RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-01 00:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
e379eea919
setools/libapol/policyrep/netcontext.py
Chris PeBenito 39505d0295 Initial public release.
2014-07-08 14:28:55 -04:00

139 lines
3.9 KiB
Python
Raw Blame History

# Copyright 2014, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import socket
from setools import qpol
import symbol
import context
class NetContext(symbol.PolicySymbol):
"""Abstract base class for in-policy network labeling rules."""
def __str__(self):
raise NotImplementedError
@property
def context(self):
"""The context for this statement."""
return context.Context(self.policy, self.qpol_symbol.get_context(self.policy))
def statement(self):
return str(self)
class Netifcon(NetContext):
"""A netifcon statement."""
def __str__(self):
return "netifcon {0.netif} {0.context} {0.packet}".format(self)
@property
def netif(self):
"""The network interface name."""
return self.qpol_symbol.get_name(self.policy)
@property
def context(self):
"""The context for the interface."""
return context.Context(self.policy, self.qpol_symbol.get_if_con(self.policy))
@property
def packet(self):
"""The context for the packets."""
return context.Context(self.policy, self.qpol_symbol.get_msg_con(self.policy))
class Nodecon(NetContext):
"""A nodecon statement."""
def __str__(self):
# TODO: not sure the SWIG is functional on these addresses.
#ver = self.ip_version()
#subnet = socket.inet_ntop(ver, self.subnet)
#netmask = socket.inet_ntop(ver, self.netmask)
#return "nodecon {0} {1} {2}".format(subnet, netmask, self.context)
return "nodecon - - {0.context}".format(self)
@property
def ip_version(self):
"""
The IP version for the nodecon (socket.AF_INET or
socket.AF_INET6).
"""
if self.qpol_symbol.get_protocol(self.policy) == qpol.QPOL_IPV6:
return socket.AF_INET6
return socket.AF_INET
@property
def subnet(self):
# TODO: determine if this packed byte representation
# should be used here and below, or if it should be
# converted into the human-readable string version.
# IPv(4|6)Network looks good for this (with mask below)
# but it is limited to Python >= 3.3
return self.qpol_symbol.get_addr(self.policy)
@property
def netmask(self):
return self.qpol_symbol.get_mask(self.policy)
class Portcon(NetContext):
"""A portcon statement."""
_proto_to_text = {socket.IPPROTO_TCP: 'tcp',
socket.IPPROTO_UDP: 'udp'}
def __str__(self):
low, high = self.ports
proto = self._proto_to_text[self.protocol]
if low == high:
return "portcon {0} {1} {2}".format(proto, low, self.context)
else:
return "portcon {0} {1}-{2} {3}".format(proto, low, high, self.context)
@property
def protocol(self):
"""
The protocol number for the portcon (socket.IPPROTO_TCP
or socket.IPPROTO_UDP).
"""
return self.qpol_symbol.get_protocol(self.policy)
@property
def ports(self):
"""
The port range for this portcon.
Return: Tuple(low, high)
low The low port of the range.
high The high port of the range.
"""
low = self.qpol_symbol.get_low_port(self.policy)
high = self.qpol_symbol.get_high_port(self.policy)
return (low, high)
Reference in New Issue View Git Blame Copy Permalink