RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-23 15:47:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
8d3b4d35a0
setools/seinfo

159 lines
6.1 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python
# Copyright 2014, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with SETools. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import print_function
import setools
import argparse
import sys
parser = argparse.ArgumentParser(
description="SELinux policy information tool.")
parser.add_argument("--version", action="version", version=setools.__version__)
parser.add_argument("policy", help="Path to the SELinux policy to query.")
parser.add_argument(
"-x", "--expand", help="Print additional information about the specified components.", action="store_true")
queries = parser.add_argument_group("Component Queries")
queries.add_argument("-c", "--class", help="Print object classes.",
dest="classquery", default="", nargs='?', const=True, metavar="CLASS")
queries.add_argument("-t", "--type", help="Print types.",
dest="typequery", default="", nargs='?', const=True, metavar="TYPE")
queries.add_argument("-a", "--attribute", help="Print type attributes.",
dest="attrquery", default="", nargs='?', const=True, metavar="ATTR")
queries.add_argument("-r", "--role", help="Print roles.",
dest="rolequery", default="", nargs='?', const=True, metavar="ROLE")
queries.add_argument("-u", "--user", help="Print users.",
dest="userquery", default="", nargs='?', const=True, metavar="USER")
queries.add_argument("-b", "--bool", help="Print Booleans.",
dest="boolquery", default="", nargs='?', const=True, metavar="BOOL")
queries.add_argument("--sensitivity", help="Print MLS sensitivities.",
dest="mlssensquery", default="", nargs='?', const=True, metavar="SENS")
queries.add_argument("--category", help="Print MLS categories.",
dest="mlssensquery", default="", nargs='?', const=True, metavar="CAT")
queries.add_argument("--constrain", help="Print constraints.",
dest="constraintquery", default="", nargs='?', const=True, metavar="CLASS")
queries.add_argument("--initialsid", help="Print initial SIDs (contexts).",
dest="initialsidquery", default="", nargs='?', const=True, metavar="NAME")
queries.add_argument("--fs_use", help="Print fs_use statements.",
dest="fsusequery", default="", nargs='?', const=True, metavar="FS_TYPE")
queries.add_argument("--genfscon", help="Print genfscon statements.",
dest="genfsconquery", default="", nargs='?', const=True, metavar="FS_TYPE")
queries.add_argument("--netifcon", help="Print netifcon statements.",
dest="netifconquery", default="", nargs='?', const=True, metavar="DEVICE")
queries.add_argument("--nodecon", help="Print nodecon statements.",
dest="nodeconquery", default="", nargs='?', const=True, metavar="ADDR")
queries.add_argument("--portcon", help="Print portcon statements.",
dest="portconquery", default="", nargs='?', const=True, metavar="PORT_NUM")
queries.add_argument("--permissive", help="Print permissive statements.",
dest="permissivequery", default="", nargs='?', const=True, metavar="TYPE")
queries.add_argument("--polcap", help="Print policy capabilities.",
dest="polcapquery", default="", nargs='?', const=True, metavar="NAME")
args = parser.parse_args()
try:
p = setools.SELinuxPolicy(args.policy)
except Exception as err:
print(err)
sys.exit(-1)
if args.typequery:
if isinstance(args.typequery, str):
q = setools.typequery.TypeQuery(p, args.typequery)
else:
q = setools.typequery.TypeQuery(p)
for t in sorted(q.results()):
if args.expand:
print(t.statement())
else:
print(t)
if args.boolquery:
if isinstance(args.boolquery, str):
q = setools.boolquery.BoolQuery(p, args.boolquery)
else:
q = setools.boolquery.BoolQuery(p)
for b in sorted(q.results()):
if args.expand:
print(b.statement())
else:
print(b)
if args.polcapquery:
if isinstance(args.polcapquery, str):
q = setools.polcapquery.PolCapQuery(p, args.polcapquery)
else:
q = setools.polcapquery.PolCapQuery(p)
for cap in sorted(q.results()):
if args.expand:
print(cap.statement())
else:
print(cap)
if args.userquery:
if isinstance(args.userquery, str):
q = setools.userquery.UserQuery(p, args.userquery)
else:
q = setools.userquery.UserQuery(p)
for u in sorted(q.results()):
if args.expand:
print(u.statement())
else:
print(u)
if args.rolequery:
if isinstance(args.rolequery, str):
q = setools.rolequery.RoleQuery(p, args.rolequery)
else:
q = setools.rolequery.RoleQuery(p)
for r in sorted(q.results()):
if args.expand:
print(r.statement())
else:
print(r)
if args.classquery:
if isinstance(args.classquery, str):
q = setools.objclassquery.ObjClassQuery(p, args.classquery)
else:
q = setools.objclassquery.ObjClassQuery(p)
for c in sorted(q.results()):
if args.expand:
print(c.statement())
else:
print(c)
if args.initialsidquery:
if isinstance(args.initialsidquery, str):
q = setools.initsidquery.InitialSIDQuery(p, args.initialsidquery)
else:
q = setools.initsidquery.InitialSIDQuery(p)
for i in sorted(q.results()):
if args.expand:
print(i.statement())
else:
print(i)
Reference in New Issue View Git Blame Copy Permalink