RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-21 22:46:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
e55764700c
setools/seinfo
Chris PeBenito e55764700c Refactor MLS-related objects. 
Drop the "MLS" prepended to category, sensitivity, level, and range
objects.
2015-03-07 09:39:01 -05:00

234 lines
11 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python
# Copyright 2014-2015, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with SETools. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import print_function
import setools
import argparse
import sys
parser = argparse.ArgumentParser(
description="SELinux policy information tool.")
parser.add_argument("--version", action="version", version=setools.__version__)
parser.add_argument("policy", help="Path to the SELinux policy to query.")
parser.add_argument("-x", "--expand", action="store_true",
help="Print additional information about the specified components.")
parser.add_argument("--flat", help="Print without item count nor indentation.",
dest="flat", default=False, action="store_true")
queries = parser.add_argument_group("Component Queries")
queries.add_argument("-c", "--class", help="Print object classes.", dest="classquery",
default=None, nargs='?', const=True, metavar="CLASS")
queries.add_argument("-t", "--type", help="Print types.", dest="typequery",
default=None, nargs='?', const=True, metavar="TYPE")
queries.add_argument("-a", "--attribute", help="Print type attributes.", dest="attrquery",
default=None, nargs='?', const=True, metavar="ATTR")
queries.add_argument("-r", "--role", help="Print roles.", dest="rolequery",
default=None, nargs='?', const=True, metavar="ROLE")
queries.add_argument("-u", "--user", help="Print users.", dest="userquery",
default=None, nargs='?', const=True, metavar="USER")
queries.add_argument("-b", "--bool", help="Print Booleans.", dest="boolquery",
default=None, nargs='?', const=True, metavar="BOOL")
queries.add_argument("--sensitivity", help="Print MLS sensitivities.", dest="mlssensquery",
default=None, nargs='?', const=True, metavar="SENS")
queries.add_argument("--category", help="Print MLS categories.", dest="mlscatsquery",
default=None, nargs='?', const=True, metavar="CAT")
queries.add_argument("--constrain", help="Print constraints.", dest="constraintquery",
default=None, nargs='?', const=True, metavar="CLASS")
queries.add_argument("--initialsid", help="Print initial SIDs (contexts).", dest="initialsidquery",
default=None, nargs='?', const=True, metavar="NAME")
queries.add_argument("--fs_use", help="Print fs_use statements.", dest="fsusequery",
default=None, nargs='?', const=True, metavar="FS_TYPE")
queries.add_argument("--genfscon", help="Print genfscon statements.", dest="genfsconquery",
default=None, nargs='?', const=True, metavar="FS_TYPE")
queries.add_argument("--netifcon", help="Print netifcon statements.", dest="netifconquery",
default=None, nargs='?', const=True, metavar="DEVICE")
queries.add_argument("--nodecon", help="Print nodecon statements.", dest="nodeconquery",
default=None, nargs='?', const=True, metavar="ADDR")
queries.add_argument("--portcon", help="Print portcon statements.", dest="portconquery",
default=None, nargs='?', const=True, metavar="PORTNUM[-PORTNUM]")
queries.add_argument("--permissive", help="Print permissive statements.", dest="permissivequery",
default=None, nargs='?', const=True, metavar="TYPE")
queries.add_argument("--polcap", help="Print policy capabilities.", dest="polcapquery",
default=None, nargs='?', const=True, metavar="NAME")
queries.add_argument("--all", help="Print all of the above.",
dest="all", default=False, action="store_true")
args = parser.parse_args()
try:
p = setools.SELinuxPolicy(args.policy)
components = []
if args.boolquery or args.all:
if isinstance(args.boolquery, str):
q = setools.boolquery.BoolQuery(p, name=args.boolquery)
else:
q = setools.boolquery.BoolQuery(p)
components.append(("Booleans", q))
if args.mlscatsquery or args.all:
if isinstance(args.mlscatsquery, str):
q = setools.categoryquery.CategoryQuery(p, name=args.mlscatsquery)
else:
q = setools.categoryquery.CategoryQuery(p)
components.append(("Categories", q))
if args.classquery or args.all:
if isinstance(args.classquery, str):
q = setools.objclassquery.ObjClassQuery(p, name=args.classquery)
else:
q = setools.objclassquery.ObjClassQuery(p)
components.append(("Classes", q))
if args.fsusequery or args.all:
if isinstance(args.fsusequery, str):
q = setools.fsusequery.FSUseQuery(p, fs=args.fsusequery)
else:
q = setools.fsusequery.FSUseQuery(p)
components.append(("Fs_use", q))
if args.genfsconquery or args.all:
if isinstance(args.genfsconquery, str):
q = setools.genfsconquery.GenfsconQuery(p, fs=args.genfsconquery)
else:
q = setools.genfsconquery.GenfsconQuery(p)
components.append(("Genfscon", q))
if args.initialsidquery or args.all:
if isinstance(args.initialsidquery, str):
q = setools.initsidquery.InitialSIDQuery(p, name=args.initialsidquery)
else:
q = setools.initsidquery.InitialSIDQuery(p)
components.append(("Initial SIDs", q))
if args.netifconquery or args.all:
if isinstance(args.netifconquery, str):
q = setools.netifconquery.NetifconQuery(p, name=args.netifconquery)
else:
q = setools.netifconquery.NetifconQuery(p)
components.append(("Netifcon", q))
if args.nodeconquery or args.all:
if isinstance(args.nodeconquery, str):
q = setools.nodeconquery.NodeconQuery(p, net=args.nodeconquery)
else:
q = setools.nodeconquery.NodeconQuery(p)
components.append(("Nodecon", q))
if args.polcapquery or args.all:
if isinstance(args.polcapquery, str):
q = setools.polcapquery.PolCapQuery(p, name=args.polcapquery)
else:
q = setools.polcapquery.PolCapQuery(p)
components.append(("Polcap", q))
if args.portconquery or args.all:
if isinstance(args.portconquery, str):
q = setools.portconquery.PortconQuery(p)
try:
ports = [int(i) for i in args.portconquery.split("-")]
except:
parser.error("Enter a port number or range, e.g. 22 or 6000-6020")
if len(ports) == 2:
q.set_ports((ports[0], ports[1]))
elif len(ports) == 1:
q.set_ports((ports[0], ports[0]))
else:
parser.error("Enter a port number or range, e.g. 22 or 6000-6020")
else:
q = setools.portconquery.PortconQuery(p)
components.append(("Portcon", q))
if args.rolequery or args.all:
if isinstance(args.rolequery, str):
q = setools.rolequery.RoleQuery(p, name=args.rolequery)
else:
q = setools.rolequery.RoleQuery(p)
components.append(("Roles", q))
if args.typequery or args.all:
if isinstance(args.typequery, str):
q = setools.typequery.TypeQuery(p, name=args.typequery)
else:
q = setools.typequery.TypeQuery(p)
components.append(("Types", q))
if args.userquery or args.all:
if isinstance(args.userquery, str):
q = setools.userquery.UserQuery(p, name=args.userquery)
else:
q = setools.userquery.UserQuery(p)
components.append(("Users", q))
if (not components or args.all) and not args.flat:
mls = "enabled" if p.mls else "disabled"
print("Statistics for policy file: {0}".format(args.policy))
print("Policy Version: {0} (MLS {1})".format(p.version, mls))
print(" Classes: {0:7} Permissions: {1:7}".format(
p.class_count, p.permission_count))
print(" Sensitivities: {0:7} Categories: {1:7}".format(
p.level_count, p.category_count))
print(" Types: {0:7} Attributes: {1:7}".format(
p.type_count, p.attribute_count))
print(" Users: {0:7} Roles: {1:7}".format(
p.user_count, p.role_count))
print(" Booleans: {0:7} Cond. Expr.: {1:7}".format(
p.boolean_count, p.conditional_count))
print(" Allow: {0:7} Neverallow: {1:7}".format(
p.allow_count, p.neverallow_count))
print(" Auditallow: {0:7} Dontaudit: {1:7}".format(
p.auditallow_count, p.dontaudit_count))
print(" Type_trans: {0:7} Type_change: {1:7}".format(
p.type_transition_count, p.type_change_count))
print(" Type_member: {0:7} Range_trans: {1:7}".format(
p.type_member_count, p.range_transition_count))
print(" Role allow: {0:7} Role_trans: {1:7}".format(
p.role_allow_count, p.role_transition_count))
print(" Constraints: {0:7} Validatetrans: {1:7}".format(
p.constraint_count, p.validatetrans_count))
print(" MLS Constrain: {0:7} MLS Val. Tran: {1:7}".format(
p.mlsconstraint_count, p.mlsvalidatetrans_count))
print(" Initial SIDs: {0:7} Fs_use: {1:7}".format(
p.initialsids_count, p.fs_use_count))
print(" Genfscon: {0:7} Portcon: {1:7}".format(
p.genfscon_count, p.portcon_count))
print(" Netifcon: {0:7} Nodecon: {1:7}".format(
p.netifcon_count, p.nodecon_count))
print(" Permissives: {0:7} Polcap: {1:7}".format(
p.permissives_count, p.polcap_count))
for desc, component in components:
results = sorted(component.results())
if not args.flat:
print("\n{0}: {1}".format(desc, len(results)))
for item in results:
result = item.statement() if args.expand else item
strfmt = " {0}" if not args.flat else "{0}"
print(strfmt.format(result))
sys.exit(0)
except Exception as err:
print(err)
sys.exit(-1)
Reference in New Issue View Git Blame Copy Permalink