python/sepolicy: Stop rejecting aliases in sepolicy commands

Fix CheckDomain and CheckPortType classes to properly deal with aliases. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1600009 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2025-01-13 17:00:51 +00:00 · 2018-10-22 17:43:12 +02:00 · 2018-10-22 17:43:12 +02:00 · 4c63b8e7b6
commit 4c63b8e7b6
parent 448f5a9257
2 changed files with 20 additions and 6 deletions
--- a/python/sepolicy/sepolicy.py
+++ b/python/sepolicy/sepolicy.py
@ -60,8 +60,6 @@ class CheckPath(argparse.Action):
 class CheckType(argparse.Action):

    def __call__(self, parser, namespace, values, option_string=None):
-        domains = sepolicy.get_all_domains()
-
        if isinstance(values, str):
            setattr(namespace, self.dest, values)
        else:
@ -103,7 +101,7 @@ class CheckDomain(argparse.Action):
        domains = sepolicy.get_all_domains()

        if isinstance(values, str):
-            if values not in domains:
+            if sepolicy.get_real_type_name(values) not in domains:
                raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (values, ", ".join(domains)))
            setattr(namespace, self.dest, values)
        else:
@ -112,7 +110,7 @@ class CheckDomain(argparse.Action):
                newval = []

            for v in values:
-                if v not in domains:
+                if sepolicy.get_real_type_name(v) not in domains:
                    raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(domains)))
                newval.append(v)
            setattr(namespace, self.dest, newval)
@ -167,7 +165,7 @@ class CheckPortType(argparse.Action):
        if not newval:
            newval = []
        for v in values:
-            if v not in port_types:
+            if sepolicy.get_real_type_name(v) not in port_types:
                raise ValueError("%s must be an SELinux port type:\nValid port types: %s" % (v, ", ".join(port_types)))
            newval.append(v)
        setattr(namespace, self.dest, values)
--- a/python/sepolicy/sepolicy/init.py
+++ b/python/sepolicy/sepolicy/init.py
@ -447,6 +447,22 @@ def get_file_types(setype):
    return mpaths


+def get_real_type_name(name):
+    """Return the real name of a type
+
+    * If 'name' refers to a type, return the same name.
+    * If 'name' refers to a type alias, return the corresponding type name.
+    * Otherwise return None.
+    """
+    if not name:
+        return None
+
+    try:
+        return next(info(TYPE, name))["name"]
+    except (RuntimeError, StopIteration):
+        return None
+
+
 def get_writable_files(setype):
    file_types = get_all_file_types()
    all_writes = []
@ -1061,7 +1077,7 @@ def gen_short_name(setype):
        domainname = setype[:-2]
    else:
        domainname = setype
-    if domainname + "_t" not in all_domains:
+    if get_real_type_name(domainname + "_t") not in all_domains:
        raise ValueError("domain %s_t does not exist" % domainname)
    if domainname[-1] == 'd':
        short_name = domainname[:-1] + "_"