RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-13 01:24:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

policycoreutils/audit2allow: improve compatibility with Python 3

Browse Source 
- replace print statement with print function
- use reserved word `as` in try-except
- replace deprecated assert_() method with assertTrue() in unit tests

Signed-off-by: Michal Srb <msrb@redhat.com>
This commit is contained in:
Michal Srb 2015-07-21 02:38:19 +02:00 committed by Stephen Smalley
parent 5c5183171d
commit d135951152
4 changed files with 75 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
policycoreutils/audit2allow/audit2allow
View File

@ -135,13 +135,13 @@ class AuditToPolicy:
elif self.__options.audit: elif self.__options.audit:
try: try:
messages = audit.get_audit_msgs() messages = audit.get_audit_msgs()
except OSError, e: except OSError as e:
sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
sys.exit(1) sys.exit(1)
elif self.__options.boot: elif self.__options.boot:
try: try:
messages = audit.get_audit_boot_msgs() messages = audit.get_audit_boot_msgs()
except OSError, e: except OSError as e:
sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
sys.exit(1) sys.exit(1)
else: else:
@ -152,7 +152,7 @@ class AuditToPolicy:
if filename is not None: if filename is not None:
try: try:
f = open(filename) f = open(filename)
except IOError, e: except IOError as e:
sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e))) sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e)))
sys.exit(1) sys.exit(1)
@ -214,7 +214,7 @@ class AuditToPolicy:
try: try:
fd = open(filename, "w") fd = open(filename, "w")
except IOError, e: except IOError as e:
sys.stderr.write("could not write output file: %s\n" % str(e)) sys.stderr.write("could not write output file: %s\n" % str(e))
sys.exit(1) sys.exit(1)
@ -225,8 +225,8 @@ class AuditToPolicy:
try: try:
mc.create_module_package(filename, self.__options.refpolicy) mc.create_module_package(filename, self.__options.refpolicy)
except RuntimeError, e: except RuntimeError as e:
print e print(e)
sys.exit(1) sys.exit(1)
sys.stdout.write(_("******************** IMPORTANT ***********************\n")) sys.stdout.write(_("******************** IMPORTANT ***********************\n"))
@ -240,44 +240,44 @@ class AuditToPolicy:
rc = i.type rc = i.type
data = i.data data = i.data
if rc >= 0: if rc >= 0:
print "%s\n\tWas caused by:" % i.message print("%s\n\tWas caused by:" % i.message)
if rc == audit2why.ALLOW: if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n", print("\t\tUnknown - would be allowed by active policy")
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n")
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n")
continue continue
if rc == audit2why.DONTAUDIT: if rc == audit2why.DONTAUDIT:
print "\t\tUnknown - should be dontaudit'd by active policy\n", print("\t\tUnknown - should be dontaudit'd by active policy")
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n")
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n")
continue continue
if rc == audit2why.BOOLEAN: if rc == audit2why.BOOLEAN:
if len(data) > 1: if len(data) > 1:
print "\tOne of the following booleans was set incorrectly." print("\tOne of the following booleans was set incorrectly.")
for b in data: for b in data:
print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]) print("\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]))
print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
else: else:
print "\tThe boolean %s was set incorrectly. " % (data[0][0]) print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
print "\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0]) print("\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0]))
print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
continue continue
if rc == audit2why.TERULE: if rc == audit2why.TERULE:
print "\t\tMissing type enforcement (TE) allow rule.\n" print("\t\tMissing type enforcement (TE) allow rule.\n")
print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n" print("\t\tYou can use audit2allow to generate a loadable module to allow this access.\n")
continue continue
if rc == audit2why.CONSTRAINT: if rc == audit2why.CONSTRAINT:
print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" print() #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
print "#Constraint rule:" print("#Constraint rule:")
print "\n\t" + data[0] print("\n\t" + data[0])
for reason in data[1:]: for reason in data[1:]:
print "#\tPossible cause is the source %s and target %s are different.\n" % reason print("#\tPossible cause is the source %s and target %s are different.\n" % reason)
if rc == audit2why.RBAC: if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n" print("\t\tMissing role allow rule.\n")
print "\t\tAdd an allow rule for the role pair.\n" print("\t\tAdd an allow rule for the role pair.\n")
continue continue
audit2why.finish() audit2why.finish()
@ -288,8 +288,8 @@ class AuditToPolicy:
if self.__options.audit2why: if self.__options.audit2why:
try: try:
return self.__output_audit2why() return self.__output_audit2why()
except RuntimeError, e: except RuntimeError as e:
print e print(e)
sys.exit(1) sys.exit(1)
g = policygen.PolicyGenerator() g = policygen.PolicyGenerator()
@ -348,11 +348,11 @@ class AuditToPolicy:
self.__output() self.__output()
except KeyboardInterrupt: except KeyboardInterrupt:
sys.exit(0) sys.exit(0)
except ValueError, e: except ValueError as e:
print e print(e)
sys.exit(1) sys.exit(1)
except IOError, e: except IOError as e:
print e print(e)
sys.exit(1) sys.exit(1)
if __name__ == "__main__": if __name__ == "__main__":

64
policycoreutils/audit2allow/audit2why
View File

@ -135,13 +135,13 @@ class AuditToPolicy:
elif self.__options.audit: elif self.__options.audit:
try: try:
messages = audit.get_audit_msgs() messages = audit.get_audit_msgs()
except OSError, e: except OSError as e:
sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
sys.exit(1) sys.exit(1)
elif self.__options.boot: elif self.__options.boot:
try: try:
messages = audit.get_audit_boot_msgs() messages = audit.get_audit_boot_msgs()
except OSError, e: except OSError as e:
sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
sys.exit(1) sys.exit(1)
else: else:
@ -152,7 +152,7 @@ class AuditToPolicy:
if filename is not None: if filename is not None:
try: try:
f = open(filename) f = open(filename)
except IOError, e: except IOError as e:
sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e))) sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e)))
sys.exit(1) sys.exit(1)
@ -214,7 +214,7 @@ class AuditToPolicy:
try: try:
fd = open(filename, "w") fd = open(filename, "w")
except IOError, e: except IOError as e:
sys.stderr.write("could not write output file: %s\n" % str(e)) sys.stderr.write("could not write output file: %s\n" % str(e))
sys.exit(1) sys.exit(1)
@ -225,8 +225,8 @@ class AuditToPolicy:
try: try:
mc.create_module_package(filename, self.__options.refpolicy) mc.create_module_package(filename, self.__options.refpolicy)
except RuntimeError, e: except RuntimeError as e:
print e print(e)
sys.exit(1) sys.exit(1)
sys.stdout.write(_("******************** IMPORTANT ***********************\n")) sys.stdout.write(_("******************** IMPORTANT ***********************\n"))
@ -240,43 +240,43 @@ class AuditToPolicy:
rc = i.type rc = i.type
data = i.data data = i.data
if rc >= 0: if rc >= 0:
print "%s\n\tWas caused by:" % i.message print("%s\n\tWas caused by:" % i.message)
if rc == audit2why.ALLOW: if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n", print("\t\tUnknown - would be allowed by active policy")
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n")
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n")
continue continue
if rc == audit2why.DONTAUDIT: if rc == audit2why.DONTAUDIT:
print "\t\tUnknown - should be dontaudit'd by active policy\n", print("\t\tUnknown - should be dontaudit'd by active policy")
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n")
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n")
continue continue
if rc == audit2why.BOOLEAN: if rc == audit2why.BOOLEAN:
if len(data) > 1: if len(data) > 1:
print "\tOne of the following booleans was set incorrectly." print("\tOne of the following booleans was set incorrectly.")
for b in data: for b in data:
print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]) print("\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]))
print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
else: else:
print "\tThe boolean %s was set incorrectly. " % (data[0][0]) print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
print "\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0]) print("\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0]))
print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
continue continue
if rc == audit2why.TERULE: if rc == audit2why.TERULE:
print "\t\tMissing type enforcement (TE) allow rule.\n" print("\t\tMissing type enforcement (TE) allow rule.\n")
print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n" print("\t\tYou can use audit2allow to generate a loadable module to allow this access.\n")
continue continue
if rc == audit2why.CONSTRAINT: if rc == audit2why.CONSTRAINT:
print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" print() #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
print "#Constraint rule: \n\t" + data[0] print("#Constraint rule: \n\t" + data[0])
for reason in data[1:]: for reason in data[1:]:
print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason print("#\tPossible cause is the source %s and target %s are different.\n\b" % reason)
if rc == audit2why.RBAC: if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n" print("\t\tMissing role allow rule.\n")
print "\t\tAdd an allow rule for the role pair.\n" print("\t\tAdd an allow rule for the role pair.\n")
continue continue
audit2why.finish() audit2why.finish()
@ -287,8 +287,8 @@ class AuditToPolicy:
if self.__options.audit2why: if self.__options.audit2why:
try: try:
return self.__output_audit2why() return self.__output_audit2why()
except RuntimeError, e: except RuntimeError as e:
print e print(e)
sys.exit(1) sys.exit(1)
g = policygen.PolicyGenerator() g = policygen.PolicyGenerator()
@ -347,11 +347,11 @@ class AuditToPolicy:
self.__output() self.__output()
except KeyboardInterrupt: except KeyboardInterrupt:
sys.exit(0) sys.exit(0)
except ValueError, e: except ValueError as e:
print e print(e)
sys.exit(1) sys.exit(1)
except IOError, e: except IOError as e:
print e print(e)
sys.exit(1) sys.exit(1)
if __name__ == "__main__": if __name__ == "__main__":

12
policycoreutils/audit2allow/sepolgen-ifgen
View File

@ -82,7 +82,7 @@ def get_attrs(policy_path):
sys.stderr.write("No installed policy to check\n") sys.stderr.write("No installed policy to check\n")
return None return None
outfile = tempfile.NamedTemporaryFile() outfile = tempfile.NamedTemporaryFile()
except IOError, e: except IOError as e:
sys.stderr.write("could not open attribute output file\n") sys.stderr.write("could not open attribute output file\n")
return None return None
except OSError: except OSError:
@ -100,7 +100,7 @@ def get_attrs(policy_path):
try: try:
attrs.from_file(outfile) attrs.from_file(outfile)
except: except:
print "error parsing attribute info" print("error parsing attribute info")
return None return None
return attrs return attrs
@ -111,7 +111,7 @@ def main():
# Open the output first to generate errors before parsing # Open the output first to generate errors before parsing
try: try:
f = open(options.output, "w") f = open(options.output, "w")
except IOError, e: except IOError as e:
sys.stderr.write("could not open output file [%s]\n" % options.output) sys.stderr.write("could not open output file [%s]\n" % options.output)
return 1 return 1
@ -130,9 +130,9 @@ def main():
# Parse the headers # Parse the headers
try: try:
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug) headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
except ValueError, e: except ValueError as e:
print "error parsing headers" print("error parsing headers")
print str(e) print(str(e))
return 1 return 1
if_set = interfaces.InterfaceSet(output=log) if_set = interfaces.InterfaceSet(output=log)

8
policycoreutils/audit2allow/test_audit2allow.py
View File

@ -4,18 +4,18 @@ from subprocess import Popen, PIPE
class Audit2allowTests(unittest.TestCase): class Audit2allowTests(unittest.TestCase):
def assertDenied(self, err): def assertDenied(self, err):
self.assert_('Permission denied' in err, self.assertTrue('Permission denied' in err,
'"Permission denied" not found in %r' % err) '"Permission denied" not found in %r' % err)
def assertNotFound(self, err): def assertNotFound(self, err):
self.assert_('not found' in err, self.assertTrue('not found' in err,
'"not found" not found in %r' % err) '"not found" not found in %r' % err)
def assertFailure(self, status): def assertFailure(self, status):
self.assert_(status != 0, self.assertTrue(status != 0,
'"Succeeded when it should have failed') '"Succeeded when it should have failed')
def assertSuccess(self, cmd, status, err): def assertSuccess(self, cmd, status, err):
self.assert_(status == 0, self.assertTrue(status == 0,
'"%s should have succeeded for this test %r' % (cmd, err)) '"%s should have succeeded for this test %r' % (cmd, err))
def test_sepolgen_ifgen(self): def test_sepolgen_ifgen(self):