RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-29 14:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

adding a --all switch to seinfo

Browse Source 
There are 3 major changes in this commit:

1/ Setting the default values to None instead of "". Indeed, when --all is
   passed to the command line, default values are set to "" making the
   'if insinstance(xxx, str)' being True, and thus the script takes the wrong
   branch.
2/ if/elif/else have been replaced by if/else structure, to enable selection of
   multiple switches. Selected component queries are stacked and displayed at
   the end
3/ like the original seinfo, we append some descriptions string (info: count +
   indented results) to the output
This commit is contained in:
Fernand Lone-Sang 2015-02-04 10:01:09 +01:00
parent 2418619e2a
commit 3b324d7f5e
1 changed files with 56 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
seinfo
View File

@ -31,95 +31,106 @@ parser.add_argument(
queries = parser.add_argument_group("Component Queries") queries = parser.add_argument_group("Component Queries")
queries.add_argument("-c", "--class", help="Print object classes.", queries.add_argument("-c", "--class", help="Print object classes.",
dest="classquery", default="", nargs='?', const=True, metavar="CLASS") dest="classquery", default=None, nargs='?', const=True, metavar="CLASS")
queries.add_argument("-t", "--type", help="Print types.", queries.add_argument("-t", "--type", help="Print types.",
dest="typequery", default="", nargs='?', const=True, metavar="TYPE") dest="typequery", default=None, nargs='?', const=True, metavar="TYPE")
queries.add_argument("-a", "--attribute", help="Print type attributes.", queries.add_argument("-a", "--attribute", help="Print type attributes.",
dest="attrquery", default="", nargs='?', const=True, metavar="ATTR") dest="attrquery", default=None, nargs='?', const=True, metavar="ATTR")
queries.add_argument("-r", "--role", help="Print roles.", queries.add_argument("-r", "--role", help="Print roles.",
dest="rolequery", default="", nargs='?', const=True, metavar="ROLE") dest="rolequery", default=None, nargs='?', const=True, metavar="ROLE")
queries.add_argument("-u", "--user", help="Print users.", queries.add_argument("-u", "--user", help="Print users.",
dest="userquery", default="", nargs='?', const=True, metavar="USER") dest="userquery", default=None, nargs='?', const=True, metavar="USER")
queries.add_argument("-b", "--bool", help="Print Booleans.", queries.add_argument("-b", "--bool", help="Print Booleans.",
dest="boolquery", default="", nargs='?', const=True, metavar="BOOL") dest="boolquery", default=None, nargs='?', const=True, metavar="BOOL")
queries.add_argument("--sensitivity", help="Print MLS sensitivities.", queries.add_argument("--sensitivity", help="Print MLS sensitivities.",
dest="mlssensquery", default="", nargs='?', const=True, metavar="SENS") dest="mlssensquery", default=None, nargs='?', const=True, metavar="SENS")
queries.add_argument("--category", help="Print MLS categories.", queries.add_argument("--category", help="Print MLS categories.",
dest="mlscatsquery", default="", nargs='?', const=True, metavar="CAT") dest="mlscatsquery", default=None, nargs='?', const=True, metavar="CAT")
queries.add_argument("--constrain", help="Print constraints.", queries.add_argument("--constrain", help="Print constraints.",
dest="constraintquery", default="", nargs='?', const=True, metavar="CLASS") dest="constraintquery", default=None, nargs='?', const=True, metavar="CLASS")
queries.add_argument("--initialsid", help="Print initial SIDs (contexts).", queries.add_argument("--initialsid", help="Print initial SIDs (contexts).",
dest="initialsidquery", default="", nargs='?', const=True, metavar="NAME") dest="initialsidquery", default=None, nargs='?', const=True, metavar="NAME")
queries.add_argument("--fs_use", help="Print fs_use statements.", queries.add_argument("--fs_use", help="Print fs_use statements.",
dest="fsusequery", default="", nargs='?', const=True, metavar="FS_TYPE") dest="fsusequery", default=None, nargs='?', const=True, metavar="FS_TYPE")
queries.add_argument("--genfscon", help="Print genfscon statements.", queries.add_argument("--genfscon", help="Print genfscon statements.",
dest="genfsconquery", default="", nargs='?', const=True, metavar="FS_TYPE") dest="genfsconquery", default=None, nargs='?', const=True, metavar="FS_TYPE")
queries.add_argument("--netifcon", help="Print netifcon statements.", queries.add_argument("--netifcon", help="Print netifcon statements.",
dest="netifconquery", default="", nargs='?', const=True, metavar="DEVICE") dest="netifconquery", default=None, nargs='?', const=True, metavar="DEVICE")
queries.add_argument("--nodecon", help="Print nodecon statements.", queries.add_argument("--nodecon", help="Print nodecon statements.",
dest="nodeconquery", default="", nargs='?', const=True, metavar="ADDR") dest="nodeconquery", default=None, nargs='?', const=True, metavar="ADDR")
queries.add_argument("--portcon", help="Print portcon statements.", queries.add_argument("--portcon", help="Print portcon statements.",
dest="portconquery", default="", nargs='?', const=True, metavar="PORTNUM[-PORTNUM]") dest="portconquery", default=None, nargs='?', const=True, metavar="PORTNUM[-PORTNUM]")
queries.add_argument("--permissive", help="Print permissive statements.", queries.add_argument("--permissive", help="Print permissive statements.",
dest="permissivequery", default="", nargs='?', const=True, metavar="TYPE") dest="permissivequery", default=None, nargs='?', const=True, metavar="TYPE")
queries.add_argument("--polcap", help="Print policy capabilities.", queries.add_argument("--polcap", help="Print policy capabilities.",
dest="polcapquery", default="", nargs='?', const=True, metavar="NAME") dest="polcapquery", default=None, nargs='?', const=True, metavar="NAME")
queries.add_argument("--all", help="Print all of the above.",
dest="all", default=False, action="store_true")
args = parser.parse_args() args = parser.parse_args()
try: try:
p = setools.SELinuxPolicy(args.policy) p = setools.SELinuxPolicy(args.policy)
components = []
if args.boolquery: if args.boolquery or args.all:
if isinstance(args.boolquery, str): if isinstance(args.boolquery, str):
q = setools.boolquery.BoolQuery(p, name=args.boolquery) q = setools.boolquery.BoolQuery(p, name=args.boolquery)
else: else:
q = setools.boolquery.BoolQuery(p) q = setools.boolquery.BoolQuery(p)
components.append(("Booleans", q))
elif args.classquery: if args.classquery or args.all:
if isinstance(args.classquery, str): if isinstance(args.classquery, str):
q = setools.objclassquery.ObjClassQuery(p, name=args.classquery) q = setools.objclassquery.ObjClassQuery(p, name=args.classquery)
else: else:
q = setools.objclassquery.ObjClassQuery(p) q = setools.objclassquery.ObjClassQuery(p)
components.append(("Classes", q))
elif args.fsusequery: if args.fsusequery or args.all:
if isinstance(args.fsusequery, str): if isinstance(args.fsusequery, str):
q = setools.fsusequery.FSUseQuery(p, fs=args.fsusequery) q = setools.fsusequery.FSUseQuery(p, fs=args.fsusequery)
else: else:
q = setools.fsusequery.FSUseQuery(p) q = setools.fsusequery.FSUseQuery(p)
components.append(("Fs_use", q))
elif args.genfsconquery: if args.genfsconquery or args.all:
if isinstance(args.genfsconquery, str): if isinstance(args.genfsconquery, str):
q = setools.genfsconquery.GenfsconQuery(p, fs=args.genfsconquery) q = setools.genfsconquery.GenfsconQuery(p, fs=args.genfsconquery)
else: else:
q = setools.genfsconquery.GenfsconQuery(p) q = setools.genfsconquery.GenfsconQuery(p)
components.append(("Genfscon", q))
elif args.initialsidquery: if args.initialsidquery or args.all:
if isinstance(args.initialsidquery, str): if isinstance(args.initialsidquery, str):
q = setools.initsidquery.InitialSIDQuery( q = setools.initsidquery.InitialSIDQuery(
p, name=args.initialsidquery) p, name=args.initialsidquery)
else: else:
q = setools.initsidquery.InitialSIDQuery(p) q = setools.initsidquery.InitialSIDQuery(p)
components.append(("Initial SIDs", q))
elif args.netifconquery: if args.netifconquery or args.all:
if isinstance(args.netifconquery, str): if isinstance(args.netifconquery, str):
q = setools.netifconquery.NetifconQuery(p, name=args.netifconquery) q = setools.netifconquery.NetifconQuery(p, name=args.netifconquery)
else: else:
q = setools.netifconquery.NetifconQuery(p) q = setools.netifconquery.NetifconQuery(p)
components.append(("Netifcon", q))
elif args.nodeconquery: if args.nodeconquery or args.all:
if isinstance(args.nodeconquery, str): if isinstance(args.nodeconquery, str):
q = setools.nodeconquery.NodeconQuery(p, net=args.nodeconquery) q = setools.nodeconquery.NodeconQuery(p, net=args.nodeconquery)
else: else:
q = setools.nodeconquery.NodeconQuery(p) q = setools.nodeconquery.NodeconQuery(p)
components.append(("Nodecon", q))
elif args.polcapquery: if args.polcapquery or args.all:
if isinstance(args.polcapquery, str): if isinstance(args.polcapquery, str):
q = setools.polcapquery.PolCapQuery(p, name=args.polcapquery) q = setools.polcapquery.PolCapQuery(p, name=args.polcapquery)
else: else:
q = setools.polcapquery.PolCapQuery(p) q = setools.polcapquery.PolCapQuery(p)
components.append(("Polcap", q))
elif args.portconquery: if args.portconquery or args.all:
if isinstance(args.portconquery, str): if isinstance(args.portconquery, str):
q = setools.portconquery.PortconQuery(p) q = setools.portconquery.PortconQuery(p)
@ -139,26 +150,30 @@ try:
else: else:
q = setools.portconquery.PortconQuery(p) q = setools.portconquery.PortconQuery(p)
components.append(("Portcon", q))
elif args.rolequery: if args.rolequery or args.all:
if isinstance(args.rolequery, str): if isinstance(args.rolequery, str):
q = setools.rolequery.RoleQuery(p, name=args.rolequery) q = setools.rolequery.RoleQuery(p, name=args.rolequery)
else: else:
q = setools.rolequery.RoleQuery(p) q = setools.rolequery.RoleQuery(p)
components.append(("Roles", q))
elif args.typequery: if args.typequery or args.all:
if isinstance(args.typequery, str): if isinstance(args.typequery, str):
q = setools.typequery.TypeQuery(p, name=args.typequery) q = setools.typequery.TypeQuery(p, name=args.typequery)
else: else:
q = setools.typequery.TypeQuery(p) q = setools.typequery.TypeQuery(p)
components.append(("Types", q))
elif args.userquery: if args.userquery or args.all:
if isinstance(args.userquery, str): if isinstance(args.userquery, str):
q = setools.userquery.UserQuery(p, name=args.userquery) q = setools.userquery.UserQuery(p, name=args.userquery)
else: else:
q = setools.userquery.UserQuery(p) q = setools.userquery.UserQuery(p)
components.append(("Users", q))
else: if not components or args.all:
if p.mls: if p.mls:
mls = "enabled" mls = "enabled"
else: else:
@ -198,13 +213,18 @@ try:
p.netifcon_count, p.nodecon_count)) p.netifcon_count, p.nodecon_count))
print(" Permissives: {0:7} Polcap: {1:7}".format( print(" Permissives: {0:7} Polcap: {1:7}".format(
p.permissives_count, p.polcap_count)) p.permissives_count, p.polcap_count))
sys.exit(0)
for item in sorted(q.results()): for desc, component in components:
if args.expand: results = sorted(component.results())
print(item.statement()) print("\n{0}: {1}".format(desc, len(results)))
else: for item in results:
print(item) if args.expand:
result = item.statement()
else:
result = item
print(" {0}".format(result))
sys.exit(0)
except Exception as err: except Exception as err:
print(err) print(err)