mirror of
https://github.com/SELinuxProject/setools
synced 2025-02-20 22:17:03 +00:00
123 lines
5.2 KiB
Python
Executable File
123 lines
5.2 KiB
Python
Executable File
#!/usr/bin/python
|
|
# Copyright 2014, Tresys Technology, LLC
|
|
#
|
|
# This file is part of SETools.
|
|
#
|
|
# SETools is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# SETools is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with SETools. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
from __future__ import print_function
|
|
import libapol
|
|
import argparse
|
|
import sys
|
|
|
|
parser = argparse.ArgumentParser(
|
|
description="SELinux policy information tool.")
|
|
parser.add_argument("--version", action="version", version=libapol.__version__)
|
|
parser.add_argument("policy", help="Path to the SELinux policy to query.")
|
|
parser.add_argument(
|
|
"-x", "--expand", help="Print additional information about the specified components.", action="store_true")
|
|
|
|
queries = parser.add_argument_group("Component Queries")
|
|
queries.add_argument("-c", "--class", help="Print object classes.",
|
|
dest="classquery", default="", nargs='?', const=True, metavar="CLASS")
|
|
queries.add_argument("-t", "--type", help="Print types.",
|
|
dest="typequery", default="", nargs='?', const=True, metavar="TYPE")
|
|
queries.add_argument("-a", "--attribute", help="Print type attributes.",
|
|
dest="attrquery", default="", nargs='?', const=True, metavar="ATTR")
|
|
queries.add_argument("-r", "--role", help="Print roles.",
|
|
dest="rolequery", default="", nargs='?', const=True, metavar="ROLE")
|
|
queries.add_argument("-u", "--user", help="Print users.",
|
|
dest="userquery", default="", nargs='?', const=True, metavar="USER")
|
|
queries.add_argument("-b", "--bool", help="Print Booleans.",
|
|
dest="boolquery", default="", nargs='?', const=True, metavar="BOOL")
|
|
queries.add_argument("--sensitivity", help="Print MLS sensitivities.",
|
|
dest="mlssensquery", default="", nargs='?', const=True, metavar="SENS")
|
|
queries.add_argument("--category", help="Print MLS categories.",
|
|
dest="mlssensquery", default="", nargs='?', const=True, metavar="CAT")
|
|
queries.add_argument("--constrain", help="Print constraints.",
|
|
dest="constraintquery", default="", nargs='?', const=True, metavar="CLASS")
|
|
queries.add_argument("--initialsid", help="Print initial SIDs (contexts).",
|
|
dest="initialsidquery", default="", nargs='?', const=True, metavar="NAME")
|
|
queries.add_argument("--fs_use", help="Print fs_use statements.",
|
|
dest="fsusequery", default="", nargs='?', const=True, metavar="FS_TYPE")
|
|
queries.add_argument("--genfscon", help="Print genfscon statements.",
|
|
dest="genfsconquery", default="", nargs='?', const=True, metavar="FS_TYPE")
|
|
queries.add_argument("--netifcon", help="Print netifcon statements.",
|
|
dest="netifconquery", default="", nargs='?', const=True, metavar="DEVICE")
|
|
queries.add_argument("--nodecon", help="Print nodecon statements.",
|
|
dest="nodeconquery", default="", nargs='?', const=True, metavar="ADDR")
|
|
queries.add_argument("--portcon", help="Print portcon statements.",
|
|
dest="portconquery", default="", nargs='?', const=True, metavar="PORT_NUM")
|
|
queries.add_argument("--permissive", help="Print permissive statements.",
|
|
dest="permissivequery", default="", nargs='?', const=True, metavar="TYPE")
|
|
queries.add_argument("--polcap", help="Print policy capabilities.",
|
|
dest="polcapquery", default="", nargs='?', const=True, metavar="NAME")
|
|
|
|
args = parser.parse_args()
|
|
|
|
try:
|
|
p = libapol.SELinuxPolicy(args.policy)
|
|
except RuntimeError as err:
|
|
print(err)
|
|
sys.exit(-1)
|
|
|
|
if args.typequery:
|
|
if isinstance(args.typequery, str):
|
|
q = libapol.typequery.TypeQuery(p, args.typequery)
|
|
else:
|
|
q = libapol.typequery.TypeQuery(p)
|
|
|
|
for t in sorted(q.results()):
|
|
if args.expand:
|
|
print(t.statement())
|
|
else:
|
|
print(t)
|
|
|
|
if args.boolquery:
|
|
if isinstance(args.boolquery, str):
|
|
q = libapol.boolquery.BoolQuery(p, args.boolquery)
|
|
else:
|
|
q = libapol.boolquery.BoolQuery(p)
|
|
|
|
for b in sorted(q.results()):
|
|
if args.expand:
|
|
print(b.statement())
|
|
else:
|
|
print(b)
|
|
|
|
if args.polcapquery:
|
|
if isinstance(args.polcapquery, str):
|
|
q = libapol.polcapquery.PolCapQuery(p, args.polcapquery)
|
|
else:
|
|
q = libapol.polcapquery.PolCapQuery(p)
|
|
|
|
for cap in sorted(q.results()):
|
|
if args.expand:
|
|
print(cap.statement())
|
|
else:
|
|
print(cap)
|
|
|
|
if args.userquery:
|
|
if isinstance(args.userquery, str):
|
|
q = libapol.userquery.UserQuery(p, args.userquery)
|
|
else:
|
|
q = libapol.userquery.UserQuery(p)
|
|
|
|
for u in sorted(q.results()):
|
|
if args.expand:
|
|
print(u.statement())
|
|
else:
|
|
print(u)
|