAndroid Build Coastguard Worker module = semanage.semanage_module_list_nth(mlist, idx) 164*2d543d20SAndroid Build Coastguard Worker if self.verbose: 165*2d543d20SAndroid Build Coastguard Worker print("Module reference: %s" % module) 166*2d543d20SAndroid Build Coastguard Worker print("Module name: %s" % semanage.semanage_module_get_name(module)) 167*2d543d20SAndroid Build Coastguard Worker 168*2d543d20SAndroid Build Coastguard Worker def test_seusers(self, sh): 169*2d543d20SAndroid Build Coastguard Worker print("Testing seusers...") 170*2d543d20SAndroid Build Coastguard Worker 171*2d543d20SAndroid Build Coastguard Worker (status, slist) = semanage.semanage_seuser_list(sh) 172*2d543d20SAndroid Build Coastguard Worker if status < 0: 173*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list seusers") 174*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 175*2d543d20SAndroid Build Coastguard Worker 176*2d543d20SAndroid Build Coastguard Worker if len(slist) == 0: 177*2d543d20SAndroid Build Coastguard Worker print("No seusers found!") 178*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 179*2d543d20SAndroid Build Coastguard Worker return 180*2d543d20SAndroid Build Coastguard Worker for seuser in slist: 181*2d543d20SAndroid Build Coastguard Worker if self.verbose: 182*2d543d20SAndroid Build Coastguard Worker print("seseuser reference: %s" % seuser) 183*2d543d20SAndroid Build Coastguard Worker print("seuser name: %s" % semanage.semanage_seuser_get_name(seuser)) 184*2d543d20SAndroid Build Coastguard Worker print(" seuser mls range: %s" % semanage.semanage_seuser_get_mlsrange(seuser)) 185*2d543d20SAndroid Build Coastguard Worker print(" seuser sename: %s" % semanage.semanage_seuser_get_sename(seuser)) 186*2d543d20SAndroid Build Coastguard Worker semanage.semanage_seuser_free(seuser) 187*2d543d20SAndroid Build Coastguard Worker 188*2d543d20SAndroid Build Coastguard Worker def test_users(self, sh): 189*2d543d20SAndroid Build Coastguard Worker print("Testing users...") 190*2d543d20SAndroid Build Coastguard Worker 191*2d543d20SAndroid Build Coastguard Worker (status, ulist) = semanage.semanage_user_list(sh) 192*2d543d20SAndroid Build Coastguard Worker if status < 0: 193*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list users") 194*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 195*2d543d20SAndroid Build Coastguard Worker 196*2d543d20SAndroid Build Coastguard Worker if len(ulist) == 0: 197*2d543d20SAndroid Build Coastguard Worker print("No users found!") 198*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 199*2d543d20SAndroid Build Coastguard Worker return 200*2d543d20SAndroid Build Coastguard Worker for user in ulist: 201*2d543d20SAndroid Build Coastguard Worker if self.verbose: 202*2d543d20SAndroid Build Coastguard Worker print("User reference: %s" % user) 203*2d543d20SAndroid Build Coastguard Worker print("User name: %s" % semanage.semanage_user_get_name(user)) 204*2d543d20SAndroid Build Coastguard Worker print(" User labeling prefix: %s" % semanage.semanage_user_get_prefix(user)) 205*2d543d20SAndroid Build Coastguard Worker print(" User mls level: %s" % semanage.semanage_user_get_mlslevel(user)) 206*2d543d20SAndroid Build Coastguard Worker print(" User mls range: %s" % semanage.semanage_user_get_mlsrange(user)) 207*2d543d20SAndroid Build Coastguard Worker print(" User number of roles: %s" % semanage.semanage_user_get_num_roles(user)) 208*2d543d20SAndroid Build Coastguard Worker print(" User roles: ") 209*2d543d20SAndroid Build Coastguard Worker (status, rlist) = semanage.semanage_user_get_roles(sh, user) 210*2d543d20SAndroid Build Coastguard Worker if status < 0: 211*2d543d20SAndroid Build Coastguard Worker raise Error("Could not get user roles") 212*2d543d20SAndroid Build Coastguard Worker 213*2d543d20SAndroid Build Coastguard Worker for role in rlist: 214*2d543d20SAndroid Build Coastguard Worker print(" %s" % role) 215*2d543d20SAndroid Build Coastguard Worker 216*2d543d20SAndroid Build Coastguard Worker semanage.semanage_user_free(user) 217*2d543d20SAndroid Build Coastguard Worker 218*2d543d20SAndroid Build Coastguard Worker def test_ports(self, sh): 219*2d543d20SAndroid Build Coastguard Worker print("Testing ports...") 220*2d543d20SAndroid Build Coastguard Worker 221*2d543d20SAndroid Build Coastguard Worker (status, plist) = semanage.semanage_port_list(sh) 222*2d543d20SAndroid Build Coastguard Worker if status < 0: 223*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list ports") 224*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 225*2d543d20SAndroid Build Coastguard Worker 226*2d543d20SAndroid Build Coastguard Worker if len(plist) == 0: 227*2d543d20SAndroid Build Coastguard Worker print("No ports found!") 228*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 229*2d543d20SAndroid Build Coastguard Worker return 230*2d543d20SAndroid Build Coastguard Worker for port in plist: 231*2d543d20SAndroid Build Coastguard Worker if self.verbose: 232*2d543d20SAndroid Build Coastguard Worker print("Port reference: %s" % port) 233*2d543d20SAndroid Build Coastguard Worker low = semanage.semanage_port_get_low(port) 234*2d543d20SAndroid Build Coastguard Worker high = semanage.semanage_port_get_high(port) 235*2d543d20SAndroid Build Coastguard Worker con = semanage.semanage_port_get_con(port) 236*2d543d20SAndroid Build Coastguard Worker proto = semanage.semanage_port_get_proto(port) 237*2d543d20SAndroid Build Coastguard Worker proto_str = semanage.semanage_port_get_proto_str(proto) 238*2d543d20SAndroid Build Coastguard Worker if low == high: 239*2d543d20SAndroid Build Coastguard Worker range_str = str(low) 240*2d543d20SAndroid Build Coastguard Worker else: 241*2d543d20SAndroid Build Coastguard Worker range_str = str(low) + "-" + str(high) 242*2d543d20SAndroid Build Coastguard Worker (rc, con_str) = semanage.semanage_context_to_string(sh, con) 243*2d543d20SAndroid Build Coastguard Worker if rc < 0: 244*2d543d20SAndroid Build Coastguard Worker con_str = "" 245*2d543d20SAndroid Build Coastguard Worker print("Port: %s %s Context: %s" % (range_str, proto_str, con_str)) 246*2d543d20SAndroid Build Coastguard Worker semanage.semanage_port_free(port) 247*2d543d20SAndroid Build Coastguard Worker 248*2d543d20SAndroid Build Coastguard Worker def test_fcontexts(self, sh): 249*2d543d20SAndroid Build Coastguard Worker print("Testing file contexts...") 250*2d543d20SAndroid Build Coastguard Worker 251*2d543d20SAndroid Build Coastguard Worker (status, flist) = semanage.semanage_fcontext_list(sh) 252*2d543d20SAndroid Build Coastguard Worker if status < 0: 253*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list file contexts") 254*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 255*2d543d20SAndroid Build Coastguard Worker 256*2d543d20SAndroid Build Coastguard Worker if len(flist) == 0: 257*2d543d20SAndroid Build Coastguard Worker print("No file contexts found!") 258*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 259*2d543d20SAndroid Build Coastguard Worker return 260*2d543d20SAndroid Build Coastguard Worker for fcon in flist: 261*2d543d20SAndroid Build Coastguard Worker if self.verbose: 262*2d543d20SAndroid Build Coastguard Worker print("File Context reference: %s" % fcon) 263*2d543d20SAndroid Build Coastguard Worker expr = semanage.semanage_fcontext_get_expr(fcon) 264*2d543d20SAndroid Build Coastguard Worker type = semanage.semanage_fcontext_get_type(fcon) 265*2d543d20SAndroid Build Coastguard Worker type_str = semanage.semanage_fcontext_get_type_str(type) 266*2d543d20SAndroid Build Coastguard Worker con = semanage.semanage_fcontext_get_con(fcon) 267*2d543d20SAndroid Build Coastguard Worker if not con: 268*2d543d20SAndroid Build Coastguard Worker con_str = "<<none>>" 269*2d543d20SAndroid Build Coastguard Worker else: 270*2d543d20SAndroid Build Coastguard Worker (rc, con_str) = semanage.semanage_context_to_string(sh, con) 271*2d543d20SAndroid Build Coastguard Worker if rc < 0: 272*2d543d20SAndroid Build Coastguard Worker con_str = "" 273*2d543d20SAndroid Build Coastguard Worker print("File Expr: %s [%s] Context: %s" % (expr, type_str, con_str)) 274*2d543d20SAndroid Build Coastguard Worker semanage.semanage_fcontext_free(fcon) 275*2d543d20SAndroid Build Coastguard Worker 276*2d543d20SAndroid Build Coastguard Worker def test_interfaces(self, sh): 277*2d543d20SAndroid Build Coastguard Worker print("Testing network interfaces...") 278*2d543d20SAndroid Build Coastguard Worker 279*2d543d20SAndroid Build Coastguard Worker (status, ilist) = semanage.semanage_iface_list(sh) 280*2d543d20SAndroid Build Coastguard Worker if status < 0: 281*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list interfaces") 282*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 283*2d543d20SAndroid Build Coastguard Worker 284*2d543d20SAndroid Build Coastguard Worker if len(ilist) == 0: 285*2d543d20SAndroid Build Coastguard Worker print("No network interfaces found!") 286*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 287*2d543d20SAndroid Build Coastguard Worker return 288*2d543d20SAndroid Build Coastguard Worker for iface in ilist: 289*2d543d20SAndroid Build Coastguard Worker if self.verbose: 290*2d543d20SAndroid Build Coastguard Worker print("Interface reference: %s" % iface) 291*2d543d20SAndroid Build Coastguard Worker name = semanage.semanage_iface_get_name(iface) 292*2d543d20SAndroid Build Coastguard Worker msg_con = semanage.semanage_iface_get_msgcon(iface) 293*2d543d20SAndroid Build Coastguard Worker if_con = semanage.semanage_iface_get_ifcon(iface) 294*2d543d20SAndroid Build Coastguard Worker (rc, msg_con_str) = semanage.semanage_context_to_string(sh, msg_con) 295*2d543d20SAndroid Build Coastguard Worker if rc < 0: 296*2d543d20SAndroid Build Coastguard Worker msg_con_str = "" 297*2d543d20SAndroid Build Coastguard Worker (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con) 298*2d543d20SAndroid Build Coastguard Worker if rc < 0: 299*2d543d20SAndroid Build Coastguard Worker if_con_str = "" 300*2d543d20SAndroid Build Coastguard Worker print("Interface: %s Context: %s Message Context: %s" % (name, if_con_str, msg_con_str)) 301*2d543d20SAndroid Build Coastguard Worker semanage.semanage_iface_free(iface) 302*2d543d20SAndroid Build Coastguard Worker 303*2d543d20SAndroid Build Coastguard Worker def test_booleans(self, sh): 304*2d543d20SAndroid Build Coastguard Worker print("Testing booleans...") 305*2d543d20SAndroid Build Coastguard Worker 306*2d543d20SAndroid Build Coastguard Worker (status, blist) = semanage.semanage_bool_list(sh) 307*2d543d20SAndroid Build Coastguard Worker if status < 0: 308*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list booleans") 309*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 310*2d543d20SAndroid Build Coastguard Worker 311*2d543d20SAndroid Build Coastguard Worker if len(blist) == 0: 312*2d543d20SAndroid Build Coastguard Worker print("No booleans found!") 313*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 314*2d543d20SAndroid Build Coastguard Worker return 315*2d543d20SAndroid Build Coastguard Worker for pbool in blist: 316*2d543d20SAndroid Build Coastguard Worker if self.verbose: 317*2d543d20SAndroid Build Coastguard Worker print("Boolean reference: %s" % pbool) 318*2d543d20SAndroid Build Coastguard Worker name = semanage.semanage_bool_get_name(pbool) 319*2d543d20SAndroid Build Coastguard Worker value = semanage.semanage_bool_get_value(pbool) 320*2d543d20SAndroid Build Coastguard Worker print("Boolean: %s Value: %s" % (name, value)) 321*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_free(pbool) 322*2d543d20SAndroid Build Coastguard Worker 323*2d543d20SAndroid Build Coastguard Worker def test_abooleans(self, sh): 324*2d543d20SAndroid Build Coastguard Worker print("Testing active booleans...") 325*2d543d20SAndroid Build Coastguard Worker 326*2d543d20SAndroid Build Coastguard Worker (status, ablist) = semanage.semanage_bool_list_active(sh) 327*2d543d20SAndroid Build Coastguard Worker if status < 0: 328*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list active booleans") 329*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 330*2d543d20SAndroid Build Coastguard Worker 331*2d543d20SAndroid Build Coastguard Worker if len(ablist) == 0: 332*2d543d20SAndroid Build Coastguard Worker print("No active booleans found!") 333*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 334*2d543d20SAndroid Build Coastguard Worker return 335*2d543d20SAndroid Build Coastguard Worker for abool in ablist: 336*2d543d20SAndroid Build Coastguard Worker if self.verbose: 337*2d543d20SAndroid Build Coastguard Worker print("Active boolean reference: %s" % abool) 338*2d543d20SAndroid Build Coastguard Worker name = semanage.semanage_bool_get_name(abool) 339*2d543d20SAndroid Build Coastguard Worker value = semanage.semanage_bool_get_value(abool) 340*2d543d20SAndroid Build Coastguard Worker print("Active Boolean: %s Value: %s" % (name, value)) 341*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_free(abool) 342*2d543d20SAndroid Build Coastguard Worker 343*2d543d20SAndroid Build Coastguard Worker def test_nodes(self, sh): 344*2d543d20SAndroid Build Coastguard Worker print("Testing network nodes...") 345*2d543d20SAndroid Build Coastguard Worker 346*2d543d20SAndroid Build Coastguard Worker (status, nlist) = semanage.semanage_node_list(sh) 347*2d543d20SAndroid Build Coastguard Worker if status < 0: 348*2d543d20SAndroid Build Coastguard Worker raise Error("Could not list network nodes") 349*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 350*2d543d20SAndroid Build Coastguard Worker 351*2d543d20SAndroid Build Coastguard Worker if len(nlist) == 0: 352*2d543d20SAndroid Build Coastguard Worker print("No network nodes found!") 353*2d543d20SAndroid Build Coastguard Worker print("This is not necessarily a test failure.") 354*2d543d20SAndroid Build Coastguard Worker return 355*2d543d20SAndroid Build Coastguard Worker for node in nlist: 356*2d543d20SAndroid Build Coastguard Worker if self.verbose: 357*2d543d20SAndroid Build Coastguard Worker print("Network node reference: %s" % node) 358*2d543d20SAndroid Build Coastguard Worker 359*2d543d20SAndroid Build Coastguard Worker (status, addr) = semanage.semanage_node_get_addr(sh, node) 360*2d543d20SAndroid Build Coastguard Worker if status < 0: 361*2d543d20SAndroid Build Coastguard Worker addr = "" 362*2d543d20SAndroid Build Coastguard Worker 363*2d543d20SAndroid Build Coastguard Worker (status, mask) = semanage.semanage_node_get_mask(sh, node) 364*2d543d20SAndroid Build Coastguard Worker if status < 0: 365*2d543d20SAndroid Build Coastguard Worker mask = "" 366*2d543d20SAndroid Build Coastguard Worker 367*2d543d20SAndroid Build Coastguard Worker proto = semanage.semanage_node_get_proto(node) 368*2d543d20SAndroid Build Coastguard Worker proto_str = semanage.semanage_node_get_proto_str(proto) 369*2d543d20SAndroid Build Coastguard Worker con = semanage.semanage_node_get_con(node) 370*2d543d20SAndroid Build Coastguard Worker 371*2d543d20SAndroid Build Coastguard Worker (status, con_str) = semanage.semanage_context_to_string(sh, con) 372*2d543d20SAndroid Build Coastguard Worker if status < 0: 373*2d543d20SAndroid Build Coastguard Worker con_str = "" 374*2d543d20SAndroid Build Coastguard Worker 375*2d543d20SAndroid Build Coastguard Worker print("Network Node: %s/%s (%s) Context: %s" % (addr, mask, proto_str, con_str)) 376*2d543d20SAndroid Build Coastguard Worker semanage.semanage_node_free(node) 377*2d543d20SAndroid Build Coastguard Worker 378*2d543d20SAndroid Build Coastguard Worker def test_writeuser(self, sh): 379*2d543d20SAndroid Build Coastguard Worker print("Testing user write...") 380*2d543d20SAndroid Build Coastguard Worker 381*2d543d20SAndroid Build Coastguard Worker (status, user) = semanage.semanage_user_create(sh) 382*2d543d20SAndroid Build Coastguard Worker if status < 0: 383*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create user object") 384*2d543d20SAndroid Build Coastguard Worker if self.verbose: 385*2d543d20SAndroid Build Coastguard Worker print("User object created") 386*2d543d20SAndroid Build Coastguard Worker 387*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_set_name(sh, user, "testPyUser") 388*2d543d20SAndroid Build Coastguard Worker if status < 0: 389*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set user name") 390*2d543d20SAndroid Build Coastguard Worker if self.verbose: 391*2d543d20SAndroid Build Coastguard Worker print("User name set: %s" % semanage.semanage_user_get_name(user)) 392*2d543d20SAndroid Build Coastguard Worker 393*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_add_role(sh, user, "user_r") 394*2d543d20SAndroid Build Coastguard Worker if status < 0: 395*2d543d20SAndroid Build Coastguard Worker raise Error("Could not add role") 396*2d543d20SAndroid Build Coastguard Worker 397*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_set_prefix(sh, user, "user") 398*2d543d20SAndroid Build Coastguard Worker if status < 0: 399*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set labeling prefix") 400*2d543d20SAndroid Build Coastguard Worker if self.verbose: 401*2d543d20SAndroid Build Coastguard Worker print("User prefix set: %s" % semanage.semanage_user_get_prefix(user)) 402*2d543d20SAndroid Build Coastguard Worker 403*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_set_mlsrange(sh, user, "s0") 404*2d543d20SAndroid Build Coastguard Worker if status < 0: 405*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set MLS range") 406*2d543d20SAndroid Build Coastguard Worker if self.verbose: 407*2d543d20SAndroid Build Coastguard Worker print("User mlsrange: %s" % semanage.semanage_user_get_mlsrange(user)) 408*2d543d20SAndroid Build Coastguard Worker 409*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_set_mlslevel(sh, user, "s0") 410*2d543d20SAndroid Build Coastguard Worker if status < 0: 411*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set MLS level") 412*2d543d20SAndroid Build Coastguard Worker if self.verbose: 413*2d543d20SAndroid Build Coastguard Worker print("User mlslevel: %s" % semanage.semanage_user_get_mlslevel(user)) 414*2d543d20SAndroid Build Coastguard Worker 415*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_user_key_extract(sh, user) 416*2d543d20SAndroid Build Coastguard Worker if status < 0: 417*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract user key") 418*2d543d20SAndroid Build Coastguard Worker if self.verbose: 419*2d543d20SAndroid Build Coastguard Worker print("User key extracted: %s" % key) 420*2d543d20SAndroid Build Coastguard Worker 421*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_user_exists_local(sh, key) 422*2d543d20SAndroid Build Coastguard Worker if status < 0: 423*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if user exists") 424*2d543d20SAndroid Build Coastguard Worker if self.verbose: 425*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 426*2d543d20SAndroid Build Coastguard Worker 427*2d543d20SAndroid Build Coastguard Worker if exists: 428*2d543d20SAndroid Build Coastguard Worker (status, old_user) = semanage.semanage_user_query_local(sh, key) 429*2d543d20SAndroid Build Coastguard Worker if status < 0: 430*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old user") 431*2d543d20SAndroid Build Coastguard Worker if self.verbose: 432*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 433*2d543d20SAndroid Build Coastguard Worker 434*2d543d20SAndroid Build Coastguard Worker print("Starting transaction..") 435*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 436*2d543d20SAndroid Build Coastguard Worker if status < 0: 437*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 438*2d543d20SAndroid Build Coastguard Worker 439*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_modify_local(sh, key, user) 440*2d543d20SAndroid Build Coastguard Worker if status < 0: 441*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify user") 442*2d543d20SAndroid Build Coastguard Worker 443*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 444*2d543d20SAndroid Build Coastguard Worker if status < 0: 445*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 446*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 447*2d543d20SAndroid Build Coastguard Worker 448*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 449*2d543d20SAndroid Build Coastguard Worker if status < 0: 450*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 451*2d543d20SAndroid Build Coastguard Worker 452*2d543d20SAndroid Build Coastguard Worker if not exists: 453*2d543d20SAndroid Build Coastguard Worker print("Removing user...") 454*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_del_local(sh, key) 455*2d543d20SAndroid Build Coastguard Worker if status < 0: 456*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test user") 457*2d543d20SAndroid Build Coastguard Worker if self.verbose: 458*2d543d20SAndroid Build Coastguard Worker print("User delete: %s" % status) 459*2d543d20SAndroid Build Coastguard Worker else: 460*2d543d20SAndroid Build Coastguard Worker print("Resetting user...") 461*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_user_modify_local(sh, key, old_user) 462*2d543d20SAndroid Build Coastguard Worker if status < 0: 463*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test user") 464*2d543d20SAndroid Build Coastguard Worker if self.verbose: 465*2d543d20SAndroid Build Coastguard Worker print("User modify: %s" % status) 466*2d543d20SAndroid Build Coastguard Worker 467*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 468*2d543d20SAndroid Build Coastguard Worker if status < 0: 469*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 470*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 471*2d543d20SAndroid Build Coastguard Worker 472*2d543d20SAndroid Build Coastguard Worker semanage.semanage_user_key_free(key) 473*2d543d20SAndroid Build Coastguard Worker semanage.semanage_user_free(user) 474*2d543d20SAndroid Build Coastguard Worker if exists: 475*2d543d20SAndroid Build Coastguard Worker semanage.semanage_user_free(old_user) 476*2d543d20SAndroid Build Coastguard Worker 477*2d543d20SAndroid Build Coastguard Worker def test_writeseuser(self, sh): 478*2d543d20SAndroid Build Coastguard Worker print("Testing seuser write...") 479*2d543d20SAndroid Build Coastguard Worker 480*2d543d20SAndroid Build Coastguard Worker (status, seuser) = semanage.semanage_seuser_create(sh) 481*2d543d20SAndroid Build Coastguard Worker if status < 0: 482*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEUser object") 483*2d543d20SAndroid Build Coastguard Worker if self.verbose: 484*2d543d20SAndroid Build Coastguard Worker print("SEUser object created.") 485*2d543d20SAndroid Build Coastguard Worker 486*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_seuser_set_name(sh, seuser, "testPySEUser") 487*2d543d20SAndroid Build Coastguard Worker if status < 0: 488*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set name") 489*2d543d20SAndroid Build Coastguard Worker if self.verbose: 490*2d543d20SAndroid Build Coastguard Worker print("SEUser name set: %s" % semanage.semanage_seuser_get_name(seuser)) 491*2d543d20SAndroid Build Coastguard Worker 492*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_seuser_set_sename(sh, seuser, "root") 493*2d543d20SAndroid Build Coastguard Worker if status < 0: 494*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set sename") 495*2d543d20SAndroid Build Coastguard Worker if self.verbose: 496*2d543d20SAndroid Build Coastguard Worker print("SEUser seuser: %s" % semanage.semanage_seuser_get_sename(seuser)) 497*2d543d20SAndroid Build Coastguard Worker 498*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255") 499*2d543d20SAndroid Build Coastguard Worker if status < 0: 500*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set MLS range") 501*2d543d20SAndroid Build Coastguard Worker if self.verbose: 502*2d543d20SAndroid Build Coastguard Worker print("SEUser mlsrange: %s" % semanage.semanage_seuser_get_mlsrange(seuser)) 503*2d543d20SAndroid Build Coastguard Worker 504*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_seuser_key_extract(sh, seuser) 505*2d543d20SAndroid Build Coastguard Worker if status < 0: 506*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract SEUser key") 507*2d543d20SAndroid Build Coastguard Worker if self.verbose: 508*2d543d20SAndroid Build Coastguard Worker print("SEUser key extracted: %s" % key) 509*2d543d20SAndroid Build Coastguard Worker 510*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_seuser_exists_local(sh, key) 511*2d543d20SAndroid Build Coastguard Worker if status < 0: 512*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if SEUser exists") 513*2d543d20SAndroid Build Coastguard Worker if self.verbose: 514*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 515*2d543d20SAndroid Build Coastguard Worker 516*2d543d20SAndroid Build Coastguard Worker if exists: 517*2d543d20SAndroid Build Coastguard Worker (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key) 518*2d543d20SAndroid Build Coastguard Worker if status < 0: 519*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SEUser") 520*2d543d20SAndroid Build Coastguard Worker if self.verbose: 521*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 522*2d543d20SAndroid Build Coastguard Worker 523*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 524*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 525*2d543d20SAndroid Build Coastguard Worker if status < 0: 526*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 527*2d543d20SAndroid Build Coastguard Worker 528*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_seuser_modify_local(sh, key, seuser) 529*2d543d20SAndroid Build Coastguard Worker if status < 0: 530*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SEUser") 531*2d543d20SAndroid Build Coastguard Worker 532*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 533*2d543d20SAndroid Build Coastguard Worker if status < 0: 534*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 535*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 536*2d543d20SAndroid Build Coastguard Worker 537*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 538*2d543d20SAndroid Build Coastguard Worker if status < 0: 539*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 540*2d543d20SAndroid Build Coastguard Worker 541*2d543d20SAndroid Build Coastguard Worker if not exists: 542*2d543d20SAndroid Build Coastguard Worker print("Removing seuser...") 543*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_seuser_del_local(sh, key) 544*2d543d20SAndroid Build Coastguard Worker if status < 0: 545*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test SEUser") 546*2d543d20SAndroid Build Coastguard Worker if self.verbose: 547*2d543d20SAndroid Build Coastguard Worker print("Seuser delete: %s" % status) 548*2d543d20SAndroid Build Coastguard Worker else: 549*2d543d20SAndroid Build Coastguard Worker print("Resetting seuser...") 550*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_seuser_modify_local(sh, key, old_seuser) 551*2d543d20SAndroid Build Coastguard Worker if status < 0: 552*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test SEUser") 553*2d543d20SAndroid Build Coastguard Worker if self.verbose: 554*2d543d20SAndroid Build Coastguard Worker print("Seuser modify: %s" % status) 555*2d543d20SAndroid Build Coastguard Worker 556*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 557*2d543d20SAndroid Build Coastguard Worker if status < 0: 558*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 559*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 560*2d543d20SAndroid Build Coastguard Worker 561*2d543d20SAndroid Build Coastguard Worker semanage.semanage_seuser_key_free(key) 562*2d543d20SAndroid Build Coastguard Worker semanage.semanage_seuser_free(seuser) 563*2d543d20SAndroid Build Coastguard Worker if exists: 564*2d543d20SAndroid Build Coastguard Worker semanage.semanage_seuser_free(old_seuser) 565*2d543d20SAndroid Build Coastguard Worker 566*2d543d20SAndroid Build Coastguard Worker def test_writeport(self, sh): 567*2d543d20SAndroid Build Coastguard Worker print("Testing port write...") 568*2d543d20SAndroid Build Coastguard Worker 569*2d543d20SAndroid Build Coastguard Worker (status, port) = semanage.semanage_port_create(sh) 570*2d543d20SAndroid Build Coastguard Worker if status < 0: 571*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEPort object") 572*2d543d20SAndroid Build Coastguard Worker if self.verbose: 573*2d543d20SAndroid Build Coastguard Worker print("SEPort object created.") 574*2d543d20SAndroid Build Coastguard Worker 575*2d543d20SAndroid Build Coastguard Worker semanage.semanage_port_set_range(port, 150, 200) 576*2d543d20SAndroid Build Coastguard Worker low = semanage.semanage_port_get_low(port) 577*2d543d20SAndroid Build Coastguard Worker high = semanage.semanage_port_get_high(port) 578*2d543d20SAndroid Build Coastguard Worker if self.verbose: 579*2d543d20SAndroid Build Coastguard Worker print("SEPort range set: %s-%s" % (low, high)) 580*2d543d20SAndroid Build Coastguard Worker 581*2d543d20SAndroid Build Coastguard Worker semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP) 582*2d543d20SAndroid Build Coastguard Worker if self.verbose: 583*2d543d20SAndroid Build Coastguard Worker print("SEPort protocol set: %s" % semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP)) 584*2d543d20SAndroid Build Coastguard Worker 585*2d543d20SAndroid Build Coastguard Worker (status, con) = semanage.semanage_context_create(sh) 586*2d543d20SAndroid Build Coastguard Worker if status < 0: 587*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEContext object") 588*2d543d20SAndroid Build Coastguard Worker if self.verbose: 589*2d543d20SAndroid Build Coastguard Worker print("SEContext object created (for port).") 590*2d543d20SAndroid Build Coastguard Worker 591*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_user(sh, con, "system_u") 592*2d543d20SAndroid Build Coastguard Worker if status < 0: 593*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context user") 594*2d543d20SAndroid Build Coastguard Worker if self.verbose: 595*2d543d20SAndroid Build Coastguard Worker print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 596*2d543d20SAndroid Build Coastguard Worker 597*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_role(sh, con, "object_r") 598*2d543d20SAndroid Build Coastguard Worker if status < 0: 599*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context role") 600*2d543d20SAndroid Build Coastguard Worker if self.verbose: 601*2d543d20SAndroid Build Coastguard Worker print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 602*2d543d20SAndroid Build Coastguard Worker 603*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_type(sh, con, "http_port_t") 604*2d543d20SAndroid Build Coastguard Worker if status < 0: 605*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context type") 606*2d543d20SAndroid Build Coastguard Worker if self.verbose: 607*2d543d20SAndroid Build Coastguard Worker print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 608*2d543d20SAndroid Build Coastguard Worker 609*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 610*2d543d20SAndroid Build Coastguard Worker if status < 0: 611*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context MLS fields") 612*2d543d20SAndroid Build Coastguard Worker if self.verbose: 613*2d543d20SAndroid Build Coastguard Worker print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 614*2d543d20SAndroid Build Coastguard Worker 615*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_port_set_con(sh, port, con) 616*2d543d20SAndroid Build Coastguard Worker if status < 0: 617*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SEPort context") 618*2d543d20SAndroid Build Coastguard Worker if self.verbose: 619*2d543d20SAndroid Build Coastguard Worker print("SEPort context set: %s" % con) 620*2d543d20SAndroid Build Coastguard Worker 621*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_port_key_extract(sh, port) 622*2d543d20SAndroid Build Coastguard Worker if status < 0: 623*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract SEPort key") 624*2d543d20SAndroid Build Coastguard Worker if self.verbose: 625*2d543d20SAndroid Build Coastguard Worker print("SEPort key extracted: %s" % key) 626*2d543d20SAndroid Build Coastguard Worker 627*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_port_exists_local(sh, key) 628*2d543d20SAndroid Build Coastguard Worker if status < 0: 629*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if SEPort exists") 630*2d543d20SAndroid Build Coastguard Worker if self.verbose: 631*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 632*2d543d20SAndroid Build Coastguard Worker 633*2d543d20SAndroid Build Coastguard Worker if exists: 634*2d543d20SAndroid Build Coastguard Worker (status, old_port) = semanage.semanage_port_query_local(sh, key) 635*2d543d20SAndroid Build Coastguard Worker if status < 0: 636*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SEPort") 637*2d543d20SAndroid Build Coastguard Worker if self.verbose: 638*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 639*2d543d20SAndroid Build Coastguard Worker 640*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 641*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 642*2d543d20SAndroid Build Coastguard Worker if status < 0: 643*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 644*2d543d20SAndroid Build Coastguard Worker 645*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_port_modify_local(sh, key, port) 646*2d543d20SAndroid Build Coastguard Worker if status < 0: 647*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SEPort") 648*2d543d20SAndroid Build Coastguard Worker 649*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 650*2d543d20SAndroid Build Coastguard Worker if status < 0: 651*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 652*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 653*2d543d20SAndroid Build Coastguard Worker 654*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 655*2d543d20SAndroid Build Coastguard Worker if status < 0: 656*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 657*2d543d20SAndroid Build Coastguard Worker 658*2d543d20SAndroid Build Coastguard Worker if not exists: 659*2d543d20SAndroid Build Coastguard Worker print("Removing port range...") 660*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_port_del_local(sh, key) 661*2d543d20SAndroid Build Coastguard Worker if status < 0: 662*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test SEPort") 663*2d543d20SAndroid Build Coastguard Worker if self.verbose: 664*2d543d20SAndroid Build Coastguard Worker print("Port range delete: %s" % status) 665*2d543d20SAndroid Build Coastguard Worker else: 666*2d543d20SAndroid Build Coastguard Worker print("Resetting port range...") 667*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_port_modify_local(sh, key, old_port) 668*2d543d20SAndroid Build Coastguard Worker if status < 0: 669*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test SEPort") 670*2d543d20SAndroid Build Coastguard Worker if self.verbose: 671*2d543d20SAndroid Build Coastguard Worker print("Port range modify: %s" % status) 672*2d543d20SAndroid Build Coastguard Worker 673*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 674*2d543d20SAndroid Build Coastguard Worker if status < 0: 675*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 676*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 677*2d543d20SAndroid Build Coastguard Worker 678*2d543d20SAndroid Build Coastguard Worker semanage.semanage_context_free(con) 679*2d543d20SAndroid Build Coastguard Worker semanage.semanage_port_key_free(key) 680*2d543d20SAndroid Build Coastguard Worker semanage.semanage_port_free(port) 681*2d543d20SAndroid Build Coastguard Worker if exists: 682*2d543d20SAndroid Build Coastguard Worker semanage.semanage_port_free(old_port) 683*2d543d20SAndroid Build Coastguard Worker 684*2d543d20SAndroid Build Coastguard Worker def test_writefcontext(self, sh): 685*2d543d20SAndroid Build Coastguard Worker print("Testing file context write...") 686*2d543d20SAndroid Build Coastguard Worker 687*2d543d20SAndroid Build Coastguard Worker (status, fcon) = semanage.semanage_fcontext_create(sh) 688*2d543d20SAndroid Build Coastguard Worker if status < 0: 689*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEFcontext object") 690*2d543d20SAndroid Build Coastguard Worker if self.verbose: 691*2d543d20SAndroid Build Coastguard Worker print("SEFcontext object created.") 692*2d543d20SAndroid Build Coastguard Worker 693*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?") 694*2d543d20SAndroid Build Coastguard Worker if status < 0: 695*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set expression") 696*2d543d20SAndroid Build Coastguard Worker if self.verbose: 697*2d543d20SAndroid Build Coastguard Worker print("SEFContext expr set: %s" % semanage.semanage_fcontext_get_expr(fcon)) 698*2d543d20SAndroid Build Coastguard Worker 699*2d543d20SAndroid Build Coastguard Worker semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG) 700*2d543d20SAndroid Build Coastguard Worker if self.verbose: 701*2d543d20SAndroid Build Coastguard Worker ftype = semanage.semanage_fcontext_get_type(fcon) 702*2d543d20SAndroid Build Coastguard Worker print("SEFContext type set: %s" % semanage.semanage_fcontext_get_type_str(ftype)) 703*2d543d20SAndroid Build Coastguard Worker 704*2d543d20SAndroid Build Coastguard Worker (status, con) = semanage.semanage_context_create(sh) 705*2d543d20SAndroid Build Coastguard Worker if status < 0: 706*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEContext object") 707*2d543d20SAndroid Build Coastguard Worker if self.verbose: 708*2d543d20SAndroid Build Coastguard Worker print("SEContext object created (for file context).") 709*2d543d20SAndroid Build Coastguard Worker 710*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_user(sh, con, "system_u") 711*2d543d20SAndroid Build Coastguard Worker if status < 0: 712*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context user") 713*2d543d20SAndroid Build Coastguard Worker if self.verbose: 714*2d543d20SAndroid Build Coastguard Worker print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 715*2d543d20SAndroid Build Coastguard Worker 716*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_role(sh, con, "object_r") 717*2d543d20SAndroid Build Coastguard Worker if status < 0: 718*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context role") 719*2d543d20SAndroid Build Coastguard Worker if self.verbose: 720*2d543d20SAndroid Build Coastguard Worker print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 721*2d543d20SAndroid Build Coastguard Worker 722*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_type(sh, con, "default_t") 723*2d543d20SAndroid Build Coastguard Worker if status < 0: 724*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context type") 725*2d543d20SAndroid Build Coastguard Worker if self.verbose: 726*2d543d20SAndroid Build Coastguard Worker print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 727*2d543d20SAndroid Build Coastguard Worker 728*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 729*2d543d20SAndroid Build Coastguard Worker if status < 0: 730*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context MLS fields") 731*2d543d20SAndroid Build Coastguard Worker if self.verbose: 732*2d543d20SAndroid Build Coastguard Worker print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 733*2d543d20SAndroid Build Coastguard Worker 734*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_fcontext_set_con(sh, fcon, con) 735*2d543d20SAndroid Build Coastguard Worker if status < 0: 736*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SEFcontext context") 737*2d543d20SAndroid Build Coastguard Worker if self.verbose: 738*2d543d20SAndroid Build Coastguard Worker print("SEFcontext context set: %s" % con) 739*2d543d20SAndroid Build Coastguard Worker 740*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_fcontext_key_extract(sh, fcon) 741*2d543d20SAndroid Build Coastguard Worker if status < 0: 742*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract SEFcontext key") 743*2d543d20SAndroid Build Coastguard Worker if self.verbose: 744*2d543d20SAndroid Build Coastguard Worker print("SEFcontext key extracted: %s" % key) 745*2d543d20SAndroid Build Coastguard Worker 746*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_fcontext_exists_local(sh, key) 747*2d543d20SAndroid Build Coastguard Worker if status < 0: 748*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if SEFcontext exists") 749*2d543d20SAndroid Build Coastguard Worker 750*2d543d20SAndroid Build Coastguard Worker if self.verbose: 751*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 752*2d543d20SAndroid Build Coastguard Worker if exists: 753*2d543d20SAndroid Build Coastguard Worker (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key) 754*2d543d20SAndroid Build Coastguard Worker if status < 0: 755*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SEFcontext") 756*2d543d20SAndroid Build Coastguard Worker if self.verbose: 757*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 758*2d543d20SAndroid Build Coastguard Worker 759*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 760*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 761*2d543d20SAndroid Build Coastguard Worker if status < 0: 762*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 763*2d543d20SAndroid Build Coastguard Worker 764*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_fcontext_modify_local(sh, key, fcon) 765*2d543d20SAndroid Build Coastguard Worker if status < 0: 766*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SEFcontext") 767*2d543d20SAndroid Build Coastguard Worker 768*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 769*2d543d20SAndroid Build Coastguard Worker if status < 0: 770*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 771*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 772*2d543d20SAndroid Build Coastguard Worker 773*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 774*2d543d20SAndroid Build Coastguard Worker if status < 0: 775*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 776*2d543d20SAndroid Build Coastguard Worker 777*2d543d20SAndroid Build Coastguard Worker if not exists: 778*2d543d20SAndroid Build Coastguard Worker print("Removing file context...") 779*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_fcontext_del_local(sh, key) 780*2d543d20SAndroid Build Coastguard Worker if status < 0: 781*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test SEFcontext") 782*2d543d20SAndroid Build Coastguard Worker if self.verbose: 783*2d543d20SAndroid Build Coastguard Worker print("File context delete: %s" % status) 784*2d543d20SAndroid Build Coastguard Worker else: 785*2d543d20SAndroid Build Coastguard Worker print("Resetting file context...") 786*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext) 787*2d543d20SAndroid Build Coastguard Worker if status < 0: 788*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test FContext") 789*2d543d20SAndroid Build Coastguard Worker if self.verbose: 790*2d543d20SAndroid Build Coastguard Worker print("File context modify: %s" % status) 791*2d543d20SAndroid Build Coastguard Worker 792*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 793*2d543d20SAndroid Build Coastguard Worker if status < 0: 794*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 795*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 796*2d543d20SAndroid Build Coastguard Worker 797*2d543d20SAndroid Build Coastguard Worker semanage.semanage_context_free(con) 798*2d543d20SAndroid Build Coastguard Worker semanage.semanage_fcontext_key_free(key) 799*2d543d20SAndroid Build Coastguard Worker semanage.semanage_fcontext_free(fcon) 800*2d543d20SAndroid Build Coastguard Worker if exists: 801*2d543d20SAndroid Build Coastguard Worker semanage.semanage_fcontext_free(old_fcontext) 802*2d543d20SAndroid Build Coastguard Worker 803*2d543d20SAndroid Build Coastguard Worker def test_writeinterface(self, sh): 804*2d543d20SAndroid Build Coastguard Worker print("Testing network interface write...") 805*2d543d20SAndroid Build Coastguard Worker 806*2d543d20SAndroid Build Coastguard Worker (status, iface) = semanage.semanage_iface_create(sh) 807*2d543d20SAndroid Build Coastguard Worker if status < 0: 808*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEIface object") 809*2d543d20SAndroid Build Coastguard Worker if self.verbose: 810*2d543d20SAndroid Build Coastguard Worker print("SEIface object created.") 811*2d543d20SAndroid Build Coastguard Worker 812*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_iface_set_name(sh, iface, "test_iface") 813*2d543d20SAndroid Build Coastguard Worker if status < 0: 814*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SEIface name") 815*2d543d20SAndroid Build Coastguard Worker if self.verbose: 816*2d543d20SAndroid Build Coastguard Worker print("SEIface name set: %s" % semanage.semanage_iface_get_name(iface)) 817*2d543d20SAndroid Build Coastguard Worker 818*2d543d20SAndroid Build Coastguard Worker (status, con) = semanage.semanage_context_create(sh) 819*2d543d20SAndroid Build Coastguard Worker if status < 0: 820*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEContext object") 821*2d543d20SAndroid Build Coastguard Worker if self.verbose: 822*2d543d20SAndroid Build Coastguard Worker print("SEContext object created (for network interface)") 823*2d543d20SAndroid Build Coastguard Worker 824*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_user(sh, con, "system_u") 825*2d543d20SAndroid Build Coastguard Worker if status < 0: 826*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set interface context user") 827*2d543d20SAndroid Build Coastguard Worker if self.verbose: 828*2d543d20SAndroid Build Coastguard Worker print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 829*2d543d20SAndroid Build Coastguard Worker 830*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_role(sh, con, "object_r") 831*2d543d20SAndroid Build Coastguard Worker if status < 0: 832*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set interface context role") 833*2d543d20SAndroid Build Coastguard Worker if self.verbose: 834*2d543d20SAndroid Build Coastguard Worker print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 835*2d543d20SAndroid Build Coastguard Worker 836*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_type(sh, con, "default_t") 837*2d543d20SAndroid Build Coastguard Worker if status < 0: 838*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set interface context type") 839*2d543d20SAndroid Build Coastguard Worker if self.verbose: 840*2d543d20SAndroid Build Coastguard Worker print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 841*2d543d20SAndroid Build Coastguard Worker 842*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 843*2d543d20SAndroid Build Coastguard Worker if status < 0: 844*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set interface context MLS fields") 845*2d543d20SAndroid Build Coastguard Worker if self.verbose: 846*2d543d20SAndroid Build Coastguard Worker print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 847*2d543d20SAndroid Build Coastguard Worker 848*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_iface_set_ifcon(sh, iface, con) 849*2d543d20SAndroid Build Coastguard Worker if status < 0: 850*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SEIface interface context") 851*2d543d20SAndroid Build Coastguard Worker if self.verbose: 852*2d543d20SAndroid Build Coastguard Worker print("SEIface interface context set: %s" % con) 853*2d543d20SAndroid Build Coastguard Worker 854*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_iface_set_msgcon(sh, iface, con) 855*2d543d20SAndroid Build Coastguard Worker if status < 0: 856*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SEIface message context") 857*2d543d20SAndroid Build Coastguard Worker if self.verbose: 858*2d543d20SAndroid Build Coastguard Worker print("SEIface message context set: %s" % con) 859*2d543d20SAndroid Build Coastguard Worker 860*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_iface_key_extract(sh, iface) 861*2d543d20SAndroid Build Coastguard Worker if status < 0: 862*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract SEIface key") 863*2d543d20SAndroid Build Coastguard Worker if self.verbose: 864*2d543d20SAndroid Build Coastguard Worker print("SEIface key extracted: %s" % key) 865*2d543d20SAndroid Build Coastguard Worker 866*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_iface_exists_local(sh, key) 867*2d543d20SAndroid Build Coastguard Worker if status < 0: 868*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if SEIface exists") 869*2d543d20SAndroid Build Coastguard Worker if self.verbose: 870*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 871*2d543d20SAndroid Build Coastguard Worker 872*2d543d20SAndroid Build Coastguard Worker if exists: 873*2d543d20SAndroid Build Coastguard Worker (status, old_iface) = semanage.semanage_iface_query_local(sh, key) 874*2d543d20SAndroid Build Coastguard Worker if status < 0: 875*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SEIface") 876*2d543d20SAndroid Build Coastguard Worker if self.verbose: 877*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 878*2d543d20SAndroid Build Coastguard Worker 879*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 880*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 881*2d543d20SAndroid Build Coastguard Worker if status < 0: 882*2d543d20SAndroid Build Coastguard Worker raise Error("Could not begin semanage transaction") 883*2d543d20SAndroid Build Coastguard Worker 884*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_iface_modify_local(sh, key, iface) 885*2d543d20SAndroid Build Coastguard Worker if status < 0: 886*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SEIface") 887*2d543d20SAndroid Build Coastguard Worker 888*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 889*2d543d20SAndroid Build Coastguard Worker if status < 0: 890*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 891*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 892*2d543d20SAndroid Build Coastguard Worker 893*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 894*2d543d20SAndroid Build Coastguard Worker if status < 0: 895*2d543d20SAndroid Build Coastguard Worker raise Error("Could not begin semanage transaction") 896*2d543d20SAndroid Build Coastguard Worker 897*2d543d20SAndroid Build Coastguard Worker if not exists: 898*2d543d20SAndroid Build Coastguard Worker print("Removing interface...") 899*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_iface_del_local(sh, key) 900*2d543d20SAndroid Build Coastguard Worker if status < 0: 901*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test SEIface") 902*2d543d20SAndroid Build Coastguard Worker if self.verbose: 903*2d543d20SAndroid Build Coastguard Worker print("Interface delete: %s" % status) 904*2d543d20SAndroid Build Coastguard Worker else: 905*2d543d20SAndroid Build Coastguard Worker print("Resetting interface...") 906*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_iface_modify_local(sh, key, old_iface) 907*2d543d20SAndroid Build Coastguard Worker if status < 0: 908*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test SEIface") 909*2d543d20SAndroid Build Coastguard Worker if self.verbose: 910*2d543d20SAndroid Build Coastguard Worker print("Interface modify: %s" % status) 911*2d543d20SAndroid Build Coastguard Worker 912*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 913*2d543d20SAndroid Build Coastguard Worker if status < 0: 914*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 915*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 916*2d543d20SAndroid Build Coastguard Worker 917*2d543d20SAndroid Build Coastguard Worker semanage.semanage_context_free(con) 918*2d543d20SAndroid Build Coastguard Worker semanage.semanage_iface_key_free(key) 919*2d543d20SAndroid Build Coastguard Worker semanage.semanage_iface_free(iface) 920*2d543d20SAndroid Build Coastguard Worker if exists: 921*2d543d20SAndroid Build Coastguard Worker semanage.semanage_iface_free(old_iface) 922*2d543d20SAndroid Build Coastguard Worker 923*2d543d20SAndroid Build Coastguard Worker def test_writeboolean(self, sh): 924*2d543d20SAndroid Build Coastguard Worker print("Testing boolean write...") 925*2d543d20SAndroid Build Coastguard Worker 926*2d543d20SAndroid Build Coastguard Worker (status, pbool) = semanage.semanage_bool_create(sh) 927*2d543d20SAndroid Build Coastguard Worker if status < 0: 928*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEBool object") 929*2d543d20SAndroid Build Coastguard Worker if self.verbose: 930*2d543d20SAndroid Build Coastguard Worker print("SEBool object created.") 931*2d543d20SAndroid Build Coastguard Worker 932*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem") 933*2d543d20SAndroid Build Coastguard Worker if status < 0: 934*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set name") 935*2d543d20SAndroid Build Coastguard Worker if self.verbose: 936*2d543d20SAndroid Build Coastguard Worker print("SEBool name set: %s" % semanage.semanage_bool_get_name(pbool)) 937*2d543d20SAndroid Build Coastguard Worker 938*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_set_value(pbool, 0) 939*2d543d20SAndroid Build Coastguard Worker if self.verbose: 940*2d543d20SAndroid Build Coastguard Worker print("SEbool value set: %s" % semanage.semanage_bool_get_value(pbool)) 941*2d543d20SAndroid Build Coastguard Worker 942*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_bool_key_extract(sh, pbool) 943*2d543d20SAndroid Build Coastguard Worker if status < 0: 944*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract SEBool key") 945*2d543d20SAndroid Build Coastguard Worker if self.verbose: 946*2d543d20SAndroid Build Coastguard Worker print("SEBool key extracted: %s" % key) 947*2d543d20SAndroid Build Coastguard Worker 948*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_bool_exists_local(sh, key) 949*2d543d20SAndroid Build Coastguard Worker if status < 0: 950*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if SEBool exists") 951*2d543d20SAndroid Build Coastguard Worker if self.verbose: 952*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 953*2d543d20SAndroid Build Coastguard Worker 954*2d543d20SAndroid Build Coastguard Worker if exists: 955*2d543d20SAndroid Build Coastguard Worker (status, old_bool) = semanage.semanage_bool_query_local(sh, key) 956*2d543d20SAndroid Build Coastguard Worker if status < 0: 957*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SEBool") 958*2d543d20SAndroid Build Coastguard Worker if self.verbose: 959*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 960*2d543d20SAndroid Build Coastguard Worker 961*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 962*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 963*2d543d20SAndroid Build Coastguard Worker if status < 0: 964*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 965*2d543d20SAndroid Build Coastguard Worker 966*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_modify_local(sh, key, pbool) 967*2d543d20SAndroid Build Coastguard Worker 968*2d543d20SAndroid Build Coastguard Worker if status < 0: 969*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SEBool") 970*2d543d20SAndroid Build Coastguard Worker 971*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 972*2d543d20SAndroid Build Coastguard Worker if status < 0: 973*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 974*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 975*2d543d20SAndroid Build Coastguard Worker 976*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 977*2d543d20SAndroid Build Coastguard Worker if status < 0: 978*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 979*2d543d20SAndroid Build Coastguard Worker 980*2d543d20SAndroid Build Coastguard Worker if not exists: 981*2d543d20SAndroid Build Coastguard Worker print("Removing boolean...") 982*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_del_local(sh, key) 983*2d543d20SAndroid Build Coastguard Worker if status < 0: 984*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test SEBool") 985*2d543d20SAndroid Build Coastguard Worker if self.verbose: 986*2d543d20SAndroid Build Coastguard Worker print("Boolean delete: %s" % status) 987*2d543d20SAndroid Build Coastguard Worker else: 988*2d543d20SAndroid Build Coastguard Worker print("Resetting boolean...") 989*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_modify_local(sh, key, old_bool) 990*2d543d20SAndroid Build Coastguard Worker if status < 0: 991*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test SEBool") 992*2d543d20SAndroid Build Coastguard Worker if self.verbose: 993*2d543d20SAndroid Build Coastguard Worker print("Boolean modify: %s" % status) 994*2d543d20SAndroid Build Coastguard Worker 995*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 996*2d543d20SAndroid Build Coastguard Worker if status < 0: 997*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 998*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 999*2d543d20SAndroid Build Coastguard Worker 1000*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_key_free(key) 1001*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_free(pbool) 1002*2d543d20SAndroid Build Coastguard Worker if exists: 1003*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_free(old_bool) 1004*2d543d20SAndroid Build Coastguard Worker 1005*2d543d20SAndroid Build Coastguard Worker def test_writeaboolean(self, sh): 1006*2d543d20SAndroid Build Coastguard Worker print("Testing active boolean write...") 1007*2d543d20SAndroid Build Coastguard Worker 1008*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem") 1009*2d543d20SAndroid Build Coastguard Worker if status < 0: 1010*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEBool key") 1011*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1012*2d543d20SAndroid Build Coastguard Worker print("SEBool key created: %s" % key) 1013*2d543d20SAndroid Build Coastguard Worker 1014*2d543d20SAndroid Build Coastguard Worker (status, old_bool) = semanage.semanage_bool_query_active(sh, key) 1015*2d543d20SAndroid Build Coastguard Worker if status < 0: 1016*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SEBool") 1017*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1018*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 1019*2d543d20SAndroid Build Coastguard Worker 1020*2d543d20SAndroid Build Coastguard Worker (status, abool) = semanage.semanage_bool_create(sh) 1021*2d543d20SAndroid Build Coastguard Worker if status < 0: 1022*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEBool object") 1023*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1024*2d543d20SAndroid Build Coastguard Worker print("SEBool object created.") 1025*2d543d20SAndroid Build Coastguard Worker 1026*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem") 1027*2d543d20SAndroid Build Coastguard Worker if status < 0: 1028*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set name") 1029*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1030*2d543d20SAndroid Build Coastguard Worker print("SEBool name set: %s" % semanage.semanage_bool_get_name(abool)) 1031*2d543d20SAndroid Build Coastguard Worker 1032*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_set_value(abool, 0) 1033*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1034*2d543d20SAndroid Build Coastguard Worker print("SEbool value set: %s" % semanage.semanage_bool_get_value(abool)) 1035*2d543d20SAndroid Build Coastguard Worker 1036*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 1037*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 1038*2d543d20SAndroid Build Coastguard Worker if status < 0: 1039*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 1040*2d543d20SAndroid Build Coastguard Worker 1041*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_set_active(sh, key, abool) 1042*2d543d20SAndroid Build Coastguard Worker if status < 0: 1043*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SEBool") 1044*2d543d20SAndroid Build Coastguard Worker 1045*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 1046*2d543d20SAndroid Build Coastguard Worker if status < 0: 1047*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 1048*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 1049*2d543d20SAndroid Build Coastguard Worker 1050*2d543d20SAndroid Build Coastguard Worker print("Resetting old active boolean...") 1051*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 1052*2d543d20SAndroid Build Coastguard Worker if status < 0: 1053*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 1054*2d543d20SAndroid Build Coastguard Worker 1055*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_bool_set_active(sh, key, old_bool) 1056*2d543d20SAndroid Build Coastguard Worker if status < 0: 1057*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test SEBool") 1058*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1059*2d543d20SAndroid Build Coastguard Worker print("SEBool active reset: %s" % status) 1060*2d543d20SAndroid Build Coastguard Worker 1061*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 1062*2d543d20SAndroid Build Coastguard Worker if status < 0: 1063*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 1064*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 1065*2d543d20SAndroid Build Coastguard Worker 1066*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_key_free(key) 1067*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_free(abool) 1068*2d543d20SAndroid Build Coastguard Worker semanage.semanage_bool_free(old_bool) 1069*2d543d20SAndroid Build Coastguard Worker 1070*2d543d20SAndroid Build Coastguard Worker def test_writenode(self, sh): 1071*2d543d20SAndroid Build Coastguard Worker print("Testing network node write...") 1072*2d543d20SAndroid Build Coastguard Worker 1073*2d543d20SAndroid Build Coastguard Worker (status, node) = semanage.semanage_node_create(sh) 1074*2d543d20SAndroid Build Coastguard Worker if status < 0: 1075*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SENode object") 1076*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1077*2d543d20SAndroid Build Coastguard Worker print("SENode object created.") 1078*2d543d20SAndroid Build Coastguard Worker 1079*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb") 1080*2d543d20SAndroid Build Coastguard Worker if status < 0: 1081*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SENode address") 1082*2d543d20SAndroid Build Coastguard Worker 1083*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000") 1084*2d543d20SAndroid Build Coastguard Worker if status < 0: 1085*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SENode netmask") 1086*2d543d20SAndroid Build Coastguard Worker 1087*2d543d20SAndroid Build Coastguard Worker semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6) 1088*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1089*2d543d20SAndroid Build Coastguard Worker print("SENode protocol set: %s" % semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6)) 1090*2d543d20SAndroid Build Coastguard Worker 1091*2d543d20SAndroid Build Coastguard Worker (status, con) = semanage.semanage_context_create(sh) 1092*2d543d20SAndroid Build Coastguard Worker if status < 0: 1093*2d543d20SAndroid Build Coastguard Worker raise Error("Could not create SEContext object") 1094*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1095*2d543d20SAndroid Build Coastguard Worker print("SEContext object created (for node).") 1096*2d543d20SAndroid Build Coastguard Worker 1097*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_user(sh, con, "system_u") 1098*2d543d20SAndroid Build Coastguard Worker if status < 0: 1099*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context user") 1100*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1101*2d543d20SAndroid Build Coastguard Worker print("SEContext user: %s" % semanage.semanage_context_get_user(con)) 1102*2d543d20SAndroid Build Coastguard Worker 1103*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_role(sh, con, "object_r") 1104*2d543d20SAndroid Build Coastguard Worker if status < 0: 1105*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context role") 1106*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1107*2d543d20SAndroid Build Coastguard Worker print("SEContext role: %s" % semanage.semanage_context_get_role(con)) 1108*2d543d20SAndroid Build Coastguard Worker 1109*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_type(sh, con, "lo_node_t") 1110*2d543d20SAndroid Build Coastguard Worker if status < 0: 1111*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context type") 1112*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1113*2d543d20SAndroid Build Coastguard Worker print("SEContext type: %s" % semanage.semanage_context_get_type(con)) 1114*2d543d20SAndroid Build Coastguard Worker 1115*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255") 1116*2d543d20SAndroid Build Coastguard Worker if status < 0: 1117*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set context MLS fields") 1118*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1119*2d543d20SAndroid Build Coastguard Worker print("SEContext mls: %s" % semanage.semanage_context_get_mls(con)) 1120*2d543d20SAndroid Build Coastguard Worker 1121*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_node_set_con(sh, node, con) 1122*2d543d20SAndroid Build Coastguard Worker if status < 0: 1123*2d543d20SAndroid Build Coastguard Worker raise Error("Could not set SENode context") 1124*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1125*2d543d20SAndroid Build Coastguard Worker print("SENode context set: %s" % con) 1126*2d543d20SAndroid Build Coastguard Worker 1127*2d543d20SAndroid Build Coastguard Worker (status, key) = semanage.semanage_node_key_extract(sh, node) 1128*2d543d20SAndroid Build Coastguard Worker if status < 0: 1129*2d543d20SAndroid Build Coastguard Worker raise Error("Could not extract SENode key") 1130*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1131*2d543d20SAndroid Build Coastguard Worker print("SENode key extracted: %s" % key) 1132*2d543d20SAndroid Build Coastguard Worker 1133*2d543d20SAndroid Build Coastguard Worker (status, exists) = semanage.semanage_node_exists_local(sh, key) 1134*2d543d20SAndroid Build Coastguard Worker if status < 0: 1135*2d543d20SAndroid Build Coastguard Worker raise Error("Could not check if SENode exists") 1136*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1137*2d543d20SAndroid Build Coastguard Worker print("Exists status (commit number): %s" % status) 1138*2d543d20SAndroid Build Coastguard Worker 1139*2d543d20SAndroid Build Coastguard Worker if exists: 1140*2d543d20SAndroid Build Coastguard Worker (status, old_node) = semanage.semanage_node_query_local(sh, key) 1141*2d543d20SAndroid Build Coastguard Worker if status < 0: 1142*2d543d20SAndroid Build Coastguard Worker raise Error("Could not query old SENode") 1143*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1144*2d543d20SAndroid Build Coastguard Worker print("Query status (commit number): %s" % status) 1145*2d543d20SAndroid Build Coastguard Worker 1146*2d543d20SAndroid Build Coastguard Worker print("Starting transaction...") 1147*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 1148*2d543d20SAndroid Build Coastguard Worker if status < 0: 1149*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 1150*2d543d20SAndroid Build Coastguard Worker 1151*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_node_modify_local(sh, key, node) 1152*2d543d20SAndroid Build Coastguard Worker if status < 0: 1153*2d543d20SAndroid Build Coastguard Worker raise Error("Could not modify SENode") 1154*2d543d20SAndroid Build Coastguard Worker 1155*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 1156*2d543d20SAndroid Build Coastguard Worker if status < 0: 1157*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit test transaction") 1158*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 1159*2d543d20SAndroid Build Coastguard Worker 1160*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_begin_transaction(sh) 1161*2d543d20SAndroid Build Coastguard Worker if status < 0: 1162*2d543d20SAndroid Build Coastguard Worker raise Error("Could not start semanage transaction") 1163*2d543d20SAndroid Build Coastguard Worker 1164*2d543d20SAndroid Build Coastguard Worker if not exists: 1165*2d543d20SAndroid Build Coastguard Worker print("Removing network node...") 1166*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_node_del_local(sh, key) 1167*2d543d20SAndroid Build Coastguard Worker if status < 0: 1168*2d543d20SAndroid Build Coastguard Worker raise Error("Could not delete test SENode") 1169*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1170*2d543d20SAndroid Build Coastguard Worker print("Network node delete: %s" % status) 1171*2d543d20SAndroid Build Coastguard Worker else: 1172*2d543d20SAndroid Build Coastguard Worker print("Resetting network node...") 1173*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_node_modify_local(sh, key, old_node) 1174*2d543d20SAndroid Build Coastguard Worker if status < 0: 1175*2d543d20SAndroid Build Coastguard Worker raise Error("Could not reset test SENode") 1176*2d543d20SAndroid Build Coastguard Worker if self.verbose: 1177*2d543d20SAndroid Build Coastguard Worker print("Network node modify: %s" % status) 1178*2d543d20SAndroid Build Coastguard Worker 1179*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_commit(sh) 1180*2d543d20SAndroid Build Coastguard Worker if status < 0: 1181*2d543d20SAndroid Build Coastguard Worker raise Error("Could not commit reset transaction") 1182*2d543d20SAndroid Build Coastguard Worker print("Commit status (transaction number): %s" % status) 1183*2d543d20SAndroid Build Coastguard Worker 1184*2d543d20SAndroid Build Coastguard Worker semanage.semanage_context_free(con) 1185*2d543d20SAndroid Build Coastguard Worker semanage.semanage_node_key_free(key) 1186*2d543d20SAndroid Build Coastguard Worker semanage.semanage_node_free(node) 1187*2d543d20SAndroid Build Coastguard Worker if exists: 1188*2d543d20SAndroid Build Coastguard Worker semanage.semanage_node_free(old_node) 1189*2d543d20SAndroid Build Coastguard Worker 1190*2d543d20SAndroid Build Coastguard Worker 1191*2d543d20SAndroid Build Coastguard Workerdef main(argv=None): 1192*2d543d20SAndroid Build Coastguard Worker if argv is None: 1193*2d543d20SAndroid Build Coastguard Worker argv = sys.argv 1194*2d543d20SAndroid Build Coastguard Worker try: 1195*2d543d20SAndroid Build Coastguard Worker try: 1196*2d543d20SAndroid Build Coastguard Worker opts, args = getopt.getopt( 1197*2d543d20SAndroid Build Coastguard Worker argv[1:], "hvmuspfibcUSPFIBCanN", 1198*2d543d20SAndroid Build Coastguard Worker [ 1199*2d543d20SAndroid Build Coastguard Worker "help", 1200*2d543d20SAndroid Build Coastguard Worker "verbose", 1201*2d543d20SAndroid Build Coastguard Worker "modules", 1202*2d543d20SAndroid Build Coastguard Worker "users", 1203*2d543d20SAndroid Build Coastguard Worker "seusers", 1204*2d543d20SAndroid Build Coastguard Worker "ports", 1205*2d543d20SAndroid Build Coastguard Worker "file contexts", 1206*2d543d20SAndroid Build Coastguard Worker "network interfaces", 1207*2d543d20SAndroid Build Coastguard Worker "booleans", 1208*2d543d20SAndroid Build Coastguard Worker "active booleans", 1209*2d543d20SAndroid Build Coastguard Worker "network nodes", 1210*2d543d20SAndroid Build Coastguard Worker "writeuser", 1211*2d543d20SAndroid Build Coastguard Worker "writeseuser", 1212*2d543d20SAndroid Build Coastguard Worker "writeport", 1213*2d543d20SAndroid Build Coastguard Worker "writefcontext", 1214*2d543d20SAndroid Build Coastguard Worker "writeinterface", 1215*2d543d20SAndroid Build Coastguard Worker "writeboolean", 1216*2d543d20SAndroid Build Coastguard Worker "writeaboolean", 1217*2d543d20SAndroid Build Coastguard Worker "writenode", 1218*2d543d20SAndroid Build Coastguard Worker "all", 1219*2d543d20SAndroid Build Coastguard Worker ]) 1220*2d543d20SAndroid Build Coastguard Worker tests = Tests() 1221*2d543d20SAndroid Build Coastguard Worker for o, a in opts: 1222*2d543d20SAndroid Build Coastguard Worker if o == "-v": 1223*2d543d20SAndroid Build Coastguard Worker tests.verbose = True 1224*2d543d20SAndroid Build Coastguard Worker print("Verbose output selected.") 1225*2d543d20SAndroid Build Coastguard Worker if o == "-a": 1226*2d543d20SAndroid Build Coastguard Worker tests.all = True 1227*2d543d20SAndroid Build Coastguard Worker if o == "-u": 1228*2d543d20SAndroid Build Coastguard Worker tests.users = True 1229*2d543d20SAndroid Build Coastguard Worker if o == "-U": 1230*2d543d20SAndroid Build Coastguard Worker tests.writeuser = True 1231*2d543d20SAndroid Build Coastguard Worker if o == "-s": 1232*2d543d20SAndroid Build Coastguard Worker tests.seusers = True 1233*2d543d20SAndroid Build Coastguard Worker if o == "-S": 1234*2d543d20SAndroid Build Coastguard Worker tests.writeseuser = True 1235*2d543d20SAndroid Build Coastguard Worker if o == "-p": 1236*2d543d20SAndroid Build Coastguard Worker tests.ports = True 1237*2d543d20SAndroid Build Coastguard Worker if o == "-P": 1238*2d543d20SAndroid Build Coastguard Worker tests.writeport = True 1239*2d543d20SAndroid Build Coastguard Worker if o == "-f": 1240*2d543d20SAndroid Build Coastguard Worker tests.fcontexts = True 1241*2d543d20SAndroid Build Coastguard Worker if o == "-F": 1242*2d543d20SAndroid Build Coastguard Worker tests.writefcontext = True 1243*2d543d20SAndroid Build Coastguard Worker if o == "-i": 1244*2d543d20SAndroid Build Coastguard Worker tests.interfaces = True 1245*2d543d20SAndroid Build Coastguard Worker if o == "-I": 1246*2d543d20SAndroid Build Coastguard Worker tests.writeinterface = True 1247*2d543d20SAndroid Build Coastguard Worker if o == "-b": 1248*2d543d20SAndroid Build Coastguard Worker tests.booleans = True 1249*2d543d20SAndroid Build Coastguard Worker if o == "-B": 1250*2d543d20SAndroid Build Coastguard Worker tests.writeboolean = True 1251*2d543d20SAndroid Build Coastguard Worker if o == "-c": 1252*2d543d20SAndroid Build Coastguard Worker tests.abooleans = True 1253*2d543d20SAndroid Build Coastguard Worker if o == "-C": 1254*2d543d20SAndroid Build Coastguard Worker tests.writeaboolean = True 1255*2d543d20SAndroid Build Coastguard Worker if o == "-n": 1256*2d543d20SAndroid Build Coastguard Worker tests.nodes = True 1257*2d543d20SAndroid Build Coastguard Worker if o == "-N": 1258*2d543d20SAndroid Build Coastguard Worker tests.writenode = True 1259*2d543d20SAndroid Build Coastguard Worker if o == "-m": 1260*2d543d20SAndroid Build Coastguard Worker tests.modules = True 1261*2d543d20SAndroid Build Coastguard Worker if o == "-h": 1262*2d543d20SAndroid Build Coastguard Worker raise Usage(usage) 1263*2d543d20SAndroid Build Coastguard Worker 1264*2d543d20SAndroid Build Coastguard Worker if not tests.selected(): 1265*2d543d20SAndroid Build Coastguard Worker raise Usage("Please select a valid test.") 1266*2d543d20SAndroid Build Coastguard Worker 1267*2d543d20SAndroid Build Coastguard Worker except getopt.error as msg: 1268*2d543d20SAndroid Build Coastguard Worker raise Usage(msg) 1269*2d543d20SAndroid Build Coastguard Worker 1270*2d543d20SAndroid Build Coastguard Worker sh = semanage.semanage_handle_create() 1271*2d543d20SAndroid Build Coastguard Worker 1272*2d543d20SAndroid Build Coastguard Worker if semanage.semanage_is_managed(sh) != 1: 1273*2d543d20SAndroid Build Coastguard Worker raise Status("Unmanaged!") 1274*2d543d20SAndroid Build Coastguard Worker 1275*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_connect(sh) 1276*2d543d20SAndroid Build Coastguard Worker if status < 0: 1277*2d543d20SAndroid Build Coastguard Worker raise Error("Could not establish semanage connection") 1278*2d543d20SAndroid Build Coastguard Worker 1279*2d543d20SAndroid Build Coastguard Worker tests.run(sh) 1280*2d543d20SAndroid Build Coastguard Worker 1281*2d543d20SAndroid Build Coastguard Worker status = semanage.semanage_disconnect(sh) 1282*2d543d20SAndroid Build Coastguard Worker if status < 0: 1283*2d543d20SAndroid Build Coastguard Worker raise Error("Could not disconnect") 1284*2d543d20SAndroid Build Coastguard Worker 1285*2d543d20SAndroid Build Coastguard Worker semanage.semanage_handle_destroy(sh) 1286*2d543d20SAndroid Build Coastguard Worker 1287*2d543d20SAndroid Build Coastguard Worker except Usage as err: 1288*2d543d20SAndroid Build Coastguard Worker print(err.msg, file=sys.stderr) 1289*2d543d20SAndroid Build Coastguard Worker except Status as err: 1290*2d543d20SAndroid Build Coastguard Worker print(err.msg, file=sys.stderr) 1291*2d543d20SAndroid Build Coastguard Worker except Error as err: 1292*2d543d20SAndroid Build Coastguard Worker print(err.msg, file=sys.stderr) 1293*2d543d20SAndroid Build Coastguard Worker 1294*2d543d20SAndroid Build Coastguard Worker return 2 1295*2d543d20SAndroid Build Coastguard Worker 1296*2d543d20SAndroid Build Coastguard Worker 1297*2d543d20SAndroid Build Coastguard Workerif __name__ == "__main__": 1298*2d543d20SAndroid Build Coastguard Worker sys.exit(main()) 1299